Agenda and minutes

Members are asked to declare any interests in the items under consideration and in doing so state:

(1) the type of interest concerned either a

(a)    personal interest

(b)   prejudicial interest

(c)    disclosable pecuniary interest (DPI)

and

(2) the nature of the interest concerned

If any Member requires advice on declarations of interests, they are advised to contact the Head of Democratic Governance in advance of the meeting.

There were no declarations of interest.

To agree the minutes of the last meeting of the Audit Committee held on 3 March 2022 as a true and correct record.

The Committee agreed that the minutes of the meeting held on 20 January 2022 be signed by the Chairman as a true and correct record.

To consider the actions being implemented to address the audit recommendations relating to the IT Admin Rights audit.

Mr Tony Doyle, Head of ICT Services presented a progress report on the recommendations made following the internal audit review of IT Admin Rights which had been completed in March 2021. The Committee considered the action plan of agreed recommendations and Mr Doyle provided a summary of progress against each of the nine recommendations.

He identified that the threat of hackers accessing and compromising system administrators’ accounts could be especially disruptive to the Council’s ICT infrastructure and as such extra measures around these accounts had been introduced in order to further increase security.

When asked which of the recommendations had proven the most useful, Mr Doyle reported that recommendation R2 ‘System Administrators should receive training from ICT to enforce the importance of the role and outline the common standards required as appropriate,’ had been particularly beneficial. He informed the Committee that the additional investment in ICT training had been welcomed. The Committee was informed that all new employees must complete mandatory training on cyber security and that annual refresher sessions were required to be completed by all staff. Mr Doyle stated that the refresher training was regularly updated to ensure it incorporated the most recent cyber threats.

In response to a question from the Committee on whether cyber exercises were undertaken to test staff responses to phishing emails and associated threats, Mr Doyle advised that whilst exercises had been completed internally by the ICT department and also with partner agencies such as the NHS, a Council-wide exercise had not as yet been undertaken. He agreed to work with internal audit to look at arranging such a test.

Mr Doyle advised that a small number of actions had slipped behind schedule, which was as a result of the increased workload caused by the pandemic and the need to support hybrid working arrangements but that the target dates were realistic and achievable.

With regard to the Council’s disaster recovery plan, the Committee questioned how frequently the plan was updated and whether it included the Council’s wholly-owned companies. Mr Doyle reported that ideally the plan would be reviewed annually but that at present it had not been updated for approximately 18 months. He explained that the plan primarily contained recovery for the core infrastructure supporting the Council but that by default this also included some protection for its wholly-owned companies. Mr Doyle noted that each company was responsible for the production of its own disaster recovery plan but that support would also be provided by the Council as appropriate.

In relation to a previously reported lack of specialist IT skills within the internal audit team, Mrs Tracy Greenhalgh, Head of Audit and Risk reported that such skills were being developed across her team and that the option to purchase specialist IT services could be utilised if necessary.

The importance of elected members undertaking regular cyber security training as well as staff was noted by the Committee.

[Mr Doyle left the meeting on conclusion of this item.]

To consider the controls being implemented to manage the strategic risk relating to People.

The Committee considered a deep dive report into the Strategic Risk ‘People’.

Members considered the sub-risk ‘Lack of capacity and capability,’ with Mr Neil Jack, Chief Executive providing an update. Mr Jack reported that whilst a Workforce Strategy was in place there was the intention for it to be updated and that a key source of information to assist in the update would be the outcome of the employee survey undertaken during 2021/2022. He summarised the key findings from the employee survey and informed the Committee that an internal audit of Health and Wellbeing had been carried out in 2021/2022 which would also be used to inform the Strategy.

Mr Jack informed the Committee that a process was underway to identify succession planning arrangements for all members of the Senior Leadership Team. He explained that the exercise would seek to understand whether there were employees who would be suitable to move into a senior role should the opportunity arise either immediately or following completion of the appropriate leadership development. The outcome of the exercise would be used to develop an Aspiring Leaders Programme which would be rolled out through 2022/2023 to help ensure that a pool of appropriate employees would be ready to progress when required.

The Committee gave consideration to the measures being utilised to address recruitment and retention within Children’s Services and Mr Jack outlined a range of actions which had been introduced to tackle the national shortage of employees within the sector. The Committee questioned whether any of the measures had been particularly successful and if there were plans for any initiatives to be rolled out to other Council departments experiencing difficulties in recruiting. Mr Jack noted that several of the actions had proven successful and whilst the Council was still using a higher proportion of agency staff than was ideal, the number had been reducing over the past six months and several agency staff had been converted to permanent employees.

With regard to attracting applicants from other areas of the country, the Committee questioned whether communication around Blackpool’s positive attributes as an attractive place to work was planned. Mr Jack acknowledged that in order to attract applicants to challenging areas of recruitment, potential candidates were better encouraged via face-to-face contact. In addition, he advised of the need to raise the aspirations of young people and of making them aware that their career goals could be realised locally via the provision of improved business engagement and career advice services, with Blackpool-based employment routes and opportunities being better promoted in order to attract applicants.

The Committee discussed the introduction of hybrid working and questioned if there had been any impact on overall delivery and staff performance. Mr Jack advised that feedback from end-users was being used to gauge satisfaction with Council services and that the move to hybrid working had been a carefully planned process tailored to each department’s specific needs.  

Committee Members considered the sub-risk ‘Poor employee health and wellbeing,’ with Mr Jack providing a summary of  ...  view the full minutes text for item 4.

To receive a verbal update on the 2020/2021 final accounts audit from Ms Nicola Wright, Audit and Assurance Partner, Deloitte.  

Ms Nicola Wright, Audit and Assurance Partner, Deloitte updated the Committee on the ongoing audit of the 2020/2021 accounts. She advised that since the previous meeting of the Audit Committee, there had been the emergence of a national issue around the historical accounting of local authority infrastructure assets and questions had been raised over the accuracy of previous methods used. Ms Wright informed the Committee that the Chartered Institute of Public Finance and Accountancy (CIPFA) had established a task force to investigate the issue and to formulate a workable solution. As a result the audit would be paused until such a solution had been agreed.

In response to the Committee’s question on any potential time and cost implications for the Council as a result of the issue, Ms Wright advised that a consultation paper was expected by June 2022 and that any conclusion to the audit would be dependent upon the findings of the review and the proposed solution. Mr Steve Thompson, Director of Resources concluded that additional resources might be required due to the Council’s large portfolio of infrastructure assets.

To consider the feedback from the self-evaluation exercise undertaken by the Audit Committee and senior officers who engage with the Committee on a regular basis and to approve the training plan.

The Committee gave consideration to the feedback from the self-evaluation exercise which had been undertaken by members of the Audit Committee and senior officers who had regularly engaged with the Committee over the previous year. Mrs Tracy Greenhalgh, Head of Audit and Risk reported that the results had presented several positive outcomes as well as identifying a small number of areas which required further review. In addition, Mrs Greenhalgh presented the proposed Audit Academy training schedule for 2022/2023, which included a number of bespoke training sessions that had been identified as part of the self-assessment process.

The Committee noted that a key theme from the feedback had been a need for a greater understanding across the Council of the role of the Audit Committee and the Chair identified that raising awareness more widely via the use of press releases and social media would be beneficial. The importance of recognising the skills of the Audit Committee and of being mindful of succession planning for the future were also noted by the Committee.

Resolved: That the Audit Committee Training Programme for 2022/2023 be approved.

To consider the Committee’s updated Action Tracker.

The Committee gave consideration to the updated Action Tracker, noting that a number of actions had been completed and removed following the previous meeting. The Committee identified that two outstanding updates were required from Mr John Blackledge, Director of Community and Environmental Services, which would be provided by Mr Blackledge at a future meeting.

Resolved: To note the Audit Committee Action Tracker.

To note the provisional date and time of the next meeting of the Committee as 16 June 2022 commencing at 6pm, subject to confirmation at Annual Council.

The provisional date of the next meeting was noted as 16 June 2022 commencing at 6pm, subject to confirmation at Annual Council.