TAYSIDE CONTRACTS JOINT COMMITTEE
Dundee City Council 21 City Square DUNDEE DD1 3BY
12th June, 2020
TO: ALL MEMBERS OF TAYSIDE CONTRACTS JOINT COMMITTEE
Dear Sir/Madam
You are requested to attend a MEETING of the TAYSIDE CONTRACTS JOINT COMMITTEE to be held remotely on Monday 22nd June 2020 at 10.00 am.
Members of the Press and Public wishing to join the meeting should contact Iain Waddell, Managing Director, Tayside Contracts on email [email protected] by Thursday 18th June 2020 at 5.00pm.
Please submit any apologies for absence to Willie Waddell, Committee Services Officer, on Telephone 01382 434228 or e-mail [email protected]
Yours faithfully
ROGER MENNIE
Clerk to the Joint Committee
Distribution:-
Angus Council Dundee City Council Perth and Kinross Council
Councillor Bob Myles Depute Lord Provost Bill Campbell Councillor Angus Forbes Councillor Gavin Nicol Bailie Christina Roberts Councillor Audrey Coates Councillor Angus MacMillan-Douglas Councillor Steven Rome Councillor Lewis Simpson Councillor Richard Moore Councillor George McIrvine Councillor Sheila McCole Councillor Beth Whiteside Councillor Margaret Richardson Councillor John Rebbeck Councillor Brenda Durno Councillor Philip Scott Councillor Mike Williamson
t:\documents\taycontractsjc\agenda and reports\2020\220620\tcjb220620ag pub.doc
2
AGENDA OF BUSINESS
1 APOLOGIES/SUBSTITUTIONS
2 DECLARATION OF INTEREST
Members are reminded that, in terms of The Councillors Code, it is their responsibility to make decisions about whether to declare an interest in any item on this agenda and whether to take part in any discussions or voting.
This will include all interests, whether or not entered on your Register of Interests, which would reasonably be regarded as so significant that they are likely to prejudice your discussion or decision- making.
3 MINUTE OF PREVIOUS MEETING - Page 1
The minute of meeting of the Tayside Contracts Joint Committee, held on 18th November, 2019 is submitted for approval. (Copy attached).
4 CHANGE OF CONVENERSHIP 2020/2021
It is reported that the term of office of Convenership held by Angus Council is at an end and the position of Convener is required to be filled by Perth and Kinross Council in terms of Clause 4 of the Minute of Agreement. The position of Convener would be filled by Councillor Angus Forbes.
The position of Vice Convener would be filled by Bailie Christina Roberts and the position of Vice Convener Elect would be filled by Councillor Gavin Nicol.
5 MEMBERSHIP – PERTH AND KINROSS COUNCIL
It is reported that at the meeting of Perth and Kinross Council held on 19th February, 2020, it was agreed that Councillor John Rebbeck replace Councillor Dave Doogan as a member of Tayside Contracts Joint Committee.
The Joint Committee is asked to note the change in membership as indicated.
6 POSITION OF MANAGING DIRECTOR – NOTIFICATION OF RETIREMENT AND RECRUITMENT OF SUCCESSOR
It is reported that the current Managing Director of Tayside Contracts, Mr Iain Waddell will retire on 31st October, 2020. Mr Waddell was appointed to this position in February 1996.
It is recommend that the Joint Committee agree:-
(i) to note that the current Managing Director will retire on 31st October, 2020;
(ii) to note that arrangements for the appointment of his successor are currently being established in accordance with the terms of Clause 12(1) of the Minute of Agreement; and
(iii) that delegated authority be given to the Clerk and Proper Officer in consultation with the Convener, Vice Convener and the Vice Convener–Elect and the Chief Executives of the constituent Councils to advertise, shortleet, interview and make appointment to the position of Managing Director of Tayside Contracts. 3
7 RESPONSE TO COVID 19 PANDEMIC - Page 5
(Report No JC6/2020 by the Managing Director, copy attached).
8 LOCAL CODE OF CORPORATE GOVERNANCE – ANNUAL REVIEW - Page 15
(Report No JC9/2020 by the Managing Director, copy attached).
9 ANNUAL REPORT AND ACCOUNTS FOR 2019/2020
(Report No JC8-2020 by the Managing Director, copy to follow).
10 BUSINESS PLAN ANNUAL UPDATE - Page 43
(Report No JC7/2020 by the Managing Director, copy attached).
11 AUDIT UPDATE - Page 57
(Report No JC5-2020 by the Managing Director, copy attached).
12 DATE OF NEXT MEETING
The next meeting of the Joint Committee will be held in Committee Room 1, 14 City Square, Dundee on Monday, 24th August, 2020 at 10.00 am.
The Joint Committee may resolve under Section 50(A)(4) of the Local Government (Scotland) Act 1973 that the press and public be excluded from the meeting for the undernoted items of business on the grounds that they involve the likely disclosure of exempt information as defined in paragraphs 6, 8, 9 and 10 of Part I of Schedule 7A of the Act.
13 REVENUE AND INVESTMENT BUDGETS 2020/21
14 ACCEPTANCE OF TENDERS OVER £25,000 FOR THE THREE MONTHS FROM 1ST JANUARY, 2020 – 31ST MARCH, 2020
15 FLEET PURCHASES 2020/21 PHASES 1 AND 2
1 ITEM No …3….……..
At a MEETING of the TAYSIDE CONTRACTS JOINT COMMITTEE held at Perth on 18th November, 2019.
Present:-
Representing Angus Council:-
Councillor Gavin Nicol Councillor Angus MacMillan-Douglas Councillor Richard Moore Councillor Beth Whiteside Councillor Brenda Durno
Representing Dundee City Council:-
Depute Lord Provost Bill Campbell Bailie Christina Roberts Councillor Steven Rome Councillor Margaret Richardson
Representing Perth and Kinross Council:-
Councillor John Duff (for Councillor Angus Forbes) Councillor Audrey Coates Councillor Anne Jarvis Councillor Dave Doogan Councillor Sheila McCole
Councillor Gavin Nicol, Convener, in the Chair.
I APOLOGIES/SUBSTITUTIONS
Apologies for absence were submitted on behalf of Councillor Bob Myles (Angus Council), Councillor George McIrvine (Dundee City Council), Councillor Philip Scott (Dundee City Council), Councillor Angus Forbes (Perth and Kinross Council) and Councillor Mike Williamson (Perth and Kinross Council).
II DECLARATIONS OF INTEREST
There were no declarations of interest.
III MINUTE OF PREVIOUS MEETING
The minute of meeting of the Tayside Contracts Joint Committee held on 26th August, 2019, was submitted and approved.
IV MEMBERSHIP- PERTH AND KINROSS COUNCIL
It was reported that at the meeting of Perth and Kinross Council held on 25th September, 2019, it was agreed that Councillor Anne Jarvis replace Councillor Lewis Simpson as a member of Tayside Contracts Joint Committee.
The Joint Committee agreed to note the change in membership as indicated.
V WORKLOAD REPORT
There was submitted Report No JC33-2019 by the Managing Director providing an update of the workload for the Facilities Services Division and Construction Division for the second quarter of 2019/2020, projections for the third and fourth quarters and details of the actions being taken in response to these workloads.
t:\documents\taycontractsjc\agenda and reports\2020\220620\181119min.doc 2 2
The Joint Committee agreed to note the contents of the report and that further detailed reports would be brought forward as necessary.
VI BUSINESS PLAN – 6 MONTHS UPDATE
There was submitted Report No JC34-2019 by the Managing Director providing the six months update of progress for 2019/2020 against the priorities, action plans and targets detailed in Tayside Contracts’ business plan for the period 2017 to 2020.
The Joint Committee agreed to approve the content of the report.
VII AUDIT UPDATE
There was submitted Report No JC35-2019 by the Managing Director providing an update on Internal Audit work carried out by the Internal Auditors, Wylie and Bisset, during the financial year 2019/2020.
It also provided an update on the status of the Internal Audit contract and a proposal for the following year.
The Joint Committee agreed:-
(i) to note the contents of the IT Security and the Purchasing and Payments audit reports, which were attached to the report as Appendices 1 and 2;
(ii) to approve the action plans within the reports; and
(iii) to approve the extension of the Internal Audit Contract for one year.
VIII ANNUAL PERFORMANCE REPORT 2018/2019
There was submitted Report No JC37-2019 by the Managing Director reporting that in order to comply with Section 13 (1) of the Local Government in Scotland Act 2003, Tayside Contracts was required to produce an Annual Performance Report. The 2018/2019 Annual Performance Report for Tayside Contracts which summarised performance against the values which underpinned and drove Tayside Contracts as an organisation: People; Performance; Partnership and Perception, was attached to the report as an appendix.
The Joint Committee agreed to note and approve the contents of the report.
IX SCHOOL MEALS REGULATIONS 2020 – IMPACT ASSESSMENT
There was submitted Report No JC38-2019 by the Managing Director appraising of the forthcoming Food and Drink in Schools (Scotland) Regulations 2020 and the strategy of implementing the requirements of the legislation.
The Joint Committee agreed to note the contents of the report and that further detailed reports would be brought forward as necessary.
X TAYSIDE MEALS PRODUCTION CENTRE – TAY CUISINE
Reference was made to Article IX of the minute of meeting of this Joint Committee of 18th March, 2019, wherein the Joint Committee was advised that all three constituent Councils had authorised Tayside Contracts to develop and implement a Tayside Meals Production Centre service delivery model operating from Tay Cuisine to provide primary school and Early Learning and Childcare meals throughout Tayside and community meals in Dundee. There was submitted Report No JC39-2019 by the Managing Director reporting that Perth and Kinross Council had subsequently decided to withdraw from the venture. The report advised of the impact of Perth and Kinross Council’s withdrawal and confirmed Angus and Dundee City Councils’ decision to continue to implement the Tayside Meals Production Centre without Perth and Kinross Council. 3 3
The Joint Committee agreed to note the contents of this report and, in particular, note that:-
(i) Whilst Perth and Kinross Council had withdrawn from the Tayside Meals Production Centre venture Angus and Dundee City Councils had subsequently confirmed that they would proceed as planned and had authorised Tayside Contracts to develop and implement the Tayside Meals Production Centre at Tay Cuisine to provide primary school and Early Learning and Childcare meals services for Angus and Dundee City Councils and a community meals service in Dundee only;
(ii) Angus and Dundee City Councils had authorised Tayside Contracts to borrow up to £1.9m from Dundee City Council’s Prudential Loans Fund for Tayside Contracts to make a capital investment of up to £1.5m in order to develop and implement the Tayside Meals Production Centre delivery model and £400k to fund other project costs (e.g. architects, other professional services, etc);
(iii) Some or all of the loan would be drawn down during the current financial year;
(iv) The Tayside Meals Production Centre Project remained on budget and on schedule to go live in August 2020, when the 1140 hours Early Learning and Childcare provision (and associated meals provision) became mandatory for Scottish Councils; and
(v) The estimated 400,000 Early Learning and Childcare meals in the Perth and Kinross Council area would be provided by existing production and distribution methods.
XI DATE OF NEXT MEETING
The Joint Committee agreed to note that the next meeting of the Joint Committee would be held in Committee Room 1, 14 City Square, Dundee on Monday, 16th March, 2020 at 10.00 am.
The Joint Committee resolved under Section 50(A)(4) of the Local Government (Scotland) Act 1973 that the press and public be excluded from the meeting for the undernoted items of business on the grounds that they involved the likely disclosure of exempt information as defined in paragraphs 6, 8 and 9 of Part I of Schedule 7A of the Act.
XII FINANCIAL OPERATING STATEMENT FOR THE 6 MONTHS TO 30TH SEPTEMBER, 2019
There was submitted Report No JC32-2019 by the Managing Director detailing Tayside Contracts’ financial performance for the six months to 30th September, 2019 in comparison against both the budget, and the same period for the previous year, and outlined the financial prospects for the remainder of the financial year.
The Joint Committee agreed to note the contents of the report.
XIII ACCEPTANCE OF TENDERS OVER £25,000 FOR THE THREE MONTHS FROM 1ST JULY, 2019 TO 30TH SEPTEMBER, 2019
There was submitted Report No JC31-2019 by the Managing Director covering acceptance of tenders over £25,000 for the three months from 1st July, 2019 to 30th September, 2019.
The Joint Committee agreed to note the ‘Works’ tenders accepted in terms of Standing Orders.
XIV FLEET PURCHASES 2019/2020 – PHASE 4
Reference was made to Article XII of the minute of meeting of this Joint Committee of 18th March, 2019, wherein the report on the report on the Revenue and Investment Budget 2019/2020 was approved.
4 4
There was submitted Report No JC36-2019 by the Managing Director detailing proposed 2019/2020 Phase 4 purchases of various fleet items, the estimated costs of which were included within the Revenue and Investment Budget 2019/2020, report number JC02/2019, which was approved by the Joint Committee at its meeting on 18th March, 2019.
The Joint Committee agreed:-
(i) to approve the purchases detailed in Appendix 1 of the report, and
(ii) to authorise the Managing Director to place orders subject to the successful tenders not exceeding 10% of the estimated figures; and
(iii) to authorise the Managing Director to place orders if the successful tenders exceeded 10% of the estimated figures after agreement by the Convener, Vice Convener and Vice Convener-Elect.
Gavin NICOL, Convener.
5
REPORT TO: TAYSIDE CONTRACTS JOINT COMMITTEE – 22 JUNE 2020
REPORT ON: RESPONSE TO COVID-19 PANDEMIC
REPORT BY: MANAGING DIRECTOR
REPORT NO: JC06/2020
1.0 PURPOSE OF REPORT
1.1 This report provides members with an update on Tayside Contracts response to the Coronavirus (COVID-19) pandemic and provides details to inform them of the steps being taken to recover, both operationally and financially, through the recovery plan which has been established. This report acknowledges that COVID-19 will have a significant ongoing impact on Tayside Contracts and the services it provides to the constituent Councils for a considerable period of time.
2.0 RECOMMENDATIONS
2.1 It is recommended that the Joint Committee:
a) Note the initial scale of the disruption caused by COVID-19.
b) Note that COVID-19 will have consequences for the services provided to the constituent Councils and the finances of Tayside Contracts over an extended period.
c) Note that significant revisions to the Business Plan and budgets will be required which will be the subject of further reports being brought to the Joint Committee in due course.
d) Note the steps being taken to recover, both financially and operationally and agree to further reports being brought forward as the position becomes clearer on the outcomes of the steps being taken.
3.0 FINANCIAL IMPLICATIONS
3.1 The financial outcomes of the COVID-19 pandemic have been extremely significant both in terms of the effect that the loss in income has had in the month of March 2020 on the 2019/20 financial performance of Tayside Contracts and on the initial months of the 2020/21 accounts.
3.2 The financial impact in 2020/21 will certainly last until the end of the financial year and into subsequent financial years but at this stage the scale of it is still unknown as the country is only starting to slowly come out of the lockdown process at the time of writing this report.
6
3.3 Steps have been put in place to reduce the costs of the organisation, as far as possible, as we try to understand what the new normal will be in terms of the services which the constituent Councils require Tayside Contracts to provide going forward.
3.4 It is not known, at this time, what the impact will be on Tayside Contracts services, income and employees until the constituent Councils have had a chance to reassess the implications on their budgets caused by the COVID-19 pandemic. Further reports will be brought forward once the position becomes clearer in the weeks and months ahead.
3.5 Tayside Contracts initial application under the HMRC administered Coronavirus Job Retention Scheme (CJRS) for the period 1 March 2020 to 10 June 2020 has been successful and a grant of circa £1.477 million has been received. Further claims will be made in accordance with the CJRS which has been extended to 31 October 2020, albeit in a revised format.
4.0 BACKGROUND
4.1 The UK Government took the unprecedented step, on Monday 23 March 2020, to effectively shut down the country, apart from a few defined key services to protect the capacity of the NHS from the effects of the COVID-19 pandemic. Fighting COVID- 19, protecting the vulnerable in our society and the capacity of the NHS became the Government’s priority.
4.2 The impact on Tayside Contracts was immediate with all our operations having to cease apart from providing initial limited cleaning services in the constituent Councils offices. This enabled the various emergency response teams to immediately commence operations.
4.3 All Tayside Contracts offices and depots were immediately shut and where possible employees who could work from home did so.
4.4 Unfortunately, work on converting Tay Cuisine to a cook-freeze facility was very close to being finished, with around three weeks still to be completed, but construction work had to stop due to it not being considered as ‘essential’ work.
5.0 INFORMATION
5.1 Communications
5.1.1 The speed of the UK Government’s instruction to close the country caught everyone by surprised and the need to communicate quickly with our workforce was paramount. Fortunately, we had been collecting the email addresses of some 2500 employees, over many months as we have been moving towards communicating with them by email as opposed to hard copy.
7
5.1.2 To keep our employees up to date with the Government guidance, which was being issued daily, in response to the spread of COVID-19 around the world, we started issuing an all employee communication from the Managing Director from 12 March 2020. This was emailed to all employees and published on the Tayside Contracts website. Each copy was also translated into Polish and Latvian due to the large number of employees that we have from these countries. These briefings have been prepared on a regular basis and have been very well received by our employees.
5.2 Trade Unions
5.2.1 Regular meetings have been held with trade unions through video calls as it was crucial that everything we were doing during this crisis had at its heart the health and wellbeing of our employees.
5.2.2 This collaborative approach enabled any issues to be resolved at the earliest opportunity and working closely with the trade unions was not only essential during the lockdown period but will be crucial as we move into the recovery phase.
5.3 Health and Safety
5.3.1 During this period we have been wholly committed to delivering key essential services to the constituent Councils and where possible to other parties. However, this was always contingent upon our ability to deliver these services without putting at risk the health and safety of our employees.
5.3.2 Generic risk assessments were undertaken in respect of COVID-19, the fundamental control measures of which were that adequate hand-washing facilities must be available and a minimum of 2 metres social distancing must be maintained whilst carrying out tasks.
5.3.3 Specific risk assessments for certain activities, such as the cleaning of areas where a COVID-19 case was suspected or had been confirmed were also produced.
5.3.4 In the case of cleaning buildings, when it was deemed necessary, additional personal protective equipment (PPE) was provided e.g. gloves, facemasks, etc.
5.3.5 Our COVID-19 risk assessments are guided by the advice of Health Protection Scotland and are reviewed daily. The Trade Unions were fully consulted through regular video conferencing and were satisfied with our risk assessments.
6.0 SERVICES PROVIDED
6.1 During the lockdown period the following services were generally provided to the constituent Councils. The level of services will increase as the lockdown restrictions are gradually relaxed by the Scottish Government.
8
6.2 School Meals Services 6.2.1 We delivered a range of school meals services, which differed in each of the Councils’ areas, due to their differing requirements: 6.2.2 Angus Council (AC) We did not provide any catering services in the Angus area. The way in which these services were provided was: a) Key Workers Children: Pupils whose parent(s)/guardian(s) were key workers who were attending school/hubs were required to bring their own packed lunches. b) Free School Meals: The parents/guardian(s) of children entitled to free school meals received direct payments or vouchers and Tayside Contracts was not required to deliver a free school meals service. 6.2.3 Dundee City Council (DCC) The way in which these services were provided was: a) Key Workers Children: Pupils whose parent(s)/guardian(s) were key workers who were attending school/hubs were provided with around 440 hot packed lunches daily by Tayside Contracts. b) Free School Meals: The parents/guardian(s) of children entitled to free school meals received vouchers or direct payments to their bank accounts. This meant that Tayside Contracts was not required to deliver a free school meals service. c) ‘Dundee Bairns’ Initiative: Tayside Contracts has been providing around 740 cold bagged meals daily as part of ‘Dundee Bairns’ Initiative. d) Targeted Vulnerable children: Tayside Contracts was also providing around 360 hot bagged meals daily to children who had been identified by DCC as particularly vulnerable. 6.2.4 Perth and Kinross Council (PKC) The way in which these services were provided was: a) Key Workers Children: Pupils whose parent(s)/guardian(s) were key workers who were attending school/hubs were provided with around 290 hot packed lunches daily by Tayside Contracts. b) Free School Meals: The parent(s)/guardian(s) of children entitled to free school meals received vouchers and Tayside Contracts was not required to deliver a free school meals service. 6.3 Community Meals Service 6.3.1 The community meals service, provided by Tayside Contracts in Dundee, was a top priority service and continued as normal throughout this crisis.
9
6.4 FM Services 6.4.1 Tayside Contracts provided janitorial and cleaning services in each Council Area (11 hubs in Angus and Dundee and 8 in Perth and Kinross) and to a limited number of non- education buildings in Dundee (6) and Perth and Kinross (15) and a significantly higher number in Angus (55). The difference in numbers was due to the different types and usage of properties that the constituent Councils have in their property portfolios and does not reflect a differing approach by them. 6.4.2 In addition, across all three Council areas, Facilities Assistants opened schools daily, undertaking various building checks and co-ordinating access arrangements for contractors and Councils’ staff. 6.4.3 There were three types of cleaning services which were carried out as required by the Councils which were: a) Clean 1 – standard clean but with greater emphasis on contact surfaces b) Clean 2 – to supplement a Clean 1 if required, an all-day continuous clean c) Clean 3 – deep clean specific to areas where there was a suspected case of Covid-19 using cleaning products, methods and correct PPE as advised by Health Protection Scotland. 6.4.4 To ensure that the workload was fairly spread out among employees, which also assisted in further protecting them, we implemented a cleaning rota system following agreement with the trade unions. 6.4.5 Whilst there was no need for a rota system for those employees providing janitorial services opportunities were taken to stand down some of the employees delivering these services for at least part of the day by using open and close protocol with “non- working time” being shared out equally where possible. 6.4.6 The School Crossing Patrol service was suspended in all areas. 6.5 Construction Division Service Provision (Operations, Street Lighting, Quarry and Transport)
6.5.1 Operations & Street Lighting 6.5.2 Within these two services, our collective agreement was to deliver the essential services (Priority Level 1) in accordance with the Councils’ Inspection and Defect Categorisation Manual as far as practicable. This was similar to the approach being adopted by all other Scottish Councils. In the main this involved two person crews working across the unit areas within normal working hours on a call out basis, attending to hazardous defects (potholes, electrical issues, diesel spills etc). This level of resource was amended depending on the situation and the level of demand.
6.5.3 Following the completion of formal inspections by clients’ partners there was a move to a more focussed approach to defect repairs across the Tayside area with hot surfacing material supplied from our Collace quarry.
10
6.5.4 During this period out of hours services were fully resourced and continued as normal. 6.5.5 Some employees made themselves available to assist with service provision across the three Councils’ areas and they were given appropriate training and familiarisation prior to mobilising. In addition, other services were being provided, and some examples of these were:
• Volunteers were made available to assist with refuse collection in Dundee, Perth & Kinross and Angus (HGV driving and collection) although they were not required.
• Vehicles (small panel vans) were provided to Angus Council waste collection service to assist with social distancing measures. This was also offered to Dundee and Perth & Kinross Councils.
6.6 Transport Services 6.6.1 The transport team continued to deliver the fleet maintenance service for Angus Council, predominately on the refuse collection vehicles whilst also maintaining key vehicles for Tayside Contracts. Although not part of the normal working arrangements, this service was also provided to Perth & Kinross Council.
7.0 FURLOUGHING OF EMPLOYEES
7.1 At the request of the constituent Councils we investigated if it was possible to furlough some of our employees who were not required for the delivery of key services under the Government’s Coronavirus Job Retention Scheme (CJRS).
7.2 The constituent Councils subsequently agreed to our proposed method of progressing this matter and the three Section 95 financial officers of the Councils agreed to the method used to calculate the numbers of employees to be furloughed.
7.3 To maximise the ability to back date any claim, all Tayside Contracts employees in the work groups not delivering key services in response to the COVID-19 crisis who could potentially be furloughed had been “stood down” from undertaking any other works for Tayside Contracts at as early a date as possible.
7.4 This matter of furloughing employees was discussed with the trade unions and a Memorandum of Understanding in relation to it was agreed with them.
7.5 Employees who are furloughed will be paid their full contractual pay whilst on furlough. HMRC pay a grant to Tayside Contracts of 80%, up to a maximum of £2,500 per month, for furloughed employees included in the claim with their pay being topped up with the remaining 20% for as long as they are furloughed. In the few cases of employees earning more than £2,500 per month, Tayside Contracts will pay the difference between what is received through the HMRC scheme and their contractual monthly pay.
11
7.6 Under the Managing Director’s delegated powers, after agreement with the Clerk and Proper Officer to the Joint Committee, an application HMRC to furlough 700 employees was made on 28 May 2020.
7.7 I am pleased to advise members that we were advised by HMRC on 1 June 2020 that our application, under the CJRS, was successful and that we have received a payment of £1.477 million for the period claimed. Further claims will be made on a four week cycle in accordance with the scheme and for as long as the regulations permit.
8.0 IMPLICATIONS
8.1 Even at this early stage we can anticipate that COVID-19 will significantly affect the services we provide to the constituent Councils, our financial wellbeing and the wellbeing of our employees. There will undoubtably be challenges as the constituent Councils will be forced to reconsider their budgets, which are facing severe pressures, but there will also be opportunities for some areas of Tayside Contracts operations e.g. enhanced cleaning requirements etc.
8.2 Tayside Contracts needs to put in place policies and strategies to be able to deal with all eventualities which will come out of the COVID-19 pandemic and to retain and extend the benefits which have been achieved in response to the pandemic.
8.3 Recovery Plan – Short Term
8.3.1 We are in the process of developing our corporate recovery plan for how we can move forward out of lockdown on a phased basis which will be supported by a number of operational ones that we are also in the process of developing based on the evolving guidance that is being issued by the Scottish and UK Governments. The corporate recovery plan focuses on two main strands going forward, which will be inextricably linked, and these are:
i) the health and wellbeing of our employees and
ii) the economic wellbeing of the organisation.
8.3.2 All the following issues covering the health and wellbeing need to be in place as part of Phase 1 of the recovery plan except for some of the policies and procedures which need to be developed as soon as practicable. 8.3.3 Health and Wellbeing of Employees 8.3.4 Working from home should now be the default position within Tayside Contracts where it is possible for employees to do so. This may not always be possible due to work requirements but it may be possible to work part of the week from home and part in the office. 8.3.5 Allied to working from home will have to be policies and procedures in place to cover many aspects off this change in approach including:
12
i) Management control of when and if employees are to be working from home ii) Measurement of productivity iii) Compliance with Display, Screen and Equipment (DSE) regulations and other health and safety requirements iv) Working from home can cause health issues e.g. concerns about isolation etc.
8.3.6 Meetings and training courses should have as their default position being undertaken by video conferencing. On the infrequent occasions when this cannot happen then all the social distancing rules etc must be complied with. 8.3.7 All depots, offices and workplaces will have to have, as part of Phase 1 of this rescue plan have layouts amended, screens for reception staff installed, maximum occupancy levels agreed, splitting up of key work groups, appropriate signage, adequate hand sanitisation stations etc. 8.3.8 Consideration will have to be given to limiting public access and access by employees not based in the buildings for the foreseeable future. 8.3.9 Enhanced cleaning of workstations, communal areas, toilets will have to be established along with employees being provided with cleaning materials to effectively sanitise and disinfect their own workstations at the start and end of each day. 8.3.10 Consideration also needs to be given to the introduction of temperature testing of employees before they commence work each day if this is feasible or deemed to be effective. 8.3.11 The wearing of PPE including masks will be determine through the risk assessment requirements for the duties being undertaken along with the advice and/or instruction from the Scottish Government. However, if an individual feels more comfortable wearing a face covering at work then they will be permitted to do so provided it is not offensive in design or may be deemed to be a health and safety risk for the work they are required to undertake. 9.0 FINANCIAL IMPACT
9.1 COVID-19 started impacting on Tayside Contracts at the beginning of March 2020 when parents became concerned about the possible dangers to their children and absence levels started to rise. The financial impact of this on Tayside Contracts primarily affected the Catering Unit when only 400,000 school meals were produced instead of the budgeted number of 650,000.
9.2 On 24 March 2020, when the UK Government put the country into lockdown all Tayside Contracts services immediately stopped, apart from some cleaning works to keep a small number of the constituent Councils key properties open.
9.3 This closure had an immediate and substantial impact on Tayside Contracts. It should be remembered that Tayside Contracts is an integral part of the constituent Councils. Unlike Councils’ departments, Tayside Contracts does not receive funding directly
13
from the Scottish Government, instead it receives its income for the services that it provides. Some 93% of Tayside Contracts income is generated from the services that it provides to the constituent Councils.
9.4 At the same time as these services stopped being provided, Tayside Contracts still had most of its cost base i.e. employees, depots and fixed overheads to pay. This is like the effect that COVID-19 was having on the constituent Council departments, which in some cases were not able to deliver some or all of their services and continued to have their fixed costs paid from Councils budgets.
9.5 As an interim measure, and to protect Tayside Contracts cashflow the constituent Councils agreed to fund the payment of Tayside Contracts fixed costs by using their existing budgets for catering, cleaning, road maintenance etc., much of which was not getting spent due to the suspension of works.
9.6 This payment, which was based on the projected Tayside Contracts draft 2020/21 revenue budget, amounts to approximately £4.5 million per month. This figure is expected to be refined downwards once a reconciliation between the projected budget costs and actual fixed costs can be undertaken. This figure will further reduce following the successful CJRS application to HMRC.
9.7 During the lockdown period Tayside Contracts has only been providing limited services as detailed in section 6 of this report with only minimal income being received for these which would be due over and above the fixed costs which are already being reimbursed.
9.8 There is no prospect in the short term of Tayside Contracts being able to survive on the income it can generate due to the restrictions on work, requirements of social distancing, the potential impact of the need for employees to isolate under the Scottish Government’s Test and Protect approach. Therefore, during the first phase of the recovery plan, as detailed in section 7 of this report, Tayside Contracts would need some ongoing support from its owners, the constituent Councils. The scale of this will be dependent on the speed of recovery from the current lockdown and restrictions that are put in place by the Scottish Government.
9.9 Tayside Contracts is taking all steps possible to reduce costs during this period of uncertainty.
9.10 Detailed assessment work is ongoing to assess the full financial implications for Tayside Contracts, which is a difficult process in such a period of uncertainty. The intention is to produce a revised revenue budget as soon as the full impact on the constituent Councils budgets from the COVID-19 crisis and the resulting impact that these will have on Tayside Contracts is known.
14
10.0 EQUALITIES ASSESSMENT
10.1 The issues considered within this report have, as required by legislation, been the subject of consideration from an equalities perspective.
10.2 An equalities impact assessment (EqIA) is not required.
11.0 CONSULTATIONS
11.1 The Clerk and the Proper Officer to the Joint Committee have been consulted on the preparation of this report.
12.0 BACKGROUND PAPERS
12.1 None.
Iain C Waddell Managing Director
15
REPORT TO: TAYSIDE CONTRACTS JOINT COMMITTEE – 22 JUNE 2020
REPORT ON: LOCAL CODE OF CORPORATE GOVERNANCE
REPORT BY: MANAGING DIRECTOR
REPORT NO: JC09/2020
1.0 PURPOSE OF REPORT
1.1 This report provides members with details of the review undertaken of Tayside Contracts Local Code of Corporate Governance, the proposed Annual Governance Statement for 2019/20 and the improvements made during 2019/20 in respect of Corporate Governance.
2.0 RECOMMENDATIONS
2.1 The Joint Committee is asked to:
a) Note that the Local Code of Corporate Governance has been reviewed and no amendments are required to be made.
b) Approve the Annual Governance Statement 2019/20 (Appendix 1).
c) Note the actions taken in respect of the Annual Governance Statement 2019/20 (Appendix 2).
3.0 FINANCIAL IMPLICATIONS
3.1 None.
4.0 BACKGROUND
4.1 The Joint Committee approved the Local Code of Corporate Governance at its meeting on 24 June 2019, report number JC11/2019 refers.
4.2 The Local Code of Corporate Governance is regularly reviewed on at least a five year cycle and updated more frequently as required through changes to legislation, recommended practice or operational necessity.
4.3 The Corporate Management Team review the Annual Governance Statement to ensure that all the evidence of Corporate Governance is still up to date, identify areas that require improvement and ensure that they agree on the evaluation score given to the areas being assessed.
16
4.4 There is an Annual Governance Statement within the Annual Report and Accounts which summarises the improvement activities which took place during the year as well as the activities that Tayside Contracts plan to carry out during the following financial year.
5.0 INFORMATION
5.1 The Local Code of Corporate Governance does not currently need amendment as there have been no changes to legislation, recommended practice or operational necessity.
5.2 In the Annual Governance Statement 2019/20, which is included as Appendix 1, a scoring mechanism was adopted to assess the detailed extent of Tayside Contracts compliance with the guidelines. The scoring mechanism suggests that Tayside Contracts is 87% fully compliant with the existing guidelines and 13% has minor areas for improvement. This is a positive position and meets our Business Plan objective of Improving our Corporate Governance standing in accordance with CIPFA/Solace ‘Delivering Good Governance in Local Government: Framework (2016)’.
5.3 The scoring mechanism is instrumental in arriving at the areas for improvement also identified in Appendix 1.
5.4 In the Annual Governance Statement 2019/20 which was approved by the Joint Committee at its meeting on 24 June 2019, report number JC11/2019 refers, there were areas identified as requiring improvement. These are detailed in Appendix 2 along with the status of each.
6.0 EQUALITIES ASSESSMENT
6.1 The issues considered within this report have, as required by legislation, been the subject of consideration from an equalities perspective.
6.2 An equalities impact assessment (EqIA) is not required.
7.0 CONSULTATIONS
7.1 The Clerk and the Proper Officer to the Joint Committee have been consulted on the preparation of this report.
8.0 BACKGROUND PAPERS
8.1 None.
Iain C Waddell Managing Director
17
Annual Governance Statement 2019-2020 - Self-Assessment Checklist As part of the assurance gathering process used to prepare the Annual Government Statement (AGS), a self assessment checklist to help inform the effectiveness of the system of internal control and wider corporate governance elements such as risk management within Tayside Contracts has been prepared.
For this year’s exercise the scoring system, which is detailed in the table below, has been reviewed and will be aligned to the framework used for the annual self-assessment of Tayside Contracts Local Code of Corporate Governance.
EVALUATION DEFINITION 4 Fully compliant 3 Mostly compliant (Minor areas for improvement) 2 Partially compliant (More significant areas for improvement) 1 Not compliant (Material areas for improvement)
Whilst the approach to completion of the checklist ultimately rests with the Managing Director it is important that the submission provides a comprehensive assessment of the current position and is supported by appropriate evidence. This exercise may result in the identification of areas for improvement. These should be detailed, where appropriate, in the schedules and taken forward within Tayside Contracts corporate and service improvement framework.
Name Iain C Waddell Date 1 June 2020
Signature Designation Managing Director
As a result of completion of this exercise I confirm that I am satisfied with the overall governance arrangements in my Yes X Tayside Contracts and that there is a satisfactory evidence base to support this opinion. In addition, I confirm that I will take appropriate steps during the 2020/21 financial year to further enhance the organisation's governance arrangements in No the areas identified for improvement. If no, please provide details
1 18 Appendix 1
1, 2, AREA TO BE ASSESSED EVIDENCE TO SUPPORT RESPONSE AREA(S) REQUIRING IMPROVEMENT 3 or 4
1. Service Planning and Performance Management
1.1 SMART objectives that are clearly linked to 4 • Corporate SMART objectives have been set Tayside Contracts strategic objectives and which link into the corporate improvement plan priorities have been set. and flow through into individual units’ service improvement plans.
1.2 Tayside Contracts give appropriate 3 • There is a Business Plan for the period 2017- • Due to the ongoing COVID-19 crisis and the consideration to its longer term plans and how 20 which was approved by the Joint Committee implications arising from this, the work on the objectives / anticipated outcomes within on 26 June 2017. A new business plan was the new business plan has been deferred. A these plans will be funded. due to go to the March 2020 Joint Committee report is going to the June Joint Committee for the period 2020-25. meeting to extend the current business plan until 31 March 2021. • Annual revenue and capital investment budgets are approved by the Joint Committee • The 2020-21 Annual Revenue and Capital annually apart from the most recent budget due Investment Budget will now be re-submitted to the meeting on 16 March 2020 being to the Joint Committee meeting on 22 June cancelled due to COVID-19. 2020. • At each meeting of the Joint Committee relevant financial monitoring information is provided against these plans. 1.3 Key stakeholders are consulted prior to 4 • A Governance and Strategy Group (GSG) developing and setting Tayside Contracts comprising of Tayside Contracts Executive objectives and consultation results are Officers Team (EOT) and a senior officer of published. Regular feedback is obtained from each of the three constituent Councils is in stakeholders. place to monitor progress against the strategic objectives of the business plan and ensure that it and other actions of the EOT reflect the needs of their Councils. • The trade unions have been kept appraised on the programme of addressing the key issues within the business plan and are kept involved on a quarterly basis of proposed changes to priorities and objectives. In addition, there are formal quarterly consultation arrangements in place.
2 19 Appendix 1
• The various partnering objectives were developed in consultation with our clients in the constituent Councils. • When changes to methods of service delivery are being considered e.g. janitorial and school crossing patrol services then representatives of the services involved from the constituent Councils are involved in the various project teams. • Pupil Councils are consulted in changes to school menus and changes to aspects of service delivery. 1.4 Tayside Contracts objectives are converted into 4 • The objectives within the business plan have key performance measures with associated been converted into annual improvement progress, performance targets, and areas targets through the corporate improvement requiring improvement being reported to plan. stakeholders, including the Tayside Contracts • These are communicated to the Joint Joint Committee, staff and Tayside Contracts Committee both through the six months update users. and the annual review of the business plan performance which incorporates the corporate improvement plan for the next year. • The GSG which incorporates our client officers i.e. customers also monitor progress against the agreed corporate improvement plan on a quarterly basis. • An annual performance report is prepared and after approval by the Joint Committee is made available to the public through being published on our website. The most recent being approved by the Joint Committee on 18 November 2019. • APSE performance benchmarking is used to compare performance with other public bodies where appropriate. 1.5 Regular relevant, reliable and timely 4 • A review of the service improvement plans and management reports on progress against key the corporate improvement plan are prepared performance measures are received from quarterly. Any corrective action which is Service Managers, which holds the relevant required is put in place. Directions, Instructions and guidance for their completion, so that areas for improvement can 3 20 Appendix 1
be identified and corrective action taken where • The corporate improvement plan is monitored necessary. quarterly by the GSG and reported to the Joint Committee every six months.
1.6 Tayside Contracts objectives, corresponding 4 • Each unit within Tayside Contracts has a • These have been delayed for 2020/21 until resource implications, and plans for achieving service improvement plan which ties into the the impact of COVID-19 is fully understood. each objective that are communicated to staff aims and objectives of the business plan. regularly. In addition, this information is • This service improvement plan is developed by reported to the CMT on a quarterly basis. the relevant operational and senior managers. • All service improvement plans are reported quarterly to the Executive Officer Team (EOT) and go through an annual update.
Service Planning and Performance Management 1 2 3 4 TOTAL
Summary of Number of Evaluations 2 4 6
Have there been any significant / critical events relating to Service Planning and Performance Changes to working practices due to COVID-19 has prevented the budget being Management during the financial year? If yes, please approved and the business plan progressing. provide details.
Are there any examples of best practice (or exceeding best practice) in Tayside Contracts that could be
shared with other Services? If yes, please provide details.
Links to relevant Tayside Contracts Policies, Procedures and Guidelines:
Tayside Contracts Business Plan
Links to relevant best practice governance documents:
CIPFA Delivering Good Governance
4 21 Appendix 1
1, 2, AREA TO BE ASSESSED EVIDENCE TO SUPPORT RESPONSE AREA(S) REQUIRING IMPROVEMENT 3 or 4
2. Internal Control Environment
2.1 Relevant staff within Tayside Contracts are aware of and understand the contents and specific responsibilities of key Tayside Contracts policies and guidance including those listed below: a) Standing Orders of Tayside Contracts and 4 • All key Tayside Contracts documents including the Financial Regulations, including these listed in 2.1 are available to all relevant Procurement Strategy. staff on the Tayside Contracts intranet and on the internet. • Where appropriate separate guidance documentation is also made available on Ti e.g. procurement guidance. • The Financial Regulations (approved at the June 2018 Joint Committee meeting) are on the intranet along with the Procurement Strategy. b) Our employee related matters and policies 4 • Regular scheduled liaison meetings take place including: between managers from HR and Facilities • Effective Human Resources policies Services Division/Construction Division, as • Due to the large number of Polish • Employee Charter appropriate, to discuss application of policies employees we have all employment • Employee Code of Conduct and other relevant information. policies will gradually be added to the • Equality and Diversity policy • Employee Advisory Notes are sent out to all internet in Polish in written and then into • Performance at Work policy 2400+ employees as and when employment audio formats. Work is progressing well on • Leadership and Management policies are significantly amended or new this. Development Strategy policies introduced. • Whistleblowing (Confidential • All Tayside Contracts employment policies are disclosure of information) policy available to employees on the intranet. • All employment policies are also available on our website and audio versions are also available. • Management Guide Training is provided to managers/supervisors on the key employment policies.
5 22 Appendix 1
• New and revised employment policies are discussed and consulted on at our CMT, SMT and JCC meetings.
c) Local Code of Corporate Governance 4 • This is in place and displayed on our web site within the Joint Committee section. d) Recruitment and Selection 4 • There is a Recruitment and Selection policy on our web site.
• Managers/supervisors involved in recruitment are provided with Management Guide Training. e) Information Governance: 4 • The Information Governance Strategy was • Data Protection policy approved in 2018/19. • Information Governance Strategy • IT Security Policy • The Data Protection Policy was updated in early • Data Protection Legislation, including 2018/19 to incorporate GDPR requirements. the Data Protection Act 2018 & General Data Protection Regulation • Tayside Contracts had confirmation from the (GDPR) Office of the Scottish Information Commissioner • Freedom of Information (FoI) that we are not covered by the Freedom of • Information Sharing Protocols Information (Scotland) Act 2002. Tayside • Restricting Access to physical Contracts remains committed to the locations & electronic records underpinning principles of the Act, of improving access to information by the public with the aim of delivering greater openness and transparency. As such, Tayside Contracts will attempt to respond to requests for information wherever possible, applying the same exemptions and within the same timescales as if the Act did apply.
f) Communications Strategy 3 • The Communications Strategy 2018-20 • This is currently being reviewed and will be improves the knowledge of policies, procedures an updated version produced later in 2020. and notes for guidance across the organisation.
6 23 Appendix 1
g) Information Communication Technology: 4 • The IT Security Policy was reviewed in January • IT Security Policy 2019. • Internet and E-mail use Policy • The Internet and Email use policy was updated in early 2018/19.
2.2 a) Relevant staff within Tayside Contracts 4 • The Occupational Health and Safety Policy and are aware of and understand their all of our Safe Working Arrangements are responsibilities under key Tayside available on Tayside Contracts intranet. Contracts policies covering Health & Safety Legislation and Regulations. • New/revised H&S policies and SWA’s are discussed and disseminated via our Safety Steering Groups, toolbox talks and chargehand/cooks in charges meetings.
b) Tayside Contracts communicates the 4 • All Risk Assessments are available on Tayside relevant Risk Controls identified in Risk Contracts intranet. Assessments to all staff that are exposed to the risk. • New/revised risk assessments are discussed and disseminated toolbox talks and chargehand/cooks in charge meetings.
c) Tayside Contracts files every approved 4 • All Risk Assessment are available on Tayside Risk Assessment in an internally available Contracts intranet. folder.
2.3 For the key processes it is responsible for, 3 • User guides are available for all the financial • Continuing work is being undertaken to Tayside Contracts has compiled operational systems modules and these include admin ensure that all operational procedures procedures, guidance and administrative instructions and procedures. throughout the organisation are covered. instructions. • A wide array of other operational procedures, guidance and administrative instructions are in place covering all key activities. 2.4 Staff within Tayside Contracts are aware of 3 • All employees are issued with Statement of • Training has been completed for all relevant other relevant policies, procedures, guidance Employment Particulars when they commence staff that need to be aware of the and administrative instructions that are employment which details key policies and requirements of GDPR and implement the necessary for discharging their duties. where these can be obtained. necessary changes to ensure full compliance with the regulation.
7 24 Appendix 1
• All employees are aware of all policies • A further session is being arranged to procedures, guidance and administrative capture all new starts since the previous instructions through the induction process, training was carried out. ongoing training and the effective
dissemination of any new or revised policies procedures, guidance and administrative instructions. • This is currently being updated to reflect the • Our induction process uses technology (go- change in technologies available. animate) to get over all the relevant information.
• Relevant staff are receiving training to be aware of the requirements of GDPR and to implement the necessary changes to ensure full compliance with the regulation.
2.5 The key computerised systems used within 4 • Current key computerised systems are • As part of continuous improvement, we Tayside Contracts are fit for purpose. provided by third parties and are fit for purpose. continue to review and seek improved • We are continually looking at other systems to means of processing data and providing determine whether or not we can improve information. paper based or spread sheet based systems. • Final roll out of electronic purchase ordering • Further roll out of electronic purchase ordering during 2020/21. took place to enhance use of system. .
2.6 Tayside Contracts has a clear methodology for 4 • Business cases for system developments, identifying and prioritising required system enhancements or new equipment are developments and enhancements. considered by the CMT on the recommendation of the Senior Management Team (SMT) and/or the IT Manager. The CMT is responsible for the consideration, evaluation and prioritisation of any bids for new systems or upgrades to existing systems. • Clear processes are in place and staff identified to test and implement upgrades to systems provided by third parties to Tayside Contracts. • An IT users’ group, consisting of the SMT members is established to capture ideas 8 25 Appendix 1
associated with changing technology and the way in which it is used. This is a regular agenda item on the SMT meetings throughout the year.
2.7 Access levels and permissions (including for 4 • Access levels are set up based on the role that super users) within Tayside Contracts key the person needs to perform within the systems are reviewed regularly for organisation. appropriateness. • Access and permissions to all Tayside Contracts systems are regularly reviewed to ensure appropriateness and data security.
2.8 Tayside Contracts structure and reporting 4 • Reporting lines are clearly documented for all • This is now displayed on the Tayside lines are periodically reviewed to ensure it is units within Tayside Contracts and Contracts intranet site. best placed to deliver corporate and service communicated to and understood by all staff. level objectives as well as supporting succession planning and is understood by all • As a commercial trading organisation it is staff. essential that we regularly review the structure to ensure that it is fit for purpose. This is instigated as and when necessary by the CMT.
2.9 Tayside Contracts utilises formal induction and 4 • A formal induction and employee development
employee development processes, including process is well established tailored to the
employee performance and development differing requirements of the units within Tayside
review, where training and development needs Contracts, including “Go Animate” technology
are identified, in order to ensure staff have the which was updated during 2018/19.
knowledge and skills necessary to perform • All employees go through a training and needs their jobs. appraisal process called Tay Review. This is
undertaken on an annual basis for managers, supervisors and office based staff, grade 7 and above, and on a rolling yearly/three year process for front line based staff. Included in this process for managers and supervisors is an element of performance review. 2.10 Tayside Contracts has procedures in place for 4 • We have a Code of Conduct which can be found staff to formally notify senior management of a on the Intranet and Website. personal interest that could result in a potential • Contained within employee’s SEPs and the conflict of interest in their work. drivers handbook which goes out to all drivers and potential drivers of Tayside Contracts vehicles is a clear statement which covers “Other Employment”. This states that anyone 9 26 Appendix 1
wishing to take up other work must get authorisation from the Managing Director. 2.11 Tayside Contracts routinely advises Internal 4 • Any significant changes to working practices Audit about any new or significantly changed which are reported to and approved by the Joint working practices and systems. Committee are also made available to internal audit as they get a copy of all reports and are entitled to attend. • Any revised or new working practices approved by the CMT are not specifically advised to internal audit. However, this would be routinely covered by the Head of Financial Services and Internal Audit prior to any audit work commencing which could be affected by the changes.
2.12 Tayside Contracts adheres to the requirement 4 • All internal audit and external audit reports are to review all reports relating to it that have reviewed by the CMT. Action plans are put in been issued by Internal Audit, External Audit, place to address any identified areas of the Accounts Commission and any other third improvement. party inspection and scrutiny body and • All internal and external audit reports are procedures are in place to ensure that the reported to the Joint Committee. recommendations contained within these reports are reported to committee and are • To date no Accounts Commission or third party implemented within the agreed timeframes. reports have been received.
Internal Control Environment 1 2 3 4 TOTAL
Summary of Number of Evaluations 3 17 20
Have there been any significant / critical events relating to the Internal Control Environment during the financial year? If yes, please provide details
Are there any examples of best practice (or exceeding best practice) in Tayside Contracts that could be
shared with other Services? If yes, please provide details. 10 27 Appendix 1
Links to relevant Tayside Contracts Policies, Procedures and Guidelines:
Standing Orders Financial Regulations Corporate Procurement Strategy Tayside Procurement Consortium Health & Safety Plans Data Protection and Freedom of Information policies Equality and Diversity Policy
Links to relevant best practice governance documents:
Information Commissioner’s Office (ICO): https://ico.org.uk/ ICO Guide to Data Protection: https://ico.org.uk/for-organisations/guide-to-data-protection/ and ICO Guide to GDPR: Guide to the General Data Protection Regulation Scottish Information Commissioner: http://www.itspublicknowledge.info/home/ScottishInformationCommissioner.aspx Records Retention Schedules from Scottish Council on Archives: http://www.scottisharchives.org.uk/scarrs/schedules Freedom of Information Act Data Protection Act Commissioner for Ethical Standards in Public Life in Scotland The Standards Commission for Scotland Code of Ethics for Public Managers - Consultation (Solace, 2015) Model Publication Scheme Monitoring Report 2018 (Scottish Information Commissioner, 2018) Health & Safety Executive’s Guidance: HSE Guidance Safeguarding Public Money: Are you getting it right? (Audit Scotland, 2019) Equality and Human Rights Commission's Public Sector Advice and Guidance
1, 2, AREA TO BE ASSESSED EVIDENCE TO SUPPORT RESPONSE AREA(S) REQUIRING IMPROVEMENT 3 or 4
3. Fraud Prevention and Detection
3.1 Staff within Tayside Contracts are aware of 4 • Regular scheduled liaison meetings take place . Tayside Contracts Anti-Fraud and Corruption between managers from HR and Facilities Framework including: Services Division/Construction Division, as appropriate, to discuss application of policies • Fraud Policy and other relevant information. • Whistleblowing (Disclosure of Information) Policy • Employee Advisory Notes are sent out to all 2400+ employees as and when employment • Register of Interest procedures 11 28 Appendix 1
• Gifts and Hospitality Register policies are significantly amended or new • Anti-Bribery and Anti-Corruption Policy policies introduced. • National Fraud Initiative (NFI) • All Tayside Contracts employment policies are available to employees on the Intranet. • All employment policies are also available on our website and audio versions are also available. • Management Guide Training is provided to managers/supervisors on the key employment policies. • New and revised employment policies are discussed and consulted on at our CMT, SMT and JCC meetings. • Tayside Contracts participate in the NFI and investigate any potential fraudulent transactions notified to them and report to the Joint Committee annually on the outcomes. 3.2 Staff within Tayside Contracts are aware that 4 • Tayside Contracts does not have a Corporate there is a Corporate Fraud Team and know how Fraud Team, however they have a Fraud and when to contact them. Investigation Team, as detailed in the Fraud Policy.
• All staff are aware that, in the event of suspected fraud, they should contact the Head of Financial Services.
3.3 Staff within Tayside Contracts are aware that all 4 • All cases of suspected fraud are reported to irregularities require to be reported to the internal audit by the Head of Financial Services. Internal Audit and know how to do this and when • The outcomes of all internal investigations are to report them. reported to the Head of Financial Services as per the Financial Regulations. • If appropriate these are reported to the police if necessary. • There were no such cases in 2019/20 within Tayside Contracts, though a well devised fraudulent attempt was made at obtaining money from Tayside Contracts.
12 29 Appendix 1
3.4 Key staff within Tayside Contracts assist in the 4 • Investigations are routinely conducted as and National Fraud Initiative (NFI) exercise through when the need for investigations has been investigation of matches as required. identified.
• Either a section is added into the yearly audit review report or a separate report is provided to the June Joint Committee detailing any necessary actions taken.
• Procedures were reviewed to ensure the right staff are carrying out the tasks during 2019/20.
3.5 Key staff within Tayside Contracts complete 4 • The Hospitality and Gifts Policy is available on Register of Interest forms and declare Gifts and the Intranet and Website. Hospitality in line with Tayside Contracts procedures.
3.6 Staff within Tayside Contracts are aware of 4 • Relevant staff are aware of the Anti-Money Tayside Contracts Anti-Money Laundering Laundering Policy and Anti-Money Laundering Policy and Anti-Money Laundering Guidance Guidance and Reporting Procedures. and Reporting Procedures as well as their responsibilities in relation to Anti-Money • Due to the nature of Tayside Contracts business Laundering. there is very little scope for Money Laundering.
3.7 Staff within Tayside Contracts know how and • As part of the Anti-Money Laundering Policy when to report any concerns and how to protect appropriate staff have the relevant information themselves and Tayside Contracts from the as to how/when to contact the National Crime threat of serious organised crime. Agency.
• An Anti-Money Laundering Procedure and Reporting was introduced along with the Policy in February 2018.
• Training was given to the areas of the business that were susceptible to any of the money laundering processes.
13 30 Appendix 1
Fraud Prevention and Detection 1 2 3 4 TOTAL
Summary of Number of Evaluations 7 7
Have there been any significant / critical events relating to Fraud Prevention and Detection during the financial year? If yes, please provide details.
Are there any examples of best practice (or exceeding best practice) in Tayside Contracts that could be
shared with other Services? If yes, please provide details.
Links to relevant Tayside Contracts Policies, Procedures and Guidelines:
Internal Audit Annual Report 2019/20 Whistle-blowing Policy (also known as Disclosure of Information) Fraud Policy Anti-Money Laundering Policy Anti-Bribery and Anti-Corruption Policy
Links to relevant best practice governance documents:
National Fraud Initiative: National Fraud Initiative Code of Practice on Managing the Risk of Fraud and Corruption (CIPFA, 2014) From Bolt-on to Built-in: Managing Risk as an Integral Part of Managing an Organization (IFAC, 2015) Code of Practice on Managing the Risk of Fraud and Corruption (CIPFA, 2014) Statement on the Role of the Head of Internal Audit (CIPFA, 2010) Following the Public Pound (Audit Scotland, 2004) Spotting the Signs of Serious Organised Crime (Police Scotland, 2019)
14 31 Appendix 1
1, 2, AREA TO BE ASSESSED EVIDENCE TO SUPPORT RESPONSE AREA(S) REQUIRING IMPROVEMENT 3 or 4
4. Budgeting, Accounting and Financial Control
4.1 The relevant staff within Tayside Contracts 4 • Tayside Contracts is a member of the Tayside understand and follow the procedures and Procurement Consortium and complies with the guidance on procurement to help achieve Best procedures they have in place. Value and comply with Procurement Legislation • Procedures and guidance are in place in terms and Tayside Contracts Procurement Strategy. of procurement and Tayside Contracts has a In addition all tenders and quick quotes are dealt Procurement Manager and staff responsible for with by the Procurement Team. procurement. When contracts are to be tendered they advise and support managers in the process to be followed. • Tayside Contracts is involved in the annual Procurement Competence Assessment which includes the identification of any improvement actions. • Spikes Cavell data is submitted quarterly which gives information on contract compliance. • There is a Tayside Contracts Procurement Strategy 2017-20 which is currently being updated. • Further procurement guidance notes were developed to aid compliance with the new legislation entitled “The Public Contracts (Scotland) Regulations 2015 and The Procurement (Scotland) Regulations (2016)”. 4.2 Tayside Contracts has clearly defined 4 • Individual financial monitoring meetings are held responsibilities for budgetary control and has for the two trading account Divisions i.e. procedures in place to regularly monitor Construction and Facilities services which are Revenue and Capital Budgets and investigate chaired by the respective CMT member heading and report significant variances so that the Division or a suitable depute. In attendance corrective action can be taken where possible. are the unit managers and the accountant responsible for the relevant Division. • In addition to this, financial monitoring also takes place monthly by the CMT. • Quarterly a financial operating report is presented to the members of the Joint 15 32 Appendix 1
Committee which provides all the relevant monitoring information against budgets and the previous year as well as projections to the end of the year.
4.3 Revenue and Capital Budgets are standing 4 • Financial monitoring is a standard item on CMT Agenda Items that are discussed at Tayside agenda of the monthly meetings and a report is Contracts Corporate Management Team prepared which details variance against budget meeting. and the previous year. • The Head of Financial Services is a member of CMT.
4.4 Tayside Contracts has controls in place to 4 • All projects are given job codes so that ensure that resources are properly applied to the monitoring can be done down to job level. intended activities, e.g. Contracts require close monitoring to ensure that project objectives are • Monitoring of project performance and resource met. utilisation is routinely undertaken.
4.5 Tayside Contracts has procedures in place to 4 • The CMT, on a monthly basis, undertakes all regularly monitor, discuss and update Longer aspects of financial monitoring including revenue Term Revenue and Capital Budgets on a rolling and capital expenditure. Consideration is also basis. given to any future expenditure requirements.
• The annual budgetary process includes the consideration of both short and long term expenditure needs to meet the requirements of the business plan objectives including all known changes in expected future work activities.
Budgeting, Accounting and Financial Control 1 2 3 4 TOTAL
Summary of Number of Evaluations 5 5
16 33 Appendix 1
Have there been any significant / critical events relating to Budgeting, Accounting and Financial Control during the financial year? If yes, please provide details.
Are there any examples of best practice (or exceeding best practice) in Tayside Contracts that could be
shared with other Services? If yes, please provide details.
Links to relevant Tayside Contracts Policies, Procedures and Guidelines:
Revenue Budget 2020-21 Audited Annual Accounts 2018/19
Links to relevant best practice governance documents:
The Role of the Chief Financial Officer in Local Government (CIPFA, 2016)
1, 2, AREA TO BE ASSESSED EVIDENCE TO SUPPORT RESPONSE AREA(S) REQUIRING IMPROVEMENT 3 or 4
5. Risk Management and Business Continuity
5.1 Tayside Contracts has an up-to-date Risk 4 • A Corporate risk register is in place for the life of Register that has been compiled utilising the business plan. This is a live document which Tayside Contracts 5x5 matrix for likelihood x is added to as and when new risks are identified. impact and is recorded and managed on the • The corporate risks were re-presented as per the Covalent system. new Risk Management Strategy at the June 2018 Joint Committee.
5.2 The risks, scores and internal controls on 4 • Quarterly reviews undertaken by the EOT along Tayside Contracts Risk Register are reviewed with a full annual review. on a regular basis by management and risk • The corporate risk register is also reviewed management is a standing agenda item at quarterly by the Governance and Strategy Group Management Team meetings. (GSG) and reported to the Joint Committee as part of the six monthly reviews.
17 34 Appendix 1
• The risks which are above the set threshold are then transferred to the corporate improvement plan which details how they will be managed.
5.3 Staff within Tayside Contracts have been 4 • There is a Risk Management Strategy which trained on their specific responsibilities, and are details the key roles. aware of Tayside Contracts corporate risks, corporate risk management policy and strategy • Risk management training was carried out in • Refresher training will be undertaken during (including risk appetite) and corporate risk May 2017 to a wide range of managers to help 2020. management improvement plan. embed risk management across the organisation.
5.4 Tayside Contracts appraises the potential risks 4 • As new corporate risks are identified they are associated with new activities or key projects as added to the corporate risk register and the part of the decision making process. The corporate improvement plan as appropriate. appraisal and decision making processes are transparent and project risk registers are • Risk registers are maintained for any key/large maintained in the shared drives for all key / scale projects. larger scale projects.
5.5 Tayside Contracts has identified its business 4 • There is a revised and updated IT Business • Testing is an ongoing task. critical systems and determined how quickly Continuity and Disaster Recovery Plan they would need to be up and running again submitted to CMT. following a disaster / incident. • Testing of this has been done during year and recorded within the plan.
5.6 Tayside Contracts IT service are aware of what 4 • Key systems e.g. IT and financial systems have its critical systems are so that appropriate back individual continuity plans in place. up arrangements can be put in place. • All critical systems are regularly backed up and replicated across the network and are covered in the revised BC and DR Plan above.
• A change to a cloud hosted service for the finance system (Integra) was carried out during
18 35 Appendix 1
2018/19 and is an improvement on previous in- house backup and DR capabilities.
5.7 Tayside Contracts has formal Business 4 • Key business critical systems have individual • This has been completed. Continuity Plans in place for its critical business continuity plans in place. systems and they are reviewed regularly.
5.8 The Business Continuity Plans are regularly 3 • As Tayside Contracts is in the main a provider of • These can only be fully tested as part of tests tested and results used to continuously improve services to the constituent Councils we are part by the constituent Councils. COVID-19 has arrangements. of their testing process exercises. demonstrated how well Tayside Contracts is prepared.
5.9 All staff within Tayside Contracts have an 3 • All key staff are aware of their specific • This has been completed for senior awareness of Tayside Contracts Business responsibilities. managers. There will be further training for Continuity Plans and key staff have received middle managers and supervisors. training on their specific responsibilities.
Risk Management and Business Continuity 1 2 3 4 TOTAL
Summary of Number of Evaluations 2 7 9
Have there been any significant / critical events relating to Risk Management and Business Continuity during COVID-19 the financial year? If yes, please provide details.
Are there any examples of best practice (or exceeding best practice) in Tayside Contracts that could be
shared with other Services? If yes, please provide details.
Links to relevant Tayside Contracts Policies, Procedures and Guidelines: 19 36 Appendix 1
Risk Management Strategy Business Continuity Management Risk Register
Links to relevant best practice governance documents:
Continuing Professional Development website: CPD - Key Elements of a Project Risk Register Template
1, 2, AREA TO BE ASSESSED EVIDENCE TO SUPPORT RESPONSE AREA(S) REQUIRING IMPROVEMENT 3 or 4
6. Asset Management
6.1 Key members of staff within Tayside Contracts 4 • At Tayside Contracts there is a small number of are aware of their responsibilities in relation to staff involved in the procurement of such items, Tayside Contracts Financial Regulations, and all of them are aware of the reporting which state that Tayside Contracts should requirements. maintain an inventory of all significant furniture and fittings, vehicles, plant and equipment and • There is an Asset Register in the finance ICT equipment and this is carried out. system and we also have a list within Fleetwave, our fleet management system.
6.2 Tayside Contracts has an asset management 4 • No such policy exists as in line with 6.1 above policy and corresponding operational as it is limited to a small number of key procedures in place and they are complied individuals who are aware of Tayside Contracts with. The procedures also include information procurement procedures. This is not on the procurement of assets, which is aligned considered to be necessary. to the Tayside Contracts corporate procurement procedures.
6.3 Tayside Contracts maintains satisfactory 4 • In depots there is physical security by means of working practices to ensure assets under its CCTV. control are safeguarded including: • Asset tagging and registration is in place. • Regular physical inspections of assets and • Stock control and periodic physical stock evidence held to support these inspections checks are undertaken and annually a stock take is attended by External Audit. 20 37 Appendix 1
• Ensuring the security of portable and • Internal audits reviews undertaken and reported desirable assets periodically on stock. • Appropriate repairs, maintenance and testing of assets • The Fixed Asset Module of the financial system • Appropriate arrangements in place for the is used for controlling assets. disposal (whether resale, recycling, sale to • A full asset check was carried out in April 2017 staff, discarding etc.) of different asset when all Fleet assets were physically checked. types that ensure compliance with Tayside We also have GPS fitted to all vehicles and Contracts policy and appropriate most of our larger and ‘vulnerable’ plant. It is legislation. considered that these measures ensure that adequate management exists.
Asset Management 1 2 3 4 TOTAL
Summary of Number of Evaluations 3 3
Have there been any significant / critical events relating to Asset Management during the financial year? If yes, please provide details.
Are there any examples of best practice (or exceeding best practice) in Tayside Contracts that could be
shared with other Services? If yes, please provide details.
Links to relevant Tayside Contracts Policies, Procedures and Guidelines:
Links to relevant best practice governance documents:
Health & Safety Executive, WEEE Guidance: Waste Electrical & Electronic Equipment Recycling Environmental Protection Act 1990: Government Legislation EPA 1990 SEPA Landfill Regulations: Landfill Regulations
21 38 Appendix 1
1, 2, AREA TO BE ASSESSED EVIDENCE TO SUPPORT RESPONSE AREA(S) REQUIRING IMPROVEMENT 3 or 4
7. Partnerships
7.1 Tayside Contracts has sufficient Internal Controls and adequate arrangements in place to ensure that there are efficient and effective governance arrangements in place for partnerships that include:
a) Signed formal Partnership Agreements, 4 • All partnerships have a signed partnership Contracts or Service Level Agreements, agreement in place. with detailed specification. • We have a Fleet Partnership agreement with Angus Council {entitled ‘Fleet Management Agreement}. • We also have a Fleet Maintenance agreement as required by the Traffic Commissioner. b) Roles and responsibilities are assigned to 4 • Roles and responsibilities are clearly known at key individuals &/or teams. Tayside Contracts.
c) Key contacts within each of the partner 4 • All partnership managers’ report to a organisations have been established and partnership board consisting of senior agreed. managers from the partnering bodies who are responsible for all aspects of delivery of the partnerships including governance. d) Performance Measures have been set and 4 • All partnerships are treated within Tayside agreed and Monitoring and Reporting Contracts as works units which go through the arrangements are in place and are same monthly financial and operational adhered to. monitoring management reviews as all other works units. • Financial performance is considered monthly by the CMT along with all the other units within Tayside Contracts.
• Operational KPIs are in place for the various partnerships.
22 39 Appendix 1
e) Arbitration and ‘Get-out’ arrangements are 4 • These are contained within all the partnering in place and have been agreed. agreements.
Partnerships 1 2 3 4 TOTAL
Summary of Number of Evaluations 5 5
Have there been any significant / critical events relating to Partnerships during the financial year? If yes, please provide details.
Are there any examples of best practice (or exceeding best practice) in Tayside Contracts that could be
shared with other Services? If yes, please provide details.
Links to relevant Tayside Contracts Policies, Procedures and Guidelines:
Links to relevant best practice governance documents:
Building Partnerships: Insights from the Devolution Summit (CIPFA/Grant Thornton, 2015) Good Governance Principles for Partnership Working (Audit Scotland, 2011) Following the Public Pound (Audit Scotland, 2004) Arm's-length External Organisations (ALEOs): Are you getting it right? (Audit Scotland, 2011) Councils Use of Arm's-length Organisations (Audit Scotland, 2018)
23 40
41 Appendix 2 Annual Governance Statement 2019/20 – Actions for 2020/21
Action Status 1 All employment policies will gradually be added to the internet in Polish in both the written and audio formats. Ongoing 2 Work with the Scottish Information Commissioner’s Office to find an acceptable way which ensures that Tayside Ongoing Contracts is covered by the Freedom of Information (Scotland) Act 2002. 3 Continuing work is being undertaken to ensure that all standard operational procedures throughout the organisation Ongoing are developed for non-key activities. 4 Training will continue to pick up relevant staff who missed the main training courses making them aware of the Complete requirements of GDPR. Training will continue to relevant staff that need to be aware of the requirements of GDPR and implement the necessary changes to ensure full compliance with the regulation. Training programme will be completed early in 2019/20. 5 As part of continuous improvement, we continue to review and seek improved means of processing data and providing Ongoing information. 6 Further roll out of electronic purchase ordering during 2019/20. Complete 7 Succession planning remains a serious concern of the CMT and various management development programmes have In progress been established to seek to address this. Also, when appointing new managers, succession planning opportunities are always considered. 8 Full testing of the IT Business Continuity plan and Disaster recovery plan required to prove effectiveness of measures Ongoing in place. 9 Completion of the review of continuity plans for key business systems to ensure that they are still appropriate and Complete that there are no gaps. 10 Further training to be put in place to ensure that staff fully aware of their duties and responsibilities under Tayside Ongoing Contracts Business Continuity Plans.
42
43
REPORT TO: TAYSIDE CONTRACTS JOINT COMMITTEE – 22 JUNE 2020
REPORT ON: BUSINESS PLAN ANNUAL UPDATE
REPORT BY: MANAGING DIRECTOR
REPORT NO: JC07/2020
1.0 PURPOSE OF REPORT
1.1 This report seeks to provide the Joint Committee with the annual update of progress for 2019/20 against the priorities, action plans and targets detailed in Tayside Contracts business plan for the period 2017 to 2020. It also seeks to extend the current business plan, due to the impact of COVID-19, to 31 March 2021.
2.0 RECOMMENDATIONS
2.1 It is recommended that the Joint Committee:
a) approves the content of this report. b) approves the extension of the current business plan to 31 March 2021.
3.0 FINANCIAL IMPLICATIONS
3.1 There are no specific financial implications associated with the approval of this report.
4.0 BACKGROUND
4.1 The Joint Committee at its meeting on 26 June 2017 approved a new business plan for Tayside Contracts for the period 2017 to 2020, report number JC12/2017 refers.
4.2 This report is the review of progress which has been made against the key priorities, action plans and targets for the financial year 2019/20.
4.3 This report would normally set out the key priorities, action plans and targets for the financial year 2020/21 but this has been deferred until the Joint Committee meeting on 24 August 2020, by which time the long term impact of the COVID-19 pandemic will hopefully be better understood. At the time of writing this report, the Corporate Management Team (CMT) was developing a first stage recovery plan (as referenced in report JC06/2020 - Response to COVID-19 Pandemic) which will no doubt influence the future business plan objectives in the short, medium and longer term.
5.0 MONITORING
5.1 To ensure that the business plan is a meaningful working document action plans and targets contained within it are monitored on a regular basis.
44
5.2 In addition to this the Governance and Strategy Group (GSG), consisting of Tayside Contracts Managing Director and a senior representative from each of the constituent Councils is involved in monitoring progress against the key business plan targets. This also assists in further strengthening the corporate governance of Tayside Contracts through improved involvement and dialogue with key stakeholders.
5.3 Information relating to the financial performance and the workload of Tayside Contracts is also reported to each meeting of the Joint Committee but there will not be one submitted to today’s meeting due to this being covered in report JC06/2020 – Response to COVID-19 – Pandemic.
6.0 GENERAL
6.1 The business plan is the key document in Tayside Contracts’ planning for the future. This plan has identified the key objectives for the organisation and the framework of how this will be achieved along with identifying the success criteria which will be used for measurement.
6.2 Supporting the business plan are comprehensive service improvement plans for each of the divisions and units of Tayside Contracts. These service improvement plans contain the details of how each of the divisions and units contribute to the key aims, objectives and targets set out in the business plan. They also identify the key targets and performance indicators which are used to measure the success of service delivery within these divisions and units and therefore ultimately Tayside Contracts.
6.3 The business plan and service improvement plans are working documents and are all reviewed on a quarterly basis and updated on an annual basis.
7.0 NEW BUSINESS PLAN
7.1 A new business plan was in the process of being prepared for a five year period from 31 March 2020, after a meeting with the Chief Executives and senior officers of the constituent Councils, which was due to be submitted to this meeting of the Joint Committee but this has had to be delayed due to the COVID-19 pandemic.
7.2 Due to the uncertainty surrounding future delivery of services following the relaxation of the COVID-19 lockdown it is proposed to continue with the current business plan for another 12 months until 31 March 2021, supported by the COVID-19 Strategic Recovery Plan.
7.3 A new business plan will be prepared between now and 31 March 2021 with it being submitted to the March 2021 Joint Committee.
8.0 PERFORMANCE MONITORING
8.1 Identified within the business plan are key performance indicators (KPIs). Appendix 1 provides the details on the progress which has been made against these indicators for 2019/20.
45
8.2 In general, very good progress has been made against the key issues which had to be progressed in the third year of the business plan which has also been reflected in the KPIs achieved.
8.3 Appendix 2 provides details of the key performance indicators for the proposed additional year of the business plan, 2020/21.
9.0 CORPORATE IMPROVEMENT PLAN
9.1 Following the approval of the business plan an annual corporate improvement plan was developed detailing how the corporate management team would address the risks and opportunities identified in the business plan and deliver on the aims, objectives and efficiencies detailed in it.
9.2 Appendix 3 provides the details of progress against the issues identified in the corporate improvement plan for 2019/20. In general, very good progress has again been made against the identified issues.
10.0 EQUALITIES ASSESSMENT
10.1 The issues considered within this report have, as required by legislation, been the subject of consideration from an equalities perspective.
10.2 An equalities impact assessment (EqIA) is not required.
11.0 CONSULTATIONS
11.1 The Clerk and the Proper Officer to the Joint Committee have been consulted on the preparation of this report.
12.0 BACKGROUND PAPERS
12.1 None.
Iain C Waddell Managing Director 46
47 Appendix 1 Summary of Progress against KPIs for 2019/20
48 Appendix 2 KPIs for 2020/21 49 Appendix 3 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date 1 Leadership
a) Develop vision, Produce a new Business Plan for the Joint Committee March This has been delayed due to values and ethics period 2020 -2023 which builds on the approval at 2020 the COVID-19 pandemic. The vision, values and ethics of the March 2020 Joint Committee is going to organisation contained within the current meeting asked to approve an extension Business Plan. These are: to the current business plan for Satisfied another year until 31 March Vision: To be the preferred business customers 2020. model delivering an increasingly diverse range of high quality, cost-efficient front- Motivated By then the impact of COVID- line services. people 19 going forward will be better
Values: The 4Ps – People, Performance, understood and can be built
Partnership, Perception. Community into the new business plan. Ethics: Open and honest, prudent benefit financial management, listening and reactive, respectful.
b) Develop, Continue to build on the standard Business March This has been ongoing implement and operating procedures (SOPs) already in Improvement 2020 throughout the year. continuously existence and ensure that all employees improve are appropriately trained in these. management systems Continue to streamline processes by Business March Electronic purchase ordering electronic means to reduce the amount of Improvement 2020 has been implemented for manual intervention. larger suppliers. Plans in place to streamline more processes.
50 Appendix 2 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date c) Engage with Regularly get the views of the constituent Stakeholder March Meeting held with Chief external Councils’ Chief Executives through face involvement 2020 Executives on 21 June 2019 stakeholders to face meetings or through the and a Strategic review Governance and Strategy Group (GSG) meeting held with them and also the views of the Elected Members their management teams on 3 through the Joint Committee. December 2019.
Continue to work with the trade unions to Stakeholder March Quarterly meetings held with the benefit of both the organisation and involvement 2020 trade unions at various levels. our employees.
d) Reinforce a culture Continue to develop the concept of “lean Business March Ongoing of excellence thinking” by reducing waste in all its Improvement 2020 forms throughout the organisation.
Continue to review and develop our Business March Ongoing Health and Safety systems and Improvement 2020 processes throughout the organisation to ensure a safe working environment.
e) Ensure that the organisation is With the austerity measures we are Business March flexible and facing change is part of the environment Improvement 2020 manages change in which we operate. We need to ensure effectively that: HR and Finance units have i. Organisational structures are undergone minor structural continually under review and will be changes in the first six months. amended as necessary to ensure that Other changes being they remain fit for purpose. investigated. 51 Appendix 2 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date ii. Decision making and the responsibility Ongoing which goes with it is pushed down to the appropriate level. iii. SMT and other teams as appropriate Ongoing are given the responsibility and accountability for relevant decision making. iv. Actively pursue new sources of A report was put to the Chief profitable income streams through the Executives on 21 June 2019 delivery of additional services or identifying new and additional transferred services from the work streams. This was further constituent Councils, including the discussed at the meeting on 3 pursuit of external new business. December 2019 and will be built into the new business plan. 2 Policy & Strategy
a) Determine needs i. Through the GSG determine the Stakeholder March This was discussed at the and expectations needs and expectations of constituent involvement 2020 meetings with the Chief of stakeholders Councils. Executives. and the external ii. Through quarterly meetings determine Ongoing. environment needs of the trade unions. iii. Through regular client liaison This is discussed at the meetings determine needs of service quarterly meetings. delivery. iv. Through team briefings and employee Quarterly team briefings take meetings determine needs of place and a separate employees. employee briefing system is in place. 52 Appendix 2 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date
v. Through market research determine No formal market research has needs of the various markets. been undertaken but there has been much informal work undertaken.
b) Understand i. Ensure the aims and objectives of the Business March All aspects are being delivered. performance and business plan are fully delivered. strategy 2020 capabilities ii. CMT to review quarterly the delivery of Quarterly reviews have taken the various units Service Improvement place and SIPs are being Plans (SIPs). delivered.
c) Ensure that Using the Corporate Improvement Plan Business March This has been monitored on a supporting policies and the various Service Improvement strategy 2020 quarterly basis and the results are developed, Plans ensure that appropriate policies can be seen in the KPI reviewed and are in place, reviewed and updated as information. updated necessary to deliver the aims, goals and objectives of the Business Plan.
d) Ensure that i. Ensure areas identified for Motivated March Positive action has taken place policies are action/improvement through the 2017 people 2020 and will be monitored on the communicated, employee survey are fully delivered. outcome of the 2020 survey. implemented and monitored ii. Ensure that the Communications Motivated March In Progress Strategy is consistently complied with people 2020 using audits.
e) Website and Social i. Ensure that all employment policies Motivated March Complete Media and necessary information are people 2020 53 Appendix 2 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date available on both the website and the intranet and in a range of formats. ii. Use social media as appropriate. The use of Twitter and the better use of our website has been beneficial. 3 People
a) Ensure people Ensure that the Tay Review process and Motivated October 90% of the Tay Reviews were plans support the timetable is complied with. people 2019 completed within the time strategy of the period. organisation
b) Develop the Continue to utilise the Leadership and Business March This has been the key focus for knowledge and Management Development Strategy improvement 2020 supporting and developing capabilities of (LMDS) as a framework to deliver, managers to become better employees training and development to managers to managers and leaders. support leadership development and succession planning.
i. Managing Director to continue to run Motivated March Ongoing quarterly development sessions. people 2020
c) Ensure people are ii. Continue to roll out the external and Motivated December Delivered in accordance with aligned, involved internal training in place to support people 2019 our LMDS programme. and empowered succession planning throughout the organisation.
54 Appendix 2 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date d) Ensure effective Continue the development of managers Improved October The training which commenced communication as the ambassadors of the organisation’s communications 2019 in 2018 is being further rolled throughout the image and reputation through the running out. organisation of internal training and awareness courses.
Continue to develop the various levels of Motivated March As for the previous heading the communication including using the people 2020 training which commenced in internet and social media in accordance 2018 is being further rolled out. with our communications strategy.
e) People are i. Monitor the effectiveness of Twitter Motivated March Twitter has been used very rewarded, which Tayside Contracts commenced people 2020 effectively and we are now recognised and using in January 2018 and consider looking at other forms of social cared for other evolving platforms. media.
ii. Continuation of Tayside Contracts Once again, the 2019 TEA Excellence Awards. ceremony was a great success. These have been reviewed and will continue in 2020, albeit on slightly reduced format – CANCELLED due to COVID-19. iii. Continue to motivate employees by Front line employees are involving them in “lean” initiatives. regularly involved in this process.
55 Appendix 2 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date iv. Continue building on the Wellbeing A Wellbeing strategy was Strategy to further promote and approved by the Corporate encourage employee health, wellbeing Management Team on and work/life balance. 27/9/19.
v. Promotion of Equality through the An Equalities Mainstreaming findings of the Equalities report was approved by the Mainstreaming report for the period Joint Committee at its meeting 2017-20. Ensure that this is on 24/6/19. appropriately audited.
4 Partnership and Resources
a) Delivery of Keep under review all the current Business March The effectiveness of these are sustainability partnerships and the agreements under strategy 2020 reviewed every quarter by the through which they operate to determine if any various partnership boards. partnerships amendments are necessary.
b) Ensure financial In conjunction with 4 a) monitor the Business March This monitoring also takes benefits are financial benefits being delivered through strategy 2020 place at the quarterly board delivered through partnership working and how these can be meetings. partnership maximised for all parties. working
56 Appendix 2 CORPORATE IMPROVEMENT PLAN 2019/20
Enabler Action Achieved by Result Target Annual Update Date 5 Processes
a) Ensure processes Continually look to improve processes to Business March develop optimised deliver the organisation’s strategies and improvement 2020 stakeholder value add value to stakeholders.
Three areas which have been identified which need to be improved, reviewed or implemented during 2019/20 which are:
i. Complete the review of December Delayed due to other priorities manned/unmanned plant charging. 2019 and moved to December 2020.
ii. Deliver on the project plan for the March This is a 3 to 5 year redesign and implementation of a 2020 programme which is on target. Records Management system fit for purposes. iii. Complete the roll out of the move to the October Office based staff were cloud-based Office 365 – to be led by 2019 completed by the end of the IT Manager October 2019. iv. Identify new markets to be agreed by March These have been identified to the Governance and Strategy Group 2020 the Chief Executives. (GSG) and ultimately the Joint Committee and deliver on these. v. Once agreed, deliver on the Central March PKC has pulled out but Angus Food Production Facility to ensure that 2020 and Dundee City Councils are it is fully operational in time for the still proceeding with this. The introduction of the additional ELC project is currently suspended meals. due to COVID-19. 57
REPORT TO: TAYSIDE CONTRACTS JOINT COMMITTEE – 22 JUNE 2020
REPORT ON: AUDIT UPDATE
REPORT BY: MANAGING DIRECTOR
REPORT NO: JC05/2020
1.0 PURPOSE OF REPORT
1.1 This report provides members with an update on Internal Audit work carried out by Wylie and Bisset for the remainder of the financial year 2019/20 and their proposed Internal Audit Plan for 2020/21.
1.2 It also provides members with the Annual Audit Plan 2019/20 from the External Auditors, Audit Scotland.
2.0 RECOMMENDATIONS
2.1 The Joint Committee is asked to:
a) Note the contents of this report and the Follow Up Review and the Health & Safety internal audit reports.
b) Approve the action plans in both reports, and
c) Approve the Internal Audit Plan and the External Audit Plan.
3.0 FINANCIAL IMPLICATIONS
3.1 There are no financial implications resulting from this report. The cost of providing the internal and external audit services has been included in the revenue budget as appropriate.
4.0 BACKGROUND
4.1 Report No JC8/2019, which was approved by the Joint Committee on 18 March 2019, provided details of the Internal Audit Plan for 2019/20. The key activities included in the plan were as follows:
• Transport, Utilisation and Asset Management • Health and Safety • Management Reporting and Information Gathering • IT Security • Purchasing and Payments • Information and Asset Management • Follow up Review of previous years actions.
58
4.3 Five audits have now been carried out and previously reported to the Joint Committee. The remaining two audits, Follow up Review of previous year’s actions and Health and Safety have now been completed. Detailed reports for the completed reviews have been appended to this report (Appendix 1 and 2 respectively).
4.4 The proposed internal audit plan for 2020/21 will be for the fifth year of the internal audit appointment. The proposed Internal Audit Plan 2020/21 has been appended to this report (Appendix 3).
4.5 This is the fourth year of the external audit appointment of Audit Scotland. The interim external audit has taken place during February 2020 and the final audit will take place in June 2020. The Annual Audit Plan 2019/20 has been appended to this report (Appendix 4).
5.0 INFORMATION
5.1 It is pleasing to note that from the 2 internal audit reviews done, the Follow up Review is graded “Substantial” and the Health and Safety review is graded “Strong”.
5.2 A summary of the findings are as follows:
Grading High Medium Low Follow up Review Substantial 0* 3* 2* Health and Safety Strong 0 0 0
* This number corresponds to the remaining audit recommendations at the date of the Follow up Review.
5.3 All recommendations have been accepted by Management.
5.4 The Follow up Review audit concluded that the auditors could provide a substantial level of assurance over the organisation’s implementation of prior year recommendations. Of the 11 prior year recommendations, 6 had been fully implemented and 5 are outstanding – 4 still to be implemented and 1 is partially implemented.
5.5 The Health and Safety audit concluded that the auditors were able to provide a strong level of assurance over the policies and controls in place regarding the organisation’s health and safety arrangements. They confirmed that the health and safety arrangements are sufficient, follow good practice and adhere to current legislation and guidance. There were 14 areas of good practice noted. Compared to audits of a similar nature these had an average number of 2 medium recommendations and 2 low recommendations.
5.6 In preparation for the production of the Internal Audit Plan, several meetings were held with Stephen Pringle, Senior Internal Audit Manager from Wylie and Bisset and the Vice Convener Elect of the Joint Committee, the Managing Director and the Head of Financial Services. Contact was also made with the Convenor and the Vice Convenor for suggestions for the 2020/21 audit plan.
59
5.7 The Internal Audit Plan for 2020/21 from Wylie and Bisset details all the previous audits over the past 4 years, and it also includes more specifically the Internal Audit Operational Plan for 2020/21, including the reporting timelines for each of the audit reports.
5.8 The External Audit Annual Audit Plan 2019/20 from Audit Scotland includes the main risk areas that will require specific testing, key dates in order to meet reporting requirements, the audit fee and the materiality levels that Audit Scotland have determined for Tayside Contracts.
6.0 EQUALITIES ASSESSMENT
6.1 The issues considered within this report have, as required by legislation, been the subject of consideration from an equalities perspective.
6.2 An equalities impact assessment (EqIA) is not required.
7.0 CONSULTATIONS
7.1 The Clerk and the Proper Officer to the Joint Committee have been consulted on the preparation of this report.
8.0 BACKGROUND PAPERS
8.1 None.
Iain C Waddell Managing Director
60
61
Tayside Contracts Internal Audit 2019/20 Follow Up Review December 2019 62
63 Tayside Contracts TABLE OF CONTENTS Follow Up Review
Section Page 1. Executive Summary 3 - 5 2. Audit Arrangements 6 - 7 Appendices A. Not Implemented Recommendations 8 - 15 B. Partially Implemented Recommendations 16 - 18 C. Fully Implemented Recommendations 19 – 28 D. Grading Structure 29 – 30 E. Assignment Plan 31
The matters raised in this report came to our attention during the course of our audit and are not necessarily a comprehensive statement of all weaknesses that exist or all improvements that might be made.
This report has been prepared solely for Tayside Contracts’ individual use and should not be quoted in whole or in part without prior written consent. No responsibility to any third party is accepted as the report has not been prepared, and is not intended, for any third party.
We emphasise that the responsibility for a sound system of internal control rests with management and work performed by internal audit should not be relied upon to identify all system weaknesses that may exist. Neither should internal audit be relied upon to identify all circumstances of fraud or irregularity should there be any although our audit procedures are designed so that any material irregularity has a reasonable probability of discovery. Even sound systems of control may not be proof against collusive fraud. Internal audit procedures are designed to focus on areas that are considered to be of greatest risk and significance.
2 64
65 Tayside Contracts 1 EXECUTIVE SUMMARY Follow Up Review
Purpose of Review The effectiveness of the internal control system may be compromised if management fails to implement agreed audit recommendations. Our follow up work will provide the Joint Committee with assurance that prior year recommendations are implemented within the expected timescales.
This assignment is part of the agreed 2019/20 Annual Internal Audit Plan for the Organisation.
Scope of Review Our objective for this review was to ensure:
➢ The Organisation has appropriately implemented any outstanding internal audit recommendations made in prior years.
Our approach to this assignment took the form of discussion with relevant staff, review of documentation and where appropriate sample testing.
3 66 Tayside Contracts 1 EXECUTIVE SUMMARY Follow Up Review
Conclusion Overall Conclusion: Substantial We are able to provide substantial assurance over the Organisation’s implementation of prior year’s recommendations. We can conclude that the Organisation have endeavoured to implement recommendations as far as possible. In areas where recommendations have not been fully implemented, the Organisation are still considering these in line with ongoing business and development.
Summary of Recommendations
Grading of Recommendations High Medium Low Total
Appendix A – Not Implemented 0 2 2 4 Recommendations Appendix B –Partially Implemented 0 1 0 1 Recommendations Appendix C – Fully Implemented 0 2 4 6 Recommendations
4 67 Tayside Contracts 1 EXECUTIVE SUMMARY Follow Up Review Implementation of Recommendations
Summary of Implementation Audit Area Total Not Partially Fully Implemented Implemented Implemented Finance System 1 1 0 0 (August 2018) Construction Services - Fleet 1 1 0 0 Maintenance(August 2018) Follow Up Review 2018/19 3 0 1 2 (November 2018) Business Continuity 3 2 0 1 (June 2018) Corporate Governance – Local Code of 3 0 0 3 Corporate Governance(April 2018) Total 11 4 1 6 Percentage of Total 100% 36% 9% 55%
5 68 Tayside Contracts 2 AUDIT ARRANGEMENTS Follow Up Review
The table below details the dates of our fieldwork and the reporting of the audit area under review.
Audit Stage Date Fieldwork start 18 November 2019
Closing meeting 22 November 2019
Draft report issued 5 December 2019
Receipt of management responses 18 December 2019
Final report issued 18 December 2019
Joint Committee 16 March 2020
No of audit days 3
6 69 Tayside Contracts 2 AUDIT ARRANGEMENTS Follow Up Review
We detail below our staff who undertook the review together with the Organisation staff we spoke to during our review.
Wylie & Bisset LLP
Partner Graham Gillespie Partner [email protected]
Senior Manager Stephen Pringle Senior Internal Audit Manager [email protected]
Auditor Haseeb Farrukh Internal Audit Senior [email protected]
Tayside Contracts
Key Contacts Wendy Grant Head of Financial Services [email protected]
Wylie & Bisset appreciates the time provided by all the individuals involved in this review and would like to thank them for their assistance and co-operation.
7 70
Appendix A Not Implemented Recommendations
8 71 Tayside Contracts A DETAILED RECOMMENDATIONS Follow Up Review Not Implemented Recommendations
Business Continuity Training-Business Continuity (June 2018) Original Finding The Organisation should carry out business continuity training to ensure that staff are fully aware of the business continuity arrangements in place. The Organisation has not conducted the theoretical training with regards to business continuity since 2010, however on the job practical business continuity training does take place throughout the Organisation. There is the risk that staff are not appropriately knowledgeable of the business continuity arrangements in place or the process to be followed. Original Recommendation We recommend that the Organisation carries out training for all relevant staff regarding business continuity to ensure that staff are appropriately aware of the arrangements in place. Original Management Response Agreed – we will arrange appropriate awareness training once the revised Business Continuity Policy has been approved, however much of the 2017- 20 Business Plan is around providing a high quality service and other aspects which focusses on Business Continuity albeit not explicitly. (Responsible Officer: Managing Director; Implementation Date: 31 December 2018)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
1 During our review, we found that no training has been Medium We have treated this as not implemented and reiterate conducted for Business Continuity but recognise that this is our original recommendation. planned for 2020.
Management Response Responsibility and Implementation Date
Agreed – we plan to arrange appropriate awareness training of the new Business Managing Director, 31 October 2020 Continuity Policy.
9 72 Tayside Contracts A DETAILED RECOMMENDATIONS Follow Up Review Not Implemented Recommendations
Business Continuity Testing and Reporting-Business Continuity (June 2018) Original Finding The Organisation should conduct testing of its business continuity arrangements for each business critical area. The results of this testing should be reviewed and reported to Senior Management on a regular basis. The Organisation has recently conducted testing of the business continuity arrangements in place with regards to its IT systems as well as undertaking a run-through assessment of the Tay Cuisine Business Continuity Plan and taking part in desktop exercises as part of the Local Resilience Partnership (LRP) Working Group. However, testing has not been carried out for the other business critical areas, such as Transport, the Collace Quarry, Construction and non-IT Support Services. Further, the Organisation has not reported on the findings of business continuity testing to Senior Management. There is the risk that the appropriateness of business continuity arrangements is not being tested. There is also the risk that the suitability of the business continuity arrangements in place is not being reported to Senior Management. Original Recommendation We recommend that the Organisation conduct testing on its identified business critical areas to monitor the performance of its business continuity arrangements. We also recommend that the Organisation reviews the results of such testing and reports the findings of this testing to Senior Management. Original Management Response Agreed – we do tests throughout the year in the various critical business areas to prevent disruption or interruptions in service and will arrange for an annual update report to be made to the Corporate Management Team (CMT). However if any major failings are identified then these will be notified immediately to CMT. (Responsible Officer: All Unit Head; Implementation Date: 31 March 2019)
See next Page for Finding, Recommendation and Management comment for 2019/20
10 73 Tayside Contracts A DETAILED RECOMMENDATIONS Follow Up Review Not Implemented Recommendations
Business Continuity Testing and Reporting-Business Continuity (June 2018) (cont’d)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
2 During our review, we found that testing has still to be Medium We have treated this as not implemented and reiterate our original undertaken on the identified business critical areas. recommendation.
Management Response Responsibility and Implementation Date
Agreed – following the training (referenced above), testing of identified business critical Managing Director – 31 December 2020 areas will be done and the results reported to CMT.
11 74 Tayside Contracts A DETAILED RECOMMENDATIONS Follow Up Review Not Implemented Recommendations
User Access-Finance System (August 2018) Original Finding The Financial Services Officer sets up and removes the access rights for staff who require access to groups within the Integra 2 system. This is in conjunction with the person's line manager/Head of Services/Department and their job requirements. Currently, ex-employees of the Organisation have their access rights within system groups disabled as opposed to the user being fully removed from the groups they had been in. From our review of the system, we noted ex-employees who had left the Organisation over 5 years ago who were still appearing in groups throughout the system. From our discussions with the Financial Services Officer, it was agreed that Tayside Contracts would test fully removing users from these groups to ensure that the Organisation cwould still enable the Organisation to view work the ex-employee had been involved in and If successful, this would additionally make system groups easier to review. There is a risk that undertaking a review of the system access rights is not efficient. Original Recommendation We recommend that going forward, the Organisation remove ex-employees from active groups within the Integra 2 system on the point of their leave date. Original Management Response Agreed - Tayside Contracts will test the removal of ex-employees from Groups within the Taytest environment. Further testing of reports, transaction enquiries, etc. will need to be carried out to ascertain the impact of the recommendation prior to deciding whether this would be appropriate for the Taylive environment. The findings will be reported to the Head of Financial Services to decide on course of action. (Responsible Officer: Financial Services Officer; Implementation Date: 31 March 2019)
See next Page for Finding, Recommendation and Management comment for 2019/20
12 75 Tayside Contracts A DETAILED RECOMMENDATIONS Follow Up Review Not Implemented Recommendations
User Access-Finance System (August 2018)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
3 During our review, we found that the Organisation has Low We have treated this as not implemented and reiterate our original yet to implement this action. The Organisation block recommendation. former employees from accessing the system. However, their accounts have yet to be removed from the system.
Management Response Responsibility and Implementation Date
Agreed – this is very low priority as it has no impact on the integrity of the financial Systems Accountant – 31 December 2020 system, but will be done once a new Systems Accountant can devote time to it.
13 76 Tayside Contracts A DETAILED RECOMMENDATIONS Follow Up Review Not Implemented Recommendations
Monitoring of Maintenance Schedule -Construction Services - Fleet Maintenance (August 2018) Original Finding Workshop Supervisors manage the Organisation's maintenance schedules and inform operations staff of the vehicles/plant due for servicing or inspection by sending a monthly service schedule as well as contacting the operations staff on a weekly basis by telephone as a reminder. The Workshop Supervisors also maintain wallchart schedules within their office.
From our discussions with the Fleet Maintenance Manager, we were informed that the Organisation's fleet maintenance software, Fleetwave, does not currently have a booking/diary system for details of planned maintenance to be stored. As such, the Organisation's monitoring of fleet maintenance schedules is heavily reliant on individual Workshop Supervisors.
There is a risk that fleet maintenance schedules may not be accurately monitored and are heavily reliant on individual Workshop Supervisors
Original Recommendation We recommend the Organisation consider introducing a booking/diary system within the fleet maintenance software, Fleetwave, whereby fleet maintenance schedules are easily accessible and reduce reliance on individual Workshop Supervisors to maintain.
Original Management Response Agreed - Whilst the recommendation is accepted, there is no urgency for it and it is felt that it would bring little added benefit at this time. However the intention will be to incorporate it into further changes to the Fleetwave fleet management system which are planned for the future. It is believed that this is better, more coordinated and cost effective approach to upgrades. (Responsible Officer: Transport Service Manager; Implementation Date: NA)
See next Page for Finding, Recommendation and Management comment for 2019/20
14 77 Tayside Contracts A DETAILED RECOMMENDATIONS Follow Up Review Not Implemented Recommendations
Monitoring of Maintenance Schedule -Construction Services - Fleet Maintenance (August 2018)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
4 During our review, we found that the Organisation has Low We have treated this as not implemented and reiterate our original not yet considered the implementation of this recommendation. recommendation.
Management Response Responsibility and Implementation Date
Agreed – this is very low priority, hence why no implementation date was given to the Transport Service Manager – n/a recommendation, and as before we will incorporate it into further changes to the Fleetwave fleet management system which are planned for the future but we will not pay for consultancy to specifically do this.
15 78
Appendix B Partially Implemented Recommendations
16 79 Tayside Contracts B DETAILED RECOMMENDATIONS Follow Up Review Partially Implemented Recommendations
Follow Up Report 2017/18 (August 2017) - Change Management Policy, IT General Controls (January 2017) Original Finding Change management is a key part of ensuring effective management and control of systems. It ensures that proposed changes to hardware, software or network configurations are reviewed, approved and tested before being applied to the production environment. There should be formal procedures for testing and approval. There should be documentation regarding the process for change management. In the absence of documentation, there is a lack of consistency in managing incidents and changes. Through our review we identified that the Organisation does not have a formal change management process in place. We noted that the Organisation procured the services of external provider NCC Group to undertake a network penetration test in June 2014. We reviewed the report provided by NCC Group and noted that there were 6 recommendations made identifying "Low Grade" weaknesses. 3 out of the 6 were implemented, 1 out of the 6 will be implemented shortly and 2 out of the 6 will be investigated further. This could result in incidents not being managed effectively and/or changes not being implemented successfully. Changes should be recorded and be accessible to the relevant staff. Original Recommendation We recommend that the Organisation implement a Change Management Policy to ensure all changes to IT services are appropriately planned, tested, approved, recorded and implemented. Original Management Response Agreed - Change Management policy and procedure to be drafted. Change management for Snowdrop HR system patches/upgrades currently in use. (Responsible Officer: IT Manager; Original Implementation Date: 30 September 2017) Finding in 2017/18 Work on the Change Management Policy is ongoing. As noted, Change Management for the Snowdrop HR system is currently performed in-house. Capita perform Change Management with regards to Integra. Recommendation in 2017/18 It should be noted that the original implementation date for this recommendation is 30 September 2017. Management Response in 2017/18 Due to other work commitments the actions will not be implemented by the original due date. (Responsible Officer: IT Manager; Implementation Date: 31 March 2018)
See next Page for Finding, Recommendation and Management comment for 2019/20
17 80 Tayside Contracts B DETAILED RECOMMENDATIONS Follow Up Review Partially Implemented Recommendations Follow Up Report 2017/18 (August 2017) - Change Management Policy, IT General Controls (January 2017) Finding in 2018 The IT Manager has prepared a Change Management Policy which was approved by the Senior Management Team (SMT) on 23 October 2018. This was presented to the Corporate Management Team (CMT) on 29 October 2018, who requested changes be made to the policy before they give it their approval.
Recommendation in 2018 We have treated this as partially implemented as the Change Management Policy has been prepared. We recommend that the required amendments are made to this policy and thereafter it should be approved by the CMT.
Management Response in 2018 Agreed – however it is likely to become a procedure rather than a policy, which will be represented to CMT in January 2019.. (Responsible Officer: IT Manager; Original Implementation Date: 31 January 2019)
Follow Up Report 2019/20 (August 2017) - Change Management Policy, IT General Controls (January 2017) (cont’d)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
1 During our review, we found that the Organisation has Medium We recommend that the Organisation ensure that the Change yet to fully complete and approve the Change Management Policy/Procedure is completed and presented to the Management Policy/Procedure. CMT for approval.
Management Response Responsibility and Implementation Date
Agreed – an updated Change Management Procedure will go to CMT for approval. IT Manager- 29 February 2020
18 81
Appendix C Fully Implemented Recommendations
19 82 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations Follow Up Report 2017/18 (August 2017) - Outdated Operating Systems, IT General Controls (January 2017) Original Finding Through our discussions with the IT department, we identified that the Organisation has machines on their network which are running on outdated operating systems. We were informed of a Windows XP machine, a Windows Server 2003 machine and Windows Server 2000 machine. These operating systems are no longer supported by Microsoft therefore security and critical updates are no longer released. We also noted that the Organisation's email server is running Microsoft Exchange 2007. Microsoft support for this operating system ceases in April 2017. There is the risk of security vulnerabilities on the outdated operating systems as they are no longer supported. Original Recommendation We recommend that the Organisation upgrade or remove the outdated operating systems from their network. Original Management Response Agreed - Outdated XP machines now removed from network. The Windows 2003 server (VM) hosts the SQL databases for which a business case has been drafted outlining a project to replace it with current OS and database software however it is not included in the 2017/18 budget. The Win2K server hosts legacy Crystal Enterprise software for which an alternative solution is required before retiring the server. (Responsible Officer: IT Manager; Original Implementation Date: 31 October 2017) Finding in 2017/18 Work on the upgrade and removal of systems is ongoing. Outdated XP machines have now been removed from the network and the Windows 2003 server (VM) is to be updated. We also note that the Catering Management System (Saffron) which currently runs on a virtual server is currently in testing phase on a hosted cloud solution. Recommendations in 2017/18 It should be noted that the original implementation date for this recommendation is 31 October 2017. Management Response in 2017/18 Due to other work commitments the remainder of these actions will not be done for a further year. (Responsible Officer: IT Manager; Implementation Date: 31 October 2018) Finding in 2018/19 There are now only 2 outdated OS servers which the IT Manager and his staff are working to upgrade/remove. The IT Manager stated that these will be updated over the next couple of weeks.
See next Page for Finding, Recommendation and Management comment for 2019/20
20 83 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations Follow Up Report 2017/18 (August 2017) - Outdated Operating Systems, IT General Controls (January 2017)
Recommendation in 2018/19 We have treated this as partially implemented as work has been undertaken to implement our recommendation but at the time of our audit visit this had not been completed. We reiterate our original recommendation. Management Response 2018/19 Agreed – there is now only one (one has been removed since the audit visit) and work is currently in progress to remove this in the next 2 weeks. (Responsible Officer: IT Manager; Original Implementation Date: 31 January 2019)
Follow Up Report 2018/19 (August 2017) - Change Management Policy, IT General Controls (January 2017) (cont’d)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
1 We can confirm that the Organisation has updated and Medium No Further Action required. removed old operating systems from the network.
21 84 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations
Up-to-date Business Continuity Policies-Business Continuity Original Finding The Organisation should ensure that its Business Continuity & Resilience Policy and its Facilities Services Business Continuity Plan are robust and reflect current practice.
The existing Policies do not reflect the new management structure within the Organisation and the Business Continuity & Resilience Policy has not been reviewed since 2012. We note that this Policy is in the process of being updated through the work of a short-term working group consisting of senior Tayside Contracts employees.
There is the risk that the Business Continuity & Resilience Plan is not robust and does not reflect current practice. Original Recommendation We recommend that the Organisation completes its current review of the Business Continuity & Resilience Policy. Original Management Response Agreed – this will be completed and will go to the August Joint Committee. (Responsible Officer: Managing Director; Implementation Date: 27 August 2018
Ref Finding from our 2019/20 Follow Up Grade Recommendation
2 The Policy was approved by Corporate Management Team and Medium No further action required. went to the August 2018 Joint Committee for approval.
22 85 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations
Updated documents readily available-Corporate Governance (April 2018) Original Finding Up-to-date and accurate policies available on the public-facing website and internal intranet ensure that the staff and public are aware of Tayside Contracts' policies and annual performance.
During our review, we noted that Tayside Contracts did not have up-to-date policies available on its new public-facing website or internal intranet. The documents due for update or not available include: - Equality & Diversity (due for update: 2015) - Performance at Work (due for update: 2015) - Annual Performance Report 2016/17 (not available) - Annual Performance Report 2015/16 (not available) - Annual Performance Report 2014/15 (not available)
There is a risk that Tayside Contracts' policies are due for update and do not reflect current practice. There is also a risk that the current grading given to the "Internal Control Environment" section of the AGS - Self Assessment Checklist does not wholly reflect the current arrangements in place at the Organisation Original Recommendation in 2018/19 We recommend that the Organisation ensure that all documents uploaded to the public-facing website and internal intranet are accurate and current. Management Response in 2017/18 Agreed – most of the policies had been reviewed, they had just not been uploaded onto the new internet, however they are now. For the 2 that are not on the internet, they are in the process of being reviewed. In respect of the Annual Performance Report, we had just moved to a new internet prior to the audit and there were some issues with some missing/out of date documents which still had to be picked up. Once pointed out during the audit this was immediately rectified. We have adjusted the AGS accordingly to a 3.(Responsible Officer: Business Support Officer: 30 September 2017)
See next Page for Finding, Recommendation and Management comment for 2019/20
23 86 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations
Updated documents readily available-Corporate Governance (April 2018)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
3 During our review, we found that all required documents are Low No further action required. uploaded to the Organisation’s website and intranet.
24 87 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations
AGS - Self Assessment Checklist: "Partnerships" grading-Corporate Governance (April 2018) Original Finding Having signed formalised partnership agreements in place allows an organisation the opportunity to develop the partnership as well as provide an agreed termination process should that need arise.
There is currently no signed partnership agreement in place for the roads maintenance contract between the Organisation and Perth & Kinross City Council. However, the AGS - Self Assessment Checklist has given the "Partnerships" area a grading of: 4 - Fully Compliant
There is a risk that the current grading within the "Partnerships" area of the AGS - Self Assessment Checklist does not wholly reflect the current partnership arrangements in place at the Organisation with particular regards to the roads maintenance partnership with Perth & Kinross City Council. Original Recommendation We recommend that the Organisation review the grading within the "Partnerships" area of the Annual Governance Statement - Self Assessment Checklist. Original Management Response Agreed – we have changed this to a 3 as we have just found out that PKC are unlikely to be in a position to sign an agreement until July 2018 and there is nothing we can do to influence that process. (Responsible Officer:Head of Financial services Implementation Date: Completed) Ref Finding from our 2019/20 Follow Up Grade Recommendation
4 During our audit, we found that the grading within the Low No further action required. "Partnerships" area of the Annual Governance Statement - Self Assessment Checklist has been reviewed and updated.
25 88 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations
AGS - Self Assessment Checklist: "Budgeting, Accounting & Financial Control" grading (April 2018)
Original Finding A strong internal financial system enables comfort to be taken over the control, planning and reporting of financial information within an organisation. Tayside Contracts' current internal financial system, Integra, is supplied by Capita.
From our discussions with the Managing Director and Head of Financial Services, it was noted that Tayside Contracts continue to have issues such as not receiving timely responses to queries raised with their internal financial system’s supplier, Capita. However, the AGS - Self Assessment Checklist has given the "Budgeting, Accounting & Financial Control" area a grading of: 4 - Fully Compliant
There is a risk that the current grading within the "Budgeting, Accounting & Financial Control" area of the AGS - Self Assessment Checklist does not wholly reflect the current risk to the financial system, Integra. Original Recommendation We recommend the Organisation review the grading with regards to the "Budgeting, Accounting & Financial Control" area of the Annual Governance Statement - Self Assessment Checklist considering the current issues surrounding Capita, the supplier of Tayside Contracts' internal financial system, Integra. Original Management Response Agreed – however this is not an improvement that we can influence as the issue with the system is a fundamental programming error by Capita which was not visible through normal reconciliations of ledgers being undertaken. (Responsible Officer: Head of Financial Services Implementation Date: Completed)
Ref Finding from our 2019/20 Follow Up Grade Recommendation
5 During our review, we found that grading regarding the Low No further action required. “Budgeting, Accounting & Financial Control” area of the Annual Governance Statement – Self Assessment Checklist has been updated. 26 89 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations
Catering Services (December 2017) – Input to Saffron System-Follow up Original Finding Details of the weekly meals prepared and catering orders raised are recorded on templates by the individual cooks from each of the schools. These templates were created by the Catering Business Improvement staff. These are saved in a shared drive to which the Catering Services staff have access. These template forms are used by the FM admin staff to manually input the recorded information onto the Saffron system (catering database). This can be time consuming and is open to human error. Due to the volume of data to be input across all schools the Catering Services staff have little time to double check the input. There is a risk that omissions or errors are made in the transfer from the catering forms to Saffron which goes unnoticed at the time of processing. Original Recommendation We recommend that Tayside Contracts investigates the possibility of the information in the forms being automatically uploaded to the Saffron system. This will provide more time for checking of the information being presented. Original Management Response Agreed – this will be investigated to see if this process can be automated. (Responsible Officer: Head of Facilities Management and Human Resources; Implementation Date: 30 September 2018)
Finding in 2018/19 We can confirm that this has not taken place. The Business Support Manager has now been tasked with taking this recommendation forward. Recommendation in 2018/19 We have treated this as not implemented and reiterate our original recommendation. Management Response in 2018/19 It is our intention to review the use of Saffron if the CPU is approved. This will mean that a new systems configuration will be required, as such Saffron may not be used or may not be used in its current configuration. This will be reviewed again in March 2019. See next Page for Finding, Recommendation and Management comment for 2019/20
27 90 Tayside Contracts C DETAILED RECOMMENDATIONS Follow Up Review Fully Implemented Recommendations
Catering Services (December 2017) – Input to Saffron System-Follow up
Ref Finding from our 2019/20 Follow Up Grade Recommendation
6 During our review, we found the Organisation has updated the Low No further action required. Saffron system to allow the forms to be automatically uploaded.
28 91 Tayside Contracts D GRADING STRUCTURE Follow Up Review
For each area of review we assign a level of assurance in accordance with the following classification:
Assurance Classification
Strong Controls satisfactory, no major weaknesses found, no or only minor recommendations identified
Substantial Controls largely satisfactory although some weaknesses identified, recommendations for improvement made
Weak Controls unsatisfactory and major systems weaknesses identified that require to be addressed immediately
No No or very limited controls in place leaving the system open to significant error or abuse, recommendations made require to be implemented immediately
29 92 Tayside Contracts D GRADING STRUCTURE Follow Up Review
For each recommendation we make we assign a grading either as High, Medium or Low priority depending upon the degree of risk assessed as outlined below:
Grading Classification
High Major weakness that we consider needs to be brought to the attention of the Joint Committee and addressed by senior management of the Organisation as a matter of urgency Medium Significant issue or weakness which should be addressed by the Organisation as soon as possible
Low Minor issue or weakness reported where management may wish to consider our recommendation
30 93 Tayside Contracts E ASSIGNMENT PLAN Follow Up Review
Audit Approach Our approach to the review will be: ➢ To discuss with management and staff, the status of any outstanding recommendations raised in prior years and where appropriate, undertake testing on a sample basis.
Potential Key Risks The potential key risks associated with the area under review are: ➢ The Organisation does not address the areas of concern which may significantly affect its ability to continue to operate.
31 94
95
Tayside Contracts Internal Audit 2019-20
Health & Safety December 2019
96
97
Tayside Contracts TABLE OF CONTENTS Health & Safety
Section Page
1 EXECUTIVE SUMMARY ...... 2 2 BENCHMARKING ...... 12 3 AUDIT ARRANGEMENTS ...... 13 4 KEY PERSONNEL ...... 14 Appendix Page
A GRADING STRUCTURE ...... 16 B ASSIGNMENT PLAN ...... 18
The matters raised in this report came to our attention during the course of our audit and are not necessarily a comprehensive statement of all weaknesses that exist or all improvements that might be made.
This report has been prepared solely for the Tayside Contracts’s individual use and should not be quoted in whole or in part without prior written consent. No responsibility to any third party is accepted as the report has not been prepared, and is not intended, for any third party.
We emphasise that the responsibility for a sound system of internal control rests with management and work performed by internal audit should not be relied upon to identify all system weaknesses that may exist. Neither should internal audit be relied upon to identify all circumstances of fraud or irregularity should there be any although our audit procedures are designed so that any material irregularity has a reasonable probability of discovery. Every sound system of control may not be proof against collusive fraud. Internal audit procedures are designed to focus on areas that are considered to be of greatest risk and significance.
1
98
99
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
1 EXECUTIVE SUMM ARY Overview
Purpose of review This review considered the health & safety arrangements in place within Tayside Contracts ("the Organisation") to ensure these are sufficient, follow good practice and adhere to current legislation and guidance.
This review forms part of the 2019/20 Internal Audit Annual Plan.
Scope of review Our objectives for this review were to ensure:
➢ The Organisation has suitable Health & Safety policies and procedures in place which are subject to regular review and approval.
➢ There is a designated Health & Safety Officer and Team/Group for the Organisation who have sufficient Health & Safety expertise.
➢ There is ongoing training given to staff in respect of Health & Safety requirements and guidance.
➢ The Organisation have a standard operating procedure for carrying out risk assessments in the workplace.
➢ There is an appropriately managed and documented accident/incident reporting process.
➢ Periodic spot checks take place to ensure that staff are complying with the Health & Safety policies and procedures.
➢ Robust and clear procedures are in place for COSHH assessments and these records are retained centrally.
➢ There is an effective fire management system in place.
➢ There are procedures in place for maintenance required to gas appliances which are in line with government regulations. 2
100
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
➢ The Organisation are adhering to Health & Safety Regulations with regard to driving at work.
➢ Appropriate first aid procedures are in place, with designated first aiders on site who are clearly identified.
➢ The Organisation have certifications in place for statutory safety inspections required to be carried out by law.
➢ There are appropriate Health & Safety checks in place for contractors and visitors.
➢ There is appropriate reporting mechanisms in place with regard to Health & Safety.
Our approach to this assignment took the form of discussion with relevant staff, review of documentation and where appropriate sample testing. Limitation of scope There was no limitation of scope.
3
101
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
Background
The Organisation has an Occupational Health & Safety Policy in place that documents their commitment to continually improving occupational health & safety within all aspects of the business. The Policy also notes that the Organisation fully accept their responsibility for staff and other persons who may be affected by their activities and that they will take all necessary steps to ensure statutory safety duties are met. The Policy is reviewed annually or when necessary following any legislative or organisational changes.
The Policy notes that the Managing Director of the Organisation is responsible for the safe working of all employees and any other persons who may be affected by the Organisation’s work. The Policy outlines the Managing Directors responsibility for the following:
➢ Determining the organisational structure through which this policy is implemented and delegating the responsibility for implementation of the policy to corporate and other managers; ➢ Ensuring adequate finance and other resources are made available to enable this policy to be implemented effectively; ➢ Appointing competent person(s) to advise and assist on the application of this policy; and ➢ Formally approving all occupational health and safety policies and procedures.
Operationally the Head of Human Resources is responsible for health & safety within the Organisation. The Head of Human Resources is supported by the following:
➢ Safety & Training Manager; ➢ Principal Health & Safety Adviser; and ➢ Health & Safety Adviser.
Further responsibilities lie with the Executive Officer Team (EOT) and the Corporate Management Team who are responsible for monitoring any health and safety issues for employees under their control if alerted to any issues by their Heads of Unit or Section Heads.
4
102
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
The Safety & Training Manager is responsible for the day to day provision of advice, guidance and support to management of on health & safety within the Organisation. The Safety & Training Manager is supported by the Principal Health & Safety Advisor who provides advice and guidance to ensure the Organisation comply with all statutory health and safety provisions.
Staff members are provided with health & safety training as part of their induction. The Safety & Training Manager is responsible for:
➢ Reviewing the policy and amending as necessary to ensure it is up to date and relevant; and ➢ Ensuring that managers/supervisors are made aware of their responsibilities as determined by this Health and safety policy.
Training is also provided to staff members as and when required such as in the event of any new work equipment, new technology or alteration of current systems.
Annually, the Executive Officer Team (EOT) prepare service plans in consultation with their Heads of Unit that identify specific health & safety objectives to be reviewed throughout the year. These objectives are then reviewed quarterly by the Safety Steering Group and annually by the Joint Committee.
The Organisation’s Health & Safety Management System is used to record all information on health & safety. This includes policies, procedures, safe working arrangements, safe work systems, risk assessments and incidents. The Organisation follow the Health & Safety Executive’s ‘five steps to risk assessment’ guidance. The five steps are:
➢ Identify the Hazard; ➢ Identify who may be harmed and how; ➢ Evaluate the risk and decide on precautions; ➢ Record finding and implement any actions; and ➢ Review and update if necessary.
5
103
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
The risk assessments cover all areas and operations of the Organisation such as risks relating to, but not limited to:
➢ Driving; ➢ Working at height; ➢ Vehicles and plants; ➢ Weather; ➢ Traffic; ➢ Slip/trip/falls; ➢ Fire/explosion; ➢ Violence; ➢ Display screen equipment; ➢ Environment; ➢ Manual handling; ➢ Noise; ➢ Lone working; ➢ Night working; and ➢ Water.
The overall effectiveness of the Organisations Occupational Health & Safety Policy is monitored through the number of accident/incident investigations and inspection audits. For 2019/20, there have been 7 RIDDORs to date and 13 were recorded for 2018/19. Accidents are investigated to establish the cause to a level commensurate with their potential risk for injury and loss. The accident reports are submitted to the CMT member and senior manager and accident figures and patterns are discussed at the quarterly Safety Steering Group meetings. The Organisation deliver the Policy through: ➢ Generating a culture that does not tolerate threats to health and safety; and ➢ Ensuring the involvement of all our leaders, managers, employees and sub-contractors.
6
104
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
Work Undertaken Our work for this review included the following:
➢ Discussions with the Health & Safety staff to establish the current arrangements ensuring these are robust; ➢ Review and evaluation of existing systems documentation, policies and procedures currently in place in respect of health and safety. This included the Occupational Health & Safety Policy, Gas Safety Policy, Fire Safety Policy, First Aid at Work Policy, Active Monitoring Policy and the Work-Related Road Safety Policy; ➢ Assessing the robustness of these procedures to ensure these are fit for purpose and follow good practice; ➢ Testing to confirm that procedures are being adhered to by Organisation staff; ➢ Consideration of any internal reviews and spot checks to ensure that these are taking place and that any issues identified from these reviews are being dealt with in an appropriate manner and timescale; ➢ Review of the reports provided to Management and Joint Committee ensuring that they provide sufficient information for the reader; ➢ Assessment of the communication of Health and Safety Regulations throughout the Organisation ensuring staff are fully aware of the Organisation’s health & safety arrangements; ➢ Reviewing the process for carrying out risk assessments and safety procedures; ➢ Discussing with relevant staff the health and safety checks in place for those external to the Organisation, such as contractors; ➢ Reviewing evidence of accident and incident recording through the Accident Monitoring Reporting System; ➢ Discussing with staff the processes in place for the undertaking of statutory inspections and review of related documentation for appropriateness and confirmation that inspections are taking place; ➢ Ensuring policies and procedures in place are subject to regular review and approval; ➢ Considering and assessing the Organisations fire management systems and drills; ➢ Review of training given to staff in respect of Health & Safety requirements and guidance; ➢ Review of COSHH assessments and records ensuring that these are undertaken as part of the annual action plan; and ➢ Ensuring the accident and incident reporting process is appropriately managed and documented. This including a review of the Accident Monitoring Reporting System to ensure that this is fully utilised.
Through our testing we observed many areas of good practice, which are noted in the Executive Summary.
7
105
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
Conclusion
Overall conclusion Overall Conclusion: Strong
We can provide a strong level of assurance over the policies and controls in place regarding the Organisation's health & safety arrangements. We can also provide a strong level of assurance that the health & safety arrangements are sufficient, follow good practice and adhere to current legislation and guidance.
Summary of recommendations Grading of recommendations
High Medium Low Total
Health & Safety 0 0 0 0
As can be seen from the above table there were no recommendations made which we have given a grading of high.
8
106
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
Areas of good practice
The following is a list of areas where the Organisation is operating effectively and following good practice.
1. The Organisation adheres to the Health and Safety at Work Act 1974 by ensuring health and safety practices are in place for employees whilst undertaking work-related driving activities. The Organisation’s road safety arrangements are designed to ensure that employees who drive vehicles, trailers and mobile plant either hired or owned for work purposes do so in a manner that reduces risk, prevents injury or adverse health effects. 2. The effectiveness of the Organisation’s Occupational Health & Safety Policy is monitored through accident/incident investigations and inspection audits. Monitoring and evaluation reports are submitted to the senior management Team at quarterly Safety Steering Group meetings which are chaired by the Head of each Division, or their nominated representative. An annual Occupational Health & Safety Performance Report is also submitted to the Joint Committee. 3. The Organisation use the process of workplace monitoring and inspection to obtain assurances that health and safety hazards are adequately controlled and meet the relevant statutory provisions. 4. The Organisation adhere to their Management of Active Monitoring Policy. This is to ensure the Organisation can measure its compliance with health and safety standards and continually work towards improving health & safety performance. Periodic visits are undertaken to ensure the efficiency of health and safety processes by the Health & Safety Adviser.
5. The Organisation has a robust First Aid at Work Policy in place to ensure that there is adequate provision of first aid throughout the Organisation and that the Health & Safety (First Aid) Regulations 1981 are adhered to. Monthly checks of the first aid stations are undertaken at each workplace, ensuring that the first aid provision is ‘adequate and appropriate to the circumstance’.
6. The Organisation has a robust Management and Safe Use of Compressed Gas Policy in place that outlines the responsibilities and arrangements for the use, handling and storage of compressed gases.
9
107
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
The following is a list of areas where the Organisation is operating effectively and following good practice.
7. The Organisation utilise an accident reporting management system. The system records all accidents that result from work related actions and ensures the accidents are reported and investigated in a thorough, effective and timely manner and monitored correctly. 8. The Organisation provide all staff members with induction training on health & safety. Training is also provided to staff members as and when required, such as in the event of any new work equipment, new technology or alteration of current systems. Training is based upon an evaluation of the skills and competencies required to carry out tasks safely and subsequent matching of these skills and competencies to those charged with carrying out the task. 9. The Organisation has highly trained and qualified staff fulfilling the health and safety management role. Furthermore, all staff we spoke to during our review were aware of who the Safety and Training Manager and Principal Health and Safety Adviser were. 10. The Organisation has a robust Management of Fire Risk Policy in place that is compliant with the Fire (Scotland) Act 2005 and the Fire Safety (Scotland) Regulation 2006. The purpose of this Policy is to ensure the Organisation continue to meet its obligation to protect all employees from the potential risk of a fire. 11. The Organisation operate an approved contracting scheme where all companies contracted are assessed and approved before the commencement of any works. Under the approved contracting scheme contractors must provide suitable and sufficient welfare facilities on all Organisation sites in accordance with the number of operatives employed on site, as required by the Construction (Design and Management) Regulations 2015. 12. The Organisation has developed a robust Management of Risk Assessment Policy adhering to the provisions of the Management of Health and Safety at Work Regulations (1999). This has ensured that suitable and sufficient risk assessments are carried out for any work activity or procedure which presents a risk of injury or ill health, and the risk assessment of these significant risks are documented. 13. The Organisation is committed to continually improving occupational health and safety performance within all aspects of business, ensuring the continued occupational health and safety of employees, so far as is reasonably practicable. The Organisation also fully accept responsibility for other persons who may be affected by activities and will take all necessary steps to ensure that statutory duties are met. 10
108
Tayside Contracts 1 EXECUTIVE SUMMARY Health & Safety
The following is a list of areas where the Organisation is operating effectively and following good practice.
14. The Occupational Health and Safety Policy is published on the staff intranet and is available to all. The Organisation also refer to the Health and Safety Policy within the staff handbook.
11
109
Tayside Contracts 2 BENCHMARKING Health & Safety
2 BENCHMARKI NG We include for your reference comparative benchmarking data of the number and ranking of recommendations made for audits of a similar nature in the most recently finished internal audit year.
Health & Safety
Benchmarking
High Medium Low Total
Average number of recommendations in similar 0 2 2 4 audits
Number of recommendations at Tayside 0 0 0 0 Contracts
From the table above it can be seen that the Organisation has a lower number of recommendations compared to those organisations it has been benchmarked against.
12
110
Tayside Contracts 3 AUDIT ARRANGEMENTS Health & Safety
3 AUDIT ARRANGEMENTS The table below details the actual dates for our fieldwork and the reporting on the audit area under review. The timescales set out below will enable us to present our final report at the next Joint Committee meeting. Audit stage Date
Fieldwork start 18 November 2019
Closing meeting 21 November 2019
Draft report issued 5 December 2019
Receipt of management responses 17 December 2019
Final report issued 18 December 2019
Joint Committee 16 March 2020
Number of audit days 5
13
111
Tayside Contracts 4 KEY PERSONNEL Health & Safety
4 KEY PERSO NNE L We detail below our staff who undertook the review together with the Organisation staff we spoke to during our review.
Wylie & Bisset LLP
Partner Graham Gillespie Partner [email protected]
Senior Manager Stephen Pringle Senior Internal Audit Manager [email protected]
Senior Haseeb Farrukh Internal Audit Senior [email protected]
Tayside Contracts
Key Contact Leanne Reilly Human Resources Manager [email protected]
Wylie & Bisset appreciates the time provided by all the individuals involved in this review and would like to thank them for their assistance and co-operation.
14
112
Tayside Contracts Health & Safety
APPENDICES
15
113
Tayside Contracts A GRADING STRUCTURE Health & Safety
A GRADI NG STRUCTURE For each area of review, we assign a level of assurance in accordance with the following classification: Assurance Classification
Strong Controls satisfactory, no major weaknesses found, no or only minor recommendations identified. Substantial Controls largely satisfactory although some weaknesses identified, recommendations for improvement made. Weak Controls unsatisfactory and major systems weaknesses identified that require to be addressed immediately. No No or very limited controls in place leaving the system open to significant error or abuse, recommendations made require to be implemented immediately.
16
114
Tayside Contracts A GRADING STRUCTURE Health & Safety
For each recommendation we assign a grading either as High, Medium or Low priority depending on the degree of risk assessed as outlined below:
Grading Classification
High Major weakness that we consider needs to be brought to the attention of the Joint Committee and addressed by senior management of the organisation as a matter of urgency.
Medium Significant issue or weakness which should be addressed by the organisation as soon as possible. Low Minor issue or weakness reported where management may wish to consider our recommendation.
17
115
Tayside Contracts B ASSIGNMENT PLAN Health & Safety
B ASSIGNMENT PLAN Purpose of review This review considered the health & safety arrangements in place within Tayside Contracts ("the Organisation") to ensure these are sufficient, follow good practice and adhere to current legislation and guidance.
This review forms part of the 2019/20 Internal Audit Annual Plan.
Scope of review Our objectives for this review are to ensure:
➢ The Organisation has suitable Health & Safety policies and procedures in place which are subject to regular review and approval.
➢ There is a designated Health & Safety Officer and Team/Group for the Organisation who have sufficient Health & Safety expertise.
➢ There is ongoing training given to staff in respect of Health & Safety requirements and guidance.
➢ The Organisation have a standard operating procedure for carrying out risk assessments in the workplace.
➢ There is an appropriately managed and documented accident/incident reporting process.
➢ Periodic spot checks take place to ensure that staff are complying with the Health & Safety policies and procedures.
➢ Robust and clear procedures are in place for COSSH COSHH assessments and these records are retained centrally.
➢ There is an effective fire management system in place.
➢ There are procedures in place for maintenance required to gas appliances which are in line with government regulations.
➢ The Organisation are adhering to Health & Safety regulations with regard to driving at work. 18
116
Tayside Contracts B ASSIGNMENT PLAN Health & Safety
➢ Appropriate first aid procedures are in place, with designated first aiders on site who are clearly identified.
➢ The Organisation have certifications in place for statutory safety inspections required to be carried out by law.
➢ There are appropriate Health & Safety checks in place for contractors and visitors.
➢ There is appropriate reporting mechanisms in place with regard to Health & Safety.
Our approach to this assignment took the form of discussion with relevant staff, review of documentation and where appropriate sample testing.
Limitation of scope There are no limitations of scope.
Audit approach Our approach to the review will be:
➢ Discussion with key personnel to establish the current arrangement in respect of health & safety at the Organisation. We shall assess what we are told to ensure the arrangements are sufficient, follow good practice and adhere with current legislation and guidance.
➢ Review and evaluation of existing systems documentation, policies and procedures currently in place in respect of health & safety. We shall assess the robustness of these documents/procedures to ensure these are fit for purpose and follow good practice.
➢ Testing will be undertaken to confirm that procedures are being adhered to by the Organisation's staff.
➢ Consideration of any internal reviews and spot checks to ensure that these are taking place and that any issues identified from these reviews are
19
117
Tayside Contracts B ASSIGNMENT PLAN Health & Safety
being dealt with in an appropriate manner and timescale.
➢ Review of the reports provided to management and the Joint Committee (if appropriate) in relation to health & safety. We shall assess these for robustness and to ensure these are presented in a timely manner.
Potential key risks The potential key risks associated with the area under review are:
➢ The Organisations policies and procedures are not regularly reviewed, approved and communicated to all employees resulting in a lack of awareness of current Health & Safety legislation and laws.
➢ The Organisations does not have any staff or external contact with the required knowledge as to their health and safety requirements resulting in potential breaches in health & safety legislation not being identified.
➢ Staff do not receive regular Health & Safety training, which could result in a lack of adherence to Health & Safety requirements and/or increase the risk of accidents at work.
➢ Risk Assessments are not carried out in line with Health & Safety legislation which could lead to an unsafe work environment with potential financial loss to the Organisation.
➢ Accidents, incidents and near misses are not recorded centrally and an overall picture of recent incidents cannot be formed and reported on leading to repetition of the same accidents/incidents and increasing the risk of financial claims by employees.
➢ Spot-checks do not take place which could result in an unsafe environment and potential financial loss to the Organisation.
➢ Clear records are not retained for COSSH COSHH assessments which could lead to the risk of unsafe substances being used without the correct guidance being provided.
➢ An inefficient fire management system could leave to fatal injury in the event of a fire. 20
118
Tayside Contracts B ASSIGNMENT PLAN Health & Safety
➢ The Organisation are not adhering to government required gas safety regulations resulting in legal implications.
➢ The Organisation do not ensure that others are not put at risk by its work-related driving activities resulting in potential financial damages.
➢ There are no trained and designated first aiders present in the event of an accident or near-miss.
➢ The Organisation have outdated certifications in place for statutory safety inspections required to be carried out by law which could result in legal implications.
➢ External contractors can carry out work for the Organisation without any consideration being given to their competence and health and safety procedures surrounding the work, which could lead to unsafe working practices being adopted with potential reputational and financial damage to the Organisation.
➢ Management are not informed of Health & Safety matters resulting in a lack of control and potential damage to the Organisation's reputation and finances.
21
119
Tayside Contracts Internal Audit Plan 2020 to 2021 February 2020 120
121
Table of contents
Section Page No. 1. Introduction 3 2. Operational Plan 4 – 6
Appendices: A. Summary of Internal Audit Input 7-9 B. Grading Structure 10 C. Key Performance Indicators 11
2 122
123
1. Introduction Background Wylie & Bisset LLP were appointed as Internal Auditors by the Joint Committee with effect from 1 September 2016 for a period of three years until 31 March 2019 with the potential to extend by a further two years (on an annual basis). The option to extend for a further year was agreed at the November 2018 Joint Committee Meeting, and was extended for a further year at the November 2019 Joint Committee Meeting.
Internal Audit The prime responsibility of the Internal Audit Service is to provide the Joint Committee, the Managing Director and other Senior Management of the Organisation, with an objective assessment of the adequacy and effectiveness of management's internal control systems.
The Internal Audit Service objectively examines, evaluates and reports on the adequacy of internal control thus contributing to the economic, efficient and effective use of resources and to the reduction of the potential risks faced by the Organisation. Also, the operation and conduct of the Internal Audit Service must comply with the guidelines set down by the Chartered Institute of Internal Auditors and the Public Sector Internal Audit Standards.
Terms of Reference – Internal Audit The provision of the Internal Audit Service by Wylie & Bisset LLP is covered by the letter of engagement dated 28 September 2019.
Formal Approval The Audit Needs Assessment (ANA) was presented to the Joint Committee of the Organisation on 14 November 2016. It was a 3 year rolling plan which we undertook to review continuously throughout our appointment. This has been done annually. This current document covers the detailed plan for 2020/21 following discussions with the Managing Director; the Head of Financial Services and the Vice Convenor Elect. The Convenor and Vice Convenor were also contacted for suggestions.
3 124
2. Operational Plan 2020/21
Total Audit Area High level indicative summary scope Number Of Days
Data Protection Legislation The purpose of this review is ensure that the Organisation is complying with the requirements of the 5 General Data Protection Regulation which came into force from May 2018. We will undertake a review of the processes in place to ensure compliance.
HR & Payroll The purpose of this review is to provide assurance that the Organisation has appropriate controls in place 5 in relation to its payroll and human resources processes. Our review will look at processes to ensure that they are operating as expected and that the appropriate controls exist, and are carried out in line with legislation.
Risk Management The purpose of this review is to ensure that the Organisation has appropriate risk management 4 arrangements in place and that these have been embedded throughout the whole Organisation. This review will seek to provide assurance that the risk management are adequate.
Disaster Recovery The purpose of this assignment is to review the disaster recovery arrangements in place at the 4 Organisation. Our review will consider whether there is sufficient contingency planning in place to address the possibility of an unforeseen event.
4 125
2. Operational Plan 2020/21
Total Audit Area High level indicative summary scope Number Of Days Follow Up The effectiveness of the internal control system may be compromised if management fails to implement 3 agreed audit recommendations. Our follow up work will provide the Joint Committee with assurance that prior year recommendations are implemented within the expected timescales.
Interface of Fleetwave and Integra The purpose is to undertake a review of the new interface that will be implemented in May 2020 at the 5 Organisation between the Fleetwave system and the finance system, Integra. Our review will consider the controls over the interface and the integrity of the data being transferred.
5 126
2. Operational Plan 2020/21
Assignment Plans A detailed assignment plan will be prepared for each audit undertaken, setting out the scope and objectives of the work, allocating resources and establishing target dates for the completion of the work. Each assignment plan will be agreed and signed off by an appropriate sponsor from the Organisation. Key Dates Visit Audit Areas Key Organisation Provisional Date for Date of Issue of Provisional Date to Personnel Visit Draft Report Joint Committee
Visit 1 Data Protection Legislation Leanne Reilly 8 June 2020 26 June 2020 24 August 2020 HR & Payroll Frank Reilly
Visit 2 Risk Management Managing Director 31 August 2020 18 September 16 November 2020 2020
Visit 3 Disaster Recovery Managing Director 23 November 2020 11 December March 2021 Follow-up Wendy Grant 2020 Interface of Fleetwave and Integra Wendy Grant
6 127
Appendix A - Summary of Internal Audit Input
1 September 2016 to 31 March 2021 Operating Plan (No. Of days) System Audit Area 2016/17 2017/18 2018/19 2019/20 2020/21 Financial Budgetary & Financial Controls 5 System Income Collection & Credit Control 5 Purchasing and Payments 5
Capital Spend and Procurement 5 HR & Payroll 5 5 Job Costing 6 Interface of Fleetwave and Integra 5 Finance system 5 Non Financial Catering Services 6 Systems Construction Services – Fleet Maintenance 5 Transport – Fleet Management (utilisation and asset management) 10 5 Carried Forward 15 17 20 10 10
7 128
Appendix A - Summary of Internal Audit Input
1 September 2016 to 31 March 2021 Operating Plan (No. Of days) System Audit Area 2016/17 2017/18 2018/19 2019/20 2020/21 Brought Forward 15 17 20 10 10 IT IT General Controls 5 IT Security 5 Disaster Recovery 4 Governance Corporate Governance 4 4 Risk Management 4 Business Continuity 4 Health & Safety 5 Other Data Protection Legislation 5 Workforce planning 5 Project Management 8 Management Reporting/Information gathering 5 Strategic Planning 5 Risk Management 4 Carried Forward 33 30 28 25 23
8 129
Appendix A - Summary of Internal Audit Input
1 September 2016 to 31 March 2021 Operating Plan (No. Of days) System Audit Area 2016/17 2017/18 2018/19 2019/20 2020/21 Brought Forward 33 30 28 25 23 Required Follow Up review 3 3 3 3 3 Audit Management 4 4 4 4 4 Total Days 40 37 35 32 30
9 130
Appendix B - Grading Structure
For each area of review we assign a grading in accordance with the following classification: Assurance Classification
Strong Controls satisfactory, no major weaknesses found, some minor recommendations identified
Substantial Controls largely satisfactory although some weaknesses identified, recommendations for improvement made Weak Controls unsatisfactory and major systems weaknesses identified that require to be addressed immediately No No or very limited controls in place leaving the system open to significant error or abuse, recommendations made require to be implemented immediately
For each recommendation we make we assign a grading either as High, Medium or Low priority depending upon the degree of risk assessed as outlined below: Grading Risk Classification
High High Risk Major weakness that we consider needs to be brought to the attention of the Joint Committee and addressed by senior management of the Organisation as a matter of urgency Medium Medium Risk Significant issue or weakness which should be addressed by the Organisation as soon as possible Low Low Risk Minor issue or weakness reported where management may wish to consider our recommendation
10 131
Appendix C – Key Performance Indicators Analysis of Performance Indicators
Performance Indicator Target
Internal audit days completed in line with agreed timetable and days allocation 100%
Draft scopes provided no later than 10 working days before the internal audit start date and final scopes 100% no later than 5 days before each start date Draft reports issued within 10 working days of exit meeting 100%
Management provide responses to draft reports within 15 days of receipt of draft reports 100%
Final reports issued within 5 days of receipt of management responses 100%
Recommendations accepted by management 100%
Quarterly progress reports to be provided for discussion at each Joint Committee meeting 100%
Draft annual internal audit report to be provided by 30 April each year 100%
Attendance at Joint Committee meetings by a senior member of staff 100%
Suitably experienced staff used on all assignments 100%
Draft 3 year rolling Audit Needs Assessment provided by 30 January each year (except in year 1 which is n/a final year 19 September 2016).
11 132
133 Tayside Contracts Joint Committee Annual Audit Plan 2019/20
Prepared for Tayside Contracts Joint Committee February 2020
134
135
Who we are
The Auditor General, the Accounts Commission and Audit Scotland work together to deliver public audit in Scotland:
The Auditor General is an independent crown appointment, made on the recommendation of the Scottish Parliament, to audit the Scottish Government, NHS and other bodies and report to Parliament on their financial health and performance.
The Accounts Commission is an independent public body appointed by Scottish ministers to hold local government to account. The Controller of Audit is an independent post established by statute, with powers to report directly to the Commission on the audit of local government.
Audit Scotland is governed by a board, consisting of the Auditor General, the chair of the Accounts Commission, a non-executive board chair, and two non-executive members appointed by the Scottish Commission for Public Audit, a commission of the Scottish Parliament.
About us
Our vision is to be a world-class audit organisation that improves the use of public money.
Through our work for the Auditor General and the Accounts Commission, we provide independent assurance to the people of Scotland that public money is spent properly and provides value. We aim to achieve this by: carrying out relevant and timely audits of the way the public sector manages and spends money reporting our findings and conclusions in public identifying risks, making clear and relevant recommendations.
136
Tayside Contracts Joint Committee137 | 3
Contents
Risks and planned work 4
Audit scope and timing 8 138
4 | 139
Risks and planned work
1. This annual audit plan contains an overview of the planned scope and timing of our audit which is carried out in accordance with International Standards on Auditing (ISAs), the Code of Audit Practice, and guidance on planning the audit. This plan sets out the work necessary to allow us to provide an independent auditor’s report on the annual accounts and meet the wider scope requirements of public sector audit.
2. The wider scope of public audit contributes to assessments and conclusions on financial management, financial sustainability, governance and transparency and value for money.
Adding value
3. We aim to add value to Tayside Contracts Joint Committee (Tayside Contracts) through our external audit work by being constructive and forward looking, by identifying areas for improvement and by recommending and encouraging good practice. In so doing, we intend to help the Tayside Contracts Joint Committee promote improved standards of governance, better management and decision making and more effective use of resources.
Audit risks
4. Based on our discussions with staff, attendance at committee meetings and a review of supporting information we have identified the following significant audit risks for Tayside Contracts Joint Committee. We have categorised these risks into financial statements risks and wider dimension risks. The key audit risks, which require specific audit testing, are detailed in exhibit 1.
Exhibit 1 2019/20 Significant audit risks
Audit Risk Source of assurance Planned audit work
Financial statements risks
1 Risk of material misstatement • Owing to the nature of • Review of the Annual caused by management override this risk, assurances Governance Statement and of controls from management are the assurances obtained in not applicable in this support of the statement. ISA 240 requires that audit work is instance. planned to consider the risk of fraud, • Detailed testing of journal which is presumed to be a significant entries. risk in any audit. This includes • Review of accounting consideration of the risk of estimates. management override of controls to • Focussed testing of accruals change the position disclosed in the and prepayments. financial statements. • Evaluation of significant transactions that are outside the normal course of business. Risks and planned140 work | 5
Audit Risk Source of assurance Planned audit work
2 Risk of material misstatement • Majority of income Analytical procedures on caused by fraud in income received via electronic significant income streams. recognition. payment. Detailed testing of revenue • Robust controls over transactions focussing on the ISA 240 requires that audit work is income generation and areas of greatest risk. planned to consider the risk of fraud receipting processes, over income, which is presumed to Review of budget monitoring including segregation be a risk in any audit with significant reports focussing on significant of duties. income streams. budget variances. • Independent monitoring and review of suspense codes – including bank reconciliations. • Effective scrutiny over monthly reporting by operational and senior management and quarterly by the Joint Committee.
3 Risk of material misstatement • Robust controls over • Analytical procedures on caused by fraud in expenditure expenditure and significant expenditure payment processes, streams. The Code of Audit Practice expands including segregation • Detailed testing of the consideration of fraud under ISA of duties. 240 to include the risk of fraud over expenditure transactions, expenditure. This applies to the • Independent including cut-off testing, council due to the variety and extent monitoring and review focussing on the areas of of expenditure incurred. of suspense codes – greatest risk. including bank • Review of budget monitoring reconciliations. reports focussing on • Effective scrutiny over significant budget variances. monthly reporting by • Audit work on the National operational and senior Fraud Initiative matches. management and quarterly by the Joint Committee. • Fraud prevention arrangements including Involvement in the National Fraud Initiative.
4 Estimation and judgements • Pension Fund • Review of the work of the valuation completed actuary, including There is a significant degree of by a qualified actuary consideration of the estimation and judgement in the with the applicability of appropriateness of the measurement and valuation of some actuarial assumptions actuarial assumptions used. material account areas, including: reviewed by officers. • Review of procedures for • The value of the pension liability • Provision calculations ensuring actuarial valuations (£25.395 million at 31 March supported by clear provided are appropriate and 2019) is an estimate based on evidence and / or include assumptions relating information provided by robust assumptions. to relevant legal rulings. management and actuarial • Confirm pension valuations assumptions. in actuarial report are • The value of provisions (£1.174 correctly reflected within the million at 31 March 2019) is 2019/20 accounts. based on management’s • Review the basis for assessment of the value and provisions recognised, including detailed testing to 6 | 141
Audit Risk Source of assurance Planned audit work
probability of potential future source documentation where outflows. required. This subjectivity represents an increased risk of misstatement in the financial statements.
Wider dimension risks
5 Business Plan • The Joint Committee • Review the 2020-2023 have been kept Business Plan when The current three-year business informed of available. plan, which sets out the key strategic developments with the aims and objectives for the business plan and the organisation and provides a strategic priorities for framework on how these will be 2020/21. delivered, covers the period 2017- 2020. • The new three-year Business Plan is in The new three-year business plan development and is covering the period 2020-2023 has expected to be not yet been prepared and there is presented to the Joint therefore a risk that the organisation Committee meeting on does not have a clear strategic 22 June 2020. direction going forward.
Source: Audit Scotland
Reporting arrangements
5. This audit plan, the outputs set out at exhibit 2, and any other outputs on matters of public interest will be published on Audit Scotland’s website: www.audit-scotland.gov.uk.
6. Matters arising from our audit will be reported on a timely basis and will include agreed action plans. Draft reports will be issued to the relevant officer(s) to confirm factual accuracy, prior to the issue and publication of final reports.
7. We will provide an independent auditor’s report to Tayside Contracts Joint Committee and the Accounts Commission setting out our opinions on the annual report. We will also provide the Proper Officer and the Accounts Commission with an annual report on the audit containing observations and recommendations on significant matters which have arisen during the audit.
Exhibit 2 2019/20 Audit outputs
Audit Output Committee Date
Management Letter 22 June 2020 (This will only be required where reportable issues are identified during our interim testing)
Independent Auditor's Report 24 August 2020
Annual Audit Report 24 August 2020
Source: Audit Scotland Risks and planned142 work | 7
Audit fee
8. The agreed fee for the 2019/20 audit of Tayside Contracts Joint Committee is £39,140 (£38,400 in 2018/19). The audit fee is £720 below the expected fee advised by Audit Scotland which reflects the current risk profile of the audit, the extent of wider code of audit practice work required for this year’s audit, and the planned staffing of the audit.
9. Our audit approach assumes receipt of the unaudited annual report, with a complete working papers package, by 22 June 2020. Where our audit cannot proceed as planned through, for example, late receipt of unaudited annual report or being unable to take planned reliance from the work of internal audit, a supplementary fee may be levied. An additional fee may also be required in relation to any work or other significant exercises out with our planned audit activity.
Responsibilities
Joint Committee and Proper Officer 10. Audited bodies are responsible for ensuring the proper financial stewardship of public funds, compliance with relevant legislation and establishing effective arrangements for governance, propriety and regularity that enable them to successfully deliver their objectives. For Tayside Contracts the Proper Officer (section 95 officer) has responsibility for the administration of financial affairs. The Joint Committee has responsibility for the oversight of internal and external audit.
11. The audit of the annual report does not relieve management or the Joint Committee, as those charged with governance, of their responsibilities.
Appointed auditor 12. Our responsibilities as independent auditors are established by the Local Government (Scotland) Act 1973 and the Code of Audit Practice (including supplementary guidance) and are guided by the auditing professions ethical guidance.
13. Auditors in the public sector give independent opinions on the financial statements and other information within the annual report. 8 | 143
Audit scope and timing
Annual report
14. The annual report, which include the financial statements, will be the foundation and source for most of the audit work necessary to support our judgements and conclusions. We also consider the wider environment and challenges facing the public sector. Our audit approach includes:
• understanding the business of Tayside Contracts and the associated risks which could impact on the financial statements
• assessing the key systems of internal control, and establishing how weaknesses in these systems could impact on the financial statements
• identifying major transaction streams, balances and areas of estimation and understanding how Tayside Contracts will include these in the financial statements
• assessing the risks of material misstatement in the financial statements and determining the nature, timing and extent of audit procedures necessary to provide us with sufficient audit evidence as to whether the financial statements are free of material misstatement.
15. We will give an opinion on whether the financial statements:
• give a true and fair view in accordance with applicable law and the 2019/20 Code of the state of affairs of Tayside Contracts Joint Committee as at 31 March 2020 and of its income and expenditure for the year then ended
• have been properly prepared in accordance with the requirements of the Local Government (Scotland) Act 1973, The Local Authority Accounts (Scotland) Regulations 2014, and the Local Government in Scotland Act 2003.
Other information in the annual report
16. We also review and report on the other information published within the annual report including the management commentary, annual governance statement and remuneration report. We give an opinion on whether these have been prepared in accordance with the appropriate regulations and guidance. We also read and consider the other information in the annual accounts and report any material inconsistencies.
Materiality
17. We apply the concept of materiality in planning and performing the audit. Materiality defines the maximum error that we are prepared to accept and still conclude that the financial statements present a true and fair view. It helps assist our planning of the audit and allows us to assess the impact of any potential audit adjustments on the financial statements.
18. We calculate materiality at different levels as described below. The calculated materiality values for Tayside Contracts Joint Committee are set out in exhibit 3. Audit scope and144 timing | 9
Exhibit 3 Materiality levels
Materiality Amount
Planning materiality – This is the figure we calculate to assess the overall impact of £1.206 million audit adjustments on the financial statements. It has been set at 1.5% of gross expenditure based on the audited accounts for the year ended 31 March 2019.
Performance materiality – This acts as a trigger point. If the aggregate of errors £0.724 million identified during the financial statements audit exceeds performance materiality this would indicate that further audit procedures should be considered. Using our professional judgement, we have calculated performance materiality at 60% of planning materiality.
Reporting threshold – We are required to report to those charged with governance on £0.050 million all unadjusted misstatements more than the ‘reporting threshold' amount. This has been calculated at 4% of planning materiality.
Source: Audit Scotland
Timetable
19. To support the efficient use of resources it is critical that a timetable is agreed with us for the production and audit of the annual report. The agreed timetable for the 2019/20 annual report is included at exhibit 4.
Exhibit 4 Annual accounts timetable
Key stage Date
Consideration of unaudited annual report by Joint Committee 22 June 2020
Latest submission date of unaudited annual report and accounts with complete 22 June 2020 working papers package
Latest date for final clearance meeting with Head of Financial Services 17 July 2020
Agreement of audited unsigned annual report 24 July 2020
Issue of Letter of Representation, proposed independent auditor's report and 3 August 2020 proposed Annual Audit Report for consideration at Joint Committee meeting on 24 August 2020
Independent auditor’s report signed 24 August 2020
Issue of Annual Audit Report 24 August 2020
Internal audit
20. Auditing standards require internal and external auditors to work closely together to make best use of available audit resources. We seek to rely on the work of internal audit wherever possible and as part of our planning process we carry out an annual assessment of the internal audit function at audited bodies. 10 | 145
21. Internal audit is provided by Wylie & Bisset. Our assessment of the internal audit function concluded that it has sound documentation standards and reporting procedures in place and complies with the main requirements of the Public Sector Internal Audit Standards (PSIAS).
22. As part of our planning process we carry out an annual assessment of the internal audit function to ensure that it operates in accordance with the main requirements of the Public Sector Internal Audit Standards (PSIAS). ISA 610 requires an assessment on whether the work of the internal audit function can be used for the purposes of external audit. This includes:
Using the work of internal audit 23. As part of our wider dimension audit responsibilities we plan to consider the work of Internal Audit in a number of areas, including:
• Purchasing and payments
• IT security
• Management reporting and information gathering.
Audit dimensions
24. Our audit is based on four audit dimensions that frame the wider scope of public sector audit requirements as shown in exhibit 5. Our conclusions on the four dimensions will contribute to an overall assessment and assurance on best value.
Exhibit 5 Audit dimensions
Source: Code of Audit Practice
Financial management 25. Financial management is concerned with financial capacity, sound budgetary processes and whether the control environment and internal controls are operating effectively. We will review, conclude and report on:
• the effectiveness of the budgetary control system in communicating accurate and timely financial performance
• whether financial capacity and skills are adequate Audit scope and146 timing | 11
• whether appropriate and effective arrangements for internal control and the prevention and detection of fraud and corruption have been established
Financial sustainability 26. We consider the appropriateness of the use of the going concern basis of accounting as part of the annual audit. We will also comment on Tayside Contracts’ financial sustainability. We will carry out work and conclude on the following areas: • the effectiveness of financial planning in identifying and addressing risks to financial sustainability in the short, medium and long term
• the appropriateness and effectiveness of arrangements in place to address any identified funding gaps
• whether there are arrangements in place to demonstrate the affordability and effectiveness of funding and investment decisions.
Governance and transparency 27. Governance and transparency is concerned with the effectiveness of scrutiny and governance arrangements, leadership and decision-making and transparent reporting of financial and performance information. We will assess: • whether governance arrangements are appropriate and operating effectively
• the quality and timeliness of financial and performance reporting
• whether there is effective scrutiny, challenge and transparency of decision- making, and finance and performance reports.
Value for money 28. Value for money refers to using resources efficiently and effectively and continually improving services. We will review, conclude and report on whether Tayside Contracts can demonstrate value for money in the use of resources and improved outcomes.
Independence and objectivity
29. Auditors appointed by the Accounts Commission or Auditor General must comply with the Code of Audit Practice and relevant supporting guidance. When auditing the financial statements auditors must also comply with professional standards issued by the Financial Reporting Council and those of the professional accountancy bodies. These standards impose stringent rules to ensure the independence and objectivity of auditors. Audit Scotland has robust arrangements in place to ensure compliance with these standards including an annual “fit and proper” declaration for all members of staff. The arrangements are overseen by the Director of Audit Services, who serves as Audit Scotland’s Ethics Partner.
30. The appointed auditor for Tayside Contracts is Richard Smith, Senior Audit Manager. Auditing and ethical standards require the appointed auditor to communicate any relationships that may affect the independence and objectivity of audit staff. We are not aware of any such relationships pertaining to the audit of Tayside Contracts.
Quality control
31. International Standard on Quality Control (UK and Ireland) 1 requires that a system of quality control is established, as part of financial audit procedures, to provide reasonable assurance that professional standards and regulatory and legal requirements are being complied with and that the independent auditor’s report or opinion is appropriate in the circumstances. 12 | 147
32. The foundation of our quality framework is our Audit Guide, which incorporates the application of professional auditing, quality and ethical standards and the Code of Audit Practice (and supporting guidance) issued by Audit Scotland and approved by the Auditor General for Scotland. To ensure that we achieve the required quality standards Audit Scotland conducts peer reviews and internal quality reviews. Additionally, the Institute of Chartered Accountants of Scotland (ICAS) have been commissioned to carry out external quality reviews.
33. As part of our commitment to quality and continuous improvement, Audit Scotland will periodically seek your views on the quality of our service provision. We welcome feedback at any time and this may be directed to the appointed auditor or to Audit Scotland’s Audit Quality and Appointments group.
Audit scope and148 timing | 13 Tayside Contracts Joint Committee Annual Audit Plan 2019/20
If you require this publication in an alternative format and/or language, please contact us to discuss your needs: 0131 625 1500 or [email protected]
For the latest news, reports and updates, follow us on:
Audit Scotland, 4th Floor, 102 West Port, Edinburgh EH3 9DN T: 0131 625 1500 E: [email protected] www.audit-scotland.gov.uk
AS.2.0