Councillor Wyn Evans and Mr Duncan Hall, CLO Finance & Procurement  apologised for their inability to attend the meeting.

The Chair reported that this was the last meeting for Mr Harry Dimmack and wished him well in his new post.

None.

It was AGREED to confirm as a true record the Minutes of the Meeting of the Committee held 09 March 2023

Matters Arising

Minute point 6.v) – The Governance Officer reported that this information would be ascertained following the meeting

Consideration was given to the Governance and Audit Committee Meeting Actions Log.

It was AGREED to note the content and the update as presented.

The Committee wished to be involved in the Risk Management Framework process.

Consideration was given to the Regulator & Inspectorate Reports and Updates which has 3 parts:

a) Audit Wales quarterly update to Governance and Audit Committee

b) Any local risk work issued/published since the last Governance and Audit Committee meeting

c) Audit Wales National Reports

Current Position

a)Audit Wales quarterly update to Governance and Audit Committee

b)Any local risk work issued/published since the last Governance and Audit Committee meeting

•         Audit Wales – Letter to LG Bodies

•         Audit Wales – Ceredigion County Council Outline Audit Plan 2023

•         Audit Wales – Certification of Grant and Returns 2021-22 – Ceredigion County Council

•         Audit Wales – Project Brief – Use of performance information – service user perspective and outcomes – Ceredigion Council

•         Audit Wales – Annual Plan 2023-24

•         Care Inspectorate Wales – Performance Evaluation Inspection of Ceredigion County Council

•         Care Inspectorate Wales – Draft Action Plan

c)Audit Wales National Reports

•         Audit Wales – Our work programme for 2023-26

Following the presentation by Audit Wales and questions from the floor, it was AGREED:-

(i) to note the reports for information;

(ii) that assurance was required that all possible grants had been applied for by the Council

The Report sets out the Council’s responses regarding Regulator and Inspectorate Reports and progress made regarding proposals and recommendations.

This Report had 2 parts:

a) Council tracker of Regulator/Inspectorate proposals for improvement and recommendations; and

b) Other Council related matters.

Current Position

a)Council tracker of Regulator/Inspectorate proposals for improvement and recommendations

o Council Management Response Forms 2022-2023 Update:

•         Audit Wales – Time for Change – Poverty in Wales

•         Audit Wales – A Missed Opportunity – Social Enterprises

•         Audit Wales – Springing Forward – Review of Strategic Workforce Management

•         Audit Wales – Springing Forward – Review of Strategic Asset Management

(b) Other Council related matters

•         Audit Wales – Audit Enquiries Letter 2022-23 Ceredigion County Council

Following questions from the floor, it was AGREED to note the reports for information and that the responsible officer for any reports be inserted in the documents.

The Regulation and Inspection of Social Care Wales Act 2016 Act (RISCA) requires registered service providers to submit an AR to the Welsh Ministers following the end of each financial year. The AR must include the information set out in section 10 of the 2016 Act.

The AR must also include the information set out in the Regulated Services (Annual Returns) Wales Regulations 2017 (“the Regulations”), as amended by the Regulated Services (Annual Returns and Registration) (Wales) (Amendment) Regulations 2019.

The 2016 Act required Welsh Ministers to publish each AR submitted and this would be via the CIW website alongside each regulated services inspection reports. The Regulations also require the AR to be in the form of an online return and be submitted to the Welsh Ministers within 56 days of the end of the financial year to which it relates, this year this would be the 26th of May 2023.  Under section 484 of the 2016 Act, it was an offence for a service provider to fail to submit an annual return within the timescales set out by the Regulations. If a service provider fails to submit an annual return within the required timescales, they could be subject to a penalty notice or other enforcement action deemed appropriate by Care Inspectorate Wales (CIW).

Under section 52 of the 2016 Act, the Welsh Ministers may impose a penalty notice if they were satisfied that the service provider has committed a prescribed offence. This includes a failure to submit an AR. The Regulated Services (Penalty Notices) (Wales) Regulations 2019, sets out that the penalty to be paid is an amount corresponding to level 4 on the standard scale (this is equivalent to £2,500).

The Annual Return (AR)

The services included in the Annual Return were:

•         Bryntirion Residential Care Home, Tregaron

•         Cartref Tregerddan Residential Care Home, Bow Street

•         Min y Môr Residential Care Home, Aberaeron

•         Hafan Deg Residential Cre Home, Lampeter

•         Yr Hafod Residential Care Home, Cardigan

•         Targeted Care and Enablement Service

The time frame for the data and information included in the AR was from the 1st of April, 2022 to the 31st of March, 2023. As a service provider, they had until midnight on 26th May to submit. 

Currently, the AR was submitted successfully to CIW on the 26th of May, 2023. As part of the submission the organisations Responsible Individual was required to ensure the following;

•section of the AR relating to the service they were designated for had been completed fully.

•and to provide a declaration, confirming that the information provided within the Annual Return is true to the best of their knowledge.

Due to the large content of the report and the small font of the information requested by CSSIW (as it had to be inserted online), it was AGREED that three to four key issues within the report would be reported next year. It was AGREED to note the report for information.

The CIPFA Practical Guidance for Local Authorities & police (2022 edition) stated that it was important that the Governance and Audit Committee was held to account on the extent to which it had fulfilled its purpose. This would include whether the Governance and Committee had:

• fulfilled its agreed terms of reference

• adopted recommended practice

• assessed its own effectiveness

• Assessed training needs

• Assessed the impact of the Governance and Committee on governance, risk and control within the Authority

At the Governance and Audit Committee meeting of 14th September 2017 it was agreed that the Governance and Audit Committee would publish an Annual Report providing an assessment on the effectiveness of the Governance and Audit Committee and to provide assurance that issues have been addressed and progressed.

The Governance and Audit Committee Annual Report was used to:

a) Highlight the work carried out by the Governance and Audit Committee during the year;

b) Show how the Governance and Audit Committee has made a difference;

c) Set out the forward work programme for the year ahead; and

d) Provide Self-assessment and assurance.

It was AGREED to accept the content of the Committee’s Annual Report 2022/23 and would be presented to Council by the Chair of the Governance and Audit Committee and subsequently published on the Council’s website.

All boxes on the Attendance table to be completed.

Consideration was given to the report of the Corporate Manager-Internal Audit on The Internal Audit Progress Report Quarter 4. The report had been presented to ensure that the Committee was satisfied that the Internal Audit Section was undertaking sufficient and appropriate work in order to provide a realistic assurance at year-end, whilst adding value and assisting the Council in achieving its objectives.

It was AGREED to note the work undertaken and current position of the

Internal Audit Service.

As stated in the Institute of Internal Auditor’s International Professional Practices Framework, Performance Standard 2500 states that Internal Audit must establish a process to monitor and follow up management actions.

The Corporate Manager – Internal Audit was responsible for monitoring progress made against these actions and reporting to Governance & Audit Committee.

This report updates the Governance & Audit committee of progress made by management in addressing management actions issued in the action plan of Internal Audit reports.

It was AGREED

(i) to note the current work; and

(ii) that consideration be given to collating by service all their outstanding actions, to monitor accordingly

iii) that Leadership Group should receive the reports

The Committee considered the annual Internal Audit Plan 2022/23 at its meeting in March 2022. The Plan provided an outline of the work required to be undertaken by the Internal Audit Section during the year in order to form its assurance opinion. 

This opinion forms part of the Council’s framework of assurances. Internal Audit also provides independent advice to services to help managers improve their internal controls, risk management and governance arrangements.    The Annual Report provided a summary of the internal audit activity during the year to 31 March 2023 and incorporates the audit opinion.

It also documents the current resource position, and the Section’s quality, improvement and progress plans.

It was AGREED to APPROVE the report and that data on the previous year’s training for the Internal Audit service be included in future reports.

The IA Annual Report provides a summary of the internal audit activity during the year to 31 March and incorporates the audit opinion.

In the past, the Annual Report contained a section on Fraud, outlining the type of work IA had undertaken in the area. This has now been replaced by a separate Counter Fraud Report to support IA’s Annual Report at year-end. 

It was AGREED to APPROVE the report and that a paper be presented to Leadership Group to consider a Fraud Risk Assessment, as it had significant value; and could be integral in developing Counter Fraud assurances further.

Regular reports were provided to the Governance and Audit Committee regarding the Council’s Corporate Risk Register to provide on-going information and assurance that risks identified by senior managers were managed appropriately. This reinforces the Governance and Audit Committee role of providing independent assurance to Council of the appropriate management of the Corporate Risk Register.

A review of the latest risk status was conducted at the LG meeting of 24.5.23 where candidates for promotion / demotion to the Corporate Risk Register were discussed and agreed.

The following were de-escalated from corporate to service

R004: Business Continuity – the overall risk score had reduced to 12 as processes and structures had been in place which have been tried and tested with significant incidents. There were contingency plans and business arrangements in place that provide assurance that it does not need to be on the Corporate Risk Register.

R015: Supporting Local Food Businesses, Maintain Safety – the overall risk score has reduced to 9 as Public protection resources had been diverted to clear the backlog and mitigating actions have been successful.

R018: Covid-19 – the overall risk score had reduced to 9 as Covid-19 had been deescalated at a national level.

Escalated from service to corporate

None

The risk score for R009: Information Management & Cyber Security Resilience, had increased to 20. Previous mitigations were insufficient to prevent risks from increasing. Therefore, new mitigations had been put in place in order to reduce the risk. These were:

1.Develop regular review and SIRO Annual Report

2.Restructure to better focus resources and expertise

3.Migrate data and content to more suitable locations

4.Implement encryption at rest

A new mitigating action had been added to R017: Safeguarding – to implement the revised TAW structure to enhance the QA and Strategic Safeguarding and Mental Wellbeing and Substance Misuse activity in Porth Cynnal.

All other risks had been reviewed and include revised RAG status of mitigating actions and updated commentary.

Following question from the floor, it was AGREED

(i) to note the updated register;

(ii) that a column confirming the date the risks had been considered by the relevant Overview and Scrutiny Committee be inserted onto each risk; in order that the committee had assurance that the register had been considered through the democratic process; and

(iii) the importance of the Chair of the Governance and Audit Committee to attend the Quarterly Performance Board meetings to be aware of the risks of services; and

(iv)that queries raised by Mrs Caroline Whitby in relation to Risk 8 and 9 be addressed by the relevant CLO following the meeting

v) The Chair to liaise with Chairs of Scrutiny Committees

It was agreed to note the Forward Work Programme as presented subject to noting that Mrs Hannah Rees would be returning to present the reports instead of Mr Harry Dimmack.

Councillor Elizabeth Evans wished to thank the Corporate Manager, Democratic Services for her work in addressing the issues with the hybrid system as there had been no issues online, however, it was report by Councillor Gareth Lloyd that the system had issues in the Chamber on several occasions during the meeting.