Agenda and minutes
Venue: Remote - Digital. View directions
Contact: Clerk: Kathryn Hughes Deputy Clerk: Buddug Saer
No. | Item |
---|---|
Introductions, apologies and declaration of interests Minutes: 1.1
The Chair welcomed everyone to the meeting and
formally welcomed Ken Skates to his first meeting. 1.2 The Chair noted that, as Dave Tosh was due to retire from the Senedd Commission in January 2022, this would be his last meeting. He wished Dave a happy and healthy retirement and thanked him for all his support and advice over the last three years. |
|
Minutes of 18 June, actions and matters arising Minutes: ARAC
(05-21) Paper 1 - Minutes of 18 June 2021 ARAC
(05-21) Paper 2 – Actions summary 2.1
The minutes of the 18 June meeting had been
formally agreed by the Committee in July and there were no further comments to
note. All outstanding actions had been addressed. |
|
COVID-19 - Corporate update Oral item Minutes: Oral
update 3.1
Dave confirmed that the Covid Resilience and
Monitoring Group (CRAM) continued to monitor the latest Welsh Government regulations
and guidance. The numbers attending the estate had reduced significantly since
the Chief Executive and Llywydd issued a joint message urging those who could
work from home to continue to do so. He assured the Committee that those
attending were essential to plenary and committee business and were adhering to
guidance, for example, around wearing face masks and physical distancing.
Stringent measures taken for the Official Opening of the Sixth Senedd (Royal
Opening) had ensured a safe event with no spike in infection rates. 3.2
Dave advised that there had been an increase in the
number of protests on the estate. One of these was an impromptu and aggressive
protest relating to a plenary debate around the Covid vaccination passport
regulations, with attempts to cause disruption for those attending and leaving
the estate. The Security team would continue to monitor Senedd business to
anticipate protests and work with the Police to share and respond to any
intelligence on planned or unplanned protests. 3.3
In response to an increase in threats to Members of
the Senedd, primarily on social media, Dave and Kevin Tumelty, Head of Security
had attended Party group meetings to remind Members of the support available to
them. 3.4
When questioned on the possibility of future hybrid
meetings of the Committee, Dave advised that the guidance given to the wider
organisation, which was for meetings to remain virtual wherever possible, would
need to be followed, until the Welsh Government issued updated guidelines. 3.5
In response to a question from the Chair around the
effectiveness and ongoing ‘fitness for purpose’ of CRAM, Dave outlined the work
of the group. This included monitoring the latest regulations and Government
guidelines, thoroughly assessing risks for all activities and events and
advising the Executive Board and Senedd Commission. He felt this was working
effectively. He also reflected on the latest Pulse survey results which
highlighted the strain on staff across the organisation as the requirement to
work from home continued. 3.6 The Committee requested an update on the use of the Welsh language in the workplace, given that MS Teams could not accommodate simultaneous translation. Arwyn Jones confirmed that Members of the Senedd were using a new Zoom Professional product to communicate bilingually with their constituents and he was satisfied that there had not been a reduction in the use of the Welsh language in the organisation. |
|
Governance and Assurance update (inc. progress of Internal Audit activity) Minutes: ARAC
(05-21) Paper 3 – G&A update report 4.1
Gareth
Watts provided an update on overall governance and assurance activity which he and
his team were undertaking. This included early preparation for this year’s
Governance Statement. Kathryn Hughes had met with all Heads of Service as part
of the annual series of ‘governance matters’ meetings which had provided an
opportunity to review their statements from the previous year and discuss the
process for this year. She had then commissioned draft Assurance Statements
which were due to be reviewed by Directors in December. 4.2
Gareth
also outlined the reviews he and his team were undertaking around: the
Commission’s approach to corporate and service planning; performance
management, including the Key Performance Indicators; and business continuity
plans. In response to questions about the role of Leadership Team in relation
to risk management, Gareth explained that formalisation of their input,
particularly around the escalation of risks was being considered following a
review of its terms of reference. 4.3
Gareth
then provided an update on progress against his internal audit programme. As
well as completing the review of the Commission’s payroll arrangements (see
item 5), the work he had been carrying out with the Members Business Support
Team to test the payment of resettlement grants and redundancy to departing
Members and their support staff was substantially complete. Further work on the
winding up of Members’ offices including a review of the return of ICT assets
and disposal of other assets was ongoing and this would involve engaging with
outgoing Members. He hoped to be in a position to circulate his reports in
advance of the next meeting. 4.4
Gareth
advised that the scopes for the audits of cyber security and the value for
money review on Library Services had been developed and that fieldwork for
these would commence in December/January.
4.5
Aled
Eirug asked if the issue of archiving of tapes could be included in the scope
of the Library Services audit. In response, Dave informed the Committee of
on-going discussions with the National Library of Wales around their capability
to digitally transfer data stored on tapes into long term media, to ensure an
accessible and long term preservation of records. |
|
Consider latest Internal Audit reports Minutes: 5.1 Gareth
introduced the Payroll audit report explaining that, as this was one of the
Commission’s most material financial system, he undertook a review every 2-3 years.
As restrictions allowed, he had been able to meet face to face with Payroll
colleagues to walk through the system. The review had resulted in a moderate
assurance rating with five recommendations. The main areas identified for
improvement were around updating policies and resilience within the team.
Progress on these recommendations would be revisited in March and details would
be captured in his Annual Report and Opinion, due for consideration at the
April meeting. 5.2 In
response to questions from the Committee around benchmarking payroll capability
against best practice, Gareth confirmed that the Commission had been accredited
with a Better Payroll award in 2018, and would seek an update from HR on
any future plans to renew this accreditation. 5.3
In response to questions
around the monitoring of leave and flexible working hours, Gareth confirmed
that a separate system was used for these as well as Personal Development
Reports. He added that HR had recently implemented a Microsoft forms system to
capture monthly credit/debit flexi balances, which would prove extremely useful
management information for the Finance team at year end. 5.4 The Chair
was content with the detailed report and welcomed an update on the
recommendations in due course. Action: Share details of current accreditation of the payroll function with ARAC and discuss with HR plans for future benchmarking/accreditation |
|
Review HMT/other guidance for Audit and Risk Assurance Committees Oral item Minutes: Oral update 6.1 Gareth
Watts and the Chair confirmed that there had been no updates to the HMT Audit
and Risk Assurance Committee handbook. Gareth and Kathryn had attended a CIPFA Better
Governance Forum webinar which was introducing updated guidance for police and
local authority audit committees but Gareth noted that there was little of
relevance to the Commission. Kathryn would continue to share any relevant
articles from the Better Governance Forum and other bodies such as the National
Audit Office. 6.2 Gareth updated the Committee on the new functional standards which applied to all UK Government departments to promote consistency. He reminded the Committee that the Commission was not compelled to apply the standards but he would work with his counterparts in other organisations and colleagues across the Commission to determine what (if any) best practice could be adopted. The Chair was encouraged by the Commission’s approach to this guidance and saw it as something to take advantage of. |
|
2021 Audit Plan and Audit Wales update report (inc. AW reports/outputs) Minutes: ARAC
(05-21) Paper 5 – Audit Wales 2021 Audit Plan
ARAC
(05-21) Paper 6 – Audit Wales ARAC Update Nov 2021 7.1 The Chair
welcomed Ann-Marie Harkin and Gareth Lucey to the meeting. 7.2 Gareth
referred to the plan for the 2021 audit of the Commission’s accounts which
included details of the team, timings and risks to be built in. The aim was to
carry out some early testing between January and March, with the substantive
audit beginning in May and presentation of the ISA 260 report to the Committee
in June 2022. 7.3 As most
Audit Wales staff continued to work from home, the audit team would continue to
work and engage with the Commission remotely. They would continue to monitor
Welsh Government guidelines on working from home and liaise with officials to
determine whether any of the audit work could be carried out on site. 7.4 They were
unable to disclose the fee for this year’s audit as yet, although an increase
on the previous year’s fee was likely. This information would be shared with
Committee members when available. 7.5 Gareth
then summarised the financial audit risks and the audit work planned in
response. Whilst many of the risks were stable, there were additional risks
specific to this year around the Senedd Elections and the Remuneration Board’s
Determination which would need to be taken account of. 7.6 A further
risk around the classification of capital expenditure had also been added due
to the issue around last minute differences of opinion in the 2020-21 audit.
Whilst it was recognised that this was a minor part of overall Commission
spend, Audit Wales would work with the Finance team to agree the classification
of project spend. Nia Morgan welcomed the early dialogue with Audit Wales and advised
that her team were already working to identify project expenditure to inform
discussions around classification. She assured the Committee that she would
keep them informed of discussions with Audit Wales. 7.7 The
Committee urged the Commission and Audit Wales to reach a common understanding
of International Accounting Standard 16, well in advance of the planned audit,
to ensure that both parties agreed on the classification of expenditure. 7.8 The Chair thanked Audit Wales for the clearly set out audit plan and welcomed sight of the other work undertaken by Audit Wales. He was keen to maintain constructive engagement with Audit Wales and the Auditor General. |
|
Finance update Minutes: ARAC
(05-21) Paper 7 - Update on 2021-22 Financial Position and
2022-23 Budget 8.1
Nia Morgan introduced the finance update paper which
set out the latest financial position for 2021-22 and provided an update on the
work to deliver the 2022-23 budget, details of which had been circulated out of
committee. 8.2
The 2021-22 corporate financial targets were to
deliver an end of year operational out-turn in the range of 0% to 1.5% of the
approved operational budget and an unqualified audit opinion. The forecast
out-turn at the end of October was for a 2.1% underspend which was currently outside the
target. She outlined how the Leadership Team and Executive Board were
reviewing the priority facilities items and considering ICT projects which
could be brought forward from the next financial year. This would also
alleviate pressures on the 2022-23 budget. 8.3 The draft 2022-23 Commission budget was laid on 29 September and the evidence session with Finance Committee was held on 8 October. The Committee’s report and the Commission’s response had been shared out of committee. The final budget was laid on 10 November and was debated and approved in plenary on 17 November. |
|
PAPAC and Finance Committee update Oral item Minutes: Oral
update 9.1
Ken Skates thanked Nia and her team for a smooth
process in preparation for appearances at the Senedd Committees and for all the
briefings they had provided to him as the Commissioner with responsibility for
the budget and governance. 9.2 The
Commission had accepted the Finance Committee’s nine recommendations, with one
accepted in principle. Ken outlined the rationale for accepting in principle
the recommendation around finding savings as opposed to seeking supplementary
budgets, which had been highlighted to the both committees. The Committee
discussed the difficulties around anticipating and responding to in-year
pressures when the Commission, unlike many organisations, did not have any
contingency budget and is not able to build a reserve through revenue. Nia
confirmed that a supplementary budget would be submitted only if it becomes
necessary. 9.3
In response to questions from Committee members
around strategies to manage in-year pressures, Nia described how she worked
closely with the Estates and Facilities and the ICT and Broadcasting management
teams to ensure that the budget was fully utilised each year, with spend being
brought forward or pushed back depending on lead times etc. She added that the
potential project to replace the windows in Tŷ Hywel had been highlighted
at every opportunity to the Finance Committee to ensure there were no
surprises. 9.4 Audit
Wales also recognised the difficulties planning budgets without the ability to
build reserves and endorsed the Commission’s approach around the option of
requesting a supplementary budget and keeping the Finance Committee
informed. 9.5 Manon also
commented on the challenges around planning budgets and noted that the approach
of requesting supplementary budgets as opposed to holding contingency funds
added to transparency in light of the extensive scrutiny of the Commission’s
budgets and accounts. 9.6 The Chair congratulated the team on its management of budgets, despite the challenges and wanted to pay tribute to everyone involved. |
|
Corporate Risk Minutes: ARAC
(05-21) Paper 8 – Corporate Risk ARAC (05-21) Paper 8 – Annex A - Summary Corporate Risk Register ARAC
(05-21) Paper 8 – Annex B – Corporate Risks plotted 10.1
The Chair welcomed Siwan
Davies and Matthew Richards to the meeting. 10.2
Dave Tosh confirmed
that the risks had been reviewed and updated by risk owners. 10.3
The Committee
welcomed the movements in the Corporate Risk Register which they noted had been
agreed by Executive Board to reflect changes to the risk profile. The Committee
noted the inclusion of new risks around Senedd reform and data protection and
the refocussing of the Covid-related risk to reflect corporate resilience and
the measures to reduce the likelihood of introducing infections. 10.4
The Committee were
pleased with the updates and level of detail which provided a breadth of
information for them to consider. The Chair also commented on the clear
presentation of the risk environment and found the diagram, where the risks were
plotted onto a matrix, useful. Officials were encouraged to engage with the
Committee at appropriate points, particularly in relation to current
arrangements or any changes to the regulatory framework. Action: Revisit the mitigation around the regulatory framework risk in the summer – for the current arrangements. |
|
Critical examination of one identified or emerging risk - Adherence in 6th Senedd to changes to Members' regulatory framework Oral item around CRR update Minutes: Oral update 11.1 The Chair invited Siwan to introduce this item, and
welcomed Sulafa Thomas, Head of Commission and Members’ Support, Anna
Daniel, Head of Strategic Transformation Service and Meriel Singleton, Clerk to the Standards of Conduct Committee and lead on the work relating to the regulatory
framework, to the meeting. 11.2
Siwan referred to
the detailed update included in the Corporate Risk Register and outlined the
key elements of the regulatory framework as they applied to Members of the
Senedd (Members) as follows: - the new Code of Conduct which had been applied
since the start of the Sixth Senedd and the ongoing review of complaints
procedures relating to this code; - the Independent Remuneration Board’s Determination
on Members’ Pay and Allowances which came into force at the start of the Sixth
Senedd; - the Accounting Officer’s rules which would shortly
be subject of a consultation; and - the Members’ Dignity and Respect policy. 11.3 Siwan described the co-ordinated approach being
established for these regulatory matters relating to Members, involving
relevant officials from across the Commission. She also described the routes
for engaging with relevant groups such as Chiefs of Staff and the new Senedd
Political Contact Group which has been established for the Llywydd and Chief
Executive to engage with Members. 11.4 In response to questions from the Committee about
its role in relation to the regulatory framework, and that of the Remuneration,
Engagement and Workforce Advisory Committee, Siwan described how the Commission
would consult and engage with each committee as appropriate. 11.5 When asked for his perspective on the approach to
managing this risk, Ken Skates recognised the challenges around engagement with
Members and suggested that short briefing sessions with Party groups might be
the most effective way to engage. 11.6 The Committee welcomed the establishment of this
coordinated approach and recognised the challenges of making a complex
framework comprehensible to ensure Members and all office holders understood
their responsibilities. The Chair thanked officials for sharing the briefing
issued to the Political Contact Group which clearly set out responsibilities of
the bodies involved in the regulatory framework. 11.7
The Committee discussed
ways in which presentation of the elements of the framework might be simplified
and communicated effectively. Ann Beynon suggested a flowchart on how the
elements of the framework fit together might be helpful, particularly for new
Members which Siwan agreed to consider. 11.8 Siwan added that the aim of this co-ordinated
approach was to help Members understand the rules as they applied to them and
to clarify routes for them to seek further advice. In response to questions
about timescales, Siwan confirmed that there were a number of discrete tasks to
be taken forward in relation to each element of the framework and that the
approach would be used as a vehicle going forward to facilitate and co-ordinate
any future changes and also to ensure officials were consulting with
appropriate groups. 11.9 In response to questions about any overlap in areas of responsibility for the bodies ... view the full minutes text for item 11. |
|
Update on the transition to the Sixth Senedd Minutes: ARAC (05-21) Paper 9 - Transition to the Sixth
Senedd 12.1 The Chair invited Sulafa Thomas to introduce this
item. She reminded the Committee that, at its meeting on 18 June, it undertook
a detailed examination of the transition to the Sixth Senedd, and had requested
a further update at this meeting. The paper presented details of the flexible
approach adopted for delivery of the transition and included details of the
lessons learned and the management of risk. 12.2 The Committee congratulated officials on delivering
such a successful outcome, particularly given the additional complex challenges
posed by the pandemic and the need to respond to changing Covid-19 regulations
and deliver transition activities in different ways. Committee members were
also impressed with the high quality documentation of the lessons learned in
the update paper. 12.3 In response to questions around the impact of
Covid-19 on discussions relating to the use of office space, Sulafa advised
that the Commission had been presented with a paper outlining future agile
working possibilities that included hybrid and flexible working patterns. The
Chair agreed to pick up the questions about the future accommodation strategy
under item 18. 12.4 Discussion then moved onto the success of the
Official Opening of the Sixth Senedd which the Chair noted had been well
organised. Sulafa described how Arwyn Jones and his team had planned to deliver
mostly virtual events but that changes to regulations had made it possible for
more in-person activities. She also outlined the challenges around planning activities
at a time when Covid-19 regulations were changing and how decisions were based
on rigorous assessment of the risks. This had been resource intensive but
worthwhile to balance the desire to deliver an important symbolic event, and
providing a positive experience for all involved whilst keeping everyone safe.
It had been a very successful and well received event and Arwyn was pleased to
report that external assurances on the internal processes had confirmed that
the mitigations put in place were effective. 12.5 Ken Skates wanted to record his thanks for all of
the arrangements which had resulted in a fantastic day and noted the positive
experience for Members who had been delighted with the success of the
event. 12.6 Aled Eirug
also congratulated the team. He also asked officials for their thoughts on the
recommendations from the report produced by Prof. Diana Stirbu’s on the
Power, Influence and Impact of Senedd Committees which had been shared with
Committee members. Siwan advised that the recommendations had been endorsed and
work was underway in conjunction with the Chairs’ Forum to take the recommendations forward over the course of this
Senedd term. Siwan offered to share with Committee members further briefing
that had been prepared to inform this. She would also seek to share the outcome
of this ground-breaking use of academic research with other legislatures. Action: Share further briefing relating to Prof. Diana
Stirbu’s report on the Power, Influence and Impact of Senedd Committees. |
|
Commission's strategy for sixth Senedd Oral item Minutes: Oral item 13.1 Manon presented details of the strategy for the
Sixth Senedd which had been agreed by the Commission at its 8 November meeting.
The strategy had been captured in a summary document which had been shared with
the Committee in advance of this meeting. Manon described how the strategy,
which consisted of three strategic goals and a number of priorities provided a
good operational guide and was underpinned by the Commission’s values. Having
taken account of legacy discussions with the previous Commissioners, the
strategy reflected a renewed focus on engagement and communications and
sustainable use of resources. Key Performance Indicators (KPIs) would reflect
how the Commission would be held to account for delivery against these goals
and priorities. 13.2
The Chair considered this a good high level
starting point to enable the development of a golden thread running through to
delivery of services and measurement of performance through KPIs. 13.3 In
response to questions about voter turnout as a measure of success, Manon
reminded the Committee that it was difficult to attribute this to performance
as there were too many factors over which the Commission had no control. She
added that there would however be more focus on measuring engagement, in
particular the experiences of visitors and those who engaged with Senedd
business. Arwyn added that the Commission now had the ability to measure levels
of understanding and engagement more effectively, including the use of insight
analysis methods. 13.4 The Chair thanked Manon for sharing details of the strategy with the Committee. |
|
Update on cyber-security Oral
item/presentation Minutes: Oral item/presentation 14.1 The Chair welcomed Mark Neilson, Jamie Hancock and
Tim Bernat to the meeting and invited them to provide their regular update on
the Commission’s management of cyber security risks. In response to comments
from the Committee, and in particular from the Chair, the team had undertaken
work to refine reports to address assurances they were seeking. Mark referred
to past use of a ‘spider chart’ to describe the evolving cyber risk landscape
and the Commission’s to mitigation. However, it had become apparent that this
approach was insufficiently granular or dynamic to provide ongoing assurances
to various bodies such as Executive Board, the Commission and this Committee. 14.2 The Chair had helpfully outlined the themes and
approach he felt would provide further assurances on the identification and
mitigation of the risks which the team had taken on board. These included: -
a clearer
understanding of the threat landscape and how this was evolving; -
an appropriate
balance of hardware and software threats - although with the increased use of
cloud technologies there was an inevitable swing towards mitigating software
threats; -
a deeper
understanding of the internal and external sources of assurance, including
internal audit; and -
the development of
an appropriate infographic or "risk on a page" to outline the threats.
14.3 In order to seek a view from the Committee on the
level of detail required to provide adequate assurance, Tim presented a draft
of the monthly ICT Cyber Security Threat Report. The report detailed the
tools and statistics used, the analysis undertaken and the threat landscape.
Tim and Jamie also described the backup system and the tier 3 data centre,
which was not managed by Microsoft. They also outlined work underway to further
improve the security of data and how they were addressing the challenges around
retaining skills in this area. The Committee were pleased to hear that the
perceived over-reliance on Microsoft was being addressed and welcomed details
of cyber related initiatives planned in the future. 14.4 It was agreed that a copy of the report would be
shared with Committee members for them to consider and feed back to Mark and
his team which elements to include in the regular reports to the Committee. 14.5 A further discussion then focused on the
possibility of a presentation or briefing by the Public Sector Broadband
Aggregation (PSBA) and visit to the data centre, the wider skills gap evident
in the field of cyber-security and changes to support the use of Mac computers
on the network. 14.6 The Chair thanked the team for the clear
presentation, and the amount of the work undertaken to develop regular
assurance reports. Action: When available, share a copy of the Cyber Security assurance report with ARAC members. |
|
Information Breaches (twice yearly report) Oral item Minutes: Oral item/presentation 15.1 The Committee noted an update from Dave on one substantive breach and three reports of information being sent to the wrong email recipients. All of these had been quickly resolved and no further action was required. |
|
Departure Summary Minutes: ARAC (05-21) Paper
10 – Departure Summary 16.1 The Committee noted two departures from normal procurement procedures. |
|
Feedback on discussions at the Commission's Remuneration, Engagement and Workforce Advisory Committee (REWAC) (29.09.21) Oral item Minutes: Oral item 17.1 Ann
welcomed the opportunity to feedback on two recent REWAC meetings. The meeting
in November had focused specifically on the report by Prof. Diana Stirbu on the
Power, Influence and Impact of Senedd Committees. REWAC members had been
impressed with the quality of report. 17.2 The substantive meeting on 29 September covered the
following: - the Business Directorate priorities; - engagement priorities – it was agreed that the two
recently appointed Heads of Service in Arwyn’s service area would attend a
future meeting; and - defining the evolving relationship between REWAC and ARAC. |
|
Estates Strategy Oral item Minutes: Oral item 18.1 Dave presented an oral updated on the Commission’s
Estates Strategy which was due to be presented to the Executive Board in
December and the Commission in January. His update covered the following key
aspects which would be included in the strategy: - the impact of the pandemic on flexible working and
how the estate was used and the on-going uncertainty with working from home
restrictions still in place; - review of the lease arrangements and maintenance
plans (including window replacement at Ty Hywel); - review of the North Wales office and consideration
of other regional presence; - wider public/university sector opportunities for
flexible use of office space; - the Welsh Government’s accommodation strategy and
presence in Cardiff Bay; - the possible expansion of the Senedd, with more
Members; and - considering use of the Pierhead and how to make
better use of such an iconic building. 18.2 Dave agreed to share the Estates Strategy with the
Committee after it had been considered by the Executive Board in December and
before it was presented to the Commission in January. 18.3 In response to questions from the Committee around
whether the strategy should take account of citizen engagement, Dave agreed
that whilst this could be considered, its focus would have to be on the use of
the estate. Manon added that, whilst practical benefits from the citizens
perspective would form part of the considerations, it was important to provide
fit for purpose, accessible buildings with all the relevant security measures. Action: Share Estates Strategy with ARAC members after its consideration by the Executive Board. |
|
Update from the Chair on presentation of the Committee's Annual Report to the Senedd Commission Oral item Minutes: Oral item
19.1 This item was not covered at the meeting but the Chair had presented the Committee’s Annual Report to the Commission on 12 July. |
|
Review the committee's terms of reference Minutes: ARAC (05-21) Paper 11 – current
TOR 20.1 The Committee noted the updated terms of reference. |
|
Forward work programme Minutes: ARAC (05-21) Paper 12 – Forward Work Programme 21.1 The Committee noted the forward work programme and the Chair asked for the Estates Strategy and the Communication and Engagement Strategy to be shared out of committee. |
|
Any Other Business Oral item Minutes: Oral item 22.1
No other business was raised.
|