Agenda item

Governance and Assurance Update Report


ARAC (05-20) Paper 3 – Governance and Assurance update report


4.1        Gareth Watts presented his Governance and Assurance update report. He had participated in a Heads of Internal Audit Forum with his counterparts from across the Welsh public sector where discussion had focussed on differing approaches to giving assurances during Covid-19 and the effect this had on internal audit plans. Core internal audit reviews had given way to more advisory pieces of work and a focus on the challenges of maintaining effective governance and assurance arrangements. It was noted that most core internal audit reports would be delivered in the final quarter.

4.2        Preparations for gathering assurances to inform the annual Governance Statement for 2020-21 were now well advanced. Gareth thanked his team for meeting with each Head of Service to discuss governance matters and ensuring they were fully prepared for drafting their Assurance Statements. A subsequent meeting had been held with the three Directors and a commissioning email had been sent to Heads of Service. The templates and guidance for the statements had been adapted to emphasise the focus on the impact of Covid-19. Directors would draft their statements by early January and an update on progress would be provided at the February 2021 meeting.

4.3        Gareth confirmed he had continued to comply with internal auditing standards and that work on the 2020-21 internal audit programme was on-going. The audits on risk and issues management and asset management were nearing completion and reports would be circulated out of committee when finalised. Gareth was confident that he would complete the agreed audit plan by April 2021 noting that, as with other organisations most of the reports would be delivered in the last quarter. He outlined that his key areas of focus in the coming months would include cyber security and scoping the audit on compliance culture.

4.4        In relation to the audit on compliance culture, Committee members were encouraged by the meta compliance tool that had been used to monitor the acceptance of the updated ICT Security Rules. Committee members asked about extending the use of compliance tools to Members of the Senedd and their staff. In response, Gareth advised that, as the Commission provided only an advisory service to Members in relation to policies and procedures this would not be possible to enforce. He also clarified that the compliance audit was in relation to Commission staff only.

4.5        Gareth informed the Committee that, at the request of the Chief Executive and Clerk, he was also undertaking an additional piece of work on reviewing the revised set of Key Performance Indicators in order for the Commission to give assurances to the Public Accounts Committee (PAC) that they remained robust and fit for purpose. He envisaged completing this work by February 2021.

4.6        Related to the audit of asset management, Committee members questioned the guidance issued to Members around dissolution, in particular the value of assets to be written off. Dave confirmed that the detailed guidance was yet to be agreed and that the Members’ Business Support team were comparing notes with the Scottish Parliament and Northern Ireland. Gareth agreed to share dissolution guidance and other relevant papers with ARAC members when available.

4.7        Whistleblowing was briefly discussed, and Gareth welcomed Ann Beynon’s suggestion that she share details of an audit and benchmarking exercise with him. Gareth reminded the Committee that the whistleblowing policy was presented to ARAC each year and although there had been no cases reported to him, it remained important to raise awareness across the organisation.

4.8        The Chair thanked Gareth for his contribution and urged him to take an appropriate amount of time to focus on conducting thorough audits, as opposed to rigid adherence to the plan’s timetable.


·         (4.6) Share dissolution guidance and other relevant papers with ARAC members when produced.

·         (4.7) Gareth and Ann Beynon to discuss whistleblowing policy and procedures out of committee.