Audit, Governance and Standards Committee


12 March 2019

(7:30 pm – 8:46 pm)


         Councillor Yogan Yoganathan (Chair)

         Councillor Kim Bailey (Vice Chair)


            Councillor Zain Abbas

            Councillor Rowena Bass

            Councillor Jaesung Ha



                        Independent Member - Paul Eardley



Declarations of Interest - None



17.         Minutes





The minutes of the meeting on 21 November 2019 were confirmed as a correct record.




18.         External Audit Plan and Pension Fund Plan 18/19


Appendix A



The external Audit Plan to 31 March 20198 covers the key areas of challenges and opportunities facing the Council and the work the auditors will be doing on the final accounts audit and the value for money conclusion.


In addition to the presumed risks inherent in all audits two additional risks have been identified.  These relate to the valuation of the pension fund net liability and valuation of assets - property, plant and equipment.


Budget management; medium term financial planning and Brexit have been highlighted as significant risks on which the auditors will be doing further work as part of this year’s Value for Money conclusions


On the Pension Fund the significant risk identified is the management override of controls


Points raised in the discussion ranged over – the assessment of risk on manipulation of funds received as government grants; how commercial revenues are recognised in the accounts Brexit risks and how these will be assessed received.

The scale of Audit fees and quality control of these was also raised.  These are within the set Public Sector Audit scales, the framework for which contains a number of quality tests.


The Audit findings will be submitted to the Committee in July.


Resolved that the Audit Plan and Pension Fund Plan is noted.




19.         Annual Certification Letter


Appendix B



The Council’s grant claims to central Government for Housing Benefit Subsidy requires certification by the Council’s external auditor, Grant Thornton to confirm the Council’s entitlement to funding.

The claim of £71.6m was certified and the testing work revealed no errors. 




1.            the certification of the Housing Benefit subsidy claims for 2017-18 and the fee for this work is noted;


2.            the Finance Team is complimented on the claim being without error.






20.         Summary Corporate Risk Register Update


Appendix C



A summary of the top 15 risks on the Corporate Risk register was considered. This had been reviewed by the Strategic Leadership Team (SLT) on 12 February.

The 2 red risks are the Dedicated Schools Grant deficit and Placement Costs. Mitigating measures for all the risks were listed.

In response to a question on projections on income from investment properties it was noted that the intention is to spread the risk across a wider range of properties.


Updates on the risks selected at the November meeting for more detailed review were also presented.


Cyber Security and Information Governance

The Council complies with the Public Sector Network security requirements. The assessment for this includes an external security test of the network.

Following a formal assessment by an external accreditation body, The Council has also been awarded the Cyber Essentials Certification indicating that systems will protect against the vast majority of common cyber attacks and Cyber Essentials Plus certification, a more rigorous test of cyber security systems is being sought.

Phishing is one of the biggest risks for the Council and on the internet in general.

Tools are in use to test staff awareness of the risk and how to avoid falling for any scam.

Links with the National Cyber Security Centre (NCSC), part of GCHQ, continue and the Council is participating in several initiatives with them including being one of the testing sites for the new improved Webcheck service. This continually scans the internet facing infrastructure, websites (ending in, firewalls etc. for issues and misconfigurations.

Significant progress has been made to remove unsupported operating systems over the past year to ensure the Council is on supported and maintained versions.  

Work continues across a number of areas to embed cyber security into the overall Council Business Continuity Plans, finally better using of logging and reporting from systems and use of threat intelligence

Information Governance

The Council’s website has been updated to comply with and reflect the changes in legislation on Data Protection and to provide clear guidance on how the public can exercise their data rights.

 Privacy Notices are displayed on our webpage. Processes are in place for Subject Access Requests and the Right to Erasure and other rights to data.


The Information Asset Register and Retention and Disposal Schedule has been updated and will be reviewed quarterly.


A process of Data Protection Impact Assessments (DPIA) is embedded in the project management and commissioning process.

Services provided by arms length companies include satisfactory Information Governance and Security requirements which are checked on a regular basis.

Training and awareness for staff and Councillors on Information Governance continues with specific training for roles such as Data Protection Officer, Senior Information Risk Owner and Caldicott Guardian have had specific training.  Training and drop in sessions are provided to all staff.

There is a programme of work for 2019/20 to ensure that improvements continue to be made in the management of Information and cyber security.

 Questions concerned internal and external audit of these arrangements


Emergency Planning


A Standardisation Programme aimed at aligning all emergency planning, training and exercising arrangements, to enhance resilience across the capital by 2020 is in progress. All boroughs are participating in specific workstreams to achieve more resilience to emergency and disruptive incidents.

A new Command and Control system has been established, with defined roles and responsibilities. Kingston’s emergency plans are being revised to reflect these.  A standardised training programme, started in January 2019 for senior roles. A programme for all staff undertaking roles is being developed and they will participate in emergency planning and response exercises.

Boroughs implementation and performance against the new workstreams will be assessed in a self assessment process, via a peer review by another London Local Authority, and by external peer review by an external body.   


Kingston has an implementation programme and is an active member of the South West London Resilience Programme Board, represented by the Director, Communities and the Contingency Planning Manager.


The steps already taken and planned changes were noted


Questions concerned the co-ordination of these arrangements and the Council’s ability to execute them


Brexit preparedness


Guidance from central government, the LGA, London Councils and other local authorities have identified a common set of themes which have been used as a framework for assessing the potential impacts for a no deal Brexit


The council has established a cross-directorate Task and Finish Group and including Achieving for Children to assess the impact Brexit could have on the council, its residents and communities and businesses.


In consultation with local and regional partners, an impact log for a no deal exit with mitigating actions to address some of the potential impacts in the following areas has been developed:   


Community Cohesion - in consultation with faith groups, Community groups and the Metropolitan Police.

Economic impact on small and medium businesses - in consultation with Kingston Chamber of Commerce, Kingston First, Kingston University.

Citizens Rights - in consultation with Kingston Citizen Advice Bureau, Kingston Voluntary Action, Voluntary Sector Organisations working with migrant groups, DWP, Kingston University, Kingston College.


A review of the Council’s business continuity arrangements is underway and the Council is participating in pan-London Brexit arrangements, with London Council’s, LGA & London Resilience via weekly teleconference and Brexit workshops.

The Safer Kingston Partnership on 18 January 2019, considered a report on the Brexit arrangements and possible borough impacts at that point. Partnership members are liaising regarding preparations for a no deal Brexit.


Ongoing liaison in the Borough Resilience Forum (Borough Multi-agency Partners reviews the multiagency impact on the borough and on partner agencies i.e. impacts on medical and medicine supply; workforce of provider organisations.


Funding of £210k for each London Borough over two years (2018/19 and 2019/20) to help support Brexit preparations was recently announced and Kingston has also created a local Brexit contingency.

A more detailed, follow-up report will be taken to the Community Engagement Committee - which has responsibility for contingency planning - three months after the UK has left the EU

Resolved that

 1.    the updates on the high priority risks are noted;

2.    SLT will review the risk register on a quarterly basis and the Committee will continue to review the register on a quarterly basis;

3.    a report on the process for scrutinising risk and the relationship between the role of this Committee and the Strategic Committees in considering risk is considered at the July meeting;

4.    the updates on the risks for further review, selected at the meeting in November, and the following recommendations are noted;

Emergency Planning

a)       the recent improvements made to emergency planning resilience in Kingston Council and further improvements in the pipeline.

b)      the actions to introduce the London Emergency Planning 2020
standardisation programme and resilience assurance programme across Kingston Council, with the implementation programme on target to have the required arrangements in place by September 2019.

c)        that a more detailed report on emergency planning resilience will
be brought to Community Engagement Committee in the spring 2019.

Brexit preparedness

d)        the work underway across the council and with local partners to prepare for a ‘no deal’ Brexit.

e)        that a more detailed, follow-up report will be taken to the Community Engagement Committee - which has responsibility for contingency planning - three months after the UK has left the EU, reporting on impacts on council services, residents, communities and businesses




21.         Internal Audit Update


Appendix D



The update on the work carried out by Internal Audit since November was considered.


As at the report date approximately 84% of the plan has been completed based on number of days delivered, this compares to 79% at this stage last year. This year’s plan was weighted towards the second half of the year with more audits being planned in Quarters 3 and 4. The total number of audits completed or in progress is 33. 8 have been cancelled or moved to the 2019/20 plan.


Since November 3 audits have been finalised with Limited assurance and 5 Priority 1 recommendations have been raised, these were detailed in Annex 3 of the report and considerable progress has been made on their implementation.


On the follow up of earlier Priority 1 recommendations, there are 10 which have exceeded their initial agreed implementation date. These were detailed in paragraph 11 of the report. Progress on these has been good, particularly on the 4 audits which raised multiple recommendations.


Questions raised concerned

Housing Repair system – procurement of the new system is ongoing.

Adult Care Income – a project is in place on the updating of recording procedures; linking with other Council financial systems so that forecasts, billing and payments move away from manual processes.

Management development and training- the capability of the system will now provide monthly reporting on training completed and any instances where mandatory training modules are incomplete.

SEND audit – the timing of this has been reviewed and it will be in 2019-20.  The scope of the audit has not yet been defined.

Coombe Hill Junior School – the 3 P1 recommendations relate mainly to documentation procedures.

Progress on the Achieving for Children Audit plan is reported separately to the AFC Audit Committee.  To date 83% of the plan has been completed and 3 Priority 1 recommendations raised since the November report.  These were set out in Annex 4.


Resolved that the update on the work undertaken by Internal Audit since November 2018, the Priority 1 recommendations raised and progress being made to address the issues identified is noted.





22.         Internal Audit Charter and Strategy and Internal Audit Plan 2019/20


Appendix E



The proposed Internal Audit Charter and Strategy and Internal Audit Plan for 2019/20 as required by the Public Sector Internal Audit Standards (PSIAS) was presented for approval


The Charter meets the requirements of the Public Sector Internal Audit Standards and is a formal document which establishes the position of the internal audit activity within the organisation.  It authorises access to records, personnel and physical properties and defines the scope of activities. 

The strategy covers how the service will be developed and delivered, together with the appropriate resourcing; an assessment of the risks which the audit service itself faces; how internal audit will rely on the assurance provided by other providers, and how the service will measure its performance and quality assurance.

Internal audit work is undertaken by the South West London Audit Partnership (SWLAP) across the 5 Boroughs - Kingston, Merton, Sutton, Richmond & Wandsworth. This also includes Achieving for Children (AfC).


The Audit Plan is risk based and has a wider focus than the high risks from the Corporate Risk Register. It is drawn up by combining the corporate assessment of risk with Internal Audit’s own assessment of risk (the Audit Universe) and knowledge of any emerging risks.


A key element of the process is discussions with Senior Management and analysis of Departmental and Corporate Risk Registers.


The plan developed is deliverable within the 775.5 days commissioned by the Shared Service Board. This is 78 days more than in 2018/19 (697.5 days).

It includes the complete Audit Plan for Achieving for Children – 280 days - split equally between Kingston and Richmond. The plan was presented to the AfC Audit Committee in January.


The Plan is flexible to accommodate changing audit needs during the year reflecting changes in risks and accommodating changing management and organisational priorities.

The plan will be monitored by the Shared Service Board and any significant changes will be reported to the Strategic Leadership Team and this Committee.

A key objective of the shared service is providing an efficient and cost effective service, standardisation of audit methodology, the delivery of shared audits over more than one partner and a structural review of the service has resulted in a 2% saving for 2019/20 across the partnership.


The approach in the Plan was supported. 


Resolved that the Internal Audit Charter and Strategy and Internal Audit Plan for 2019/20 is approved





            Date of Next Meeting and dates for Municipal Year 2019/20





Next meeting Thursday 02 May 19




Tuesday 30 Jul 19

Thursday 24 Oct 19

Thursday 23 Jan 20

Thursday 30 Apr 20