Agenda and minutes
Venue: Conference Room 4B - Tŷ Hywel
Contact: Clerk: Kathryn Hughes Deputy Clerk: Buddug Saer
Introductions, apologies and declaration of interests
1.1 The Chair welcomed everyone to the meeting.
1.2 No interests were declared.
Minutes of 27 April, actions and matters arising
ARAC (23-03) Paper 1 – Draft Minutes of 27 April 2023
ARAC (23-03) Paper 2 – Summary of actions
2.1 The minutes of the 27 April were formally approved and updates to the actions were noted.
2.2 The Chair advised that, following a discussion with the Clerking team, future minutes would be a more concise record of the discussion held.
Governance & Assurance Update Report
ARAC (23-03) Paper 3 – Governance & Assurance update report
3.1 Gareth Watts presented his Governance and Assurance update report which outlined governance, assurance and audit activity since the February meeting. He outlined the following work which had been completed:
3.2 The Annual Governance Statement was now complete and incorporated into the Annual Report and Accounts.
3.3 Fieldwork for the Executive Board Effectiveness Review and audits of the regulatory framework risk and business continuity were also complete, the reports on which would be shared in due course.
3.4 Gareth and Kathryn presented an item on risk at a recent Leadership Team meeting. Heads of Service were invited to assess the management of risks across all service areas, including those relating to programmes and projects. There was a useful discussion around risks captured on the Commission’s risk register, risk appetite and horizon scanning.
3.5 Gareth thanked Clare James, Audit Wales for updating the Joint Working Protocol, which had been circulated to the Committee.
3.6 Before his departure, Gareth planned to complete an audit within the Senedd Business Directorate, relating to the Public Appointments Process. The Committee welcomed this and encouraged him to include interviews with individuals going through the process, in order to ascertain their perspective of the process.
Audit Wales update
ARAC (23-03) Paper 4 - Audit Wales update - June 2023
4.1 The Chair welcomed Ann-Marie Harkin and Clare James to the meeting. Clare reported that her team had almost completed their audit of the 2022-23 financial statements and remained on track for certification by the Auditor General for Wales on 22 June 2023.
4.2 The Committee thanked Clare for her update and noted the paper.
Consider External Audit opinion (ISA 260 Report) for the financial year 2022-23
ARAC (23-03) Paper 5a – ISA 260 Report
5.1 An interim Audit of Accounts (ISA 260) Report and Management Letter was circulated prior to the meeting. Clare highlighted the areas of work that remained outstanding; the most concerning one for the Committee was receipt of the Auditor’s Expert’s report on the work of the Senedd Members Pension Fund Actuary.
5.2 There was one uncorrected misstatement in the accounts. This related to classification of capital expenditure and was not material but over the threshold for reporting. A recommendation on this had been included in the report.
5.3. Audit Wales thanked the Senedd Commission’s Finance team for their support.
5.4 The Committee challenged one recommendation which was the ‘Identification of related party transactions’ and asked for clarification on who this related to. It was noted that Members of the Senedd already completed a register of interest and similar controls and checks were also in place within the Commission for staff. Audit Wales agreed to discuss this recommendation with officials in due course.
5.5 The Committee expressed concern at the unsatisfactory position they had been put in by the Audit Wales delays which prevented them giving a clear recommendation to the Accounting Officer. Delays in presenting the accounts to the Commission and signing them threatened the tight timetable for publishing all of the end of year reports. The Chair, Committee members and Simon paid tribute to the Finance team for delivering to such tight timescales. They noted that the Chief Finance Officer would be holding a lessons learned meeting with Audit Wales and the Committee would return to the outcome of this at its November meeting.
5.6 The Committee recommended to the Accounting Officer that the financial statements for 2022-23 should be signed as long as no issues were raised following receipt of the Expert’s actuarial report. Committee members would be asked to confirm their agreement on recommending the signing of the accounts on receipt of the final ISA 260 Report.
Consider the Commission's Annual Report and Statement of Accounts 2022-23 (to recommend the signing of the accounts)
ARAC (23-03) Paper 5 – ARA 2022-23 – cover paper
ARAC (23-03) Paper 5 – Annex A – ARA 2022-23
6.1 The Chair invited Arwyn to introduce this item and Committee members to comment on the following components of the Commission’s draft Annual Report and Accounts (ARA):
· The narrative (overview and performance analysis)
· Accountability, including the Governance Statement; and
· Financial Statements.
6.1 Arwyn informed the Committee of discussions which had taken place around the identification of directors by disclosing their gender, given the small cohort. Officials had agreed to consider if this could be removed or anonymised in future reports but pointed out this information was already in the public domain.
6.2 The Committee praised staff for the comprehensive content being presented but questioned the length of the report and potential to reach a wider audience. The Committee also discussed the levels of public understanding of the work of the Senedd and agreed to return to this when it considered the Commission’s communication and engagement strategy, at a future meeting.
6.3 Officials welcomed the constructive feedback and recognised the need for the information in the report to reach a wider audience across Wales and the need to develop further mechanisms for gathering feedback on its presentation.
6.4 In terms of the length of the report, officials reminded the Committee of the praise the Commission had received from the Senedd’s Public Accounts and Public Administration, and Finance Committees for the structure and clarity of the reports. They also highlighted that the on-line version would include accessible video content in an attempt to make the information as accessible as possible.
6.6 The Committee welcomed the reference to social mobility in the Diversity and Inclusion section of the report and the announcement at the recent all staff meeting of proposals for a social mobility champion.
6.7 The Committee agreed that a comprehensive set of accounts had been presented and thanked the Finance team for their efforts. Thanks were also expressed to all those involved in the production of the narrative and the Governance Statement.
7.1 Simon Hart was pleased to report that the financial outturn for 2022-23 was within 0.84% of the forecast, which was well within target range. He then summarised the ongoing work on supplementary budgets and setting future budgets.
7.2 Simon reminded the Committee that Kate Innes, Chief Finance Officer would be in post for the July meeting. The Committee thanked Simon for all his work over recent months and wished him well for the future.
Corporate updates on: Senedd Reform Programme and Ways of Working Programme
Senedd Reform Programme – oral update
8.1 The Chair invited Siwan Davies to provide an update on the Senedd Reform Programme (SRP). She outlined progress with the workstreams which remained on track and provided assurance on the effectiveness of governance arrangements.
8.2 Siwan outlined the following ongoing, or planned work in her update:
· discussions around the cost estimates which had been submitted to the Welsh Government for inclusion in the Regulatory Impact Assessment;
· the planning in place for a procedural review and legislative scrutiny in the autumn, and engagement in wider electoral reform;
· discussions around resource and workforce planning work, in conjunction with the Ways of Working (WoW) programme;
· a review of the Senedd Reform corporate risk and the SRP risk register;
· development of a communications plan to supplement the internal communications already delivered through vlogs and at all staff meetings;
· development of external communications plans in conjunction with the Welsh Government to be presented to the Joint Assurance Board;
· discussions around interdependencies with WoW programme, such as work to redesign the Siambr, and streamlining reporting to the Joint Assurance Board, for example;
· discussions around resources to support the Remuneration Board’s updated work programme and using the information gathered from consultation with Members and party groups on preferred ways of working; and
· responding to scrutiny on proposals for change, including the related costs.
8.3 In response to questions from Committee members, Siwan elaborated on points relating to communications and ongoing dialogue with staff and Members, and relationships and collaboration with the Remuneration Board. She also explained that Senedd Reform costings included adapting facilities in Ty Hywel and the Senedd building, but did not include the future accommodation of the WoW Bay 2032 Project.
Ways of Working Programme
ARAC (23-03) Paper 6 – WoW Bay 2032 update.docx
ARAC (23-03) Paper 6 Annex A - Commission Paper (e)P2 WoW Bay 2032 Project
ARAC (23-03) Paper 6 Annex A - Commission Paper (e)P2 Annex 1 WoW Bay Project.
8.4 Ahead of the substantive discussion on the Ways of Working programme planned in July, Ed Williams summarised the options to address future accommodation needs included in the papers, stating that these were driven by the end of the lease on Tŷ Hywel as opposed to plans for Senedd Reform.
8.5 There had been consensus at a recent Commission meeting that the recommended options should be explored. Work was underway to develop a Strategic Outline Case and discussions would continue with the Tŷ Hywel lease holder.
8.6 In response to questions relating to the impact of the Future Generations Act on the proposals, Ed explained how, whilst the Act did not apply to the Senedd, this would be taken into account through the futures workstream which incorporated sustainability and diversity. He confirmed that there were carbon neutral options and that all options were in line with the Commission’s agreement to abide by its sustainable development principles. He also agreed to share the benefits and risks of each option with the Committee and evidence of how ... view the full minutes text for item 8.
ARAC (23-03) Paper 7 – Departure Summary
9.1 The Committee noted two departures from normal procurement procedures and raised no concerns.
Update on Cyber Security
ARAC (23-03) Paper 8 – Cyber Security Assurance Report
10.1 The Chair welcomed Mark Neilson and his team to the meeting, including the recently appointed ICT Security Officer.
10.2 Mark introduced the Cyber Security Assurance Report and offered to arrange a briefing session for Committee members not familiar with the Commission’s cyber security arrangements.
10.3 Tim Bernat highlighted the timely information-sharing by Zellis following a recently reported cyber-attack on their systems. He confirmed that the Commission’s data had not been affected and provided the necessary assurance of the controls in place. This included the use of multi-factor authentication functionality for key systems.
10.4 Tim outlined how the team were responding to the constantly changing threat landscape. He highlighted how the Security Operations Centre (SOC), which was established in March, protected the Senedd 24/7/365 and the improvements this brought in terms of monitoring, detection, and response capabilities. There had been no reports of cyber breaches in the past two years and lessons learned were applied from any near misses and false positives.
10.5 Tim provided an update on the outstanding action relating to plans for a cyber security event. He was liaising with the Members’ Business Support team to establish a suitable date for Members and was also securing guest speakers. The Committee welcomed this update and urged the team to finalise the plans, which had been delayed a number of times.
10.6 In terms of ongoing awareness-raising, internal communications and training had been delivered around the threat of phishing attacks and the necessary actions to take. Additional controls had also been put in place to improve mitigation against unwanted software downloads and installs.
10.7 In response to questions from the Committee, officials accepted that the lack of compulsory training for all users (including Commission staff, Members of the Senedd and support staff) was potentially exposing the Senedd to cyber-security risks. Plans were already underway to introduce compulsory training for Commission staff. In terms of mandating training for Members and their staff, Ken Skates agreed to raise this at a future Commission meeting. A cyber awareness week was still being planned for the autumn.
10.8 The Committee welcomed this update and reminded officials of the need for cyclical training to supplement awareness-raising activities, to keep pace with the changing threat landscape, noting the increased risk of complacency without continuous education.
· Mark Neilson to deliver a briefing session on cyber-security to the new ARAC members.
· Arwyn Jones to arrange for mandatory training of Members and staff to be discussed at a future Commission meeting.
ARAC (23-03) Paper 9 – Corporate Risk
ARAC (23-03) Paper 9 – Annex A - Summary Corporate Risk Register
ARAC (23-03) Paper 9 – Annex B – Corporate Risks plotted
11.1 The Committee noted that, whilst the status of the risks had been updated, there had been no changes to the risks, or risk ratings in the Commission’s Corporate Risk Register since the April meeting.
Critical examination of one identified or emerging risk or issue - UK-related Constitutional Change
Oral item (referring to the update in the Corporate Risk Register - UK-related Constitutional Change STS-R-151)
12.1 The Chair welcomed Julian Luke and Alun Davidson to the meeting for this item.
12.2 Siwan provided an update on the mitigation in place for the risk relating to UK-related constitutional change, details of which were included in the Corporate Risk Register.
12.3 She outlined how proactively managing the risk had helped prepare for what might happen and highlighted the following on-going activities:
· active horizon scanning through information-sharing across the Commission on changes, such as a general election, which might impact on the Senedd;
· effective structures to facilitate inter-parliamentary engagement, and to ensure procedures and precedents, such as legislative consent and scrutiny of inter-government working, were aligned with other legislatures; and
· effectively supporting the Senedd through information-sharing and scenario planning to inform resources which might be required to react to changes, particularly around retained EU law.
12.4 The Committee noted the complexity of the risks, particularly given uncertainty around direction of travel and the pace of change and commented on how well Commission officials were mitigating this as far as possible. It also noted the importance of access to specialist legal advice and the value of existing networks for expert research and academic frameworks.
Committee's Annual Report to the Commission and Accounting Officer
ARAC (23-03) Paper 10 – cover paper
ARAC (23-03) Paper 10 draft ARAC Annual Report
13.1 The Chair invited Committee members to provide their comments on the Committee’s Annual Report to the clerking team. He was particularly interested in their views on the areas to highlight when the report was presented to the Commission on 10 July, indicating this would include reference to corporate and resource planning.
Forward work programme
ARAC (23-03) Paper 11 – Forward Work Programme
14.1 The Committee noted the forward work programme. It was agreed that further consideration would be given to the inclusion of items relating to communication and engagement, including external relations.
Any other business
15.1 The Chair noted that this would be Simon’s last meeting. Simon confirmed that he would remain in post until the financial statements had been signed by the Auditor General for Wales, and that arrangements were in place for a handover with the new Chief Finance Officer.
Manon Antoniazzi, Chief Executive and Clerk attended a private session with members of the Committee once formal proceedings had concluded. No Commission officials were present and no minutes were taken.
Next meeting is scheduled for 3 July 2023.