Meetings

5.0        Item 5 – Internal Audit reports circulated in October

ACARAC (05-16) Paper 6 - Assurance review of VES

ACARAC (05-16) Paper 7 - Cyber Security Briefing note – (to be discussed under item 8)

ACARAC (05-16) Paper 8 - Procurement Audit – update report

ACARAC (05-16) Paper 9 - Risk Management IA report cover paper

ACARAC (05-16) Paper 9 - Annex A - Risk Management Audit Report

5.1        The Committee thanked Gareth for circulating a number of papers out of committee and for sharing his responses to the comments he had received.  Gareth agreed that he would re-introduce acceptance or rejection of Internal Audit recommendations in his reports.   

5.2        The Clerking team confirmed that the papers contained within the pack were the same as those circulated in October and they would consider referencing these papers differently in future.  

Actions

-        Re-introduce acceptance or rejection of Internal Audit recommendations in reports.  

-        Clerking team to clarify referencing of papers that have been circulated out of committee.

4.0        Item 4 – Latest Internal Audit Report

ACARAC (05-16) Paper 5 – Pensions Administration

4.1        The Pensions Administration audit resulted in a ‘strong’ rating.  It was reported that there were strong arrangements in place for the administration of both the Principal Civil Service Pension Scheme and the AMSS pension schemes.  Opportunities were identified to improve efficiency and reduce the need for further manual intervention.     

4.2        Gareth confirmed that recommendations had been accepted and that implementation was in progress.  The need for manual intervention would be removed by January when a validation exercise would be carried out.

ACARAC (03-16) Paper 4 – IA Annual Report

4.1     Gareth presented his 2015-16 Internal Audit Annual Opinion and Report.  This report provided an overview of the work undertaken by the Internal Audit service during the year and provided an opinion based on that work and other wider observations. 

4.2     In response to questions from Committee members about outstanding recommendations, Gareth explained that these related to the documentation of processes for key performance indicators (KPIs) for which a review was on-going by members of his team.  The review, which was considering the process of collating and reporting on the KPIs as well as how meaningful they were, would address these recommendations.  He confirmed that engagement with Heads of Service had so far been positive.  

4.3     Gareth’s opinion stated, ‘the Assembly Commission has adequate and effective risk management, control and governance processes to manage the achievement of its objectives.’  

4.4     Gareth had shared his report with Ann-Marie Harkin and Matthew Coe prior to this meeting.  They both praised the report for its detail and informed the Committee that they had used the key financial controls audit to aid them when auditing the accounts.   

4.5     The Committee welcomed this comprehensive report and Gareth’s audit opinion. They encouraged Gareth to share reports and updates with them through the year which he was more than happy to do. 

4.6     In relation to the review of the Commission’s Fraud, Bribery and Corruption policy, the Committee suggested checking the relevance of recent Ministry of Justice guidance on fraud and bribery.

Actions

-        Gareth to check Ministry of Justice guidance on fraud and bribery risk assessments and report findings to the Committee.

ACARAC (03-16) Paper 3 - IA Update Report 2015-16

3.1     Gareth Watts updated the Committee on recent audit work.  He had finalised all 2015-16 audits and had completed his Annual Report and the Annual Report on Fraud.  He had also completed a self-assessment against the Public Sector Internal Audit Standards (PSIAS).

3.2     Gareth had discussed his 2016-17 audit plan with the TIAA, the Commission’s outsourced internal audit service provider, and an audit of risk management had commenced on Monday 13 June. 

3.3     Although the focus would be on future audits, which could be subject to change depending on the new Assembly Commission’s priorities, Gareth assured the Committee that he would continue to follow-up on recommendations from prior years’ audits.  The Committee welcomed this, particularly in relation to the procurement follow-up audit.  Gareth would also continue to provide assurance on: the Voluntary Exit Scheme; be an active member of project board for the new finance system; and carry out a review of the Investment and Resourcing Board (IRB).

3.4     In relation to HM Treasury’s revised Audit and Risk Assurance Committee Handbook, the Committee suggested further consideration should be given to the relevance of guidance in the new appendices on cyber security and whistleblowing.

3.5     The Committee asked for clarification on the timing of the External Quality Assurance (EQA) of internal audit services and the outcome of a review of the Governance and Audit team.  Gareth explained that whilst PSIAS required the EQA be completed by 2018, he was aiming to complete it sooner.  He also described how an away day had generated clear proposals on how to take the team forward.  He agreed to keep the Committee informed of any changes. 

Action

-        Gareth to review appendices of HMT’s revised Audit and Risk Assurance Committee Handbook regarding cyber security and whistleblowing and report findings to the Committee.

-        Gareth to update the Committee in November of changes to the Governance and Audit team. 

Oral item

7.1        Gareth informed the Committee that an updated working protocol approved in April 2015 had been reviewed and remained valid.  He regularly meets with a Team Lead from the WAO to discuss the ongoing working relationship.  The Committee welcomed this evidence of a continued strong working relationship with external audit.  

7.2        The Committee also noted that the WAO would be carrying out the external review on compliance with the Public Sector Internal Audit Standards.

ACARAC (31) Paper 8 – IA outline plan 2016-17

5.1        The Committee had approved Gareth’s strategy at the February meeting and welcomed his outline plan for 2016-17. 

5.2        When questioned whether his plan should include the new finance system, Gareth agreed to discuss this with Nia to determine the level of assurance required by the project board.

5.3        Gareth also provided the Committee with some further information on the planned security review.  Following a period of restructuring within the team, Gareth wanted to ensure that the changes were well embedded within the service area before carrying out his review. 

5.4        A wider discussion centred on security provided by South Wales Police.  Claire assured the Committee that the financial implications of increasing the police presence had been considered carefully to ensure they were necessary and cost effective.   

5.5        Dave also provided an update on work to assess the Commission’s exposure to cyber security risks, including the engagement of an inspector from North Wales to help identify and manage risks of attacks to our Building Management System.

ACARAC (32) Paper 4 – Making the most of the Assembly Estate

4.1        Gareth presented this review which detailed the progress made against one of the Commission’s corporate priorities.  He informed the Committee that a new Visitor Experience and Venue Manager had recently been appointed who would take the recommendations forward.  

4.2        In response to questions from Committee members on refurbishing Members’ accommodation, Gareth and Dave explained the work had been undertaken as part of the planned maintenance programme.     

4.3        A further discussion centred on the long-term value for money on the use of the Assembly estate, including the potential to purchase Tŷ Hywel.  Dave agreed to revisit this.  It was agreed that wider considerations about accessibility to the Cardiff Bay area were important, but largely outside the Commission’s control.

4.4        The Committee welcomed this comprehensive report especially in addressing the objectives set by the Commission, and encouraged the continued use of visitor experience feedback. 

Action

-        Dave to investigate options for the purchase of Tŷ Hywel.    

Previously Circulated IA reports

ACARAC (32) Paper 5 – Bilingual Services

ACARAC (32) Paper 6 – Data Analytics

ACARAC (32) Paper 7 – Budgetary Control

4.5        Three internal audit reports were circulated out of committee on 30 March and Gareth summarised the comments/queries he had received.  One point highlighted was that the support to individuals and the use of technology identified in the Enhanced Bilingual Services audit should be applauded.  

4.6        The Data Analytics audit, undertaken by TIAA, confirmed that there was no indication of fraudulent behaviour during the financial year in question. Committee members suggested that the objective of future audits should explicitly state that its purpose is to identify any evidence of fraudulent behaviour.

4.7        The audit on Budgetary Control had identified some areas that could be improved with a new finance system but Nia confirmed that the manual workarounds, although resource intensive, were effective.   

ACARAC (32) Paper 3 - IA Update Report 2015-16

3.1        Gareth Watts updated the Committee on recent audit work.   In February, he had attended an Inter-Parliamentary Internal Audit Forum where they had discussed approaches to planning, cyber security and Members’ expenses.

3.2        Gareth had provided details of the discussions around cyber security at the forum to the Commission’s Head of ICT and Broadcasting who would consider how to take this on board. 

3.3        It had also been agreed that Gareth would be taking over future audits of Members’ expenses from the WAO, as this was more cost-effective. 

3.4        At a recent Investment and Resourcing Board (IRB) meeting, the business case for replacing the finance system was approved and Gareth confirmed that he would attend meetings of the project board.

3.5        Gareth advised that, as well as a planned effectiveness review of the IRB, he had been considering options for the governance team to provide additional support for programmes and projects. The Chair encouraged him to consider agile techniques as part of this review.

3.6        As a recently appointed member of the Coleg Gwent Audit Committee, Gareth described the contributions he had made and the networking opportunities this had brought.  As Coleg Gwent had recently implemented a new finance system he would share contact information with Nia Morgan.

ACARAC (31) Paper 7 – Internal Audit Strategy 2016-17

5.1        Gareth presented his strategy document for 2016-17 which would be subject to change on appointment of the new Assembly Commission.  As always, he would continue to share instances of good practice and amend his way of working if he felt it would benefit internal audit.   

5.2        Pending a change to include a link to the working protocol between Internal Audit and External Audit, the committee approved the strategy. 

Action

-        Gareth to include reference in the Internal Audit Charter section of the strategy to the working protocol between Internal Audit and External Audit.

ACARAC (31) Paper 6 – Key Financial Controls

4.1        The audit of the Key Financial Controls was carried out by TIAA and a strong rating given.  Gareth commented that a full complement of staff in the Finance team had significantly increased the robustness and strength of the controls in place.  Committee members commended the Finance team on the robustness of controls.

4.2        The WAO were pleased with the assessment and would hopefully be able to place some reliance on this during the audit of the accounts.     

4.3        Committee members were assured that despite the limitations already identified in the current finance system, the necessary controls were in place.         

4.4        Committee members then questioned the dissemination of information to those outside of the finance team.  Officials informed the committee that Finance Co-ordinators exists within each service area and monthly meetings were used to share information, as well as regular meetings with budget holders to discuss forecasting and staffing matters.

4.5        Finally, the committee suggested that officials should check the process in place for recovery of overpayments. 

ACARAC (31) Paper 3 - IA Update Report 2015-16

ACARAC (31) Papers 4 & 5 – IA Recommendations Monitoring

3.1        Gareth Watts updated the committee on recent audit work undertaken.  Audits on Enhanced Bilingual Services and Financial Management and Budgetary Control were complete and would be circulated outside of the meeting, once management responses had been received.  Work on Data Analytics was scheduled for the end of February and again, Gareth planned to circulate this report out of committee. 

3.2    Claire Clancy and Dave Tosh had recently approved a paper outlining a revised Governance and Audit team structure.  Although not circulated to the committee, Gareth would discuss his proposal during the private session between committee members and the Head of Internal Audit.   

3.3        Gareth then updated the committee on work that he and Kathryn Hughes had undertaken on the Governance and Assurance Frameworks.  They had met with Directors and Heads of Service and were in the process of analysing the completed Assurance Mapping tables, progress on which would be presented to the committee in April. 

3.4        With specific reference to the recent public engagement audit, the committee urged officials to share good practice and lessons learnt with future Assembly Committees and Commissioners.

3.5        When questioned on the number of recommendations made during his time at the Commission, Gareth believed that the variation on numbers year on year reflected the different topics investigated and the amount of issues identified with the different subject areas.  For example, the high number of recommendations in 2014-15 could largely be attributed to the audits of Recruitment and Security.  2012-13, due to the changes in Internal Audit arrangements, had been one of transition and there had been more focus on follow up of prior years’ recommendations. 

3.6        The Chair noted that Internal Audit’s processes for monitoring and reporting recommendations were now more streamlined and proactive, and Claire indicated she was happy with the current approach to Internal Audit work focussing on areas of highest risk and concern which would sometimes result in high numbers of recommendations.     

3.7        Committee members were very encouraged that there were no concerns about any of the management responses to, and progress on, audit recommendations.

Action

-        Gareth to circulate audit reports on Bilingual Services, Financial Management and Budgetary Control and Data Analytics out of committee.

ACARAC (30) Paper 5 – Audit Report - Public Engagement

ACARAC (30) Paper 6 – Quality Assurance and CPD Updates

4.1        The Committee welcomed the Public Engagement audit report, noting that the Assembly is fully focussed on public engagement. That said, the Committee felt that participation methods needed to be reviewed, the organisation needed to be more resilient to negative press and should strive for more positive coverage of its activities. 

4.2        Claire Clancy informed the Committee that, following negative feedback from several sources, the website needed substantial improvement.  Funds had been allocated by the Investment and Resourcing Board to make the website more accessible and navigable.  The Committee welcomed this commitment and emphasised that improvements should be enduring. 

4.3        Officials confirmed that the Engagement Strategy would be a high priority and developed by the Fifth Assembly.  The strategy should consider what indicators would be used to measure performance.  The Committee suggested that engagement in general should be considered when discussing the risks around future constitutional change.       

4.4        As agreed by the Chair, Gareth issued the Procurement audit and ICT Futures Review reports in October. 

4.5        Since the Procurement audit, training sessions had been arranged with a positive take up.  Extracting management information from CODA (the finance system) was problematic but the National Procurement Service had provided information spend analysis on commodity buying which would enhance the quality of management information available to the Procurement Team for monitoring purposes.  Gareth assured the Committee that non-compliance of procurement rules was taken very seriously by management and he was comfortable with progress being made and the actions management are taking to address the issues.

4.6        The Committee questioned the lack of a benefits realisation report for the ICT Futures Review.  Officials confirmed that a full review of the benefits was not carried out at project closure and this had been agreed at various checkpoints, throughout the life of the project.  Wider project management guidance and a benefits framework was now in place to ensure that benefits realisation had appropriate focus in the future.               

4.7        The Chair congratulated Gareth on his recent appointment to Coleg Gwent’s Audit Committee. 

Action

-        Gareth to follow up Public Engagement recommendations.

ACARAC (30) Paper 3 - Internal Audit Update Report 2015-16

ACARAC (30) Paper 4 – Internal Audit Recommendations – Monitoring

3.1        Gareth Watts updated the Committee on progress against his 2015-16 audit plan.  He assured the Committee that his planned schedule of work was on course and that he would continue to monitor the outstanding recommendations.  Good progress was being made in implementing the recommendations from previous audits, including Value for Money and Expert Advisors.  Gareth agreed to present an itemised report of outstanding actions in February 2016. 

3.2        The Committee welcomed Gareth’s update on a series of meetings that he had attended with Kathryn Hughes (Risk Manager) and Heads of Service.  The ‘Governance Matters’ meetings were part of the Assurance Framework, building on the Assurance and Governance statement and raising the profile of the Governance and Audit team.  Once approved, Gareth agreed to share an updated Governance and Audit team structure with the Committee.      

3.3        Over the coming months, he would focus on providing assurance of the Commission’s enhanced bilingual services and key financial controls.  In addition to the approved plan, he has agreed an additional piece of work with the Director of Finance on controls over pension disclosures.

Actions

-        Gareth to provide an itemised report of outstanding recommendations of the last four years.

-        Gareth to present updated Governance Framework.

-        Gareth to update ACARAC on revised Governance and Audit team structure.           

ACARAC (28) Paper 3 - IA Progress Report

3.1        Gareth updated the Committee on activity since the April meeting.  The scope for the procurement audit had been finalised and a report would be produced over the summer.    

3.2        The Committee asked about activity planned for January 2016 – ‘Value for Money Study into making use of the Assembly Estate’, in light of proposals to review business efficiency more widely.  Gareth explained that this was linked to one of the Assembly Commission’s key priorities.  Dave Tosh and Mike Snook would lead on this work, which would feed into the wider business efficiency review.  The Committee also asked about the results of the benchmarking of the Governance Statement against WAO guidance. Gareth explained that this showed that all guidance had been taken into account.

3.3        Nicola Callow informed the Committee that the business case for the replacement finance system project had been scrutinised by the Investment and Resourcing Board (IRB) and Keith Baldwin.  A revised business case would be presented to the IRB before the procurement exercise.         

ACARAC (28) Paper 4 – IA Annual Report

4.1        The Committee considered the report to be a good assessment of work undertaken by Gareth during the year.  Committee members were encouraged by the forums and events that he had attended recently and his pro-active approach in seeking contacts and examples of good practice.  Gareth agreed to share these best practice methods with the Committee.

Actions

-        Gareth Watts to share experiences of public sector internal audit best practice

ACARAC (28) Paper 5 – Quality Assessment Framework – cover paper

ACARAC (28) Paper 6 – Quality Assessment Framework

5.1        Gareth provided the Committee with a summary of the results of a self-assessment against the Internal Audit Quality Assurance and Improvement Programme, carried out in line with requirements of the Public Sector Internal Audit Standards.    

5.2        He commented on his work to raise the profile of Internal Audit within the organisation and felt that engagement had improved since he was appointed.   A scoping exercise needed to take place, before exploring potential procurement routes and suppliers to carry out an external review.  

5.3        The Committee thanked Gareth for his update and welcomed the suggestion from him to update the Committee on progress against actions in the future.  Committee members also welcomed his self-critical approach.         

Actions

-        Gareth Watts to provide regular updates on progress against actions contained in the Internal Audit Quality Assessment Framework.

ACARAC (27) Paper 6 - Review of the appointment of Expert Advisers to Committees

4.1        The Committee welcomed this report and the robust recommendations to strengthen the process, which they hoped to see implemented so that expert advisors are used more widely and effectively in the future.  As part of this, they suggested that officials should examine the need for training for Committee Chairs or Clerks and Deputy Clerks in the use of expert advisors.  They reflected on the potential conflicts of interest but recognised the small pool of experts available to some Committees.  The evaluation of the effectiveness of advisers was also encouraged.  Members noted that the Commission should consider the NAO Report from November 2014 and take account of this and any additional guidance the Wales Audit Office may provide on managing conflicts in the future.

Actions

-        Appointment of Expert Advisors to Committees – ensure the agreed recommendations are implemented and that there are no obstacles to using expert advisors in the future.

-        Examine the need for, and if appropriate make available, training for Committee Chairs or Clerks and Deputy Clerks in the use of Expert Advisors.

ACARAC (27) Paper 7 – Value for Money report

4.2        Gareth was pleased to report that there was a strong Value for Money (VfM) culture across the organisation, although efficiencies could be more widely captured. 

4.3        The Committee queried whether recruitment delays should be reflected as VfM savings.  Claire confirmed that delays in appointing staff were sometimes inevitable and that recruitment had sometimes been purposely delayed in order to deliver savings.

4.4        Nicola’s team had discussed savings with Heads of Service across the organisation and VfM savings would be captured in the Annual Accounts.   

4.5        The Chair welcomed the inclusion of this information in the accounts and encouraged officials to concentrate on capturing efficiency/process streamlining and procurement savings. 

ACARAC (27) Paper 8 - Review of the Assembly Commission’s Project Management Arrangements (also item 12)

4.6        Gareth’s audit confirmed that there were no surprises in this area.  Many of the historical issues that had been identified would continue to be addressed.  Business cases could be sharper, as could post implementation reviews and benefits realisation analysis.        

4.7        Dave informed the Committee of the increased involvement of Business Analysts in projects and the on-going work on benefits management.  He highlighted the culture already embedded in some areas of the Assembly where formal project management processes were in place. 

4.8        Committee Members urged officials to ensure that there was a sufficient focus on delivery, that clear objectives were set and that post project reviews captured and shared lessons learned. 

4.9        The Chair welcomed both papers, was satisfied with progress to date and noted that the papers were complementary.      

ACARAC (27) Paper 9 – Internal Audit Charter

5.1        Gareth highlighted the sole change to the charter which was that his reporting line was directly to Claire Clancy.

5.2        The Committee were content with the charter.

ACARAC (27) Paper 3 – Progress report 2014-15 IA Programme

ACARAC (27) Paper 4 – IA Recommendations – Monitoring

ACARAC (27) Paper 5 – Internal Audit Strategy 2013-16

3.1        Gareth Watts had completed his 2014-15 programme of work and focussed on the good progress made in relation to 2014-15 recommendations.    

3.2        The Committee questioned the Data Analytics - accounts payable audit which did not have a conclusion rating.  Gareth confirmed that he had no concerns regarding the integrity of the data or the risk of fraud. 

3.3        They also asked for details of Gareth’s plans to audit the Finance Accounting System.  Nicola Callow and Gareth confirmed that when a project was established, he would schedule it into his work programme.  Nicola had shared the business case with TIAA and received some valuable feedback.  She would also review the initiative with Keith Baldwin.

3.4        Gareth confirmed that he would be including his vision for the role of Internal Audit in the Assembly as part of his forward programme of work.  He would also discuss with the Head of Communications whether the Better Engagement audit could be brought forward.    

3.5        The Chair thanked Gareth for his revised strategy and welcomed his flexible approach, especially the increased focus on Assembly Business areas.

3.6        The Committee then received an update from Mike Snook on the Security Vetting audit.  His team had identified those employees who required Security Clearance (SC) and had been working to ensure they were all vetted by the start of summer recess in July 2015.

3.7        For the lower level clearance (CTC), discussions were on-going with the trade unions and the vetting process should be completed by May 2016.  Mike and Dave Tosh had also spoken with the Welsh Government about their approach.

3.8        Committee members were assured that there are close links with South Wales Police (SWP), but questioned whether all intelligence was being shared with Assembly Officials at appropriate times.  

3.9        Dave confirmed that SWP had been heavily involved in discussions recently and were providing the Assembly Commission with updates and intelligence.  The Assembly Commission would be discussing security in the round at their meeting on 23 April.

3.10     Overall, Committee members and Internal Audit were satisfied with progress. 

Actions

-        Discuss with SWP whether there is further intelligence on local threats that they are able to share and how this can be disseminated more widely.

-        IA Strategy 2013-16 - Ensure the IA strategy document captures the vision for the future role of Internal Audit in the Assembly. 

-        Ensure information contained in tables presented in the IA Strategy and the IA Charter is aligned.

-        Better Engagement - assess whether the date of the final report can be brought forward from January 2016 to autumn 2015.

1.0     

2.0     

3.0     

4.0     

5.0     

6.0     

7.0     

8.0     

9.0     

10.0     

11.0     

12.0     

13.0     

14.0     

15.0     

16.0     

17.0     

17.1    Gareth would be presenting the working protocol with WAO at the April meeting, which reflected some updates.  The Chair also asked Gareth to consider and summarise sources, or potential sources of external assurance, to complement those identified in the Assurance Framework.

Action

-       Gareth to summarise sources, or potential sources of external assurance.

1.0      

2.0      

3.0      

4.0      

5.0      

5.1     Eric welcomed the update from Gareth and congratulated him on raising the profile of Internal Audit across the Commission.  He would like reassurance that the strategy could be flexed depending on priorities.  He also requested a summary of the feedback received from Heads of Service involved in audits. 

5.2     Committee members requested clarification on how the audit on Better Engagement with the People of Wales would add value as the measurement of success was not as tangible as in other areas.  They also re-emphasised the importance of focussing on the Assembly Business Directorate and asked Gareth to describe the Governance and Audit Service audit.    

5.3     Gareth thanked the Committee for their comments and agreed to provide further detail in April, along with a summary of the comments received from Heads of Service.  His audit of the services provided by Governance and Audit would involve benchmarking against other organisations and potentially identifying different ways of delivering services.

Actions

-       Take on board the Committee’s comments on the Internal Audit Strategy 2013-16 and present a final version to the Committee in April.  Including:

o   Flexibility and how plan may be refreshed,

o   balanced focus on business areas,

o   detailed timetable for 2014-15.

-       Incorporate feedback from audit sponsors in the Internal Audit Annual Report.

3.1        Gareth Watts provided an update on progress against the 2014-15 audit programme.  The Committee agreed that progress was positive but suggested that Gareth should ensure appropriate focus on the Assembly Business Directorate in the 2015-16 audit plan. 

1.0         

2.0         

3.0         

4.0         

4.1        Gareth introduced the three reports and assured the Committee that he was satisfied with the Management Board responses.

4.2        The Payroll audit highlighted that controls were in place and working effectively, although policies and procedures could be improved.  Gareth would update the Committee at future meetings as part of his recommendations monitoring reports. 

4.3        The Legislative Work Bench audit highlighted some historical issues around project management practices but the audit focused on the user experience rather than implementation of the system.  Officials at the Commission made good use of the system.  The joint contract with Welsh Government was due to expire in 2017 and the decision on whether to retain or replace the system would ultimately rest with them. 

4.4        The Committee were content with the report and welcomed the proposed timescales for implementation of recommendations and the potential influence officials may have with the user group.            

4.5        They also made reference to officials being intelligent customers and exploring every option, including outsourcing non-core functions.  Dave explained that the Business Analysts were involved early in the project process but not involved in specific solution specification.  Use of internal knowledge and expertise would be supplemented with market research where appropriate.  The Procurement team would advise on the appropriate framework before a business case was prepared.                     

4.6        A substantial discussion took place with regards to the Security Vetting audit.  Gareth confirmed that management had engaged positively with the audit and had accepted the recommendations in the report. 

Actions

-       Dave to accelerate the implementation of recommendations on the Security vetting audit.

-       Gareth to update the Committee at April meeting on implementation of all recommendations, as part of Internal Audit recommendations monitoring.

-       Dave to review the Welsh Government’s approach to bolstering vetting procedures.

3.1        Gareth Watts provided an update on progress against the 2014-15 programme of work which was on course for delivery. He also updated the Committee on other activity such as attendance at project board meetings.

3.2        He reported that good progress had been made on the implementation of recommendations which would be followed up in due course.

3.3        Dave Tosh provided an update on progress against recommendations from the review of information governance, where the focus had been on resolving practical issues such as security of mobile assets and storage of information. The Committee requested a presentation of the Information Governance Framework at the next meeting.

3.4        Gareth confirmed that the review of physical security was due to be completed in the coming weeks and agreed to circulate the report to Committee members when it had been approved.

3.5        The Chair congratulated Kathryn Hughes, the Commission’s Risk Manager, on the “strong” opinion on controls around risk management.

Actions

-                   Gareth Watts to formally document the feedback received from Committee members on reports circulated over the summer, and his responses to this.  Feedback and responses to be captured as a matter of course in future for reports circulated out of committee.

-                   Dave Tosh to present the Information Governance Framework to the February meeting.

-                   Gareth Watts to circulate the report on the review of physical security when complete.

4.1        Gareth introduced the report on the review of fixed asset management, for which all recommendations had been accepted and the follow-up report on the review of facilities contract management.

4.2        In response to questions from Committee members in relation to fixed assets, Nicola Callow assured the committee that:

a.    the Commission’s accountant would be working with ICT to identify assets which needed to be capitalised;

b.   assets over £5,000 would be picked up as part of the interim review of the accounts;

c.    serial numbers for all assets would be recorded before the year-end; and

d.   an assessment of exposure on leases had been carried out to prepare for any impact.

4.3        Gareth presented the report on the review of recruitment which had been carried out in response to a request from the Chief Executive.

4.4        Claire assured the Committee that the results of the audit were being used to inform a series of improvements. This would include:

a.     the development, by the Management Board, of a set of principles around decision-making for recruitment;

b.     ensuring that the policies, processes and guidance were coherent, accessible, regularly reviewed and properly understood by staff;

c.     ensuring that the adoption of the principles and policies, and the reasons for decisions around recruitment exercises were transparent;

d.     ensuring that thorough reviews were carried out for each recruitment exercise which would include checks that records had been captured and retained in accordance with records management rules and data protection legislation; and

e.     encouraging better ownership of issues by Heads of Service around recruitment, development and performance.

4.5        The Committee endorsed this approach and emphasised the importance of transparency, fairness, and effective record-keeping.

4.6        The Chair also offered to work with the Head of HR to develop the recruitment principles and review the underpinning policies and processes.  The recruitment business case template would be shared with Committee members.

4.7        Gareth introduced the HR Payroll report via a presentation.  The review was carried out by Gareth and Gwyn Thomas, an independent expert. 

4.8        This review concentrated on the governance of the project, rather than the core functionality of the system.  Gareth concluded that the scope was ambitious, the resources were limited and that the timescales were fixed.  These factors contributed to delays in delivering phase 1 of the HR Payroll project. 

4.9        His report did not single out individuals, but highlighted recommendations around questions that could have been raised by the Investment Board and Management Board. 

4.10     Committee members were surprised that individuals with little or no project management experience were allocated to this important and complex project and that such contradictory answers were given to some of the questions asked of the project team. 

4.11     Claire was disappointed and frustrated that this project was not executed to the normal standard of other high profile, complex projects within the Commission.  She assured the Committee that for future projects of this scale, SROs and PMs would be selected at the Investment and Resourcing Board.  Claire also confirmed  ...  view the full minutes text for item 4