Agenda and minutes
Venue: Microsoft Teams
Contact: Clerk: Kathryn Hughes Deputy Clerk: Ryan Bishop
No. | Item |
---|---|
Introductions, apologies and declaration of interests Minutes: 1.1 The Chair welcomed everyone to the meeting and noted apologies had been received from Ann-Marie Harkin, Audit Wales. 1.2 No interests were declared. 1.3 It had been agreed out of committee that, in order to reflect the change of name from the Assembly Commission to the Senedd Commission which would come into effect on 6 May, the full name of the Committee would change to the Senedd Commission Audit and Risk Assurance Committee (SCARAC) and would be commonly referred to internally as ARAC. |
|
Minutes of 20 January, actions and matters arising Minutes: ACARAC (02-20) Paper 1 - Minutes of 20 January 2020 ACARAC (02-20) Paper 2 – Summary of actions 2.1
The minutes of the 20 January meeting
were agreed. 2.2
Committee members agreed to have
further discussions with officials to take forward actions around attending a
future Executive Board meeting to discuss the strategy for the sixth Senedd,
and a briefing session with Members’ Business Support on the monitoring of
Assembly Members’ expenses. 2.3
Gareth responded to questions on
timescales for implementation of the cyber security audit recommendations and
for conducting the audit on compliance culture. Gareth explained that due to
the disruption caused by the Coronavirus (Covid-19) outbreak, and his
involvement in the leadership of the Commission’s response, some audit work
would be delayed. 2.4
The Chair invited Arwyn to update the Committee on
the communications plan for the name change project. Arwyn explained that, as
the name change date was set in legislation, there was no scope to change it.
However, due to the Covid-19 outbreak, the planned launch events had been
replaced with a more low key approach, with the possibility of a harder launch
later in the year. He also explained that discussions were ongoing around the
opportunities presented by the lowering of the voting age to allow 16 and 17
year olds to vote, registrations for which would be opening on 1 June 2020 (for
the 2021 Senedd elections) to further launch or raise awareness of the name
change. 2.5
Committee members acknowledged the change in
approach and discussed the potential for raising awareness through social media
channels, including those of Assembly Members, along with the use of focus
groups. In response, Arwyn outlined plans to increase expertise within the
Commission on the use of social media. It was noted that the messages should be
kept as simple as possible to help the public understand the role of the Senedd
as a legislature and holding the Welsh Government to account. 2.6
The Committee noted there had been early engagement
with key stakeholders and that there would be a written statement from the
Llywydd on 6 May. 2.7
The Chair thanked Arwyn for the update and asked
him to keep the Committee informed of communication plans. It was agreed that
the Committee would return to this at the June meeting. Actions ·
(2.2) The Chair and Dave to discuss with the Chair
of the Remuneration, Engagement and Workforce Advisory Committee, the timing of
a meeting of Executive Board with Independent Advisers to discuss the strategy
for the sixth Senedd. ·
(2.2) The Chair and Gareth to discuss the best
approach to providing the briefing to ACARAC on the work of Members’ Business
Support (MBS) and the monitoring of Assembly Members’ expenses ·
(2.3) Gareth to discuss with Suzy timeframes for
implementing recommendations from review of cyber-security ·
(2.3) Gareth to advise on timing of the review of
compliance culture · (2.7) Arwyn to share details of revised communications strategy on name change with ACARAC members – and provide feedback to ACARAC at ... view the full minutes text for item 2. |
|
Governance and Assurance Update Report Minutes: ACARAC (01-20)
Paper 3 – G&A update report 3.1
Gareth Watts introduced the report, which provided
the Committee with an update on recent Governance and Assurance work, including
heavy involvement with the Commission’s business continuity planning
arrangements relating to the recent Covid-19 pandemic. He highlighted the
following areas of progress: ·
preparation of the first draft of the Annual Report
and Accounts for 2019-20, which was being presented to the Committee at this
meeting; ·
completion of the internal audit review on cyber
security, which was circulated out of committee, and recorded a moderate
assurance rating; ·
completion of the audit on project governance,
which would be shared with the Committee shortly and had also recorded a
moderate assurance rating; ·
work on a review of compliance with the Official
Languages Scheme in which, due to the Covid-19 outbreak he had taken a
different approach to that planned. This had involved discussions with
colleagues in the Translation and Reporting Service whereby he was able to
obtain assurance and good evidence of compliance, including through a
Memorandum of Understanding between the Commission and the Welsh Language
Commissioner. A paper covering the findings of the review would be shared with
the Committee in due course: and ·
Victoria Paris’ successful completion of the
Certified Internal Audit examinations. 3.2
Gareth explained that, due to difficulties
presented by remote working, the planned audit on the Research Service would be
delayed and that further consideration was being given to the viability of
carrying out the audit on Members’ Expenses for 2019-20. 3.3
Committee members enquired about the recent Audit
Wales report on Counter-Fraud Arrangements in the Welsh Public Sector and
officials agreed to circulate this. 3.4
The Chair thanked Gareth for the update and
Committee members welcomed his pragmatic approach to the prioritisation of
work, given the circumstances. 3.5
In response to questions from Ann about the impact
of delaying the audit of Members’ expenses and whether there were technological
solutions in place to mitigate this, Gareth informed the Committee this was not
possible at this time due to the processed involved. He added that discussions
with Audit Wales and colleagues in Members’ Business
Support were taking place to be in a position to provide minimal
assurance for 2019-20. The Chair highlighted that the planned briefing on
Members’ expenses would help to provide Committee members with a greater
understanding of the processes in place. 3.6
In relation to questions about use of technology,
Aled asked for clarification on rationale for the prominent use of Zoom video
conferencing software over other technologies available on the market. In
response Dave and Manon explained that Zoom had been chosen as it was able to
facilitate the legal obligation to provide simultaneous translation for
official Assembly business. It also had other useful features, including the
ability to display a higher number participants on the screen than other
platforms. 3.7 Responding to requests for an update on the theft of camera equipment during 2018-19, Gareth explained that this would be covered by the planned ... view the full minutes text for item 3. |
|
Internal Audit Annual Report and Opinion for 2019-20 Minutes: ACARAC (02-20) Paper 4 - Internal Audit Annual
Report and Opinion for 2019-20 4.1
Gareth outlined the Internal Audit Annual Report
and Opinion for 2019-20 noting that, although he had been unable to complete
parts of the agreed internal audit plan for the year, he was still able to
issue a moderate opinion on the adequacy and effectiveness of the Assembly
Commission’s framework of governance, risk management and internal control. 4.2
Gareth added that this was, in part, due to the
continued healthy culture of engagement with internal audit by service areas,
with management responding positively to recommendations made and their
implementation. 4.3 The Committee noted the report and thanked Gareth for his work over the year. |
|
Internal Audit Fraud Report Minutes: ACARAC
(02-20) Paper 5 - Internal Audit Fraud Report 5.1
Gareth presented the
Internal Audit Fraud Report to the committee and invited comments. Responding
to questions about why there were no apparent attempts of fraud reported,
Gareth acknowledged that the Commission had robust controls in place which had
taken account of lessons learned from a previous experience. He added that
further assurances were provided by the ongoing sharing of intelligence on
fraud occurrences by external partners including Audit Wales. 5.2
In response to questions
around possible additional exposure to fraud risks as a result of the Covid-19
pandemic, Gareth provided assurance that the Commission was alert to these
risks and offered to share a recent CIPFA report on fraud in local government
for further information. 5.3
Committee members were
reassured that assets taken from the office by staff to facilitate working at
home during the Covid-19 pandemic had been logged and that an annual audit of
all assets was carried out. 5.4
The Committee noted the
report and thanked Gareth for the additional assurances provided. Action: (5.2)
Gareth to share CIPFA report on fraud in local government with ACARAC members. |
|
Internal Audit Charter and Internal Audit's compliance with Public Sector Internal Audit Standard (PSIAS) Minutes: 6.1
The Committee noted and
thanked Gareth for his paper which outlined compliance with the Public Sector
Internal Audit Standard (PSIAS) and contained the Internal Audit Charter. 6.2
In relation to the Internal Audit Charter, the
Chair noted that he would discuss development opportunities with Gareth, as
part of his ongoing Continuing Professional Development (CPD) as Head of
Internal Audit. Action:
(6.2) Chair to discuss continuing professional development for Head of Internal Audit with Gareth. |
|
Emerging findings and advice to Accounting Officer regarding submission of the draft Annual Report and Accounts to the Commission Minutes: ACARAC (02-20) Paper 7 – Audit Wales update 7.1
The Chair welcomed Gareth
Lucey to the meeting. Gareth highlighted the following to the Committee: ·
that the Wales Audit
Office had recently undergone a re-branding and re-naming exercise and should
now be referred to as Audit Wales; ·
that work on the 2019-20
audit had been progressing well, and on that basis, the estimate fee was
anticipated to be the same as in previous years, barring any unexpected
changes; ·
that whilst every effort
would be made to honour agreed timeframes for the audit through built-in
contingency elements, due to uncertainties around the COVID-19 pandemic this
would be under constant review through discussions with Gareth Watts and Nia
Morgan; and ·
that the Auditor General
would be writing to all audited bodies outlining the changes in the audit
process due to the disruption caused by the COVID-19 pandemic. 7.2
In response to a query
from the Chair, Gareth Lucey provided assurance to the Committee that effective
audit trails would be maintained by Audit Wales when conducting live online
sampling of the NAV system as part their audit. 7.3 The Chair thanked Gareth for the update. |
|
Review of Joint Working Protocol Minutes: ACARAC (02-20) Paper 8 – Joint Working Protocol 8.1 The Committee noted and were content with the Joint Working Protocol. |
|
Budget update Minutes: ACARAC (02-20)
Paper 9 – Update on financial position 9.1
Nia introduced the item,
asking Committee members to note the latest financial position for 2019-20 and
the anticipated financial position for 2020-21 and 2021-22. Nia explained that
due to the timing of the meeting, it was not possible to provide an accurate
2019-20 year end position, but that these figures would be provided in due
course. 9.2
Nia asked the Committee
to note that a supplementary budget was being considered by the Commission, in
relation to the delay in the implementation of changes to IFRS16 - Leases,
which was due to come into force on 1 April 2020. This has been deferred to 1
April 2021. In response to questions from the Chair, Nia added that this change
had a significant impact on the 2020-21 outturn, therefore a supplementary
budget was required. 9.3
In response to questions
about the calculation of the Commission staff annual leave provision, Nia
provided assurance that this was not a significant issue but that accounting
standards required this provision to be included in the resource accounts. 9.4 The Committee thanked Nia for the update. |
|
Commission's draft Annual Report and Accounts and Governance Statement for 2019-20 Minutes: ACARAC (02-20) Paper 10 –
Draft Annual Report and Accounts ACARAC (02-20) Paper 10
Annex A – Annual Report narrative (including KPI report) ACARAC (02-20) Paper 10
Annex B – draft Statement of Accounts ACARAC (02-20) Paper 10
Annex C – draft Governance Statement 10.1 Nia outlined the overall approach taken for the
2019-20 draft Annual Report and Accounts. In terms of the Accounts section
(Annex B), Nia reported that, despite the current circumstances, the Commission
anticipated meeting its underspend targets. 10.2 The Chair thanked Nia for the update on the accounts
and invited Arwyn to outline the narrative document (Annex A), suggesting that
detailed comments on which should be sent to him after the meeting. Arwyn
explained the process for compiling the narrative, thanking colleagues, and in
particular Victoria Paris for their considerable efforts to date and noted that
contributions from some service areas were to follow. 10.3 Comments from Committee members would be captured
separately by the clerking team and would be considered for incorporation into
the narrative. A deadline for any further comments would be set due to the
tight timescales for production of the final report. 10.4 Suzy referenced Laura McAllister’s report on
Assembly Reform and the Committee discussed whether the Annual Report should
include reference to the recommendations which had not been taken forward and the
steps taken by the Commission to mitigate this. It was agreed that further
discussions on this would be held out of committee. 10.5 Committee members and officials discussed the
presentation of the KPI around international engagement, specifically whether Committee
visits should also be incorporated. 10.6 The Chair thanked officials for the work that had
gone into preparing the draft report, noting the high standard throughout. 10.7 The Committee considered the draft Governance
Statement and noted that, as this was an early draft, there were gaps where
contributions from relevant officials were to follow. The Chair commented on
the importance of the document in a governance context and commended officials
for work done on it to date. 10.8 Suzy suggested officials consider inserting a
footnote within the draft Governance Statement, to provide clarity on
references to the Commission’s heads of service. Actions ·
(10.3) Kathryn to capture and share comments provided on
the narrative of the Annual Report and the Governance Statement ·
(10.3) Bob to advise on timings for further comments to be
provided by Committee members on the narrative of the Annual Report and the
Governance Statement · (10.4) Arwyn to consider how to capture ways in which we have mitigated against not taking forward some recommendations in Laura McAllister’s report |
|
Senior Information Risk Owner (SIRO) Annual Report Minutes: ACARAC (02-20) Paper 11 –
SIRO Annual Report 11.1
Dave introduced the
paper, outlining the challenges faced over the year, mainly relating to
continuity of staffing in the area of data protection over the period. 11.2
Dave advised that,
despite the challenges, progress had been made in areas such as revising the
Data Protection policy. He also praised the work of Nisha Jadva, the temporary
Data Protection Officer in engaging well with service areas across the
organisation and with Assembly Members’ support staff to further enhance
awareness. He added that the need for ongoing, additional resilience in this
area had been recognised. 11.3
In response to questions
from Chair about the management of Subject Access Requests (SARs), Dave
explained the challenges faced by the Commission in dealing effectively with
the increasing volume and complicated nature of the requests. He added that,
whilst there were clear processes for handling SARs these would be kept under
review. 11.4
In the context of data
risk management, Ann highlighted the need to consider how external forces could
impact on the organisation and not to be driven just by process. Dave advised
that this was already being taken into account as part of Executive Board
horizon scanning discussions in this area. 11.5
Dave also highlighted
several organisation-wide software changes which had taken place, including
migrating to Sharepoint and Office 365, as well as the introduction of
Microsoft Teams, each bringing challenges from an information governance
perspective. 11.6
Sharepoint was due for
rollout to Assembly Members and Suzy asked for an update on plans for migrating
information and the protective marking scheme. Dave informed the Committee of
the ongoing work to ensure the platforms used worked for both the Commission
and Assembly Members and acknowledged the balance to be struck between
protection of information and supporting the ability of Assembly Members to
engage effectively with the public. 11.7
In response to a question
from Aled around archiving and specifically on collaborating with the National
Library of Wales, Dave agreed to provide an update. 11.8
Committee members were
content with the paper and thanked Dave for the update. Actions ·
(11.2) Dave to share revised Data Protection Policy with
Committee members · (11.5) Dave to discuss with Aled the Commission’s approach to archiving, in particular any future plans to work with National Library of Wales |
|
Assembly Reform - Name Change Minutes: ACARAC
(02-20) Paper 12 – Name Change External Engagement - as previously circulated
out of committee 12.1 This was considered under Item 2. |
|
Items circulated out of committee before meeting 12.1
The Chair invited
comments on papers circulated out of committee: ·
Corporate Risks Report
(CRR); ·
Departure Summary; and ·
Forward Work Programme 12.2
No comments were
received. Actions
Next meeting is scheduled for 15 June 2020. |