Agenda and minutes

Audit Committee - Monday 18th March 2024 7.30 pm

Venue: Council Chamber, Council Offices, The Campus, Welwyn Garden City, Herts, AL8 6AE

Contact: Democratic Services 


No. Item



To note any substitution of Committee members made in accordance with Council Procedure Rules.

Additional documents:


An apology for absence was received from Cllr J Boulton.


The following substitution was made in accordance with Council Procedure Rules:

Cllr A Hellyer for Cllr J Boulton.




To confirm as a correct record the Minutes of the meeting held on 30 January 2024 (previously circulated).

Additional documents:


The minutes of the meeting held on 30 January 2024 were agreed as a correct record.




Additional documents:





To note declarations of Members’ disclosable pecuniary interests, non-disclosable pecuniary interests and non-pecuniary interests in respect of items on this agenda.

Additional documents:


There were no declarations of interest.



Risk Management Quarter 3 Risk Registers pdf icon PDF 138 KB

Additional documents:


Officers introduced the Q3 risk register report which outlined the assessment of risk as at the end of December 2023. It included all strategic risks, and operational risks with a residual score of serious or severe. Since the risks were last presented, there had been further improvements to the reporting, enabling the Council to capture and report on both the inherent risk (before control measures are in place) and the residual risk (after control measures are put in place).


For strategic risks, two scores had been changed from the previous quarter. The risk for financial sustainability was increased last year when the Council undertook its medium term financial forecasts, and then when an increased budget gap for 2024/25 was identified. This risk score was reduced following the budget proposals which presented a balanced budget for 2024/25 and the proposed budget had been approved at full Council. While this risk had reduced, it still had a high score as there were some challenging targets over the medium term. The risk around service standards had also increased due to a change in the Ombudsman enquiries process; previously tenants had to go through the Council's complaints procedure before the Ombudsman would investigate, whereas they could now go straight to the Housing Ombudsman which meant the Council could be investigated for a complaint before being contacted by a tenant. This new approach meant there was likely to be an increase in the number of maladministration findings against the Council. There were no key changes to the operational risk scores to highlight.


The following points were made during the discussion:

-        There was a query about the status of using key risk indicators for qualitative and quantitative purposes as it was sometimes difficult to understand whether this changed the risk status. As an example, the commentary about recruitment and retention risk indicated action was being taken but the status/ trend of vacancies was unclear. It was suggested it would be helpful to provide some quantitative information so the trend could be tracked over time. Officers said this could be reviewed and they would consider whether this could be built into the reporting framework.

-        Responding to a question about whether there was a consensus about critical staff roles in terms of recruitment and retention, officers advised that all assistant directors identified critical roles within the risk register. A recent task and finish panel had looked specifically at recruitment and retention and there had been no significant recommendations as a result.

-        A member noted that in terms of ICT continuity, the commentary referenced backup sites and asked what types of sites these were (hot/cold). Officers undertook to provide detail outside of the meeting and advised alternative arrangements such as potential cloud backups were being considered.

-        A member asked about submission of GIS data as it seemed this was an area that could be fixed and therefore removed as a risk. Officers advised that there were a number of officer roles providing support to service  ...  view the full minutes text for item 36.


Shared Internal Audit Service (SIAS) - Progress Report pdf icon PDF 512 KB

Additional documents:


The Committee received the SIAS progress report which detailed the progress made by SIAS in delivering the annual internal audit plan for 2023/24 as at 1 March 2024. Since the last meeting there had been three completed projects - three audits with substantial audit opinion and one unqualified grant certification. No new high priority recommendations had been raised as a result of this work and there were no outstanding high priority recommendations from previous reports. A member commented on how positive it was that there were no new high priority recommendations.


The Committee noted the Internal Audit Progress Report for the period to 1 March 2024 and noted the plan amendment to the 2023/24 Annual Audit Plan.



Shared Internal Audit Service (SIAS) - Internal Audit Plan 2024/25 pdf icon PDF 788 KB

Additional documents:


The Committee received the SIAS Internal Audit Plan 2024/25 report which set out the programme of work for the year ahead and formed part of the Council’s wider assurance framework. It was expected that the work programme would be delivered by the end of March 2025 and the Committee would receive regular progress reports.


Comments from members included the following:

-        A member asked whether there would be anything materially different this year from previous years and SIAS confirmed there would be a similar approach, noting that an audit would undertake a more embedded assurance approach that would be more ‘real time’ rather than retrospective, similar to a project management approach. Responding to a question about whether anything done this year would be done differently next year, SIAS said no as the plan was primarily risk-based; aside from horizon-scanning, they would look at the Council’s risk register and meet with senior management to ensure they were aware of areas of concern, key risks or significant projects.

-        A member noted there would be an audit of sickness management and asked how this had made it on to the plan. SIAS advised that as well as this having been a part of discussions with senior management, sickness management had come up in its wider scanning of risk.

-        A member observed that paragraph 2.14 of the report showed the estimated allocation of times for each audit and noted the categories had previously been shown in terms of risk level, and SIAS agreed this could be done for future reports.


The Committee approved the proposed Welwyn Hatfield Council Internal Audit Plan for 2024/25.



Shared Anti-Fraud Service - Anti-Fraud Plan 2024/25 pdf icon PDF 140 KB

Additional documents:


Welwyn Hatfield had joined Hertfordshire’s shared anti-fraud service in April 2023. The Committee received the SIAS Anti-Fraud plan report for 2024/25 which would build on the work undertaken this year. Audit Committee had a role in ensuring the Council met its anti-fraud objectives, details of which were in the report’s appendix. Key performance indicators (KPIs) would be monitored throughout the year and SAFS would report on these to future committee meetings.   


The Committee noted the following:

-        KPI 5c) related to 6 -12 social homes secured from unlawful use or subletting, and a member asked why this KPI had specific numbers attached to it. Officers advised these were indicative numbers based on the level of housing stock and that they were taking a more proactive approach to fraud which is why a target had been set. The member noted this approach could mean such cases reduced and suggested this could be looked at differently, rather than specifying a number of homes. Officers would discuss the approach taken to this with SAFS outside of the meeting.

-        KPI 6a) was about supporting the output from NFI 2024/25 across all Council services and a member reflected this sounded like an aim rather than a KPI. Officers agreed this would be discussed with SAFS and amended so it was more specific.    

-        A member wondered whether the KPIs were specific to Welwyn Hatfield. Officers explained some were similar to other targets in the shared service but adapted for the Council, while others were more general (such as 10 training events per year for SAFS members).  

-        KPI 1) related to a return on investment from the SAFS partnership and a member commented that this was not a quantitative figure. Officers responded that a figure could be attributed to, for example, preventing loss to the Council via housing benefit fraud. Rehousing someone meant potentially reducing the cost on the general fund for use of temporary accommodation. Work was done nationally to ascertain what the target should be and SAFS then applied local factors. A member felt that costing efficiency was more complex than the cost of anti-fraud services, while another member noted the importance of being proactive and being seen to take action.


The Committee approved the Anti-Fraud Plan for 2024/25.



Indicative External Audit Plan 2023/24 pdf icon PDF 622 KB

Additional documents:


Christopher Paisley, KPMG director, advised that he would be leading on the 2023/24 year-end audit. There had been well-publicised delays to the external audit process in local government and it was anticipated that the borough’s 2022/23 year-end accounts would not receive an unqualified audit opinion. This was not specific to Welwyn-Hatfield and was in tandem with a consultation led by the Financial Reporting Council (FRC), DHLUC and Public Sector Audit Appointments (PSAA) around bringing in a backstop arrangement in respect of previous orders due to the significant number of prior audits that were unsigned; the consultation was complete and the outcome was awaited. Legislative provision for a disclaimer of opinion from the previous audit firm was anticipated which would identify what had not been audited, effectively drawing a line under it in order to deal with the audit process and deal with the backlog. From an audit perspective, KPMG was the borough’s new auditor and would not have any assurance on the 2022/23 year-end numbers due to the absence of an audit process for that year. There were expected to be provisions within legislation to allow KPMG to effectively audit the 2023/24 year-end and provide a disclaimer in its first-year opinion to say it had not audited the opening balance sheet in order to manage the process. KPMG had received a strong steer from the previous auditors that a disclaimer would be provided, and expected that once the legislative process had taken place it could start the audit for 2023/24 in the summer as planned. It had set out in its report how the audit was planned, key decisions it had made in respect of materiality etc. 


KPMG noted some key points in the report. There were three levels of materiality it worked with: 1) a material amount (around 2.5% of the Council’s overall expenditure, ie £3m) for the statement of accounts from the perspective of stakeholders; 2) performance materiality which directed its work and meant they actually audited to £1.9m and dealt with issues like the absence of a previous year’s audit, that it was a first year audit for KPMG and to deal with aggregation risk; and 3) a reporting threshold of £150,000.


The report set out the significant risks KPMG anticipated addressing through its audit which were representative of the sector as a whole. These included evaluation of land and buildings as this was subject to uncertainty and subjectivity; management override of controls (which was governed by international auditing standards); Local Government Pension Scheme pensions liability; and expenditure recognition. This was a standard suite of risks that would be expected to be addressed by an audit of a council. KPMG had considered the additional services provided and did not consider there were any threats to its independence as the Council’s external auditor.


The following points were made as part of the discussion:

-        The Chair asked whether the significant risks highlighted were by KPMG rather than the previous auditors. KPMG confirmed that was the case.

-  ...  view the full minutes text for item 40.