GOVERNANCE COMMITTEE TUESDAY 24 SEPTEMBER 2019 AT 10:00AM
REDCAR & CLEVELAND LEISURE AND COMMUNITY HEART, RIDLEY
STREET, REDCAR, YORKSHIRE, TS10 1TD CONTACT
Mr David Boville (01642) 444617 CIRCULATION 13 September 2019
Councillors Morgan (Chair) Berry (Vice Chair), R Clark, B Clarke, Foggo, Foley- McCormack, Holyoake, Massey, I Nightingale, Sandra Smith and Teasdale. Mr Johnson, Mr Monson, Parish Councillor Carolle and Parish Councillor Wingham. Councillor G Nightingale (Cabinet Member – for information) Corporate Director for Resources The Press [except for Confidential item(s)]
Questions on Governance Committee Agenda Items
In order that Members questions can be answered more fully at Governance Committee and to ensure good use of time, please would Members submit any questions they may have on the agenda items in advance of the meeting.
Questions should be sent to David Boville in advance of the meeting. The sooner questions are submitted the more likely it will be that the relevant information can be collected in time for the meeting. Questions can be submitted via email or hard copy using the form overleaf. Your Group Assistants will have a copy of this form. The questions received will be referred to the relevant officer to enable a response to be prepared in readiness for the meeting.
This does not preclude questions being asked at the meeting itself, however, it may not possible to provide a full answer to these questions. In these circumstances, the question will be referred to the appropriate officer following the meeting and a response will be provided.
Questions should be sent to:
David Boville, Democratic Services Assistant Redcar & Cleveland Leisure and Community Heart 01642 444617 David.boville@redcar-cleveland’gov.uk
1 of 134 Governance Committee Questions
Date of Meeting ______
Question submitted by ______
Agenda Para Ref Question item
2 of 134
GOVERNANCE COMMITTEE TUESDAY 24 SEPTEMBER 2019 AT 10:00AM
REDCAR & CLEVELAND LEISURE AND COMMUNITY HEART, RIDLEY
STREET, REDCAR, YORKSHIRE, TS10 1TD CONTACT
Mr David Boville (01642) 444617 CIRCULATION 13 September 2019
Councillors Morgan (Chair) Berry (Vice Chair), R Clark, B Clarke, Foggo, Foley- McCormack, Holyoake, Massey, I Nightingale, Sandra Smith and Teasdale. Mr Johnson, Mr Monson, Parish Councillor Carolle and Parish Councillor Wingham. Councillor G Nightingale (Cabinet Member – for information) Corporate Director for Resources The Press [except for Confidential item(s)]
A G E N D A
1. Apologies for Absence. Pages
2. To confirm the Minutes of the meeting held on 30 July 2019. 4-7
3. To confirm the Minutes of the Assessment Sub-Committee held on 22 August 8-9 2019.
4. Declarations of Interest.
5. Annual Audit Letter. (External Audit) 10-27
6. Progress Report on the Internal Audit & Assurance Plan. 28-46
7. Risk Management Update. 47-89
8. Counter Fraud Annual Report. 90-99
9. Internal Audit Structure Update. 100-106
10. Review of RIPA Return. 107-113
11. Annual Ombudsman Letter. 114-121
12. Senior Management Structure. 122-133
13. Work Programme. 134
14. Any items the Chair certifies as urgent.
3 of 134 AGENDA ITEM 2 GOVERNANCE COMMITTEE
30 July 2019
GOVERNANCE COMMITTEE
A meeting of the Governance Committee was held on 30 July 2019.
PRESENT Councillor Morgan (Chair); Councillors Berry, Fisher (substituting for Councillor R Clark), Foggo, Foley-McCormack, Holyoake, I Nightingale and Sandra Smith, Parish Councillors Carrolle and Wingham and Mr Johnson (Independent Member).
OFFICIALS G Barker (Director - External Audit), D Boville (Democratic Services Assistant), K Broom (Information Governance Officer), R Davisworth (Chief Accountant), C Dearden (Manager - External Audit), S Newton (Assistant Director – Governance), A Pearson (Governance Manager), J Sampson (Corporate Director for Resources), P Winstanley (Financial Services Manager).
IN ATTENDANCE Councillor G Nightingale – Cabinet Member for Resources
APOLOGIES FOR ABSENCE were submitted on behalf of Councillors R Clark, B Clarke, Massey and Teasdale, and Mr Monson (Independent Member).
MINUTES
RESOLVED that the minutes of the Governance Committee meeting held on 28 May 2019 be confirmed and signed by the Chair as a correct record.
DECLARATIONS OF INTEREST
Councillor Berry declared a non-pecuniary interest in all matters relating to the North York Moors National Park, Guisborough Priory Project, Prior Pursglove College and Guisborough Town Council.
Parish Councillor Wingham declared a non-pecuniary interest in all matters as a member of Saltburn, Marske & New Marske Parish Council.
6. REVIEW OF FOI RETURNS
The Corporate Director for Resources presented the annual monitoring report on the activity and requests made during 2018 in accordance with
4 of 134 GOVERNANCE COMMITTEE
30 July 2019
the Freedom of Information Act 2000 and the Environmental Information Regulations 2004:-NOTED
7. RISK MANAGEMENT UPDATE
The Corporate Director for Resources presented an update on the risks contained within the Corporate Risk Register.
Members were advised that a report on Coatham Sand Dunes was due to be considered by Cabinet in September 2019:-NOTED
8. SELF-ASSESSMENT AGAINST PSIAS
The Corporate Director for Resources presented the results of the Public Sector Internal Audit Standards Self-Assessment.
Members were advised that a report regarding options for the internal audit service would be presented to the Governance Committee in September 2019:-NOTED
9. INTERNAL AUDIT & ASSURANCE YEAR END REPORT
The Corporate Director for Resources presented the annual report from Tees Valley Audit & Assurance Service (TVAAS) which provided a summary of the internal audit and other assurance work performed in the year 2018/19.
A debate took place on the issues contained in the report. Some of the matters raised and discussed included:
A SEND Written Statement of Action Plan had been developed and grants had been identifies to fund it. Work was ongoing to ensure section 17 payments were being used correctly:-NOTED
10. LETTER OF REPRESENTATION AND DIRECTOR & COMMITTEE ASSURANCES
The Corporate Director for Resources presented the Letter of Representation, which, in accordance with legal requirements, was a letter from the Corporate Director for Resources to the Engagement Partner confirming that the financial statements provided by the Council gave a true and fair view of its finances and were complete and accurate.
A debate took place on the issues contained in the report. Some of the matters raised and discussed included: It was expected that an emergency one year settlement would be issued by the Government in the absence of the completion of the
5 of 134 GOVERNANCE COMMITTEE
30 July 2019
fair funding review. Many of the issues highlighted were out of the Council’s control.
RESOLVED that the Governance Committee: 1. Fully endorsed and confirmed the Committee’s assurances and declarations made to the External Auditors (Mazars) as signed, in draft, on behalf of the Governance Committee by the Chair; 2. Noted the assurances that the Corporate Director for Resources, as the Council’s Chief Finance Officer, was making on behalf of Directors, management and the Council in respect of the Directors request for Declarations 2018/19 and the Letter of Representation 2018/19; 3. Recommended that Cabinet note the except for qualification added to the Value for Money aspects and considers the auditors comments that “the Council is at a key decision point in terms of ensuring a sustainable financial position in the medium term. Decisive action to bridge the budget gap over the medium term is a key priority for the Council.”
11. AUDIT COMPLETION REPORT
The External Audit Director presented a report containing the findings of the audit of Redcar & Cleveland Borough Council for the year ended 31 March 2019, along with a note outlining the conclusion of matters listed as pending within the completion report.
A debate took place on the issues contained in the report. Some of the matters raised and discussed included: Mazars had issued an unqualified opinion on the financial statements and an ‘except for’ qualification of the value for money conclusion due to weaknesses in proper arrangements for securing sustainable resource deployment in planning finances effectively to support the sustainable delivery of strategic priorities. The 2019/20 budget had been balanced through the use of reserves, as was highlighted at the time, this could only be done once. As things stood, in 2020/21 the Council would not have enough useable reserves to cover the projected budget gap. The issues raised in the report were not surprising. Children’s services were becoming more expensive, but the Council had a moral as well as legal duty to deliver them:-NOTED
12. ACCEPTANCE OF THE STATEMENT OF ACCOUNTS
The Corporate Director for Resources presented the audited Statement of Accounts for the financial year 2018/19 for approval.
RESOLVED that the audited Statement of Accounts for the financial year 2018/19, as amended, be approved.
6 of 134 GOVERNANCE COMMITTEE
30 July 2019
13. ACCEPTANCE OF THE ANNUAL GOVERNANCE STATEMENT
The Corporate Director for Resources presented the Annual Governance Statement for approval.
A debate took place on the issues contained in the report. Some of the matters raised and discussed included: The Council had undertaken extensive work to mitigate the impact of Brexit. Brexit could be considered as part of the Response to Economic Conditions risk.
RESOLVED that the Annual Governance Statement 2018/19 be approved for publication.
14. FEEDBACK FROM CORPORATE GOVERNANCE GROUPS
The Corporate Director for Resources presented an update on the work of the Council’s four governance groups responsible for information governance, risk management, financial management and safeguarding. -NOTED
15. WORK PROGRAMME
The Corporate Director for Resources presented a report detailing the reports that the Governance Committee was due to consider over the municipal year:-NOTED
7 of 134 AGENDA ITEM 3 GOVERNANCE ASSESSMENT SUB-COMMITTEE
22 August 2019
GOVERNANCE ASSESSMENT SUB-COMMITTEE
A meeting of the Governance Assessment Sub-Committee was held on 22 August 2019.
PRESENT Councillor Morgan (Chair); Councillor Foggo; and Parish Councillor Carrolle.
OFFICIALS L Donaghue and A Nixon.
1. EXCLUSION OF THE PRESS & PUBLIC
RESOLVED that the press and public be excluded from the meeting on the grounds that item 5 contained exempt information as defined in Paragraphs 1 of and 2 of Part 1 of Schedule 12A of the Local Government Act 1972 (as amended).
2. DISCLOSURE/CONFLICTS OF INTERESTS
The Deputy Monitoring Officer circulated the Governance Committee Local Assessment/Conflicts of Interest Guidance for Members and Officers. The Sub-Committee considered the guidance and agreed that, in relation to the complaint, there were no conflict of interests of the Members or Officers in attendance: - NOTED.
3. ARRANGEMENTS FOR DEALING WITH COMPLAINTS ABOUT THE CODE OF CONDUCT FOR MEMBERS.
For the Sub-Committee’s information, the Deputy Monitoring Officer circulated a copy of the arrangements for dealing with complaints about the Code of Conduct for Members: - NOTED.
4. REPORT INTO AN ALLEGATION OF A BREACH OF THE MEMBERS’ CODE OF CONDUCT - REF: GC/02/2019
The Sub-Committee considered a complaint made against a Parish Councillor in respect of their conduct on 9 April 2019 during the Parish Council Meeting of the Saltburn, Marske and New Marske Parish Council.
The Complainant alleged that the Subject Member acted against the Code of Conduct by acting in a rude and disrespectful manner.
RESOLVED that in respect of Case Ref: GC/02/2019 the Members unanimously agreed that the case be referred to the Monitoring Officer for other action. Namely that the Monitoring Officer meets with the Parish Councillor concerned to discuss the issue, the importance of appropriate use of language in meetings and Elected Members’ responsibility to
N/DemServs/Minutes/ 13/09/2019 09:07 8 of 134 GOVERNANCE ASSESSMENT SUB-COMMITTEE
22 August 2019
comply with the provisions within the Code of Conduct.
This decision was made for the following reasons:
The Assessment Sub Committee based its decision on the information that they had been provided with and took into consideration the following points as set out within the Code of Conduct:
1.3 You must not conduct yourself in a manner which is contrary to the Council’s duty to promote and maintain high standards of conduct of Members;
1.4 You must not conduct yourself in a manner which could reasonably be regarded as bringing your office or the Council into disrepute;
1.5 You must not bully any person;
1.6 You must not intimidate or attempt to intimidate any person who is or is likely to be (a) a complainant.
N/DemServs/Minutes/ 13/09/2019 09:07 9 of 134 Annual Audit Letter Redcar and Cleveland Borough Council
Year ending 31 March 2019
10 of 134 CONTENTS
1. Executive summary
2. Audit of the financial statements
3. Value for Money conclusion
4. Other reporting responsibilities
5. Our fees
6. Forward look
Our reports are prepared in the context of the ‘Statement of responsibilities of auditors and audited bodies’ issued by Public Sector Audit Appointments Ltd. Reports and letters prepared by appointed auditors and addressed to members or officers are prepared for the sole use of the Redcar and Cleveland Borough Council and we take no responsibility to any member or officer in their individual capacity or to any third party. Mazars LLP is the UK firm of Mazars, an international advisory and accountancy group. Mazars LLP is registered by the Institute of Chartered Accountants in England and Wales. 1
11 of 134 1. EXECUTIVE SUMMARY
Purpose of the Annual Audit Letter Our Annual Audit Letter summarises the work we have undertaken as the auditor for Redcar and Cleveland Borough Council (the Council) for the year ended 31 March 2019. Although this letter is addressed to the Council, it is designed to be read by a wider audience including members of the public and other external stakeholders. Our responsibilities are defined by the Local Audit and Accountability Act 2014 (the 2014 Act) and the Code of Audit Practice issued by the National Audit Office (the NAO). The detailed sections of this letter provide details on those responsibilities, the work we have done to discharge them, and the key findings arising from our work. These are summarised below.
Area of responsibility Summary
Our auditor’s report issued on 30 July 2019 included our opinion that the financial statements: • give a true and fair view of the Council’s financial position as at 31 March 2019 and Audit of the financial statements of its expenditure and income for the year then ended; and • have been prepared properly in accordance with the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom 2018/19.
Other information published Our auditor’s report issued on 30 July 2019 included our opinion that: alongside the audited financial • The other information in the Statement of Accounts is consistent with the audited statements financial statements.
We issued an ‘except for’ qualification on the value for money conclusion in our auditors report in respect of the Council’s arrangements to secure economy, efficiency Value for Money conclusion and effectiveness in the use of resources. This is linked to weaknesses in proper arrangements for securing sustainable resource deployment in planning finances effectively to support the sustainable delivery of strategic priorities.
In line with group audit instructions issued by the NAO, on 30 July 2019 we reported to Reporting to the group auditor the group auditor in line with the requirements applicable to the Council’s WGA return.
Our auditor’s report confirmed that we did not use our powers under s24 of the 2014 Statutory reporting Act to issue a report in the public interest or to make written recommendations to the Council.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
2
12 of 134 2. AUDIT OF THE FINANCIAL STATEMENTS
Opinion on the financial statements Unqualified
The scope of our audit and the results of our work The purpose of our audit is to provide reasonable assurance to users that the financial statements are free from material error. We do this by expressing an opinion on whether the statements are prepared, in all material respects, in line with the financial reporting framework applicable to the Council and whether they give a true and fair view of the Council’s financial position as at 31 March 2019 and of its financial performance for the year then ended. Our audit was conducted in accordance with the requirements of the Code of Audit Practice issued by the NAO, and International Standards on Auditing (ISAs). These require us to consider whether: ° the accounting policies are appropriate to the Council's circumstances and have been consistently applied and adequately disclosed; ° the significant accounting estimates made by management in the preparation of the financial statements are reasonable; and ° the overall presentation of the financial statements provides a true and fair view. Our auditor’s report, issued to the Council on 30 July 2019, stated that, in our view, the financial statements give a true and fair view of the Council’s financial position as at 31 March 2019 and of its financial performance for the year then ended. Our approach to materiality We apply the concept of materiality when planning and performing our audit, and when evaluating the effect of misstatements identified as part of our work. We consider the concept of materiality at numerous stages throughout the audit process, in particular when determining the nature, timing and extent of our audit procedures, and when evaluating the effect of uncorrected misstatements. An item is considered material if its misstatement or omission could reasonably be expected to influence the economic decisions of users of the financial statements. Judgements about materiality are made in the light of surrounding circumstances and are affected by both qualitative and quantitative factors. As a result we have set materiality for the financial statements as a whole (financial statement materiality) and a lower level of materiality for specific items of account (specific materiality) due to the nature of these items or because they attract public interest. We also set a threshold for reporting identified misstatements to the Council which is our trivial threshold. The table below provides details of materiality levels applied in the audit of the financial statements for the year ended 31 March 2019:
£000’s
Financial statement Our financial statement materiality is based on 2% of Gross Revenue 7,776 materiality Expenditure
Trivial threshold Our trivial threshold is based on 3% of financial statement materiality. 233
We have applied a lower level of materiality to the following areas of the accounts: Specific materiality - Senior officer remunerations 150 - Exit packages 100 - Members allowances 38
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
3
13 of 134 2. AUDIT OF THE FINANCIAL STATEMENTS
Our response to significant risks As part of our continuous planning procedures we considered whether there were risks of material misstatement in the Council’s financial statements that required special audit consideration. We reported significant risks identified at the planning stage to the Governance Committee within our Audit Strategy Memorandum and provided details of how we responded to those risks in our Audit Completion Report. The table below outlines the identified significant risks, the work we carried out on those risks and our conclusions.
Our findings and Identified significant risk Our response conclusions Management override of controls We addressed this risk through performing audit work We found no evidence of Management at various levels within an over: management override of organisation are in a unique position to • Accounting estimates impacting on amounts controls perpetrate fraud because of their ability to included in the financial statements; manipulate accounting records and prepare • Consideration of identified significant transactions fraudulent financial statements by overriding outside the normal course of business; and controls that otherwise appear to be operating • Journals recorded in the general ledger and other effectively. Due to the unpredictable way in adjustments made in preparation of the financial which such override could occur there is a risk statements. of material misstatement due to fraud on all audits.
Revenue recognition We addressed this risk by undertaking the following: Our work has provided us Our audit methodology incorporates this risk as • testing income before and after the year-end to with the assurance we a significant risk at all audits, although based ensure it has been recognised in the right year; sought and has not on the circumstances of each audit, it is highlighted any material • testing journals; rebuttable. We have concluded that there are issues to bring to your • obtaining direct confirmation of year-end bank insufficient grounds for rebuttal in 2018/19. This attention. balances and testing the reconciliations to the does not imply that we suspect actual or ledger; and intended manipulation but that we continue to deliver our audit work with appropriate • testing material year end receivables professional scepticism. For the Council, we see the revenue recognition significant risk as being principally in relation to cut-off, and specifically the risk of income being recognised in 2018/19, which relates to 2019/20.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
4
14 of 134 2. AUDIT OF THE FINANCIAL STATEMENTS
Our findings and Identified significant risk Our response conclusions Defined benefit liability valuation We addressed this risk by discussing with key The material amendments The financial statements contain material contacts any significant changes to the pension relating to the impact of pension entries in respect of retirement estimates prior to the preparation of the financial national legal cases on the benefits. The calculation of these pension statements. In addition to our standard programme of pension liabilities have been figures, both assets and liabilities, can be work, we also: amended by the Council. subject to significant volatility and includes • evaluated the management controls in place to Our audit work has not estimates based upon a complex interaction of assess the reasonableness of the figures identified any further actuarial assumptions. This results in an provided by the actuaries; and material issues to report. increased risk of material misstatement. • considered the reasonableness of the actuaries’ outputs, referring to an expert’s report on all actuaries nationally which is commissioned annually by the National Audit Office.
Property, plant and equipment valuation We addressed this risk through the following Our work has provided us The financial statements contain material procedures: with the assurance we entries on the balance sheet as well as material • assessing the Council’s arrangements for sought and has not disclosure notes in relation to the Council’s ensuring that PPE valuations are reasonable; highlighted any material holding of Property, Plant and Equipment • assessing the data provided by our consulting issues to bring to your (PPE). Valuer, Gerald Eve, as part of our challenge of attention. the reasonableness of the valuations provided by Although the Council employs an internal the Council’s Valuer; valuation expert to provide information on • considering the competence, skills and valuations, there remains a high degree of experience of the Valuer and the instructions estimation uncertainty associated with the issued to the Valuer; and revaluation of PPE due to the significant • where necessary, performing further audit judgements and number of variables involved procedures on individual assets to ensure the in providing revaluations. basis of valuations is appropriate.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
5
15 of 134 2. AUDIT OF THE FINANCIAL STATEMENTS
Internal control recommendations As part of our audit we considered the internal controls in place that are relevant to the preparation of the financial statements. We did this to design audit procedures that allow us to express our opinion on the financial statements, but this did not extend to us expressing an opinion on the effectiveness of internal controls. Our work has not identified any significant deficiencies in our 2018/19 audit to report, and there were none in 2017/18 to follow up.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
6
16 of 134 3. VALUE FOR MONEY CONCLUSION
Value for Money conclusion ‘Except for’ Qualification
Our approach to Value for Money We are required to consider whether the Council has made proper arrangements for securing economy, efficiency and effectiveness in its use of resources. The NAO issues guidance to auditors that underpins the work we are required to carry out in order to form our conclusion, and sets out the criterion and sub-criteria that we are required to consider.
The overall criterion is that, ‘in all significant respects, the Council had proper arrangements to ensure it took properly informed decisions and deployed resources to achieve planned and sustainable outcomes for taxpayers and local people.’ To assist auditors in reaching a conclusion on this overall criterion, the following sub-criteria are set out by the NAO: ° Informed decision making ° Sustainable resource deployment ° Working with partners and other third parties Our auditor’s report, issued to the Council on 30 July 2019, stated that, in all significant respects, the Council put in place proper arrangements to secure economy, efficiency and effectiveness in its use of resources for the year ended 31st March 2019, ‘except for’ arrangements for securing sustainable resource deployment in planning finances effectively to support the sustainable delivery of strategic priorities.
Sub-criteria Commentary Arrangements in place? Informed decision The Council operates a Cabinet with a Leader model, and this is governed Yes making by the Council Constitution including all of the normal features of an effective governance framework in local government. The Council Plan, ‘Our Flourishing Future’, sets out the Council’s priorities and how it is focussing on the most important issues of growing the economy and creating more jobs, developing great places to live and improving quality of life.
Key priorities for the Council include strong and confident communities, prosperity for all, a brighter future for children, longer and healthier lives, attractive and vibrant places, good connections, clean and safe environment, enriching lives through culture and sport and improving the way the Council works. Delivery is monitored in quarterly performance reports.
There is evidence of financial reporting being used to deliver strategic objectives and in allocating resources to priority areas. In addition, regular financial reporting takes place, with formal reporting quarterly to Cabinet.
The Council has a risk management strategy and framework in place. The Council’s system of internal control is subject to Internal Audit and for 2018/19, the Council’s Head of Internal Audit has given an opinion of good assurance. The Governance Committee is in place to oversee the governance framework including the work of internal audit and approval of the Council’s financial statements.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
7
17 of 134 3. VALUE FOR MONEY CONCLUSION
Sub-criteria Commentary Arrangements in place? Sustainable resource The Council has delivered significant savings in recent years, aiming to do Partial deployment this whilst minimising the impact on service delivery. In the Financial Outturn report for 2018/19, the Council reported that it had “delivered in excess of £90.5m in cuts and lost 1,400 jobs” since 2010. This has been a prolonged period of public sector austerity.
The final outturn for 2018/19 was an underspend of £2k against the budget. To achieve this position, £5.0m of revenue reserves were used, which was broadly in line with plans. In addition, the Council has a good track record of delivering savings, and during 2018/19, the Council delivered £10.5m of its £11.3m ‘Shaping Our Future’ target savings and income growth.
The main area of budget pressure in 2018/19, in common with many local authorities, was in children’s services where there was an overspend of £4.9m as a result of increased numbers of children in care and other demand led pressures. Despite these financial pressures, the Council was able to make compensating savings which resulted in the overall underspend of £2k.
The Council’s 2019/20 budget was balanced after planned use of a further £8.9m of its revenue reserves. A budget gap of £34.2m for 2020/21 to 2022/23 was included in the Medium Term Financial Strategy (MTFS) reported to the Council on 27 February 2019, with £11.6m of this relating to 2020/21. After accounting for the use of reserves in 2019/20, the remaining revenue reserves available to the Council are only £16.1m, which includes the £5.1m General Fund Balance which the Council has identified as the minimum needed to be kept aside for unforeseen circumstances.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
8
18 of 134 5. VALUE FOR MONEY CONCLUSION
Sub-criteria Commentary Arrangements in place?
Sustainable The table below shows the downward trend in earmarked revenue reserves that are Partial resource available to support budget planning and smooth expenditure between years, and projects deployment the impact on reserves in the medium term given the initial budget gap and other (continued) assumptions used in the 2019/20 budget process.
The balance of other earmarked reserves projected for 31 March 2020 (£10.971m) is less than the initial budget gap for 2020/21 (£11.6m).
On the Council’s current spending trajectory and without identifying and delivering savings, the Council is in danger of exhausting its revenue reserves in one to two years, and would be unable to finance its projected expenditure in 2020/21.
Financial year end Total usable reserves * General Fund Balance (minimum Other earmarked revenue reserves (can be needed for unforeseen events) made available to support the budget) **
31 March 2016 £46.741m £5.925m £32.908m
31 March 2017 £39.174m £5.225m £23.451m
31 March 2018 £41.805m £4.905m £25.058m
31 March 2019 £34.817m £5.100m £19.898m
Projected for 31 March 2020 £25.890m £5.098m £10.971m (based on plan to use £8.927m reserves to support the 2019/20 budget)
Projected for 31 March 2021 £15.875m (note that £6.056m Initial budget gap of £11.597m £1.584m of expenditure Revenue reserves = £0; unable to finance can not be funded) £1.584m of expenditure after contributing additional £0.958m required for the GF balance
Projected for 31 March 2022 £15.875m (note that £6.056m (planned at £6.159m, but Initial budget gap of £10.808m £10.808m of expenditure insufficient resources to increase to Revenue reserves = £0; unable to finance can not be funded) this level given budget gap) £10.808m of expenditure in year
Projected for 31 March 2023 £15.875m (note that £6.056m (planned at £6.262m, but Initial budget gap of £11.836m £11.836m of expenditure insufficient resources to increase to Revenue reserves = £0; unable to finance can not be funded) this level given budget gap) £11.836m of expenditure in year
* The total usable reserves in this column include school balances and capital reserves that are not available to support the revenue budget (as at 31 March 2019, these are £9.819m of the total usable reserves, and we have assumed that this is reflected in the projections for 2019/20 to 2022/23).
** Although earmarked revenue reserves can be made available to support the revenue budget, they are also set aside for specific purposes and some of these could not be re- purposed to plug the gap without changing other commitments.
Internal control Summary of Value for Money Executive summary Significant findings Appendices recommendations misstatements conclusion
9
19 of 134 5. VALUE FOR MONEY CONCLUSION
Sub-criteria Commentary Arrangements in place?
Sustainable Consequently, when setting the 2019/20 budget and MTFS in February 2019, the Council Partial resource balanced the budget for 2019/20, but did not present a balanced or sustainable financial deployment position over the medium term. (continued) We recognise that it is not uncommon for local authorities to identify a budget gap over the medium term, and then work on the measures to address this after the budget has been set. The difference in this budget round is that on the Council’s current spending trajectory, and without firm and decisive action, the Council is in danger of exhausting its revenue reserves.
As a result of this, we are qualifying our VFM conclusion in relation to the Council’s arrangements to ensure sustainable resource deployment in the medium term.
We appreciate that at the point of setting the 2019/20 budget and MTFS in February 2019, there were, and still are, key uncertainties in the Council’s funding relating to the Government Comprehensive Spending Review, the Fair Funding Review in Local Government, and the impact on the Council of the 100% business rates retention scheme.
We also note that the budget gap presented in February 2019 was intended to be a worst case scenario and the Council does have a range of options to bridge the gap, including identifying further reductions in expenditure and increasing income.
The Corporate Director for Resources and Chief Finance Officer recognises that the Council can not afford to draw on reserves at the same levels in its 2020/21 budget as is planned for 2019/20. The 2019/20 budget report stated “Use of reserves in this way can only be a very temporary arrangement and there is an imperative to identify a permanent solution in future years. Ongoing use of reserves in this way clearly cannot be sustained.”
Since preparing the MTFS, officers have continued to explore the options to bridge the budget gap. This has included reviewing the assumptions and financial pressures identified in the initial budget and working on phase 4 of its ‘Shaping Our Future’ programme, with a view to identifying further savings and increasing income generation.
At the point of preparing our report, the Corporate Director for Resources and Chief Finance Officer explained to us that the budget gap has been narrowed significantly, and that some measures identified may be delivered in time to reduce the draw on reserves in 2019/20.
Internal control Summary of Value for Money Executive summary Significant findings Appendices recommendations misstatements conclusion
10
20 of 134 5. VALUE FOR MONEY CONCLUSION
Sub-criteria Commentary Arrangements in place?
Sustainable We are mindful that savings options which will be a significant part of the Council’s plans Partial resource to ensure its future financial sustainability are still being developed, that after years of deployment austerity there are no easy options left and that the options identified will require (continued) consideration and approval by the Cabinet and the Council, and will then need to be implemented and monitored as to whether planned savings and increased income are achievable.
The Cabinet and the Council is at a key decision point in terms of ensuring a sustainable financial position in the medium term. Decisive action to bridge the budget gap over the medium term is a key priority for the Council.
Working with All ‘Shaping Our Future’ service reviews include consideration of alternative ways of Yes partners and providing services including partnership working. other third parties The Council is working jointly with the local Clinical Commissioning Group (CCG) on social care and with the other local authorities as part of the Tees Valley Combined Authority.
The Council’s website includes a section on how to do business with the Council to explain procurement and provide useful information to suppliers and members of the public.
Internal control Summary of Value for Money Executive summary Significant findings Appendices recommendations misstatements conclusion
11
21 of 134 6. VALUE FOR MONEY CONCLUSION
Significant audit risks The NAO’s guidance requires us to carry out work to identify whether or not a risk to our value for money conclusion exists. Risk, in the context of our work, is the risk that we come to an incorrect conclusion rather than the risk of the arrangements in place at the Council being inadequate. In our Audit Strategy Memorandum, we reported that we had identified one significant value for money audit risk. The work we carried out in relation to this significant risks is outlined below.
Risk Work undertaken Conclusion Responding to financial Building on our work in previous years, As has already been described in the comments pressures we have reviewed the Council’s on sustainable resource deployment, we noted updated MTFS and reviewed and that when setting the 2019/20 budget and Our audit work in previous years has updated our knowledge of the Medium Term Financial Strategy (MTFS) in concluded that the Council has arrangements the Council has in place February 2019, the Council balanced the budget arrangements in place for Medium to monitor progress against its savings for 2019/20, but did not present a balanced or Term Financial Planning. The plans and assumptions that underpin sustainable financial position over the medium Council continues to face financial the MTFS. term (2020/21 to 2022/23). pressure in the coming years and the Council has recently updated its We recognise that it is not uncommon for local medium term financial strategy authorities to identify a budget gap over the (MTFS). medium term, and then work on the measures to address this after the budget has been set. The We need to ensure our knowledge of difference in this budget round is that on the the Council’s MTFS arrangements Council’s current spending trajectory, and and its monitoring of the planned without firm and decisive action, the Council is in delivery of savings, remains up to danger of exhausting its revenue reserves in one date in order to ensure we give the to two years. correct VFM conclusion. As a result of this, we are qualifying our VFM conclusion in relation to the Council’s arrangements to ensure sustainable resource deployment in the medium term.
Internal control Summary of Value for Money Executive summary Opinion audit Appendices recommendations misstatements conclusion
12
22 of 134 4. OTHER REPORTING RESPONSIBILITIES
Exercise of statutory reporting powers No matters to report
Completion of group audit reporting requirements Below testing threshold
Other information published alongside the audited financial statements Consistent
The NAO’s Code of Audit Practice and the 2014 Act place wider reporting responsibilities on us, as the Council‘s external auditor. We set out below, the context of these reporting responsibilities and our findings for each.
Matters on which we report by exception The 2014 Act provides us with specific powers where matters come to our attention that, in our judgement, require reporting action to be taken. We have the power to: ° Issue a report in the public interest; ° Make a referral to the Secretary of State where we believe that a decision has led to, or would lead to, unlawful expenditure, or an action has been, or would be unlawful and likely to cause a loss or deficiency; and ° Make written recommendations to the Council which must be responded to publicly. We have not exercised any of these statutory reporting powers.
Reporting to the NAO in respect of Whole of Government Accounts consolidation data The NAO, as group auditor, requires us to complete the WGA Assurance Statement in respect of its consolidation data. We submitted this information to the NAO on 30 July 2019.
Other information published alongside the financial statements The Code of Audit Practice requires us to consider whether information published alongside the financial statements is consistent with those statements and our knowledge and understanding of the Council. In our opinion, the other information in the Statement of Accounts is consistent with the audited financial statements.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
13
23 of 134 5. OUR FEES
Fees for our work as the Council's auditor We reported our proposed fees for the delivery of our work in the Audit Strategy Memorandum, presented to the Council in February 2019. We have completed our work for the 2018/19 financial year, but at the time of producing this report, we have not yet finalised our audit fees for the year. If the final fee varies from that in the table below, we will write to the Chief Financial Officer setting out the proposed variation and any reasons for the variation, and seeking agreement to it. Any variations to the final fee will also require the approval of Public Sector Audit Appointments Limited, which manages the contracts for our work.
Area of work 2018/19 proposed fee 2018/19 final fee ***
Delivery of audit work under the NAO Code of Audit Practice £95,733 £95,733
*** Please note that at the time of producing this report, the audit fee has not yet been finalised.
Fees for other work
We have been engaged to carry out non-audit work in relation to the Council’s housing benefit subsidy claim. We expect to be engaged to undertake the assurance work in relation to teachers’ pensions, although this has not been confirmed at the time of preparing this report.
Area of work 2018/19 proposed fee 2018/19 final fee ***
Housing Benefit Subsidy Claim £9,900 £9,900
Teachers’ Pensions To be agreed To be agreed
*** This work has not yet been completed so we are unable to confirm the final fee at this stage.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
14
24 of 134 6. FORWARD LOOK
Financial outlook As reported in our Value for Money Conclusion in this report, the Council has identified significant budget gaps in its medium tern financial plan and is currently working on measures to address this. This is a challenging financial position and the Corporate Director for Resources and Chief Finance Officer has explained to us that the budget gap has been narrowed significantly, and that some measures identified may be delivered in time to reduce the planned draw on reserves in 2019/20. Decisive action to bridge the budget gap over the medium term is a key priority for the Council or it is in danger of exhausting its revenue reserves in one to two years.
Operational challenges As summarised in the Council’s annual governance statement, the main challenges facing the Council include: ° balancing the medium term financial plan including managing children’s social care pressures; and ° education standards in secondary schools The Council will also have to manage the recent change to senior management structures and governance arrangements, including operating without a Chief Executive.
How we will work with the Authority We will focus our work on the risks that your challenges present to your financial statements and your ability to maintain proper arrangements for securing value for money. In the coming year we will continue to support the Council by: ° continued liaison with the Council’s Internal Auditors to minimise duplication of work; ° attending Governance Committee meetings and presenting an Audit Progress Report including updates on regional and national developments; and ° hosting events for staff, such as our Local Government Accounts workshop. We will meet with key Council officers to identify any learning from the 2018/19 audit and will continue to share our insights from across local government and relevant knowledge from the wider public and private sector. In terms of the technical challenges that officers face around the production of the statement of accounts, we will continue to work with them to share our knowledge of new accounting developments and we will be on hand to discuss any issues as and when they arise. The Council has taken a positive and constructive approach to our audit and we wish to thank Members and officers for their support and co-operation during our audit.
2. Audit of the 3. Value for Money 4. Other reporting 1. Executive summary 5. Our fees 6. Forward look financial statements conclusion responsibilities
15
25 of 134 MAZARS AT A GLANCE
Mazars LLP ° Fee income €1.6 billion ° Over 86 countries and territories ° Over 300 locations ° Over 20,000 professionals ° International and integrated partnership with global methodologies, strategy and global brand
Mazars Internationally
Mazars in the UK
16
26 of 134 CONTACT
Gavin Barker Director & Engagement Lead
Phone:0191 383 6300 Email: [email protected]
Campbell Dearden Manager
Phone: 0191 383 6304 Email: [email protected]
27 of 134 Member Report AGENDA ITEM 6 April to August 2019/20 Audit & Assurance Outcomes
Public
To: Governance Committee Date: 24 Sept 2019
From: Corporate Director for Resources Decision type: For information
Portfolio: Resources Forward Plan reference: Priority: All priorities
Ward(s):
1 What is the recommendation?
1.1 That members note and comment upon the findings arising from internal audit, health and safety and other assurance work carried out between April and August 2019/20 (Appendices 1-3) excluding any work previously reported via the Annual Audit & Assurance Report submitted to this Committee in July 2019. Members are also asked to note and comment upon the performance of the Council’s internal audit and assurance service, Tees Valley Audit and Assurance Service - TVAAS (Appendix 4).
2 What part of the Corporate Plan does this report deliver and how, and what options have been considered?
2.1 Internal audit contributes to Redcar and Cleveland Borough Council by helping to promote a secure and robust internal control environment, which enables a focus on achieving the key priorities as set out in the Corporate Plan. Having an effective internal audit resource will help the Council deliver its priority of improving the way it works by documenting how internal audit is delivered. Audit and assurance works to an annual programme of work that includes assignments linked to corporate risks and priorities, and which seeks to add value by assessing the quality of controls in place to assure delivery, ensure value for money and achieve better outcomes for local people.
2.2 Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
2.3 The Council’s internal audit service is provided by Tees Valley Audit & Assurance Services (TVAAS), a shared service arrangement between Redcar & Cleveland and Middlesbrough Councils. TVAAS provides a wider integrated assurance service for Redcar & Cleveland Borough Council and includes health and safety, risk management and insurance.
28 of 134 Version 8 (05/12/2018)
2.4 The Governance Committee has responsibility for reviewing the adequacy of the Council’s corporate governance arrangements and each year agrees an Annual Governance Statement, which the Head of Paid Service and the Leader of the Council must sign, giving assurance that proper governance of operations has been in place throughout the year. Part of that assurance is gained from the work of Audit and Assurance which is aimed at providing assurance that the key risks faced by the Council are being managed effectively and that appropriate safeguards are in place for public funds and assets.
2.5 Members approved the 2019/20 Audit and Assurance Plan at their meeting on the 23 April 2019. The total number of planned audit and assurance days for 2019/20 is 2,100. This figure includes all compliance and assurance audits plus all advisory and support services relating to health and safety, risk management and insurance. For those assignments where a report is produced, the target is to have issued 100% of all reports in draft by 30 April 2020. The current performance on this target (including H&S audits) is 25%. It is expected that most of the remaining assignments will be completed by 30 April 2020 subject to any variations agreed (paragraph 2.9).
2.6 Each individual audit report provides an opinion on the system or area under review. The methodology applicable to those audits is provided for the benefit of Members in Appendix 5.
2.7 The key points to note from Appendices 1-3 are as follows:
• One internal audit report has been issued as a final during the period with an overall assurance level of Cause for Concern. • No health and safety audit reports issued as a final during the period had an assurance opinion of less than Moderate. • 4 new H&S P1 actions were raised during the period, 3 of which have been confirmed as implemented. There is 1 additional P1 internal audit outstanding from earlier quarters which relates to agreeing a service level agreement with Winkies Castle. Of the total 2 outstanding P1 actions, neither has passed its agreed target date (although the target date has been extended for one of these actions). • Based on accident reports received, 28 accidents have occurred since 1 April 2019 of which 2 were reportable to the Health and Safety Executive.
2.8 In total, 41 internal audit and health and safety actions, (7 schools and 34 non- schools), are outstanding and should have been implemented (according to the target date agreed at the time of the audit) by 31 August 2019. If all actions are implemented, there are no significant concerns to raise regarding these actions. Audit and assurance officers regularly pursue progress updates on all actions and therefore the number of outstanding actions changes each day.
2.9 Variations to the 2019/20 Audit and Assurance Plan
All proposed variations to the agreed Audit and Assurance Plan arising as the result of emerging issues and/or requests from directorates are communicated to the Governance Committee for information and comment. This will ensure that audit resource remains focussed on areas of strategic importance to the Council and will reassure Members of this Committee that there is a controlled process for deviating from the agreed audit plan. Two variations have been proposed to date. One is the
29 of 134 Version 8 (05/12/2018) Treasury Management audit as the audit is not considered to be a priority for this year given previous high levels of internal audit assurance plus the work that external audit performs as part of their annual audit. It is also suggested that the safeguarding children process audit could be deferred given the areas covered by Ofsted inspections. Additional audits have been requested (contingency time has been used) as follows: Saltburn Foreshore – an investigation into a complaint. The findings found no evidence of wrongdoing although some recommendations to improve controls were made; Education, Health & Care Plans – an investigation into reported performance and related problems affecting performance. The audit report has been issued in final and a summary is included in Appendix 1.
2.10 Performance of the Internal Audit Service
A service level agreement for the provision of internal audit services is in place between Redcar and Cleveland Borough Council and Middlesbrough Council and extends to 31 March 2021. The service level agreement includes several performance measures. Additional performance measures were later introduced based on the perceived development and improvement needs of the Service. The current level of performance against each of these measures is detailed in Appendix 4.
3 Who has been consulted and engaged?
3.1 The content of each individual internal audit and health and safety audit report and associated recommendations are agreed with the responsible officers at draft stage prior to the issue of the final report. This report is a summary of all internal and health and safety audit and other assurance outcomes from work carried out during 2019/20.
4 What are the risks and resource implications?
Type of Applicable? Details Risk/ Implication Health and Yes All audit and assurance work considers the risks relevant Safety to the topic under review, including health and safety. It focuses on the effectiveness of risk management and mitigation measures whilst seeking to identify gaps in assurance.
All staff within the Team are expected to comply with the Council’s health and safety policies and procedures. Staff wear appropriate protective clothing when carrying out audits in locations of higher risk (e.g. where machinery is present). Social Yes Audit & assurance work assesses the effectiveness of Value: risk management arrangements and the governance environment of the Council to support it in maximising the use of its resources for the benefit of the local community.
30 of 134 Version 8 (05/12/2018) Legal Yes Internal audit is a statutory requirement in a local authority. The Council has delegated the delivery of this responsibility to the Corporate Director for Resources. The work of TVAAS is governed by the Accounts and Audit Regulations 2015 and the mandatory Public Sector Internal Auditing Standards introduced in April 2013 (revised 2017). The Audit and Assurance Manager is required to report to those charged with governance on the findings of audit work, provide an annual opinion on the Council’s internal control environment and identify any issues relevant to the preparation of the Annual Governance Statement. Financial Yes The audit and assurance plan for Redcar & Cleveland Borough Council for 2019/20 includes a total of 2,100 days which cover all assurance areas including health and safety, risk and internal audit, insurance, and information governance. The number of days is based on the estimated productive days per member of the Team considering known and estimated absences and commitments. Redcar & Cleveland Borough Council charges Middlesbrough Council for the provision of an internal audit service. Charges are based on a daily charge rate linked to the grade of staff involved in the audit work applied to the actual days worked. Human No Resources
Equality and No There are no direct implications from this report on Diversity equality and diversity although aspects of the proposed internal audit work may involve a review of issues affecting equality and diversity. Carbon Yes The only implications from this report on the carbon Footprint footprint is that officers engaged in fulfilling the Charter do travel across both Redcar and Cleveland and Middlesbrough Boroughs to carry out their work. All staff are requested to organise their work schedules to the best of their ability to minimise the travel required. Other No (please specify)
5 Appendices and further information
5.1 Appendix 1 – Audit Outcomes Appendix 2 – Actions Status Appendix 3 – Accidents and Insurance Appendix 4 – Performance Targets for TVAAS Appendix 5 – Opinion Definitions
6 Background papers
6.1 No background papers other than published works were used in writing this report.
31 of 134 Version 8 (05/12/2018) 7 Contact Officer
7.1 Name: Helen Fowler Position: Audit & Assurance Manager Address: Redcar & Cleveland House Telephone: 01642 771165 Email: [email protected]
32 of 134 Version 8 (05/12/2018) NOT CLASSIFIED
APPENDIX 1 - GOVERNANCE COMMITTEE – AUDIT OUTCOMES April to August 2019/20
Key Messages:
One internal audit report was issued with a cause for concern opinion but no health and safety audit reports issued as final during the period had an assurance opinion of less than Moderate.
Four new P1 H&S actions were raised; more detail on these actions is provided in Appendix 2.
Table 1 - Internal Audit Reports Issued in Final during the period (excluding those included in the annual report submitted in July 2019)
Priority Audited System /Service Directorate Assurance P1 P2 P3 Draft Final Officer Lead Opinion Date Date Spending on Adult Care Fees AC Good 0 3 0 26/06/19 18/07/19 Assistant Director, Adult Care Accounts Receivable RES Good 0 0 6 28/06/19 22/07/19 Financial Services Manager Trade Waste GEE Good 0 3 0 21/06/19 23/07/19 Assistant Director, Neighbourhoods Homeless Team AC Strong 0 0 3 07/06/19 30/07/19 Assistant Director, Communities & Health Education & Health Care Plans CS Cause for 0 5 1 23/07/19 03/09/19 Assistant Director, Early Concern Help Total 0 11 10
33 of 134 NOT CLASSIFIED
Table 2 (a) H&S Audit Outcomes to Date 2019/20 (Non Schools)
Premises Directorate Priority Report Dates Opinion P1 P2 P3 Inspection Issued Officer Lead
North Skelton Village Hall AC Strong 0 1 2 15/04/19 23/04/19 Assistant Director, Adult Care
Grangetown Library AC Good 0 1 4 24/06/19 27/06/19 Assistant Director, Communities & Health
Travellers’ Site AC Strong 0 1 2 04/07/19 04/07/19 Assistant Director, Communities & Health
Guisborough Central AC Good 0 1 3 01/08/19 02/08/19 Assistant Director, Adult Care
Guisborough Library AC Good 0 1 3 08/08/19 12/08/19 Assistant Director, Communities & Health
Jervaulx Road AC Strong 0 2 0 05/08/19 12/08/19 Assistant Director, Adult Care
Loftus Library AC Strong 0 2 1 14/08/19 15/08/19 Assistant Director, Communities & Health
Ormesby Library AC Strong 0 1 4 13/08/19 16/08/19 Assistant Director, Communities & Health
Target – 16 Millbank Terrace AC Good 1 1 0 13/08/19 19/08/19 Assistant Director, Adult Care
Single Point of Access - Daisy CFS Moderate 1 4 0 03/06/19 04/07/19 Assistant Director, Early Help Lane Base
34 of 134 NOT CLASSIFIED
Premises Directorate Priority Report Dates Opinion P1 P2 P3 Inspection Issued Officer Lead
Grangetown Children’s Centre CFS Strong 0 2 0 02/07/19 09/07/19 Assistant Director, Early Help
Dormanstown Children's CFS Strong 0 1 0 03/07/19 19/07/19 Assistant Director, Early Help Centre/Family Hub Skelton Family Hub CFS Strong 0 0 1 15/08/19 22/08/19 Assistant Director, Early Help
Redcar Coast Family Hub CFS Strong 0 1 0 14/08/19 22/08/19 Assistant Director, Early Help
Saltburn Cliff Lift, Kiosk and GEE Strong 0 1 2 28/03/19 28/03/19 Assistant Director, Shelter Neighbourhoods
Fleet Vehicle Workshop and GEE Moderate 0 5 12 22/05/19 24/05/19 Assistant Director, Offices Neighbourhoods
Flatts Lane Visitor Centre GEE Strong 0 1 0 07/06/19 07/06/19 Assistant Director, Neighbourhoods
Borough Park, Redcar Lane GEE Good 0 3 4 12/06/19 13/06/19 Assistant Director, Neighbourhoods
Skelton Depot GEE Strong 0 2 3 07/08/19 12/08/19 Assistant Director, Neighbourhoods
South Tees Business Centre RES Good 0 2 3 10/05/19 16/05/19 Financial Services Manager
The Palace Hub/Redcar Beacon RES Strong 0 2 3 20/05/19 24/05/19 Financial Services Manager
Grangetown Neighbourhood RES Moderate 2 3 3 14/06/19 19/06/19 Assistant Director, Economic Centre Growth/Financial Services Manager
35 of 134 NOT CLASSIFIED
Premises Directorate Priority Report Dates Opinion P1 P2 P3 Inspection Issued Officer Lead
Fairway House RES Good 0 3 1 09/07/19 09/07/19 Financial Services Manager
Skelton Civic Hall RES Good 0 3 2 19/08/19 27/08/19 Financial Services Manager
Seafield House RES Good 0 3 1 21/08/19 28/08/19 Financial Services Manager
Belmont House RES Good 0 2 0 22/08/19 29/08/19 Financial Services Manager
TOTAL 107 4 49 54
Table 2 (b) H&S Audit Outcomes to Date 2019/20 (Schools)
Premises Directorate Priority Report Dates Opinion P1 P2 P3 Inspection Issued Officer Lead
Archway CFS Strong 0 1 1 17/05/19 06/06/19 Head of Education
Highcliffe Primary School CFS Good 0 2 3 19/06/19 21/06/19 Head of Education
Saltburn Learning Campus CFS Strong 0 1 0 29/05/19 03/06/19 Head of Education
Laurence Jackson School CFS Good 0 3 1 28/05/19 03/06/19 Head of Education
Grangetown Primary CFS Moderate 0 4 4 27/06/19 11/07/19 Head of Education School TOTAL 20 0 11 9
36 of 134 NOT CLASSIFIED
Table 3 – Summary of Findings for Audits with Cause for Concern or lower
Non Schools Findings Summary Audit Area Opinion Education & Health Care Plans Cause for At the time of the audit, the percentage of EHCPs completed within the statutory 20 Concern week timescales, by the Council's SEND team, represented a significant decrease in performance when compared to the overall completion rate for 2018. Audit testing highlighted the need for improvements to the monitoring regime for completing EHCPs and for a more structured approach for managing pressures existing within clusters. It was suggested that a rationale be defined to set out which annual reviews would benefit from the presence of a SEND member of staff and that consideration be given to the continuance of non-statutory activities which may impact upon EHCP completion timescales.
37 of 134 NOT CLASSIFIED
APPENDIX 2 - GOVERNANCE COMMITTEE – ACTIONS STATUS – April to August 2019/20
Key Messages
Based on final internal audit and health and safety audit reports issued during the period, 4 new P1 actions were raised of which 3 have been fully implemented and one is mostly completed. There is also 1 outstanding P1 action from previous quarters. Of the 2 P1s still outstanding, none have passed the agreed target date (although the date has been extended for one).
Table 1 – The P1 recommendations Made during Quarter 1 related to the following issues: Non Schools Target Implemented Responsible Audit Area Directorate Recommendation Date Y/N/In Assistant Comments progress Director Daisy Lane – CS Ensure that the fire alarm test 31/07/19 Y Assistant Action confirmed as Single Point of is carried out on a weekly basis Director, completed. Access at the same time each week. Safeguarding Grangetown RES A documented first aid needs 09/12/19 Partial Assistant All aspects of the action Neighbourhood assessment should be Director, completed except that Centre completed for the building and Neighbourhoods although training has been activities undertaken by the booked and scheduled, it staff. Once this assessment will not actually be attended has identified levels of first until early December 2019. aiders required, suitable personnel should be identified and trained to allow them to take on the role of first aiders for the building. Grangetown RES Suitable and sufficient risk 31/07/19 Y Assistant Action confirmed as Neighbourhood assessments should be Director, completed. Centre undertaken for all activities Economic Growth carried out within the building. & Financial These documents will allow for Services the correct control measures to Manager be adopted to ensure that the tasks are carried out safely.
38 of 134 NOT CLASSIFIED
Non Schools Target Implemented Responsible Audit Area Directorate Recommendation Date Y/N/In Assistant Comments progress Director Target Leaving CS Ensure that the fire alarm test 22/08/19 Y Assistant Action confirmed as Care is carried out on a weekly basis Director, completed. and the emergency lighting test Safeguarding is carried out on a monthly basis and both by an appointed person. The performance of the tasks should be recorded.
Table 2 – Outstanding P1 Actions Recommended in Previous Quarters
Non Schools Target Date Implemented Responsible Directorate Recommendation Y/N Assistant Comments Audit Director Area Winkies ACS Management should progress 18/01/19 N Cultural A draft agreement has Castle the lack of an agreed service Services been produced following level agreement as a matter of Manager several meetings and will priority. hopefully be agreed as a final document by the end of October 2019.
39 of 134 NOT CLASSIFIED
Table 3 – Outstanding Audit Actions that have passed due date at 31 August 2019 and where evidence or management assurance is still to be provided to the Auditors Directorate Total P1 P2 P3 Resources - Financial Services 4 0 3 1 - Governance 2 0 2 0 - Organisational Change 0 0 0 0 Sub Total 6 0 5 1 Adult and Communities - Public Health 1 0 1 0 - Adult Care 3 0 2 1 - Communities and Health 9 0 8 1 Sub Total 13 0 11 2 Children & Families - Safeguarding 0 0 0 0 - Early Help 1 0 1 0 - Schools 7 0 5 2 Sub Total 8 0 6 2 Growth, Enterprise & Environment - Cultural & Tourism 0 0 0 0 - Neighbourhoods 14 0 11 3 - Place Development & Investment 0 0 0 0 Sub Total 15 0 11 3 Overall Total 41 0 33 8
The 41 outstanding actions relate to:
Health and safety audits:
40 of 134 NOT CLASSIFIED
Dormanstown Family Hub (1); first aid (2); Grangetown Library (1); Grangetown Neighbourhood Centre (1); handyperson & adaptations team (3); Highcliffe Primary School (3); Highways H&S (1); Lockwood Primary School (1); personal protective equipment (3); Saltburn Cliff Lift, Kiosk & Shelter (1); The Haven (1); Total 18.
Internal audits:
Cemeteries (4); compliance with contract procedure rules (2); housing benefits (1); Laurence Jackson School (3); Saltburn Cliff Lift (5); volunteers - health & safety (8). Total - 23
41 of 134 NOT CLASSIFIED
APPENDIX 3 - GOVERNANCE COMMITTEE – ACCIDENTS & INSURANCE STATS – April to August 2019/20
The total number of accidents to date during 2019/20 is 28. Of the 28 accidents, two have been reportable to the Health and Safety Executive as detailed in table 1 below.
Table 1 – Reportable health and safety incidents
Reportable Health and safety/Asbestos Related Incidents
CS - A personal advisor from the looked after children’s team sustained injuries to her knees, hand and arm Safeguarding & following a fall at work. Ligament damage was confirmed and resulted in absence from work in excess of 7 Looked after days. Children
10.04.2019 RES - Financial A caretaker operating from Kirkleatham Museum sustained a fracture to his hip after he fell whilst opening a Services door. The handle of the door he was opening came away in his hand as he pulled. The resulting injury was reported to the HSE as a Major injury. 04.06.2019
There have been no other health and safety reportable incidents so far, this financial year (e.g. legionella, asbestos).
42 of 134 NOT CLASSIFIED
Table 2 – Accident Statistics 2019/20 (to date – as at 31 Aug 2019)
Overall Total Minor Greater than 7 day Major absence Total Q3 Q2 Q1 Total Q3 Q2 Q1 Total Q3 Q2 Q1 Total Q3 Q2 Q1 Adults & Communities 4 1 3 1 3 0 0 0 0 Children and Families 9 4 5 4 4 0 1 0 0 Growth, Enterprise & 10 4 6 4 6 0 0 0 0 Environment Resources 5 3 2 3 1 0 0 0 1 Total for financial year 28 12 16 12 14 0 1 0 1 to date
Table 3 – Insurance
For the period 1 April to 30 June 2019 there have been no new claims made against the Council’s insurance programme that were attributable to Adults & Communities, Resources and the Children & Families directorates. 35 claims were made against the Council attributable to Growth, Enterprise & Environment. The breakdown of these claims is shown in the table 3a below. Of these 20 were motor incidents, 14 public liability claims and 1 employer’s liability claim.
Table 3a Number of claims Costs to date Maximum Potential Outstanding Service Area Payment Arboricultural Services 1 0 £10,000 Bereavement & 1 0 £600 Cemeteries Services Highways 14 £160 £39,804 Neighbourhoods 6 0 N/K Transport 7 £371 N/K Waste 6 0 £1,249 Total 35 £531 £51,653
43 of 134 NOT CLASSIFIED
The top areas in terms of the highest number and value of claims received against Growth, Enterprise & Environment in this financial year to date are shown in the table 3b below:
Table 3b Number of claims Payments made to Maximum Potential Claim type 18/19 date 18/19 Outstanding Payment £ £ Highways Defect – damage to vehicle 6 80 116 Footway Trip – personal injury 5 0 37,688 Hit building/fixed object with vehicle 3 0 Not known Hit parked vehicle 7 371 1,249 Motor -Reversing 2 0 Not known Grass cutting / Strimming 4 0 600 Employers Liability 1 0 12,000 Total 28 451 51,653
44 of 134 APPENDIX 4 - Performance Target Position for 2019/20 Indicator Target Measurement Status (as at 04 Sept 2019)
1) Percentage 100% - by 30 April Complete = draft report or another 25% in terms of drafts issued (includes h&s completion of the 2020 deliverable issued by 30 April 2020. audit reports). agreed annual audit . plan 2) To achieve an 3.8 4 is the highest possible score. None returned for 2019/20 internal audit – average customer average based on 2018/19 was 3.85; satisfaction survey 3 surveys returned for h&s audits – average score 4; 3 surveys returned for insurance – average 3.67. 3) % of draft reports 100% Each draft report should be issued to the 100% of 2019/20 draft internal audit reports issued within 15 days client within 15 working days of the close of issued within 15 days and 67% of final of the end of fieldwork fieldwork i.e. discussions, provision of reports issued within 20 days of draft. evidence and responses to queries. 4) % Auditor 100% of expected The number of available productive days is Audit and Assurance Officers average 93% productivity productivity calculated for each member of the team, (target 95%). Slightly lower due to new taking into account estimated absences. AAO starter towards the end of the first This results in an expected number of quarter who completed induction and work productive days per officer. The target is shadowing. for 100% of the Team to meet their Compliance Auditors average 93% (target expected productivity. 95%). Slightly lower due to absence. 5) Number of To meet target Target will be set by each audit lead and 67% of 2019/20 assignments completed to assignments dates set at outset agreed with auditor at the start of each date have been within the target dates set. completed by target of audit (or earlier) assignment. dates set 6) Number of audits 100% Each assignment has a set number of days 100% of 2019/20 internal audit completed within the which should be adhered to. If an officer assignments completed to date have been budgeted time requires additional time, then a case must delivered within budget or no more than allocation be approved by one of the Team’s one day over budget. managers.
45 of 134 Not classified Appendix 5 Reporting Definitions
Audit Assurance Levels Audit and Assurance have five categories by which to classify the level of assurance offered over the system or area we have examined, these are defined as follows: Assurance Definition Level Strong Overall, a Strong Control Environment in relation to the areas Control examined. Based on the audit work undertaken, an effective system Environment of internal control is in operation and is applied consistently. Overall, a Good Control Environment with room for improvement in Good Control relation to the areas examined. Based on the audit work undertaken, Environment an effective system of internal control is in operation but is not always applied consistently. Overall, a Moderate Control Environment with some weaknesses in Moderate relation to the areas examined. Based on the audit work undertaken, Control an acceptable internal control environment is in operation, but there Environment are a number of improvements that could increase its consistency and effectiveness. Overall, Cause for concern in relation to the areas examined. Weak management of risk exists within a key area(s) that is/are crucial to Cause for the achievement of objectives. Major improvements need to be made Concern to the system or area in order to ensure the control environment is effective. Overall, Cause for Considerable Concern in relation to the areas Cause for examined. Fundamental failures exist within the control environment Considerable and the Council is exposed to unacceptable levels of risk. Key areas Concern that are crucial to the achievement of objectives need fundamental improvements. Priority Ratings In order to assist management in using our reports, we categorise our management actions according to the level of priority as follows: Priority Rating Definition A fundamental risk exists to the achievement of the system/service 1 - objectives and it is of an unacceptable level. Management should Fundamental initiate immediate action to address this system weakness. A significant risk exists which has the potential to adversely affect the 2 - Significant achievement of the system/service objectives. Management should initiate timely action to address the weakness. System objectives are not exposed to significant risk but the issue merits attention by management as it offers service improvements by 3 - Prudent complying with best practice, and strengthening the overall control environment.
46 of 134 AGENDA ITEM 7 Member Report Annual Assurance Report on Risk Management
Public
To: Governance Committee Date: 24 Sept 2019
From: Corporate Director for Resources Decision type: For information
Portfolio: Resources Forward Plan reference: Priority: All priorities
Ward(s):
1 What is the recommendation?
1.1 That members note and comment on the Council’s corporate risk management and opportunity and business continuity frameworks which aim to provide assurance that the Council’s arrangements are an effective means of ensuring that proportionate action is taken to mitigate risks and enable appropriate opportunities to be taken to contribute to achieving the Council’s Corporate Plan.
1.2 To seek comment and approval for the revised Risk and Opportunity Management Policy and the Business Continuity Policy for 2019/20.
1.3 To present the current version of the Corporate Risk Register following its review by Executive Management Team (EMT) on 17 June 2019 and ongoing review by directorate management teams and the Risk Management Group on 16 August 2019.
2 What part of the Corporate Plan does this report deliver and how, and what options have been considered?
2.1 Risk management and business continuity planning contributes to Redcar and Cleveland Borough Council by helping to identify and prepare for those risks that could affect the achievement of the key priorities as set out in the Corporate Plan. To achieve the Corporate Plan’s vision and values, it is essential that the Council manages the range of risks that could threaten the realisation of those values. By having effective risk management, it also has the confidence to pursue suitable opportunities as effective risk management is not just about avoidance but about understanding risk to enable appropriate opportunities to be taken. The Council recognises that effective risk management is a key element of effective corporate governance and supports the maintenance of a robust internal control environment.
2.2 Risk and opportunity management is the process used to identify, evaluate and manage the whole range of business risks and opportunities facing an organisation. Risk can be defined as the chance of something happening that could have an adverse impact on the Council’s business or priorities. An opportunity is something that could enhance the Council’s ability to deliver its strategic priorities. Effective risk
47 of 134 Version 8 (05/12/2018) management is about identifying what might go wrong, what the consequences might be of something going wrong and deciding what can be done to reduce the possibility of this happening. If something does materialise then effective risk management should minimise the associated impact. The aim is to support effective decision making through a good understanding of risks and opportunities and their likely impact.
2.3 The Council’s corporate risk management and business continuity frameworks are co-ordinated by Tees Valley Audit & Assurance Services (TVAAS) who provide a wider integrated assurance service for Redcar & Cleveland Borough Council, including health and safety, risk management and insurance. Directorates are responsible for identifying and managing the risks and opportunities affecting the achievement of their priorities and for updating their individual risk profiles.
2.4 Identification and Scoring of Risks/Opportunities
The Council proactively identifies, understands and manages the risks inherent in its services and associated with its plans and strategies to encourage responsible and informed risk taking. Risks are identified through horizon scanning, benchmarking and in response to findings from inspections and audits, government policy changes and engagement with staff and the public.
2.5 Corporate risks are those of significant, cross-cutting strategic importance that require the attention of the Council’s most senior managers. Each of the corporate risks has one or more named risk owner(s). The scoring system applied to all risks is a 5 by 5 assessment of likelihood and impact. Each risk is scored twice – the first score is the gross or initial risk score which is the likelihood and impact of the stated risk materialising if the Council had no mitigation controls in place whatsoever. The second score (and probably the more important in terms of decision making) is the residual risk score which assesses the likelihood and impact of that risk materialising once all existing mitigation controls have been factored in. Risk owners are asked to consider what additional actions need to be undertaken to further reduce the residual score, particularly if the current residual score is higher than can be tolerated by the Council’s risk appetite. Whilst most risks can be managed to reduce their likelihood there are risks (e.g. risks relating to safeguarding the vulnerable) where the associated impact, should it happen, cannot be reduced.
2.6 The content of the current corporate risk register remains under review to ensure that the register captures those risks that are a threat to the attainment of the Council’s Corporate Plan. The current version of the register is included at Appendix 2 and includes corporate risks only; there are also directorate risk registers which are managed by directorate management teams.
2.7 The Council has a focused and structured approach to risk management as described in the Risk and Opportunity Management Strategy and the supporting guidance. The Risk and Opportunity Management Policy and Strategy details the Council’s aims and priorities for risk management and provides details on the approach to be taken in relation to the communication and roles and responsibilities. The document is usually reviewed on an annual basis to ensure it remains relevant and in line with best practice.
2.8 The latest version of the Policy is attached at Appendix 1 for Members’ comment and information. Several minor changes have been made to the document as a result of benchmarking the Council’s Policy with other local authorities’ risk
48 of 134 Version 8 (05/12/2018) management policies and strategies. The main change to the Policy has been to the risk matrix itself and the words used to apply to likelihood and impact. These changes have occurred following the Risk Management Group’s review of the former matrix and comparison with the models used by other councils.
2.9 The Risk and Opportunity Management Strategy is supported by additional documents which provide more detail on the Council’s Risk Management Framework for example the risk ranking criteria which provides more guidance on the areas to consider when scoring a risk or opportunity. As noted above, these criteria have been reviewed to adapt it so that it provides guidance on scoring opportunities. Ongoing support and guidance is also available from the Council’s Audit and Assurance Team (TVAAS) who provide an integrated approach to audit and assurance including risk management assurance. TVAAS also maintain the Council’s corporate risk management module which records the corporate risks, existing controls and all known directorate risks on the module.
2.10 Behind each risk is a more detailed profile of that risk which describes the nature of the risk, the gross and residual risk score and the mitigation controls already in place and those still required to be implemented. It is the responsibility of the risk owners and directorate management teams to ensure that their profiles are completed and reviewed. The Audit and Assurance Officers use these risk profiles to help guide the scope of their audit work to provide assurance that the stated mitigation controls are in place and are operating effectively. The Audit and Assurance Team also consider whether opportunities are being taken where appropriate and where the associated risks and impacts have been considered.
2.11 Once risks have been profiled in line with the Council’s framework and a residual score identified, the risks are recorded by TVAAS on the risk management system and are subject to regular review and update.
2.12 The Council’s risk management framework is supported by a corporate Risk Management Group with cross directorate membership. The Group meets on a quarterly basis and has an agreed remit, its key role being to monitor and highlight risk areas within the Council and to ensure that any required risk mitigation action is taken. The activity of the Group and any key messages are reported to Governance Committee for information. A typical agenda covers the corporate risk register, health and safety risks, any updates to policies and strategies and outstanding audit and assurance actions. The most recent meeting of this Group took place on 16 Aug 2019.
2.13 In terms of insurance, the Council self-funds risk up to a level that can be borne by the organisation and which aligns to the financing strategy in relation to reserves. The Council’s insurance risk appetite is reviewed on a regular basis to ensure that the Council understands and accepts the level of risk it can withstand. Any risks which are beyond the risk appetite are transferred by the purchase of insurance and the Council regularly reviews its insurance arrangements to ensure that the most cost effective cover is in place. To set the insurance risk appetite, an organisational wide risk profile is undertaken involving the consideration of 20 disaster scenarios. This exercise is completed and then analysed and helps ensure that the Council’s risk appetite is set correctly and that only the required level of insurance is purchased.
2.14 The Audit and Assurance Team provide internal verification on the effectiveness of risk mitigation controls and the content of the Council’s risk registers is one of the
49 of 134 Version 8 (05/12/2018) key influences on the annual Audit and Assurance Plan. Each individual internal audit refers to the system’s or service area’s profiled risks as part of the planning for that audit prior to agreeing each audit’s terms of reference. Since 2017/18 the Audit and Assurance Plan has included an allocation of time to confirm, on a sample basis, the mitigation controls in place to manage the Council’s corporate risks. All risk assurance audits completed have been reported to this Committee via the Annual Report or the progress reports.
2.15 Progress Against 2018/19 Development Actions Several actions were identified in the 2018 report to this committee and progress on these actions is as follows; Assurance map – a draft map has been compiled but will require updating on a regular basis; Self-assessment of risk management arrangements against British Standard ISO31000 – a review of the current risk management arrangements has been undertaken and any planned actions are detailed in the paragraph below; Consideration of setting target scores for individual risks – to be discussed at Risk Management Group in Dec 2019 although the overall aim is to reduce all risks to a green rating; Future reporting to EMT will be undertaken regarding the implementation of planned actions to mitigate risks. The Audit & Assurance Officer – Risk & Insurance has followed up on progress to implement planned controls. Any non-implemented controls that have passed their target dates will be reported to the Risk Management Group. Work will be undertaken to differentiate between risks and opportunities with a view to possibly creating a separate opportunity register – this was discussed at EMT but it was agreed that creating a separate opportunity register would not be a meaningful exercise given the existing processes in place for decision making; Future reporting to Governance Committee - the corporate risk register is now presented to the Governance Committee at most meetings.
2.16 A recent review of the risk management framework against good practice has identified the following additional actions to be taken over the next year: Review the Audit and Assurance Team’s interaction with risk owners to ensure that the process becomes better embedded. Areas to be trialled are risk workshops so that TVAAS can have a more proactive input into the profiles being written and identifying when new ones needs to be produced (workshops); Briefing and awareness sessions on risk management to be offered as part of the Council’s programme of training events; Performance reports to provide more information about how directorates are managing their corporate risks; Consider the type of risk management reporting that would add value e.g. reporting of risk management trends, number of planned mitigation actions outstanding etc. Consider whether the Governance Committee wishes to nominate a Member champion for risk management.
2.17 Business Continuity
The Council has a Business Continuity Policy & Strategy which has recently been reviewed and updated. The document has been shared with the Risk Management Group and is included at Appendix 3. Other business continuity activities
50 of 134 Version 8 (05/12/2018) undertaken include:
• All Business Recovery Procedures (BRP) (team level plans) have been reviewed for the main admin building and teams have been requested to transfer information to the new streamlined templates. TVAAS staff are helping teams to identify what is critical or non-critical. • Business Recovery Management Plans (building level plans) have all been reviewed for main admin buildings and are now on a streamlined plan. When finalised, this will go to DMTs and the Risk Management Group for information. • One Business Recovery Management Team is now in place for all buildings rather than each building having its own. Training will be provided to team members. • The Audit & Assurance Officer – Risk & Insurance will be attending training in November to ensure business continuity skills and knowledge are maintained.
3 Who has been consulted and engaged?
3.1 The Executive Management Team, Corporate Director for Resources, Risk Management Group and Information Governance Group work to ensure risks are managed well and that the organisation’s risk culture is promoted. 4 What are the risks and resource implications?
Type of Applicable? Details Risk/ Implication Health and Yes All audit and assurance work considers the risks relevant Safety to the topic under review, including health and safety. It focuses on the effectiveness of risk management and mitigation measures whilst seeking to identify gaps in assurance.
All staff within the Council are expected to comply with the Council’s health and safety policies and procedures. Staff wear appropriate protective clothing when carrying out audits in locations of higher risk (e.g. where machinery is present). Social Yes Effective risk and opportunity management is aimed at Value: supporting management to take the right decisions for the benefit of service improvement to the local community. It is aimed at mitigating the materialisation of risks that could cause harm or damage.
Legal Yes By managing risks the Council has a process in place for identifying and managing the risks of failing to comply with legislation. Financial Yes There are clear links from risk management to the financial spend of the Council. By managing risks the Council can highlight any trends and manage these to ensure that there is no detrimental financial impact. Risk appetite is closely linked to the cost of insurance.
51 of 134 Version 8 (05/12/2018)
Human No Resources
Equality and No There are no direct implications from this report on Diversity equality and diversity although aspects of risk management work may involve a review of issues affecting equality and diversity. Carbon Yes The only implications from this report on our carbon Footprint footprint is that officers engaged in risk management and assurance work do travel across Redcar and Cleveland Borough to carry out their work. All staff are requested to organise their work schedules to the best of their ability to minimise the travel required. Other No (please specify)
5 Appendices and further information
5.1 Appendix 1 – Risk and Opportunity Management Policy and Strategy Appendix 2 – Corporate Risk Register Appendix 3 – Business Continuity Policy and Strategy
6 Background papers
6.1 No background papers other than published works were used in writing this report.
7 Contact Officer
7.1 Name: Helen Fowler Position: Audit & Assurance Manager Address: Redcar & Cleveland House Telephone: 01642 771165 Email: [email protected]
52 of 134 Version 8 (05/12/2018) Risk and Opportunity Management Policy and Strategy
Appendix 1
Redcar & Cleveland
Borough Council
Risk and
Opportunity
Management
Policy and
Strategy
1
53 of 134 Risk and Opportunity Management Policy and Strategy
Ownership & Review
Name Helen Fowler Title Audit & Assurance Manager Telephone 01642 771165 Email @redcar-cleveland.gov.uk
Approver John Sampson Review Date 11/10/2017
Version Control
Version Date Author Changes 1.0 22/11/2016 Heather Pearce Minor amendments to existing policy and strategy 2.0 11/10/2017 Helen Fowler Review and rewrite of former policy and strategy 3.0 08/10/2018 Helen Fowler Review and amend and expand information on risk appetite. 4.0 12/09/2019 Helen Fowler Review with minor amendments including change to risk matrix wording.
Distribution
Version Date Circulation 2.0 24/10/2017 Resources DMT 2.0 06/11/2017 EMT 2.0 21/11/2017 Governance Committee 3.0 23/10/2018 Resources DMT 3.0 05/11/2018 EMT 3.0 14/11/2018 Risk Management Group 3.0 27/11/2018 Governance Committee 4.0 16/08/2019 Risk Management Group 4.0 27/08/2019 Resources DMT 4.0 09/09/2019 EMT 4.0 24/09/2019 Governance Committee
2
54 of 134 Risk and Opportunity Management Policy and Strategy
Contents 1.0 Policy Statement ...... 4 2.0 What is Risk and Opportunity Management? ...... 5 3.0 Good Risk Management ...... 5 4.0 Objectives ...... 6 5.0 Risk and Opportunity Profiling ...... 6 6.0 Risk Appetite and Opportunities ...... 7 7.0 Risk Management Process ...... 9 8.0 Risk Management Methodology ...... 9 9.0 Roles and Responsibilities ...... 12 10.0 Insurance (Risk Transfer) ...... 12 11.0 Fraud Risk Management ...... 13 12.0 Risk Assurance Arrangements ...... 13 13.0 Review of Policy ...... 14 APPENDIX 1 - GLOSSARY OF RISK MANAGEMENT TERMS ...... 15 APPENDIX 2 – BENEFITS OF RISK MANAGEMENT ...... 18 APPENDIX 3 ROLES AND RESPONSIBILITIES ...... 19 APPENDIX 4 RISK APPETITE MATRIX ...... 22
3
55 of 134 Risk and Opportunity Management Policy and Strategy
1.0 Policy Statement
1.1 The purpose of this Policy and Strategy is to outline how the Council will manage its risks and opportunities effectively to enable it to improve services, provide value for money and use resources in an efficient way. The key objectives for having a risk management framework are to:
Enable the timely mitigation of threats or maximisation of opportunities to support the achievement of the Council’s objectives; Promote effective decision making; Support the Council in adhering to statutory and regulatory responsibilities; Support and encourage innovation by being aware of the risks that need to be managed but without being overly risk averse; Embed a consistent risk management approach within usual business practices across the Council.
1.2 Redcar and Cleveland Borough Council is committed to adopting best practice in the identification, evaluation and cost effective control of risk to ensure they are reduced to an acceptable level or eliminated, also to maximise opportunities to achieve the Council’s objectives and deliver services. However, it is acknowledged that some risks will always exist and will never be eliminated.
1.3 To achieve the vision and values as set out in the Corporate Plan, it is essential that the Council identifies, manages and communicates the range of risks that could threaten the realisation of those values. Equally, it will need to identify opportunities to help it fulfil the Corporate Plan; taking opportunities can often involve risk but it is important to note that risks do not have to be avoided if they are managed effectively. Compliance with a strong framework should enable the Council to be bold and ambitious in maximising the right opportunities. The Council’s vision is ‘a flourishing future forged from a proud past’ and its values are:
Keeping communities at our heart; Bold and ambitious; Caring and respectful; Delivering our best.
1.4 The Council recognises that effective risk management is a key element of effective corporate governance and supports the maintenance of a robust internal control environment. The Governance Framework comprises the systems, processes, culture and values by which the Council is directed and controlled, and the activities through which it accounts to, engages with and leads the community. It
4
56 of 134 Risk and Opportunity Management Policy and Strategy
enables the Council to monitor the achievement of its strategic objectives.
1.5 The Council will proactively identify, understand and manage the risks and opportunities inherent in its services and associated with its plans and strategies so as to encourage responsible and informed risk taking and decision making. In order to achieve this, the Council has a focused and structured approach to Risk Management as described in the Risk Management Strategy and the supporting guidance.
1.6 All councillors, employees, service providers, partners, and stakeholders are expected to play a positive role in embedding the culture, ethos and practice of effective risk management in all activities.
1.7 All employees must understand the nature of risk balanced against opportunity and accept responsibility for managing and mitigating those risks associated with their area of work. In undertaking this they will receive the necessary support, assistance and commitment from senior management and Members.
2.0 What is Risk and Opportunity Management?
2.1 Risk and Opportunity Management is the process used to identify, evaluate and manage the whole range of business risks and opportunities facing an organisation.
2.2 Risk can be defined as something happening that could have an adverse impact on the Council’s business or objectives. An opportunity is something that could enhance the Council’s ability to deliver its strategic priorities. The objective of risk and opportunity management is to secure the assets and reputation of the organisation and to ensure the continued financial and organisational well-being of the Council.
2.3 A glossary of terms typically used in relation to risk management is included at Appendix 1.
3.0 Good Risk Management
3.1 The Council’s risks stem from a variety of sources, many of which are out of its direct control. Good risk management is not about eliminating the presence of risk entirely but about identifying what might go wrong, what the consequences might be of something going wrong and deciding what can be done to reduce the possibility of this happening. Effective risk management will attempt to minimise make sure that the impact of a risk if it does materialise although it is recognised that, for some risks, the impact will remain high meaning that the focus will have to be on reducing the likelihood., if a risk does materialise, is kept to a minimum. Knowing that risks are being managed will also
5
57 of 134 Risk and Opportunity Management Policy and Strategy
enablehelp the Council to take advantage of suitable business opportunities. Risk management should ensure that an organisation makes cost effective use of a risk framework that has a series of well- defined steps. The aim is to support effective decision making through a good understanding of risks and their likely impact. The benefits of effective risk and opportunity management are set out in Appendix 2.
4.0 Objectives
4.1 The objectives are:
o Ensure that the Council continues to meet all statutory and best practice requirements in relation to risk and opportunity management. o Ensure risk and opportunity management is embedded within our culture and make sure that it is integral to all our business processes; o Embed risk and opportunity management as a key part of strategic, operational, financial and project planning and management; o Ensure that risks are managed in accordance with best practice and that there is a systematic approach to risk and opportunity identification and assessment; o Ensure that all parties understand their roles and responsibilities and contribute to the approach to Risk Management o Ensure the Council successfully identifies and manages risks and opportunities at a corporate, operational, programme, project and partnership level. o Ensure that risk management continues to be a key and effective contributor to corporate governance; o Enable the Council to take advantage of suitable business and development opportunities by ensuring effective management of any associated risks.
5.0 Risk and Opportunity Profiling
5.1 The Council will maintain a Corporate Risk Profile, and a range of other risk profiles for directorates, programmes, projects and partnerships, where considered necessary.
5.2 Risk profiling is a central component of risk management that is used to identify, analyse and control risk and is an examination of what could affect the Council’s service provision. This is undertaken to ensure that all key risks are identified and that relevant control measures are in place to mitigate the potential risks that may occur. Once risks are profiled in line with the Council’s framework and a residual score identified then they will reside on the relevant risk register in
6
58 of 134 Risk and Opportunity Management Policy and Strategy
accordance with their residual risk value and will be managed in accordance with the Council’s risk appetite.
5.3 Corporate risks will be categorised between ‘Borough’ risks and ‘Council’ risks. ‘Borough’ risks are those where the main impact will be on the residents of the Borough e.g. a flooding or other disruptive incident whilst a ‘Council’ risk is more restricted to the internal organisation of the Council e.g. a prolonged failure of the ICT network. Inevitably, there may be some overlap between the two categories but the intention will be to categorise according to where the principal impact will be.
5.4 Opportunities can also arise from areas within the organisation and externally. Internal sources of opportunity include how the Council structures itself, what partnerships it enters into and what technological innovation it takes advantage of. External sources of opportunity include changes to political, legal, social and environmental forces. Opportunities may be identified by considering any that have not been taken in the past because of the perceived risk or lack of resources. Once an opportunity has been identified it should be described to include the expected benefits and contributions to Council priorities.
6.0 Risk Appetite and Opportunities
6.1 Risk appetite can be defined as the amount of risk, that the Council is prepared to tolerate/accept in the pursuit of its strategic priorities. The amount of risk an organisation accepts varies from organisation to organisation depending on its unique culture and circumstances. However, factors such as the external environment, people, business systems and policies will influence the Council’s appetite for accepting and managing risk. Risk appetite is likely to be informed by an understanding of any existing controls and will also be influenced by the expected reward or outcome.
6.2 Understanding the Council’s risk appetite is essential in supporting the delivery of the Council’s vision and Corporate Plan. One of the Council’s values is to be bold and ambitious and therefore its risk appetite and management framework will need to support this value. The diverse range of Council activities means that defining one generic risk appetite can be difficult and it will inevitably have a variable appetite to risk in different areas. Decisions will depend on the context, the nature of the potential losses or gains, and the extent to which information regarding the risks is complete, reliable and relevant. At times, the risks and exposures associated with taking a project or initiative forward may be judged to outweigh the known or likely benefits of delivering it and such scenarios may require the involvement of the Executive Management Team to make a final decision. However, the Council acknowledges that some risks and opportunities must be taken if it is to achieve its Corporate Plan.
7
59 of 134 Risk and Opportunity Management Policy and Strategy
6.3 The Council recognises that delivering the bold and ambitious Corporate Plan will, at times, involve a degree of risk‐taking and uncertainty. As such, there may be an appetite for higher levels of risk where appropriate to deliver its priorities. The Council’s approach to risk taking will continue to be managed within the established risk management policy, framework, and process. As such, opportunities involving higher levels of risk will only be accepted on the basis of a thorough understanding of the exposures involved and potential benefits arising and will be subject to appropriate mitigation controls and authorisation.
6.4 The following will be taken into account when assessing the risk appetite for each risk or opportunity:
Compliance and Regulation - The Council’s approach will be to minimise exposure to compliance and reputational risk, whilst accepting and encouraging an increased degree of risk in other areas in pursuit of our strategic objectives.
Service Delivery – the Council will accept a moderate to high level of risk arising from the nature of the Council’s business operations and service delivery to deliver an appropriate level of service at value for money, whilst minimising any negative reputational impact.
Financial – the Council must maintain long term financial viability and is required to set a balanced overall revenue budget each year. Financial risks will be assessed according to their impact upon the need for the Council to comply with its own reserves and treasury management strategies.
Reputation - as a public service, the Council has a low appetite for risk to its reputation and anything that would jeopardise that reputation through any adverse publicity.
Transformation and Organisational Change - the Council works in a continually changing environment in terms of its internal operations and the services it provides. Projects leading to change or transformation provide the Council with an opportunity to establish benefits for the longer term. The Council recognises that this may require increased levels of risk and is comfortable accepting the risk subject to always ensuring that risks are appropriately managed.
Regeneration – the Council seeks to invest in the development and regeneration of the Borough. This requires it to be innovative in its approach and therefore the Council is willing to accept a higher risk appetite in return for the expected benefits to the community provided that those benefits have been assessed and the carefully considered and mitigated as far as practicable.
8
60 of 134 Risk and Opportunity Management Policy and Strategy
People – the Council’s staff are critical to its success and achieving its Corporate Plan therefore it has a low risk appetite for anything that is detrimental to staff health and safety (please refer to Corporate H&S Policy) and welfare. The Council will not put the safety of its staff or residents at risk.
7.0 Risk Management Process
7.1 The overall process to be followed for risk management process involves identification, evaluation, management and review and is as follows: Ob
Council Objectives
Identify Risks
Gross Risk Score
Identify Existing Controls
Identify Control Gaps
Residual Risk Score
Monitor and Report
Achieve Objectives
7.2 These steps enable the Council to:
understand the nature and scale of its risks; identify the level of risk that the Council is willing to accept; recognise its ability to control and reduce risk and where it cannot control the risk; keep all risks and opportunities under regular review; take action where possible and proportionate; take appropriate opportunities which could contribute to attaining Corporate Plan priorities.
8.0 Risk Management Methodology
8.1 Identification of risks and opportunities - a systematic approach will be applied to identify all strategic and operational risks and opportunities by taking into account knowledge of the service, the legal, social,
9
61 of 134 Risk and Opportunity Management Policy and Strategy
political and cultural environment in which it exists and an understanding of the Council’s corporate objectives. Risks are identified through horizon scanning, benchmarking and in response to findings from inspections and audits, government policy changes and engagement with staff and the public.
8.2 Project risks and opportunities should be identified by the project group and a project risk register developed. Partnership risks and opportunities should be identified by the partnership and a partnership risk register developed.
8.3 Where members and officers are asked to make decisions they are advised of any associated risks. Committee reports include a section demonstrating that the risks and opportunities have been identified and assessed.
8.4 Risk and Opportunity Assessment - following identification of the risks and opportunities they are then evaluated according to the likelihood of the risk occurring and the potential impact if it did occur. When evaluating the impact of a risk, a range of possible consequences is considered ranging from the impact on staff, the local community, and/or the Council’s services. Cost implications and whether the risk could prevent the Council meeting its statutory and legal requirements are also considered.
8.5 A 5x5 scoring mechanism for probability and impact is applied as set out below.
8.6 Detailed information on the Council’s methodology for risk identification, analysis and control is provided in the handbook. All risks with a residual risk graded amber or red will automatically be included on the corporate risk register.
Likelihood Zero Unlikely LikelyPo Very Almost to low ssible Likely Certain Catastrophic 5 10 15 20 25
CriticalMajor 4 8 12 16 20
SignificantMod 3 6 9 12 15
Impact erate
InsignificantMi 2 4 6 8 10 nor
Negligible 1 2 3 4 5
10
62 of 134 Risk and Opportunity Management Policy and Strategy
8.7 The Corporate Risk Register, which captures the Council’s most significant risks, is reviewed every quarter by the Executive Management Team. Directors provide feedback to their risk owners and the register is updated as appropriate. Submission of the Corporate Register to the Governance Committee is scheduled to take place every six months.
8.8 Previously, Directorate risk registers have been maintained by the directorates but it is proposed that such registers will, in future, be captured into the risk and audit management module which will facilitate monitoring and reporting.
8.9 Risk Registers are updated and reviewed on a regular basis by the relevant Management or Project Team to ensure that future control improvements are implemented on time and new risks are highlighted. Directors and assistant directors are encouraged to utilise their Risk Registers with their own senior management teams, to ensure a shared awareness of risks and opportunities relating to their areas of responsibility, and how these relate to the Council’s Corporate Risks.
8.10 Audit and Assurance (TVAAS) monitoring of Risk Registers will identify: new and emerging risks; slippage in implementing control improvements; areas where perceptions of risk are considered inaccurate and may require change; significant risks which may need to be brought to the attention of, or formally escalated for action or further investigation by Executive Management Team or be subject to an assurance or audit review.
8.11 The approach adopted by the Council for profiling project related risks must be consistent and must be applied to any major projects that the Council is considering undertaking. The Council’s Project Management Handbook is currently ‘In Control’ and provides detail on how to manage projects and governance arrangements to support these. Project Risk Logs in line with the Council’s Risk Management methodology are required detailing the risk exposure on each project which should be monitored by the relevant Project Manager/Project Board throughout the life of the project. Should the project risks need to be escalated then they initially should be reported to the supporting Directorate’s DMT and then escalated if required on a risk profile to the Executive Management Team.
8.12 The business continuity process is essentially risk management applied to the whole organisation and its ability to continue with its service provision in the event of an event which impacts on the Council’s ability to still deliver a service. The Council must ensure risk management processes are applied throughout the business continuity
11
63 of 134 Risk and Opportunity Management Policy and Strategy
lifecycle and that plans are in place for critical services so that the business can be maintained should an incident occur.
9.0 Roles and Responsibilities
9.1 Responsibility for risk management runs throughout the Council and it is important that there is clear identification of roles and responsibilities. This ensures the successful adoption of risk management and demonstrates that it is embedded within the culture of the organisation. Everyone has a role to play in the risk management process.
9.2 Managers are responsible for ensuring that effective controls are in place for managing those risks that fall within their responsibility and to ensure that resources are used effectively in pursuit of the Council’s priorities. Managers are responsible for ensuring that they identify opportunities in their service areas and that such opportunities are considered in terms of the risk impact.
9.3 Management of corporate risks is reported through the Council’s Annual Governance Statement (AGS). Each Directorate contributes to the production of the AGS by identifying their significant risks and the actions to be undertaken to mitigate them.
9.4 The detail of individual roles and responsibilities is provided in Appendix 3.
10.0 Insurance (Risk Transfer)
10.1 The Council reviewed its insurance arrangements by completing an organisational wide risk profile to set the Council’s risk appetite. This allowed the Council to self-fund any risks that fall below the value of £5 million. It is therefore vital that effective risk management is maintained as this is linked to the Council’s revised insurance arrangements. There are some risks which, even with control measures in place to mitigate these risks should they occur, would cause the Council significant financial pain should they be realised and the Council has purchased catastrophic insurance to cover these situations with some built in safeguards to protect budgets. By setting the revised risk appetite the Council has achieved significant premium saving year on year. The Council’s self-funding arrangements pay for claims within the excess level and these are replenished via the insurance premium recharge arrangements, which are recovered from directorate budgets and include the combined cost of external insurance premiums and the required self-fund contribution. To ensure that the Council maintains the most cost effective balance between self-funding and external insurance cover an actuarial review of the Self-Insurance Funds is undertaken at least on a 3 yearly basis.
12
64 of 134 Risk and Opportunity Management Policy and Strategy
11.0 Fraud Risk Management
11.1 On behalf of the Council, TVAAS maintains a fraud risk register, the content of which is updated at least annually and is the subject of an annual report to the Governance Committee. National fraud risks are identified and assessed in terms of their likelihood and potential impact within Redcar & Cleveland Borough Council. Internal control systems are intended to minimise the opportunity for fraud or misappropriation of assets. The Council’s Anti-Fraud, Bribery and Corruption Policy and associated policies are published on the intranet.
12.0 Risk Assurance Arrangements
12.1 Assurance activities are not a substitute for good management of risks by individual risk owners. Risk owners should be managing and mitigating their risks as part of their business activities. Assurance activities are independent of management and are designed to provide assurance to directorate management teams, the Executive Management Team and the Governance Committee that risks are being effectively managed and that opportunities are being considered.
12.2 An Assurance Map provides an overview of where other independent sources of assurance exist. Audit & Assurance (TVAAS) maintain an assurance map which records the various sources of assurance across the Council whether it be internal or external audit or Ofsted, CQC etc. The assurance map records where assurance has been provided in relation to a corporate risk.
12.3 The internal and external auditors form a key part of the Council’s assurance arrangements and report throughout the year to the Governance Committee. External audit express an opinion as to whether the Council’s statement of accounts give a true and fair view in accordance with the CIPFA/LASAAC Code of Practice on Local Authority Accounting in the United Kingdom 2016/17. Internal audit carry out a programme of assurance work in accordance with the Public Sector Internal Audit Standards (PSIAS) that is based on the Council’s key risk areas and provide an annual opinion on the Council’s control environment.
12.4 TVAAS prepare and present to the Executive Management Team and to the Governance Committee, an annual report on corporate risk assurance. This report will provide an opinion on the risk management in place in relation to the corporate risks. It will be based on the audit work carried out during the year and will be an assessment of the management of the individual corporate risks (as opposed to an assessment of the risk management framework).
13
65 of 134 Risk and Opportunity Management Policy and Strategy
13.0 Review of Policy
13.1 This Policy will be reviewed annually or at least every two years.
13.2 Revisions will be made in the interim, as and when required, to address changes in legislation and/or government policies.
14
66 of 134 Risk and Opportunity Management Policy and Strategy
APPENDIX 1 - GLOSSARY OF RISK MANAGEMENT TERMS
Term Description Annual Governance Statement is produced on an annual basis and details how the Council deals with Annual Governance Corporate Governance. The AGS is produced and Statement signed by the Chief Executivehead of paid service and Leader of the Council and is placed with the Statement of Accounts. The approach and process used to prioritise and Assessing risks determine the likelihood of risks occurring and their potential impact on the achievement of our objectives. Consequence The outcome of an event. Contingency An action or arrangement that can be put into place to minimise the impact of a risk if it should occur. Control (control Any action, procedure or operation undertaken to measures) either contain a risk to an acceptable level, or to reduce the likelihood. The method by which local authorities direct and Corporate Governance control their functions and relate to their communities (as per CIPFA SOLACE). Down-side risk A risk with a negative or unfavourable impact. Embedding Risk Ensuring that the Risk Management Strategy is Management reflected in the objectives and functions of every level of the organisation. Executive Management Receives escalated issues/areas of concern from Team the Risk Management Group. The directorate representative on risk who attends the Risk Management Group and coordinates risk Governance Champion management activity. (a Champion currently is not in place and this is to be discussed at Governance Committee). Impact The evaluated effect or result of a particular outcome actually happening. An event or concern that has occurred or is taking Issue place and should be addressed (as opposed to a risk which has not yet, or might not, occur) Inherent risk The levels of risk existing before any treatment measures have been taken. Likelihood The probability that an identified risk event will occur. A strategy that decreases risk by lowering the Mitigation (Plan) likelihood of a risk event occurring or reducing the impact of the risk should it occur. Objective Something worked toward or striven for, a goal. Operational risk Risks associated with the day to day issues that the organisation is confronted with as it strives to deliver its objectives.
15
67 of 134 Risk and Opportunity Management Policy and Strategy
Term Description Risks associated with a specific activity, which has Project risks defined goals, objectives, requirements, a life cycle, a beginning and an end. Raw Risk (also referred The profiling of the risk with no control measures in to as gross or initial risk) place. Residual Risk The level of risk remaining after the current control measures have been implemented. Risk The chance of something happening that will have an impact upon objectives. It is measured in terms of impact and likelihood. Risk Analysis A systematic use of available information to determine how often specified events may occur and the magnitude of their consequences. The level of risk that the Council is prepared to Risk Appetite accept, tolerate or be exposed to at any point in time. Risk Assessment The overall process of risk analysis and risk evaluation. Risk Control The part of risk management which involves the provision of policies, standards and procedures to eliminate or minimise adverse risks. Risk Evaluation The process used to determine risk management priorities by comparing the level of risk against predetermined standards, target risk levels or other criteria. Risk Identification The process of determining what can happen, why and how. Chaired by the Corporate Director for Resources Risk Management Group and made up of Governance Champions and other key risk related people from across the Council. Risk Management The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects. This means having in place a corporate and systematic process that efficiently identifies, Risk Management assesses, manages and communicates the impact Framework of risks in a cost-effective way and having staff with the appropriate skills to identify and assess the potential for threats and opportunities to arise. Risk Management The Council’s overall organisational approach to risk Strategy management. The person who has overall responsibility for Risk Owner addressing the risk and who has the authority to ensure that the right actions are being taken. Risk Profile The summary of identified risks and assessment of their seriousness. Risk reduction A selective application of appropriate techniques and management principles to reduce either
16
68 of 134 Risk and Opportunity Management Policy and Strategy
Term Description likelihood of occurrence or its consequences, or both. Risk Register A product used to maintain information on all identified risks pertaining to a particular activity, project or programme. Risk transfer Shifting of the responsibility or burden for all to another part through legislation, contract, insurance or other means. Risk transfer can also refer to shifting a physical risk or part thereof elsewhere. Risk treatment Selection and implementation of appropriate options for dealing with risk. Stakeholders Those individuals and organisations who may affect, be affected by, or perceive themselves to be affected by, the decision or activity. Strategic or Corporate Risk concerned with where the organisation wants risk to go, how it plans to get there and how it can ensure survival. Up-side risk A risk with a positive or favourable impact.
17
69 of 134 Risk and Opportunity Management Policy and Strategy
APPENDIX 2 – BENEFITS OF RISK MANAGEMENT
Achieve and demonstrate good governance Avoid the Achieve impact of benefits and failure exploit (perceived or opportunities, actual) enabling innovation
Support value for money, project Adapt to finance and changes in performance the market management and customer needs Achieve objectives/ deliver business services Comply with legal and Maintain regulatory service requirements provision through adversity
Manage Manage partnerships, external suppliers, changes in contractors culture, and ongoing political Control services environment acquisition of etc. development of new services
18
70 of 134 Risk and Opportunity Management Policy and Strategy
APPENDIX 3 ROLES AND RESPONSIBILITIES
Cabinet (Member champion sits within this group)
Governance Committee (Review the effectiveness and progress of Risk Management)
Tees Valley Audit and Assurance Risk Management The team supports the overall Group Executive Management process and links into all areas, acts (Actively monitors Team as the focal point for risk progress on risk (Provides oversight of management activity. (Provides management). corporate governance advice, support and training. activity and review the Custodians of the Corporate Risk Annual Governance Register). Statement. Ensure the Council manage risk and that Information the strategy is implemented. Governance Group (Embed the Information Governance Framework. Approves Directorate Management Information Team Business Support Governance policies.) (Ensure the risk is managed Officers/Managers within Directorate. Review (Ensure that risks are risks and moderate these being addressed with prior to inclusion on the Directorate. Report relevant risk register.) issues to the Risk Management Group. Financial Ensure that Internal Governance Group Audit/Health and Safety (Considers matters of Managers recommendations are financial strategy, (Manage risk implemented.) policy, financial effectively in their forecasts and annual particular area and budgets.) report risks to their Directorate Management Team.)
Safeguarding Group Employees (Develop strategies (Manage risk effectively and actions19 for in their job and report safeguarding children hazards to their service and vulnerable adults.) manager.)71 of 134 Risk and Opportunity Management Policy and Strategy
Group or Individual Role Member Champion Gain an understanding and promote risk management and its benefits throughout the Council, ensuring members take risk management into consideration when making decisions. (a Champion currently is not in place and this is to be discussed at Governance Committee). Cabinet Gain an understanding of risk management and receive assurance from the relevant Committees to gain assurance risk is being managed. Elected Members To understand the importance of risk management in all that the Council does and to champion the cause of risk management as part of the fulfilment of the role of Members. Governance Oversee the effective management of risk throughout the Council. Committee Monitor and receive independent assurance of the risk management framework and associated control environment and provide independent scrutiny of the Council’s financial and non- financial performance and oversee the financial reporting process. Executive Understand and promote the risk management process and Management Team benefits, oversee the implementation of the strategy and agree any corporate inputs and resources required to supporting the work. EMT will lead, coordinate, monitor and review the Council’s Corporate Governance and Assurance Framework and review the Annual Governance Statement (AGS) on an annual basis. Risk Management Supports the Council in the effective development, Group implementation and review of the Risk and Opportunity Management Strategy and framework and keeps the Executive Management Team informed of any significant risks, including emerging risks. Monitors and reviews the implementation of controls, seeks assurance on risks, identifies areas of overlapping risks and shares experiences on risk across the Council. Information Develops the Council’s Information Governance Framework and Governance Group co-ordinates progress on information governance issues across the Council. Tees Valley Audit TVAAS both facilitates and challenges the risk management and Assurance process, and provides assurance to officers and Members on the Service effectiveness of mitigation controls. TVAAS officers help identify and communicate risk management issues to services, assist in undertaking risk management activity through training or direct support. TVAAS officers monitor and report on the implementation of agreed actions to manage risks and escalate to senior management any key risks that are considered not to be being effectively managed. Departmental Risk Ensure that risks are managed effectively in each service area Management and are discussed and reviewed at Directorate Management Groups and Team or other forum. Report risk and opportunity management Business Support issues to the Risk Management Group and ensure that any Officers/Managers agreed audit and assurance recommendations are implemented by the agreed target date. Managers Promote the importance of compliance with risk management
20
72 of 134 Risk and Opportunity Management Policy and Strategy
processes in their particular service area(s) and take responsibility for complying with those processes and ensuring that staff undertake requisite training. Share relevant information with colleagues in other service areas and ensure that risks are identified, reported to DMTs and consistently and effectively managed. Employees To act responsibly and manage risk effectively in their roles, liaising with their manager to assess areas of risk and observe good control practices in place to minimise risks. To comply with risk management processes and undertake training where recommended.
21
73 of 134 Risk and Opportunity Management Policy and Strategy
APPENDIX 4 RISK APPETITE MATRIX
Likelihood Zero to low Unlikely Likely Very Likely Almost Certain Catastrophi Monitor 6 Monitor Monitor Monitor Monitor c monthly Quarterly Quarterly Quarterly Monthly
Critical Monitor Monitor 6 Monitor Monitor Monitor
Annually monthly Quarterly Quarterly Quarterly
Significant Monitor Monitor 6 Monitor Monitor Monitor mpact I Annually monthly Quarterly Quarterly Quarterly
Insignificant No Action Monitor Monitor 6 Monitor 6 Monitor Required Annually monthly monthly Quarterly
Negligible No Action No Action Monitor Monitor Monitor 6 Required Required Annually Annually monthly
Risk Rating (Residual) Appetite Guidance Risks at this level sit above the tolerance of Identify the actions and controls the Council and are of such magnitude that necessary to manage the risk down to they form the Council’s biggest risks. The an acceptable level. If still scored 25, Council is not willing to take risks at this report the risk to your Director and 25 level and action should be taken immediately TVAAS. Steps will be taken to to manage the risk and reduce the residual collectively review the risk and identify score. any other possible mitigation (such as controls). Risks that remain at this level will be escalated to EMT, who will actively monitor. Monthly reporting to EMT will be required until EMT is satisfied that the risk score has been reduced. These risks are within the upper limit of risk Identify controls to mitigate the risk appetite. While these risks can be tolerated, and seek to reduce the risk score as far 9 - 20 controls should be identified to bring the risk as possible. down to a more manageable level where Risks at this level will feature in a possible. If risks relate to people and quarterly risk update to EMT who will reputation then immediate action must be provide oversight and feedback to risk taken to reduce the residual risk score. owners. These risks sit on the borders of the Council’s Retain risks on the directorate registers risk appetite and so while they do not pose and update as and when changes are
22
74 of 134 Risk and Opportunity Management Policy and Strategy
5-8 an immediate threat, they are still risks that made, or if controls are implemented. should be monitored. If the impact or Responsibility for monitoring and likelihood increases then risk owners should managing these risks sits within the seek to manage the increase. directorate/service.
These are low level risks to the achievement Retain these risks on directorate of objectives. Due to the relative low level it register and formally review at least 3 – 4 is unlikely that additional controls will be once a year to make sure that the identified to respond to the risk. impact and likelihood continues to pose a low level. Minor level risks with little impact or No actions required but risk should be likelihood but not to be totally overlooked as kept on directorate risk register and 1-3 they are enough of a risk to have been reviewed annually. assessed through the process. They are unlikely to obstruct the achievement of objectives.
23
75 of 134 APPENDIX 2 - CORPORATE RISK REGISTER - AS AT 04 SEPT 2019
Initial Evaluation Residual Evaluation Direction of Responsible Total Total Assessment Total Total Assessment Risk Reference Risk Title Risk Description Risk Owner Risk Type Risk Theme(s) Likelihood Likelihood Travel (since Assessment Label Assessment Label Officer Impact Impact July 2019) Service impact due to an ineffective response to an emergency or major incident which threatens serious damage to human welfare, the Ineffective environment or security (Civil Legislative, Clean and safe Response to Contingencies Act 2004). The Environmental, environment, ACS01 Patrick Rice Rachael Campbell Catastrophic Likely 15 Medium Significant Likely 9 Medium No change Emergency associated impact could be significant Customer/Citizen, Improving the way Incidents disruption to the local community. Reputation we work Emergencies and incidents could include, major road accident, chemical leak, industrial incident, flooding, fire, pollution. The financial position of the Council is Balancing the not sustainable, without a fundamental Economic, Almost RES2 Medium Term John Sampson Phil Winstanley Prosperity for all Catastrophic 25 High Catastrophic Very Likely 20 High No change reduction in spend as income resources Reputation Certain Financial Plan now begin to plateau. There is national and regional oversight of the transforming care programme and Ineffective the recently established Tees Local Decisions when Implementation Group is managing the Economic, Placing process at a local level. There are only a Strong and Legislative, ACS2 Discharged small cohort of Redcar & Cleveland Patrick Rice Victoria Wilson confident Critical Very Likely 16 High Critical Likely 12 Medium No change Customer/Citizen, Service Users into residents remaining in an inpatient communities Reputation a Community setting and an extended discharging Setting planning process is in place to ensure that suitable community provision is sourced for those individuals.
If the care delivered within Strong and Inadequate commissioned care homes, supported Legislative, confident Almost ACS3 Quality of Care to living and care at home provision is not Patrick Rice Victoria Wilson Customer/Citizen, communities, Critical 20 High Critical Likely 12 Medium No change Certain Vulnerable Adults of sufficient quality, vulnerable adults Reputation Longer and could be exposed to harm. healthier lives That the occurrences of an extreme weather event/s when the intensity of rainfall leads to a volume of water which Strong and exceeds the capacity of existing Disruption Caused Economic, confident drainage and has the risk of resulting in GEE7 by Flooding within Sarah Robson Will Gander Customer/Citizen, communities, Critical Very Likely 16 High Critical Likely 12 Medium No change flooding to residential and business the Borough Reputation Clean and safe properties and the potential to close environment main roads within the Borough. Ineffective response to flooding events could lead to reputational damage.
Former Further cuts to local authority budgets directorate Reduction of 2017/18 to 2019/20 will reduce already risk - Workforce depleted staffing numbers. Without Economic, escalated Improving the way RES5 Capacity and Loss effective workforce planning, areas of John Sampson Pauline Kavanagh Legislative, Critical Likely 12 Medium Significant Likely 9 Medium to corporate we work of Critical Skills - critical skill or sole reliance may not be Reputation register due RES covered potentially resulting in legal, to senior reputation, and financial implications. manageme nt changes. Failure to ensure compliance with the John Summers Clean and safe Non Compliance health and safety control framework [Assurance Lead Economic, environment, RES6 with Health and could result in a major incident causing John Sampson – Health and Legislative, Catastrophic Very Likely 20 High Critical Likely 12 Medium No change Improving the way Safety Controls harm to individuals, financial loss, legal Safety Risk Reputation we work action and reputational damage. Assurance] Failure to protect the Council network from external and internal attacks which Economic, Good could lead to a loss of service for a IT Disruption due Legislative, connections, Almost RES7 period of time to our citizens potentially John Sampson John Bulman Critical 20 High Critical Very Likely 16 High No change to Attack Customer/Citizen, Improving the way Certain resulting in harm to individuals, damage Reputation we work to reputation and financial consequences. This failure would result in the non Failure to Improve Strong and delivery of a statutory duty and put the Young People's Economic, confident futures of the Borough's youth at risk Almost CS17 Engagement in Barbara Shaw Deanne Taylor Customer/Citizen, communities, A Critical 20 High Critical Likely 12 Medium No change which also impacts upon the economic Certain Education and Reputation brighter future for prosperity of the Borough and its Training our children reputation.
76 of 134 Accidents due to Glazing Further glazing failures within Redcar & Breakages at Economic, Cleveland Leisure and Community Clean and safe RES8 Redcar and John Sampson Steven Newton Legislative, Critical Likely 12 Medium Critical Likely 12 Medium No change Heart could, if not detected within the environment Cleveland Leisure Reputation timescales, lead to injury and damage. and Community Heart Poor Educational Poor standards of secondary education Political, Social, Standards in could affect the future welfare and A brighter future Almost CS20 Barbara Shaw Diane McConnell Customer/Citizen, Critical 20 High Critical Very Likely 16 High No change Secondary prosperity of children in Redcar and for our children Certain Reputation Schools Cleveland. If the Council buildings and premises Inadequate Social, Clean and safe are not adequately maintained, this Maintenance of Environmental, environment, Almost RES11 could lead to health and safety concerns John Sampson Stephen Leng Critical 20 High Critical Very Likely 16 High No change Buildings and Customer/Citizen, Improving the way Certain and incidents, individual harm, property Premises Reputation we work damage and additional costs. The available service budget is under pressure due to the demand for social care. The requirement to effectively Children’s Social Economic, Social, safeguard children and young people A brighter future Almost CS21 Care Financial Barbara Shaw Linda Bulmer Customer/Citizen, Critical 20 High Critical Likely 12 Medium No change must take precedence therefore the for our children Certain Pressures Reputation service area is at significant risk of being unable to deliver statutory functions and deliver a balanced budget. There are a high number of young people being excluded both for short periods (fixed term) and permanently. This will lead to more people becoming isolated from society and possibly not remaining in education or employment Excessive Pupil beyond 16. Economic, Social, A brighter future Almost CS25 Exclusion Rate Barbara Shaw Diane McConnell Critical 20 High Critical Very Likely 16 High No change Customer/Citizen for our children Certain from Schools. This high level of exclusion places extra pressure upon other schools and upon the Pupil Referral Unit. There is also increased pressure upon young people and their families including the risk to emotional and mental health. Former directorate Due to the increasing cost of disposal of risk residual waste, there are going to be escalated very significant budget pressures linked to the Economic, Clean and safe Disposal costs for to the disposal of residual waste in the corporate Environmental, environment, Almost GEE15 residual waste long term. These budget pressures are Sarah Robson Will Gander Catastrophic 25 High Catastrophic Very Likely 20 High risk register Customer/Citizen, Improving the way Certain treatment currently unfunded. They represent a following Reputation we work clear financial pressure to the Council Risk with the potential for reputational Manageme damage. nt group's review of the register. Good Governance, Political, Failure to have effectively prepared for Strong and Failure to prepare Economic, the impact of Brexit could lead to confident ACS20 for the impact of Patrick Rice Patrick Rice Legislative, Critical Very Likely 16 High Critical Likely 12 Medium No change service disruption and reputational communities, Brexit Customer/Citizen, damage. Prosperity for all, Reputation Improving the way we work The dunes along Coatham Sands have suffered notable localised erosion as a result of storm surges in December 2013 and further erosion, leading to localised breaching and consequent sea Environmental, Reduced Coatham Sand Clean and safe GEE10 flooding, during the storm surge January Sarah Robson Will Gander Customer/Citizen, Critical Very Likely 16 High Critical Likely 12 Medium from a red Dunes environment 2017. The dunes have been partly Reputation rated risk created using landfill and there is the potential for some contamination of the land and there is an ongoing risk that the defences will be breached again. Occurrence of a Failure to ensure that a high quality of Strong and Serious care for vulnerable adults is maintained Social, confident Safeguarding Almost ACS12 within the Intermediate Care Centre Patrick Rice Victoria Wilson Customer/Citizen, communities, Critical 20 High Critical Likely 12 Medium No change Alert at the Certain could result in a failure to protect the Reputation Longer and Intermediate Care vulnerable from harm or death. healthier lives Centre
77 of 134 Completion of Failure to complete educational, health Educational Social, and care plans within the statutory Health & Care Legislative, A brighter future CS34 timescales could have a negative Barbara Shaw Diane McConnell Critical Very Likely 16 High Critical Very Likely 16 High No change Plans within Customer/Citizen, for our children impact on young people and could lead statutory Reputation to reputational damage for the Council. timescales. Inability to respond effectively to the Economic, Strong and Response to potential closure of one of our major Competitive, confident GEE20 Economic businesses which could have a Sarah Robson Angela Brockbank Customer/Citizen, Critical Very Likely 16 High Critical Very Likely 16 High No change communities, Conditions significant impact on regional Reputation, Prosperity for all employment. Partnership
78 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
Appendix 3
Redcar & Cleveland
Information Governance
Business Continuity
Policy & Strategy
2019/20
Page 1 of 11
79 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
Document Control
Ownership & Review
Name Helen Fowler Title Audit & Assurance Manager Telephone 01642 77 1165 Email [email protected]
Approver Governance Committee Review Date August 2020
Version Control
Version Date Author Changes 1.0 25/09/13 - First Version 1.1 18/06/14 Sue Nicholson Annual Updates 1.2 02/07/14 Andrea Reacroft Updates to Disaster Recovery 1.3 11/03/15 Heather Pearce Updated team names etc. 1.4 15/08/16 Sue Nicholson Annual Updates 1.5 18/07/17 Sue Nicholson Annual Updates 1.6 11/12/18 Sue Nicholson Update 1.7 13/03/19 Sue Nicholson Review of document 1.8 02/07/19 Helen Fowler Review of document format
Distribution
Version Date Circulation 1.8 27/08/19 Resources DMT 1.8 09/09/19 EMT 1.8 24/09/19 Governance Committee
Page 2 of 11
80 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
Contents
Document Control ...... 2 Contents ...... 3 1. Policy Statement ...... 4 2. Definition and Scope ...... 5 3. Aims, Objectives and Benefits ...... 6 4. Business Continuity Management Document Framework ...... 7 5. Accountabilities, Roles and Reporting Lines ...... 7 6. Skills and Training ...... 8 7. Business continuity management in the Procurement Process ...... 9 8. Storage and Maintenance of Plans ...... 9 9. Resources Requirements ...... 10 10. Testing of Plans ...... 10 11. Disaster Recovery Planning ...... 10 12. Review ...... 11
Page 3 of 11
81 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
1. Policy Statement
1.1 Redcar and Cleveland Borough Council is committed to ensuring robust and effective business continuity management as a key mechanism to restore and deliver continuity of critical services in the event of a disruption or emergency. The Council provides services to the community and so must be able to continue providing critical services effectively when things go wrong.
1.2 To achieve the vision and values as set out in the Corporate Plan, it is essential that Redcar and Cleveland Borough Council identifies, manages and communicates the range of risks that could threaten the realisation of those values.
1.3 Compliance with a strong business continuity framework is just one of the tools that will enable the Council to be bold and ambitious in minimising threats and reducing the likelihood and associated impact of service delivery. The Council’s vision is ‘a flourishing future forged from a proud past’ and its values are:
Keeping communities at our heart; Bold and ambitious; Caring and respectful; Delivering our best.
1.4 The Council is committed to ensuring that effective business continuity management is in place and that there is an ongoing process of risk assessment and management with the purpose of ensuring that the Council can continue its critical services should a risk materialise.
1.5 Things can go wrong because of external factors such as terrorism and fuel shortages or the impact of political change. Whilst these factors receive media attention, they are not the only threats and may often not be the ones to cause the biggest impact on Redcar and Cleveland. There is also a duty to look ahead to the lower profile but predictable problems such as adverse weather conditions, loss of communications, power and water. Disruptive events can and do sometimes occur and may be unexpected. There is usually a low likelihood of such events but, if they did happen, the impact would be high and for that reason, the Council needs to ensure that it has done all it can to prepare the critical services to cope.
1.6 Business continuity planning helps build confidence that the Council will respond effectively if things go wrong by having defined procedures in place to reduce risks and limit the impact of an incident and its ability to obstruct the achievement of the Corporate Plan priorities. Planning now rather than waiting for it to happen increases the likelihood that the Council can become operational again in the fastest possible time. This is essential to those who rely on the Council’s services, particularly critical services involving care of the vulnerable. It helps maintain
Page 4 of 11
82 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
confidence in the Council and its governance. Planning means firefighting is kept to a minimum, there is more support for staff handling the situation and reduced potential for financial loss.
1.7 In a disruptive situation, it may not be possible to continue to provide all Council services. Whilst all services are important, priority for recovery will be given to those which have been established as being the most essential, the business-critical activities – those that the organisation has agreed must be back up and running within a set time frame e.g. 24 hours. Resources will be directed to these business-critical services first. It is unrealistic to expect the entire service, critical or not, to be recovered immediately. In this case, the essential parts of the service must be restored followed by the non-essential elements when possible.
1.8 Business continuity management is about understanding the Council’s business and establishing what is a critical service. The Council has both internal and external dependencies that support these areas, which could be suppliers, customers, business processes, partners, etc. All need to be identified and linked into any business continuity management work implemented by the Council.
1.9 Effective business continuity planning enables the Council to fulfil its duties under which requires that services have Business Continuity Plans (BCPs) in place and has arrangements that align (but not fully comply) with the principles of the International Standard for Business Continuity, ISO22301. All services are to have a plan in place, regardless of whether it is critical or not.
2. Definition and Scope
2.1 The Civil Contingencies Act 2004 places a statutory duty on the Council to ensure that it can:
Respond to an emergency; Continue to support emergency response partners; Continue to provide critical services to the public.
2.2 Business continuity management is about the Council preparing for a disaster, incident or event that could affect the delivery of services. The aim being that key elements of a service are maintained at an emergency level and restored to an acceptable level as soon as possible.
2.3 In situations where a disruption occurs within the Council and day to day problem resolution procedures have been exhausted, Business Continuity Plans would need to be activated as part of the Business Continuity Management process. This is called an invocation.
Page 5 of 11
83 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
2.4 Although the immediate response to a disruption is a key component, business continuity is also concerned with maintenance and recovery of business functions following such a disruption.
2.5 Business continuity management is not simply about writing a set of plans. It is a comprehensive management process that systematically analyses the Council and its services, determines criticality of individual services, identifies threats to the continuance of those services and builds plans to respond to those threats
3. Aims, Objectives and Benefits
3.1 The aim of business continuity planning is to have flexible and tested plans in place to minimise disruption when unplanned events significantly interrupt business as usual.
3.2 The aims of business continuity planning are:
To ensure the Council can continue to exercise its functions in the event of an emergency;
To identify the potential vulnerable areas affecting Council services;
To determine overall priorities for recovery of services if disruption occurs;
To maintain a robust business continuity management document framework of profiles, procedures and plans covering all service areas;
To ensure that all Council directorates and service areas are involved in business continuity planning so that there is an effective and consistent response;
To carry out a communication programme for staff, elected Members, suppliers and partners
To validate business continuity arrangements by performing periodic testing of the plans.
To ensure that critical IT systems have a Disaster Recovery Planning solution in place so critical services can continue.
To ensure compliance with the Civil Contingencies Act 2004.
To ensure that suppliers of goods and services have business Continuity Plans in place to ensure that the Council’s business continuity management arrangements are resilient.
Page 6 of 11
84 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
3.3 The benefits of effective business continuity planning are:
Increased resilience to key threats; Greater awareness of risk exposures; Ability to respond rapidly to minimise costly interruptions; A workable, accountable approach that can be reviewed; A process that forms part of effective corporate governance.
4. Business Continuity Management Document Framework
The business continuity management document framework consists of a three-stage process, each stage builds on the previous one before and are as follows:
4.1 Business Recovery Procedure (BRP) - this is the key data gathering document and is often referred to as the Business Impact Analysis tool as it enables the service line to identify and assess their needs and provide key details for their procedures. This document is personalised by the individual team to provide details of their specific recovery times and it details the actions to be undertaken at key times by the team by listing the sequence in which employees would be required to attend work because of the disruption. It lists all the contact details for the team both in and out of office hours.
4.2 Business Recovery Management Plan (BRMP) - this document is specific to a building and is an executive summary of all the individual services’ Business Recovery Procedures within that building. It provides details on the Business Recovery Management Team (BRMT) for that site and how to invocate the BRMP and the actions to be taken at set timescales. It lists the principal spokesperson for the building and the call cascade details for communicating with employees working from that building.
4.3 Strategic Business Recovery Management Plan (SBRMP) – this is an executive summary of all the Council’s BRMPs which are site specific. It details Redcar and Cleveland Borough Council’s overall recovery strategy of mutual displacement of a non-critical service for a critical service (i.e. where it has been agreed that a non-critical service will vacate their usual premises to allow a critical service to move in because their usual location is unavailable). It provides the procedures to be followed in the event of a disruption and how communication is to be dealt with corporately.
5. Accountabilities, Roles and Reporting Lines
5.1 The Corporate Director for Resources is identified as Strategic Business Continuity Management Leader and is the Business
Page 7 of 11
85 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
Continuity Champion on the Executive Management Team. However, the responsibility for business continuity cannot rest with one role and is shared by all staff.
5.2 Executive Management Team receive periodic reports on the effectiveness of business continuity arrangements within the Council and can direct remedial action where required.
5.3 Governance Committee receives an annual report on the effectiveness of business continuity arrangements within the Council and are requested to endorse and comment upon the overall Policy.
5.4 The Procurement Team help in tender and contract processes to ensure that suppliers of goods and services, which are critical to services, are identified during the procurement process.
5.5 The Audit & Assurance Team maintain the business continuity management framework of documents within the Council and co- ordinate the process of updating individual service plans.
5.6 The Risk Management Group discuss any areas of risk that relate to business continuity and make recommendations to EMT for additional risks to be profiled.
5.7 Service managers need to take ownership for their individual plans and ensuring that arrangements are kept updated e.g. contact details. Service managers should store a copy of the Plan in a secure but accessible off site location (for reference in the event of an incident).
5.8 All staff should be aware of the Council’s Business Continuity Policy and the need to advise their service manager of any changes or known threats in relation to business continuity.
5.9 The Council has reviewed the membership of its Business Recovery Management Team. This Team will consist of the Property Manager, Head of Marketing and Communications, Strategic Change Manager, Senior HR Manager, Assurance Lead – Health & Safety, Audit & Assurance Officer, and Operations Manager who will report to the Strategic Business Recovery Management Leader for the whole Council (Corporate Director for Resources).
6. Skills and Training
6.1 Having established roles and accountabilities for business continuity management, the Council must ensure that it has the required skills for maintaining the procedures and plans. This will be achieved by a programme of business continuity management awareness/training:
Page 8 of 11
86 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
Awareness of business continuity management and disaster recovery planning for new employees through corporate induction process;
Provision of tailored training by Audit & Assurance for Business Recovery Management Teams and Business Continuity Co- ordinators and their alternates as and when required;
Attendance at regional seminars, Emergency Planning Group and Business Continuity Focus Group to ensure that the Council develops and enhances the knowledge further within this area;
All business continuity management documentation resides within a network server which can only be accessed by the relevant officers and training is provided on the use of this system.
7. Business continuity management in the Procurement Process
7.1 The Council has procedures and processes in place to deal with an incident, which would invoke the business continuity management arrangements. The Council’s suppliers of goods and services are encouraged to be resilient and have business continuity management Plans in place. The Council’s Procurement Strategy and Handbook provides detail on business continuity management providing general advice and guidance for anyone undertaking a procurement process.
7.2 Dependent on the nature of the goods / service / works officers are encouraged to liaise with the Audit & Assurance Team to establish how this fits within their procurement process i.e. whether specific questions on Risk and Business Continuity are required if so the appropriate weighting to be applied to those questions;
7.3 If the successful bidder does not have business continuity plans in place, a form of wording has been provided to be included within the contract that requires companies to allow the Council to reserve the right to request to see their plan and to undertake monitoring to make sure that the work has been undertaken.
8. Storage and Maintenance of Plans
8.1 All business continuity management documents are stored within a network server and access is restricted by security profiles to the relevant areas. This ensures that Business Continuity Coordinators or their deputies, when prompted by the Audit & Assurance Team, have ownership for updating and maintaining these documents to reflect changes. The Audit & Assurance Team maintain the Business Recovery Management Plan (per site) and Strategic Business
Page 9 of 11
87 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
Recovery Management Plan (overall plan for the whole organisation) with the information collated from individual service area documents.
8.2 All Business Continuity Coordinators, their deputies, members of the Business Recovery Management Team and other key officers are advised to keep a paper copy of their service’s business continuity plan in a secure but accessible location off site (usually at home) so that the document is available for reference in the event of an incident that obstructs access to Council buildings or IT network.
9. Resources Requirements
9.1 In the event of a disruption employees will know if their service has been identified as part of a critical or non-critical service. The Corporate Business Continuity Management Leader and Business Recovery Management Leader for the recovery site will liaise and advise the relevant services which are to be displaced for the critical service to move in. The resources required are detailed in the Strategic Business Recovery Management Plan and any further equipment will be sourced from around the Council or by other means.
10. Testing of Plans
10.1 Testing business continuity management arrangements is key to confirming that those plans are robust and will be effective in the event of an actual incident. Tests can take various forms:
Table top walkthroughs: a scenario is outlined to senior management who plan a response;
Team Exercise: a team from a selected directorate walk through their Business Recovery Procedure (BRP) and discuss several potential scenarios; this tests the service’s ability to handle a situation outside of business as usual, as well as helping to update and improve their team business continuity plan.
Building Exercise: this test involves an entire building e.g. Seafield House taking part in a simulated evacuation and recovery exercise to their named recovery site. This test will involve those key individuals named in Business Recovery Management Plans.
10.2 To ensure that business continuity management and ICT disaster recovery planning are delivering complimentary processes the Audit & Assurance Team and the Asset Support Team Leader will meet regularly to review their work and progress.
11. Disaster Recovery Planning
Page 10 of 11
88 of 134 07c Appendix 3 - Business Continuity Policy Strategy 2019-20 FINAL
11.1 Disaster recovery planning is a different but complementary process to business continuity management which relates to the recovery of the organisation’s Information and Communications Technology (ICT) services in the event of service disruption. The Council has an ICT Disaster Recovery Plan in place, which outlines how a disaster recovery invocation will be managed and provides details on the disaster recovery planning arrangements.
12. Review
12.1 The Business Continuity Policy and supporting plans and documents will be reviewed at least every two years and compared to current risks and potential threats. This will ensure that information on service areas and contact details are kept up to date and will also ensure that arrangements have considered current internal and external threats for example political events such as the impact of Brexit. 12.2 The Policy and supporting plans may be reviewed earlier if there are significant changes to accommodation, organisational structure or relevant legislation.
Page 11 of 11
89 of 134 AGENDA ITEM 8 Member Report Annual Counter Fraud Report 2018/19
Public
To: Governance Committee Date: 24 Sept 2019
From: Corporate Director for Resources Decision type: For information
Portfolio: Resources Forward Plan reference: Priority: All priorities
Ward(s):
1 What is the recommendation?
1.1 That Members note and comment on the Counter Fraud Report 2018/19 which outlines the impact of fraud on the UK by summarising the main national fraud risks facing the public sector and their potential impact on Redcar & Cleveland Borough Council. The report also details the number and type of investigations undertaken by Tees Valley Audit and Assurance (TVAAS) since the previous report to this Committee on Counter Fraud activity in September 2018.
2 What part of the Corporate Plan does this report deliver and how, and what options have been considered?
2.1 Having effective counter fraud arrangements will help minimise unnecessary resource losses and help the Council deliver its priority of improving the way it works by maintaining a robust counter fraud control environment. Preventing and detecting fraud and error is key to minimising loss and ensuring the effective use of public funds for the benefit of residents. Fraud is never a victimless crime as each pound lost to fraud represents a loss to the public purse and affects the public sector’s ability to provide services. Although it is difficult to quantify the complete losses caused by fraud, according to the Annual Fraud Indicator 2013 (which provides the last set of government sanctioned estimates), fraud costs the public sector at least £20.6 billion annually of which £2.1 billion relates to local government.
2.2 Fraud is defined by the Chartered Institute of Public Finance and Accountancy (CIPFA) as the intentional distortion of financial statements or other records by persons internal or external to the authority, which is carried out to conceal the misappropriation of assets or otherwise for gain, or to mislead or misrepresent.
2.3 Corruption is defined as the offering, giving, soliciting or acceptance of an inducement or reward which may influence the action of any person; or the failure to disclose an interest to enjoy financial or other pecuniary gain.
2.4 Bribery is the receiving or offering of undue reward to persons to influence their behaviour contrary to ordinary standards of integrity and honesty.
2.5 CIPFA’s annual fraud and corruption tracker provides a national overview of all
90 of 134 Version 8 (05/12/2018) fraud, bribery and corruption activity across local authorities. The findings are based on the results of the annual survey into the levels and type of fraud and corruption experienced by local authorities. The 2019 survey was underway at the time of this report however the 2018 results reported that the total estimated value of fraud detected or prevented by local authorities in 2017/18 was £302m, £34m less than the previous year. The number of frauds detected or prevented rose to 80,000 from the 75,000 cases found in 2016/17.
2.6 The three highest areas of perceived national fraud risk for 2017/18 were procurement, council tax single person discount and adult social care. The four main types of fraud (by volume) affecting local authorities related to council tax, housing, blue badge and business rates. A growing fraud risk is business rates as the amount lost to business rates fraud increased significantly from £4.3m in 2016/17 to £10.4m in 2017/18. Blue badge fraud increased by £3m to an estimated value of £7.3m for cases prevented/detected in 2017/18.
2.7 Due to their concerns about the level of fraud within the public sector, in October 2018, the Government launched a framework for counter fraud activity across government departments and related organisations - the Government Counter Fraud Profession (GCFP). The government is investing in over 10,000 counter fraud specialists to tackle fraud within central government. The GCFP does not currently involve local authorities, but it may be expanded in the future.
2.8 As part of its anti-fraud framework, Redcar & Cleveland Borough Council has an anti fraud, bribery and corruption policy and a whistleblowing policy. Both policies have been in place for several years and are reviewed and updated to reflect changes in legislation and structure. Both policies have been reviewed this year but only minor amendments have been made (to reflect organisational changes) and therefore the Policies are not presented to the Committee on this occasion although both versions are available on the Council’s intranet.
2.9 Fraud Risks
The Audit & Assurance Team maintains a register of the main fraud risks to the Council which has contributed to the content of the annual audit plan for each year. A summary of the fraud risk register has previously been reported to Members in September 2017 and 2018 as part of the annual counter fraud report. Population of this register is an ongoing process to ensure that it reflects the main fraud risk areas to local government. A summary extract of the latest version of the register is included at Appendix 1.
2.10 Since the closure of the Audit Commission, local authorities are self-regulating in respect to financial risk and fraud and when responsibility for benefit fraud investigation moved from local authorities to the Department for Work and Pensions in 2015/16, many local authorities lost their specialist fraud investigators. Outside of London, few councils have maintained specific counter fraud staff and reduced resources has meant that local authorities have limited capacity to undertake proactive counter fraud exercises. Redcar and Cleveland Borough Council continues to have the following counter fraud arrangements in place:
Anti Fraud, Bribery and Corruption Policy; Whistleblowing Policy; Anti Money Laundering Policy; Information on the standards expected of employees including general conduct,
91 of 134 Version 8 (05/12/2018) and procedures for declaring interests, gifts, hospitality and interests; Internal audit reviews of the control environment; Internal audit and assurance plan which includes contingency allocation for investigating alleged fraudulent activity; Fraud and loss risk register – extract at Appendix 1; Benefit fraud investigations carried out the Single Fraud Investigation Service; National Fraud Initiative (NFI) data matching exercise (para 2.16 to 2.18); Communications with other local authorities and bodies e.g. TVAAS circulate fraud alerts to other regional internal audit teams and notify National Action Against Fraud Network (NAFN) where appropriate. Fraud alerts are published regularly on the Council’s Intranet; Monitoring the number of recommendations being made relating to anti fraud controls to identify trends in both control weaknesses and in service areas. Audit work carried out in 2018/19 resulted in 16 audit recommendations aimed at improving anti fraud controls (2017/18 – 21; 2016/17 – 7; 2015/16 – 21; 2014/15 – 30; 2013/14: 52). As TVAAS provides audit services to both Middlesbrough and Redcar and Cleveland Borough Councils, it has been possible to share intelligence regarding possible risk areas. Since the Data Protection Reforms, information from other local authorities can only be obtained by completing a Request for Disclosure Form.
2.11 Action Taken on Purchasing Cards – in the previous year’s counter fraud report, an issue was noted regarding the need to improve controls and reduce the associated fraud risk with purchasing cards. Because of concerns raised in previous audit reports, the following action has been taken to strengthen anti fraud controls for purchasing cards: The number of card holders has been reviewed and reduced; The credit limits have been reviewed to ensure that limits are not set at an excessive level; Purchase card holders have received refresher training regarding their use of purchasing cards. A ‘3 strikes and you’re out’ policy for cardholders and designated approvers was introduced for those who do not review and approve purchases within the required deadlines stipulated in the Council’s purchase card policy. Reports to identify reviewed/not reviewed spend will be produced by Financial Services; Training has been provided to cardholders which emphasises the importance of a purchase card only being used by the designated card holder; Management have reviewed purchase card guidance to ensure that all procedural guidance is up to date and incorporates the action points resulting from Financial Services’ review of the purchase card process undertaken in Summer 2018.
2.12 Incidence of Suspected Fraud and/or Wrongdoing at Redcar and Cleveland Borough Council
2.13 The investigation of housing benefit and tax credit fraud is carried out by the Department of Work and Pensions (DWP) following the introduction of the Single Fraud Investigation Service (SFIS). The DWP now conducts single welfare benefit fraud investigations to one set of policies and procedures. Liberata deals with DWP requests for information regarding suspected fraud and error cases relating to housing benefit and tax credit.
92 of 134 Version 8 (05/12/2018) 2.14 During the financial year 2018/19, the Whistleblowing and Special Investigations Log records 6 issues that came to the attention of the Audit & Assurance Service during the year (2017/18 – 6; 2016/17 – 11). One of the 6 related to a missed bins collection meaning that 5 related to initial suspected fraud or misuse of public assets. The format in which these 5 concerns were raised varied; 3 used the whistleblowing hotline or email address whilst the other 2 were raised directly with staff on the Team or senior management. One of the cases required Police involvement. The DWP investigate suspected cases of fraud relating to benefits.
2.15 The analysis of the 5 cases is provided in the table below:
Allegation Related To Number Outcome Unauthorised changes to staff terms and 1 Issue was not fraud related so conditions. passed to HR for resolution. Suspected fraudulent insurance claim 1 Claim denied and Police involvement. Further action, including possible Police involvement, is under discussion with the Council’s claim handlers. Concerns that the Council had suffered 1 Following a search of the financial fraud losses due to activities of an system, it was established that individual trading under the guise of the Council had not suffered any various company names. financial loss due to this individual. Misuse of funding 1 No evidence of fraud identified. Housing benefit fraud 1 Referred to the Department of Work and Pensions for investigation by their fraud team.
Total 5
2.16 National Fraud Initiative (NFI) - The NFI is a data matching exercise, via a secure website, that compares information held by and between approximately 1,200 participating organisations from the public and private sectors including government departments. This helps to identify potentially fraudulent claims, errors and overpayments. The latest NFI November 2016 report covers the period from the 1st April 2016 to the 31st March 2018 and reveals that the NFI has enabled participating organisations to prevent and detect over £300 million fraud and error during this period in England. The purpose of the exercise is to identify potentially fraudulent claims, errors and overpayments. Each of these organisations submits various data sets relating to those services where it is anticipated that fraud and error is most likely to occur, for example, housing benefits, council tax (single person discounts), payroll, insurance claimants, private supported care home residents, licenses (taxi, personal alcohol) electoral roll, trade creditors payments, transport passes and permits (blue badge, residents parking permits and concessionary travel passes). Data must be submitted according to specified timescales.
2.17 Once the data has been submitted, the matching process is undertaken and it is this process that results in ‘matches’. The ‘matches’ relevant to each public body are passed back to the organisation for further investigation to either clear the ‘match’ i.e. confirm that the match is acceptable or take action in response to a potential fraud or error. One example of a ‘match’ could be a person in receipt of pension but who, according to other data, is deceased. This ‘match’ would require further investigation by the organisation paying the pension. In the UK, the NFI exercise has produced significant results, identifying £1.69 billion of fraud, overpayment and
93 of 134 Version 8 (05/12/2018) error since it started in 1996.
2.18 For Redcar & Cleveland Borough Council, the data matching results from the 2018/19 NFI initiative resulted in 76 reports which identified 5,845 matches with 540 matches ‘recommended’ for investigation within a variety of service areas. To date, 864 of the 5,845 have been processed and this has identified 3 errors and 3 other potential errors that are under investigation. The housing benefit claimants to student loans data match has resulted in errors identified of £2,846.30. The council tax reduction scheme to payroll data match has resulted in errors identified of £4,863.72 and the council tax reduction scheme to housing benefit claimants’ data match has resulted in errors identified of £4,863.72. The total therefore currently being recovered from the 3 confirmed errors is £12,573.74. The payroll data match and the council tax reduction scheme data match are still in progress therefore more errors may be identified.
3 Who has been consulted and engaged?
3.1 The content of each individual audit report and associated recommendations are agreed with the responsible officers. The Anti Fraud, Bribery and Corruption and the Whistleblowing Policies consider national counter fraud guidance and publications and legislation. The Policies have been subject to management review.
4 What are the risks and resource implications?
Type of Applicable? Details Risk/ Implication Health and Yes All audit and assurance work considers the risks relevant Safety to the topic under review, including health and safety. It focuses on the effectiveness of risk management and mitigation measures whilst seeking to identify gaps in assurance.
All staff within the Team are expected to comply with the Council’s health and safety policies and procedures. Staff wear appropriate protective clothing when carrying out audits in locations of higher risk (e.g. where machinery is present). Social Yes Counter fraud work assesses the effectiveness of fraud Value: risk management arrangements and the governance environment of the Council to support it in maximising the use of its resources for the benefit of the local community.
Legal Yes Legal requirements have been considered when reviewing the counter fraud framework policies. Financial Yes Fraud is a serious risk to the public sector in the UK. When fraud is committed against the public sector, money is diverted from vital public services to criminals. The total estimated fraud losses for UK local government amounted to £2.1bn. The prevention and detection of fraud is therefore crucial to all councils. Each pound lost to fraud represents a loss to the public purse and reduces
94 of 134 Version 8 (05/12/2018) the ability of local government bodies to provide services to people who need them. Fraud is never a victimless crime. Human No Resources
Equality and Yes A strong counter fraud framework that minimises loss Diversity through fraud or error could mean that the Council has more resource to focus on providing services for people with greatest needs, which is fundamental to tackling inequality and poverty. Carbon No Footprint
Other No (please specify)
5 Appendices and further information
5.1 Appendix 1 – Fraud & Loss Risk Register (extract)
6 Background papers
6.1 No background papers other than published works were used in writing this report.
7 Contact Officer
7.1 Name: Helen Fowler Position: Audit & Assurance Manager Address: Redcar & Cleveland House Telephone: 01642 771165 Email: [email protected]
95 of 134 Version 8 (05/12/2018) Appendix 1 - Redcar & Cleveland Borough Council - Extract from Fraud Risk Register
The following risks are the key fraud risks as outlined in the annual CIPFA Fraud Tracker 2018. Those national risks have been assessed in terms of their risk to the Council Detail of the controls in place is limited for security Initial Evaluation (i.e. without controls) reasons. Residual Evaluation (i.e. with controls) Risk Total Assessment Total Assessment Risk Title Risk Description Total Impact Likelihood Controls & Comments Total Impact Likelihood direction Assessment Label Assessment Label Council Tax Fraud Examples of council tax fraud include: providing false or incorrect Critical Almost 20 High There are a number of controls relating to the Significant Very 12 Medium No change information when applying for Council tax Support; claiming a single Certain confirmation of exemption status and checks Likely person discount when other adults are living at the property; made on the validity of claims. Inspections claiming a student discount or exemption when not enrolled on a are carried out on a periodic basis and there course of full-time education or not declaring non-students are are various reminders of the need to inform resident at the property; giving false information to claim a discount, the Council when circumstances change. exemption or other reduction; not telling the Council when a There are various controls within the Council's discount or other reduction should be cancelled. The CIPFA Fraud systems to ensure separation of duties and & Corruption Anti Fraud Tracker 2018 reported that two thirds of system access controls. Performance identified frauds by UK local authorities related to council tax fraud reporting will flag up any unusual activity. The (66%) with a value of £9.8 million. In terms of volume, council tax Council participates in the National Fraud was the highest type of fraud. Council tax has consistently been Initiative data matching exercise. This area is the largest national reported issue over the past four years. subject to audit review on a regular basis. Social Housing Social housing fraud occurs when a home is occupied by someone Insignificant Unlikely 4 Low Redcar and Cleveland Borough Council does Insignifica Unlikely 4 Low No change Fraud who is either not legally entitled to be there, or has obtained use of not have housing stock so the fraud risk is the nt the property fraudulently. This deprives legitimate tenants access impact upon its partners and the knock on to affordable homes. Housing/tenancy fraud takes several forms effect of fraud in one area leading to support including: illegal subletting for profit; providing false information to being required from another e.g. if a family is gain a tenancy; wrongful tenancy assignment and succession; deprived of a home due to illegal activities failing to use the property as the principal home and right to buy then they are more likely to request alternative (RTB) fraud. CIPFA Fraud & Corruption Tracker 2018 reports that forms of assistance from the Council. the highest value of detected/prevented fraud was from investigations relating to housing fraud (£97.4 million). The value of illegal subletting fraud has declined from £78.5 million in 2016/17 to £55.8 million in 2017/18. There is limited direct fraud risk to the Council as it does not have housing stock. Right to Buy Right to buy is the scheme that allows tenants who have lived in Insignificant Unlikely 4 Low As with the social housing fraud risk, this is Insignificant Unlikely 4 Low No change Fraud their properties for a qualifying period the right to purchase the not a direct risk to Redcar and Cleveland property at a discount. The value of this type of fraud has seen a Borough Council but one which may have an rapid increase as housing has become increasingly expensive, indirect impact as a result via the impact upon especially in London and this fraud is a higher risk in London than in partner agencies. other parts of the country. The CIPFA Annual Fraud Tracker 2018 reports a continued decline in this type of fraud from £111.6 million in 2016/17 to £92 million in 2017/18. although the volume has increased from 1284 to 1518 cases. As with the social housing fraud risk, this is not a direct risk to Redcar and Cleveland Borough Council but one which may have an indirect impact as a result via the impact upon partner agencies.
96 of 134 Insurance Fraud The risk is that claimants submit claims against the Council which Catastrophic Almost 25 High The Council has a series of internal controls in Significant Likely 9 Medium No change are fraudulent because the incident did not happen or it has been Certain place to confirm the validity of claims exaggerated and/or the impact has been fabricated/exaggerated submitted against the Council. It also has (e.g. claimant claims they have a broken limb when this is not the contractual arrangements in place for claims case) or evidence of an incident or the Council's liability has been handling who have their own arrangements for fabricated. The CIPFA Annual Fraud Tracker 2018 reported that the checking for potential fraud. There are number of insurance frauds investigated by UK local authorities arrangements in place for identifying duplicate declined to 117 with an average value of over £12,000. The total and other erroneous claims via the National estimated value of loss in 2017/18 was £3.5 million compared to Fraud Initiative data matching exercise and £5.1 million in 2016/17. Considerable work has been done other data interrogation techniques. The Audit nationally to reduce insurance fraud and insurance companies are and Assurance Team monitors the main working together with organisations to find new ways to identify causes of insurance claims being made fraud. against the Council and ensures that this information informs the annual Audit and Assurance Plan and the content of internal audit follow up work. Adult Social Care Adult social care fraud can take several forms and the increase in Critical Almost 20 High There are a number of verification and Significant Very 12 Medium Increased Fraud personal budgets provided more opportunity for fraud although Certain monitoring checks undertaken within social Likely councils have since worked to implement more robust controls over work teams and audit and assurance work personal budgets which is now seeing a reduction in that type of regularly examines the effectiveness of fraud. CIPFA's Annual Fraud Tracker for 2018 reports that the controls in this area. estimated value of adult social care fraud cases has increased by 21% despite a decline in the average value per case - £9,000 in 2017/18 cf to £12,500 in 2016/17. This is due to a significant rise in adult social care fraud cases that are not related to personal budgets (personal budget fraud has declined from an estimated £10,000 per case in 2016/17 to £9,800 in 2017/18 due to UK councils implementing more robust controls). In 2017/18, 737 cases of adult social care fraud have been investigated by UK councils to a value of £6.7 million (2016/17 - 446 cases with a value of £5.5 Business Rates Nationally,million). business rates can be politically sensitive given the need Catastroph Almost 25 High There are a number of controls relating to the Significant Very 12 Medium Increased Fraud to balance rates generation with economic growth and business ic Certain confirmation of exemption status and checks Likely development. Legislation makes it difficult to differentiate between made on the validity of claims. Inspections evasion and avoidance and fraud can be hard to prove. Business are carried out on a periodic basis and there rate fraud can occur due to the falsification of circumstances to gain are various reminders of the need to inform exemptions and discounts. According to the CIPFA Fraud Tracker the Council when circumstances change. 2018, business rates represented 0.9% of the total number of There are various controls within the Council's frauds reported in 2016/17 with an estimated value of £7m. In systems to ensure separation of duties and 2017/18, this had increased to 1.7% with an estimated value of system access controls. Performance £10.4 million. More local authorities are participating in business reporting will flag up any unusual activity. The rates data matching exercises uncovering more cases of fraud. Council participates in the National Fraud Initiative data matching exercise. This area is subject to audit review on a regular basis.
97 of 134 Procurement Procurement fraud can occur anywhere throughout the Critical Very 16 High The Council operates according to its Significant Likely 9 Medium Increased Fraud procurement cycle from the tendering stage through to making Likely approved Contract Procedure Rules and has payments. In CIPFA's 2018 survey, procurement continues to be a team of procurement professionals to perceived as one of the greatest fraud risks to UK local authorities. provide guidance and advice to ensure that In 2017/18, there was an estimated 142 cases of procurement fraud procurement processes are carried out in with an associated value of £5.2 million (2016/17 197 prevented or accordance with rules and regulations. There detected frauds with an estimated value of £6.2 million). are various controls around the management of tendering processes and declaration of interests procedures. Contract monitoring arrangements help to ensure that any anomalies are identified. As the compliance with contract procedure rules audit during 2018/19 identified scope for improvement, the current residual risk has been increased until the recommended actions have been Payroll, Expenses, This type of fraud occurs when a member of staff wrongfully fails to Critical Likely 12 Medium Policiesconfirmed and as procedures completed. across the Council Significant Unlikely 6 Low No change Recruitment and disclose information, dishonestly makes false representation, or and its governance framework. Manager Pensions abuses a position of trust for personal gain, or to cause loss to scrutiny, performance reporting, internal and others. The CIPFA Fraud Tracker 2018 reports that the estimated external audit review all help to reduce the combined value for these four areas is £2.1m. However, the cost of risk. Counter fraud framework including these types of fraud can be more than just about the money as the whistleblowing mechanisms enable staff to impact on productivity, staff morale and public confidence can be report any suspected concerns. Payroll audit just as great if not more so. It is difficult to establish a value to is undertaken annually. recruitment fraud as it is not easy to attach a price to the damage to an organisation if it were to employ a member of staff who had falsified their qualifications. Payroll fraud is the main area of this type of fraud and 51% of cases investigated or prevented nationally during 2017/18 were insider fraud. Recruitment fraud is the second highest type in this area - estimated average per case of £9,400. Blue Badge Fraud Misuse of parking concession entitlement. Financially is not a Significant Very 12 Medium The Council participates in the National Fraud Significant Likely 9 Medium No change significant fraud risk but can cause reputational damage. Fraud Likely Initiative data matching exercise and Council from the misuse of the Blue Badge had been decreasing nationally staff carry out various checks on the validity of since CIPFA started their annual survey but for the first time has blue badges. All blue badge applicants must seen an increase of over 1000 cases between 2016/17 and provide proof of identification and of 2018/19. In 2017/18, 49% of the fraud cases were reported by residency. This area has been and is subject counties. Blue badge misuse is often an indicator of other benefit to periodic audit and assurance review. related fraud such as concessionary travel. Bank Mandate Mandate fraud is when someone attempts to change a direct debit, Significant Very 12 Medium There are a number of effective controls in Significant Unlikely 6 Low No change Fraud standing order or bank transfer mandate, by purporting to be an Likely place to identify fraudulent attempts to divert supplier/provider that the organisation makes regular payments to. payments from genuine suppliers and to CIPFA estimates that across the UK, mandate fraud has increased validate any requests to change supplier from 188 in 2015/16 to 325 in 2016/17 but decreased to 257 cases details. The controls in place are also subject in 2017/18. to audit and assurance review via accounts
98 of 134 Economic and This type of fraud relates to the false application or payment of Significant Very 12 Medium Policies and procedures for allocating grants; Insignificant Very 8 Low Increased Voluntary Sector grants or financial support to any person and any type of agency or Likely eligibility checks and authorisation controls. Likely (grant fraud) organisation. As funds become more limited for this type of support An internal audit is included on the audit plan it is vital that controls ensure that funds are directed appropriately. for 2019/20 and will examine controls in this Although only 17 actual cases of grant fraud were reported in the area and make recommendations if 2017 survey, the average value of loss was £39,000 per fraud. The appropriate. The risk rating will be re-scored if 2018 report states that 57 cases were reported by local authorities. required to reflect the findings of the audit.
99 of 134 AGENDA ITEM 9 Member Report Internal Audit Arrangements
Public
To: Governance Committee Date: 24 September 2019
From: Corporate Director for Resources Decision type: Key - Budget
Portfolio: Corporate Resources Forward Plan reference: Priority: Improving the way we work
Ward(s):
1 What is the recommendation?
1.1 To establish an Internal Audit only offer for the Council, in conjunction with Middlesbrough Council through a new company, as part of the VERITAU group and to then retain the provision of Health & Safety, Risk and Insurance Management aspects of the current TVASS service within the Council.
2 What part of the Corporate Plan does this report deliver and how, and what options have been considered?
2.1 In April 2010 Redcar & Cleveland Council and Middlesbrough Council established a Share Service arrangement for the provision of an Internal Audit service for both Local Authorities, that allowed for the creation of a robust team that achieved increased operational efficiency and performance improvement, but at a reduced overall cost. This initial five-year arrangement, running through to March 2015, has since been initially extended to March 2018 and now further extended to March 2021.
2.2 Whilst the provision to Middlesbrough Council, is for a pure Internal Audit arrangement, the Audit and Assurance team itself covers a wider remit, that of Risk & Insurance Management and Health & Safety. These additional team services, whilst part of the integrated assurance team, are delivered for Redcar & Cleveland Council only.
2.3 A service level agreement for the provision of the internal audit services is in place between Redcar & Cleveland Council and Middlesbrough Council and includes several performance measures, with the current level of performance against each of these measures forming part of regular reports to both Local Authorities Members through the relevant Governance/Audit committees – the latest set of performance metrics show that productivity on planned Internal Audit days is down due to a number of new starters plus an instance of a long term absence.
100 of 134 Version 8 (14/08/2019) 2.4 Through-out the almost ten years of this arrangements, the joint service has been faced with a range of challenges in maintaining a good level of productivity as well as the ability to attract, recruit and retain a good quality of Auditor. Due to the relatively small size of the team, any gap in recruitment and/or drop in productivity has a large impact on the overall outputs of the service.
2.5 The current Audit & Assurance team, is comprised of 15.00 full time equivalent (FTE) members of staff, with the internal audit function having 7.00 FTE’s, delivering circa. 1,560 of pure internal audit days’ worth of input across the two Councils.
2.6 The Audit & Assurance service has a total net revenue budget of £389,950 at 2019/20 prices. This includes the full cost of the team and its running expenses, as well as the income contributions received from Middlesbrough Council and from other assignments. The budget breakdown is as follows:
Pay - £593,150 Non-Pay - £26,050 Income target - £229,250
2.7 The proposal is to TUPE transfer the pure Internal Audit aspects of the Audit & Assurance team to a new company, as part of the VERITAU group and to retain the Health & Safety, Risk & Insurance Management aspects of the current service within the Council.
2.8 VERITAU was originally established in 2009 as a local authority shared service company, through a TECKAL procurement exemption. The group expanded with the creation of VERITAU North Yorkshire in 2012 but continues to operate as a single trading entity. The existing VERITAU member councils are:
City of York Council Hambleton District Council North Yorkshire County Council Richmondshire District Council Ryedale District Council Selby District Council
These existing member councils regard this shared service as a long-term partnership.
2.9 VERITAU provide an independent and impartial audit assurance service that is designed to help clients to manage their business and address those public sector service delivery challenges which have become more onerous with the combination of increasing demand, reduced resources, technological change and the ongoing redesign of services.
2.10 The proposal, will produce just a minimal overall cost reduction, but will give stability and certainty to the provision and quality of the Internal Audit service, specifically it will address the following issues:
Reducing the length of time taken to complete an assignment by matching the complexity of work allocated to the expected skills of the post; Improving the quality and depth of assignments completed and the quality of report writing, reducing the amount of change that has to be made at draft stage;
101 of 134 Version 8 (14/08/2019) Building resilience into the team by increasing the number of supervisory assurance leads to support the Audit Manager; Strengthening the delivery of the assurance workplan by a more equal distribution of workload and management responsibility across the respective leads; Provide a structured career progression with promotion dependent on successful contribution in role; As this does not look to reduce the number of staff within the team, critical skills will be retained; Resilience can be built by bringing together skills, creating a larger pool of expertise to draw on thus creating capacity.
2.11 The seven TUPE transferred members of staff/posts, whilst retaining their current employment terms & conditions, will have the opportunity to move across onto VERITAU terms & conditions, should they chose to do so. VERITAU are currently considering applying for Admitted Body Status to the Teesside Pension Fund, but they are also a member of the North Yorkshire Pension Fund and further have a define contribution scheme. It is planned for the arrangements to be commissioned from the 1st January 2020.
2.12 Operationally, the Audit service provision, will be delivered from the respective Redcar & Cleveland Council and Middlesbrough Council buildings when on assignment, with their main HQ building being in Northallerton. It is envisaged that when on assignment for Redcar & Cleveland Council, the team will operate out of Redcar & Cleveland House.
2.13 VERITAU operate on a daily charge out rate, which for 2019/20 is £255 per day. Based on the 2019/20 Audit Plan which requires, for internal audit assurance, a total of 705 audit days, thus making an effective annual charge in 2019/20 of £179,775 for Redcar & Cleveland Council. Middlesbrough Council would now be charged directly by VERITAU for its audit plan arrangements.
2.14 The creation of a VERITAU – Tees Valley company, requires a capital injection of £20,000 each from Redcar & Cleveland Council and from Middlesbrough Council, who would each have a 25% shareholding in the company, with the 50% balance being held by the parent VERITAU entity. Any trading profit from the group operations would be shared accordingly.
2.15 From a legal perspective, the establishment of the arrangement with VERITAU will be via a TECKAL Exemption which became codified into UK statute as part of the Public Contract Regulations 2015. According to Regulation 12, thus a contract is exempt from procurement in the event that all of the following conditions are fulfilled:
(a) the Council exercises over the organisation concerned a control which is similar to that which it exercises over its own departments;
(b) more than 80% of the activities of the organisation we want to contract with are carried out in the performance of tasks entrusted to it by the Council or by other legal persons controlled by the Council; and
(c) there is no private capital which holds a controlling interest in that organisation.
102 of 134 Version 8 (14/08/2019) 2.16 The current TVAAS covers internal audit, risk management/insurance and health & safety teams. The remaining services and teams, will be managed through Human Resources for Health & Safety and through legal services for risk management/insurance.
3 Who has been consulted and engaged?
3.1 There are a range of aspects that need to be considered in regard to the overall governance of the company, the service and the reporting arrangements as a result of the internal audit work/reports. These are:
VERITAU – Tees Valley; Shareholder Committee & Director representative; Governance Committee; Chief Internal Auditor & Client Manager.
3.2 VERITAU – Tees Valley - A newly formed private limited company will need to be established, as part of the VERITAU group of companies that is structure to provide Accounting & Auditing activities. The company will be limited by its shares which are to be incorporated within England & Wales.
3.3 The shareholding within VERITAU – Tees Valley, this will have a 50% share ownership by the VERITAU parent company and then a 25% share ownership by each of Redcar & Cleveland Council and Middlesbrough Council. The VERITAU parent company is 100% owned, in equal parts, by North Yorkshire County Council and City of York Council.
3.4 The VERITAU group of companies, will be operated so that shareholders are classed as being equal and with each shareholder receiving equal allocations in respect of either profits or losses.
3.5 Shareholder Committee & Director representative - The Council, through its constitution, will need to establish a Shareholder Committee with suitable member representation. The purpose of the committee is to meet at least once per year as an Annual General Meeting. The Director representative would be the section 151 officer of the Council, and be responsible for agreeing the company direction and business plan of the entity.
3.6 Governance Committee - The make-up of the Council’s Governance Committee is documented with the Council’s constitution and is not proposed to change, because of the Internal Audit service being provided by the VERITAU arrangement.
3.7 Chief Internal Auditor and Client Manager – VERITAU will have a suitably named individual who will provide the services of a Chief Internal Auditor and be present when required to facilitate all internal audit aspects required. The day to day liaison with the Council and the management of this interaction will be undertaken by the Council’s Financial Services Manager/Chief Accountant.
4 What are the risks and resource implications?
Type of Risk/ Details Implication
103 of 134 Version 8 (14/08/2019) Health and The Health & Safety team will not form part of the TUPE transfer Safety arrangement and will continue to be employed directly by Redcar & Cleveland Council
Social Value: n/a
Legal The TECKAL Exemption became codified into UK statute as part of the Public Contract Regulations 2015. According to Regulation 12, a contract is exempt from procurement in the event that all of the following conditions are fulfilled:
(d) the Council exercises over the organisation concerned a control which is similar to that which it exercises over its own departments;
(e) more than 80% of the activities of the organisation we want to contract with are carried out in the performance of tasks entrusted to it by the Council or by other legal persons controlled by the Council; and
(f) there is no private capital which holds a controlling interest in that organisation.
Financial The service transfer will produce a minimal saving overall – circa £10,000 on 2019/20 costs, but will establish a greater stability in provision and a wider offer of specialist internal audit services
Human Staff will be subject to a TUPE transfer arrangement and have been Resources inform of this position – further consultation arrangements to be set in place.
Equality and Each and all members of the Internal Audit team will be treated Diversity appropriately and accordingly as part of the transfer arrangements to VERITAU
Carbon No impact Footprint
Other (please n/a specify)
4.1 Equality analyses for Cabinet decisions are published alongside the reports in the ‘Cabinet and committee papers section’ of our website at https://www.redcar- cleveland.gov.uk/Democracy/DecisionMaking/MeetingCabinet/Pages/cabinet-and- committee-papers.aspx and should be read in conjunction with the recommendations in the report.
5 Appendices and further information
5.1 VERITAU is led by its chief executive – Max Thomas – who has over 25 years of audit experience gained within the private and local government sectors, providing services to a range of clients. Max is currently the Head of Internal Audit for North Yorkshire County Council and City of York Council. He is also the Treasurer for the
104 of 134 Version 8 (14/08/2019) Local Authority Chief Auditors' Network and a member of the North Yorkshire Police Joint Independent Audit Committee.
5.2 The chief executive is supported by a deputy – Richard Smith – who has considerable experience of undertaking and managing internal audit and counter fraud work in the public sector. This encompasses a range of clients including local authorities, charitable companies, and other publicly funded bodies. Both Max and Richard, have been with VERITAU since its inception.
5.3 VERITAU aim is to provide a range of services which are highly regarded, add value for clients and are competitive in price. They do this by offering their service, which is comprised, in their own words, of the following:
Flexibility - Rather than provide an 'off the shelf' service we will listen carefully to your requirements and develop a bespoke audit service designed to address your specific business and assurance needs. Our aim is to add value by helping you to optimise your resources and plan for the future rather than simply concentrating on past events;
Experience - Our auditors have extensive experience of assessing risks, reviewing controls and helping clients to make improvements. We provide audit assurance services to a range of public sector organisations including county, district and town councils, national park authorities, academies and housing trusts. We can therefore share best practice observations from across our extensive client base;
Professionalism - Our auditors are committed to providing a professional service which exceeds your expectations. They are all members of relevant audit and accountancy bodies. We also provide an ongoing programme of training and professional development;
Quality - VERITAU has a proven track record when it comes to the quality of our work. We maintain a quality assurance programme which ensures audit assignments are conducted to relevant professional standards. VERITAU is also recognised as an Investor in People;
Independence - We provide impartial and objective advice which is recognised and valued by our clients;
Access to wider VERITAU expertise - You can benefit from the wider services that VERITAU provides in house and through its various partnerships, including risk management, counter fraud and information governance services.
5.4 VERITAU have an overall team cohort of circa. 58 employees operating across two business entities and five service specific teams. The latest annual report on VERITAU, the group, can be found on the attached link - Annual Reports
5.5 As previously mentioned, Redcar & Cleveland Council and Middlesbrough Council will form the third company of the entity and then operate as part of the single group approach. The diagram below, sets out this future group structure:
105 of 134 Version 8 (14/08/2019) VERITAU NYCC & CYC
VERITAU VERITAU North Yorkshire Tees Valley Districts
6 Background papers
6.1 No background papers other than published works were used in writing this report.
7 Contact Officer
7.1 Name: John Samspon Position: Corporate Director for Resources Address: Redcar and Cleveland House Telephone: 01642 771144 Email: [email protected]
106 of 134 Version 8 (14/08/2019) AGENDA ITEM 10 Member Report RIPA Monitoring Report for 2018/19
Public
To: Governance Committee Date: 24 September 2019 From: Corporate Director for Resources Decision For information type: Portfolio: Resources Forward Plan
Priority: Business improvement reference:
Ward(s): All
1. What is the purpose of this report?
1.1 To provide Members with a monitoring report on the applications made during 2018/19 financial year in pursuance of the Regulation of Investigatory Powers Act 2000, with each previous year’s comparative data.
2. What is the background to this report?
2.1 In very broad terms, the Regulation of Investigatory Powers Act 2000 (RIPA) is a law covering and regulating surveillance. Insofar as local authorities are concerned, amongst other things, it provides statutory safeguards to ensure that when directed surveillance is undertaken, or when communications data is accessed, the use is always transparent and fully recorded.
2.2 Local Authorities have powers under RIPA to undertake directed surveillance during their enforcement activities and to acquire communications data as part of their investigations. “Directed surveillance” involves using covert methods of surveillance where there is a likelihood of private information being obtained. In such circumstances, the operation needs to be authorised. It should be noted that local authorities have no power to grant authorisations for intrusive surveillance and can only undertake operations for the purpose of preventing or detecting crime. “Intrusive surveillance” is where, for example, surveillance is taking place within residential premises or in a private vehicle.
2.3 If surveillance is planned and falls into a category covered by RIPA, authorisation must be obtained. The Protection of Freedoms Act 2012 requires local authorities to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA, namely Directed Surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data. An approval is also required if an authorisation to use such techniques is being renewed.
107 of 134
2.4 In each case, the role of the Magistrate is to ensure that the correct procedures have been followed and the relevant factors have been taken account of. The provisions allow the Magistrate, on refusing an approval of an authorisation, to quash that authorisation.
2.5 The Home Office Review also recommended that where local authorities wish to use RIPA to authorise Directed Surveillance, this should be confined to cases where the offence under investigation carries a custodial sentence of six months or more (the Serious Crime Test).
2.6 Every application for the use of these powers has to consider in detail the necessity of using the powers and the proportionality of such use. Careful consideration to any potential “collateral intrusion” (that is, where the details of or relating to an innocent third party might become known) must be given.
2.7 Enforcement activities undertaken by the authority which fall within the remit of the Regulation of Investigatory Powers Act 2000 are subject to monitoring and oversight by the Investigatory Powers Commissioner’s Office.
2.8 A record of all authorisations and associated paperwork must be kept within a central record. This record is subject to quarterly auditing on behalf of the Monitoring Officer and following each audit a briefing note is provided for the Portfolio Holder for Corporate Resources. The Monitoring Officer also has a quarterly meeting with the Senior Officer with overall responsibility for RIPA matters who is the Corporate Director for Resources.
2.9 RIPA authorisations in 2018-19
2.10 During the period 1/4/2018 to 31/03/2019, 2 authorisations to conduct directed surveillance were made by Council officers. Both of these applications were from the Trading Standards section and both received Magistrates approval following authorisation either by the Assistant Director Governance & Monitoring Officer or the Commercial and Legal Manager.
2.11 The first operation was related to investigations into the illegal sale of IPTV boxes via Facebook. The second related to investigations into the sale of counterfeit and illegal tobacco products. Trading in unauthorised IPTV boxes and streaming copyrighted works is an offence under the Copyright, Design and Patents Act 1988 and trading in counterfeit goods is an offence under the Trade Marks Act 1994. Both offences carry a maximum penalty of 10 years’ imprisonment.
2.12 No applications for the use of Covert Human Intelligence Sources (CHIS) have been made during this twelve-month period.
108 of 134
2.13 There were no applications which required the use of urgency provisions. At the end of this financial year, neither Directed Surveillance application remained extant.
2.14 The Trading Standards investigations resulted in some success in gathering evidence, including the forfeiture of a number of illegal cigarettes and tobacco products. The investigations covered the Trade Marks Act 1994, The General Product Safety Regulations 2005, Consumer Protection from Unfair Trading Regulations 2008, Children and Young Persons (Protection from Tobacco) Act 1991 and Children and Young Persons (Sale of Tobacco etc.) Order 2007.
2.15 In November 2018, the Authority underwent a paper based inspection of its compliance with the RIPA legislation by the Investigatory Powers Commissioner’s Office. Having reviewed the record of operations as well as our guidance manuals the Commissioner confirmed that an inspection visit was not necessary.
2.16 The Commissioner gave a list of 4 recommendations which we should put in place to ensure continuing compliance and these have all been put into practice.
2.17 In the past, such inspections have been every 3 years or so. It is not known whether, given that the inspection this year was a desktop review, there will be a similar timescale for the next inspection.
2.18 RIPA Comparative Data from previous years
2.19 The use of powers, which would need to be authorised in accordance with the provisions of RIPA, has remained at the same level as last year.
2.20 The following table indicates the number and type of applications received for the use of directed surveillance and the use of a CHIS, in order to provide a comparison:
Year Council applications for Third Party Authorisations CHIS directed surveillance 2018 2 from Trading Standards 0 0 2017 2 from Trading Standards 0 2 from Trading Standard s 2016 7 from Trading Standards 0 3 from Trading Standard s 2015 5 from Trading Standards 0 0
109 of 134 2014 11 from Trading Standards 1 Police Operation 8 from Trading Standard s 2013 0 1 HMRC Operation 0 1 Department for Work and Pensions Operation 4 Police Operations 2012 0 8 Police Operations 0 2011 0 11 Police Operations 0 2010 0 12 Police Operations 0 2009 8 from Trading Standards 4 Police Operations 0 2 Department for Work and Pensions Operations
2008 17 from Trading Standards 2 Police Operations 0 3 from Housing Benefits
2007 8 from Trading Standards 6 Police Operations 0 4 from Anti-Social Behaviour Team
3. Communications Data
3.1 During the last financial year it was mandatory for the Council to use the National Anti-Fraud Network (NAFN) Membership Agreement in order to obtain Communications Data. This is a support, liaison and advice service which ensures correct authorisation procedures are followed for the acquisition of such data.
3.2 NAFN ensured accredited Single Point of Contact officers (SPOC’s) checked all applications for compliance. They supported the Designated Person (the Assistant Director of Governance & Monitoring Officer) who has oversight of every application. NAFN supported the Magistrate process and kept all required records for the Home Office, rather than in our central file. Due to this rigor, the Home Office did not need to inspect the Council systems and records in respect of Communications Data applications.
3.3 NAFN has confirmed that during 1 April 2018 to 31 March 2019 there were 4 applications submitted. The table below shows the activity where subscriber information was obtained for the purpose of the prevention and detection of crime in previous years.
Year Number of applications Reason 2018 4 3 – Scambuster Operations 1 – Trading standards Operation
110 of 134 2017 0 2016 1 Scambuster Trading Standards Operation 2015 7 All Trading Standards operations and all approved by Magistrates. One further application was cancelled prior to attendance at the Magistrates Court. 2014 1 1 – Trading Standards Matter (copyright Theft and Fraud) 2013 4 2 – Trading Standards Matter – (clocked cars) 1 – Trading Standards Matter – (counterfeit goods) 1 – North East Trading Standards Association investigation - (Copyright Theft and Fraud) 2012 5 3 - North East Trading Standards Association investigation – (rogue trader) 2 - Trading Standards Matter – (rogue trader) 2011 0 2010 0 2009 1 Trading Standards Matter – (rogue trader)
2008 1 Trading Standards Matter – (rogue trader)
3.4 A new body called the Office for Communications Data Authorisations (OCDA) has been set up in the last few months to independently authorise communications data applications. This will remove the need for the Judiciary to authorise these applications. Guidance now states that the OCDA will return all documents and that authorities will be required to keep them to avoid the risk of accumulating records in one central database.
3.5 Therefore, future communications data authorisations information will once again be retained by the authority.
4. Who will this benefit and how?
4.1 The aim of this report is to provide Members with some analysis of the RIPA applications received during the last financial year in order that they
111 of 134 can have oversight of the use of RIPA powers within the authority. This will give Members confidence that RIPA powers are being used properly.
5 Who have we consulted?
5.1 This report is for information only.
6. How will it deliver our priorities and improve our performance?
6.1 The detailed monitoring of the use of our powers under RIPA is a legal requirement. However, the use of powers as a robust element of our commitment to tackling criminal activities will impact positively on local business and, hopefully, job creation.
7. What are the risks and resource implications?
Type of Applicable Details Risk/ ? Implication Health and Yes There will always be a certain impact on health Safety and safety when dealing with surveillance but risk is always carefully managed. Social Yes Surveillance decisions are likely to impact Value: positively on the creation of local employment opportunities, skills and training opportunities for businesses throughout the area by minimising the amount lost to criminal activities.
Legal Yes The Council is required to comply with the RIPA and any Inspector’s recommendations.
8. Recommendations
8.1 It is recommended that Members note the contents of this report.
9. Appendices and further information
9.1 The full report from the last inspection in November 2018 is held on the central records and is available for Members to look at.
10. Background papers
10.1 No background papers other than published works were used in writing this report.
112 of 134
11. Contact Officer
Name: Christopher Stannard Position: Principal Legal Officer Address: Redcar & Cleveland House Telephone: 01642 444537 Email: [email protected]
113 of 134 AGENDA ITEM 11 Member Report Corporate & Ombudsman Complaints Monitoring Annual Report for 2018/19
Public
To: Governance Committee Date: 24 September 2019 From: Corporate Director of Corporate Resources Decision For information type: Portfolio: Resources Forward Plan Outcome: Business improvement reference:
Ward(s): All
1 What is the purpose of this report?
1.1 The purpose of this report is to provide a summary of the statistics received from the Local Government and Social Care Ombudsman in their annual letter and to provide Members with information on the Stage 3 Corporate Complaints processed in the last financial year.
2 What is the background to this report?
2.1 The Corporate Complaints Procedure has, as its aim an accessible, informal and resolution focussed system. Where an early, informal resolution is not possible and the complainant remains dissatisfied, the procedure allows for a more formal Stage 2 investigation. There is also a final, discretionary Stage 3 process which involves convening a panel hearing made up of members of this Committee; the decision to invoke this discretionary stage is taken by the Monitoring Officer who personally reviews each complaint in detail.
2.2 Ultimately, the complainant is always able to take the matter to the Ombudsman and every year an Annual Letter is published, summarising details of the complaints they have considered.
2.3 Corporate Complaints Received 2018/19 Financial Year
2.4 During this period 81 complaints were handled under Stage 1 of the complaints process. This compares to 84 in the previous year.
2.5 Of this number,14 progressed to Stage 2 of the complaints process where a detailed investigation was undertaken by a more senior officer in the service area. This compares to 16 last year so, again, there has been a small reduction in the number of complaints at this stage, and illustrating that the vast majority of complaints appear to be resolved after the initial stage of the process.
114 of 134 Version 7 (12/08/2013) 2.6 Stage 3 Complaints
2.7 Of the 14 Stage 2 investigations, 7 complainants told us they remained dissatisfied and requested to be considered at the final discretionary Stage 3. This compares with 8 the previous year. The Monitoring Officer reviewed all of the correspondence on each complaint and considered the merits of invoking Stage 3. The Monitoring Officer arranged for a Panel to hear one of these complaints and 6 were either reviewed to the satisfaction of the complainant, or directed to the Ombudsman. - In 2 cases, there was a challenge to legislation or legal liability which the Panel would not be able to consider - In 2 cases, the Monitoring Officer was able to suggest to the service area an agreeable solution which was acceptable to the complainant - In 2 cases, and after consultation with Ombudsman guidance, ex-gratia payments of £71.81 and £250 were made
Dissatisfied complainants always have recourse to the Ombudsman, and some prefer to trust the Independence this body can provide. However, the level of complaints being resolved prior to referral to the Ombudsman would suggest that we have effective arrangements in place for complaint-handling.
2.8 The details of the Panel hearing which took place is summarised below:
2.9 Complaint Outcome
This Complaint related to the Partially Upheld – the Panel found that the positioning of single yellow Council had failed to respond to the complaint lanes near a cemetery, where within specified times. It was clear that an apology for this delay had been given which the parking was problematic. The Panel felt was an appropriate and proportionate complainant felt that the lines response in the circumstances. had been positioned on the incorrect side of the road and The Panel’s impression was that the Council had the Council had been tardy in been responsive in addressing the initial request replies, had not explained its for the matter to be explored, especially in the rationale, nor used its powers absence of any other representations. The Council carried out its statutory duty to consult of enforcement to address the and, in making a judgment about the location of situation. the yellow line, it was entitled to take account of feedback received outside the formal consultation period. Choosing to locate the yellow line on the side of existing street lighting did not appear to the Panel to be a perverse decision. However, the Panel considered that some information given during or after this process was incorrect or misleading, and could have given the complainant reasonable grounds to question the Council’s commitment to resolving the problems identified.
The Panel understood that various enforcement options had been considered but that the Council took the view that these options were not appropriate or proportionate given the low
115 of 134 Version 7 (12/08/2013) number of complaints about parking there. The Panel was reassured by Officers that the situation will be monitored in liaison with the police. However, the absence of a formal Parking & Enforcement Policy meant that it was difficult for Council officers to prioritise parking issues within the Borough, or to decide which matters to escalate for Police attention.
Panel Recommendations to the Corporate Director for Growth, Enterprise and Environment To issue the complainant with a full written apology regarding the level of Customer service and that the Council formulate a borough-wide Parking Policy for approval by members.
The Director accepted the recommendations.
2.10 Ombudsman Activity
2.11 The annual review letter was received from the Ombudsman on 25 July and listed 28 complaints that they have received about the Council, for the year ending 31 March 2019. These are complaints where the individual remains dissatisfied with the Council’s responses or where they have taken their complaint direct to the Ombudsman at an earlier stage. This highlighted that of the 28 complaints that they have looked at over the year, 10 resulted in a detailed investigation and 5 of these were upheld. No formal reports were issued to the Council.
2.12 In comparison with previous years:
For the Year Complaints Investigated Upheld Not Upheld ending 31 March made to LGO 2019 28 10 5 5 2018 34 6 5 1 2017 27 7 4 3 2016 39 5 1 4 2015 39 6 3 3
2014 34 5 1 4 2.13 Of the five complaints that the Ombudsman upheld this year, 4 were judged to have caused injustice to the complainant and one did not. Two of these warranted financial remedies for the avoidable distress caused and one for the quantifiable loss, as well. One required redress which was actioned in the timeframe specified to the satisfaction of the Ombudsman.
2.14 Benchmarking, with the Tees Valley area, shows some consistency.
Investigations Upheld Not % upheld Upheld Redcar 10 5 5 50 Darlington 15 11 4 73 Hartlepool 5 1 4 20 Middlesbrough 7 3 4 43
116 of 134 Version 7 (12/08/2013) Stockton 13 5 8 38 Nationally The Ombudsman decided 18,482 58% cases (5,315 at initial assessment 4458 after full investigation)
2.15 Upheld Complaints and Organisational Learning During an Ombudsman investigation, the Council is required to fully cooperate by providing answers to questions, supporting evidence, documents and policies and to explain any rationale behind decisions. The Ombudsman will take a decision based on their investigation and suggest a remedy where this is appropriate. The details of most complaints are anonymised and published by the Ombudsman on their website. Below is a summary of the 5 complaints that they have upheld this year:
2.16 1) Complaint 18007129 Decision: Upheld. Maladministration no Injustice. Planning & Development Ms X says the Council allowed an unreasonable amount of time for the owner of a neighbouring property to comply with the requirements of a section 215 notice. She also complains about the Council’s handling of her complaints. There was fault by the Council because of delay in taking enforcement action and a poor service given to the complainant. However, the injustice suffered is not so serious to warrant further pursuit of the matter.
The maladministration originated from a discretionary decision by the Council not to pursue the service of Section 215 notices (untidy land) on two private gardens. The Ombudsman upheld the original complaint and required the Council to review its decision, which it did. The Council then served two notices, one of which was largely complied with, the other not and when the Council exercised its discretion to extend the time period for compliance with the notice, this resulted in a further complaint. In the future, decisions not to pursue enforcement action will, where appropriate, be verified by senior managers.
2.17 2) Complaint 17018353 Decision: Upheld. Maladministration and Injustice. Highways and Transport Mrs X complained that the Council inappropriately erected a fence between their rear alleyway and a road in an adjoining housing estate. There was fault by the Council. It failed to apply for planning permission for the fence or properly considered the impact the fence would have on rights of access. The Council agreed to remove the fence to restore the position before the fault occurred. However, the complainant later indicated a preference for the fence to be retained subject to various conditions, and the Council’s staff now believe that we have reached a resolution to this complaint on that basis.
2.18 3) Complaint 17020127 Decision: Upheld. Maladministration and Injustice. Benefits & Tax Mrs X complained about the way the Council dealt with her council tax support. The Council was at fault for not properly notifying Miss X that her council tax support had been removed. During the investigation, the Council apologised and reassessed Miss X’s council tax support. The Council also agreed to pay Miss X £100 to remedy the unnecessary time and trouble caused by the Council’s actions.
The maladministration related to appeal rights not being correctly notified in relation to a council tax support decision in 2016. Procedures were changed on 1 April 2017
117 of 134 Version 7 (12/08/2013) to include a reference to council tax support and appeal rights on all council tax bills issued from that date. This change in procedure was notified to the Ombudsman in our initial response and no further action was necessary.
2.19 4) Complaint 17014151 Decision: Upheld. Maladministration and Injustice. Adult care Services Mr X complained that the Council failed to provide him with enough support when he moved out of the area which left him with debts for his housing. The Council needed to: apologise; pay the outstanding debt for rent on his previous property; pay £150 financial redress for the avoidable distress; and identify the action to take to prevent similar problems from happening again.
The failings were largely due to a lack of robust communication and the lessons learned from this complaint relate to what happens when the Council relinquishes Appointeeship for a person’s financial affairs. The Council has implemented new checklists, guides and a new system where a joint visit is undertaken by the Property and Financial Affairs team and the responsible Practitioner to ensure that all matters are clearly understood by all parties.
2.20 5) Complaint 17000102 (not published) Decision: Upheld. Maladministration and Injustice. Education and Children’s Services Ms X complained about various failings by the service and that the Council’s offer of financial remedy did not reflect the distress suffered. The view was that the Council did not provide a sufficient financial remedy or a meaningful apology for the distress it caused. The Council agreed to the recommendations to increase the financial payment and to provide a meaningful apology. This put right the injustice suffered by Miss X. So, the Ombudsman completed the investigation.
Subsequently, the local authority has embarked on introducing a new social work practice model across the workforce. This is a ‘strengths based’ model which places the child and family at the heart of practice; focusing on participation and engagement, and building on people’s strengths. Training has taken place across the children’s workforce. This new model, which promotes family driven plans and full participation of all family members during periods of social work intervention, will ensure that this does not happen again.
3 Who will this benefit and how?
3.1 The Ombudsman’s report says that the reporting of routine mistakes and service failures that have been remedied over the year, should be reported to the Council through an annual report to the Governance committee. This oversight will benefit the organisation and give Members confidence that complaints are being dealt with effectively.
4 Who have we consulted?
4.1 This report is for information only.
118 of 134 Version 7 (12/08/2013) 5 How will it deliver our priorities and improve our performance?
5.1 An effective complaints system is one which helps an organisation to learn. The oversight and governance of complaints and working with Ombudsman Investigators to remedy any maladministration, provides an opportunity to contribute to Business Improvement.
6 Are there any legal considerations?
6.1 Corporate Complaints processing is not a statutory function but it is good practice and a policy of the Council incorporated in the Constitution. It is a requirement to work with the Local Government and Social Care Ombudsman to address dissatisfaction.
7 Recommendations
7.1 It is recommended that Members note the contents of this report.
8 Appendices and further information
8.1 Appendix 1 – Local Government & Social Care Ombudsman Annual Review report
9 Background papers
9.1 No background papers other than published works were used in writing this report.
10 Contact officer
10.1 Name: Sue Bridges Position: Principal Electoral & Information Governance Officer Address: Redcar & Cleveland Leisure and Community Heart Telephone: 01642 444092 Email: [email protected]
119 of 134 Version 7 (12/08/2013) 120 of 134 121 of 134 AGENDA ITEM 12 Member Report Senior Management Structure
Public
To: Borough Council Date: 17 September 2019
From: Corporate Director for Resources Decision type: Key - Significant impact
Portfolio: Resources Forward Plan reference: RD0035 Priority: Improving the way we work
Ward(s): N/A
1.0 What is the recommendation?
1.1 The Council approved a report on 24 July 2019 which agreed the voluntary redundancy of the Chief Executive, with the intention that this post be formally deleted from the senior management structure in due course. The recommendations approved by the Council also included a commitment to the production of further proposals for consideration by elected members.
1.2 In line with those recommendations, this report now outlines proposals for dealing with changes which affect statutory officer roles, including arrangements for formalising, where appropriate, some of the interim measures as approved on 24 July 2019. Accordingly, it is recommended that Cabinet agree the proposals set out within this report and recommends to the Council that it also approves all of the proposals and that:
a) The post of Corporate Director for Resources be re-designated as Managing Director (Head of Paid Service) and the current Interim Head of Paid Service, John Sampson, be appointed to that role on a permanent basis from 1 November 2019
b) The Head of Paid Service shall also be appointed as Returning Officer & Electoral Registration Officer with effect from 1 November 2019.
c) The post of Financial Services Manager be re-designated as Assistant Director – Finance (Section 151 Officer) and the current post-holder, Phil Winstanley be appointed as Section 151 Officer with effect from 1 November 2019;
d) With effect from 1 April 2019, the post of Assistant Director – Governance and Monitoring Officer be amended to incorporate all of the responsibilities currently carried out by the Assistant Director – Organisational Change and re-designated as Governance Director (Monitoring Officer), with the current post-holder Steve Newton, continuing in that capacity as the Council’s Monitoring Officer.
122 of 134 Version 8 (05/12/2018) e) The Officer Employment Procedure Rules be suspended accordingly, for the purposes of this report only;
f) The Monitoring Officer be authorised to make any consequential amendments to the constitution; and
g) For the sake of clarity, the named appointments to the statutory roles covered by this report are confirmed as follows:
Head of Paid Service, Returning Officer & Electoral Registration Officer – John Sampson Section 151 Officer – Phil Winstanley Monitoring Officer – Steve Newton
2.0 Background
2.1 As outlined in the earlier report approved on 24th July 2019, the current administration of the Council made a commitment to streamlining management as a matter of priority.
2.2 A significant element of the administration’s proposals in this regard is that the Council should move to a management model which does not include the role of Chief Executive. On that basis, the proposals within this report include arrangements which formalise removal of the Chief Executive role, further streamline senior management and make some limited financial savings which are additional to the annual savings of £220,000 detailed within the report approved by Council on 24 July 2019. It is intended that further savings will be achieved in reviewing other roles and proposals for these changes will be finalised in due course.
2.3 Appendix 1 to this report illustrates these changes in the form of a structure chart. The considerations in forming these proposals are set out in the following sections of this report.
2.4 Appointment of a Managing Director (Head of Paid Service) Under Section 4 of the Local Government & Housing Act 1989, every local authority has the duty to designate one of their officers as its Head of Paid Service. It is also a requirement to appoint a Monitoring Officer and a Section 151 Officer. 2.5 The current interim arrangements for the Head of Paid Service approved in July were agreed pending this report. The requirement to have a Head of Paid Service applies notwithstanding any proposal to discontinue the role of Chief Executive. 2.6 In order to retain the savings to be achieved from deletion of the Chief Executive’s post, the new role will, in practical terms, need to be created by adding the Head of Paid Service’s remit to one of the current Corporate Director positions. It is proposed that we create a Managing Director role, which will also be the Head of Paid Service. 2.7 In effect, the Managing Director will have dual responsibilities and, given the nature of these responsibilities, it is considered appropriate that an increase in salary be agreed to recognise this position. This is usual where similar arrangements operate and reflects the fact that the new post will have specific statutory duties, which are additional to current responsibilities and do not apply to other director roles. In
123 of 134 Version 8 (05/12/2018) general terms, these include responsibility for reporting on the manner in which the discharge of the Council’s functions is co-ordinated, the number and grade of officers required for the discharge of functions and the organisation of officers. 2.8 In light of the current interim arrangements, external advice has been sought from the Local Government Association (LGA) and North East Regional Employers Organisation (NEREO) in developing these proposals and a report at Appendix 2 outlines their advice in this regard. This advice supports the view that a Managing Director model is the most appropriate option to be pursued in current circumstances and the rationale for the proposals is summarised below. 2.9 It is common for the Head of Paid Service to also take on ultimate responsibility for delivery of elections. Accordingly, it is proposed that the roles of Returning Officer & Electoral Registration Officer are also placed within the remit of that post with effect from 1 November 2019. 2.10 Other Considerations When forming proposals, it is essential that any revision to senior management arrangements be considered in the context of the main challenges currently facing the Council and, also, with a view to using existing internal resource to maximise the potential for any savings. Accordingly, in terms of allocating responsibility for the Head of Paid Service functions, the following considerations are relevant. 2.10 The Council currently employs four Corporate Directors. One director is about to leave the Council’s employment at the end of September (Corporate Director for Children & Families), with a new Corporate Director commencing 30 September 2019. 2.11 It is considered inappropriate to allocate additional responsibilities to this new director for the following reasons: . This is a new appointment and the first Corporate Director post held by the individual commencing their employment; . The directorate has significant financial and other challenges that will need full-time attention from the Corporate Director; . At the Council meeting held on 24th July 2019 there was a specific request from the former Cabinet Member for Children and Families that no additional responsibilities be given to this Corporate Director. The Leader agreed with that position, which is supported by the current administration given the nature of this particular director’s role. 2.12 The current Corporate Director for Growth Enterprise and Environment is also a relatively new director appointed in February 2019 to her first director role. Additional responsibilities would be onerous and difficult to undertake given the circumstances and the need to focus on specific economic priorities, such as the development of the former SSI site. It is also felt that, for this director to undertake more responsibilities, there would be a need for back-filling arrangements which would incur a significant cost, thus reducing the potential savings. 2.13 The Corporate Director for Adult and Communities has more experience as a director but, at this current time, is focused on the health transformation agenda which requires his full attention. This directorate has a history of large overspends which the current director has successfully turned around. Given the financial challenges faced by the Council, it is critical that spending in this directorate is kept within budget. Accordingly, it is felt inappropriate to add significant additional responsibility to this post. However, it is proposed that this Director be the named
124 of 134 Version 8 (05/12/2018) Deputy Head of Paid Services in order to provide cover in the event that the Head of Paid Service is absent for short periods due to annual leave etc. This would allow some resilience within the senior team and provide for an element of potential succession planning. There would be no changes to current pay or conditions of the director in taking on this role. 2.14 The Corporate Director for Resources is our most experienced Director with some four years plus experience as Corporate Director and more than 10 years as Section 151 officer. He has a clear view of the Council’s challenges, both in terms of financial challenge and service delivery. He has held a Corporate role with the Council for over 10 years and it is considered possible and appropriate to merge his current responsibilities without the need for significant back-filling arrangements. Given this position, it is proposed that the post of Corporate Director for Resources be re-designated as Managing Director (Head of Paid Service). This would help to maximise proposed savings, as existing duties would be retained. It is proposed that this element of the proposals be implemented with effect from 1 November 2019 with the Chief Executive’s role being formally deleted from this point. All directors have been consulted on these arrangements and support this proposal. 2.15 As indicated in the previous report, in other circumstances the appointment of the Head of Paid Service is to be made by full Council on the basis of a recommendation by the Appointments Panel. This requirement is specified in the Officer Employment Procedure Rules but, clearly, envisages a situation whereby the Council has undertaken a recruitment exercise for a new Chief Executive. Accordingly, these rules may be suspended under the terms of Article 16.01 of the constitution to cater for other scenarios. Given that the proposals within this report are intended to utilise internal resource, avoid potential redundancy costs where possible and, also, to avoid issues in terms of continuity in the Head of Paid Service role, it is recommended that suspension of the rules is approved on this occasion and that a permanent appointment be made to the Head of Paid Service as detailed above.
2.16 Governance
In seeking to further streamline management, it is proposed that the post of Assistant Director - Organisational Change be deleted and that, to avoid the need for backfilling arrangements and generate savings, these duties are added to those of the current Assistant Director of Governance and Monitoring Officer, with that role being re-designated as Governance Director (Monitoring Officer). The role will continue to include the Monitoring Officer function. Following job evaluation of the duties the remuneration for this has been assessed at the level of Director 3 in the Council pay-scales. This recognises the significant additional responsibilities the post-holder will carry in addition to existing duties, including the statutory role of Monitoring Officer. 2.17 The merger of these two Assistant Director roles can be facilitated by the voluntary redundancy of the current Assistant Director of Organisational Change as of 31 March 2020, which, in consultation with the current administration, has been approved under existing arrangements given the imperative to secure savings with effect from that date, in time for the new financial year. This will avoid the need for a period of formal consultation and a potential compulsory redundancy situation. 2.20 A further saving relating to the Senior Management structure will be made as there are currently two Executive Assistant posts which exist, one of which is filled on a temporary basis. Given the various changes at a senior level, this can be reduced
125 of 134 Version 8 (05/12/2018) to one post once a current need for absence cover has been resolved.
2.21 Financial Services If it is agreed that the Corporate Director for Resources is appointed as Managing Director (Head of Paid Service) then, whilst legally possible, it is not generally viewed as good practice for that same individual to carry out the role of Section 151 Officer. The external report attached at Appendix 2 confirms this position. It is, therefore, proposed that the current Financial Services Manager be re-designated as Assistant Director – Finance (Deputy Section 151 officer) with duties being amended accordingly to take on this additional responsibility. After job evaluation to reflect the addition of these statutory duties, which include the requirement to challenge the Head of Paid Service in relation to financial issues if necessary, the appropriate salary has been assessed as Assistant Director Chief Officer ‘Band B’. 2.35 Financial Impact
Deletion of the Chief Executive’s role will secure annual savings of £220,000. In order to maintain that saving without creating additional posts, the duties associated with that role will need to be redistributed, as will the duties associated with the Section 151 officer and that of the Assistant Director of Organisational Change. Although the focus of this report is on implementing permanent arrangements in terms of statutory posts rather than identifying savings, taking into account consequential salary adjustments and the deletion of an Executive Assistant role, these changes will result in an additional saving from within the review of £50,000 per annum, above the £220,000 relating to the Chief Executive’s post.
3.0 Who has been consulted and engaged?
3.1 In preparing this report discussions have taken place with the LGA and NEREO and joint report from both organisations is attached at Appendix 2.
3.2 These proposals have been discussed with all Corporate Directors, Assistant Directors & Cabinet. In line with constitutional requirements for some elements of the proposals, the report will need to be considered by Cabinet, Resources Scrutiny and Improvement Committee, Governance Committee and Full Council.
4.0 What are the risks and resource implications?
Type of Risk/ Details Implication Health and Safety It is not envisaged that these proposed changes with have any impact on Health and Safety
Social Value: N/A
Legal The legal considerations are set out within the body of this report. It is the duty of the Head of Paid Service where he or she considers it appropriate to do so, to prepare a report to the authority setting out their proposals as to: ·
the manner in which the discharge by the authority of their different functions is co-ordinated;
126 of 134 Version 8 (05/12/2018) the number and grades of staff required by the authority for the discharge of their functions; the organisation of the authority’s staff; the appointment and proper management of the authority’s staff.
In view of the current interim arrangements, external advice has been sought as set out in Appendix 2, in order to ensure an objective and independent view is used to inform proposals.
There is a duty to appoint to the statutory posts set out within this report.
Financial This proposal provides for an additional annual saving as detailed above. The structure and salary details are included within the chart at Appendix 1.
Human Resources The Chief Executive’s role will be formally deleted with effect from 31 October 2019. There is an impact on some Assistant Directors. One reduction has been managed by means of a VR application. There will be some changes to duties and responsibilities for some of the other Assistant Director positions as outlined in this report. All proposed roles have been subject to job evaluation and a grade determined accordingly.
Equality and Diversity There is no impact on equality and diversity. Any staffing implications will be managed in line with existing employment policies and legislation.
Carbon Footprint N/A
Other (please specify) Management capacity has already been significantly reduced over recent years. Given current levels of responsibility allocated to senior officers, it is becoming increasingly difficult to make additional savings without risk and these arrangements will be kept under review. The external report attached at Appendix 2 highlights this position.
Equality analyses for Cabinet decisions are published alongside the reports in the ‘Cabinet and committee papers section’ of our website at https://www.redcar- cleveland.gov.uk/Democracy/DecisionMaking/MeetingCabinet/Pages/cabinet-and- committee-papers.aspx and should be read in conjunction with the recommendations in the report.
5.0 Appendices and further information
Appendix 1 – Structure Diagram Appendix 2 - Joint report from LGA/NEREO
6.0 Background papers
No background papers other than published works were used in writing this report.
127 of 134 Version 8 (05/12/2018)
7.0 Contact Officer
Name: John Sampson Position: Interim Head of Paid Service Address: Redcar and Cleveland House Kirkleatham Street Redcar TS10 1RT
Telephone: 01642 444403 Email: [email protected]
128 of 134 Version 8 (05/12/2018) Appendix 1
Strategic Director Level – Senior Management Structure Current Director Level Structure
Corporate Director for Corporate Director for Corporate Director Corporate Director for Resources Adult and for Children and Growth, Enterprise and Communities Families Environment Dir1 – £123,886 Dir1 –£123,886 Dir1 - £123,886 Dir1 – £123,886
Proposed Director Level Structure
Managing Director Corporate Director for Corporate Director Corporate Director for Adult and for Children and Growth, Enterprise and Salary circa Communities Families Environment
£135,000 Dir1 –£123,886 Dir1 - £123,886 Dir1 – £123,886
Current Resources Directorate Senior Level Structure
Corporate Director for Resources
Dir1 £123,886
Assistant Director Assistant Director Head of Policy and Governance (Monitoring Organisational Change Performance Officer) Director 3 Chief Officer Band C Chief Officer Band A £106,284 (pro rata - £90,933 £73,713 £57,450)
Proposed Senior Level Structure
Managing Director (Head of Paid Service) £135,000
Governance Director Head of Corporate Policy Assistant Director Financial (Monitoring Officer) and Performance Services (151 Officer)
Director 3 Chief Officer Band C Chief Officer Band B £73,713 £81,904 £106,284
129 of 134 Appendix 2
Report to Redcar and Cleveland Borough Council
Senior Management Review
1. Introduction
We have been asked for our views on a Senior Management Review of the Council in respect of proposed structure, salaries and appointment process.
The report we have been asked to review is due to be considered by Cabinet on 17th September 2019 and full Council on 10th October 2019.
2. Background
2.1 At a “special” meeting of full Council held on 24th July 2019 a decision was taken to agree to the voluntary redundancy of the Chief Executive and the post-holder’s employment will terminate on 31st October 2019.
2.2 There is a requirement under the “Local Government and Housing Act 1989” that every local authority has the duty to designate one of its officers as its “Head of Paid Service (HoPS)”. This is a statutory requirement, however, the legislation does not require a local authority to create a post of Chief Executive to exercise this function. Interim arrangements were agreed at the Council meeting in July to ensure that this requirement is met until such time as further proposals for the senior management structure are considered.
2.3 Regulations made under the “Local Government Act 2000” reinforced this role by making the appointment of all staff below Chief Officer level the exclusive function of the HoPS or someone nominated by him/her.
2.4 In an effort to make savings and cut indirect costs, a significant number of local authorities have explored alternatives to the traditional management model of a team of Directors, led by a stand-alone Chief Executive.
Some recent examples of where councils have adopted a model where the HoPS is not a Chief Executive are: Hastings, Barrow, and Brentwood Borough Councils; Kent, Shropshire, and West Sussex County Councils; and Leicester City Council. In addition, Bristol and Salford Councils have City Directors acting as HoPS.
2.5 As well as the departure of the Chief Executive, we understand that the Senior Management Team is going through a number of other changes. Of the 4 Corporate Director positions a new Corporate Director for Children’s and Families takes up her appointment in September 2019 and this will be her first Corporate Director role. A new Corporate Director in Growth, Enterprise and Environment is also in a Corporate Director position for the first time and has only 5 months’ experience.
These changes, together with a new political administration, suggest to us that, at this time, there is a need for a strong, experienced HoPS and not a “first among equals” type model.
1
130 of 134
3. The “Senior Management Review” Report
3.1 Proposed Structure
3.1.1 The proposals, effective from 1 November 2019, see the Senior Management structure move from a Chief Executive with 4 x Corporate Directors to a Managing Director (MD) and 3 Corporate Directors, with the Director of Corporate Resources potentially becoming the MD and HoPS.
We believe this would be a sensible model given the changes described in para. 2.5 above and one which is mirrored in 2 neighbouring councils, Darlington and Stockton-on-Tees Borough Councils.
More importantly, and as referred to in paras 2.1 and 2.2 above, the relevant legislation allows for a Managing Director to also assume the role of HoPS.
3.1.2 The proposals also include the Section 151 Officer role transferring from the Director of Corporate Resources (Managing Director/HoPS) post to the Head of Financial Services.
The regulations do allow for one officer to carry responsibility for more than one statutory function, ie HoPS and Section 151 Officer, however, we would argue that best practice suggests that the roles be separated.
3.2 Salary
3.2.1 The proposed salary of £135,000 for the new Managing Director post represents an increase of just under 9% of the current salary for the Director of Resources post, which is not excessive; and is between £6,000 and £21,000 below the salaries paid to the next lowest and highest paid Chief Executives/Managing Directors in the Tees Valley area.
In addition, the recently published LGA report into Chief Executives’/Chief Officers’ Salaries in 2018 shows the average salary for Chief Executives of Unitary Councils in England and Wales (based on a 45% return) was £143,667 (adjusted to take account of the 1 April 2019 pay award).
3.2.2 The proposed salary is, therefore, undoubtedly low, however, a key issue is whether it is possible to recruit someone to that level and, if so, to then retain them.
Assuming an internal appointment is made to the Managing Director post, then Redcar and Cleveland’s HoPS will be paid less than the other HoPS in the Tees Valley area, probably all of the North East region, and less than the national average.
This may become an issue if and when the Council seeks to appoint to that position by open advert and we would suggest that the salary be reviewed when and if that occurs.
3.2.3 We note that the Corporate Directors’ salaries at £123,886 already compare favourably with those of neighbouring councils and we would, therefore, see no need to review these salaries at this stage.
2
131 of 134 3.2.4 Although not part of the current proposals, in producing this report we note the Assistant Director salaries are behind their comparators in the Tees Valley area and are perhaps in need of review.
We understand that these are currently single “spot salaries” and a review option would be to consider moving them to a 3 point grade as is the norm for all other posts except the Corporate Directors.
An appropriate scale of incremental increase would be 2% per annum which is a level adopted by the NJC for Local Government Services in its revised national pay scale implemented in April 2019.
Alternatively consideration could be given to amending the current Assistant Director grade C salary (£73,713) where there is only a small differential between that and the highest salary for a non-Assistant Director post (£70,645).
An option would be to lift the current grade C spot salary by perhaps 4% to £76,661 which would ensure relativities are maintained. This would also maintain the status quo for the Assistant Director grades A and B with all Assistant Directors remaining on spot salaries.
3.3 Appointment Process
3.3.1 The relevant legislation allows for the HoPS to be appointed from within the current establishment without the need for external advert. It is only when a Council determines to appoint someone from outside that the post must be advertised.
Good practice, and perhaps the Council’s own policies (Standing Orders, Equalities Policy, etc) may suggest that the Managing Director post should be “ring-fenced” for staff at an appropriate level, in this case probably Corporate Directors. If, however, only one person is interested in the role and the Council is prepared to appoint that person, then that can be done without any form of “competition”.
Irrespective of which option the Council chooses, it is the responsibility of the Monitoring Officer to ensure the process is fair.
The appointment will also need to be confirmed by full Council.
3.3.2 The appointment of the Head of Financial Services as Section 151 Officer will also need to be confirmed by full Council.
4. Summary
4.1 The Council is able to appoint a HoPS who is not designated as a Chief Executive.
4.2 The proposed salary of £135,000 is low in comparison to local and regional comparators and may need to be reviewed if/when the post is advertised openly.
4.3 The Corporate Directors’ salaries seem competitive and do not require review.
4.4 Assistant Directors’ salaries seem low in comparison to similar posts in the Tees Valley area and may require a review including considering whether to move them to “grades” rather than spot salaries or, alternatively, increasing the pay for Grade C posts. 3
132 of 134
4.5 The impact of the new management arrangements on all of the Senior Management posts should be monitored over the next 12 months.
4.6 A reminder that the appointment of the HoPS and Section 151 Officer need to be confirmed by full Council.
Mick Brodie Adam Barker Director Senior Adviser NEREO LGA
September 2019
4
133 of 134 Governance Committee Relevance to Remit of Committee Officer Lead 30-Jul 24-Sep 26-Nov 11-Feb 20-Apr TBC 2019 2019 2019 2020 2020 2020
Internal Audit and Assurance Functions - TVAAS
Internal Audit and Assurance Plan Internal Audit is a statutory service under the Accounts HF Internal Audit and Assurance year end report and Audit Regulations 2015 and PSIAS. An authority HF Progress report on the Audit & Assurance Plan must undertake an effective internal audit to evaluate the HF Risk Management update effectiveness of its risk management, control and HF Chair & Vice-chair discussion with Audit & Assurance Manager governance processes. Pre meeting Counter Fraud Annual Report HF Self assessment against PSIAS & Internal Audit Charter HF
External Audit Functions - Mazars External auditors in the public sector give a statutory Annual Audit Strategy Memorandum independent opinion on public bodies’ financial GB/CD Annual Audit Letter statements and comment on the conduct of their financial GB/CD Audit Completion Report affairs and the management of performance and GB/CD Audit Progress Report resources. GB/CD Chair & Vice-chair discussion with External Auditor Pre meeting
Governance Functions
An authority must ensure that it has a sound system of Review of Financial Procedure Rules internal control covering the effective exercise of its PW/RD Review of Contract Procedure Rules functions, the achievement of its aims and objectives, the DT Review of Treasury Management Policies & Update effective financial and operational management of the PW/RD Review of Accounting Policies & Update authority; and the effective management of risk. PW/RD Review of FOI returns AP Review of RIPA return CS Annual Ombudsman Letter - (stage 3 complaints) SN/SB Risk Management Framework - annual assurance report HF Information Governance - annual assurance report SB Health and Safety Control Framework - annual assurance report HF/Jsum Verbal feedback from corporate governance groups PW/HF Financial Statements An authority must ensure that it has .... effective financial Draft Statement of Accounts (Full & Summary) management. RD Acceptance of the Statement of Accounts RD Acceptance of the Annual Governance Statement AP Agreeing the Letter of Representation A statement of accounts prepared by an authority must JS Director & Committee Assurances JS be prepared in accordance with the Accounts & Audit Progress review of Annual Governance Statement AP Regulations; and use proper practices. Committee Work Programme PW
Committee Cycle & Deadlines Meeting Dates 30-Jul-19 24-Sep-19 26-Nov-19 11-Feb-20 20-Apr-20 TBC
Agenda Despatch DB 19/07/2019 13/09/2019 15/11/2019 31/01/2020 07/04/2020 tbc Final Reports ALL 18/07/2019 12/09/2019 14/11/2019 30/01/2020 06/04/2020 tbc Pre Committee Meeting Chair 12/07/2019 tbc Pre Agenda Meeting (Officer) JS tbc Draft Reports ALL tbc
134 of 134