Agenda and minutes

1.1    The Chair welcomed everyone to the meeting.

1.2    Apologies were noted from Aled Eirug, Independent Adviser and Lee Glover, Head of Internal Audit, with James Godsmark attending in his place.

ARAC (25-03) Paper 1 – Draft Minutes of 9 May 2025

ARAC (25-03) Paper 2 – Summary of actions

2.1    The minutes of the 9 May meeting were approved without amendments.

2.2    Matthew Richards reported on the archiving project, confirming the digitisation of recorded proceedings (audiovisual tapes) from 1999 to 2014. Paper archiving up to 2016 had been completed by the National Library for Wales and work was continuing to complete the archiving of documents from the Fifth Senedd.

2.3    Mark Neilson and Tim Bernat updated the Committee on cybersecurity training for Members' personal devices, noting the positive feedback already received and plans for further rollout over the summer once further funding had been secured.

ARAC (25-03) Paper 3 - Cyber Security Assurance Report - Q1 2025

Some details have not been captured in these minutes due to the cyber security considerations

3.1    Mark Neilson and Tim Bernat presented the Cyber Security Assurance Report, highlighting preparations for the next election and the challenges of expanding from 60 to 96 Members. Tim noted improvements in infrastructure and incident response readiness. In response to questions from the Committee around vulnerabilities, Jamie Hancock outlined investments in backup systems and internal segmentation. The team also addressed questions around supply chain security, plans for replacing infrastructure, and plans for a full test of the data centre.

3.2    The Committee thanked the team for their contributions and recognised the competing priorities across the Commission with the Change Board balancing priorities for the current and future financial years.   

ARAC (25-03) Paper 4 – IA Activity Update

4.1    James Godsmark provided an update on internal audit reviews, noting that two reports had been finalised and others were in draft. Once approved, they would be circulated to the Committee for information. They would be working with officials on the 2025-26 audit plan and would provide an update at the next meeting.

4.2    In response to the Chair’s questions about the cyber security report, James explained this was being reformatted to bring into line with requirements of the Common Assessment Framework (CAF).

4.3    Committee members noted the progress and welcomed reports being circulated out of committee.

ARAC (25-03) Paper 5 – ISA 260 Report

5.1    Anthony Veale and Clare Thomas from Audit Wales presented the ISA 260 report. They thanked Lisa and her team for their cooperation and support in what had been a challenging audit with one uncorrected misstatement related to capital vs. revenue classification. They confirmed a clean audit opinion.

5.2    Lisa Bowkett and Manon Antoniazzi noted some robust discussions with Audit Wales in relation to the classification of spend. Lisa welcomed the unqualified audit opinion and noted a 0.96% underspend which was within the KPI target. She thanked her team, especially the Head of Finance, for their work on the accounts and the audit. 

5.3    The Committee noted the difference of opinion around capital vs. revenue classification, but with further spending on the horizon in these areas, Lisa and Audit Wales were encouraged to discuss classification of spend throughout the year, not just at year end.

5.4    The Committee endorsed the decision not to amend the accounts due to immateriality. It accepted the ISA260 with its clean audit opinion which meant it could recommend to the Accounting Officer the signing of the accounts.

ARAC (25-03) Paper 6 – ARA 2024-25 – cover paper

ARAC (25-03) Paper 6 – Annex A – ARA 2024-25

6.1    Arwyn introduced the narrative part of the Annual Report and Accounts, noting there were no changes since the draft was presented in May. The Committee discussed the level of detail in the AI article in the narrative, with officials suggesting that readers would be interested in how the Commission was using it.

6.2    The Committee questioned the description of the risks in the risk profile section of the Governance Statement and officials agreed to consider this for future statements, along with the recommendation from Audit Wales in relation to data quality. The statement was praised, and officials were congratulated on the work done to develop the assurance framework which had informed it.

6.3    In response to questions from Committee members around sickness absence rates reported in the KPIs, Leanne agreed to a further discussion on well-being at a future meeting (related to mental health).

6.4    In relation to the accounts section of the report, the Chair invited comments on the Remuneration Report and the financial statements. Lisa referenced the underspend which was within the KPI target. The Committee discussed the pensions data and Lisa noted the analysis provided by the actuaries which Audit Wales had agreed with. The pensions element of the audit had been a smoother process than in previous years.

6.5    The Chair reflected on an excellent set of accounts and the Committee thanked and congratulated all those who had worked on the annual report for their efforts.  

Action

Clerking team to include a discussion on well-being in the forward work programme (ref sickness absence statistics related to mental health).

ARAC (25-03) Paper 7 – Governance Update Report

7.1    Phil Boshier presented his update report and highlighted the following:

-       Assurance Framework. Risk controls would be reviewed during the year and the Audit Wales recommendation around data would be addressed in next year’s Governance Statement.

-       Strategic Planning. The MTRF had been updated, and a Target Operating Model was being developed which would inform the Corporate Plan for the Seventh Senedd. The annual service planning round was also underway to determine future budgeting and resourcing needs.

-       Portfolio Management Framework. Four projects had been approved in the 2025-26 portfolio and some other significant projects were due to be considered.

-       Senedd 26 Change Board. The board continued to scrutinise dashboards from the major programmes and the action tracker from the Senedd 26 Change Strategy.

7.2    The Committee thanked Phil for the update and commented that the Target Operating Model was a significant development. Phil elaborated on the process and timeline for this and the development of a service catalogue.

Oral update – presentation

8.1    The Chair welcomed Laura Williams and Laurian Hubbard to the meeting. They presented a comprehensive update on the Communications and Engagement Strategy, highlighting successful campaigns such as the 25th anniversary and the third Welsh Youth Parliament elections.

8.2    They discussed improvements in data collection, social media engagement, and the implementation of a new Customer Relations Management system. They also described the Senedd 26 campaign toolkit and the social listening feature that enabled the team to address misinformation and disinformation.

8.3    Following  a 12-month pilot, the team highlighted the recent introduction of 'Y Farchnad' (“The Market”) which was endorsed by the Commissioner and ARAC member Hefin David. This was a monthly event and had proved an effective way to link Members with different lobby groups.

8.4    Committee members praised the strategy's effectiveness and thanked the team for their comprehensive, detailed presentation. They also noted the recent internal audit report which had been previously circulated.

ARAC (25-03) Paper 8 – Corporate Risk deep dive – Data Protection

9.1    Alison (Ali) Bond provided an overview of data protection activities, including the integration of Artificial Intelligence (AI) governance and Freedom of Information functions within the Information Governance team. She outlined preparations for the upcoming Senedd elections and emphasised the importance of supporting Members as data controllers.

9.3    The Senior Information Risk Owner (SIRO) group had recently agreed to review high risk Data Protection Impact Assessments (DPIAs). Ali would use her contacts in other legislatures to discuss the dissolution guidance on casework, especially with the recent boundary changes.  

9.4    The Committee discussed the use of non-commissioned communication channels. Officials confirmed the need to strengthen the policy and embed a cultural change in time for the Seventh Senedd.  

9.5    They thanked Ali for her comprehensive update. 

Oral item

10.1  There were no departures from normal procurement to report since the May meeting.

ARAC (25-03) Paper 9 – Forward Work Programme

11.1  The Committee noted the forward work programme and agreed to discuss the scheduled 7 July meeting outside of the formal meeting.

Oral update

12.1  Anna Daniel reported on preparations for the Seventh Senedd, including scenario planning, capturing recommendations on committee effectiveness, and the parliamentary gender-sensitive audit.  An independent academic would conduct the audit, overseen by a cross-party group, led by Joyce Watson MS.

12.2  The Business Committee had regular meetings to review Standing Orders and other decisions around the mechanics of the Seventh Senedd. The Remuneration Board’s review of the Determination was nearing conclusion. The focus now was on finalising decisions on Members support staff pay and grading framework and political group allowances. The new Board members had been present for these discussions with their contributions being welcomed.  

12.3  The Committee discussed the implications of the Future Senedd Committee's report and the importance of Leadership Team (LT) involvement. It recognised the additional workload being placed on Heads of Service but believed their input to the scenario planning was invaluable, enabling recognition of  interdependencies and identifying key issues and risks.

Oral item - some details have not been captured in these minutes due to their commercial confidentiality 

13.1  Ed Williams updated the Committee on the Bay 32 project, noting the progress of submissions from bidders. He outlined the formation of the Bay 32 integrated project team and suggested that Committee members meet with them at a date to be arranged.

13.2  Ed also updated the Committee on the progress with the work on the Senedd Siambr and the reconfiguration of office space in Ty Hywel, and options for the future use of the Pierhead.

13.3  The viability of commercial options for Pierhead would be discussed at a future Change Board meeting. It was agreed that documentation would be circulated to the Committee in due course.

Action

Share details of proposals for the potential use of the Pierhead with Committee members.

AOB

Item 23 - Any Other Business

Oral item

14.1  The Chair was due to present the ARAC Annual Report to the Commission on Monday 30 June and invited Committee members email any suggestions of key points to emphasise during his presentation.

Manon Antoniazzi, Chief Executive and Clerk of the Senedd attended a private session with members of the Committee once formal proceedings had concluded. No other Commission officials were present, and no minutes were taken.

Next meeting is scheduled for 17 November 2025.