Corporate Affairs and Audit Committee Minutes

Corporate Affairs and Audit Committee Minutes

Thursday 7 December 2017
3:30 p.m.
Mandela Room, Town Hall, Middlesbrough

Attendance Details

D Rooney, Brady, C Hobson, Hubbard, Lewis, Walkington, Walters (As Substitute)
Councillor N J Walker
J Bromiley, G Cooper, A Johnstone, S Lightwing, K Parkes, J Shiel
Apologies for absence:
were submitted on behalf of Councillor Biswas
Declarations of interest:
Name of Member Type of Interest Item/Nature of Interest
Councillor D Rooney Non Pecuniary Agenda Item 7 - Strategic Regeneration Project Delivery. Spouse of Chair of the Executive Sub Committee for Property
Item Number Item/Resolution

The minutes of the meeting of the Corporate Affairs and Audit Committee held on 2 November 2017 were taken as read and approved as a correct record.


The External Auditor presented the Annual Audit letter for the year ended 31 March 2017. The purpose of the Annual Audit Letter was to communicate to Members and external stakeholders, including members of the public, the key issues arising from EY's work, which the External Auditors considered should be brought to the attention of the Council.

The detailed findings from the audit work had already been reported to the Corporate Affairs and Audit Committee at a meeting held on 28 September 2017.

In response to a query regarding agreement of the Audit Fees the External Auditor confirmed that the fixed fee was £115,000. However, the fee for additional work completed on the Value for Money Statement during 2016/2017 had not yet been agreed with the Council. Following agreement, the final fee would need to be approved by Public Sector Audit Appointments Limited, probably in January/February 2018, and would be reported back to the Corporate Affairs and Audit Committee.

AGREED that the information provided was received and noted.


A report of the Audit and Assurance Manager was presented to update Members on the main findings arising from internal audit work carried out since the Annual Report was submitted.

A summary of all internal audit reports issued in final and draft, since the last update to the Committee, was provided at Appendix 1 (Tables 1 and 2) to the submitted report. No new Priority 1 recommendations had been made to date in 2017/2018 and none were outstanding from previous periods. The Tees Valley Audit and Assurance Service's (TVAAS) opinion method was detailed in Appendix 3 to the submitted report.

In addition to the final audit reports issued, TVAAS staff had been involved in a number of other areas of work that did not result in the issue of formal report. These included co-ordinating the Council's involvement in the National Fraud Initiative (NFI) and following up on the implementation of previous recommendations.

All proposed variations to the agreed Audit Plan arising as a result of emerging issues or requests from directorates were reported to the Corporate Affairs and Audit Committee for comment. No variation requests had been made to date for 2017/2018.


A query was raised in relation to progress on audit testing of Asset Management. The Audit and Assurance Manager confirmed that testing was due to commence in the next week and an interim report on progress would be presented to the February or March 2018 meeting of the Corporate Affairs and Audit Committee.

AGREED that the information provided was received and noted.


 The Audit and Assurance Manager presented a report to update Members on the impact of fraud on the UK by summarising the main national fraud risks facing the public sector as set out in the Protecting the English Public Purse (PEPP 2016) report by The European Institute for Combatting Corruption and Fraud (TEICCAF). The submitted report also considered the potential impact of fraud on Middlesbrough Council and its residents, the existing anti-fraud arrangements in place, and the further action that could be taken to safeguard the Council from fraud and loss.

Since 2011, the Audit and Assurance Team had compiled and maintained a fraud and loss risk self-assessment. Following the recommendation of PEPP 2016, the fraud and loss risk assessment was included at Appendix 2 to the submitted report for Member's consideration and comment. Population of the register was a work in progress and consultation on the content and scoring would take place with risk owners and the business risk partner. Once completed, the register would be presented to the Corporate Affairs and Audit Committee and would require regular updating to identify areas for further action to minimise the risk of fraud.

PEPP 2016 included a checklist to be completed by an organisation as a self-assessment of its anti-fraud arrangements. A copy of the Council's completed checklist was attached at Appendix 1 to the submitted report. Review of the checklist and other anti-fraud work had identified a number of actions that could be taken to strengthen the Council's anti-fraud environment which included:

  • Complete the fraud and loss risk register and update in response to actual and suspected incidences and emerging threats.
  • Prepare schedule for fraud awareness sessions.
  • Identify at least one key fraud risk area and undertake proactive anti-fraud prevention work and report on outcomes.

In addition to the checklist, an internal audit report on the Council's anti-fraud policy framework had also recently been issued in final and was included at Appendix 3 to the submitted report for Members' information.

Middlesbrough Council had anti-fraud arrangements in place which were listed in the submitted report. The investigation of housing benefit and tax credit fraud was carried out by the Department of Work and Pensions (DWP) following the introduction of the Single Fraud Investigation Service (SFIS). It was highlighted that 31% of Local Authorities were not detecting Council Tax Fraud. The Audit and Assurance Manager explained that this was due to the move to the SFIS. It was however a potential issue due to there being less resources available within the Council.


The Strategic Director of Finance Governance and Support, confirmed that he worked closely with the Audit and Assurance Manager to establish the key risks, the proportionate response to those risks and how the Council dealt with them.


AGREED that the information provided was received and noted.


The purpose of the report was to outline the Council's approach to developing complex, strategic regeneration projects, with a particular focus on those projects that involved delivery of property and or asset development and major expenditure to provide assurance to the Committee that the robust governance processes were in place that aligned with the various corporate governance frameworks put in place to ensure good governance within the Council.

The report set out:


  • The approach being taken to developing project governance structures.
  • The governance reporting arrangements.
  • Issues that tended to arise during these complex projects and how they were managed within the governance framework.


The Council had established a Corporate Programme and Project Management framework which was detailed in the submitted report.

A comprehensive portfolio of programmes and projects had been established throughout the Growth and Place Department. Projects incorporated both those schemes under development (such as Centre Square and Tees Advanced Manufacturing Park) and schemes involving major capital expenditure (Middlesbrough Town Hall renovation). Directorate Project Boards met monthly to oversee all projects in the area. The Directorate Project Board was co-ordinated by the Programme Management Office, who monitored and collated information on each of the individual projects from the respective lead officers, ensuring that the corporate governance was applied and embedded.

The project management governance arrangements varied according to the level that the programme/project had been categorised, initially at the stage of developing the project brief. The Programme Management Office and Framework was revised on an annual basis so as to ensure that the right representation from appropriate services/projects were engaged in the management and delivery of each programme/project.

The Centre Square Programme comprised three projects: Centre Square Land Disposal, Civic Centre Accommodation/Grade A Office project and Centre Square Masterplan. The Grade A Office project was being delivered by Ashalls, a private company. Considerable elements of the project development were outside of the Council's control. However, the Council had in place appropriate project management to manage this type of complex relationship. The Council also remained the owner of the freehold of the site and the developer had, at this stage, an agreement to acquire, subject to conditions being complied with.

The development of the scheme was being undertaken with a private business and therefore many of the key considerations were either with the private business at this stage or were commercially confidential. It was anticipated that there would be report to Executive in February 2018 setting out how the Centre Square scheme would be taken forward, by when, and what the Council's role would be in this. An update report was anticipated to be reported to the Executive on 19 December 2017.


To ensure clarity of roles and responsibilities, good communication routes and that governance was both applied and adhered to, project management methodology had been applied to the programme and corresponding projects. The Programme was of strategic importance to the economic success of the town going forward and one of seven objectives of the Investment prospectus. Delivering complex regeneration schemes in economically challenging areas almost inevitably meant that there was a need for the public sector to undertake a role to drive projects to fruition, which was based on facilitation and enablement.


In response to a question regarding the disposal process, the Executive Director of Growth and Place referred to a report submitted to, and approved by, the Executive in September 2016 which provided the details of the private treaty agreement with the Developer. In relation to value for money, the Executive Director stated that value for money was not only an assessment of what the Council received in terms of the price, but also the wider social and economic benefits.


A query was also raised in relation to the role of the Tees Valley Combined Authority (TVCA) in the Centre Square Project. The Executive Director explained that the TVCA were represented on the Stakeholder Board as the Combined Authority was keen to back development that could provide jobs in the Tees Valley. The TVCA were looking at an investment programme and considering the Centre Square Project as a potential investment.


AGREED that the report was received and noted.


A report of the Head of Performance and Partnerships was presented that identified the findings from the recently completed first annual review of the Programme Management Office (PMO), and included proposals to further embed practices and ensure successful delivery of programmes and projects across the Council which had recently been agreed by the Executive on 28 November 2017.

The intention of the report was to demonstrate compliance against the Corporate Programme and Project Management Framework and detail progress made since April 2017 and future plans. The report also addressed points raised by Deloitte and the Local Government Association Corporate Peer Review Team in their previous reviews.

Deloitte's view of progress had been validated by both Internal and External Audit. A review of the Change Programme by Internal Audit during 2106-2017 found there was a strong control environment. The Value for Money qualification applied by the Council's External Auditor relating to project management was removed in the 2016/2017 opinion.


Since the implementation of the Council’s Programme and Project Management (PPM) Framework significant improvements had been made. Red-rated Level 1 programmes and projects had reduced from 13% in November 2016 to 0% currently. RAG (Red, Amber, Green) ratings were applied to projects to measure how they had kept to timescale, budget scope and cost and were applied across Level 1 and 2 projects, with Level 1 projects being the most complex.

Project Managers within the Council had been surveyed on potential future improvements to PPM arrangements and issues relating to communication, project documentation, and the PPM ICT solution had been identified. These issues would be taken forward as part of the PMO Improvement Plan for 2017/2018.


During the next year, the PMO would establish a Centre of Excellence to support, advise and guide project managers and provide assurance to sponsors and the wider organisation.


The Council’s PPM portfolio would be fully aligned to meet strategic priorities and the Forward Work Plan, and reviewed quarterly. PPM guidance would be revised to set out key principles for project management within a partnership environment. Investment principles would be built into financial/benefit trackers to ensure alignment with Investment Prospectus targets and improved consideration of social value and non-financial benefits would be given when developing business cases. Improvements to the PPM ICT solution would also be identified, mapped out and implemented.


AGREED as follows:

1.   the report was received and noted.

2.   the planned next steps for Programme and Project Management governance were approved.


A report of the Strategic Director of Finance Governance and Support was presented to outline the Council's approach to Business Continuity planning and to testing those plans, present a summary of the findings from this year's tests and detail the review schedule to provide the Committee with assurance that the Council had robust business continuity arrangements in place.


The Council had the following Business Continuity Plans in place:


  • The Corporate Business Continuity Plan.
  • Supporting Departmental Business Continuity Plans.
  • Relocation Plan.
  • Fuel Plan (held in abeyance).
  • The Flu Pandemic Plan.

Each department was required to test its plans at least once every 12 months, or to produce a lessons learnt report if a live Business Continuity incident had occurred during the past 12 months.  This year this was replaced with Exercise Ironstone, which provided an enhanced test of the Council's business continuity plans.  The exercise brought together the Business Continuity Team and the Emergency Management Response Team for the first time to deal with an incident in the Town Centre which involved an impact on the wider community as well as the Council's service areas. 


There were a number of lessons learnt for both teams from the exercise and actions had been taken to strengthen Business Continuity Planning as a result and further actions were also planned in relation to additional role based training, improved documentation, clearer communications plans between the two teams and equipment/local arrangements.  The implementation of the actions were progressing well.


During the year there had been good progress made on the Council's resilience planning, particularly in two key areas:


The roll out of agile working reduced reliance on a traditional relocation plan, however, there was an increasing reliance on ICT to support continued service delivery.  As part of the review of the Departmental Business Continuity Plans this year, further information had been collated on the ability of services identified as critical to have staff work on an agile basis, rather than requiring an office base.  This information was mapped against the requirements for critical teams who might need to relocate to other buildings and this had informed the review of the Relocation Plan.


LMT had agreed that managers responsible for critical services would take steps to ensure sufficient staff take agile working equipment off site on a night to maximise the resilience available from agile working capabilities.


A further key development had been the implementation of a second Data Centre that had been built and was now in use which had increased ICT resilience.  To take on board the changes that had been implemented, the ICT service was now taking steps to update the Disaster Recovery Plan.


Business Continuity Plans were updated every six months and reviewed on an annual basis.  The scale of the review was dependent on the level of organisational change that had occurred in the intervening period.  In some years this meant that only minor updates (eg contact details) were required; in others fundamental reviews would be required to reflect changes to the Council's structure or other significant developments, for example, where services had been outsourced or brought back in house. 


This year's review had reflected the revised management structure and the increasing impact that agile working capabilities have had on the way services would continue to deliver critical functions as this programme had been rolled out further.  In the reviewing of the Business Continuity Plans this year, the Risk Business Partner had met with all critical services plan owners to review and identify any weaknesses or gaps in their arrangements.  


It was explained that Business Continuity Plans were not published since they contained sensitive information including contact details.


AGREED that the report was received and noted.



Powered by E-GENDA from Associated Knowledge Systems Ltd