Agenda and minutes
Venue: Remote - Digital. View directions
Contact: Clerk: Kathryn Hughes Deputy Clerk: Buddug Saer
No. | Item |
---|---|
Introductions, apologies and declaration of interests Minutes: 1.1
The
Chair welcomed everyone to the extended meeting. There were no apologies. 1.2
As
this was Suzy Davies’ last meeting the Chair expressed, on behalf of the whole
Committee, heartfelt thanks for her contribution, insight and constructive
challenge during her term as a member of the Committee. He would welcome
hearing her thoughts on her membership later in the meeting. |
|
Minutes of 12 February, actions and matters arising Minutes: ARAC (02-21) Paper 1 – Draft Minutes
of 12 February 2021 ARAC (02-21) Paper 2 – Summary of
actions 2.1
The minutes of the 12 February meeting were
agreed. The Committee noted the following in response to points raised by Suzy: - (paragraph
4.3) – to supplement the recent audit on ICT asset management, Gareth Watts
would be producing an update report after the Election on the return of ICT
assets and furniture by departing Members. The Committee agreed that, where
possible, this should include discussions with departing Members as well as the
Members’ Business Support team. - (paragraph
5.3) - the Committee welcomed that, once elected, the new Members would receive
cyber security awareness training as part of the induction process. 2.2
Updates to the actions summary were noted. In
reference to action point 6.2 - Ann Beynon had discussed the Commission’s
involvement with the Equality and Human Rights Commission with Lowri Williams,
Head of HR and Inclusion and potential actions emerging would be discussed
further with officials. |
|
COVID-19 - Corporate update Minutes: Oral
update 3.1
Dave
Tosh provided the Committee with some monitoring data that had been routinely
collected since March 2020. This showed that the Senedd Commission had not been
impacted by high numbers of confirmed cases of Covid-19, largely due to moving
to virtual/hybrid working. 3.2
Attendance
on the estate remained low and plans were being revisited for a limited and
managed return. The wellbeing of staff remained a concern and it was evident
that the strain from lack of face to face contact and group activity was
beginning to tell on some. 3.3
The
Covid Resilience and Monitoring Group (CRAM), chaired by Dave, had continued to
monitor changes to regulations as issued by Welsh Government. The group also
continued to review a range of risk assessments including for those returning
to the estate to prepare for and deliver post-Election activity such as
oath-taking, collection of IT kit and a hybrid plenary session for electing the
Presiding Officer and First Minister. 3.4
Dave
also advised that, following discussions with South Wales Police and Cardiff
Council, the decision had reluctantly been made to retain the fences erected
around the Senedd as a deterrent for anti-social behaviour until after the
early May bank holiday. 3.5
In
response to questions from the Committee around recording of vaccination data,
Dave advised that, based on legal advice, there was no good business purpose
under data protection legislation to capture this information. 3.6
Dave
also responded to questions around the Commission’s approach to longer term
planning for a return to normal post-Covid and estimated occupancy levels.
Pilot schemes were underway to re-configure some work spaces which included
equipment in meeting rooms to accommodate hybrid working. These would be
evaluated and rolled out in due course, taking account of requirements of
individual teams and their roles. 3.7
Gareth
provided further assurance that due diligence was being carried out by CRAM to
ensure effective governance and assessment of risks associated with returning
to the estate. He had shared the terms of reference for the group with his
counterparts in other legislatures who were experiencing similar issues. 3.8
The
Committee welcomed this comprehensive update, especially the detail of the
planning involved to ensure the continued safety and wellbeing of those who
were working on the estate. The Chair wished to record his recognition of the
successful governance arrangements that had been put in place by the Commission
throughout the pandemic. |
|
Reflections from Suzy Davies MS Minutes: Oral
item 4.1
Suzy
welcomed the opportunity to share her thoughts with the Committee and thanked
its members and officials for being so welcoming and supportive. A summary of
her reflections is outlined below. 4.2
The
exceptionally high standards of work across the organisation sometimes made it
challenging to suggest improvements. However, Suzy noted that there was an
ethos of continuous improvement and that the scrutiny and challenge from the
Committee worked well. There had also been major changes to senior management
in the last few years which had generated welcome new ideas. 4.3
As
well as business as usual activity, Suzy noted that the Commission’s response
to the amount of work resulting from Brexit had been astounding, particularly
by the Legal Service and its support for the Senedd Committees. 4.4
Suzy
also congratulated Commission staff on their responsiveness and business
continuity arrangements during the pandemic which had been staggering. She
urged senior management to remain cautious with plans for remote and hybrid
working arrangements, as more people might want to be present in the office
than anticipated. She also noted the
development of changes around engagement activity, such as the virtual tours of
the Senedd, which had worked very well and should continue to be offered in the
future 4.5
Suzy
thanked Nia Morgan for her help, particularly in helping to prepare for
appearances before the Finance and Public Accounts Committees, and her ability
to explain financial terminology. Praise was also extended to Nia and her team
for their management of the budgets, greater transparency in reporting and
clean audits of the accounts. She expected there to be a continued focus on
scrutiny around value for money and prioritisation of resources in the sixth
Senedd. 4.6
Suzy
suggested that public sector spend in general would be monitored and
scrutinised more than ever during the sixth Senedd as a result of the pandemic.
She also noted that risks would need to be considered around the expectations
of Members, the Llywydd and the public on priorities for spending. 4.7
Going
forward, Suzy noted the importance of clearly defining the role of
Commissioners in terms of managing the relationship between the Commission and
Members of the Senedd, particularly where decisions on working practices and
spending priorities could cause tension. In response to questions around
communication between Commissioners, Members and officials, Suzy suggested ways
this could be improved, including consideration of more face to face contact
and opportunities for Members and party groups to engage more directly with
appropriate officials to share feedback.
4.8
The
Chair thanked Suzy for her honest analysis and Committee members wished her all
the best for the future. Suzy agreed to share a more comprehensive note with
the Chair, which could be used to inform future discussions with relevant
officials. Actions ·
Suzy
to share her reflections on membership of the Committee in writing with the
Chair. ·
Chair
to discuss any action points from Suzy’s reflections with relevant officials. |
|
G&A update report Minutes: ARAC
(02-21) Paper 3 – G&A update report 5.1
Gareth
presented his update report on governance and audit work, highlighting priority
work with further updates to follow in due course. 5.2
Despite
the disruption caused by the Covid-19 pandemic, Gareth was pleased that the
reports on the Commission’s ICT asset management and cyber security had been
completed and were included in the papers for this meeting. 5.3
The
fieldwork for the audit of Members’ expenses had also been completed and a
draft report shared with the Members’ Business Support team. Gareth highlighted
that this was the first year the audit had been completed remotely and with
electronic records and, given its success, would be repeated for future audits.
In response to a suggestion from Suzy, Gareth agreed to consider ways to seek
input from Members for future expense’s audits, to help aid their understanding
of the process. |
|
Internal Audit Charter and Internal Audit's compliance with Public Sector Internal Audit Standard (PSIAS) Minutes: ARAC (02-21) Paper 4 – IA Charter
cover paper ARAC (02-21) Paper
4 – Annex A - IA Charter 2021 6.1
Gareth
presented his paper, highlighting that the Senedd Commission’s Internal Audit
service generally conforms with Public Sector Internal Audit Standards (PSIAS).
In line with PSIAS requirements, the Committee was asked to formally approve
the Commission’s Internal Audit Charter. Gareth confirmed that his annual
review of the Charter had not resulted in any substantive changes. 6.2
Responding
to questions around the detection of fraud and appropriate training, Gareth and
Nia explained their collaborative approach to providing assurances to Manon, as
the Accounting Officer on the controls in place. The Committee were reminded of
the training and ongoing awareness activities for appropriate officials,
including members of the Finance team and the finance co-ordinators in each
service area. Mark Neilson added that general cyber security awareness training
for staff, which covered fraud detection, was also delivered throughout the
year. Audit Wales also reminded the Committee of its own good practice guidance
on fraud and outlined a recent case study where fraudsters were hijacking
supplier emails. Gareth offered to share the various fraud guidance documents
with Committee members. 6.3
The
Chair indicated that a shared responsibility approach was common practice in
public sector bodies but urged a continued focus on this going forward. 6.4
The
Committee thanked Gareth for the update and approved the Internal Audit Charter
for 2021. |
|
Internal Audit Annual Report and Opinion Minutes: ARAC (02-21) Paper
5 – Internal Audit Annual Report and Opinion for 2020-21 7.1
Gareth
introduced his paper which provided an overview of the work undertaken by the Internal
Audit service for the year ended 31 March 2021. The Committee noted that some
planned audits had been delayed due to
Covid-19 but welcomed the additional real-time assurance work undertaken. This
had included reports to reflect on the Commission’s response to the Covid-19
pandemic and a review of the Commission’s risk and issue management during the
pandemic. 7.2
The
Committee welcomed the Commission’s continued positive attitude to the
implementation of audit recommendations which reflected well on organisational
culture. 7.3
The
Chair thanked Gareth for his update, noting recognition for the volume of work
covered and assurances provided on the controls in place. 7.4
Responding
to questions around the overall moderate assurance rating in his Annual Report,
Gareth judged this to be a fair assessment in light of the audits conducted,
some of which were rated as substantial assurance but with others being delayed
due to the challenging circumstances. |
|
Annual Report on Fraud Minutes: ARAC (02-21) Paper
6 – Annual Report Fraud 8.1
Gareth
introduced his Annual Report on Fraud to the Committee. The provision of
assurances and details of training and awareness around fraud had been covered
under agenda item 5. 8.2
The
Committee noted the recent case whereby internal controls and monitoring of
Members’ spend had detected the theft of Commission assets which resulted in
investigation by the appropriate authorities. Arwyn described how controls
around the stationery ordering process for Members’ offices had been further
tightened to prevent this from occurring in the future. He added that the
enhanced controls provided greater oversight by the Remuneration Board and
greater transparency. 8.3
The
Chair thanked Gareth for the update and the Committee noted the report. |
|
Latest Internal Audit reports Minutes: ARAC (02-21) Paper
7 – ICT Asset Management ARAC (02-21) Paper
8 – Cyber Security 9.1
Gareth
introduced the ICT Asset Management internal audit report. The main focus of
the review had been on the management of portable media devices which had been
identified by ICT as an area of potential risk, particularly given the new ways
of working. A rating of substantial assurance was given with two
recommendations accepted by the ICT team. Gareth outlined further work to
enhance the use of management information and reviewing process with new
Members and their staff which would take place during the year. 9.2
In
response to questions around the safe and sustainable disposal of assets,
Gareth advised that he had sought and received assurances from the Commission’s
Sustainability Manager, and the Estates and Facilities Management and ICT teams
on the effectiveness of arrangements with a local third-party supplier. 9.3
Gareth
introduced the Cyber Security audit report produced by TIAA. He explained that
an audit of this high risk area was undertaken annually, the scope of which was
based on discussions about areas of focus with the Head of ICT. The focus for
this year was around back up and recovery arrangements which included
comparisons with best practice guidance provided by the National Cyber Security
Centre (NCSC). 9.4
The
review concluded that the Commission had made considerable progress in
implementing a new backup process which provided significant improvements over
the previous solution. The overall rating of moderate assurance was given with
six recommendations accepted by management. The Committee welcomed the
thoroughness of the report. 9.5
In
response to questions from Committee members, Mark Neilson confirmed assurances
around the security of the network, the tight security around off-site servers,
and arrangements for business continuity and disaster recovery and back ups,
including for legacy back-up tapes. This included assurance for the management
of risks around malware and for resolving issues outside normal working hours.
He also noted added resilience through membership of a wider public sector
arrangement and agreed to invite a representative to attend a future meeting. 9.6
The
Committee thanked Mark for the additional assurances and noted that, whilst
assurance levels were not as high as anticipated they were pleased with the
management responses. They appreciated that ICT infrastructure was under
constant threat and were thankful for all the efforts by Mark and his team to
manage cyber security risks. The Committee would welcome future updates on the
implementation of the back-up solution.
|
|
Emerging findings and advice to Accounting Officer regarding submission of the draft Annual Report and Accounts to the Commission Minutes: ARAC
(02-21) Paper 9 - Audit Wales update 10.1
The
Chair welcomed Audit Wales to the meeting and extended his congratulations to
Ann-Marie on her recent promotion to Executive Director of Audit Services
within Audit Wales. 10.2 Ann-Marie informed the Committee
that, due to the significantly higher proportion of work in the health sector,
Steve Wyndham would need to temporarily return to work on their accounts. To
ensure a level of continuity, responsibility for auditing the Commission’s
accounts would be handed back to his predecessor Gareth Lucey. Audit Wales apologised for this change in
personnel, especially mid-way through an audit, but appreciated the
Commission’s understanding in the matter. 10.3 Steve presented the paper which
provided an update on current and planned financial audit work. He confirmed
that the audit fee remained unchanged from the previous year but noted this was
an estimate until the work was complete. There was nothing of note in the audit
work undertaken so far and there had been good co-operation by Nia, the Finance
team and Gareth Watts. He confirmed they were on track to commence the audit of
the accounts on 10 May, 10.4 The Committee welcomed the inclusion
in the paper of information about the Auditor General’s wider work programme,
including the Good Practice Exchange (GPX). |
|
Commission's draft Annual Report and Governance Statement for 2020-21 Minutes: ARAC
(02-21) Paper 10 - Draft Annual Report and Accounts 2020-21 - cover paper ARAC
(02-21) Paper 10 – Annex A – draft Annual Report Narrative ARAC
(02-21) Paper 10 – Annex B – draft Statement of Accounts ARAC
(02-21) Paper 10 – Annex C – draft Annual Governance Statement 11.1 Arwyn
Jones outlined the annual report narrative section which, as in the previous
year, included a table to highlight a summary of activity and analysis of
performance during the year in a concise way. Inevitably, there was a focus on
how the organisation had reacted in an agile and positive way to the pandemic.
The focus going forward was on embedding new ways of working into business as
usual. 11.2
In relation to the Statement of Accounts, Nia
highlighted that this was presented for information on the format only at this
early stage. She added that targets outlined in the 2020-21 Audit Plan had been
met and that the final accounts would be ready to present formally to the
Committee at the meeting on 18 June 2021. 11.3
The Committee commended the Commission on its
remarkable performance during a remarkable year. Committee members commented on
the length of the narrative section and its readability but acknowledged that
best practice guidance had been diligently followed on its content. They also
suggested consideration of an executive summary to focus on key messages and
the inclusion of details on potential capital spend on the estate. They also
commented that the report should be a key briefing document for the new
Commissioners once appointed. 11.4
Arwyn thanked the Committee members for their
constructive feedback. In terms of readability he outlined plans to making the
report more interactive in future years, with better use of graphics. In terms of the content and length of the
report, Manon added that positive feedback had been received on previous
reports from the Senedd’s Public Accounts and Finance Committees. 11.5
Officials agreed to consider the specific comments
raised at the meeting and Committee members agreed to send detailed comments to
the Clerking team by 7 May. Action:
ARAC members to send detailed comments on the draft Annual Report and Accounts
to the Clerking team by 7 May. |
|
Finance Update Minutes: ARAC (02-21) Paper 11 – Finance Update 12.1
Nia Morgan set out the latest financial
position for 2020-21 and the anticipated financial position for 2021-22 and
2022-23. It was anticipated that the out-turn for the operational budget at
year end would be 0.4% which was well within the target of between 0% and
1.5%. 12.2
In
response to questions from the Committee around the accrual of leave, Nia
confirmed that the extended Christmas shut-down had reduced the annual leave
provision figure required and the figure reflected in the accounts would be an
accounting adjustment only. |
|
Corporate Risk Minutes: ARAC (02-21) Paper 12 – Corporate Risk ARAC (02-21) Paper 12 – Annex A –
Summary
Corporate Risk Register ARAC
(02-21) Paper 12 – Annex B – Corporate Risks plotted 13.1 Dave presented this item noting that the
Corporate Risk Register had been reviewed by the Executive Board on 21 April
and outlining the changes agreed. Officials responded as below to questions
from the Committee members on specific risks. 13.2 Dave was satisfied with the
information captured for the description of the data protection risk and its
severity, noting that the Executive Board received fuller reports on which to
base its reviews. He outlined the challenges around additional workloads in
this area partly due to changes in engagement activity and events brought about
by the pandemic and also preparing for an election and induction for new
Members. This included supporting teams across the Commission to carry out
impact assessments and privacy notices and also maintaining awareness of data protection
issues. 13.3 In relation to the risks around
compliance with the Senedd’s Official Languages Scheme (OLS), Arwyn explained
that effective communication of the issues with Members, their staff and party
groups and the mitigation in place would reduce the impact of a breach. Members
appreciated the limits of existing platforms and the continuing efforts by the
Commission to find a technical solution to allow simultaneous translation for
all meetings. Arwyn reminded the Committee that this was only an issue for
private meetings and that simultaneous translation was still available for all
public, formal Senedd business. He added that workarounds reduced the
likelihood of a breach and that ICT colleagues were continuing to work with the
Welsh Government and Microsoft to push for a solution. He also re-iterated the
commendation by the Welsh Language Commissioner on the approach. 13.4 Siwan explained that a fresh
assessment would be carried out of the risks around the UK’s exit from the EU
and associated constitutional change. She added that the uncertainty was at a
political level and there were no concerns over the Commission’s ability to
serve Members of the Senedd and its Committees.
13.5 Dave explained that risks around
corporate capacity would be reviewed in light of emerging Commission priorities
and budget constraints and the next capacity review. 13.6 In relation to the risks around
dignity and respect, the Committee noted that a new Code of Conduct for Members
had been approved and welcomed the addition of the ‘respect’ principle. Siwan
advised that this would form an important part of the induction sessions for
Members, which would include meeting the Standards Commissioner, and that a
review of the complaints procedure was planned. Action: Clerking team to share a published copy of the
new Members’ Code of Conduct with Committee members
|
|
Risk Management Process (Oral Item) Minutes: Oral update 14.1
The
Committee welcomed this opportunity to discuss the risk management process. In
response to comments from Committee members around reporting on integrated management
of risks, Dave explained that discussions at service, directorate and Executive
Board level considered the interconnections and overall risk profile but
recognised this might not be apparent in the reports presented to the
Committee. Kathryn Hughes agreed to consider this further. 14.2 The Chair was content that the
register was dynamic, demonstrated by movement in the risks and their ratings,
and that the risks captured and their ratings were appropriate in the current
climate. |
|
Departure Summary Minutes: ARAC
(02-21) Paper 13 – Departure Summary 15.1 The Committee raised concern that the
Commission had not tested the market for a service to deliver coaching and
learning and development resources. Ann Beynon also wanted on record
that similar concerns had been raised by members of the Commission’s
Remuneration, Engagement and Workforce Advisory Committee (REWAC).In response,
Dave noted the concerns and explained that the decision had been based on an
understanding of the market, quality and value for money of the product, its
online offering and potential for it to deliver savings. He added that, as the
product was also used by other parliaments, it provided a good opportunity for
collaboration. |
|
Update on fraud and whistleblowing policies Minutes: ARAC
(02-21) Paper 14 – Whistleblowing Policy and Fraud Policy Updates – cover paper ARAC
(02-21) Paper 14 – Annex A - Fraud Corruption and Bribery Policy ARAC
(02-21) Paper 14 – Annex B - Whistleblowing Policy 16.1
Gareth
confirmed that there had been no substantive changes from his annual review of
both policies. 16.2
In
relation to fraud, Gareth reminded the Committee about the National Audit
Office’s recent ‘Good Practice Guide on Fraud and Error’ which had been
circulated previously. This included a checklist which Gareth would review to
determine what aspects could be applied to the Commission. Alongside this
review he had also completed his Annual Report on Fraud which was presented
under item 7. 16.3
In
reviewing the Whistleblowing Policy, Gareth had taken account of guidance from
Protect (formerly Public Concern at Work). He added that he would be carrying
out a fuller review of the policy during 2021-22. This would involve liaising
with HR colleagues and others involved in updating the Commission’s approach to
dignity and respect at work to ensure appropriate links to this policy. 16.4
The
Committee noted Gareth’s updates and endorsed his approach. |
|
SIRO Annual Report Minutes: ARAC (02-21) Paper 15 – SIRO Annual
Report 17.1 The Chair thanked officials for a very
comprehensive report and welcomed more information on the protective marking
scheme. 17.2 Dave emphasised the challenges over
the year for delivering on priority work around compliance with, and raising
awareness of data protection legislation and the additional work created by the
pandemic and the Senedd Elections. In relation to introducing a protective
marking scheme, Dave outlined the complications of finding a technical solution
that was flexible enough to accommodate the different requirements for the flow
of information for both Commission staff and Members. He added that, whilst the
team would continue to pursue this, the focus was currently on preparations for
the new Senedd and the production of guidance for Members. 17.3 In relation to a comment about the
mitigation of risks around data sharing, Dave confirmed that Members had
welcomed the migration to SharePoint and OneDrive for its security features and
flexibility and that all Members would now be using these platforms. 17.4 Suzy questioned the number of Freedom
of Information requests received by the Commission in comparison to other
public bodies. Officials admitted that
the number of requests received by the Commission was lower than public
authorities, but the complexity and political motivation of requests meant that
the number wasn’t a true reflection of the work involved. 17.5 The Committee noted this annual
report and thanked Dave for the update. |
|
Feedback on discussions at the Commission's Remuneration, Engagement and Workforce Advisory Committee (REWAC) (Oral Item) Minutes: Oral update 18.1 Ann Beynon, as member of REWAC
welcomed this opportunity to feedback on its last two meetings, the latest of
which had focused primarily on discussions around the remuneration of senior
management. 18.2 At the March meeting, the Committee
had discussed the following: - the scope of an effectiveness review
of REWAC to be carried out by Gareth Watts, the output from which would be
shared with the Committee; - plans to hold a scenario planning
meeting in the summer; - how to support the review of the
Commission’s Dignity and Respect policy in the autumn; - results of the latest wellbeing pulse
survey, noting that this now allowed for benchmarking of scores against other
public sector bodies and that the overall happiness score was favourable
compared to other organisations; - ways to address socio-economic
inequality and to increase BAME representation in the Commission, including the
possibility of a benchmarking exercise with other organisations which would
need to take account of the relatively low turnover of staff; and - the Commission’s Communication and
Engagement strategy. 18.3 Ann and the Chair of REWAC had recently
been involved in the recruitment of two senior posts within the Engagement
Directorate and had been impressed with quality of applications and pleased to
have been part of the process. 18.4 The Chair thanked Ann for this
feedback and noted good progress with the REWAC programme of work. |
|
Committee's Annual Report to the Commission and Accounting Officer (Oral Item) Minutes: Oral
item 19.1
Committee
members were asked to comment on, and contribute to the content of the
Committee’s annual report which would be presented to the new Commission once
appointed. A copy of the previous year’s report had been circulated with the
papers for this meeting. 19.2 The Chair suggested including a
review of the whole fifth Senedd term in order to document coverage and how the
Committee had evolved. Ann referred to the importance of demonstrating to new
Commissioners the role the Committee had played in its balanced and
constructive challenge. Suzy added that it was important to present the purpose
of the report to new Commissioners and to reference the overall strength of
governance. 19.3 The Chair asked for comments to be
sent the Clerking team by 7 May. Action:
Comments on the Committee’s Annual
Report to be sent to the Clerking team by 7 May. |
|
Forward work programme Minutes: ARAC (02-21) Paper 16 – Forward Work
Programme 20.1
The
Committee had no changes to make to the Committee’s work programme. 21.0
Item 20 – Any other business Oral item 21.1 No other business was raised. Audit Wales attended a private
session with members of the Committee once formal proceedings had concluded. No
minutes were taken. Next meeting is scheduled for 18 June
2021. |