Minutes of Proceedings
Session: Session currently unavailable
Date: 05 February 2019
SECRETARIAT AUDIT AND RISK COMMITTEE (SARC)
TUESDAY, 05 FEBRUARY 2019 at 2.00 PM
ROOM 106, PARLIAMENT BUILDINGS
Jim Brooks, Chairperson
Jim Wells MLA
Lesley Hogg, NIA
Rodney Allen, NIAO
Tara Caul, NIA
Richard Stewart, NIA
Paula McClintock, NIA
Eddie Kelly, NIA
Ashleigh Mitford, NIA
Opening / Review
The meeting commenced at 2.08 p.m.
Apologies were received from Brian Moreland, Head of Internal Audit and Gareth McGrath, Director of Parliamentary Services, who is currently on secondment.
2. Declarations of Interest
There were no Declarations of Interest made at this point in the meeting however Jim Wells declared an interest during item 5.
3. Minutes of Previous Meeting
Minutes of the previous meeting, held on 17 October 2018, were approved without amendment.
4. Matters Arising
The Governance Officer presented a revised draft of SARC’s Terms of Reference, based on two amendments discussed on 17 October 2018.
The first draft amendment provided for another Assembly Commission Member to attend on behalf of the nominated Member, if required. The second draft amendment reflected the fact that NIAO is charged by statute to carry out the external audit of the Northern Ireland Assembly Commission.
Agreed: SARC members agreed that they were content with the Terms of Reference as drafted.
5. Internal Audit Activity / Assurance
Eddie Kelly provided a summary of Internal Audit reports issued since 1 April 2018 and an update on Internal Audit activity since the SARC meeting on 17 October 2018.
The final report on the Review of the Public Engagement Unitissued on 6 December 2018 with 3 recommendations which related to: retention and filing of approvals; updating written procedures; and development of the internal financial tracking system. All recommendations were accepted and the assurance level for this audit was satisfactory.
The Chairperson remarked that the Review of Public Engagement was a good report in terms of its layout, scope and recommendations. He welcomed management’s acceptance of Internal Audit’s recommendations.
Eddie provided an update on the status of audits in progress. Fieldwork on the Review of Support Services has been completed and the report has been drafted. It is anticipated that the draft report will be issued in early February.
Jim Wells declared an interest as a member of the Pension Trustees for the Assembly Members Pension Scheme and as a Member of the Pension Scheme.
Fieldwork on the review of the Assembly Members Pension Scheme has been completed and the report has been drafted. It is anticipated that the draft report will be issued in early February.
Random sampling has been completed in respect of the Review of Members Expenses (interim audit of 18/19 expenditure). The terms of reference have been agreed and a letter to sample subjects has been issued. Fieldwork in the Finance Office and constituency offices has commenced. Eddie advised those present that this piece of work is going smoothly and there are no issues to report at this stage.
Terms of reference for the review of GDPR have been agreed and the review has commenced.
Progress against the audit plan is on target and there are no significant deviations to report. Eddie Kelly advised that he is confident that Internal Audit will be in a position to provide a meaningful level of assurance to the Accounting Officer at year-end. The Chairperson welcomed this as an essential element of the governance framework as it directly informs the assurance that SARC provides to the Accounting Officer.
Work on the Internal Quality Assessment is being progressed and the resulting action plan is under development.
Eddie presented a preliminary workplan covering April - June 2019. He went on to inform SARC that a full annual plan will be agreed with the Accounting Officer and Directors. The agreed plan will be presented at the next meeting of SARC.
The Chairperson welcomed the fact that the plan included a number of short pieces of work. Focused ‘task and finish’ work such as this may also highlight areas of concern for future audits. The Chairperson observed that some of the work being carried out related to sensitive areas and should be approached carefully.
Eddie advised SARC members that the overall assurance level for the period 1 April 2018 to 5 February 2019 was satisfactory. This assessment was based on the levels of assurance arising from individual Internal Audit assignments, the action taken by management to implement recommendations, and the results of follow-up activity.
Eddie advised that there have been no incidences of Whistleblowing reported to Internal Audit to date this year. There have been no cases of actual, suspected or attempted fraud reported to Internal Audit since the last SARC meeting.
Eddie advised SARC members that a meeting of the Inter-Parliamentary Heads of Audit Group was held in London on 24 and 25 January 2019. Agenda items included: audit strategies; audit planning; time recording; in-year monitoring and reporting; gifts and hospitality; and data analysis. Overall, the discussions were very useful and particularly pertinent given his focus on the development of the 2019/20 work programme.
Eddie advised that, as the acting Head of Internal Audit, he has completed the External Quality Assessment (EQA) of the Scottish Parliament’s internal audit function. The report was issued in November 2018. He advised SARC that, as previously agreed, the Head of Internal Audit (HIA) of the National Assembly for Wales will be carrying out the EQA of the NI Assembly Commission’s Internal Audit function in the course of 2019/20. He discussed this with the Welsh Assembly HIA at the recent meeting and they have tentatively agreed that this will be taken forward in Autumn 2019. This will be factored in to the 2019/20 Internal Audit plan which will be brought to the next meeting of SARC.
SARC was advised that team members were up to date with the Chartered Institute of Internal Auditors’ CPE requirements and that Eddie continues to monitor this on an ongoing basis.
6. Audit Recommendations Schedule
SARC members considered the updated schedule.
There have been three new recommendations made since the October 2018 meeting of SARC. Seven actions have been implemented during the same period.
It was noted that the implementation of four recommendations are in the category ‘awaiting political developments’, leaving five recommendations currently ‘in progress’.
It was noted that one ‘in progress’ audit recommendation has a ‘red’ (overdue) status.
The Chairperson emphasised the value of keeping on top of the implementation of audit recommendations. The failure of organisations to implement and monitor the implementation of audit recommendations has a significant adverse effect on the overall governance framework of that organisation and he was very pleased to note both the high rate of implementation and the quality of the tracking procedures. For the Chairperson, the implementation of audit recommendations provides greater assurance than any other statement.
The Chairperson went on to note the small number of recommendations in the category of ‘awaiting political developments’, given the length of time of the current political situation.
7. SARC Objectives 2019/20
SARC members discussed proposed changes to the current SARC objectives.
SARC members were content to remove reference to the Reaney Review given that the Secretary of State has made determinations in that regard.
A discussion took place in relation to the suggested inclusion of any Governance issues, or recommendations, arising from the Renewable Heat Incentive Inquiry Report. Lesley Hogg gave examples of where this report might be relevant to the work of the Assembly Secretariat and said that there may also be wider issues to consider. Derek Martin observed that there may be good practice proposals included in the Report that would be important to take into consideration.
The Chairperson sought views on whether implications of Brexit should be included within its objectives. Lesley Hogg clarified that Brexit will have more of an impact on the procedural than the governance side of the organisation and referred to the work of the Exiting the EU Working Group.
The conversation moved on to SARC’s role in relation to the sign-off of the Annual Report and Accounts and it was noted that the detail of this is provided in SARC’s Terms of Reference.
Agreed: SARC agreed that for 2019/20 the third objective would be amended to read:
‘To keep under review any risks arising from organisational change / the political situation, where appropriate, and any issues arising out of the work of the Independent Financial Review Panel, and any governance issues or recommendations, arising from the Renewable Heat Incentive Inquiry.’
Action: Ashleigh Mitford to amend wording accordingly.
8. NIAO Audit Strategy for the Year 2018/19
Rodney Allen gave SARC members an overview of the Audit Strategy for 2018/19, including materiality, audit approach and timetable, fees and staffing. Rodney highlighted that the NIAO had not identified risks of material misstatement, but that risk factors had been identified in relation to payments to members and members pay and expenses. He noted that the NIAO did not consider these to represent a significant risk of material misstatement.
SARC members were content with the Audit Strategy. The Chairperson was content that NIAO has not identified any significant risks of material misstatement. He went on to remark that: accounts being provided on time; presence of good processes; a clean bill of health from external audit; and a suite of internal reports, should together provide a meaningful level of assurance to SARC. Assurances in relation to Whistleblowing and Fraud are also helpful.
The Chairperson noted that payments made to members and members pensions are areas of known risk here and in other jurisdictions. It was not therefore unexpected that NIAO has highlighted these areas as warranting continuing monitoring.
Rodney Allen also drew SARC members’ attention to the signed Letter of Understanding which sets out the basis upon which the Comptroller and Auditor General audits the accounts of the NI Assembly Commission. He noted that this letter had been reissued in December 2018 as it is routinely updated to reflect changes in both client and auditor responsibilities and that it would remain effective until it is terminated or superseded.
9. Corporate Risk Register
SARC members noted the changes made to the contents of the Corporate Risk Register, since the October 2018 SARC meeting, and that the Register was approved by SMG and presented to the Northern Ireland Assembly Commission in December 2018. All revisions relate to the ‘additional actions’ under each Corporate Risk.
Jim Wells referred to previous discussions in relation to staff and in particular IS staff.
There was a discussion in relation to an independent report, produced by the Head of IS of the Scottish Parliament, on the review of the Northern Ireland Assembly Commission’s IS Office. Lesley Hogg advised that she had just received the report and had not yet had a chance to consider its contents. Lesley reminded SARC members that, as well the option of filling vacant posts through external recruitment, there are plans in development for an IS apprenticeship scheme, the structure of which is being finalised. It was noted that it is difficult to recruit developers in particular, given the highly competitive market.
Jim Wells asked if the report would be presented to the Commission. Lesley Hogg confirmed that, when she has had a chance to fully consider the report, any applicable findings and recommendations will be brought to the Commission.
Jim Wells was concerned that, should an Executive be formed after Brexit, the Assembly would be short staffed in the area of IS, as is the case with other organisations.
The Chairperson observed that retaining readiness in the current political environment was not easy and stressful for staff.
Jim Wells drew attention to the high level (red) of ‘inherent risk’ associated with Corporate Risk 4 (Loss of staff, skills and knowledge and / or staff engagement).
The Chairperson agreed and said that SARC would need to closely monitor this area of risk. He observed that it is an increasingly difficult task to continue to retain readiness in order to facilitate a return to normal business at short notice. The Chairperson and Independent Member commended management’s approach of temporary redeployment while maintaining a core of staff in Parliament Buildings.
10. Annual Review of Fraud and Bribery Self-Assessment Checklists, Bribery Risk Assessment and Action Plan
SARC members noted the Fraud and Bribery Self-Assessment Checklists, Bribery Risk Assessment and Action Plan – December 2018. The December 2018 document had been produced in consultation with relevant Heads of Business across Directorates and had been agreed by SMG. The process has again identified a high level of compliance within the organisation.
Actions on the new plan include: next steps for fraud and bribery awareness and possible further training for those most at risk; actions in relation to the revised Whistleblowing Policy and new guidance for managers who are approached by whistleblowers; and an action around contracts.
SARC members considered the document to be comprehensive. The Chairperson emphasised the importance of maintaining fraud awareness and also observed that while bribery can sometimes be visible, it can also be more difficult to detect. The Chairperson was glad to see high standards being maintained and particularly welcomed the additional focus that is to be provided for those identified as being most at risk of fraud or bribery. Derek Martin welcomed the fact that staff are required to confirm that they have read the Fraud Prevention and Anti-Bribery Policy and Response Plan.
Jim Wells observed that it is important to have these documents and policies in place even in the absence of normal business.
11. Key Guidance from the Department of Finance
SARC members noted one DAO/FD letter, two DAO letters and two FD letters, issued by the Department of Finance, since the October 2018 SARC meeting.
12. NAO Cyber Security & Information Risk checklist Action Plan monitoring
The NAO Cyber Security and Information Risk Checklist was completed in January 2018 and an Action Plan put in place. SARC considered the latest implementation position.
Jim Wells asked if the action in relation to IS Capacity would be brought to every meeting. Lesley Hogg confirmed that the NAO Cyber Security and Information Risk Checklist - Action Plan Monitor would continue to be included on the SARC agenda.
It is anticipated that the Checklist will be completed again in Spring 2019.
The Chairperson considered the issue of cyber security to be significant and that organisations are vulnerable. He noted that it was an area of concern and presented difficulties in achieving assurances.
No items were raised.
14. Date of Next Meeting
The next SARC meeting will take place on 15 May 2019.
The meeting ended at 2.50 p.m.