Agenda and minutes
Venue: Conference Room 4B - Tŷ Hywel. View directions
Contact: Clerk: Kathryn Hughes Deputy Clerk: Buddug Saer
No. | Item |
---|---|
Introductions, apologies and declaration of interests Minutes: 1.1 The Chair welcomed
everyone to the meeting and noted apologies from Ann-Marie Harkin, Audit Wales
and Uzo Iwobi. 1.2 No interests were
declared. |
|
Minutes of 13 February, actions and matters arising Minutes: 2.1
The minutes of the 13 February were formally approved and updates to the
actions were noted. |
|
G&A update report Minutes: 3.1 Gareth presented his
Governance and Assurance update report which outlined governance, assurance and
audit activity since the February meeting. He outlined the following work which
had been completed: · following the assurance statement challenge session in March, attended by Aled Eirug and Bob Evans, a draft of the Annual Governance Statement had been prepared and shared with the Committee; · his report on the Effectiveness Review of the Remuneration Board had been published, and links had been shared with the Committee, along with the Board’s response; and · the report on the review of the lessons learned from Covid-19 was included in the papers for this meeting. 3.2 Gareth also outlined
the following progress on ongoing audit work, reports on which would be shared
with the Committee in due course: · fieldwork on the Effectiveness Review of the Executive Board had largely been completed and the three directors and members of the secretariat team had been interviewed; · interviews with Commission staff had been held as part of a review of our business continuity arrangements; and · the review of controls relating to the regulatory framework corporate risk was underway. 3.3 A follow up on the
audit recommendations from previous cyber security audits had also been
completed. Cyber security was a substantive item at the June meeting and Gareth
planned to circulate his update prior to the meeting. 3.4 Gareth had circulated
his Internal Audit plan for 2023-24 to Committee members on 30 March. This plan
covered all three directorates and key areas of risk. Members welcomed and
approved the 2023-24 plan. 3.5 Menai Owen-Jones asked
if there was also an audit strategy spanning a number of years. Gareth
explained that he had previously produced a strategy document on a three-year
cycle, and alluded to an ongoing post-pandemic debate in the internal audit profession
around making audit strategies and plans more dynamic and reactive. He was
aware of some organisations producing plans quarterly as opposed to annually.
He added that his preferred approach was for a single document to eliminate
duplication, and that he included information related to strategy in other
documents, such as the Internal Audit Charter. 3.6 Mark Egan understood
the need for flexibility but asked how Gareth ensured all areas of audit were
covered over a three- or four-year period. Gareth explained the benefits of
having an in-house Head of Internal Audit in this respect, as he was able to
ensure coverage across the organisation through discussions with Directors and
Heads of Service and apply his knowledge around significant risks. Gareth
agreed to produce an outline of internal audit reviews carried out over the
past few years for presentation at the autumn meeting. This would provide the
Committee with reassurance and understanding of the approach to future internal
audit strategies and plans. 3.7 The Chair thanked
Gareth for his substantive update and noted the approved Internal Audit Plan
for 2023-24 which would be published shortly.
Action · Present an outline of internal audit reviews carried out over the past few years to the ... view the full minutes text for item 3. |
|
Internal Audit Charter and Internal Audit's compliance with Public Sector Internal Audit Standard (PSIAS) Minutes: 4.1 Gareth informed the
Committee that the Public Sector Internal Audit Standards (PSIAS) required all
internal audit activities to implement and retain an ‘Internal Audit Charter’.
He presented his Charter to the Committee, in order to provide formal
definition of the purpose, authority and responsibility of Internal Audit. 4.2 In accordance with
PSIAS Gareth had reviewed the Charter for 2023-24 and confirmed that there were
no changes required to the version approved by the Committee for 2022-23. He
also confirmed that there had been no further revisions to PSIAS since 1 April
2017. 4.3 Gareth explained that
the PSIAS recommendation was for an External Quality Assessment (EQA) on
internal audit services to be carried out every five years. The last assessment was carried out in
2017-18. Audit Wales also reviewed the
work of internal audit as part of their own audit arrangements and had
not raised any concerns. 4.4 Gareth was currently
undertaking his own self-assessment against the standards which would be
independently verified as part of the next EQA. This had been delayed due to
the pandemic and staff changes in the other legislatures, with whom he had previously
established a working group to undertake the assessments. Gareth explained
that, as there was no appetite for an external review with CIPFA or the
Institute of Internal Auditors, partly due to the cost, he was exploring
alternative arrangements and would seek the Committee’s approval on the
approach to be adopted. He provided additional re-assurance by confirming that
the previous and existing co-sourced internal audit partners had all scored
very highly in their own EQAs. 4.5 The Committee thanked
Gareth for his update and encouraged him to ensure arrangements were in place
for an EQA to be carried out in time for his successor and to continue
participation in the legislative networks. 4.6 Gareth informed the
Committee that a consultation was underway on global Internal Audit Standards,
which formed part of an International Professional Practices Framework. The new
standards were likely to come into force by early 2024. The internal audit lead
at CIPFA would subsequently set the UK public sector standards which were
likely to come into force in April 2025. Gareth agreed to produce a summary of
the new internal audit standards before his departure. 4.7 The Committee formally
approved the Internal Audit Charter for 2023-24, noting that there were no
substantive changes. |
|
Internal Audit Annual Report and Opinion Minutes: ARAC (23-02) Paper 5 –
Internal Audit Annual Report and Opinion for 2022-23 5.1 Gareth introduced his
Annual Report and Opinion which reported that the Accounting Officer could take
moderate assurance that arrangements to secure governance, risk management and
internal control, were suitably designed and applied effectively. 5.2 Gareth highlighted the
substantial assurance provided by the audit of key financial controls which was
particularly pleasing given the new finance system, the impact of Covid and
volume of work. He also reflected on the positive and mature working relationship
with colleagues, including those dealing with Members’ expense and cyber
security. 5.3 The review of
outstanding audit recommendations from prior years identified one
recommendation which was yet to be implemented. This was in relation to the
prominence and visibility of project and programme risks and issues and would
be revisited in the audit review due to be carried out in 2023-24. This was
particularly relevant given the ongoing major transformational change
programmes and projects and Gareth acknowledged that the Committee would remain
focused on these. 5.4 Kathryn Hughes, as the
Commission’s Risk Manager would be working with programme and project managers
to support them in the management of risk. Kathryn had provided feedback on the
Senedd Reform Programme risk register and assured the Committee that it was
well structured for presentation to the programme board. She would also review
the Ways of Working programme risk register and the Committee encouraged her to
ensure read across and consistency between these two programmes. 5.5 The Committee noted Gareth’s Annual Report and Opinion and commented that the moderate opinion provided a good level of assurance. |
|
Annual Report on Fraud Minutes: ARAC (23-02) Paper 6 –
Annual Report
Fraud 6.1 Gareth presented his
report, noting that this was not a requirement of the PSIAS but good practice
as it provided a further level of assurance on the Commission’s control
environment. Gareth reported that during 2022-23, there had been no cases
brought to his attention of actual or suspected fraudulent activity regarding
cash, allowances and expenses or theft of assets. 6.2 The 2022-23 audit plan
contained the following specific audits which considered potential risks of
fraud as part of the scoping: Key Financial Controls; Members Expenses and
Resettlement Allowances; and Lessons Learned – Covid 19. 6.3 The Commission’s
Finance Team continued to play an important role in raising awareness and
received regular training from Barclays Bank as well as other providers.
Finance co-ordinators from across the Commission were also encouraged to attend
these sessions. 6.4 As well as staff
training, Gareth drew on a number of sources of assurance such as the
outsourced internal audit partner and Audit Wales, both of whom shared
intelligence on fraud activity with the Senedd Commission. 6.5 On 30 March 2023, the
UK National Audit Office (NAO) published a report on tackling fraud and
corruption against Government. In the coming months Gareth would assess this
report and consider any learning points relevant to the Commission. 6.6 The Committee noted
and thanked Gareth for his Annual Report on Fraud. |
|
Fraud and Whistleblowing policies Minutes: ARAC (23-02) Paper 7 - Whistleblowing and Fraud 2023 - updates ARAC (23-02) Paper 7 –
Annex A - Whistleblowing policy ARAC (23-02) Paper 7 –
Annex B - Fraud Corruption and Bribery Policy – 2023 ARAC (23-02) Paper 7 -
Annex C - Fraud Response Plan – 2023 7.1 Gareth presented his
annual update on the Commission’s Whistleblowing and Fraud policies. He
reported that there had been no internal disclosures received under the remit
of our Whistleblowing Policy during the last eight years but noted that were other
means in which staff could raise concerns such as disciplinary and complaints
procedures and policies. 7.2 Gareth highlighted
reference in his paper to the suggestion of rebranding the Whistleblowing
Policy as ‘Speaking Up’ and the rationale for doing so. He asked for the
Committee’s views. 7.3 The Committee welcomed
a discussion on this and felt that the term ‘whistleblowing’ was so well known
that changing it, albeit in an effort to simplify it, could result in confusion
and loss of understanding of its meaning. Any change would also need to make
sure it was clearly connected to the legislation on whistleblowing (i.e. the
Public Interest Disclosure Act). Committee members also noted that the policy
needed to balance the rights of those complaining against those facing
allegations. They also questioned how the current policy was communicated to
staff. 7.4 Manon believed that
the culture of the organisation meant that staff were comfortable raising
concerns and complaints but welcomed the Committee’s suggestion to consider
including an appropriate question on understanding of whistleblowing
arrangements in a future staff survey. Action · The Commission to review the Whistleblowing policy again in the autumn in light of the UK Government review. |
|
Latest Internal Audit report Minutes: ARAC (23-02) Paper 8 -
Lessons Learned - Covid 19 8.1 Gareth presented his
report on the Lessons Learned from Covid-19 which focused on delivering Senedd
business, the effectiveness of governance and the wellbeing of staff. 8.2 The Committee welcomed
this review and noted in particular the effectiveness of the Covid Reporting
and Monitoring (CRAM) group, the dynamic management of risk, and the use of
technology and innovation to enable strong business continuity practices. 8.3 The Committee
encouraged officials to have a continued focus on staff wellbeing, and
fostering internal contacts and relationships within the organisation, and
acknowledged the challenges of balancing flexibility and fairness. The
Committee also encourage officials to be mindful of practical aspects such as
energy efficiency. 8.4 Mark referred to proxy
voting as an example of the Senedd leading the way in British politics during
the pandemic and questioned the controls in place to ensure compliance with the
rules, given that this practice was to continue. Manon understood the potential
risks and provided assurance that the correct controls were in place. 8.5 Manon welcomed the
Committee’s feedback. She outlined how management were dealing with the
challenges posed by variations in working patterns whilst maintaining fairness
with those teams, such as Security and Visitor Experience, which needed to be
on site, and flexibility for other teams which were able to work effectively
remotely. She also recognised the need for personal interaction, particularly
for new team members and for staff development activities. This would all be
taken into account as part of the Ways of Working Programme. 8.6 Gareth’s report
outlined that a hybrid model was now well established with flexible working
patterns fitting in with the needs of the business. Periodic ‘in person’ team
meetings had become a feature of a number of well-being plans in services
across the Commission. 8.7 The Committee welcomed
this informative report and believed it was important not to lose sight of it
as the organisation dealt with the pandemic in such a remarkable way. |
|
Audit Wales update Minutes: ARAC (23-01) Paper 9 - AW
Detailed Audit Plan-2022-23 9.1 The Chair welcomed
Clare James to the meeting. 9.2 Clare presented the
2022-23 audit plan, outlined the materiality levels, and highlighted three
significant financial statement risks and the other areas of focus. She also
shared the audit timetable which would be tight but achievable with
certification by the Auditor General for Wales scheduled for 22 June. 9.3 The estimated audit
fee for 2023 would be £68,985 (2021-2022 £59,987) but Clare explained that, as
the planning was ongoing, changes to the programme of audit work may be
required if any key new risks emerged, which could in turn affect the estimated
fee. In relation to the risk around key changes to finance personnel, she
highlighted that such changes always posed a risk to accounts preparation and
could therefore increase the risk of material misstatements. 9.4 Clare confirmed that
the interim Head of Finance had already provided information related to the new
IFRS16 Leases accounting standard which would be reviewed and tested as part of
the audit to ensure expenditure was appropriately classified in the 2022-23
financial statements. 9.5 The Committee welcomed
the clear and helpful format of the document and noted the tight timetable. The
Chair urged the early identification of issues to allow time for these to be
resolved. The specific dates were also noted, with the audit due to commence on
9 May, presentation of a draft set of accounts to Audit Wales by 12 May and
plans to issue a draft opinion in time for issuing the Committee papers on 5
June. |
|
Joint working protocol Minutes: Oral item 10.1 Clare James explained
that the joint working protocol between Audit Wales and the Commission’s Head
of Internal Audit, which had been in place for a number of years, was reviewed
annually. She also explained that, since it was last reviewed in 2022, new
auditing standards did not allow as much formal reliance on the work of
internal audit work for assurance purposes, although Audit Wales could still
take this into account. It was agreed that an updated and simplified joint
working protocol would be produced and shared with the Committee before
Gareth’s departure. Action · Gareth Watts and Clare James to provide briefing for the Committee on the joint working protocol. |
|
Commission's draft Annual Report and Governance Statement for 2022-23 Minutes: ARAC (23-02) Paper 10 -
Draft Annual Report 2022-23 - cover paper ARAC (23-02) Paper 10 –
Annex A – draft Annual Report Narrative ARAC (23-02) Paper 10 –
Annex B – draft Accounts ARAC (23-02) Paper 10 –
Annex C – draft Annual Governance Statement 11.1 The Chair invited
Arwyn to introduce this item and Committee members to comment on the draft
narrative included in the Commission’s draft Annual Report and Accounts (ARA)
and the draft Governance Statement for 2022-23. 11.2 Arwyn explained that,
whilst the ARA would be available in pdf format for the purposes of auditing
and laying it as a document, its presentation in an interactive online format
would be similar to last year. This made it more accessible to a wider audience.
Arwyn then described the process of drafting the articles and gathering the
online content and thanked all those involved in working on this. 11.3 The Committee
welcomed early sight of the report and also congratulated the team for
undertaking the task of pulling vast amounts of information together and
presenting it in such a concise, clear and easy to read format. 11.4 The Committee
questioned the consistency of some key performance indicators (KPIs), and those
with only one year’s worth of data and suggested that it may be worth adding
some additional narrative to these figures. Committee members understood the challenges
around devising meaningful measures in a parliamentary setting but questioned
why some of the Commission’s priorities did not have specific KPIs. 11.5 Manon thanked the
Committee members for their observations and explained that the KPIs had been
reviewed, updated and approved by the Commission at the start of the Sixth
Senedd. She added that any changes to the measures would need to be approved by
the Commission and noted that changes would result in no year-on-year data
comparison. 11.6 The Chair welcomed
Simon Hart’s presentation of the accounts section of the ARA which remained
unchanged from last year. No financial information was available for this
meeting, but it demonstrated the volume and complexity of the information to be
presented. 11.7 The Chair invited
Manon to introduce the Annual Governance Statement. Manon briefly described the
process for gathering assurances from Heads of Service and Directors to inform
the statement and the value added by the independent challenge from Aled and
Bob at a meeting of the Executive Board in March. Manon expressed her thanks to
Kathryn Hughes for expertly drawing the information together into a substantive
draft for her to review and finalise. The Chair also thanked Kathryn for her
work on the assurance gathering process. 11.8 The Committee was
very pleased with such a comprehensive and balanced statement and acknowledged
its importance. On behalf of the Committee, the Chair noted and accepted the
statement as part of the assurance process. |
|
Budget update Minutes: Oral update 12.1 Simon Hart updated
the Committee on the 2023-24 budget. The first Supplementary Budget for 2023-24
would put forward a £435,000 reduction in the Commission’s approved budget,
resulting in a 3.4% increase on the 2022-23 budget compared to the originally
approved 4.1% increase. Simon also outlined the specific budget reduction
measures for 2023-24 which had been approved at a Commission meeting on the 27
March. 12.2 A first supplementary
budget was due to be tabled on 13 June to allow for a debate on 4 July, prior
to the summer recess. This allowed a period of three weeks for scrutiny under
Standing Orders. |
|
Corporate update on: Senedd Reform Programme and Ways of Working Programme Minutes: Senedd Reform Programme -
oral update 13.2
Siwan outlined the plans for taking forward the two main activities of the
Seventh Senedd business-focused workstreams: procedures and practice; and
capacity and capability, which was inter-related with the Ways of Working
Programme. Discussions were also underway to establish the mechanism for
dialogue with the Independent Remuneration Board in terms of how
Members are supported, and the intersection between the services provided by
the Commission and the allowances which Members can access through the
Board’s Determination. 13.3 Siwan outlined
preparations for supporting the legislative process which would include
scenario planning for the legislative approach to Senedd Reform and other
electoral reforms being proposed by the Welsh Government. In response to
questions from the Committee, Siwan explained the potential implications and
risks which would be explored, including the complexity of some scenarios and
implications for the Commission in terms of capacity to support the scrutiny
process. 13.4 In terms of programme
governance, Siwan highlighted the following progress: · the development of a programme risk register, working with the Commission’s Risk Manager to refine this; · discussions with relevant officials around the links between the Senedd Reform corporate and programme-level risks with the Ways of Working Programme, as well as risks being identified by the Welsh Government and other stakeholders; · development of the stakeholder mapping using the RACI (Responsible, Accountable, Consult, Inform) matrix; · engagement with the Strategic Planning Unit to develop a joint Senedd Reform Programme-Ways of Working Programme reporting tool for the Executive Board; and · development of internal and external communications plans to be discussed at meetings of the Senedd Reform Programme Board and the Joint Assurance Board with the Welsh Government. 13.5 Siwan advised that
the Joint Assurance Board, which had met that morning was working well.
Briefings were also being co-ordinated in advance of bilateral meetings between
the Llywydd and the First Minister. 13.6 In response to
questions from the Chair around resources, Siwan explained that detailed
workforce planning was ongoing in conjunction with the Ways of Working
Programme. She also noted that the additional resources ringfenced in the
budget were based on dedicated time allocated for Senedd Reform, and this did
not include some of the business as usual work activities such as legislative
scrutiny and parliamentary skills. Some resource had already been redeployed
whilst others were taking on additional responsibilities as part of their
current roles. 13.7 The Committee acknowledged the challenges around allocating time and resources to supporting the legislative scrutiny process alongside delivering the SRP workstreams and business as usual activities. Siwan acknowledged that the timetable would be extremely tight, particularly given the timescales required for a boundary review. The Welsh Government is providing assurance that the legislation is on track for introduction in ... view the full minutes text for item 13. |
|
Corporate Risk Minutes: ARAC (23-02) Paper 11 –
Corporate Risk ARAC (23-02) Paper 11 –
Annex A - Summary Corporate Risk Register ARAC (23-02) Paper 11 –
Annex B – Corporate Risks plotted 14.1 The Committee noted
the comprehensive updates in the Commission’s Corporate Risk Register. 14.2 The Chair noted that
workforce planning would provide key mitigation around capacity and capability
risks (HR-R-170) by identifying skills requirements. He suggested that, given
concerns over the ability to recruit to certain specialist posts, issues around
‘pay competitiveness’ should be reflected in the documentation of the risk. 14.3 In response to
questions from the Committee around the continued high
risk rating for cyber-security, data protection and Senedd Reform risks,
Manon explained that, despite mitigation in place, some of the causes were
beyond the Commission’s control. Action · Add ‘pay competitiveness’ to Risk Ref: HR-R-170 – Corporate Capacity and Capability. |
|
Critical examination of one identified risk - Members' regulatory framework: changes and comprehension Minutes: Oral item – reference to
STS-R-153 in CRR 15.1 The Chair welcomed
Anna Daniel, Sulafa Thomas and Meriel Singleton to the meeting for this item.
Siwan Davies presented an update on mitigation for the corporate risk relating
to the Members’ Regulatory Framework. 15.2 Siwan outlined the
reasons for adding this risk to the Commission’s Corporate Risk Register
following the 2021 Senedd Elections. This was to reflect the need to ensure
awareness and understanding of, and adherence to the various codes, rules,
procedures and guidance as they applied to Members of the Senedd. She explained
the intention of embedding long-term improvements through simplification, and
to ensure processes were Member-focused and future-proofed. 15.3 Siwan described the
action being taken forward as part of a simplification thematic review by the
Independent Remuneration Board, which formed part of its strategic work
programme. 15.4 The Standards of
Conduct Committee had also taken forward action to: · improve Members’ awareness of the standards regime; · provide clarity on rules for claiming expenses as a result of its report on cross party rules; and · conduct inquiries into the registration and declarations of interests and on lobbying. 15.5 Progress had also
been made on simplifying systems for processing claims to aid clarity and make
it as easy as possible for Members and the Members’ Business Support team were
also now recording precedents. 15.6 In terms of ensuring
processes were Member-focused, Siwan described the improvements in
communication through liaison with the Political Contact Group and Operations
Group (which included Chiefs of Staff). Representatives of the Independent
Remuneration Board were also meeting with Members and their staff. Both of
these activities had led to improved engagement with, and development of a
training programme for Members. The reorganisation of the Members’ Business
Support team, splitting out the HR and claims functions had also provided
clarity to Members on who to contact for support. Deployment of additional
resources to support the Independent Remuneration Board would also help provide
more focus on preparations for the future. 15.7 Siwan described the
actions being taken forward to help future-proof processes. This has included: · participating in an in-person inter-parliamentary conference around standards of conduct; · networking with bodies such as IPSA to inform planning the Independent Remuneration Board’s work programme; and · facilitating consultation with Members on behalf of the Independent Remuneration Board and the Commission on ways of working and provision of services in the longer-term with a potentially larger Senedd. 15.8 The report on the
Effectiveness Review of the Independent Remuneration Board had been published
along with the Board’s response. An action plan to address the recommendations
was being developed. 15.9 An important part of
the mitigation for this risk was to clarify to Members the accountabilities and
relationships between the Independent Remuneration Board, the Llywydd, and the
Chief Executive and Clerk. This ongoing work would also be informed by the
forthcoming internal audit review of the controls in place, and action being
taken to mitigate the risk. 15.10 The Committee thanked Siwan and her team for the ... view the full minutes text for item 15. |
|
SIRO Annual Report Minutes: ARAC (23-02) Paper 12 –
SIRO Annual Report 16.1 The Chair invited Ed
to introduce the SIRO Annual Report, noting that this provided important assurance
as part of the Annual Report and Accounts. Ed highlighted the amount of recent
activity on progress against delivery of the Data Protection Officer’s detailed
action plan, now that the Information Governance team was fully resourced. This
included action to take forward data processing agreements for Members and the
Commission. He also highlighted the benefits of fortnightly meetings he had
with the Head of ICT and the Data Protection team. 16.2 The proposals for a
SIRO group would be considered further in light of an ongoing effectiveness
review of the Executive Board which Gareth Watts would be completing in the
coming weeks. Ed was pleased to report that there were no serious issues or breaches
reported to the Information Commissioner’s Office. 16.3 The Chair thanked Ed
for the report which provided the Committee with the necessary assurances. In
response to questions from Committee members around the structure of various
functions which fell under the remit of the SIRO, Ed explained that he was
considering this. |
|
Departure Summary Minutes: ARAC (23-02) Paper 13 –
Departure Summary 17.1 The Committee noted
one departure from normal procurement procedures and raised no concerns. |
|
Terms of Reference Minutes: ARAC (23-02) Paper 14 -
updated ToR March 2023 18.1 The Chair confirmed
that the minor revisions to the Terms of Reference had been agreed with
Committee members and that the revised version could be published. |
|
Committee's Annual Report to the Commission and Accounting Officer Minutes: ARAC (23-02) Paper 15 –
2021-22 Annual Report – Welsh (link in pack) ARAC (23-02) Paper 15 –
2021-22 Annual Report – English (link in pack) 19.1 The Chair invited
members of the Committee to suggest content for the Committee’s Annual Report
and encouraged them to share their ideas with the Clerking team. |
|
Forward work programme Minutes: ARAC (23-02) Paper 16 –
Forward Work Programme 20.1 A number of future
agenda items had been raised during the meeting. A revised forward work programme would be
shared at the June meeting. |
|
Any other business Minutes: 21.1 No other business was
raised. Clare James, Audit Wales
attended a private session with members of the Committee once formal
proceedings had concluded. No Commission officials were present and no minutes
were taken. Next meeting is scheduled
for 12 June 2023. |