Agenda and minutes
Venue: Conference Room 4B - Tŷ Hywel. View directions
Contact: Clerk: Kathryn Hughes Deputy Clerk: Buddug Saer
No. | Item |
---|---|
Introductions and apologies and declaration of interests Minutes: 1.1 The Chair welcomed the attendees to the meeting and congratulated Dave Tosh on his permanent appointment as Director of Resources and Nicola Callow as Director of Finance. He also welcomed Ann-Marie Harkin and Matthew Coe as the new representatives from the Wales Audit Office. 1.2 No interests were declared. |
|
Minutes of 10 November meeting, actions and matters arising Minutes: 2.1
The minutes of the meeting on 10
November 2014 were agreed and officials provided the following updates on the
outstanding actions. 2.2
4.2c
Fixed Assets – Nicola confirmed that the task of tagging 1,700 items
was 90% complete with the remaining 10% on target for completion by the end of
February. 2.3
4.6
Recruitment – Dave referred the Committee to paper 20 for
further information and confirmed that the Recruitment Authorisation Document
was in use. The Committee agreed to come
back to the Capacity Planning and Recruitment paper at the April meeting. 2.4
4.12
HR Payroll project – Eric informed the Committee of his
attendance at Investment and Resourcing Board on 10 December where the Project
Initiation Document (PID) for phase 2 of the HR/Payroll project was
discussed. Although the bilingual
element remained outstanding from phase 1, a robust testing plan for phase 2
was expected. The Chair endorsed the
governance and due diligence for the project. 2.5
5.0
External Audit – recommendations in Management Letter. Nicola confirmed that when the
Committee discussed the Management Letter in November, there were two items
outstanding; ICT testing and reconciling Coda with Folding Space. Nicola went on to provide the following
update on the latest position on both items, which had provided assurance to
the WAO: i)
the
penetration testing of the Assembly website had been carried out and would be
repeated regularly; ii)
the data
centre, which had been well maintained since being in the Commission’s control,
had a newly installed air conditioning system and operational alarm system and
the generator had undergone a successful load test in August 2014; and iii)
reconciliation
work on the Coda and Folding Space systems had been completed and was being
done on an on-going basis. Specifically,
the team was working on the latest reconciliation for the period ending 31
December 2014 (publish date 31 March 2015).
2.6
9.1
Continued Commission engagement – Eric welcomed Angela Burns’ return
to the Committee which was important in maintaining the Committee’s
relationship with the Assembly Commission.
The following engagement activity was noted: i)
Attendance by
two of the Assembly Commissioners for a presentation at the November ACARAC
meeting. ii)
Eric’s
intention to once again present the ACARAC Annual Report at the Assembly
Commission in July and to discuss Risk and Scenario planning at a future
Commission meeting. 2.7
9.2
Consideration of new guidance - Gareth Watts and Eric had
reviewed new guidance produced by NAO and HMT and there were no changes to be
implemented. The Chair commented that
the Committee’s self-assessment process was more robust than that suggested in
the guidance. 2.8
9.2
ACARAC members to liaise with Commission teams –
Claire and Eric would continue to look for opportunities to liaise with
Commission teams when appropriate. Eric
referred to the following recent engagement of ACARAC members with Commission
teams: i)
Eric
scrutinised the HR/Payroll PID and attended an Investment and Resourcing Board
meeting to review the revised PID. ii) Assembly Officials were visiting the Northern Ireland ... view the full minutes text for item 2. |
|
Internal Audit Activity Report Minutes: 3.1
Gareth
Watts provided an update on progress against the 2014-15 audit programme. The Committee agreed that progress was
positive but suggested that Gareth should ensure appropriate focus on the
Assembly Business Directorate in the 2015-16 audit plan. |
|
Latest Internal Audit Reports Minutes: 4.1
Gareth
introduced the three reports and assured the Committee that he was satisfied
with the Management Board responses. 4.2
The
Payroll audit highlighted that controls were in place and working effectively,
although policies and procedures could be improved. Gareth would update the Committee at future
meetings as part of his recommendations monitoring reports. 4.3
The
Legislative Work Bench audit highlighted some historical issues around project
management practices but the audit focused on the user experience rather than
implementation of the system. Officials
at the Commission made good use of the system.
The joint contract with Welsh Government was due to expire in 2017 and
the decision on whether to retain or replace the system would ultimately rest
with them. 4.4
The
Committee were content with the report and welcomed the proposed timescales for
implementation of recommendations and the potential influence officials may
have with the user group. 4.5
They
also made reference to officials being intelligent customers and exploring
every option, including outsourcing non-core functions. Dave explained that the Business Analysts
were involved early in the project process but not involved in specific
solution specification. Use of internal
knowledge and expertise would be supplemented with market research where
appropriate. The Procurement team would
advise on the appropriate framework before a business case was prepared. 4.6
A
substantial discussion took place with regards to the Security Vetting
audit. Gareth confirmed that management
had engaged positively with the audit and had accepted the recommendations in
the report. Actions - Dave to accelerate the
implementation of recommendations on the Security vetting audit. - Gareth to update the Committee at
April meeting on implementation of all recommendations, as part of Internal
Audit recommendations monitoring. - Dave to review the Welsh Government’s approach to bolstering vetting procedures. |
|
Proposed Internal Audit Strategy and Periodic Work Plan Minutes: 5.1 Eric
welcomed the update from Gareth and congratulated him on raising the profile of
Internal Audit across the Commission. He
would like reassurance that the strategy could be flexed depending on
priorities. He also requested a summary of
the feedback received from Heads of Service involved in audits. 5.2 Committee
members requested clarification on how the audit on Better Engagement with the
People of Wales would add value as the measurement of success was not as
tangible as in other areas. They also
re-emphasised the importance of focussing on the Assembly Business Directorate
and asked Gareth to describe the Governance and Audit Service audit. 5.3 Gareth
thanked the Committee for their comments and agreed to provide further detail
in April, along with a summary of the comments received from Heads of
Service. His audit of the services
provided by Governance and Audit would involve benchmarking against other
organisations and potentially identifying different ways of delivering
services. Actions - Take on board the Committee’s
comments on the Internal Audit Strategy 2013-16 and present a final version to
the Committee in April. Including: o
Flexibility
and how plan may be refreshed, o
balanced
focus on business areas, o
detailed
timetable for 2014-15. - Incorporate feedback from audit sponsors in the
Internal Audit Annual Report. |
|
Audit Outline for 2014-15 Financial Statements Minutes: 6.1
Eric, Gareth, Nicola and the new representatives
from the WAO, Ann-Marie Harkin and Matthew Coe, had met in January and would
continue to meet regularly. It was
agreed that in future the draft Audit Outline would be considered earlier, at
November meetings. They would also
consider the interim accounts review timetable at a future meeting. 6.2
Ann-Marie set out their plans for undertaking this
year’s audit work which would include an additional test of Assembly Members’
expenses. The proposed fee for 2015
remained unchanged and any variance in the amount of time taken to complete
work would result in adjustments to the fee. 6.3
Nicola confirmed that following receipt of the
2014-15 audit plan she was producing a detailed timetable to ensure that staff
within her team worked to deliver the audit plan to the key dates. |
|
Update from WAO on any other matters Minutes: 7.1
Matthew confirmed that the interim audit was
largely complete and no significant concerns had been identified. As a result there were no plans to issue an
interim Management Letter. |
|
Information Governance Framework Minutes: 8.1 The Committee welcomed this comprehensive
document which brought together disparate policies and guidance documents
relating to information governance into a single framework. 8.2 Dave
thanked Alison Rutherford (Information Governance Manager) for the concise
report. The framework clearly identified
roles and responsibilities and signposted staff to specific sources of
information. Twice yearly reviews of the
Information Asset Registers had emphasised Heads of Service responsibility. There were also clear escalation routes for
emerging information risks. Dave would
ensure that once approved by Management Board, the document would be published
and publicised internally. |
|
2014-15 Budget update Minutes: 9.1
The Committee congratulated Nicola on the budget
position and highlighted the Value for Money savings and prompt payment
performance results. 9.2
Nicola informed members that a Supplementary Budget
had been laid on the 2 February to cover the shortfall in the Assembly Members’
pension fund. The Chair of the Finance
Committee had requested further information on the capital element of the
budget and Nicola was preparing a response.
|
|
Coda Finance System - Assurance on Resilience Minutes: 10.1
Nicola’s objectives were to assure the Committee
that the finance system remained fit for purpose and that the system would be
managed appropriately until its anticipated replacement. 10.2
In response to queries raised about the business
case for a replacement system, Nicola explained that a replacement system would
not be based on delivering efficiency savings because the time released from
changing processes would be used to increase the value added services that the
Finance team offer across the organisation.
The Business Analysts were working with the team and customers within
the organisation to capture requirements and opportunities for process changes. Nicola highlighted that work-arounds and data
manipulation in spreadsheets were currently necessary to produce meaningful
Management Board reports. 10.3
Nicola confirmed that KPMG had developed the
business case, that she had followed the HM Treasury 5 case model and had held
several discussions with internal stakeholders, including Procurement, Members’
Business Support and ICT about the scope of the project. This had included investigating the potential
of the Sharepoint platform and the Microsoft finance system, which had helped
to address the concern of keeping up to date with recent finance systems
capabilities. In addition, an Internal
Audit review was already built into the process. 10.4
The business case was scheduled to be presented to
the Investment and Resourcing Board in March. 10.5
Members urged Nicola and the wider project team to
apply any lessons learnt from previous projects. The Committee were grateful for the work to
date, but emphasised the need for Nicola to work with her counterparts in other
organisations and to undertake site reference visits to inform any future
decision. |
|
Accounting policies: timeline and process Minutes: 11.1 The
Committee were updated on the 2014-15 accounting policies review. External and
internal changes had been reviewed to ensure continued relevance in supporting
Assembly business. 11.2 Nicola mentioned
that WAO had yet to confirm the disclosure for ICT asset treatment proposed but
discussions were underway. The Committee
noted the training and guidance being offered to asset managers. Eric asked
that this item be added to the Committee’s Forward Work Programme on an annual
basis. Action - Clerking team to add review of
accounting policies as an annual item on the Forward Work Programme. |
|
Corporate Risk Summary Report Minutes: 12.1 Eric
asked Dave to focus his update on specific areas, namely the security vetting
risk, the Business Continuity exercise and Programme and Project
Management. 12.2 Angela suggested
that officials considered the inclusion of two risks at a corporate level: a. potential
reputational damage of decisions made in Westminster around constitutional
change; and b. Security
risks, taking into account the Security Vetting audit and wider security risks
given the heightened UK threat levels. 12.3 Dave
responded to these points as follows: i)
Security was
a static risk (i.e. a risk organisations would always face) and the Management Board
would agree the best way for static risks and issues to be captured and
monitored. This would be shared with the
Committee. In the meantime, security
risks were being managed at a service level. ii)
Programme and
Project Management risks had recently been discussed by Management Board and
the Directors’ Board. It was felt that
the risk did not need to be managed at a corporate level given the strengthened
controls and on-going implementation of governance arrangements. In terms of
capacity, the governance arrangements had also enabled Heads of Service to be
confident when resourcing projects. Dave
agreed to provide a summary of the improvements in programme and project
governance at the April meeting iii)
A corporate
Business Continuity exercise was planned for 24 April although the specific
scenarios were yet to be established. 12.4 Claire
responded to the points around the escalation of the risks around Westminster
decisions and security and would review with the Management Board whether these
should be added to the Corporate Risk Register.
Actions -
Summarise security vetting risk profile, including
risks associated with implementing Internal Audit recommendations. -
Clerking team to add detailed consideration of
security risks to future meeting agenda. -
Dave to provide an update on Programme and Project
Management governance improvements at the April meeting. |
|
Review of the Assembly's Commission's assurance framework Minutes: 13.1 The
Committee welcomed this excellent piece of work. They praised both the mapping exercise of
linking with corporate risks and the gap analysis. Members encouraged officials to include external
co-operation, external peer reviews and to continually review the framework in
order to validate assurance arrangements and strengthen the few ‘amber’
assurance sources. 13.2 Members
asked to be kept informed when the framework was used in the future and to
monitor the level of resource being dedicated to ensure that the overall RAG
status remained Green. 13.3 Claire
thanked the Committee for their comments and the Governance and Audit team for
producing a valuable piece of work. She
would ensure that the right balance was kept in terms of appropriate resources
for the level of risk. |
|
Discuss issues in preparation of the Committee's annual report Minutes: 14.1 The
Chair asked for the following items to be referenced
in the annual report: programme and project management and key change
programmes; capacity planning; Assurance
Framework; Risk Management; Internal Audit developments; extended roles of
Committee members; effectiveness survey; actions and areas of focus from
2013/14 report. He also asked WAO to
consider the inclusion of forward looking elements. A draft would be circulated out of Committee
and discussed at the meeting in April. Action -
Eric and
the Clerking team to draft and circulate the ACARAC Annual Report out of
Committee and present a draft for approval at the April meeting. |
|
Review of Committee's terms of reference Minutes: 15.1 Updated
Terms of Reference would be circulated before the April meeting for members to
approve. It would reflect the new job
titles of attendees, the annual presentation of the ACARAC Annual Report to the
Assembly Commission, and consideration of departure summaries and key change
programmes. Action - Clerking team to draft and circulate the ACARAC
Terms of Reference for agreement out of committee. |
|
External audit opinion of committee effectiveness Minutes: 16.1
The Committee agreed to defer this item until
April. |
|
Promoting cooperation between auditors and other review bodies Minutes: 17.1 Gareth
would be presenting the working protocol with WAO at the April meeting, which
reflected some updates. The Chair also
asked Gareth to consider and summarise sources, or potential sources of
external assurance, to complement those identified in the Assurance Framework. Action - Gareth to summarise sources, or potential sources of
external assurance. |
|
Papers to note and any other business Minutes: 18.1 The
Committee noted the two departures from normal procurement procedure. 18.2 The
Clerking team would update the Forward Work Programme (FWP) to reflect the
Commission’s strategy and business planning timetable, change programme activity,
and the external audit opinion of the Committee’s effectiveness. The Chair and the Clerking team would
consider the structure of future meetings and would consult with Committee
members. 18.3 In
response to a query from Hugh, Gareth agreed to include details of the internal
assessment of Internal Audit services in his Annual Report and Opinion. 18.4 The
Committee agreed to return to the paper on Capacity Planning and Recruitment as
an agenda item in April. The Chair noted
the good progress in implementing the Internal Audit recommendations. 18.5 The
Chair concluded the meeting by thanking everyone for their papers and
contributions. Actions -
Clerking team to update the FWP as outlined in
paragraph 18.2. -
Gareth to share details of Internal Audit
self-assessment (in relation to 5 year external assessment cycle) – this will
be included in Internal Audit Annual Report. -
Add capacity planning and recruitment to the agenda
for the April meeting. Private session A private session with Committee members was
attended by Gareth. No minutes were taken. |