Audit Committee - Wednesday 12 November 2025, 7:30pm - Wandsworth Council Webcasting

Audit Committee
Wednesday, 12th November 2025 at 7:30pm 

Agenda

Slides

Transcript

Map

Resources

Forums

Speakers

Votes

 
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
  1. Webcast Finished

There we go.
Good evening, everyone.
My name is Councillor Worrall and I'll be chairing the meeting this evening.
Members of the committee, please switch on your microphones to confirm your attendance
today. Councillor Caddy. Good evening. Councillor Crichard. Councillor Hedges. Good evening
Councillor Hedges. Ballin Ward. And Councillor Rigby. Hello Councillor Rigby. I believe we
might have apologies from our independent member and Miss Carla is that correct? Great
Okay, great, okay.
We also have a number of offices present tonight.
I'll ask them to introduce themselves when they actually address the committee rather than go around the table.
Before we begin, I'd like to propose that we move the last agenda item,
which is paper 25391 to the start of the agenda.
We have the members from Ernest and Young in attendance.
and I'd like to deal with the business to allow them to leave when the item is concluded.
Are you in agreement with that?
Great, thank you very much.

1 Declarations of Interests

Are there any declarations of interest, either pecuniary, other -registable, or non -registable interests?
If so, if you could raise your hand.
Great. Okay, thank you very much.

2 Minutes - 9 July 2025

Agenda item number two then.
The minutes of the last meeting which were held on the 9th of July 2025.
Are members in agreement that these minutes are a correct record?
Great, thank you very much.
Okay, we shall move on to the next papers.
Before we start, could I ask councillors and officers present and also members from owners
to, when they're asking questions or addressing any aspects of the papers, to please be aware
that we might have members of the public watching and not to rely on acronyms, jargon, or anything
else.
Some things in this paper are a bit confusing to people.
So to just be prepared for questions to explain something that might be included in the paper.
So as I said, if we could use understandable English today, that would be great.

6 Update on the External Audit and the report of the External Auditor (Paper No. 25-391)

So paper number one, which is paper 25391.
And I believe, Ben, if you will be talking to this paper.
And after the paper, I will ask members offices to please respond to any aspect
Aspects in the paper before I throw it open to you counsellors present
been
Thank you
My apologies there
The paper provides an update on the 24 25 accounts and the subsequent order as reported to committee
in July. The draught 24 -25 accounts were published in line with the statutory
deadline of the 30th of June 2025. The audit commenced in July and we are
hoping for completion of the audit and final sign -off of the account in the
next month, which is largely in line with Ernst & Young's audit plan set
out in April 25. This will be plenty of time ahead of the next backstop date
which is the end of February 2026.
There are various appendices included in the draught,
including the draught letter of representation
and an updated set of accounts,
which is presented for information
in anticipation of final sign -off.
Ben Lazarus is here, also from EY,
who I will hand over to you now to introduce the report.
Thank you, Alicia.
So yeah, I mean, I guess to note,
So we've got quite a long and technical report on here
that sort of, I guess, needs to be sort of
a certain level of technicality to it
because we've got sort of auditing standards
that we've got to make sure are covered in here,
but I totally get the point, Chair.
I think if I just think about some of the kind of
core messages, firstly, thank you to management.
Audits take a lot of legwork on all sides of the table,
and I think it's important to put on record
that there's a thank you to Catherine, to Alicia,
but to everyone involved behind the scenes
to get us to this stage.
We are, as Alicia said, broadly on track.
There are always kind of ups and downs
in a sort of specific timetable,
but I think largely we've been dealing with those
collaboratively and working through them together.
And if we think about some of the context
that sort of audits have been in over the last few years,
I think that's a pretty good place to be.
So I just want to put that on record.
As Alicia says, we'll look to close the outstanding areas
down over the coming couple of weeks and then move into the sort of sign -off
choreography process. There are some elements in the report that I'll sort of
take as read but you'll see some what we call kind of uncorrected or corrected
audit differences and they're sort of either areas we find through the process
that we think you know errors or differences to what we believe to be the
right number. There's none of those that I would deem particularly material and
and those that currently remain uncorrected,
I'm comfortable with.
They wouldn't stop me signing anything,
so I think that's important to note.
Again, happy to take kind of questions
on any of the real specifics,
but I think it's important to note
that my overall kind of comfort level is in a good place.
There are, as we've stated, some areas of work
still to get over the line,
and I'd kind of call out the areas around valuation
and property plant and equipment,
probably be in the areas that I'm keenest
to sort of keep our foot on the pedal with
over the next couple of weeks,
But again, I'm getting the right assurances from my team
and the team here that they will get over the line.
You will see information in this report
around our value for money.
The value for money procedures that we are required to do.
I have raised in there one significant weakness
around value for money.
I'd like to think that doesn't come as a surprise.
If we think about the timing and the year
that I am auditing, it's the 24, 25 year.
Within that period you had a housing regulator C3 report
which concluded in February 25,
so pretty close to the year end.
So it's kind of my obligation to make a commentary
on the arrangements that were in place
during that financial period.
So whilst I have tried to reflect a little bit
that we are post year end now
and there's some good direction of travel,
I do have to comment specifically on the arrangements
within that financial year.
So that might just help bring to life
why that actually was a relatively binary decision for me,
given the timing of that report from the housing regulator.
We've also included in here some other information
around kind of how the organisation has responded
to our queries, you'll see a RAG rating slide in there.
Again, I hope you take from that the direction of travel
around what we're receiving in terms of quality
of working papers, the quality of the relationship,
et cetera, has moved significantly in the right direction.
There are, as with any other areas,
for further improvement on both sides, right?
So again, I think we'd be honest about that,
and there's a sort of mature conversation,
but we're trying to put that here,
so we've got something to continue to measure against
and keep the direction of travel good.
Again, thinking about the relative context
in this sector over recent years.
You may be interested in terms of the return
to a clean opinion.
So again, we've talked to this committee quite a few times
in the last couple of years in audit periods
around the top line that the audit opinion
has not been unqualified.
That's a clean opinion in our word.
And again, I won't go over the minutes of previous meetings
as to why the audit got to that place.
Again, I would say we've got to take it audit by audit,
and at the moment, the direction of travel is good.
We still plan to complete all of the planned procedures
as we've put in our plan earlier of the year.
I'd encourage committee members,
when I do issue a final report in the next few weeks,
to sort of think about the assurances I am providing,
rather than the technical nature of the opinion.
But I think that's an area where I'm happy
to sort of take questions,
because it's naturally quite a sensitive area,
and it is an area we're talking to management
and committees about pretty regularly.
There's a lot in the report.
I'll take the rest of it as read,
but I'm really happy to open up for questions.
Great. Thank you for that. Before I ask committee members to ask questions, I would like to
ask any of the officers present around the table, is there anything in the report that
they would like to respond to or comment upon before we move on?
Thank you, Chair. Catherine Burstyn, Director of Financial Management. I just want to acknowledge
Ben's thank you for the work that we've put in that's gratefully received and I think our relationship has improved
In this audit, so I think it's been
Generally moving in the right direction as Ben has noted
I
Think
It is that we are in this place where we've got a disclaimed opinion again
because of that backlog and
And I would like to think that we're certainly moving as quickly as we can to that clean opinion as is possible.
I hope Ben can agree with that point.
Just to refer to the RAG ratings in EY's report, this, sorry, the red, amber, green.
This is the first time that we've had this kind of review, and it's a firm -wide new proposal that EY are implementing.
only for me why it's not something that they have to do.
And acknowledging that some of these are AMBER
at this point in time, but we've gone through those
in some detail with the team,
and understand the reasons behind them.
Some of them are very specific,
in particular, technical areas of that category
that has been rated as AMBER,
and the general point is it's doing well,
but just because of one specific area,
a technical accounting entry or an IFRS change, which is the accounting standards, that's
why that's brought us down.
So again, I'm not too concerned with those ratings, and I think we have room for improvement,
as Ben said, on both sides.
We look forward to continuing that.
Great.
Thank you.
Just to help anybody watching, should they be watching, and to help everybody around
the table.
If you refer to a particular issue, I could ask you if possible to refer to the page or the paragraph as well. Thank you very much
committee members council Kritchard
Thanks very much. Just to say
Miss Burston and Mr. Lazarus have commented about the
the opinions I
think something that we all ask is I know the answer is about how this compares with other authorities
authorities, because I think we haven't said in terms of members of public, my understanding
is this is an authority -wide and a country -wide challenge to get the opinions to be unqualified,
which means everything's fine, which sounds a bit funny, but that's how it's expressed.
Could you just confirm that, because I wouldn't want residents to feel that something's wrong
with the audit from the council's perspective?
Yeah, happy to comment on that, Councillor.
So, yeah, I think it's been relatively well documented
through our reporting, but in public reports as well,
that yes, there has been a sector -wide reset
of audit in the sector.
That's involved several regulators across the sector,
including audit regulators,
like the Financial Reporting Council,
but also MHCLG and government regulatory bodies too.
So yeah, there were a large number of entities,
particularly in the 22, 23 financial period
that were reporting disclaimed audit opinions.
It's quite technical, but then that has knock -on impacts
on the years that follow, even if you complete
all of the procedures that you plan to complete
because it brought forward balances and the like.
So absolutely, Councillor, there's been a sector -wide
acknowledgement from regulators that there was a need
to reset and to do something different.
That's what we're trying to do.
That does mean some sort of technical work
to get back to a clean opinion.
But again, I would say that what you're seeing
in the rest of this report is a relatively business
as usual set of audit procedures that I've completed.
And yes, there are some points I'm reporting in here,
but I wouldn't say there's anything particularly material
or significant from my current year procedures.
So again, I would encourage those watching
to sort of think about what I am presenting as well as the sort of technical nature of
the opinion itself.
Great.
Thank you.
Councillor Cady.
Chair, I've got quite a few questions.
I don't know if you want me to just take them one by one rather than sort of download.
Maybe I can pick a couple of favourites.
How many have you got?
I think I've got one, two, four.
If I could ask you to do two and then maybe give somebody else a chance and then we can
come back. Sure. The first one is just on the value for money weakness and that
you referenced and well I mean it's all through it really. Well I guess they
first mention it on page 47 paragraph 9 is probably the headline piece on it. So
So I guess my question would be, did you only raise it because essentially the regulator
raised it, or were there other sort of areas within the council, within what you were looking
at in terms of evidence that sort of, I guess, contributed towards you giving that value
for money judgement?
And then what work did you do afterwards to sort of reassure yourself that the council
was moving in the correct direction.
Can you just talk us through that in a bit more detail?
Yeah, so I mean, clearly the remit of our procedures
around all of the kind of non -financial audit aspects
of what we do wouldn't be as detailed
as the housing regulator, right?
Otherwise we'd never finish an audit.
So, and our value for money procedures
ask us to look under a series of sub -criteria
at various domains.
One of the things we have to look at
are other deeper dive regulatory reports
that are available to us, whether that's CQC,
whether that's housing regulator, or any other regulators.
And acknowledging, sometimes we see these reports
and they might be, for example, a C2 rating
and there's a bit of a, we really need to work out
whether we think the arrangements from our perspective there.
When it's a C3, generally our position would be,
that's raising some fairly fundamental findings
and we do, to an extent, rely on what
the housing regulators saying.
We do look at aspects of that report,
kick the tyres on elements of it
to make sure there's nothing we're seeing
that's in drastic misalignment with what they're saying.
And then what we do to be able to give,
and hopefully you can see a little bit
as we get into page 29.
And I do note there will be another report, sorry,
page 29 in my report.
There's a sort of what happens post year end summary.
I would note that I will be issuing another report called the auditor's annual report which gives much more
Commentary on all of these value for money points, so we'll go into more detail
But again there are various things we have to do counsellor to for example look at the council's response to that rating
That comes in sort of various domains
But largely it's sort of the governance arrangements that come in place after that how seriously is the organisation taking it how regular and frequent?
of the meetings that are sort of dealing with that matter.
We'll look at minutes, we'll speak to officers, et cetera.
So there are a series of requirements
that we've got to do off the back of raising
a significant weakness.
That will be shared in more detail in my auditor's
annual report in due course.
But what I'm trying to state here
is we're starting to see some good direction of travel
in terms of the sort of response to this,
as you might expect for something so significant.
But as I say, my remit is to comment on the arrangements as of the year that we're looking
at, 24 -25, and that, as I say, felt like a reasonably simple conclusion given the status
of that regulator report.
Councillor Hedges?
Another question on value for money.
This is more of a forward -looking thing.
Given the upcoming fair funding review, which we know could significantly impact the council's future grant income.
Will your next value for money assessment test our financial resilience against fair funding outcomes?
I know that for Nella Mary, our side is looking at the fair funding outcomes,
but how could this potentially impact our overall value for money grading?
That's the first one.
And then the second one is not too dissimilar.
It was just basically how can we reassure our residents, our taxpayers, that the value
for money unsatisfactory rating doesn't reflect wider failings in financial management and
governance.
Thank you.
So firstly, the fair funding piece is something
that we've got, so it's interesting, right?
So within value funding, one of the domains
we have to look at is financial sustainability.
So even though I've made the point around
we're commenting on arrangements in the year,
financial sustainability is inherently
a sort of forward -looking piece.
So we'll look at things like the medium -term financial plan
and kick the tyres on that pretty hard.
So given the fair funding conversation that's happening,
one of the things we've had to do,
even to get to this report,
is to look at some of the various scenario plans that the organisation is doing around
that.
I think it's fair to say our sort of reporting around this will inherently have to talk about
that more as sort of we go further into the future and that becomes more real.
But equally at the moment I'm not seeing anything in internal arrangements or financial sustainability
in the sort of short to medium term horizon
that is sort of akin to what we're seeing
at more distressed councils, right?
So there is a sort of fairly tricky line which says,
it's the sort of thing I need to start signalling
if it's going to get tougher,
but is there anything in the kind of current
set of arrangements or future finances
that tell me there's something absolutely fundamental
in the sort of short to medium term horizon?
So I don't feel an obligation to report anything there, but I think it's natural under sort
of what we're seeing or expecting under Fairfunding to start signalling some sort of increased
pressures and increased need for looking harder at internal processes and transformation,
et cetera, et cetera.
On your second point, I suppose I'd point you towards the fact that my value for money
remit is fairly wide -ranging.
I've got to sort of kick the tyres around kind of governance, financial sustainability,
economy, efficiency, effectiveness, and there's a whole host of sub -criteria that again I'll
report in a bit more detail in the auditor's annual report which will come later this month.
We have to report by exception and the only point I'm reporting by exception at the moment
is about the housing regulator piece.
So again it's an exception reporting piece of work but if there were anything else I
was particularly concerned about from all of those procedures I would have to say it
this report and I'm not saying anything in this report so hopefully that gives
some assurance to to those listening in
great counts the caddy because Chris I did you have your hand up sorry I was I
was quite interested to hear what Miss Burston also has to say about that but I
think the it's probably very clear to say to everyone is if it's reporting by
exception then you're down to everything else is fine isn't it that's so that's
what you're saying is and I having been on this committee for a while sometimes
the way that you as the auditors express things isn't quite how you might put it
if you were doing it differently is that it well I mean I mean isn't it there's
The element of I've got to be quite thoughtful
about how I present things
because I've got a sort of specific remit.
So I have to report by exception
if I think there is a significant weakness
in your arrangements.
So if I'm not reporting by exception,
that means I don't think there is a significant weakness
in any of the other arrangements.
Would that mean that I say everything is fine?
I mean that's I guess subjective, right?
There are always areas where there could be improvements.
There are always areas where we're challenging management
all the time around arrangements and having a conversation
about that and that evolves as we go.
I guess I've got to be just quite careful to say
that I only have to report if I think there is
a significant weakness.
So that's not to say I don't think there's area
for improvement in other parts of the organisation.
Of course I do and of course management do.
That's kind of their role, but I don't think
there's a significant weakness anywhere else at the moment.
Is it in response to this?
Yes, and then that's the one where we know we're doing work with the meetings and everything
else like that.
And I would also comment, I'm on one of the housing panels and it's been quite interesting
in terms of the stock condition survey, which is one of the things that I can see from what's
happening in housing and various, somebody was round at visiting a block recently and
they were very excited because they've actually had, you know, they're doing a block at a
time so it comes in phases across the piece for that area.
So I know that some of the work is going on from what I've seen myself.
Great, thank you.
Before I go across to Councillor Caddy, I was just wondering, do any of the officers
have any further comments about what's been raised in that last conversation?
I always want to give officers a chance to respond should they need to thank you. Okay, counsel Katie
Thank you chair, and the first one was about the HRA evaluation and the ref ref case issue, which I think is page
64 it sort of goes into detail and then it's highlighted on
Your little page 10 are big page
58 I think no 59
And I guess it seemed to me from reading it that there was a sort of fundamental disagreement
maybe between the auditors and the council in terms of how it's being valued or that
there was an issue that obviously hasn't been resolved.
And this I think has been ongoing for a fair bit of time.
And I just wonder what the sort of detail of that was and what the root of it was and
whether it was going to be resolved.
I'd say that is a live matter.
We are, again, and Alicia, please come in, I think we are trying hard to see if we can,
I don't want to use the term meet you in the middle because I've got to sort of stand by
my auditing standards.
we have got some relatively fun,
so I guess I would catch this all in that
it's not that material an item individually.
So I've got to think about my quantitative materiality.
So in terms of where my priorities are,
I'm going kind of most material, most significant to least,
if I were to put it crudely.
At the moment we have got a relatively fundamental point
that says the data that you are providing us
makes it really difficult for us to get comfortable
that the transactions are being recorded
in the right year across two or three years.
We are working pretty hard in the background
with Alicia and the team to see if the data
that I think has been provided to us
more recently helps resolve that.
But at the point of writing this report
and at the point today, I've not got enough comfort
to say that I'm there yet.
Thank you. Is it worth getting a comment from the accounting team just to sort of get that?
Apologies. Would you mind just clarifying it was page 59 and...
So the issue is basically the HRA valuation and I think it was first referenced or referenced sort
of in a headline way on page 59. And then some of the detail came out on page I think it was 64
and it talked about the revenue expenditure funded from capital under statute sort of
testing, the cutoff issue basically there, and I presume that's what's driving the HRA
valuation uncertainty.
Sorry, Councillor Critchard, can you just…
Yes, I didn't want to use that abbreviation.
Thank you for the clarification on the point.
So I think they're two separate points.
So the HRA evaluation point, which is first,
that was the one I was looking at, which is first referenced
on page 59, that is the top bullet point.
So I would agree with Ben that that's a live issue.
So the progress on that at present
is EY requested us to do a briefing note, which we did,
and supplied last April and outlined our approach, which was going to be a continuous approach
to do some testing during this 25 -26 financial year as much as possible.
And then in light of 2024 -25 still having, regaining that assurance that we'd worked
to fully incorporate it into the next financial year.
Discussions were ongoing with EY colleagues
recently on feedback on that briefing and their thoughts
on that briefing.
I'm actually meeting the manager tomorrow,
where it's ongoing discussion.
So yeah, it's very much in train.
The same with the reficus issue.
We've actually spoken about that today, and again, discussing
again tomorrow.
So it's two kind of recommendations where we're working on them behind the scenes, managing
it alongside the audit work as well.
Obviously, we don't want to push some areas into the 25 -26 audit, so it's kind of prioritising,
closing down this audit alongside improving those areas for the next accounts and making
sure we're doing things right for the 25 -26 accounts.
Thank you very much.
And then the final question probably sort of touches on that a little bit.
Probably for the first time, I think, and I've been on this committee quite a long time,
and I haven't really seen the kind of comments that I'm seeing in this report in terms of things about quality and preparation issues of the material.
I think there was a comment on page 94.
And then obviously in terms of the fee quote, I think there was a comment about the documentation and the preparedness of it.
And I just wondered if maybe both the auditors and the team could just comment on that,
because it was something which just sort of slightly disconcerted me,
because I hadn't ever really seen that sort of reported before.
Yeah, I have to go first.
So, I mean, I think one of the things we've reflected on as a firm,
given where the sector's been and the reset agenda that, as I said,
regulators and government have been incredibly plugged into,
has been a reflection that we've all got to be pretty vigilant now as we reset and
move into rebuild and then reform to make sure we don't get into the spiral
we got into two or three years ago right and that backlog of audits that's been
well documented. So you know I think partly that's the saying to management
look we really welcome your feedback on the audit and what we're doing to try
and reset and take that really seriously as a firm,
and I've talked to this committee
before about what we're doing.
Equally, I think it's only right and intentional that we give you
a little bit more specific commentary on what we're
seeing in the working papers that we get,
the quality of the conversation with management.
As I say, I think if I were to compare this to
some other one pages that I've been presenting elsewhere,
it compares reasonably well.
But I think it's probably also reasonable to say
that there are areas that management look at and go,
I think that's an area for continued improvement internally.
And as Catherine said, some of it is around
relatively technical areas.
If I take IFRS 16, which is a very specific
auditing standard around leases, that came in this year.
We've been fairly clear to say that the disclosures
around that weren't as complete as we would have liked
them to be and what the standard suggests.
So we've been clear on that.
That is a technical disclosure,
but it's one that my standards say absolutely
needs to be in there and needs to be complete.
So what I'm trying to do is close that disconnect
between what's happening behind the scenes
and share that a bit more openly and intentionally.
But I'm also saying to you that some of these
quite technical matters that feel inherently technical
and maybe not that human are really the sort of bar
that I've got to ward it against.
And until that bar changes or is updated,
I can't sign off an opinion unless my F -16 disclosures
are right.
So it is technical.
It is technical, but I think it's important to sort of note
that that's the sort of checklist that I've got to kind of
have in mind when signing off an audit opinion,
even if that feels technical in nature at times.
My sort of follow up to the team is just really sort of,
I guess, what's sort of driving those delays or issues
or concerns.
Is it is it kind of a resource issue or is it just the sort of planning in terms of the order? I'd
It'd be interesting to hear your perspective
Thanks, um, I
Think that's right that different areas have different ratings on page 61 and a why I've acknowledged that some areas have been
Really well prepared
But we acknowledge that some
Maybe need some improvement in terms of this specific point about delays
is I think, I don't have figures off the top of my head,
but the number of samples that we get
to have to work through, maybe Alyssa can give some figures,
but it's enormous, the amount of work
that we have to plough through,
and whilst we plan as much as we can,
inevitably there will be some areas
that require people who are on leave
or need a bit more work, and we work together on that.
We work with EY and colleagues,
And we explain we can't get that back until you know X date
But it's a significant amount of work, and we do our best, but agree that some areas of working papers could could be improved
Cancer Chris shot
Thanks, and I was just going to ask is sort of is there a sort of time, okay?
And also this is like the first year that you've had this sort of frag rating. What's the time frame and
Does one ever get to everything being green or if that is probably just might be just
it never happens?
I mean I suppose it's one of those things that as a sort of management team and as a
council you've got to kind of balance off all the different things you're doing at any
given point in time and work out how green you feel like you need this to be or where
can you carry an element of amber.
So that's a management decision, right?
That's not for me to say.
I think we're just trying to report quite factually
on where we are.
We're trying to be really fair around saying
that actually all of the amber areas for us
have still been an improvement from last year.
I've not thought any of those are close to red,
for example, so again, I wouldn't say it's a bad place to be.
I'd recognise as well what Catherine said
about the volume of work it takes to do
and to the standards I've got to do them to
to a council with accounts as large and technical as yours.
So I think there is a, that's a difficult balancing act
in a sector that is not blessed with people sitting
on the bench that you can pull in at any given time.
I think that's just an honest assessment,
but that's a sort of management decision
around how green you think this needs to be.
If I can just respond to that point,
obviously I want to say that we would always strive
for the best possible documentation,
but in reality sometimes we may fall down.
But I want to stress the point that it has been
an improvement and we will continue to improve
and we'll continue to try and do that.
Yeah, and thank you for the clarifications
around technicalities, because sometimes
discussions like this are around technicalities
and also we need to recognise that reg ratings
can be subjective as well, and they are not
They're not an exact science and there are a number of influences that can come through as well
Council ages. I'm going to make you the last question of the evening for this paper. Thank you very much and
This is around
capital projects and partnerships and what assurance can you give us and also residents and
That we're not exposed to any unmanageable or unmanaged risks. Just thinking about the JV
as an example. Thank you. I mean management may want to comment. Again I'd
point you to my value for money reporting so I've got to think about
everywhere where the council might expose itself to sort of unmanageable
risks or take decisions that aren't aligned to the organization's risk
appetite or don't govern decisions properly and again if there were
anything in that regard anywhere, not just capital, but anywhere that I thought I needed
to sort of bring to your attention through that reporting I would.
So you know, that's an exceptional reporting piece, but there's nothing I've identified
there that I need to bring to your attention.
I guess the financial statements piece around the work I do over capital is more technical
in nature.
Is it accurate?
Is it complete?
Did you spend that amount of money on property, plant, and equipment in the year?
So really, to your question, I'd have to point you towards my value for money reporting,
but if it's more of a management position on why stakeholders should be assured on that,
then I'd ask management if they wanted to add anything.
Catherine and then Paul.
Thanks, Ben.
Thanks, Chair.
Just in relation to the specific point about the joint venture, I outlined at the top of
that we did procure expert advice in relation to that contract term and that buyout under
the joint venture, top of page 48, paragraph 10.
So EY were aware of that and we did discuss that with EY at that point in time.
So I would like to state that they didn't find any issues and were comfortable with
the advice that we were given around that transaction.
And just to add to that, obviously,
before any decisions were made,
reports went to the relevant scrutiny committee
for them to be able to see and understand
the processes that were going on.
And risk in general, you'll see later on in this,
on the agenda, we're reviewing, we're updating,
we're refreshing how we approach
the risk management strategy,
so it's gonna be enhanced as well,
So that should provide further reassurance that we take risks seriously and when matters
like the joint venture are dealt with, they're not made unilaterally.
There's a proper governance process that's followed prior to any decisions being made.
Great.
Thank you.
Before we move to the recommendations, I'd just like to acknowledge the amount of work
that goes into the preparation of this from both the auditor's side but also from the
management and the officers concerned.
And I think papers like this disguise the amount of time and hours spent in actually
getting everything together, the sampling that's being done.
And I'd like to say a big heartfelt thanks to both sides in relation to this.
And for us as counsellors to recognise that this takes up a considerable amount of time.
It is important to the council, yes, but we have to recognise that actually it is quite
a strain on staff as well to actually pull us all together.
So a big heartfelt thank you for myself in relation to this.
We need to move to the recommendations now.
Reading through the recommendations, there are recommendations 8F, and we'll need to
vote on these.
I propose that we bundle these all together and have a single vote on the noting section
and also the approving and providing delegated authority to the chair.
Is everybody happy with that approach?
Great.
Okay.
So all those in favour?
Anybody?
No abstentions?
No against.
Great.
Thank you very much.
And thank you, Ben, for coming along and presenting this tonight.
Okay.
If we can move on to the next paper, then, which is paper, according to my agenda, 25386.
Who is speaking to this paper?

3 Progress on Governance Arrangements (Paper No. 25-386)

Paul.
Thank you, Chair.
So Paul Gigliotti, Director of Financial Services.
So, this paper here is something that the Committee should be reasonably familiar with.
It provides you with an update on the progress of the work undertaken by the shared audit
team.
And this touches upon some of the work that the shared fraud team does, although there
is a more detailed report on fraud later on the agenda.
So the progress on where we've made on of the 59 audits in the plan are shown
out on table one which highlights that six months into the plan we've already
completed 21 with the first 16 that are currently in progress. So we're well on
track to complete the work that the schedule should be undertaken. That's not to
say that there may be some challenges ahead with regards to getting the
audits completed due to timelines and we delayed starting some of the work in adult social care for that.
And they had some inspections and that's some of those is detailed further on the paper.
Table two will highlight the priority one and two recommendations from previous years that are still overdue.
and table three gives the high -level information on what's happening in the
fraud team. But as I mentioned there is a different paper on that later on as well.
And then we've got the two appendices which focus more the granular detail on
the audit plan, where we are with it with regards to the progress being made and
those recommendations that were highlighted that are priority one are
the most important and the management action response plan for those. So that's
That's a brief summary overall, no doubt there will be questions which I might throw out
to either Andrew or Tanya if they're more granular detail, but if it's more on the strategic
side then I will manage those.
Any questions?
Councillor Caddy.
Thanks very much, Chair.
It probably relates to page 7 and then subsequently page 21 and 23 where I think the detail of
the issues is sort of fleshed out.
Why are there sort of P1 wrecks which have been made and not kind of dealt with on a
couple of particular issues?
It seems like the storage of deeds and contracts is something which I just don't understand
how it can be that hard.
And it seems the same with the fleet vehicles.
I mean, this has been on the kind of agenda for a while, and the management response is
the single policy on fleet management is still under review by HR and the legal team and
cannot be implemented until it's approved.
I just find it really difficult to understand
why it seems to be so difficult to get these policies
in place and sorted out.
Very valid questions.
I will defer to colleagues to go into the granular detail,
but to contextualise the matters.
If you think about the number of recommendations
that have been made during the course of those years,
and the fact that we've only got two sitting here,
shows you that the vast majority are delivered upon
and are dealt with.
Not to shy away from the fact that these two shouldn't have been as well, but I just wanted
to contextualise the matters and put things that when you think about we're doing 59 plus
audits per year, you're only seeing a couple that are sitting here.
So that is positive.
Likewise, these should have been dealt with better, and I'll defer over to colleagues
to give you some more granular detail about those two particular audits.
Thank you, Paul.
I'm Andrew Hamilton.
I'm the head of the Shared Audits Service.
So I think I'd like to say a couple of things.
First of all, just remind committee members that it's not the audit team that's responsible for implementing recommendations, it's officers themselves.
And I would invite you to invite officers in if you want to ask specific questions.
I think Tanya will be able to give you some more granular detail about the storage and deeds in particular about where they are with that process and what's happening.
And then I suppose in terms of the fleet vehicles, it's badged as a 24, 25 audit report.
But the reality is the final report was issued in June 25.
So it's not actually been outstanding for a long time.
The recommendations are in train.
Some of them are quite difficult to implement.
Policies that need to go through sort of multiple levels of review and authorization.
So some of them, for instance, are nearly there, but we won't sign them off until they've
been signed off themselves and they're actually in place and operating.
So I'm not concerned about that one.
I do think there's a genuine concern about the deeds and contracts.
Tanya, can I get you to give some more detail on that one?
Hi, good evening. My name is Tani Kaljic. I'm audit manager. So the finding around this
has been around more longer than I am with the Council. So we met with the director for
validation as well as with the director for law and governance because this is kind of
a little bit shared responsibility and also shared a budget. So budget has been approved
and money is there. Resources, identifying the appropriate resources is being done for
almost a year, but they haven't got somebody who would be willing to undertake this work
at the moment. We have agreed that we will be revisiting, so both directors and myself
are going to archives in a couple of weeks to see the deeds, what are the states, and
see if we can scan them, so therefore I mean,
you know, lower our risk that something might happen
with those papers.
And also I know that the director for law and governance
already reached out to archivists to advise us
what to do with those more damaged documents.
So hopefully next time when we come,
we will be able to tell you what are the next steps.
Do we want first to scan certain documents,
and then that kind of allows us a little bit more time
to with the resources or maybe the documents cannot be scanned and therefore need resources
to be brought in.
There is a budget that is approved but it's a recommendation that will be enough.
So is the budget just not high enough?
Is that why you can't get anyone to do it?
And I guess it is a serious risk because if there's a fire and there's land and buildings
or whatever that they could be extremely valuable to the council and extremely controversial
if someone else suggested that they weren't owned by the council, it sounds like it would be a serious risk.
I sort of, I can't understand what the barrier is really.
Is the budget to employ someone to deal with it?
The budget is there. It's the nature of the work.
So they did have someone lined up that then wasn't available.
It's someone that has to be legally trained.
They need to spend a significant amount of time in a dingy basement.
It's not the most attractive piece of work.
They're really looking at someone that perhaps is towards the end of their career that maybe
wants to do something a bit part -time, and they're in short supply.
They have thought about looking at a company to do it, but the cost of that would be significantly
higher, and so that's not on the table.
We think it's a risk, hence it being a priority one recommendation.
If it's not implemented by the next committee, it might be useful to get the monitoring office
abtus to come and have a chat about that.
He acknowledges that it is a risk.
He feels some level of comfort in the event of complete loss and a challenge.
So the risk is that there are small slithers of land that the council has titles for.
And if someone wanted to challenge that, he feels that the council would be able to defend that position by looking through other records.
We've not verified that in any way, and that was just his opinion in a conversation with us.
But it might be something that's worth exploring a bit more at this committee.
I mean, just to come back once more, I guess I would suggest that it was worth spending
the extra money getting someone to do it, you know, sort of a corporate organisation
to do it, to lose the potential value of, you know, a whole series of, I don't know,
ransom strips or whatever you might call them.
It would be really concerning, I think, and it would take a lot of work to try and prove
the ownership, I think, by going around the houses.
I think as Andrew has alluded to, obviously that would be a decision ultimately for the
service.
But we can relay that message back, if that's the view of this committee back to them, if
we can't progress this, then we would want them to come back to the next committee to
outline why they think the risk is lower than what's here and then we can make a more informed
decision around what the most appropriate next step should be.
Councillor Cressy, you had your hand up. Is it in relation to this directly, this issue?
It was in relation to this.
Okay, great. And then I'll come to Councillor Hedges and then Councillor Rigby.
Okay. Look, I'm just going to make one comment. There are a couple of people who are new to
this committee. And somebody asked me whether that was a typo that it happened in May 2022.
And I went, no, it's been there that long. And perhaps that also needs to be relayed
But I've also got further comments about the fleet, but we can take that separately. Yeah
Can't say just thank you chair and mines about BCP testing and so it's my understanding correct me if I'm wrong
That this report states that only half of the services have been tested
One when will we get to a hundred percent and two what assurances can you give us should we have a major incident?
How do we know if any of these services are going to be working?
It's on page 17.
I don't know if you have any more detail.
I don't have the granular detail.
What I do know is that business continuity plans are in place, but at a service level,
I haven't tested mine, and that's the sort of thing we're talking about.
So my business continuity plan is low risk.
For the council's system shut down tomorrow,
we couldn't do much audit work,
but that wouldn't be a huge issue for the council.
What I don't know is whether they prioritise those
in terms of level of risk or not.
That's something we need to come back with
a bit more detail on.
I can also say that this is an ongoing piece of work,
and it's much broader than that.
Obviously one of the key issues and risks
is not necessarily flood or fire,
And I know that obviously we've seen the impact of fire in this borough fairly recently.
But the key critical one clearly is going to be cyber, and that is a key focus, which
is why it's littered all over risk returns, et cetera.
And there has been a key big focus and a recent exercise where the executive directors board
had a test -based approach to test to see what would happen.
And obviously, there will be actions from there and lessons learned.
There's been some checklists devised by IT to help shape and
direct and been sent to all of us as directors.
At least to the people around this table further down there have seen and
I've asked from them to understand where their services are,
which is why Andrew's talking around not having looked at some of the VCPs.
So it is a headline that we expect.
it's all well and good having a piece of paper that you say is there unless you
actually look and test to see how it works and operates you don't know
exactly where things will be but if we're being really brutally and
utterly honest with you if you think around everything that we do if things
weren't able to operate for one day one week one month will things stop and
looking at the key objectives of the council for many of the services no so
So we have to prioritise and focus and work out
where is most important about how we do that.
So where any action plans that we'd look at
on a more strategic oversight,
we make sure the resources are dedicated
and going over to.
And a key area of the response is,
and I will refer back to Fox House,
look at the response and the approach that happened there
when you had officers targeted going over
to make sure those individuals had supported,
had housing to support them with,
finances to ensure that they could live
on a day -by -day basis.
So that shows you that we as a group and that wouldn't have been one service area, it brought
everyone together with gold, silver and other officers that are involved in how those things
work on a more strategic oversight key priority focus rather than necessarily saying can we
go out and do our audit tomorrow.
Thank you.
Councillor Rigby.
Yeah.
A question on page 2021 on John Bosco.
When do we expect the controls to be in place?
So we received the documents this week and we are now reviewing them the evidence to
see if we can close the actions right away.
Thank you.
Councillor Kurchat.
Thanks.
A couple of things.
The first one, actually I echo what you said about the business continuity plans.
And maybe that's something we could look at in more detail, have a bit more report on it for the next audit committee.
Because I hear the assurance, but actually it would be worrying and it would be good to know where we think the risks are.
Just going back to the main body of the report, we've used up, we've got 1600 days audit this year,
but the current position is we've got, we've finalised, we've done 18, so we're sort of halfway through the year.
I'd just like a bit more about have we got enough days, will we complete them?
And something also about the ones that we didn't start, why we didn't start them
and what happened to make us delay them.
I mean I noticed most of them were in adults but it would be good to confirm why that was
the case.
Just to start with before looking at some of the granular detail, we've completed
So it's 21, 16 are in progress, so we're six months through the year.
18 have been fully finalised, another third of three have already been issued a draught report.
So obviously we now agree the management action plan in order to do that.
So these 21 have been completed.
Very mind when you start from zero, there's always going to be a delay going from.
So we are in a good position.
Like I said in my introduction, we delayed some of the start of some to accommodate departments that had external inspections.
So quite rightly we would not be wanting to go and do audits that might fetter their ability to respond accordingly for an external
inspection
So don't know whether Andrew or Tony wanted to add anything further in relation to that
Terms of 610 days that that was the other part
The 1610 is confusing because that's not about the audit. That's how much total plan that goes in that includes some management oversight time
We're going out and doing reports to meetings.
It will include some of the time that we do on risk management.
There should be sufficient time in there to deliver those audits.
Yeah, you're saying we have got enough time, that sort of thing.
We've got the time, but whether or not we complete, because others might have had inspections, and
there might be other issues that are around it, it should not be the 1610s that have a significant impact on that plan.
If I can just, so I'll just add to that.
Yes, we have enough resource available in terms of numbers of days or money.
Resourcing is continuing to be challenging, although we have had some success in terms of recruitment recently.
And we have some recruitment operations going on at the moment,
which are looking good in terms of numbers of responses, and we have high hopes.
We continue to use agency staff and missiles to backfill where we have vacancies.
But every time someone leaves or someone leaves us unexpectedly, there's a gap, which we can't fill immediately.
So it is challenging.
The majority of the audit work is planned in, which is really positive.
What we can't foresee is changes either within our own team or within the teams that we're auditing.
So sometimes we go along to start an audit.
There's a key person that's away or has left, and that can make it challenging.
But we are, you know, we're on track as much as we can be.
So we're in a good place, I think.
However, I wouldn't want to say we're going to complete 100 percent of the plan.
We're looking at 90.
If we can get there, that would be good.
So that's where we are.
Can I just clarify, then, in terms of the order timetable, I hear what you're saying
about capacity.
I hear what you're saying about days, et cetera.
I was just wondering, what would be the impact?
And these are all bundled in their different audits, but what would be the impact of missing
one or two within the timetable, or them shifting dramatically by a quarter or two quarters?
So when it comes to the annual governance statement and the annual report, I have to
make a declaration that I'm comfortable that our control processes are satisfactory.
Again, similar to when Ben was here from EY, it's exception -based reporting.
We're quite guarded about exactly how we report, and we recognise that there will be weaknesses.
And if you're not testing all the,
and we don't test all the areas, this is,
you know, you think about the whole number
of services are provided, it is on a sample basis,
on a risk -based approach.
But if we missed one, two, five, 10 even,
I still should have sufficient in order to do it,
because if we were finding there were challenges,
or there were insufficient days, we would refocus.
This is a plan, this is not concrete and written.
We would re -prioritise those to ensure that those key areas would be tested.
Clearly, if we thought there was going to be a risk that we deferred things to,
too late, or we were seeing that there were key financial systems or other service areas that were fundamental,
that weren't tested, would put that at risk.
We would bring that to this committee and highlight where we're running before we got to that sort of stage.
We do not envisage when you look at the plan there that if we lost three, four, five of those,
it would have a material impact on us being able to give that overall opinion.
And that's what we're here for, really, and that ties back to obviously what you heard earlier
on the external orders to saying something very similar.
Councillor Critchard, you had a different question and then, was it you, Councillor Caddy, after that?
Right, two different, I'll deal with the fleet vehicles.
Council Cuddig mentioned that.
I think I would say one of the difficulties with what's been spotted with the fleet vehicles
is that this is the sort of possible board that members of the public will easily understand.
and sometimes those are almost more, sort of, the reputational risk is almost higher with those
than if it's millions and millions because nobody quite understood how you did it, but this is
something people can relate to. I just say I'm disappointed about the due date for the policy,
if that's holding it up. Are there any other, what else has been done to try and mitigate the
risk before we have the policies in place.
So what's management doing about the fleet vehicles now
to try and reduce the possible risk of exposure
to either fraud or even for employees unwittingly
ending up having a problem with HMRC?
Actually that was what I was gonna say,
page 28, recommendation due date,
and it talks exactly about P11Ds
in respect to the fleet vehicles
And recommendation due date is 15th of September.
And it says awaiting management response is not even a comment.
And then there's not a revised due date, which I'm just not sure is good enough.
Who'd like to answer?
There's a few things in there, isn't there?
So in terms of the P11Gs, so there is a process in place where, so
the payroll manager writes out to all assistant directors, get a memo each year.
Reminding them that P11D is a Jew and that they are responsible for.
Yeah, so they're responsible for.
So can you define what a P11 is?
Sorry? Can you define?
Sorry, so this is if you have a benefit.
So if for instance you have access to a pool car or something like that.
Assistant directors are asked by payroll to fill in a form or
to let them know if there's anyone in their team that fits that criteria.
So there is something in place.
So there was already a control in place.
It's unclear how, it was unclear as to whether
that was working in practise, I suppose.
I think what I'd also like to say is,
the audit didn't identify any significant wrong doing
or anything like that.
So what it identified was missing or weak controls.
It didn't find issues as a result of those weak controls
through sample testing, or certainly nothing significant.
The weaknesses in terms of not, you know,
control not being in place was significant enough for us to say that was a priority one recommendation.
But I just don't want members to think that actually we found huge issues at the time when we did the audit.
We found gaps that could result in issues.
So there's a difference, isn't there?
A subtle one, but it is a different.
Just to add to that, to give that further reassurance, I mean the type of issue that was being identified
is that there wouldn't necessarily been a log on where a vehicle was being kept overnight.
So if you've got a person who's starting to go to work first thing in the morning,
was the vehicle on site or was it staying out of their home?
There are some real technical issues with HMRC as to how frequently you can have a vehicle
in any one location for it to be deemed to be a general pull car or being deemed to be
something for which is assigned to an individual for them who then potentially could have P11D
issues.
So it's not saying there are fundamental problems and challenges.
It's saying that because the policy or the procedures didn't highlight exactly where
things needed to be and what records should have to be kept in order to do that, there
was potentially a risk that individuals could be exposed to tax liabilities, and that's
what this is referring to, rather than saying it's a car crash, no pun intended on there,
about it on that particular type of issue.
I'll pass over to the ex -liver man.
Yeah, I'd just like to put on record the concern around the single policy that's been raised
by both sides and request that at the next order meeting that we, if the policy is not
done, that we actually have the due date, a provision of due date agreed so that it's
actually in the record as to when it would be delivered.
Thank you.
Councillor Cady, you had a question always that –
No.
that great great just a clarification on a few days we agreed two days for
implementation of the finding then we also allowed twice to extend that but
there need to be a reason for it and the first time order to do the second time
then need to come to Andrew onto myself and then we decided we might decide not
to do or to extend it if we feel that something need to be already
implemented and therefore putting more pressure on the
auditees to address that by not extending them on due date.
I appreciate the clarification, however I think it would be
useful to enter feedback at the next audit committee as it has
been raised as an issue of considerable concern.
But thank you for the clarification, it's really useful.
Okay, if there are no other questions, Councillor Critchard.
The last one for me, page 11, there's been an audit on the Southwest London fraud partnership.
Could you tell us a little bit more about that?
It seems slightly strange for us to be an audit committee discussing fraud and you've
been audited.
Who would like to order on?
Sorry.
Sorry.
Kevin Holland, Assistant Director of Fraud and Risk.
So I look after the fraud partnership.
And yes, indeed, we did have – I was audited.
It was by Mazars, not one of Andrew's teams, so it's a separately independent audit.
And they went through the whole process to show whether,
how, as I say, I have my way of,
a resource given by each partner.
I then make sure that each partner
gets their fair share back.
It's not like audit, they're not commissioned
to set the number of days.
What's commissioned is a fraud response capability,
and fraud has its own lifestyle.
So they went through the records I have.
We have a time recording system for every case that we do
that goes down to each authority.
And we have our, what was it?
I don't know what a better word,
but for an overhead code, a piece of work
that might be shared, I have a basis, a calculation
of how that's then time is allocated to each partner.
So all that was reviewed by the auditors.
I apologise, I should have used that
or mentioned that in my report.
That's a remiss of me because it is dealt with.
The report didn't, it came up as
the procedures were satisfactory.
It did come up with some recommendations.
I think the key one that's in there is for me
the partnership agreement dates back to
when the partnership first started.
we've evolved a lot since then.
So it's just how, it isn't just title,
the functions have changed, so I need to go in there
and make sure that's up to date.
They were happy with how the partnership is scrutinised
through the shared service board,
but the shared service board didn't even exist
when the partnership was first drawn up.
It was referred to a different group of officers.
So they're happy the oversight scrutiny's there,
but the agreement's out to kill to it,
so I've got to do those updates.
They were happy with the accounting system that I have in place for recording time to
make sure each partner gets their fair share of the resource.
They did make some recommendations about some of our cases that have been open a long time.
So everyone is on that.
Some of those we were able to answer.
I think I'll mention again later on.
But Tennessee fraud cases now have to go through
the court process without closing the monthly case
is under the court actions taken, that can take years.
But others, there were cases in there
that had been open for far too long
and we didn't have a satisfactory update note.
So there were good reminders.
So it was a good rigour, a good challenge
for me to go through.
My background in audit was a good challenge
for the audit service.
But I'm happy with the outcome of the audit
that was in line with my expectations
and will report back to you in the report shortly.
Great, thank you for clarification.
If there are no more questions in this paper,
I'd like to move to the recommendations.
And is this report noted?
Great, thank you very much.
Moving on to the next paper, 25387,

4 Fraud Update 2025/26 (Paper No. 25-387)

which is around fraud.
Who's gonna speak to the paper?
So I'll give a very brief overview,
then I'll pass you over to Kevin
to go through a lot more of the detail.
So I think as you just heard, the team is part of a wider partnership, but the report
that you have in front of you focuses on the work that's undertaken in relation to this
authority.
So Table 1 in the report sets out what our key objectives are and the targets and the
progress that we're making to date on that.
And then table two summarises the levels of referrals
we've had to date and then comparing them
to the previous two years and breaks it down
into the type of work to give you a flavour
for the level of activity that's undertaken.
Obviously there is a lot more granular detail in there
in relation on table three with regards to properties,
notional savings, et cetera.
But I'll let, no doubt, the detailed questions
around how they've been calculated
and the sanctions and outcomes Kevin will be able to provide you more information on.
Kevin, anything you want to add?
Sorry, I think just for members' attention, I'll pass first.
There's a comment in paragraph 7 to a national government fraud survey.
We haven't had one since, I think, CIFA completed one in 2018.
That document came out just prior to the release of these papers.
So I've got to go through that document, and I hope perhaps to provide a summary for the committee and the future committee.
But there are just some of the key headlines very briefly mentioned in there.
One of the things it does mention has been the year of action from the fraud community,
but from all sectors in terms of the growth of spend in temporary accommodation.
Unfortunately, growth in spending in any particular area will attract attention to fraudsters,
so that's why the fraud community across the country, but very much across London, were
looking to see what we could do, what we could do to help identify and prevent fraud.
I did get some additional resource in to do work on that, and that's got two apprentices
is working very closely with the housing department
and the TA teams.
Technical accommodation.
I think there's a bit that I mentioned in the paragraph,
25, in terms of the use of artificial intelligence.
Obviously very topical across everyone's mind.
For fraud, it's a blessing and a curse at the same time.
So obviously, using AI, making better use of our data,
and decision making will be useful
to help identify trends and pick up fraud.
But also, it's a tool that will be commonly used
by the fraudster.
And unfortunately, fraud, it seems like a constant catch up
on fraud and the techniques that they come through.
A simple example I have that's been highlighted recently
is in use of applications.
So it was initially picked up by private sector
where they use AI to do the first screen
across applications for recruitment.
Well, in an application you can have hidden text.
So simply it could be just white text on a white page.
Human eye won't see it, won't read it.
But if you're scanning that document,
it will be read.
And you can simply put on there in the super code,
choose me, and that will propel that application.
So those are the simple things where we can happen.
But those are the things we're up against
and working alongside Andrew and his team
in terms of how and where we need to refine
our controls, our approach,
to deal with all the advancements in technology.
Thank you councillor Rigby. Yeah, thanks for that explanation on AI. I mean it is going to be the
greatest challenge to any council going forward and I'd like to see a bit more information coming
in in the next committees like how many times have we been you know how many AI scams have we
picked up, which departments are being targeted, what are the plans to identify it.
I mean, it's great that we're part of the government counter -fraud profession, but it's
going to escalate so quickly, and I think we need to just have more info about the plan
for it.
If I could respond in part to that.
So about the scams, the first point of attack would be,
say, scam emails coming through.
That would be something that's not done with my team at all,
but our IT department, their experts, and the firewalls
that councils have in place.
In terms of attack to an organisation this side,
it's probably tens of thousands every day that are blocked.
So the numbers are that high that we talk about.
In terms of myself and the fraud team and us preparing and
make sure we are best prepared for the changes that
a use of artificial intelligence brings.
Well, that's the benefit that we are one of the few councils who are members of the government's counter -fraud profession.
So in terms of the community, we've got a huge,
well -funded community behind us,
with the Public Sector Fraud Authority,
and we're first -hand to get hold of their information
on trends, new techniques, new attacks,
and also new ways to defend those.
So that's what we use to make sure we're prepared,
we're aware of, and we're constantly developing.
The actual attack side that most people will see
on will be IT enabled and those defences are dealt with by the IT services not
not by the fraud team. Thank you. Councillor Caddy. It's page 33 table 3 and I just
wondered if you could just briefly talk us through there are three areas which
seem to generate a lot less this year than they have in previous years. It was
housing applications removed and council tax,
but then sort of going the opposite way,
there's a huge saving on other this year
compared to previous years,
and I just wonder what was driving that.
Right, so the start and reverse around,
because that's the figure that caught my eye first.
So the other figure includes the notional savings
we've achieved through the use
of the National Fraud Initiative data batches.
and those are, they're saving figures that we are told to use under the National Fraud Initiative.
They are mostly, I would say, data cleansing rather than fraud cases, but that's what we're told to use.
So, a large bulk of that has come from the blue badges matched to deceased, which are still in circulation,
and waiting lists to deceased, which again are still in circulation.
The NFI cycle is a two -year cycle.
That's why you'll see the swings up and down on those in terms of how those numbers come
through.
Now, the other ones are on – just trying to catch up.
So you'll get right to buy.
Well, the right to buy threat is diminished
because the applications have dropped
and the size of discount doesn't track the same interest
for that false intent.
The...
Yeah.
So again, a large part of the
24, 25 figure will be some of those housing application numbers because it's a two -year
cycle.
We've already claimed some of those from the NFI side.
So the work we're doing now, we don't have that, but we do have a local London fraud
hub where, again, we've put our housing data in.
We will get those in early mid -January, so we'll do another cleanse through those.
So those are, perhaps resource -wise, with the, just some of the value of the discounts
are not as great as the interest in ours.
I think some of the the prior cases it's the figures there include the
Full savings that been achieved which include housing benefit on top of the council tax discount
It is something that
I think across the board. We're we're not getting as many referred to us directly and
Perhaps we're not being as product as we need to
But what the council does have in that area,
council taxes inverse discount,
we have a third party provider that also not only
does the data matching, they do the follow up work
and the recovery work.
And that's done by the service.
That's not in here, no.
Councillor Hedges and then Councillor Critchard
and then I'll try to draw this to a close.
Thank you, Chair.
A couple of questions.
One, if you're happy to take both of them together.
The first one is around temporary accommodation.
Obviously, this is a new figure here.
Just wondered if you had any benchmarking against any other London authorities.
And the other one is around the grants process,
given the fact that there's an increased number of pots now and larger sums of money are going out.
What cheques are in place to ensure that grants are used properly and not open to abuse and
fraud?
I'll take the first part of that.
Because this year is the first year, I think, that London and fraud have taken an active
role in looking at the fraud types in temporary accommodation.
We haven't yet got comparative figures.
So it's very topical. I'm a member of the group investigators in
London Barrow fraud investigators group on the exec board of that so I get first -hand information on what other colleagues are doing
So we don't have those comparators
but we are
the
Getting gaining much better understanding of the four types
So the four four types it isn't just the individuals that were placed in it's the providers. It's
We've asked for a self -contained unit
where we go out and do a visit,
we find that we've got a bedroom and a shared accommodation.
It's all those which are fraud types
where it's both the, potentially the providers
and the mixture of what the placements are.
As for the second one, and they checked the controls
as to what's it, I'll have to hand it across to
the cotter gang, because it's the service responsibility
and it's the audit reviews of that service area.
I mean, I can address those.
I mean, that would be standard and typical
where you would have an application process
and you'd expect them to have a set of criteria
for going through, but like many things,
there's always going to be room for somebody
challenging and potentially not providing
the full information, but it's on a risk -based approach.
Some grants and payments we'll be making out
will be relatively low level.
So it probably won't be much cheques at all,
if I'm brutally honest with you,
because the cost of putting controls in place
will potentially, A, put off people
from potentially applying for it
who we want to support and help and assist.
And secondly, the loss to the council at risk
will probably be relatively low
about putting the costs and controls in place.
If you've got a major multiple thousand pound approach,
you would then expect the control process
and the cheques and balances to be much higher.
Councillor Ruby, is this in direct relation to this?
Yes, it's about the grants because obviously we have the grant scrutiny committee where it's really important that the Councillors are
scrutinised it and helping to you know add that extra layer and I would like it noted that it has been
disappointing that over the last few meetings that
Councillor Daniel Hamilton and Councillor Angela Graham have not been coming to those meetings and
So that the proper level of scrutiny is is just not there right now
It's not the actual initial awarding, I was thinking it's more of the post as in how do
we know that that organisation, and you know, there's some really great organisations.
This is no criticism.
It's just that, say, for new ones coming along, how do we know that that money is being spent
on what we've all agreed at the committee?
So it's more after the event of the scrutiny committee.
Thank you.
Can I make a suggestion as this is directly related to some of that aspect is that we take that back to the
Grants committee in the first instance
We can we can I think would be I'm happy to liaise with the chair and make sure that we get we get feedback on
That one I think and then if we if we're unhappy with that response then we can come back and bring it up here
But I understand what you're saying, but I think we need to challenge we need to go back to that level first rather than coming
Okay, well I don't remember you raising it in the last couple of meetings when that when I've been present so
Yeah, we can we can do it at that level
Council Chris short yeah
I'm just gonna see going back to the temporary accommodation when I first looked at this
I thought, well we've done 140 last year, the target was 145 with five, sorry 485 visits
and five placements to be cancelled.
We've done 343 and three.
So I sat there going, seems like a big waste, you know, seems like that might not be the
best use of resource until I got to the point where I realised that the visits actually
pick up whether or not people are in suitable accommodation.
and I think that there must be also a bit if you're a person who's a vulnerable person
placed in temporary accommodation, you're probably terribly anxious about actually saying
hang on a minute I was supposed to have this but now I've got something different.
And I just wanted to say it seems to me the visits then, even if it's only a few families
that were picking up or a few people, they must be very worthwhile on a different level
as well as with the fraud?
If I could, yes.
So we've already had, I think,
three safeguarding, at least three safeguarding referrals
out of those.
And that's the team resource I have
were new apprentices fresh into work.
They have gone through a fairly quick learning cycle
and therefore when they are doing the visits now
they are finding out a lot more.
And it's the placements.
So we are spread, the placements are spread across London
and some of the home counties of its species.
So sometimes it may be just one visit in a day.
They go out in pairs.
It's very labour intensive, but sometimes it's the first time that that person or that
establishment has been visited.
And as you say, the department, no, they cannot rely totally on the individual place there
to complain, because some of them, as you point out, are vulnerable.
They just take it that that's what they've given them and that's what they've got to
put up with.
So therefore, the visits have that value.
It is bits on condition, it is bits about the provider making sure that we are paying for what we've requested.
There have been things which we picked up with Spotty which are just anomalies of corrections.
So you might think, one, we found where the placement was in a large front bedroom of a property.
But they were then in what appeared to be a smaller rear
being with the property.
There was no issue with that.
The request had come from the placement
because of their working out and the noise disruption.
So they asked if they could be moved to the rear house
and that provider had tried to accommodate that.
But the paperwork that hadn't come through to correct it.
But those are just sort of things that just picked up.
You can't pick up remotely, so it's picked those up.
Can I ask a follow -up question to just around the resource?
So you said it's very labour intensive.
I just wondered if that's something that we, where the resource comes from, whether it
comes from housing, and that it will hopefully continue, because obviously it's got a double
benefit of picking up where we as the Council have been sold up almost by a, somebody who's
but equally supporting those families that are in temporary accommodation and as we know could be there for some time.
I can answer that one, for the housing and housing service because they,
one of my officers was on interview panels last week.
So they have created and are resourcing their own visiting scheme that will pick up the condition, the welfare and the occupancy cheques.
So that is being, the resources there for that,
so there will be some more of that work done.
And the resources that I have is for two years.
I always said the start of it would be
the verification cheques, but as we progress and develop,
we will then come across more of,
shall we say, the fraud issues,
and we will get more heavily involved in those.
So it's good to see that housing responded
by replacing what we had, and more so
In terms of numbers are going with a visitor team so they can continue with that work
Thank you for that and just for the record if we can note down that
Councillor hedges and myself will pick up with the grants team the question that's actually arisen from from her in relation to this
So, thank you. I'm gonna bring this in this. It's a really a
Big question. I'm going to I'd like to bring this to a close
this is
Councillor Edges?
It's just a quick one.
It was on page 37, the top fraud investigation awareness and prevention.
Obviously, the amount has gone up slightly.
It was just a question around value for money.
Do you think we're getting a good return for taxpayers on that?
Oh, I had to answer that.
I could answer it yes because of the audit I had.
So they think that that's delivered a good service,
so there's that side of it.
It's unfortunate that Fanella Mary isn't here.
She sits on the shared service board,
so she's the one who holds me to account on your behalf
in terms of what's delivered.
And in terms of the workload I get through,
I mentioned that there's the NAFI report, the National Anti -Fraud Network report, so
the first survey in years in terms of comparing what local authorities do.
I've looked through some of their headline figures, and I know we compare favourably with
those in terms of the return that is given to the authorities that we work for compared
to the resources going.
And just to add to that again, I'm not going to give a direct answer because it wouldn't
be right bearing in mind it's in my division but I will highlight that you
know if we're talking about ensuring and evidence in that we are efficient in the
approach that we do it this is a shared partnership which we host and lead upon
so Kevin's time is not spread and cost adjusted this borough it's spread across
five and that's where we learn from the benefits across how we operate and how
we can get those efficiencies and effectiveness so without giving you a
answer hopefully that can provide that reassurance great thank you counsellors
bring this to a close the recommendations that we know we note
this report this is report noted yep thank you very much but moving on to the

5 Annual Review of Risk Management (paper No. 25-388)

final paper paper 225 388 Paul are you talking to this thank you chair so I
will be brief because this is something that we agreed right from the outset
when we revised our approach to risk management.
And we said we'd give you an update
about what we've done once we've undertaken the review
and what we think the next steps are going to be.
So this paper is really highlighting where we were,
shows the recommendations,
and then we set out what the next steps are.
So just briefly, just to state, historically,
we operated on a basis where there would only be
Two reports that we go through to board
for them to oversee and look at where things are
on risk management.
It focused primarily on key strategic risk specialists
and the evidence about how things were done in between
was limited.
So what we're moving towards now
is trying to find a solution whereby we can demonstrate
in evidence that risk is dealt with at the key stage area,
So that's at service level and dealing with the division of directors.
Then looking at it how the executive directors can oversee for
their own departments before you get to that final stage, which is where we would normally focus in on, which is that corporate risk register.
So you could see the flow going up to how it got built,
rather than it just being a paper that landed at the director's board to come up with a number that came to here.
So this is now progressing that and to evidence in which may or may not have happened before.
I'm not gonna say whether it was or wasn't,
because we can't evidence that it was.
But there'll be four reports that will go to
director's boards that will feed in
from those sort of key elements.
So dealt with by divisional directors
before it goes to the exec directors.
The way that it'll be done is we know that
it's currently been on a paper -based exercise.
That's not going to be able to be
most efficient and effective.
So we are currently working with the IT team
to come up with a digital format.
So first iteration of it is gonna be intensive.
We're not gonna shy away from that
because people are gonna have to load it on first time.
But thereafter we should be able to show the flow,
the changes and the direction of travel.
And you'll see in the appendix down the bottom,
we just did a snapshot of what it may look like.
That's not what it probably will
because that's not a building complete
and it's in an Excel format which probably isn't what IT like
but it's just trying to show you the flavour
of where it's gonna be,
that people are going to have to have their inherent risk, look at what the controls are being put in place,
what's residual, show the direction of travel, that's at the lower end, that will then get escalated up to the directors.
Obviously, I'll have a load for my division, but there's three divisions in
finance alone, so what would land on the finance risk register will be much lower,
frequency number, but more
relevant for at a departmental level, and similarly that will then get escalated up to the corporate level
when it lands on the corporate risk register.
So that's the flow and the paper outlines obviously that in a bit more detail.
And as for next steps about where we go, so that was all ratified by the executive directors.
They've all engaged with it, they're all involved, service leads are involved, so we took the
feedback from them all.
So unsurprisingly, they're all fully supportive of it.
So the next step for us is A, just to let you know exactly how we've come to this conclusion
and bring it here to make sure that this is what you,
what we said we were going to do.
You're happy that that is what we've done
and where we take it to the next steps.
If that is the case, we will continue to build
that platform with IT.
We will seek to get some initial training,
which we've already put in train.
With our insurance team, they're able to provide
some risk training with one of our partners,
which we will give to executive directors,
and then we'll be looking at rolling out
a much broader approach for service leads.
And to give you some more detail around
when we think and anticipate those types of things
might be happening, within the next sort of two months,
so by the end of January, we will be hoping
to have that initial training with our executive board.
We will then be looking at putting together,
and it won't be the digital format,
but have a base for us to work on
what the new strategic risks will be in January,
with a view to doing some testing with IT
during the course of January and February on that platform.
So we can start rolling out what things would look like
in April, and it can get reported here
for the July Audit Committee,
because it will need time for it to be uploaded,
embedded in, and we haven't got that document,
because until we got the approvals
from both yourselves and your Richmond counterparts that they're happy with
this is going to be the revised approach we can't fully concretely deal with that
so that's it in a nutshell of our updating what we've done during the last
time we said we're going to do we think we've delivered on what we said we would
hopefully you will agree and you'll see the platform for where we're looking to
build upon going forward. If I come to Councillor Hidgens can I just ask for a
In terms of the timeline, you're saying July.
On the page 42 here, you've got the strategy for approval coming to the Order Committee
in March and April.
So I'll clarify that point.
So what we're saying is that you're not going to see that digital format and everything
in its exact finalisation until we get to that stage where you can upload it at all.
In January, we're looking to envisage having what those headline corporate elements will
So we can bring something back and give you an update about where we are, but we're not
going to start seeing the movement and the flow like you saw in that appendix with everything
laid out and any updates that you would want.
We're unlikely to be there until July.
July is a stretch, but we're trying to deliver as quickly as we possibly can.
And you have an audit committee in July, which is an annual report, so that we're hoping
to be able to give you something more detailed because if we're having quarterly meetings,
There should be one being done around the June time.
Hopefully that will be timely, unless it may only be in a draught format, but we can give
you a much more detailed revision of what you're seeing here today.
Mr. Hedges.
Thank you, Chair.
This looks amazing.
I really like the digital risk register.
Just a really minor question.
Have you linked in with the transformation programme on this?
Because I know they're doing really good work, the team are doing good work around how you
can improve internal efficiencies?
They will be, it'll be like the hold of risk
and everything else, but Sam Olson,
at the start we spoke to Sam,
and Sam was part of the processes,
like most of the EDs were.
All of the teams we engaged with,
so between Kevin, Andrew, and myself,
we went out to all of the directors,
and we liaised with them as to who they wanted
to be involved in the process.
So every single service director has had the opportunity
to contribute and put what they liked about the current arrangement, what changes they
would like to see made, how to make it more effective and efficient.
But that's also why we are not pre -setting exactly what that document will look like.
We know IT are a much better place to help us shape about how can we get the roll -on
from step one to step two to step three in the most effective manner.
So once it's loaded on once,
it requires the least amount of time for some to review.
Bear in mind, they're gonna be reviewing it
four times a year.
They should've been doing that anyway,
because risk should be iterative.
It shouldn't just be done once and then put it away
and then come back to it.
So yes, we are engaging with not just transformation,
but we've engaged with all parts of the authority
to get to where we are today.
Any other questions?
Councillor Critchard.
Yeah, thank you.
The one thing I'd say, Mr. Giuliani, as I sort of read this and realised there was actually
probably an awful lot more underneath the paper and I probably commented and I may have
missed something because I missed the last meeting, I wasn't on the committee the last
time round. But I would have liked to have a bit more explanation about what had happened
and what had gone before in this. My question is a bit about where's budget coming from
for it and the time scales. I think you've sort of covered it here but a timeline would
be good, would be good. And you've also mentioned strengthened member engagement. I just wondered
what that's looking like and how it's going to happen as well. So, as I say, budget and
the time scales, where's the budget? How does not having a proper, a sort of a more obvious
timeline and how a member is going to get involved.
Okay, so I'll start with the timeline, that's what I just gave an update on the timeline
in my initial starting point with regards to…
I think what I'd say is I'd appreciate it having it as a timeline.
I acknowledge that and so sorry for that, that's why we obviously mentioned that in
part of the preamble to this.
Budget – there is no budget because risk management is already embedded into people's
processes and everything else.
We're working with our own internal IT to develop that particular individual system.
The training initially we're getting is part of the contract negotiations we did at the
beginning with regards to added social value.
So we've been able to bring this in at presently within existing arrangements.
Now clearly, if this evolves and if this develops and it's identifying new things going forward,
then I'll be going to Fanello and asking for some additional money.
But risk management, this is not changing.
And in saying to people, you need to be doing more than what you're doing.
This is providing the evidence that we are managing our risk more effectively.
And we're seeing it, because risk management is not new.
This isn't something new that we're bringing in.
What we're bringing in is evidencing the process about what it is that we should
and have been doing before.
Sorry, can I just come back on that?
Yeah, okay, I understand.
So the aim is actually the budget is managed within existing budgets unless it turns out,
for example, that we actually need to totally new IT system and everyone goes, well, hang
on a minute, we can't do that.
So the budget is managed within existing as quite often happens in finance when we're
looking at new initiatives, yeah?
Not quite because what I'm saying is that this isn't something fresh where you'd have
allocated budget for risk management. All service directors are responsible for managing
their budget. We've got the process currently at the moment whereby we're sending out a
manual document for them to fill out twice a year. We're then asking 18 people to deliver
a report that's on paper that goes on strategic risk. We've been in the idea of strategic
risk because we're saying that's been developed at the idea of it starting and ending with
director's board rather than evidence in that it's a bottom -up approach.
Because if you're coming up and saying cyber risk, which I'll use as an example, that's
landed and is out there on a corporate level.
What this is not what this is saying is showing more evidence, like it does in most other
authorities, that we can show that it's a more regular update with a more detail about
your inherent and your residual risk.
So when you talk about member engagement, we're going to be able to showing you the
direction of travel, where it's moved and how things have gone on in relation to those
core elements. So you have more oversight and you can see for yourselves, do you support
on whether or not those risks have moved or should have moved if they haven't moved?
I think what I hear from Councillor Cushard though is that with all the best will in the
world we've all been through processes of development where we know things don't go
according to plan, I suppose, in terms of risk management,
it would have been, I would have liked to have seen
something, is there a contingency budget set aside
just in case things go wrong, because not everything
will be able to be, you know, things don't run
according to plan.
If you say that they do, then I think that we are all naive
around this table, and I think what we want is the
reassurance that in terms of the risk assessments of this,
that to recognise that there could be things that go wrong,
and what is the plan around that, and is there a provisional
budget that we can draw upon should things actually not follow in sequential order that
you have expected.
I'll stand by.
There is no residual budget because this is not on about doing something new.
This is all about evidence in what we've done to date.
The reassurance that we have been given is if, as a result of this, what we're seeing
is we're getting more information that people will then turn around and asking us to do
significantly additional levels of work because it's highlighting issues and say we need more.
This is really great.
Can you do some deep dives into that, which it might flesh out, then we will revisit that.
We've been given assurance from the executive director of finance from Fanella that, you
know, if it then transpires that this is what is needed in order to deliver it, they will
look at the budget.
The fact that you've got the chief exec is keen to be involved in the process and seeing
it operated and is bringing in a governance board where this will be seen at more detail.
I think I can give the assurance that it will have the traction that if as a result there
is additional levels of work that gets identified, it will be there.
But the reason why I'm saying there's no budget for it is I want to stem any query or question
that we weren't doing with management before.
If I'm saying we need budget, more and more budgets in order to do this, well the key
question would be is well what were you doing before?
Why do you need more money?
We don't need more money to do what we should have been doing originally.
What might come out from it is we might be given more information, which then means that
we want to do more deep dives and do additional work.
That will be addition to what we've got to date.
This is not about having loads of additional elements.
This is because the discussion points will be at your senior management team meetings.
They take place already.
It's looking at how you prioritise your agenda and how you prioritise your time.
That initial starting point, loading it on, will be the additional level of work.
That's a one -off time, which is officer's time, people like me, where you're expected to work in order to get your levels up to date.
That is where you've got that extra resource requirement.
That is the managing within your own time.
Afterwards, this is what should have been going on already.
What we're saying is this gives the tool to make that conversation easier rather than it being on a piece of paper.
I understand what you're saying.
I think a couple of myself and one of the members of the board have raised an issue
of concern and would be useful then at the next order committee meeting to have a very
brief feedback as to where we are in relation to the steps.
Can I ask one other thing?
Obviously it says involve members in the review process and training on interpreting risk
data.
Which meeting do we get the risk register at?
I can't remember.
Well that might be why we say more engagement.
At the moment you get it once a year.
That's one of the things we were saying about once you see what it's like how frequently
do you want to see things and we can amend.
We meet here every time.
If we're getting quarterly reports going through to a new governance board we're going to have
more fresher and more updated information for you to be able to see.
This is where you can help shape the agenda of this committee.
That's what we're saying about engaging with you and giving you more opportunities to do
it.
But it shouldn't be a tick box exercise.
if it's coming here, if you're doing it every time,
why are you gonna say every time,
what you're gonna comment upon,
I'll be pushing back to yourselves.
What is it, if you're gonna have it,
it needs to be meaningful.
But that's when, until you see what it is
and what you won't know, and I can't commit
to getting anything, and that's why I'm saying that July
is when we're envisaging we can have something
that might be more meaningful for you to actually see,
to understand how you want to utilise that information.
Because you might decide, actually,
these are some key issues and some key risks in here,
And that might warrant actually refocusing the audit plan.
It might warrant actually saying, do you know what, we've got some key issues.
Who is responsible for tackling that risk?
If it's not moving, we're seeing an upward trajectory, do you want to bring someone in
here to give you that reassurance?
We won't know any of that until you start seeing it and you can feel how it looks.
That's why I'm not trying to be dismissive.
I'm just being open and honest about where we are and where the direction of travel we're
looking to go.
And I welcome that feedback.
And just from the Chair's point of view, I welcome this development.
I think it's a good way forward.
And I can see a lot of thought has been put into it.
So I welcome that from all of those concerned.
And I think it will be helpful for members as it rolls out to see how it's going.
And I think it has a lot of potential.
So thank you for the work that's been done on this.
Any other questions on this?
Okay.
The recommendation is to approve the next steps for updating the risk management approach.
Are we holding agreement?
Great.
Thank you very much.
As far as I'm aware, there's nothing else on the agenda, so I'll declare the meeting
closed and thank you for everybody for attending.
Thank you to all the officers and the members of staff who aren't here for the amount of
work that's been done tonight in preparing for these and the amount of work that's been
done in the – that's reflected in these papers.
So thank you very much.
Thank you.