Agenda and minutes

Venue: Conference Room 4B - Tŷ Hywel. View directions

Contact: Clerk: Kathryn Hughes  Deputy Clerk: Buddug Saer

No. Item


Introductions and apologies and declaration of interests


1.1        The Chair welcomed the attendees to the meeting and congratulated Dave Tosh on his permanent appointment as Director of Resources and Nicola Callow as Director of Finance.  He also welcomed Ann-Marie Harkin and Matthew Coe as the new representatives from the Wales Audit Office.

1.2     No interests were declared.




Minutes of 10 November meeting, actions and matters arising


2.1        The minutes of the meeting on 10 November 2014 were agreed and officials provided the following updates on the outstanding actions.

2.2        4.2c Fixed Assets – Nicola confirmed that the task of tagging 1,700 items was 90% complete with the remaining 10% on target for completion by the end of February.

2.3        4.6 Recruitment – Dave referred the Committee to paper 20 for further information and confirmed that the Recruitment Authorisation Document was in use.  The Committee agreed to come back to the Capacity Planning and Recruitment paper at the April meeting. 

2.4        4.12 HR Payroll project – Eric informed the Committee of his attendance at Investment and Resourcing Board on 10 December where the Project Initiation Document (PID) for phase 2 of the HR/Payroll project was discussed.  Although the bilingual element remained outstanding from phase 1, a robust testing plan for phase 2 was expected.  The Chair endorsed the governance and due diligence for the project.

2.5        5.0 External Audit – recommendations in Management Letter.  Nicola confirmed that when the Committee discussed the Management Letter in November, there were two items outstanding; ICT testing and reconciling Coda with Folding Space.  Nicola went on to provide the following update on the latest position on both items, which had provided assurance to the WAO:

i)             the penetration testing of the Assembly website had been carried out and would be repeated regularly;

ii)           the data centre, which had been well maintained since being in the Commission’s control, had a newly installed air conditioning system and operational alarm system and the generator had undergone a successful load test in August 2014; and

iii)          reconciliation work on the Coda and Folding Space systems had been completed and was being done on an on-going basis.  Specifically, the team was working on the latest reconciliation for the period ending 31 December 2014 (publish date 31 March 2015).  

2.6        9.1 Continued Commission engagement – Eric welcomed Angela Burns’ return to the Committee which was important in maintaining the Committee’s relationship with the Assembly Commission.  The following engagement activity was noted:

i)             Attendance by two of the Assembly Commissioners for a presentation at the November ACARAC meeting.

ii)           Eric’s intention to once again present the ACARAC Annual Report at the Assembly Commission in July and to discuss Risk and Scenario planning at a future Commission meeting.

2.7        9.2 Consideration of new guidance - Gareth Watts and Eric had reviewed new guidance produced by NAO and HMT and there were no changes to be implemented.  The Chair commented that the Committee’s self-assessment process was more robust than that suggested in the guidance. 

2.8        9.2 ACARAC members to liaise with Commission teams – Claire and Eric would continue to look for opportunities to liaise with Commission teams when appropriate.  Eric referred to the following recent engagement of ACARAC members with Commission teams:

i)             Eric scrutinised the HR/Payroll PID and attended an Investment and Resourcing Board meeting to review the revised PID.

ii)           Assembly Officials were visiting the Northern Ireland  ...  view the full minutes text for item 2.


Internal Audit Activity Report


3.1        Gareth Watts provided an update on progress against the 2014-15 audit programme.  The Committee agreed that progress was positive but suggested that Gareth should ensure appropriate focus on the Assembly Business Directorate in the 2015-16 audit plan. 



Latest Internal Audit Reports


4.1        Gareth introduced the three reports and assured the Committee that he was satisfied with the Management Board responses.

4.2        The Payroll audit highlighted that controls were in place and working effectively, although policies and procedures could be improved.  Gareth would update the Committee at future meetings as part of his recommendations monitoring reports. 

4.3        The Legislative Work Bench audit highlighted some historical issues around project management practices but the audit focused on the user experience rather than implementation of the system.  Officials at the Commission made good use of the system.  The joint contract with Welsh Government was due to expire in 2017 and the decision on whether to retain or replace the system would ultimately rest with them. 

4.4        The Committee were content with the report and welcomed the proposed timescales for implementation of recommendations and the potential influence officials may have with the user group.            

4.5        They also made reference to officials being intelligent customers and exploring every option, including outsourcing non-core functions.  Dave explained that the Business Analysts were involved early in the project process but not involved in specific solution specification.  Use of internal knowledge and expertise would be supplemented with market research where appropriate.  The Procurement team would advise on the appropriate framework before a business case was prepared.                     

4.6        A substantial discussion took place with regards to the Security Vetting audit.  Gareth confirmed that management had engaged positively with the audit and had accepted the recommendations in the report. 


-       Dave to accelerate the implementation of recommendations on the Security vetting audit.

-       Gareth to update the Committee at April meeting on implementation of all recommendations, as part of Internal Audit recommendations monitoring.

-       Dave to review the Welsh Government’s approach to bolstering vetting procedures.



Proposed Internal Audit Strategy and Periodic Work Plan


5.1     Eric welcomed the update from Gareth and congratulated him on raising the profile of Internal Audit across the Commission.  He would like reassurance that the strategy could be flexed depending on priorities.  He also requested a summary of the feedback received from Heads of Service involved in audits. 

5.2     Committee members requested clarification on how the audit on Better Engagement with the People of Wales would add value as the measurement of success was not as tangible as in other areas.  They also re-emphasised the importance of focussing on the Assembly Business Directorate and asked Gareth to describe the Governance and Audit Service audit.    

5.3     Gareth thanked the Committee for their comments and agreed to provide further detail in April, along with a summary of the comments received from Heads of Service.  His audit of the services provided by Governance and Audit would involve benchmarking against other organisations and potentially identifying different ways of delivering services.


-       Take on board the Committee’s comments on the Internal Audit Strategy 2013-16 and present a final version to the Committee in April.  Including:

o   Flexibility and how plan may be refreshed,

o   balanced focus on business areas,

o   detailed timetable for 2014-15.

-       Incorporate feedback from audit sponsors in the Internal Audit Annual Report.



Audit Outline for 2014-15 Financial Statements


6.1        Eric, Gareth, Nicola and the new representatives from the WAO, Ann-Marie Harkin and Matthew Coe, had met in January and would continue to meet regularly.  It was agreed that in future the draft Audit Outline would be considered earlier, at November meetings.  They would also consider the interim accounts review timetable at a future meeting.          

6.2        Ann-Marie set out their plans for undertaking this year’s audit work which would include an additional test of Assembly Members’ expenses.  The proposed fee for 2015 remained unchanged and any variance in the amount of time taken to complete work would result in adjustments to the fee.

6.3        Nicola confirmed that following receipt of the 2014-15 audit plan she was producing a detailed timetable to ensure that staff within her team worked to deliver the audit plan to the key dates. 



Update from WAO on any other matters


7.1        Matthew confirmed that the interim audit was largely complete and no significant concerns had been identified.  As a result there were no plans to issue an interim Management Letter.



Information Governance Framework


8.1     The Committee welcomed this comprehensive document which brought together disparate policies and guidance documents relating to information governance into a single framework.

8.2     Dave thanked Alison Rutherford (Information Governance Manager) for the concise report.  The framework clearly identified roles and responsibilities and signposted staff to specific sources of information.  Twice yearly reviews of the Information Asset Registers had emphasised Heads of Service responsibility.  There were also clear escalation routes for emerging information risks.  Dave would ensure that once approved by Management Board, the document would be published and publicised internally.     



2014-15 Budget update


9.1        The Committee congratulated Nicola on the budget position and highlighted the Value for Money savings and prompt payment performance results. 

9.2        Nicola informed members that a Supplementary Budget had been laid on the 2 February to cover the shortfall in the Assembly Members’ pension fund.  The Chair of the Finance Committee had requested further information on the capital element of the budget and Nicola was preparing a response.   



Coda Finance System - Assurance on Resilience


10.1        Nicola’s objectives were to assure the Committee that the finance system remained fit for purpose and that the system would be managed appropriately until its anticipated replacement. 

10.2        In response to queries raised about the business case for a replacement system, Nicola explained that a replacement system would not be based on delivering efficiency savings because the time released from changing processes would be used to increase the value added services that the Finance team offer across the organisation.  The Business Analysts were working with the team and customers within the organisation to capture requirements and opportunities for process changes.  Nicola highlighted that work-arounds and data manipulation in spreadsheets were currently necessary to produce meaningful Management Board reports.

10.3        Nicola confirmed that KPMG had developed the business case, that she had followed the HM Treasury 5 case model and had held several discussions with internal stakeholders, including Procurement, Members’ Business Support and ICT about the scope of the project.  This had included investigating the potential of the Sharepoint platform and the Microsoft finance system, which had helped to address the concern of keeping up to date with recent finance systems capabilities.  In addition, an Internal Audit review was already built into the process.

10.4        The business case was scheduled to be presented to the Investment and Resourcing Board in March.

10.5        Members urged Nicola and the wider project team to apply any lessons learnt from previous projects.  The Committee were grateful for the work to date, but emphasised the need for Nicola to work with her counterparts in other organisations and to undertake site reference visits to inform any future decision.



Accounting policies: timeline and process


11.1    The Committee were updated on the 2014-15 accounting policies review. External and internal changes had been reviewed to ensure continued relevance in supporting Assembly business.

11.2    Nicola mentioned that WAO had yet to confirm the disclosure for ICT asset treatment proposed but discussions were underway.  The Committee noted the training and guidance being offered to asset managers. Eric asked that this item be added to the Committee’s Forward Work Programme on an annual basis. 


-     Clerking team to add review of accounting policies as an annual item on the Forward Work Programme.



Corporate Risk Summary Report


12.1    Eric asked Dave to focus his update on specific areas, namely the security vetting risk, the Business Continuity exercise and Programme and Project Management. 

12.2    Angela suggested that officials considered the inclusion of two risks at a corporate level:

a.    potential reputational damage of decisions made in Westminster around constitutional change; and

b.   Security risks, taking into account the Security Vetting audit and wider security risks given the heightened UK threat levels.

12.3    Dave responded to these points as follows:

i)             Security was a static risk (i.e. a risk organisations would always face) and the Management Board would agree the best way for static risks and issues to be captured and monitored.  This would be shared with the Committee.  In the meantime, security risks were being managed at a service level.

ii)           Programme and Project Management risks had recently been discussed by Management Board and the Directors’ Board.  It was felt that the risk did not need to be managed at a corporate level given the strengthened controls and on-going implementation of governance arrangements. In terms of capacity, the governance arrangements had also enabled Heads of Service to be confident when resourcing projects.  Dave agreed to provide a summary of the improvements in programme and project governance at the April meeting

iii)          A corporate Business Continuity exercise was planned for 24 April although the specific scenarios were yet to be established.   

12.4    Claire responded to the points around the escalation of the risks around Westminster decisions and security and would review with the Management Board whether these should be added to the Corporate Risk Register. 


-        Summarise security vetting risk profile, including risks associated with implementing Internal Audit recommendations.

-        Clerking team to add detailed consideration of security risks to future meeting agenda.

-        Dave to provide an update on Programme and Project Management governance improvements at the April meeting.



Review of the Assembly's Commission's assurance framework


13.1    The Committee welcomed this excellent piece of work.  They praised both the mapping exercise of linking with corporate risks and the gap analysis.  Members encouraged officials to include external co-operation, external peer reviews and to continually review the framework in order to validate assurance arrangements and strengthen the few ‘amber’ assurance sources.

13.2    Members asked to be kept informed when the framework was used in the future and to monitor the level of resource being dedicated to ensure that the overall RAG status remained Green.

13.3    Claire thanked the Committee for their comments and the Governance and Audit team for producing a valuable piece of work.  She would ensure that the right balance was kept in terms of appropriate resources for the level of risk. 



Discuss issues in preparation of the Committee's annual report


14.1    The Chair asked for the following items to be referenced in the annual report: programme and project management and key change programmes;  capacity planning; Assurance Framework; Risk Management; Internal Audit developments; extended roles of Committee members; effectiveness survey; actions and areas of focus from 2013/14 report.  He also asked WAO to consider the inclusion of forward looking elements.  A draft would be circulated out of Committee and discussed at the meeting in April. 


-        Eric and the Clerking team to draft and circulate the ACARAC Annual Report out of Committee and present a draft for approval at the April meeting.



Review of Committee's terms of reference


15.1    Updated Terms of Reference would be circulated before the April meeting for members to approve.  It would reflect the new job titles of attendees, the annual presentation of the ACARAC Annual Report to the Assembly Commission, and consideration of departure summaries and key change programmes.


-     Clerking team to draft and circulate the ACARAC Terms of Reference for agreement out of committee.



External audit opinion of committee effectiveness


16.1              The Committee agreed to defer this item until April.



Promoting cooperation between auditors and other review bodies


17.1    Gareth would be presenting the working protocol with WAO at the April meeting, which reflected some updates.  The Chair also asked Gareth to consider and summarise sources, or potential sources of external assurance, to complement those identified in the Assurance Framework.


-       Gareth to summarise sources, or potential sources of external assurance.



Papers to note and any other business


18.1    The Committee noted the two departures from normal procurement procedure.

18.2    The Clerking team would update the Forward Work Programme (FWP) to reflect the Commission’s strategy and business planning timetable, change programme activity, and the external audit opinion of the Committee’s effectiveness.  The Chair and the Clerking team would consider the structure of future meetings and would consult with Committee members.

18.3    In response to a query from Hugh, Gareth agreed to include details of the internal assessment of Internal Audit services in his Annual Report and Opinion. 

18.4    The Committee agreed to return to the paper on Capacity Planning and Recruitment as an agenda item in April.  The Chair noted the good progress in implementing the Internal Audit recommendations.

18.5    The Chair concluded the meeting by thanking everyone for their papers and contributions.


-        Clerking team to update the FWP as outlined in paragraph 18.2.

-        Gareth to share details of Internal Audit self-assessment (in relation to 5 year external assessment cycle) – this will be included in Internal Audit Annual Report.

-        Add capacity planning and recruitment to the agenda for the April meeting.

Private session

A private session with Committee members was attended by Gareth. No minutes were taken.