Venue: Conference Room 4B - Tŷ Hywel. View directions
Contact: Clerk: Kathryn Hughes Deputy Clerk: Buddug Saer
Introductions, apologies and declaration of interests
1.0 Item 1 - Introductions, apologies and declarations of interest
1.1 The Chair welcomed a number of attendees to the meeting. Apologies from Suzy Davies. Andy Munro was present as part of his External Quality Assurance Review of Internal Audit and Clive Fitzgerald from TIAA was attending to present the Cyber Security audit report.
1.2 Eric Gregory declared that he was a Non-Executive Director on the Cabinet Office Modern Electoral Registration Programme and a business representative for the Parliamentary Review of Health and Social Care in Wales.
1.3 Although not necessarily seen as a conflict, Hugh Widdis wished to record that he was employed by CGU in or around 1998-2000. CGU later merged with Norwich Union and in due course became Aviva.
1.4 No other interests were declared.
Minutes of 21 November, actions and matters arising
2.0 Item 2 - Minutes and matters arising
ACARAC (01-17) Paper 1 - Minutes of 21 November 2016
ACARAC (01-17) Paper 2 – Summary of actions
2.1 The minutes of the meeting on 21 November were agreed and the updates on actions captured in paper 2, were noted.
2.2 Gareth provided an update to action (paragraph 2.3) feedback to the Committee on the outcome of the Governance and Audit team away day. An afternoon session had recently been convened to review the actions set during the session in May 2016. A number of positive themes had emerged from these sessions in terms of proactive cross-team and cross-Commission working. A Governance learning module was also being developed for training purposes as part of a Commission Manager Programme. Gareth agreed to share a detailed update with the Committee.
2.3 Eric confirmed that the WAO had recently circulated information relating to action point (paragraph 6.4) circulate details of effectiveness surveys from the WAO Chairs of Audit Forum. Further information would be shared in October provided other committees shared this with the WAO, as we had already done.
2.4 Claire Clancy briefed the Committee on the name change consultation (action point 10.4). The Consultation would run until the beginning of March and of the 1,721 responses received to date, 65-70% agree or strongly agree that the National Assembly for Wales should change its name.
2.5 Claire also updated the Committee on the Assembly’s Expert Panel on Electoral Reform which was launched on 1 February and would be meeting for the first time on 14 February.
2.6 The Chair welcomed the recent circulation of the Corporate Key Performance Indicator report. Officials agreed to review the use of 100% target ratings and the omission of any reference to key projects and programmes.
2.7 Claire informed the Committee that the Investment and Resourcing Board (IRB) were now receiving regular project and programme activity updates from Directors. Updates on major projects are provided regularly to the Assembly Commission.
- Gareth to circulate update on positive changes to the team.
Internal Audit Activity Report
3.0 Item 3 – Internal Audit Activity Report
ACARAC (01-17) Paper 3 – IA progress report
ACARAC (01-17) Paper 4 – IA Monitoring Recommendations
3.1 The Committee welcomed Gareth’s progress report and monitoring documents. A Payroll audit had commenced and the final report would be circulated out of committee, as would the IRB review.
3.2 Gareth was scheduled to audit the payments made to Assembly Members (AMs) in terms of resettlement grants, redundancy payments to AM Support Staff, and setting up regional and constituency offices of new AMs following the Fifth Assembly elections.
3.3 Gareth advised that the contract for the co-sourced Internal Audit arrangements would be awarded in June 2017.
3.4 After some discussion on the scope and sample sizes of the specific audits that Gareth was about to undertake, the Committee suggested that he consider how best to report the outcomes and benefits to the Commission of his audit reports, as well as recommendations that had been rejected by Management.
- Gareth to circulate recommendations and actions from the review of IRB after consideration by IRB.
- Gareth to capture the outcomes of recommendations made by audit reviews in future reports.
- Gareth to include in IA reports recommendations that are not accepted by Management, and the reasons for this.
Latest Internal Audit reports
4.0 Item 4 – Latest Internal Audit Report
ACARAC (01-17) Paper 5 – Cyber Security
4.1 The Cyber Security audit resulted in a ‘needs improvement’ rating. This was due to the amount of work which was still in progress to improve the Assembly Commission’s arrangements for cyber security. 12 recommendations had been raised to enhance the current arrangement but none of these were High/Critical priority.
4.2 The Chair felt that this was a thorough report and that the Commission was well-sighted on quickly delivering the recommendations. He agreed with the Commission’s rejection of one of the recommendations.
4.3 Dave described the work that was taking place on a UK-wide level and confirmed all 12 recommendations would be complete by the end of the 2016-17 financial year. The appointment of a cyber security network specialist within the ICT team would further strengthen this area, although he recognised the challenges facing the organisation and the importance of raising awareness with Commission staff, AMs and support staff. Gareth would follow up on the ISO27001:2013 review and continue to meet on a regular basis with the Head of ICT before performing a follow up audit and updating the Committee when appropriate.
4.4 Dave confirmed that cyber security was about to be added to the Commission’s Corporate Risk Register and the Committee questioned whether bringing the ICT function in-house had highlighted historic failings in the security of the network. Dave confirmed that the transition to in-house ICT services had exposed some vulnerabilities with the outsourced arrangement but the control gained by bringing the services in-house had improved the situation.
Update from WAO
5.0 Item 5 – Update from WAO
ACARAC (01-17) Paper 6 – update paper
5.1 Ann-Marie Harkin and Matthew Coe confirmed that the outstanding recommendation in the 2015-16 Management Letter had been resolved. The interim audit had not identified any issues as yet.
5.2 The 2016-17 audit fees were discussed and the WAO agreed to inform the Committee following their internal moderation process. The audit team have recommended a fee reduction due to the quality of the accounts and the assistance provided by the Commission.
5.3 The Chair queried the WAO’s scoring of the annual report in the comparison exercise they had carried out with other public sector organisations. In his view, several criteria were not applicable and the Commission’s overall rating should have been higher.
5.4 The WAO agreed that the scoring matrix should have been thoroughly checked for accuracy before being sent to Nia and that WAO communications on the purpose and methodology of the exercise could be improved. Nia and the WAO will discuss the scoring and share good practice outside of the meeting.
5.5 Whilst the Committee welcomed the principles behind the comparison exercise, they urged the WAO to ensure that future such exercises were carefully constructed and communicated.
- WAO to share approved annual fee with ACARAC.
- Nia Morgan and Ann-Marie Harkin to reassess scoring of Annual Report and highlight areas for improvement and best practice.
6.0 Item 6 – Budget update
Item 7 – Review of accounting policies
ACARAC (01-17) Paper 7 – Finance and Budget Update
ACARAC (01-17) Paper 8 - Accounting policies – annual review
6.1 Nia Morgan presented both of these items. The 2016-17 corporate financial targets had been reviewed and updated at a recent IRB meeting. The target underspend for the year-end had been revised from 1.0% to 0.5% and prompt payment targets further tightened. Nia also informed the Committee of some staff changes within the Finance team.
6.2 The revised underspend position of below 0.5% would be challenging but at a recent Management Board meeting Nia had emphasised to Heads of Service that the remaining weeks of the current financial year were a critical time for the management of the budgets in their service areas. The Committee highlighted the potential for such a target to increase the risk of overspend.
6.3 The Committee welcomed the annual review of accounting policies and thanked Nia for such a comprehensive paper.
Review of Accounting policies
Update on replacement Finance system project
7.0 Item 8 – Update on replacement Finance system project
ACARAC (01-17) Paper 9 – Finance project update
7.1 The Chair thanked Keith Baldwin for his role as a ‘critical friend’ on the replacement finance system project and encouraged officials to use committee members’ expertise on projects and other tasks in future. He also encouraged the project team to ensure the system was fully embedded into the organisation before a post implementation review took place.
7.2 Keith’s paper described the encouraging and positive meetings with the project team and project board. Everyone involved had been enthusiastic about the system and Keith would share his comments on the go-live criteria with the project team.
7.3 The Committee recognised that all of Keith’s recommendations reflected good practice and should be accepted by the project team.
7.4 The Committee questioned the re-phasing and timetable of the project. Eve Jennings welcomed the recommendations in the paper and advised that the phasing of the project had been driven by the supplier. Data migration had been extremely smooth and the project team were confident that the go live date of 3 April remained achievable.
- Nia to provide an oral update on progress at the March meeting.
- Keith to provide the project team with his comments on go-live criteria.
Corporate Risk Report
8.0 Item 9 - Corporate Risks Report
ACARAC (01-17) Paper 10 - Corporate Risks
ACARAC (01-17) Paper 10 – Annex A - Corporate Risks Summary Report
ACARAC (01-17) Paper 10 – Annex B - Corporate Risks plotted
Item 10 - Critical examination of one identified risk – Proposals to investigate additional accommodation
ACARAC (01-17) Paper 11 – Additional Accommodation
8.1 The Committee noted the changes to be made to the Corporate Risk Register following the latest full review by Management Board on 2 February. A revised register would be presented to the Management Board at its 2 March meeting where they would also consider further changes.
8.2 Dave led a discussion on the on-going work around assessing the Assembly’s current and future accommodation needs, the timescales involved and the specialist advisors who have been involved in the various options being considered.
8.3 The Committee urged officials to fully document and evidence the steps taken to determine the additional accommodation needs and the potential options for the future, in order to reassure stakeholders.
Critical examination of one identified risk - proposals to investigate additional accommodation
Constitutional Landscape- Wales Governance Centre
9.0 Item 11 – Constitutional Landscape – Wales Governance Centre
9.1 The Committee welcomed Professor Roger Scully from the Wales Governance Centre to deliver his presentation titled Constitutional Landscape. Future legal competence, the capacity of the Assembly and Brexit were the main themes of his presentation.
9.2 The Committee thanked Roger Scully for his time and his clear explanations of these complex topics and their interdependencies.
Discuss preparation of the Committee's annual report to the Commission and Accounting Officer
10.0 Item 12 – Discuss issues in preparation of the Committee's annual report to the Commission and Accounting Officer
ACARAC (01-17) Paper 12 – Annual Report 2015-16
Item 13 – Review of the committee's terms of reference
ACARAC (01-17) Paper 13 – Terms of Reference
Item 14 – Departures Summary
ACARAC (01-17) Paper 14– Departures Summary
Item 15 – Forward Work Programme
ACARAC (01-17) Paper 15– Forward Work Programme
Item 16 – Present feedback from observer from attendance at Audit Committee meetings
10.1 The Chair encouraged members to consider areas they would like highlighted in the Committee’s annual report. The Clerking team would work with him to consider different presentation options.
10.2 The Clerking team would make the suggested changes to the Terms of Reference.
10.3 Committee members were asked to pass on comments on the Forward Work Programme to the Clerking team and dates for future meetings would be updated once members had confirmed their availability.
10.4 The Chair agreed to share the feedback that he had received from Rheon Tomas who had attended a series of Audit and Risk Assurance Committees.
- Committee members to provide Clerking team with ideas on areas to include in the ACARAC Annual Report for 2016-17 and how the overall presentation of the document could be more engaging.
- Clerking team to add SIRO Annual Report to ToR under information requirements.
- Provide comments to the Clerking team on Forward Work Programme and confirm availability for future dates.
- Share Audit and Risk Assurance Committee feedback from Rheon Tomas
Next meeting is scheduled for 20 March 2017.
Review the committee's Terms of Reference
Forward Work Programme