Meetings

Assembly Commission Governance

This page gives details of any meetings held which will, or did, discuss the matter, and includes links to the relevant Papers, Agendas and Minutes.

Note: Meeting Agenda can change at short notice. Particularly where future meeting dates are indicated more than a week in advance. Please check before planning to attend a Committee Meeting that the item you are interested in has not been moved.

Meeting: 15/06/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 7)

Critical examination of a risk of issue - the Commission's response to Coronavirus (Covid-19)

Supporting documents:

  • Restricted enclosure 2

Minutes:

ARAC (03-20) Paper 7 – Emerging from Lockdown

7.1         Dave presented the paper, which provided an update on the Commission’s arrangements in response to the Covid-19 pandemic as well as setting out the aims, principles and working assumptions that would guide the preparations for a return to the estate (RTE). In addition, Dave outlined the streams of work being undertaking to ensure that when required to do so, RTE could happen effectively and safely and that learning and lessons for the future were captured.

7.2         The Committee heard that the Commission had shown great adaptability in providing virtual Plenary sessions over the lockdown period. As part of the RTE work, the prospect of hybrid Plenary sessions made up of a percentage of Members in physical attendance and others remotely participating was being considered. Alongside this, consideration was being given to implementing a bespoke voting application, which had been developed in-house and would enable Members of the Senedd to cast votes remotely.

7.3         Committee Chairs continued to provide positive feedback on the ability to conduct virtual meetings, with business scheduled until the end of term. Business Committee were due to consider options for conducting essential Senedd business during the summer recess. Alongside this, physical work to get the estate ready for occupancy had taken place, including the installation of clear signage for staff and increased numbers of sanitisation points throughout the estate.

7.4         Underpinning this work was ensuring that staff, Members of the Senedd and their staff remained regularly updated. Arwyn informed the Committee that an internal staff communications group, involving members of the Commission’s Leadership Team, had been created and which met on a daily basis to coordinate communications and messaging. A recent virtual all staff session hosted by Manon and the directors had received positive feedback, with a high staff attendance figure. With the RTE proposals taking shape, communications activity would increase to help ease any staff anxiety.

7.5         Gareth informed the Committee that, as Head of Governance, his role was to continue to ensure that governance principles were being adhered to throughout the decision making process. He added that he was also carrying out a piece of work to capture lessons learned across each of the other workstreams.

7.6         In response to questions from Ann around identifying those members of staff who might require additional support before returning to the estate, Dave assured the Committee that work had taken place on identifying those staff who may require additional support in the transition back to the workplace.

7.7        The Chair thanked Dave for the thorough paper and acknowledged the scale of the challenge ahead for the Commission’s Executive Board in ensuring that any potential return to the estate is managed effectively, but was reassured by the update provided.


Meeting: 15/06/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Governance and Assurance Update Report

Supporting documents:

  • Restricted enclosure 5
  • Restricted enclosure 6

Minutes:

ARAC (03-20) Paper 3 – G&A update report 

ARAC (03-20) Paper 3 Annex A - IASAB

3.1        Gareth Watts introduced his report and described his continued involvement in the Commission’s response to the Covid-19 pandemic. He was now also the lead in the   governance and assurance workstream of plans to return to the estate. Despite the disruption to his original internal audit plans caused by these commitments, Gareth provided assurance to the Committee by outlining how his team had maintained a sharp focus on governance and assurance. He described how, for example they had continued to ensure that: the risk management processes remained robust; Freedom of Information requests were replied to within deadlines; colleagues were supported on producing privacy notices and data protection queries; and that the Annual Governance Statement and Annual Report narrative sections had been completed to a very high standard and to challenging deadlines.

3.2        Gareth added that he would be engaging with TIAA (out-sourced internal audit partners) to identify areas that could be audited ‘virtually’ and would update the Committee accordingly.

3.3        Gareth referred to the information paper on ‘Conformance with the PSIAS during the coronavirus pandemic’ which had been recently produced by the Internal Audit Standards Advisory Board, and which was tabled at Annex A to this paper, and advised that he would share with the Committee a further information paper on ‘how internal auditors are doing things differently during the pandemic’ which was due to be issued shortly.

Action

(3.3) Gareth Watts to circulate additional IASAB/CIPFA information paper when issued.


Meeting: 15/06/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Commission's approach to election planning

Supporting documents:

  • Restricted enclosure 9

Minutes:

ARAC (03-20) Paper 10 – Planning for the 2021 Senedd Elections

10.1       Sulafa Thomas, Head of Commission and Member Support, introduced the paper and provided the Committee with an outline of the Commission’s approach to preparations for the next Senedd elections in May 2021. The paper included an overview of the risks to the Senedd’s reputation involving dissolution of the Fifth Senedd and its transition to the Sixth Senedd.

10.2       In responding to questions around the potential turnover of Members, Sulafa explained that preparations would be broad enough to cope with whatever happened, and explained that the turnover levels had been quite high in previous elections. In relation to the recording of the Commission’s physical assets during the transition period, Sulafa informed the Committee that an asset register was kept by the Members Business Support Team. Gareth also informed the Committee that an audit of fixed assets had been scheduled in the 19-20 Audit Plan, however the timing of the audit might change due to the Covid-19 pandemic.

10.3       In response to questions from Aled relating to the budget details in the paper, Sulafa explained that staff costs relating to the Royal Opening would be adjusted to reflect the different approach. Dave Tosh explained that the costs associated with office reconfiguration related to a need for more flexible and efficient use of office space to accommodate any potential changes in political party configurations as a result of the election.

10.4       The Committee discussed its role in the election planning process and asked to be provided with updates as work evolved, to provide assurance that risks relating to the election were being suitably managed.

10.5       The Chair thanked Sulafa for the comprehensive paper and thorough overview and indicated that further discussions on the Commission’s approach to election planning work would take place informally out of meeting, ahead of a formal discussion at the Autumn meeting.

Actions

·         (10.4) ARAC to receive regular updates on Sixth Senedd election planning with a formal update at the autumn meeting.

·         (10.5) ARAC members to discuss election planning informally and out of committee, to inform formal discussion at the autumn meeting.


Meeting: 15/06/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Commission's Annual Report and Statement of Accounts 2019-20

Supporting documents:

  • Restricted enclosure 12

Minutes:

ARAC (03-20) Paper 5 – Annual Report and Accounts 2019-20

ARAC (03-20) Paper 5 Annex A – Annual Report and Accounts 2019-20  

5.1         The Committee noted how impressed they were with the format, content and accuracy of the Annual Report and Accounts, especially as the timescale for its production had been brought forward this year, and given the disruption caused by the Covid-19 pandemic. They were also impressed with the quality of its production, especially given the small team involved.

5.2         The Committee recommended to the Accounting Officer that the financial statements for 2019-20 should be signed. The Assistant Auditor General would add his electronic signature and the report would be laid and published.

5.3         Committee members asked about possible media attention following publication of the report and how best to publicise the work of the Senedd. In response, Arwyn advised that discussions were already being held with the media to highlight positive stories, such as significant reductions in our carbon footprint, but acknowledged the difficulties in capturing the interest of the public with the focus still primarily on Covid-19 related stories.

5.4         The Chair thanked everyone for their contributions and encouraged officials consider how to use the report throughout the year to promote and highlight the work of the Senedd. It was agreed that the Committee would also return to this in the autumn.   

Action

(5.4) ARAC to review in the autumn, ways in which the Annual Report and Accounts can be used to promote the work of the Senedd throughout the year.


Meeting: 27/04/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Internal Audit Charter and Internal Audit's compliance with Public Sector Internal Audit Standard (PSIAS)

Supporting documents:

  • Restricted enclosure 15
  • Restricted enclosure 16

Minutes:

6.1        The Committee noted and thanked Gareth for his paper which outlined compliance with the Public Sector Internal Audit Standard (PSIAS) and contained the Internal Audit Charter.

6.2        In relation to the Internal Audit Charter, the Chair noted that he would discuss development opportunities with Gareth, as part of his ongoing Continuing Professional Development (CPD) as Head of Internal Audit.

Action:

(6.2) Chair to discuss continuing professional development for Head of Internal Audit with Gareth.


Meeting: 27/04/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 4)

Internal Audit Annual Report and Opinion for 2019-20

Supporting documents:

  • Restricted enclosure 19

Minutes:

ACARAC (02-20) Paper 4 - Internal Audit Annual Report and Opinion for 2019-20

4.1        Gareth outlined the Internal Audit Annual Report and Opinion for 2019-20 noting that, although he had been unable to complete parts of the agreed internal audit plan for the year, he was still able to issue a moderate opinion on the adequacy and effectiveness of the Assembly Commission’s framework of governance, risk management and internal control.

4.2        Gareth added that this was, in part, due to the continued healthy culture of engagement with internal audit by service areas, with management responding positively to recommendations made and their implementation.

4.3        The Committee noted the report and thanked Gareth for his work over the year.


Meeting: 27/04/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Senior Information Risk Owner (SIRO) Annual Report

Minutes:

ACARAC (02-20) Paper 11 – SIRO Annual Report

11.1     Dave introduced the paper, outlining the challenges faced over the year, mainly relating to continuity of staffing in the area of data protection over the period.

11.2     Dave advised that, despite the challenges, progress had been made in areas such as revising the Data Protection policy. He also praised the work of Nisha Jadva, the temporary Data Protection Officer in engaging well with service areas across the organisation and with Assembly Members’ support staff to further enhance awareness. He added that the need for ongoing, additional resilience in this area had been recognised.

11.3     In response to questions from Chair about the management of Subject Access Requests (SARs), Dave explained the challenges faced by the Commission in dealing effectively with the increasing volume and complicated nature of the requests. He added that, whilst there were clear processes for handling SARs these would be kept under review.

11.4     In the context of data risk management, Ann highlighted the need to consider how external forces could impact on the organisation and not to be driven just by process. Dave advised that this was already being taken into account as part of Executive Board horizon scanning discussions in this area.

11.5     Dave also highlighted several organisation-wide software changes which had taken place, including migrating to Sharepoint and Office 365, as well as the introduction of Microsoft Teams, each bringing challenges from an information governance perspective.

11.6     Sharepoint was due for rollout to Assembly Members and Suzy asked for an update on plans for migrating information and the protective marking scheme. Dave informed the Committee of the ongoing work to ensure the platforms used worked for both the Commission and Assembly Members and acknowledged the balance to be struck between protection of information and supporting the ability of Assembly Members to engage effectively with the public.

11.7     In response to a question from Aled around archiving and specifically on collaborating with the National Library of Wales, Dave agreed to provide an update.

11.8     Committee members were content with the paper and thanked Dave for the update.

Actions

·         (11.2) Dave to share revised Data Protection Policy with Committee members 

·         (11.5) Dave to discuss with Aled the Commission’s approach to archiving, in particular any future plans to work with National Library of Wales


Meeting: 27/04/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Commission's draft Annual Report and Accounts and Governance Statement for 2019-20

Supporting documents:

  • Restricted enclosure 24
  • Restricted enclosure 25
  • Restricted enclosure 26
  • Restricted enclosure 27

Minutes:

ACARAC (02-20) Paper 10 – Draft Annual Report and Accounts

ACARAC (02-20) Paper 10 Annex A – Annual Report narrative (including KPI report)

ACARAC (02-20) Paper 10 Annex B – draft Statement of Accounts

ACARAC (02-20) Paper 10 Annex C – draft Governance Statement

10.1     Nia outlined the overall approach taken for the 2019-20 draft Annual Report and Accounts. In terms of the Accounts section (Annex B), Nia reported that, despite the current circumstances, the Commission anticipated meeting its underspend targets.

10.2     The Chair thanked Nia for the update on the accounts and invited Arwyn to outline the narrative document (Annex A), suggesting that detailed comments on which should be sent to him after the meeting. Arwyn explained the process for compiling the narrative, thanking colleagues, and in particular Victoria Paris for their considerable efforts to date and noted that contributions from some service areas were to follow.

10.3     Comments from Committee members would be captured separately by the clerking team and would be considered for incorporation into the narrative. A deadline for any further comments would be set due to the tight timescales for production of the final report.

10.4     Suzy referenced Laura McAllister’s report on Assembly Reform and the Committee discussed whether the Annual Report should include reference to the recommendations which had not been taken forward and the steps taken by the Commission to mitigate this. It was agreed that further discussions on this would be held out of committee.

10.5     Committee members and officials discussed the presentation of the KPI around international engagement, specifically whether Committee visits should also be incorporated.

10.6     The Chair thanked officials for the work that had gone into preparing the draft report, noting the high standard throughout.

10.7     The Committee considered the draft Governance Statement and noted that, as this was an early draft, there were gaps where contributions from relevant officials were to follow. The Chair commented on the importance of the document in a governance context and commended officials for work done on it to date.

10.8     Suzy suggested officials consider inserting a footnote within the draft Governance Statement, to provide clarity on references to the Commission’s heads of service.

Actions

·         (10.3) Kathryn to capture and share comments provided on the narrative of the Annual Report and the Governance Statement 

·         (10.3) Bob to advise on timings for further comments to be provided by Committee members on the narrative of the Annual Report and the Governance Statement 

·         (10.4) Arwyn to consider how to capture ways in which we have mitigated against not taking forward some recommendations in Laura McAllister’s report


Meeting: 27/04/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Internal Audit Fraud Report

Supporting documents:

  • Restricted enclosure 30

Minutes:

ACARAC (02-20) Paper 5 - Internal Audit Fraud Report

5.1        Gareth presented the Internal Audit Fraud Report to the committee and invited comments. Responding to questions about why there were no apparent attempts of fraud reported, Gareth acknowledged that the Commission had robust controls in place which had taken account of lessons learned from a previous experience. He added that further assurances were provided by the ongoing sharing of intelligence on fraud occurrences by external partners including Audit Wales.

5.2        In response to questions around possible additional exposure to fraud risks as a result of the Covid-19 pandemic, Gareth provided assurance that the Commission was alert to these risks and offered to share a recent CIPFA report on fraud in local government for further information.

5.3        Committee members were reassured that assets taken from the office by staff to facilitate working at home during the Covid-19 pandemic had been logged and that an annual audit of all assets was carried out.

5.4        The Committee noted the report and thanked Gareth for the additional assurances provided.

Action:

(5.2) Gareth to share CIPFA report on fraud in local government with ACARAC members.


Meeting: 27/04/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Governance and Assurance Update Report

Supporting documents:

  • Restricted enclosure 33

Minutes:

ACARAC (01-20) Paper 3 – G&A update report 

3.1        Gareth Watts introduced the report, which provided the Committee with an update on recent Governance and Assurance work, including heavy involvement with the Commission’s business continuity planning arrangements relating to the recent Covid-19 pandemic. He highlighted the following areas of progress:

·         preparation of the first draft of the Annual Report and Accounts for 2019-20, which was being presented to the Committee at this meeting;

·         completion of the internal audit review on cyber security, which was circulated out of committee, and recorded a moderate assurance rating;

·         completion of the audit on project governance, which would be shared with the Committee shortly and had also recorded a moderate assurance rating;

·         work on a review of compliance with the Official Languages Scheme in which, due to the Covid-19 outbreak he had taken a different approach to that planned. This had involved discussions with colleagues in the Translation and Reporting Service whereby he was able to obtain assurance and good evidence of compliance, including through a Memorandum of Understanding between the Commission and the Welsh Language Commissioner. A paper covering the findings of the review would be shared with the Committee in due course: and

·         Victoria Paris’ successful completion of the Certified Internal Audit examinations.

3.2        Gareth explained that, due to difficulties presented by remote working, the planned audit on the Research Service would be delayed and that further consideration was being given to the viability of carrying out the audit on Members’ Expenses for 2019-20.

3.3        Committee members enquired about the recent Audit Wales report on Counter-Fraud Arrangements in the Welsh Public Sector and officials agreed to circulate this.

3.4        The Chair thanked Gareth for the update and Committee members welcomed his pragmatic approach to the prioritisation of work, given the circumstances.

3.5        In response to questions from Ann about the impact of delaying the audit of Members’ expenses and whether there were technological solutions in place to mitigate this, Gareth informed the Committee this was not possible at this time due to the processed involved. He added that discussions with Audit Wales and colleagues in Members’ Business Support were taking place to be in a position to provide minimal assurance for 2019-20. The Chair highlighted that the planned briefing on Members’ expenses would help to provide Committee members with a greater understanding of the processes in place.

3.6        In relation to questions about use of technology, Aled asked for clarification on rationale for the prominent use of Zoom video conferencing software over other technologies available on the market. In response Dave and Manon explained that Zoom had been chosen as it was able to facilitate the legal obligation to provide simultaneous translation for official Assembly business. It also had other useful features, including the ability to display a higher number participants on the screen than other platforms.

3.7        Responding to requests for an update on the theft of camera equipment during 2018-19, Gareth explained that this would be covered by the planned  ...  view the full minutes text for item 3


Meeting: 27/04/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 12)

Assembly Reform - Name Change

Supporting documents:

  • Restricted enclosure 36

Minutes:

ACARAC (02-20) Paper 12 – Name Change External Engagement - as previously circulated out of committee

12.1     This was considered under Item 2.


Meeting: 20/01/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Review of accounting system

Supporting documents:

  • Restricted enclosure 39

Minutes:

ACARAC (01-20) Paper 9 - Review of accounting system

9.1        Nia introduced the paper which outlined conclusions on a review of the Commission’s accounting system.

9.2        The Committee noted that the current supplier of the accounting system, was under contract to provide support for the system until 2022.

9.3        The Committee were reassured that the review had confirmed the expected benefits of the system, introduced almost three years ago had been realised, had improved the internal control environment and was fit for purpose.


Meeting: 20/01/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Governance and Assurance Update Report

Supporting documents:

  • Restricted enclosure 42

Minutes:

·                     ACARAC (01-20) Paper 3 – G&A update report

3.1        Gareth Watts introduced the report which provided members with an update on recent Governance and Assurance work and highlighted the following:

 

·                     Heads of Service had each completed an Assurance Statement, which were being used to inform Directorate-level statements ahead of a meeting to provide independent scrutiny and challenge of these in February;

·                     the results of an External Quality Assessment (EQA) he was carrying out of the Northern Ireland Assembly Internal Audit Service would be reported to their Audit and Risk Committee in the spring;

·                     the findings of the review into effectiveness of the systems in place for the Commission’s training budgets would be presented to the Executive Board and shared with the ACARAC in due course; and

·                     responsibility for production of the Annual Report and Accounts remained with the Governance team and work was underway on planning and commissioning pieces of work.

3.2        Gareth advised that the findings of the Managing Absence audit report had been considered by the Commission’s Leadership Team. The Committee noted that progress was being made with proposals for implementing recommendations around training for line managers, improvements in flexi-time monitoring and improved reporting from the HR/Payroll system.

3.3        In relation to the Internal Audit Plan 2019-20, reports on recent reviews of fixed assets and procurement had been circulated out of committee.

3.4        For the procurement review, which focussed on the Commission’s strategy to engage with more Welsh suppliers, the report acknowledged good progress to date, with some minor recommendations.

3.5        Responding to questions around what practical work had been done to engage with Welsh suppliers, Dave explained that engagement takes place during contract renewal stages and on a continual basis with current contractors and sub-contractors, such as the catering and estates services. Dave also cited an example of a recent well received supplier engagement open day held by our major estates management contractors.

3.6        Ann re-iterated the importance of continuing to pro-actively engage with Welsh suppliers, including through intermediaries such as the Chamber of Commerce and the CBI so that opportunities are publicised in a timely way.

3.7        In response to questions around the Official Languages Scheme compliance audit, Gareth explained that this would include a review of the tools used to measure compliance, aiming to provide further assurance to the Chief Executive and the Commissioner with responsibility for the official languages.

3.8        In response to questions around plans to review of the Commission’s security arrangements, Dave explained that discussions were ongoing with South Wales Police, given the ever changing nature of threats.

Action: (3.7)  Gareth Watts to share the scope for the audits on compliance with the Official Languages Scheme and project management changes.


Meeting: 20/01/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 12)

Cyber-security

Supporting documents:

  • Restricted enclosure 45

Minutes:

ACARAC (01-20) Paper 11 – Review of Microsoft contract dependencies

12.1     The Chair welcomed Mark Nielson, Head of ICT and Broadcasting and Jamie Hancock, Head of (ICT) Infrastructure and Operations, to the meeting and thanked them for providing a comprehensive paper in advance of the meeting.

12.2     In response to questions from the Committee, Mark and Dave provided assurances that the Commission would continue to ensure they were taking full advantage of the Microsoft services available, whilst being mindful of what the broader industry had to offer and keeping pace with the latest technology. Mark added that, now that the recently created Security and Compliance Manager post had been filled, this would facilitate the continued drive to ensure robust cyber-security measures were in place and effective.

12.3     The Committee heard that, following an assessment of the different options available to provide geographic separation of backup and copy tapes, Azure Backup was judged to be the best solution for the Commission. Amongst other benefits, the solution was fully integrated with the Commission’s existing cloud services which removed any reliance on tape, or local storage.

12.4     Jamie informed the Committee that Microsoft were aiming to create a carbon neutral data centre environment, which was in line with the Commission’s environmental targets and commitments.

12.5     In response to questions from the Chair on whether testing had taken place in relation to retrieving data from a backup, Jamie informed the Committee that some testing had been successfully carried out which had informed plans for fuller testing.

12.6     Mark re-iterated the invite for Committee members to attend the a local Microsoft Datacentre, combining this with a discussion with Microsoft and Azure officials.


Meeting: 20/01/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Corporate Risk - Assembly Reform risks

Oral item

Minutes:

11.1     The Chair welcomed Siwan Davies, Director of Assembly Business, Arwyn Jones, Director of Communications and Engagement and Richard Thomas, Implementation Manager in the Constitutional Team, to the meeting.

11.2     Siwan advised that the Senedd and Elections (Wales) Act had received Royal Assent on 15 January 2020 and outlined how this had changed the risk profile. She also outlined the governance that was in place to enable decision-making and management of risks and the role of the Assembly Reform Project Board in overseeing implementation of the aspects of the Act which were within the Commission’s responsibility.

11.3     In response to questions from the Committee, Siwan described how the governance structure, including the project board and the Name Change Integrated Team facilitated effective dissemination of information internally to staff and to external stakeholders. She added that detailed advice was also given to Assembly Members and their staff when decisions were made.

11.4     Siwan noted that the Committee on Assembly Electoral Reform (CAER) had sought funding from the Commission to undertake a citizens assembly. Support for the Llywydd and Commission in their engagement with CAER would continue to be provided by Strategic Transformation Team.

11.5     Proposals on implementation of the Senedd and Elections (Wales) Act in relation to the name change would be presented to the Commission on 27 January where they would make decisions based on majority views if necessary.

11.6     In relation to lowering the voting age to 16, Richard Thomas explained how the Commission were working closely with all stakeholders, including local authorities, the Welsh Government and the Electoral Commission, who were leading on voting registration, and other groups to ensure a comprehensive awareness-raising campaign. He added that material for schools had already been prepared and that, whilst this was primarily led by the Welsh Government, the Commission had a key role to play in engagement with the young people.

11.7     The Chair thanked officials for their attendance and for providing Committee members with such a thorough update.

Action: (11.3) Provide briefing on work to engage with external stakeholders in relation to name change aspects of the Senedd and Elections (Wales) Act.


Meeting: 20/01/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Review of accounting policies

Supporting documents:

  • Restricted enclosure 50

Minutes:

ACARAC (01-20) Paper 8 - Review of accounting policies

8.1        Nia introduced the paper which provided an update on work done to review the Commission’s accounting policies.

8.2        Given the complexities involved, and significant changes to some accounting approaches for the public sector, the Chair thanked Nia and her team for the thorough work done on reviewing the Commission’s accounting policies. He also noted that the Commission appeared to be ahead of other public sector bodies in implementing the changes.


Meeting: 20/01/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

Feedback on attendance at ARAC Chairs' Forum

Oral item

Minutes:

14.1 The Chair fed back to Committee members on attendance at the Audit and Risk Assurance Committee (ARAC) Chairs’ Forum. Topics had included the fast paced movement of technology in the auditing sector, particularly around data processing and data analytics.


Meeting: 20/01/2020 - Senedd Commission Audit and Risk Assurance Committee (Item 13)

Feedback on REWAC consideration of the Commission's Engagement Strategy

Oral item

Minutes:

13.1     Ann and Arwyn provided the Committee with an update on areas covered at the Remuneration Engagement and Workforce Advisory Committee (REWAC) meeting on 14 January, minutes of which would be shared with ACARAC members. The areas covered are as outlined below:

  • proposals for a graduate level apprenticeship scheme where Lowri Williams, Head of HR, had proposed four options for consideration;
  • the proposed approach to applying for the Platinum Investors in People accreditation, having achieved Gold status previously;
  • the Commission’s Recognition Scheme where, having been nominated by their peers, staff were recognised for contributions to the Commission’s values by way of a certificate; and
  • an update on the Commission’s Public Engagement Strategy and proposals for delivery.

13.2     The Chair thanked Ann and Arwyn for the update and looked forward to receiving a further update in due course.


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 19)

Reflections from outgoing Committee member (moved from Item 3)

Minutes:

19.1     The Chair thanked Hugh for his valuable contributions during his time as a member of ACARAC, and invited him to share his reflections on his tenure.

19.2     Hugh thanked current and past Committee members and officials for the open and positive culture which he had experienced on the Committee since he joined in 2013. He felt the level of co-operation was a key factor in the effectiveness of the Commission’s governance. He outlined some of the highlights of his time on ACARAC and noted the following:

i.        the changes to the corporate risk profile, noting progress against areas such as business continuity, ICT services, social media and safeguarding;

ii.       the ethos of continuous improvement, and the use of both internal and external quality assurances;

iii.     how the regular governance matters meetings with Service Heads and Directors had helped to keep governance in mind during the year;

iv.     the smooth processes for auditing of the Commission’s accounts;

v.       the effective handling of changes to the use of underspends on the Remuneration Board’s Determination;

vi.     the maturity which the Commission had shown in the documentation and management of risks, particularly around Brexit and constitutional change;

vii.    how deep-dives into individual risks and detailed discussions had helped Committee members to learn more about the organisation; and

viii.  the value added by external presenters at Committee meetings.

19.3     The Chair thanked Hugh for his contributions on all of these points. He also noted the value Hugh had added to the scrutiny and challenge of the Commission’s Assurance Statements. Manon added her thanks for his contributions in particular around risk, assurance and also his involvement in the appointment of new Independent Advisers.

 

Next meeting is scheduled for 20 January 2020.

 


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Feedback on recent Finance Committee and Public Accounts Committee

Minutes:

10.1     Nia provided an update to Committee members on recent appearances before both the Finance Committee and Public Accounts Committee. She advised that no major issues were flagged during the evidence sessions and that they were able to provide assurances around arrangements for the Standards Commissioner’s office.

10.2     The Finance Committee’s report, and the proposed response, were due to be considered by the Commission in November. Nia would circulate these to Committee members when the response had been agreed.

10.3     In response to questions from Aled around the levels of underspend in relation to Assembly Members staffing costs, Nia explained that this related, in part, to the budget set aside for staff churn. Manon highlighted that, following previous recommendations made by the Finance Committee, any underspend in this area was now returned to the Wales Consolidated Fund at the end of the financial year.

Action: Circulate the Finance Committee’s report and the Commission’s response to Committee members


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Cyber-Security Update

Supporting documents:

  • Restricted enclosure 61

Minutes:

ACARAC (05-19) Paper 6 – Cyber-security update

8.1        The Chair welcomed Mark Nielson, Head of ICT and Jamie Hancock, Head of Infrastructure and Operations, to the meeting and invited them to outline the details of their update on cyber-security. The paper provided a summary of progress against the recommendations made in the April 2019 internal audit report, and Mark highlighted the following:

i.     the repurposing of a post to cover security and compliance;

ii.    the introduction of minimum standards to all applications which had seen immediate results in terms of blocking access;

iii.  a business case for additional cloud services for back-up and recovery which was being considered by the Executive Board in November;

iv.  implementation of controls around removeable media (USB drives);

v.    a further exercise to educate users in the risks of phishing which had been carried out; and

vi.  plans for further awareness raising during a Cyber Security awareness week, scheduled for end of November.

8.2        In response to questions about affordability and further reliance on Microsoft, Mark reassured Committee members that all work outlined in the report was included in existing budget plans and that the recent TIAA audit report had not raised any issues or concerns. He also advised that, following consultation with external experts, further reassurances had been provided around current arrangements. Jamie added that the advice indicated there would be greater risk with outsourcing to other providers at this stage. Committee members would be invited to a site visit at the local datacentre and encouraged them to attend.

8.3        Jamie and Mark presented the updated ICT Risk Radar, highlighting improvements made since bringing the ICT function in-house, in particular around the flexibility of services that could be provided, and the areas for further improvement going forward.

8.4        The Chair thanked Mark and Jamie and requested to have a further update on the review of Microsoft contract dependencies in January.

Action: Provide an update on Microsoft contract dependencies at the January meeting


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 4)

Governance and Assurance Update Report

Supporting documents:

  • Restricted enclosure 64

Minutes:

ACARAC (05-19) Paper 3 – G&A update report

4.1        Gareth Watts introduced the report which provided members with an update on recent internal Governance and Assurance work.

4.2        Copies of the reports on the review of the Assembly Commission’s Voluntary Exit Scheme and the Effectiveness Review of the Executive Board had been circulated to Committee members out of meeting on 26 September 2019. Gareth had also undertaken an Effectiveness Review of the Leadership Team and had presented the outcome and recommendations to them. Gareth would keep the Committee up to date with progress against actions arising from both of these reviews.

4.3        The Governance team led on the production of the Annual Report and Accounts for the first time this year. The team had worked closely with colleagues in the Finance and Communications teams, producing drafts in advance of the original deadlines set. A number of recommendations for the 2019-20 report had been agreed by management which, along with a proposed timetable, would be shared with the Committee in due course.

4.4        The Governance team had been meeting with Heads of Service as part of the annual Governance Matters cycle of meetings. This formed the first building blocks for the production of the Annual Governance Statement. Meetings with Directors had been arranged to discuss any issues identified from the Head of Service meetings in preparation for drafting Assurance Statements.

4.5        A review of Fixed Assets was due to take place and Gareth agreed to share the scoping paper ahead of the review commencing.

4.6        A review of the Commission’s approach to engaging with Welsh suppliers had been completed and the report would be circulated when finalised. Suzy asked whether any environmental/sustainability themes or issues had arisen from the review. Gareth indicated that the report included reference to impact assessments but agreed to consider how this could be explored further.

4.7        In relation to the forthcoming review of Project Management Changes, it was noted that, whilst the Commission had made significant improvements in recent years, this was timely given the change of structure put in place around project governance. The Chair agreed to return to this topic once the audit had been concluded. In the meantime, Gareth agreed to circulate the outline scoping paper to Committee members, when available.

4.8        In response to questions from the Committee around any plans for reviewing use of the Assembly’s estate, Arwyn Jones advised that this would form part of the wider engagement strategy.

4.9        Hugh Widdis noted that the review of the impact of the Capacity Review was under way. Gareth advised that the emerging themes were largely consistent with those raised during the Commission’s evidence session at the Finance Committee meeting on 3 October. He added that this review would focus on assurances around the realisation of benefits.

4.10     Hugh re-iterated the importance of conducting audits into Business Directorate areas, where appropriate. Gareth agreed and would be working with Director of Assembly Business to develop the scope of future audit work.

Actions:  ...  view the full minutes text for item 4


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Reflections from outgoing Committee member

Minutes:

3.1 This item would be covered at the end of the meeting.


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 15)

Committee's effectiveness survey

Minutes:

12.1     The Chair agreed that the survey would be circulated out of committee for comment from Committee members.

Action: Comments on the timing and content of the Committee’s effectiveness survey to be passed to the Chair and clerking team


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

Feedback from REWAC

Minutes:

12.1     Ann provided an update on areas covered during the year at meetings of REWAC, of which she was also a member. Discussions to date had focussed on staff survey results and proposals for future surveys, the Commission’s People Strategy and the Commission’s Public Engagement Strategy.

12.2     As the Director of Communications and Engagement was new, members had agreed to return to the Public Engagement strategy at a future meeting.

12.3     The Committee agreed, subject to approval by REWAC, to share meeting minutes between the two committees, along with periodically sharing other information, such corporate risks with REWAC.

12.4 The Chair and officials were keen to ensure that the separate remits of each committee were clear whilst also facilitating effective interchange.


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 13)

Information Breaches

Minutes:

13.1 The Committee noted that two information breaches had been reported but that no further action had been deemed necessary.


Meeting: 21/10/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 12)

Critical examination of one identified or emerging risk

Supporting documents:

  • Restricted enclosure 75

Minutes:

ACARAC (05-19) Paper 9 – Brexit Risk

12.1     The Chair welcomed Siwan Davies, Director of Assembly Business, Kathryn Potter, Head of the Research Service and Manon George, Brexit Co-ordinator, to the meeting and thanked them for the paper outlining the Commission’s approach to managing the risks relating to Brexit.

12.2     Given the longstanding uncertainty over the timing of Brexit, the Committee were informed that one of the biggest challenges related to planning how the Assembly would resource the work it needs to deliver as a legislature.

12.3     Kathryn advised that the iterative approach taken to date, through regular scenario planning exercises had worked well and helped to identify pressures and issues that could arise from the various possible Brexit outcomes.

12.4     Ann questioned the effectiveness of the Interparliamentary Forum on Brexit and whether officials were kept up to date with discussions. Manon George advised that all the UK parliaments were represented and engaging in valuable dialogue at political and official level. The Committee were informed that the Commission was due to host the next meeting of the forum later this year.

12.5     The Chair thanked Siwan, Kathryn and Manon for attending, and providing a reassuring update in relation to this risk.


Meeting: 15/07/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Horizon scanning

·         Oral item

Minutes:

5.1 The Chair invited officials to provide an overview of significant areas of work and likely challenges in the coming months to help inform the Committee’s forward work programme and identify where it could add value. The following areas were discussed:

·         challenges presented in terms of preparing for Brexit, dependent on whether there was a deal, no deal, or extension to the exit plans;

·         on-going work to introduce Assembly reform, including changes to the name of the Assembly, electoral processes and the voting age and how this was best communicated; 

·         wider, longer term reform around the size of the Assembly;

·         the change in focus for the Commission’s communication and engagement strategies;

·         the forthcoming review of support for Assembly Committees;

·         continued focus on the Commission’s Official Languages Scheme, the Annual Report for which was due to be debated in plenary in the coming weeks;

·         preparations for the May 2021 Assembly elections and transitional arrangements;

·         changes in governance arrangements for programmes and projects with the establishment of a Programme and Change Office; and

·         continued focus on cyber-security.

5.2 Dave provided assurance to the Committee around ongoing communication with the Assembly’s Business Committee, the Chairs’ Forum and the Welsh Government in terms managing the capacity of Members and Commission staff.


Meeting: 17/06/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Critical examination of one identified or emerging risk (Cyber)

Supporting documents:

  • Restricted enclosure 80

Minutes:

ACARAC (03-19) Paper 11 Cyber-security Risk Radar diagram

10.1     The Chair welcomed Mark Neilson, Head of ICT and Jamie Hancock, the new Head of IT Infrastructure and Operations, to the meeting. The Chair outlined that the purpose of the item was to provide a critical examination of the on-going management of the Commission’s cyber-security risks, taking into account recommendations from the recent internal audit report.

10.2     Mark outlined progress that had been made on implementing the audit recommendations. This included: steps to ensure compliance with cloud-based apps; controls around use of web-based personal accounts on Commission devices; and storage and recovery of information held on back-up tapes. 

10.3     On the issue of back-up tapes, Mark explained that their reliability was currently viewed as a low and short-term risk given the move to more cloud-based storage. They were, however, exploring the use of Microsoft Azure Site recovery as a possible longer-term solution alternative and options for off-site storage locations in the meantime. Committee members questioned over-reliance on Microsoft but concluded this was justified.

10.4     In response to questions from Committee members, Mark provided assurances on management of the risks associated with the use of USB storage devices, the use of which would be restricted in future. In terms of accessing personal email through the Assembly network he did not consider this an issue for the Commission and outlined that adequate controls were in place, including appropriate monitoring tools if suspicious activity was brought to their attention.

10.5    Mark also provided assurance that the team had reviewed the data storage arrangements in the light of Brexit. Data was currently stored in a location in the EU and would need to be relocated to the UK in due course. Microsoft were aware of this requirement. 

10.6    The Chair reminded the Committee of a Cabinet Office paper Ann had circulated, which highlighted areas related to supplier cover, and the consequences of inadequate controls being in place, in relation to cyber-risk.

10.7    Committee members agreed that, in the next cyber-security update they would like updates on: the use of MS Azure Site recovery; storage of back-up tapes; and the testing of business continuity plans for recovery in the event of an ICT failure. They would also welcome an updated risk radar diagram.

Actions

·         The next update on cyber-security to include details of the use of MB Azure Site recovery, storage of back-up tapes and an updated risk radar diagram.

·         Provide an update on business continuity plans for recovery in event of an ICT failure and a further update on any best practice adopted from the paper Ann circulated entitled ‘Cyber Security for FTSE 350 companies’.


Meeting: 17/06/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 7)

Annual Report and Accounts, including the Governance Statement

Supporting documents:

  • Restricted enclosure 83
  • Restricted enclosure 84
  • Restricted enclosure 85

Minutes:

ACARAC (03-19) Paper 8 – Draft Annual Report and Statement of Accounts 2018-19 – cover paper

ACARAC (03-19) Paper 8 – Annex A - Draft Annual Report 2018-19

ACARAC (03-19) Paper 8 – Annex B - Statement of Accounts 2018-19

7.1        The Chair introduced the Draft Annual Report and Statement of Accounts 2018-19, which had been circulated two weeks in advance of the meeting as planned. He outlined the role of the Committee in providing assurance to the Accounting Officer and the Commission. He invited comments on the draft report, noting that final sign-off would take place at the 15 July meeting, before being presented to the Commission on the same day.

7.2        Committee members praised the Annual Report and Accounts, noting in particular the high levels of assurance provided throughout and the clear and accessible presentation with appropriate use of infographics. The Chair considered the document to be a highly effective report in highlighting the achievements of the Assembly over the past year.

7.3        The Committee discussed how the report could be publicised to help promote the work of the Assembly. Ann advised that the Commission’s Remuneration, Engagement and Workforce Advisory Committee (REWAC), of which she was a member, would be discussing wider communication at an upcoming meeting. She would provide feedback to the Committee on these discussions in the future.

7.4        In response to questions from Committee members regarding current and future environmental and sustainability targets, Dave advised that, as the current targets were due to come to an end in 2021, the Commission would be setting new, more testing targets over the coming year to measure progress towards the aspiration of becoming a carbon neutral organisation.

7.5        In response to questions about the lack of equality and diversity statistics in the Annual Report, Dave explained that the Report provided summary information and that details could be found in the Diversity and Inclusion Report Annual Report. He agreed to consider how this information could be made available if queries arose when the Annual Report and Accounts were published.

7.6        The Committee discussed the KPIs included in the report. In response to questions about an apparent fall in performance around engagement, Manon explained that measures against the current indicators had been largely influenced by external factors. These would be replaced with more appropriate targets when the new Director of Communication and Engagement was appointed.

7.7        The Committee concluded that the report represented a true, fair and understandable account of the Commission’s work over the year and would be likely to be recommending to the Commission that it is formally signed off on 15 July.

Actions

·         Ann Beynon to provide feedback to the Committee in due course on discussions at REWAC on engagement and communication

·         Dave to provide an update to the Committee in the Autumn on new sustainability measures


Meeting: 17/06/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

SIRO Annual Report 2018-19

Supporting documents:

  • Restricted enclosure 88

Minutes:

ACARAC (03-19) Paper 12 – SIRO Annual Report 2018-19

11.1     The SIRO Annual Report 2018-19 was noted and agreed by Committee members.

 


Meeting: 25/03/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

Finance Update

Supporting documents:

  • Restricted enclosure 91

Minutes:

ACARAC (02-19) Paper 14 – Update on the 2018-19 and 2019-20 Financial Position and the 2020-21 Budget

11.1    Nia updated the Committee on the current budget position.  The 2018-19 financial year had been an eventful and busy period for the Commission with significant demands on resources including for Assembly Reform, Brexit and the Youth Parliament. 

11.2    The Finance Committee were yet to respond to the Commission’s views around budget setting in line with the Welsh Block.  Nia agreed to keep the Committee informed as well as circulating a PAC report that was due to be considered by the Assembly Commission the following week. 

Action

-     (11.2) Nia to circulate the budget timetable, the PAC report and the Commission’s response to Committee members.


Meeting: 25/03/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 13)

Annual Review of Fraud and Whistleblowing policies

Supporting documents:

  • Restricted enclosure 94
  • Restricted enclosure 95
  • Restricted enclosure 96
  • Restricted enclosure 97

Minutes:

ACARAC (02-19) Paper 13 – Whistleblowing Policy and Fraud Policy Updates

10.1    Gareth confirmed that both policies remained unchanged since they were reviewed in April 2018.  No incidents of fraud or whistleblowing had been reported but the Commission were conscious of the need to maintain awareness levels and fully test the policies.    

 


Meeting: 25/03/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Draft Governance Statement for 2018-19

Supporting documents:

  • Restricted enclosure 100
  • Restricted enclosure 101

Minutes:

ACARAC (02-19) Paper 8 – draft AGS

5.1        The Chair expressed his appreciation at such a comprehensive draft Governance Statement at this early stage. 

5.2        Manon Antoniazzi described the process of gathering assurances from Heads of Service and Directors to inform the Governance Statement and the challenge session which was attended by Hugh Widdis in February. 

5.3        Comments and suggestions were made to the draft statement which would be incorporated before presenting it back to the Committee in June as part of the Commission’s Annual Report and Accounts.

5.4        In response to a question about the revised KPIs, Dave agreed to share the proposals with the Committee ahead of presenting them to the Commission for approval.

Action

-     (5.4) Clerking team to circulate the proposals for KPI reporting to ACARAC before submitting for approval by the Assembly Commission.


Meeting: 25/03/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Annual Report and Accounts - timeline

Supporting documents:

  • Restricted enclosure 104

Minutes:

ACARAC (02-19) Paper 9 – timeline

6.1        Nia Morgan briefly described the process followed last year, and the Committee members who were involved in reviewing the Annual Report and Accounts, all agreed that it had worked well.  Her intention was to issue a draft two weeks in advance of the 17 June meeting.

6.2        The WAO also confirmed that they should be in a position to present a final Audit Completion Report (ISA 260 Report) at the June meeting. 

6.3        In response to questions about signing, laying and scrutinising the Annual Report and Accounts, Nia agreed to add further detail to the timeline to include the scrutiny sessions.

Action

      (6.3) Populate timeline to include the activity after it is presented to ACARAC in July, e.g. signing by Assistant AGW, laying of the report with Table Office, scrutiny sessions etc. 

 


Meeting: 25/03/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Draft SIRO Annual Report

Supporting documents:

  • Restricted enclosure 107

Minutes:

ACARAC (02-19) Paper 10 – Draft SIRO Annual Report

7.1        Dave presented the draft SIRO report which highlighted the progress made, provided assurance that information risks were being effectively managed and identified areas of focus for the coming year. 

7.2        The main focus for 2019-20 had been embedding the General Data Protection Regulations (GDPR) and working with the Youth Parliament project team to ensure compliance. There was one incident of personal data loss requiring reporting to the Information Commissioner’s Office (ICO) but no further action was required.

7.3        Training and raising awareness of cyber security had also been a key area of focus during this period.  Dave confirmed that Assembly Members and Assembly Members Support Staff were also offered these training sessions but they remained a vulnerable area.    

7.4        Ann Beynon had previously circulated a Cabinet Office paper titled ‘Cyber Security for FTSE 350 companies’ which would be discussed as part of the cyber-security update item at a future meeting.


Meeting: 11/02/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Review of accounting policies

Supporting documents:

  • Restricted enclosure 110

Minutes:

ACARAC (01-19) Paper 12 – Accounting policies – annual review

10.1    Nia confirmed that no changes to accounting policies had been identified from the latest annual review. The Chair and Committee members thanked Nia for the clear paper and welcomed the due diligence in anticipating changes which would come into effect in future years.

 


Meeting: 11/02/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Members Expense Management System Replacement project

Supporting documents:

  • Restricted enclosure 113

Minutes:

ACARAC (01-19) Paper 11 – Update on Members Expense Management System

9.1        The Chair welcomed Sulafa, Eve and Dean to the meeting and thanked them for the paper outlining progress with the project and the benefits it will realise.

9.2        Eve expressed confidence that the project was on track to go live on 1 April and advised that there had not been any significant variations to the business case since its approval in March 2018. She also advised of improvements in levels of support from the service provider as a result of more focus on quality in the contract retendering process.

9.3        Sulafa provided assurances around transparency and ease of access to information on expenses and Nia provided assurances around security of the systems through user accounts.

 


Meeting: 11/02/2019 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

Information Breaches - oral item

Minutes:

Oral Update

13.1    There were no information breaches to report. 

 


Meeting: 26/11/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Cyber-Security Progress Update

Minutes:

Oral item

3.1        The Committee welcomed Mark Neilson and Richard Coombe to the meeting to present an update on cyber security.  Following their last update in April, the Windows 10 upgrade had been fully implemented.  The Committee were reassured by the security benefits of the Windows 10 platform. 

3.2     Mark outlined the timetable of future testing plans.  The Committee welcomed the Commission’s intention to join a Cyber Essentials scheme, a UK Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. 

3.3     The cyber security risk radar chart illustrated progress in all areas, but raised questions about the priority of user education and awareness.  Suzy Davies encouraged Mark and his team to use the Commissioners to engage with their parties and to encourage their colleagues to take part in awareness raising and training sessions. 

3.4     Mark and Richard ensured that the Commission engaged with other organisations, including other legislatures and the National Cyber Security Centre.

3.5     Whilst recognising that cyber security requires constant vigilance, the Committee were encouraged with progress. An internal audit review of cyber security was scheduled for early 2019, and the Committee would welcome a further update in June 2019 and at least biannually thereafter. 

Action

     Mark Neilson to use Assembly Commissioners to communicate key messages to their groups of AMs and AMSS in terms of the training available and awareness raising.

     Mark and Richard to update the Committee on cyber security in June 2019, and at least biannually thereafter.

 


Meeting: 26/11/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Update on 2018-19 Financial Position and 2019-20 Budget

Supporting documents:

  • Restricted enclosure 120

Minutes:

ACARAC (05-18) Paper 10 - Update on 2018-19 Financial Position and 2019-20 Budget

10.1     Nia presented an update on the 2018-19 financial position, confirming that outturn will not exceed budget and that the value for money and prompt payment targets will be met.  The 2019-20 budget, agreed by the Assembly in November, uses an alternative model to address FC and PAC concerns regarding the Remuneration Board’s Determination Budget, and reflects an increase of 1.67%. 

10.2    The Committee welcomed this overview, and requested further detail on the terms of the business efficiency savings.

Action

      Nia Morgan to produce an addendum to the minutes detailing the business efficiency element of the value for money savings. 


Meeting: 26/11/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Feedback on recent Finance Committee and Public Accounts Committees

Supporting documents:

  • Restricted enclosure 123
  • Restricted enclosure 124
  • Restricted enclosure 125

Minutes:

ACARAC (05-18) Paper 9 - Finance Committee and Public Account Committee (PAC) Update

ACARAC (05-18) Paper 9 - Appendix 1

ACARAC (05-18) Paper 9 - Appendix 2

9.1        Nia presented the Committee with updates on the Commission’s recent scrutiny sessions.  Both sessions resulted in various recommendations for the Commission, although the PAC report was yet to be published.   

9.2     FC received a detailed outline of the 2019-20 draft budget which was subsequently agreed by the Assembly on 14 November 2018.  During the scrutiny session Suzy, Manon and Nia highlighted areas of priority which were the Youth Parliament, Assembly Reform and Legislation Workbench.

9.3     As the Youth Parliament project was innovative and had not been mirrored by other legislatures, exact costs were difficult to predict and could be challenged at future Finance and PAC meetings. 

9.4     The Committee were encouraged by the elevated transparency evident in the  scrutiny sessions and the level of preparation involved across the organisation, especially by the Finance team.  They thanked Nia, Manon and Suzy for their contributions to this item.

 


Meeting: 18/06/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Prioritisation Criteria

Minutes:

Oral update via presentation

6.1        This item had been deferred from the April meeting.

6.2     Dave presented the Committee with prioritisation criteria which was in part based on the MoSCoW (MustShould, Could or Won't) model, together with more detailed criteria. This had already been shared with the Assembly Commission, the Chair’s Forum and the Business Committee and would be used to inform a refresh of strategic priorities. It was being used by the Leadership Team to inform discussions around prioritising resources for 2018-19 and the outcome of these discussions and any business cases would be subject to challenge by the Executive Board. Officials were in agreement that once this was embedded it would better enable Manon and senior management to focus on and assess priorities, especially given the limited resources and tighter financial situation. It would also provide evidence for discussions with the Commission about priorities and the implications of decisions.

6.3     Dave explained to the Committee that the model had already been used by the Communications team to prioritise summer events as part of the engagement strategy. The criteria would be developed further as part of the Capacity Review to identify pinch-points and inform the re-deployment of staff.

6.4     The Committee welcomed the approach of using this as a tool to inform discussions, but stressed the need to have a common understanding of the terms used and also to consider phased assessment of projects as part of the agile methodology (e.g. candidate, discovery etc.). They were encouraged by Gareth’s role as a ‘critical friend’ in developing this criteria.   

 


Meeting: 18/06/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

SIRO Annual Report 2017-18

Supporting documents:

  • Restricted enclosure 130

Minutes:

ACARAC (03-18) Paper 9 – SIRO AR 2017-18

7.1        The Committee welcomed this report and Dave agreed that its production could be brought forward in future years. He also agreed that the report could be enhanced to make further reference to the preparations for GDPR taking priority this year and to include statistics relating to cyber-security.

7.2     Dave provided the Committee with a detailed explanation of the data loss incident which had been reported to the Information Commissioner’s Office.  He assured the Committee that additional checks had been put in place to minimise the chance of human error in future. 

7.3     The Information Governance Manager had been working primarily on GDPR awareness and training and would continue to do so for the coming months before concentrating on compliance activities. A review of the classification system would also be carried out.

7.4     Dave accepted the action requested by the Committee that future information breaches should be reported by the SIRO to ACARAC.

Actions

-        Dave to revise the SIRO Annual Report to refer to GDPR preparations and cyber-security statistics

-        Dave to amend the SIRO Terms of Reference to ensure that information breaches are reported to ACARAC at the earliest opportunity. 

 


Meeting: 23/04/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Draft Governance Statement 2017-18

Supporting documents:

  • Restricted enclosure 133
  • Restricted enclosure 134
  • Restricted enclosure 135
  • Restricted enclosure 136

Minutes:

ACARAC (02-18) Paper 3 – Draft Governance Statement for 2017-18 – cover paper

ACARAC (02-18) Paper 3 – Draft Governance Statement for 2017-18

5.1        Manon presented an early draft of the 2017-18 Annual Governance Statement (AGS). The financial figures were still being finalised but the Commission was confident that there would be no overspend.

5.2        The Committee discussed the challenge session which took place in February 2018 where Eric had scrutinised and provided independent challenge to the Directors' Assurance Statements. Eric and officials agreed it had been a robust session with open and honest discussion.

5.3        The Committee suggested adding more detail on the recent governance and senior management changes, staff engagement in the refresh of organisational values, and external recognition. The Committee also suggested the following areas for focus in 2018-19: implementing and ratifying General Data Protection Regulation (GDPR) changes; cyber-security; and dignity and respect policies and procedures.

5.4        The Chair asked if there had been any new guidance on governance statements and Gareth Watts provided assurance that nothing new had been produced and that existing best practice, including audit reports and the NAO checklist on governance statements, had been taken into account.

5.5        Manon described the work being done to streamline reports and outputs throughout the year to minimise duplication of effort, whilst maintaining an appropriate flow of information to all stakeholders.

5.6        The Committee concluded that this was a good first draft and that the level of detail was appropriate in balancing transparency and readability. It was agreed that any further suggestions would be emailed.

Action

Committee members to email suggested changes to the Governance Statement to Kathryn Hughes.

 


Meeting: 23/04/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 7)

Update on whistleblowing and fraud policies

Supporting documents:

  • Restricted enclosure 139

Minutes:

ACARAC (02-18) Paper 5 – Whistleblowing Policy and Fraud Policy Updates

7.1        Gareth Watts advised the Committee that no substantive changes had been made the Commission’s Whistleblowing and Fraud policies. He agreed to consider the testing the Whistleblowing policy.

7.2        In relation to the fraud policy, the Chair suggested that the Head of Internal Audit’s Annual Report on Fraud (to be presented at the June 2018 meeting) should refer to the Commission’s Policy Framework and other measures taken to raise awareness.

7.3        The Chair also asked for an update on the WAO's Fraud checklist. Gareth Watts had discussed this with the WAO and would be gathering the views of management based on his own assessment before presenting the checklist to the Committee. Gareth Lucey, from the WAO confirmed that, in line with International Standards on Auditing (ISA), each of the bodies they audited were required to complete the checklist.

Action

Gareth Watts to include details of fraud awareness in his Annual Report on Fraud.

 


Meeting: 23/04/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Review the overall Assurance Framework

Supporting documents:

  • Restricted enclosure 142

Minutes:

ACARAC (02-18) Paper 4 – Assurance Framework update

ACARAC (02-18) Paper 4 – Annex A – Assurance Map

ACARAC (02-18) Paper 4 – Annex B – Assurance FW April 2017 – Mar 2018

6.1        Gareth Watts presented an update on how the Commission's Assurance Framework was being applied. He explained that there was increased ownership of, and engagement with, the assurance mapping process by Heads of Service. This had been achieved, in part, by delegating responsibility for reviewing and populating the assurance map processes and activities to inform assurance statements. His team had worked with service areas to help develop a governance and assurance culture across the Commission, including the provision of tailored training and awareness sessions.

6.2        The Committee highlighted that all bar one of the Assurance Map components had a green RAG status and suggested that different approaches to identify areas for improvement should be considered. Gareth agreed, and he and Kathryn Hughes had already begun to consider alternative ways of presenting this information in future.

6.3        Hugh suggested that more detail could be provided which clearly identified the levels of assurance associated with Commission processes and risks. Gareth reminded the Committee that the assurance map was underpinned by detailed service level assurance maps and statements which provided more detailed analysis and were used to identify areas of strength and weaknesses in assurance. This information was available to the Committee members.

6.4        The Committee discussed whether, as well as updating the Commission's Assurance Map to reflect the new governance structure, it should reflect the scrutiny the Commission received from the Public Accounts Committee and Finance Committee and whether ACARAC should be explicitly shown in the third line of defence, although only the high-level lines of defence element of the framework had been presented.

Action

Officials to consider referencing PAC and Finance Committee on the Commission's Assurance Map and adding ACARAC to the third line of defence.

 


Meeting: 23/04/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 4)

Prioritisation Criteria

Minutes:

Update via presentation

4.1        This item was deferred to the June meeting.

 


Meeting: 23/04/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Cyber Security update

Supporting documents:

  • Restricted enclosure 147

Minutes:

Oral update

3.1     The Committee agreed to consider ACARAC (02-18) Paper 11 – Cyber Security alongside the risks around cyber-security (ICT16) and the update from the Heads of ICT and IT Infrastructure under this item.

3.2     Mark Neilson and Richard attended the meeting to provide an update on the actions the Commission had taken to improve cyber security.

3.3     The Committee were informed that there were two areas of focus: technical and human. Mark provided statistics for the number of attempted cyber-attacks on the Commission over the past six months. The Committee noted that the corporate risk around cyber-security reflected that it was impossible to prevent cyber-attacks and that the focus was on protecting, detecting and responding to these.

3.4        Richard highlighted a change in the approach to cyber-security from a single ‘ring of steel’ approach to a layered defence with greater use of analytics and reporting. Richard reported that the National Cyber Security Centre issues alerts when other organisations are attacked.

3.5     The Committee questioned what work had been done in relation to the internal threat, particularly potentially malicious behaviour. Richard stated that the Commission was considering the introduction of a new information classification system and the Chair urged the Commission to accelerate this, taking account of lessons learned by other public sector organisations.

3.6     The Committee noted the improved internal audit rating. 

3.7     The Committee noted that cyber response plans had been successfully tested and that Mark and Gareth Watts would oversee further testing of defence and recovery plans.

3.8     In response to questions from the Committee, Dave confirmed that the procurement process contains a cyber-security checklist for third party suppliers and that regular contract reviews ensured this was adhered to.

3.9     The Committee suggested that a multi-dimensional model is created which would highlight the various elements of cyber-security ‘at-a-glance’. Mark confirmed he would work with Gareth Watts and Clive FitzGerald (TIAA) to develop this.

3.10 Mark informed the Committee of the work underway to raise and test awareness of cyber-security best practice among Commission staff, Assembly Members and their Support Staff. The aim was to reduce the severity rating of the risk.

3.11 The Committee asked whether insourcing ICT had provided cyber-security benefits. Dave considered the Commission to be in a better position to tailor and test cyber-security controls. Mark added that the current arrangement allowed the Commission to be agile in its approach, whilst also being able to rely on Microsoft’s experience.

3.12 The Committee noted Gareth's intention to carry out a formal annual audit and agreed that an update on cyber-security, including the implementation of internal audit recommendations, should be provided every six months.

3.13 Eric thanked officials for attending and for their clear articulation of a complex issue.

Action

Cyber-security to be added to the forward work programme for review every six months.

 


Meeting: 05/02/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Corporate Performance Report (KPI report)

Supporting documents:

  • Restricted enclosure 150

Minutes:

ACARAC (01-18) Paper 8 – KPI Report Apr-Sept 2017

Item 10 – Corporate Risk Report

ACARAC (01-18) Paper 9 – Corporate Risks

ACARAC (01-18) Paper 9 – Annex A - Corporate Risks Summary Report

ACARAC (01-18) Paper 9 – Annex B - Corporate Risks plotted

Item 11 – Critical examination of one identified or emerging risk

ACARAC (01-18) Paper 10 – Update on Commission’s Inter-related Corporate Risks

8.1        The final, published KPI report had been included in the pack for information. Dave advised that a review of the KPIs was ongoing with Heads of Service and Directors. This included consideration of developing an internal dashboard in addition to the published KPIs. He confirmed this review would include consideration of whether the targets were sufficiently challenging and relevant. The Committee suggested consideration be given to basing targets on outcomes and not outputs.

8.2        Dave then introduced the risk papers, noting that the continued significant risk profile demonstrated the pressure and amount of uncertainty facing the organisation. 

8.3        Whilst recognising that the residual risks remained high due to their impact if realised, the Committee suggested that controls and tolerance levels be continuously challenged to ensure that enough was being done to manage them. Officials agreed to consider the Committee’s comments on options for presenting the risks in a different way to better aid analysis. 

8.4        The Committee noted the paper outlining how the Commission was managing the inter-related nature of its corporate risks. The Committee remained satisfied that the risks were being well managed, both individually and collectively. It was agreed that, as the inter-related risks would continue to be managed collectively and reported to the Committee separately in the Corporate Risk Register, they did not need to see similar reports on management of the inter-related risks in future.

 


Meeting: 05/02/2018 - Senedd Commission Audit and Risk Assurance Committee (Item 4)

Update on Capacity Review

Minutes:

Oral Item

4.1        The Committee received an update on the Capacity Review following a recent Assembly Commission meeting when they approved the initial report.

4.2        Dave would lead the next phase of the review, which was to implement the recommendations. Dave advised that a cross organisation steering group had been established to develop and co-ordinate delivery of an action plan. The terms of reference for the group were due to be considered by the Management Board. He also outlined various actions which were already being progressed, such as revised planning and reporting cycles.

4.3        Suzy Davies confirmed that the Commission had welcomed the report and recommended that a capacity review should be performed at the beginning of each new Assembly to inform planning of resources required to deliver its strategy.

4.4        The Committee discussed the context of the review in terms of particular challenges in the Fifth Assembly, including Brexit, Assembly electoral reform, financial constraints and the desire to contain staff numbers. They also discussed the detailed scenario planning being carried out by relevant senior officials in relation to Brexit and the Withdrawal Bill.  

4.5        The Committee suggested that the Commission should ensure there was sufficient quantitative data to evidence both the review’s findings and subsequent efficiency and effectiveness improvements which would stand up to scrutiny. They recognised, however that it was difficult to quantify the value of services provided or to benchmark against other legislatures.        

 


Meeting: 27/11/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 15)

Draft Corporate Performance Report (KPI report)

Supporting documents:

  • Restricted enclosure 155

Minutes:

ACARAC (05-17) Paper 19 – KPI Report Apr-Sept 2017

15.1     The Committee noted this draft KPI report that was due to be reviewed by the Assembly Commission in December.  They noted one area that had spiked significantly, which was Senedd.tv viewing figures. Dave and Manon explained the shift from viewers watching proceedings on Senedd.tv to YouTube, which proved that users were preferring to access the material using different social media channels. 

15.2     Dave explained that Heads of Service had been asked to review the KPI sub-indicators, especially in light of the Capacity Review and the recommendations made by the Finance Committee.     

 


Meeting: 27/11/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 18 July, actions and matters arising

Supporting documents:

  • Restricted enclosure 158
  • Restricted enclosure 159

Minutes:

ACARAC (05-17) Paper 1 - Minutes of 18 July 2017

ACARAC (05-17) Paper 2 – Summary of actions  

2.1        The minutes of the meeting on 18 July were agreed and the updates on actions captured in paper 2 were noted.  

2.2     Action points 4.4 and 12.2 (project prioritisation) – Dave Tosh confirmed that a paper detailing the prioritisation criteria was presented at Investment and Resources Board (IRB) in June. Applying the criteria would be tested by IRB in December 2017. 

2.3     Action points 4.7 and 4.9 (Auditor General for Wales (AGW) Salary and Consolidated Fund) – Nia Morgan and Gareth Watts met with Welsh Government representatives over the summer recess to discuss the treatment of payments for the AGW.  They were both assured that proper processes were in place for the next AGW appointment and were awaiting an update before the end of the year.  

Actions

-      Gareth to update Committee on Welsh Government process for appointment and payment of AGW once information was received. 

 


Meeting: 27/11/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1     The Committee noted apologies from Suzy Davies and Ann-Marie Harkin. They welcomed a new representative from the Wales Audit Office, Gareth Lucey and wished Matthew Coe the best of luck on his forthcoming secondment. The Chair asked for responses to the comments from Suzy Davies on the papers to be appended to the minutes.  

1.2     Eric Gregory declared that he was the business representative for the Parliamentary Review of Health and Social Care in Wales. 

1.3     No other interests were declared.

 


Meeting: 27/11/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 7)

Update on Policy Management Framework

Supporting documents:

  • Restricted enclosure 164

Minutes:

ACARAC (05-17) Paper 10 – Policy Management Framework

7.1        Gareth presented this paper asking the Committee to note the work being undertaken and the proposed next steps.  When complete, the policies would all be branded and have clear review dates which was seen as essential in terms of good governance. 

7.2        Although the Committee questioned the timing of this work, Gareth assured members that this project was identified in 2014 and was not starting from scratch.  The impact on resource was low and was being managed by a member of the Governance and Assurance team.  

 


Meeting: 27/11/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Capacity review

Supporting documents:

  • Restricted enclosure 167
  • Restricted enclosure 168

Minutes:

ACARAC (05-17) Paper 3 – Capacity Review Supporting Analysis

ACARAC (05-17) Paper 3 – Annex A – Terms of Reference for Capacity Review 

3.1        Gareth Watts and Phil Turner presented an overview of the Capacity Review where they shared the Review’s objectives and some initial findings.       

3.2        The Committee provided some welcome challenge and useful pointers which would be taken on board in preparation for presenting the Review’s findings to the Assembly Commission in January. 

3.3        The Committee suggested the report should clarify that the Commission were starting from a strong base regarding the quality and due diligence of their work, and should maintain that whilst raising efficiency, they should provide practical examples here (e.g. more robust scrutiny of resource requests). They also stressed the importance of using both qualitative and quantitative data in the final report to demonstrate further potential efficiencies whilst maintaining effectiveness. 

3.4        Gareth and Phil welcomed the opportunity for this critical challenge and hoped the Committee could provide further assistance if timing allowed.

Actions

-      Gareth Watts to share updated supporting analysis paper with the Committee when available.

-      Independent Advisers to be involved in progressing the capacity review as appropriate.

 


Meeting: 27/11/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Summary of Scrutiny Sessions (Finance and Public Accounts Committee)

Supporting documents:

  • Restricted enclosure 171
  • Restricted enclosure 172
  • Restricted enclosure 173

Minutes:

ACARAC (05-17) Paper 12 – Finance Committee and Public Accounts Committee Update

ACARAC (05-17) Paper 12 – Appendix 1 FC report

ACARAC (05-17) Paper 12 – Appendix 2 Response to FC report

9.1        Nia and Manon Antoniazzi thanked the Committee for their extremely valuable input in their preparation for the scrutiny sessions held in October.  Following these sessions, a number of recommendations had been suggested by the Finance Committee and the Assembly Commission had formally responded.  The budget for 2018-19 was approved in Plenary on 15 November 2017 and Nia confirmed that she would be considering how the Determination on Members’ Pay and Allowances was treated in other legislatures.      

9.2        The Committee praised Manon for her performance at the sessions, especially considering this was her first as Chief Executive and Clerk, and Accounting Officer.  They also welcomed the offer of an update on the building proposals once the Commission had made its decision in the New Year.  

 


Meeting: 18/07/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

NAV (Finance system) update

Minutes:

ACARAC (04-17) Paper 3 – NAV update

3.1        The Chair welcomed Adrian Crompton (Senior Responsible Owner) and Eve Jennings (Project Manager) to the meeting to present the closure report of phase 1 of NAV.

3.2        The lessons learnt following the HR and Payroll project were studied to ensure that such a significant replacement system was successfully delivered.  The experienced, dedicated PM and her team were commended as were the efforts and commitment of the Finance team. 

3.3        The selection of the supplier (TES) had been critical to the project’s success.  The on-going technical support and work on phase 2 was also very encouraging.    

3.4        Further discussions focused on capturing the positive lessons learnt as well as the negative aspects of the project.  The Committee queried the presentation of the consultancy costs and Nia agreed to provide a note for the Secretariat to include in the minutes. 

3.5        Gareth and Dave assured the board that they would incorporate the lessons identified in the report and, as suggested by the board, within project templates and guidance documentation. 

3.6        Committee members congratulated the project team on the successful delivery of phase 1.  The project team and Nia thanked Keith for his role in providing external assurance and advice to the project team, in particular to Adrian when a ‘go live/no go’ decision was necessary.

Actions

-         Gareth and Dave to ensure lessons learned (both positive and negative) are applied and embedded in working practices.

-         Nia to provide a note for the ACARAC minutes to clarify the variance in the actual consultancy costs versus the forecast as well as the general forecasting profile. 

 


Meeting: 19/06/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 20 March, actions and matters arising

Supporting documents:

  • Restricted enclosure 178
  • Restricted enclosure 179

Minutes:

ACARAC (03-17) Paper 1 - Minutes of 20 March 2017 

ACARAC (03-17) Paper 2 – Summary of actions  

2.1     The minutes of the meeting on 20 March were agreed and the updates on actions captured in paper 2, were noted.   

2.2     Two action points were covered as separate agenda items, namely;

·         feedback on the Cyber Security Awareness Week, which was covered at item 11; and

·         prioritisation criteria for projects which was covered under the change and project management update at item 12. 

2.3     Regarding action point 7.2 (Advise of plans to repeat the benchmarking exercise for annual reports and governance statements with other public bodies and share best practice ideas with the Assembly Commission), Matthew Coe confirmed that they would inform the Committee if and when another benchmarking exercise would take place.  [Since the meeting the WAO have confirmed that a follow-up exercise would be carried out this year and, as it was a good practice exercise, they would be considering whether to repeat it annually.]

2.4     Regarding action point 16.1 (Share details of the current cost of caseworker training), Dave Tosh confirmed that the contract was for one-off casework management training offered for the first time to Assembly Members and their support staff at the start of the Fifth Assembly.  There were therefore no previous costs to use as a comparator.  The Committee were satisfied with this explanation.   

 


Meeting: 19/06/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1     Eric Gregory declared that he was a business representative for the Parliamentary Review of Health and Social Care in Wales. 

1.2     No other interests were declared.

 


Meeting: 19/06/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Feedback on the Cyber Security Awareness week - oral item

Minutes:

Oral item

11.1    Suzy reported that feedback from Assembly Members of their awareness of the cyber security awareness week and the issue of cyber security in general, suggested that the messages had not penetrated as intended.

11.2    Dave agreed to share this feedback with the Head of ICT in order to establish effective means of sharing these powerful and important messages with Assembly Members and their staff.     

Action

-         Dave to provide the Committee with an update on awareness raising around cyber security with AMs and AMSS.

 


Meeting: 19/06/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 18)

Forward Work Programme

Supporting documents:

  • Restricted enclosure 186

Minutes:

ACARAC (03-17) Paper 20 – Forward Work Programme

19.1    The Chair asked for the Committee to review the forward work programme and send any suggested additions to the Clerking team by August.

Action

-         ACARAC members to send suggestions on the FWP to the Clerking team.

 

Next meeting is scheduled for 18 July 2017. 

 


Meeting: 19/06/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

SIRO Annual Report 2016-17

Supporting documents:

  • Restricted enclosure 189

Minutes:

ACARAC (03-17) Paper 16 – SIRO Annual Report 2016-17   

15.1    The Committee welcomed the report which they agreed provided a further level of assurance.  Committee members suggested that qualitative statements were backed up by more specific quantitative evidence in future reports.

15.2    Dave wanted to formally record his thanks to Alison Bond for her hard work and commitment to improving and maintaining information governance standards across the organisation, as outlined in this report, and for her work on preparation for the new GDPR.     

 


Meeting: 19/06/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Change and project management update - oral item

Minutes:

Oral item

12.1     Further to the Committee’s recommendation, Dave informed the Committee that work was underway to develop guidance on the prioritisation of projects for IRB.  It had also been recognised that the challenge and assurance around business cases could be better documented.  The Committee welcomed this and asked for an update when available.    

Action

-         Dave to update the Committee on progress with guidance on project prioritisation.     

 


Meeting: 19/06/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 7)

Annual Report on Fraud

Supporting documents:

  • Restricted enclosure 194

Minutes:

ACARAC (03-17) Paper 11 – Annual Report on Fraud

7.1     Gareth presented this report and confirmed that during 2016-17, there were no cases brought to his attention of actual or suspected fraudulent activity.  The Committee noted the report and recommended that future reports should include an overall assessment of assurances.

7.2     When questioned, Gareth outlined those with responsibility for detection of fraud, which included the Director of Finance and the Heads of Internal Audit and ICT, and agreed to share a list of these with the Committee.  The Committee noted that TIAA and the WAO also shared intelligence with Gareth and Nia, which would continue. 

Actions

-         Gareth to share details of responsibilities for fraud detection with the Committee.

-         Gareth to include an overall assessment of assurances in his next update paper and in future annual reports on fraud.

 


Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 13)

Update on replacement Finance system project - oral item

Minutes:

Oral item 

13.1    Nia and Keith provided the Committee with an update on the finance system replacement project and implementation of the Microsoft Dynamics NAV system. A project board, scheduled for Monday 20 March had been postponed due to a delay in testing the functionality of publishing AMs expenses. The project team did not believe that the issue was technically complicated to fix or would delay the go-live date. 

13.2    The Chair noted the robust governance arrangements applied to this project and asked for Keith to be kept informed of the go-live decision making process and conclusions. Nia confirmed that she remained confident that the go-live date would be 3 April and agreed to send all project related papers to Keith.                                                  

Action

-         Nia to ensure Keith is kept informed of progress and decision making process at key stages.

 


Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Draft Governance Statement 2016-17

Supporting documents:

  • Restricted enclosure 199
  • Restricted enclosure 200

Minutes:

ACARAC (02-17) Paper 10 – Draft Governance Statement for 2016-17 – cover paper 

ACARAC (02-17) Paper 10 – Draft Governance Statement for 2016-17

9.1     Claire introduced the draft Governance Statement. She reported that the process building up to the drafting of the statement was well established, with Heads of Service providing detailed assurance statements to inform the drafting of Directorate-level statements. Hugh’s scrutiny at a Management Board meeting added a further layer of assurance. Claire agreed to share a revised version of the Governance Statement and an outline of the Annual Report with the Committee before Easter recess. 

9.2     Attendees agreed to provide feedback to the Clerking team after the meeting.

9.3     The Committee commended officials on producing a comprehensive draft statement. They suggested highlighting the key corporate risks and elaborating on the value for money initiative.  

Actions

-         Claire to circulate revised draft and outline Annual Report before the Easter recess.

-         Attendees to provide feedback on the draft Governance Statement to the Clerking team.

 


Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Update on fraud and whistleblowing policies

Supporting documents:

  • Restricted enclosure 203

Minutes:

ACARAC (02-17) Paper 12 – Whistleblowing Policy and Fraud Policy Updates

11.1     Gareth updated the Committee on the review of the Commission’s Whistleblowing and Fraud policies. Information on whistleblowing and other methods of raising concerns and complaints was published on the Assembly’s intranet pages and this included a link to an independent email address. Gareth would be working with the Head of HR to ensure there was sufficient awareness across the Commission. 

11.2     There had been no substantive updates to the Fraud Policy or the Fraud Response Plan. 

11.3     In March 2017, the Assembly Commission ran a cyber security awareness week which highlighted the potential risks from cyber-attacks, which included phishing emails that could increase the risk of fraudulent activity. Dave confirmed that constituency offices would receive cyber security awareness training. 

11.4     Suzy Davies and officials agreed to provide the Committee with feedback on how the week was received by Commission staff, Assembly Members and Assembly Members’ support staff.

Action

-         Suzy Davies and Clerking team to gather feedback on the cyber security awareness week amongst AMs, AMSS and Commissioners.

 


Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 6 February, actions and matters arising

Supporting documents:

  • Restricted enclosure 206
  • Restricted enclosure 207

Minutes:

ACARAC (02-17) Paper 1 - Minutes of 6 February 2017 

ACARAC (02-17) Paper 2 – Summary of actions  

2.1     The minutes of the meeting on 6 February were agreed and the updates on actions captured in paper 2, were noted.   

2.2     In relation to the one outstanding action – (paragraph 10.4) Circulate feedback from attendance by Estyn ACAC members at other ACAC meetings, the Chair had received a report of findings. He was pleased to note that the areas of good practice identified in the report, which he agreed to share with the Committee members, were largely a reflection of this Committee’s approach.    

 


Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 18)

Forward Work Programme

Supporting documents:

  • Restricted enclosure 210

Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 17)

Departures Summary and Forward Work Programme

Supporting documents:

  • Restricted enclosure 213

Minutes:

ACARAC (02-17) Paper 16 – Departures summary

ACARAC (02-17) Paper 17 – Forward Work Programme

17.1    The Committee noted one departure from normal procurement procedure.  The Chair requested details of the current cost of caseworker training.

17.2    The Clerking team would update and publish a revised forward work programme.     

17.3    As this was Claire’s final ACARAC meeting, the Chair formally thanked her on behalf of the Committee for helping engender such a positive working relationship and wished her well in the future. 

 

Next meeting is scheduled for 19 June 2017. 

 

 


Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Review the overall Assurance Framework

Supporting documents:

  • Restricted enclosure 216
  • Restricted enclosure 217
  • Restricted enclosure 218

Minutes:

ACARAC (02-17) Paper 11 – Assurance Framework update

ACARAC (02-17) Paper 11 – Annex A – Assurance FW map

ACARAC (02-17) Paper 11 – Annex B - Assurance FW April 16-Mar 17

10.1    The Committee welcomed the revised Assembly Commission’s Assurance Framework and appreciated how well used it was across the organisation.       

 

 


Meeting: 20/03/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests - oral item

Minutes:

1.1     The Chair welcomed Manon Antoniazzi and Kimberly Cowan who were both observing the meeting.  

1.2     Eric Gregory declared that he was a Non-Executive Director on the Cabinet Office Modern Electoral Registration Programme and a business representative for the Parliamentary Review of Health and Social Care in Wales.      

 


Meeting: 06/02/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.0   Item 1 - Introductions, apologies and declarations of interest 

1.1     The Chair welcomed a number of attendees to the meeting.  Apologies from Suzy Davies.  Andy Munro was present as part of his External Quality Assurance Review of Internal Audit and Clive Fitzgerald from TIAA was attending to present the Cyber Security audit report.  

1.2     Eric Gregory declared that he was a Non-Executive Director on the Cabinet Office Modern Electoral Registration Programme and a business representative for the Parliamentary Review of Health and Social Care in Wales.      

1.3     Although not necessarily seen as a conflict, Hugh Widdis wished to record that he was employed by CGU in or around 1998-2000.  CGU later merged with Norwich Union and in due course became Aviva.

1.4     No other interests were declared. 

 


Meeting: 06/02/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 21 November, actions and matters arising

Supporting documents:

  • Restricted enclosure 225
  • Restricted enclosure 226

Minutes:

2.0   Item 2 - Minutes and matters arising 

ACARAC (01-17) Paper 1 - Minutes of 21 November 2016 

ACARAC (01-17) Paper 2 – Summary of actions  

2.1     The minutes of the meeting on 21 November were agreed and the updates on actions captured in paper 2, were noted. 

2.2     Gareth provided an update to action (paragraph 2.3) feedback to the Committee on the outcome of the Governance and Audit team away day.  An afternoon session had recently been convened to review the actions set during the session in May 2016.  A number of positive themes had emerged from these sessions in terms of proactive cross-team and cross-Commission working. A Governance learning module was also being developed for training purposes as part of a Commission Manager Programme.  Gareth agreed to share a detailed update with the Committee. 

2.3     Eric confirmed that the WAO had recently circulated information relating to action point (paragraph 6.4) circulate details of effectiveness surveys from the WAO Chairs of Audit Forum.  Further information would be shared in October provided other committees shared this with the WAO, as we had already done.

2.4     Claire Clancy briefed the Committee on the name change consultation (action point 10.4).  The Consultation would run until the beginning of March and of the 1,721 responses received to date, 65-70% agree or strongly agree that the National Assembly for Wales should change its name.

2.5     Claire also updated the Committee on the Assembly’s Expert Panel on Electoral Reform which was launched on 1 February and would be meeting for the first time on 14 February. 

2.6     The Chair welcomed the recent circulation of the Corporate Key Performance Indicator report.  Officials agreed to review the use of 100% target ratings and the omission of any reference to key projects and programmes.     

2.7     Claire informed the Committee that the Investment and Resourcing Board (IRB) were now receiving regular project and programme activity updates from Directors.  Updates on major projects are provided regularly to the Assembly Commission.

Action

-         Gareth to circulate update on positive changes to the team.

 


Meeting: 06/02/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 15)

Forward Work Programme

Supporting documents:

  • Restricted enclosure 229

Meeting: 06/02/2017 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Update on replacement Finance system project

Supporting documents:

  • Restricted enclosure 232

Minutes:

7.0     Item 8 – Update on replacement Finance system project 

ACARAC (01-17) Paper 9 – Finance project update 

7.1        The Chair thanked Keith Baldwin for his role as a ‘critical friend’ on the replacement finance system project and encouraged officials to use committee members’ expertise on projects and other tasks in future.  He also encouraged the project team to ensure the system was fully embedded into the organisation before a post implementation review took place.  

7.2        Keith’s paper described the encouraging and positive meetings with the project team and project board.  Everyone involved had been enthusiastic about the system and Keith would share his comments on the go-live criteria with the project team. 

7.3        The Committee recognised that all of Keith’s recommendations reflected good practice and should be accepted by the project team.    

7.4        The Committee questioned the re-phasing and timetable of the project.  Eve Jennings welcomed the recommendations in the paper and advised that the phasing of the project had been driven by the supplier.  Data migration had been extremely smooth and the project team were confident that the go live date of 3 April remained achievable. 

Actions

-         Nia to provide an oral update on progress at the March meeting.

-         Keith to provide the project team with his comments on go-live criteria.

 

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Review HMT/other guidance for Audit and Risk Assurance Committees and share examples of best practice from IA and Committee Chair forums

Minutes:

6.0        Item 6 – Review HMT/other guidance for Audit and Risk Assurance Committees and share examples of best practice from IA and Committee Chair forums

Oral item

6.1        Gareth briefly updated the Committee on his recent Intra Parliamentary Forum meeting. A suggestion was made that Chairs of Audit and Risk Assurance Committees could meet in the future to discuss common themes and share best practice.  The Committee endorsed this idea and the Chair was happy for members of the Committee to be involved.  

6.2        Revised and updated Public Sector Internal Audit Standards were scheduled for release in 2017 and although it was not anticipated that these would deviate significantly from existing standards, Gareth confirmed that he would update the Committee on any changes.  Following a round table discussion on risk management and assurance frameworks, Gareth had concluded that the Assembly Commission was mature in these areas relative to others.    

6.3        Cyber security was one of the main topics of discussion and the group recognised the importance of engaging with ICT specialists and agreed to share any future developments in this area.

6.4        The Chair had recently attended an all Wales Audit Committee Chairs’ workshop, organised by the WAO where one of the main topics discussed was committee effectiveness reviews. He had shared an example of the most recent ACARAC survey with the group.  The Chair will circulate papers from the workshop once received from the WAO. 

6.5        Ann-Marie Harkin advised that the afternoon session had concentrated on critiquing Governance Statements from across the public sector.  The Chair said he would be interested to receive feedback on the Assembly Commission’s Governance Statement.      

Actions

-        Chair to circulate papers from the WAO Chairs of Audit Forum.

-        Ann-Marie Harkin to circulate details of comparison and scoring of Annual Governance Statements against other public sector organisations.

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.0     Item 1 - Introductions, apologies and declarations of interest

1.1     The Chair welcomed Victoria Paris to the meeting as an observer from the Governance and Audit team.

1.2     He declared that he was a Non-Executive Director on the Cabinet Office Modern Electoral Registration Programme and a business representative for the Parliamentary Review of Health and Social Care.

1.3     No other interests were declared.

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Assembly Commission's Strategy 2016-21

Supporting documents:

  • Restricted enclosure 239

Minutes:

10.0     Item 10 - Assembly Commission’s strategy 2016-21

ACARAC (05-16) Paper 14 – Strategy document 2016-21

Item 11 - Critical examination of one identified risk – emerging risks associated with new Commission Strategy

Oral item

10.1    Claire presented an update on the Commission’s strategy, as announced in a press release from the Llywydd, which had been circulated in advance of this meeting to Committee members. 

10.2    The focus of the discussion was on: future requirements for the Assembly estate; the capacity of the Assembly and potential for change if the Wales Bill is passed; and work to develop a youth parliament and enhanced use of digital information.  

10.3    In response to questions from Committee members, Claire confirmed that options for funding the additional work around reconfiguring space in Tŷ Hywel would be largely funded from an expected under-spend in the Remuneration Board budget and postponing other projects if necessary. 

10.4    Costs were yet to be clarified for the legislative aspects of the strategy, which would require the creation of a specialist team.  Adrian explained that a group of experts would marshal the evidence that already existed (the Richard Commission, the Silk Commission, Wales Governance Centre reports etc.) on the number of new Assembly Members required, as well as potential electoral arrangements to deliver the changes.  Options, including secondment of specialist staff from the Welsh Government, were being considered to keep costs to a minimum.  

10.5    Claire advised that the Assembly Finance Committee had approved the 2017-18 budget strategy but noted that this had not included the costs of any future reform work.  She also advised that the Committee had not yet reached a conclusion on the budgets beyond 2017-18.  She emphasised that real pace was needed to respond to and deliver the Commission’s strategy. 

10.6    Adrian updated the Committee on proposals to consult on the naming of the Assembly.  The consultation documents would be launched in the coming weeks.  Committee members urged officials to ensure that the consultation reached as wide an audience as possible, beyond those who already engage with the Assembly.  Adrian confirmed that the Commission’s Outreach and Communications teams were actioning this.   

Action

-        Adrian to update ACARAC on consultation and engagement regarding the Commission’s strategy

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Update from the SIRO on FWP and Cyber Security

Supporting documents:

  • Restricted enclosure 242

Minutes:

Commission Governance

8.0        Item 8 - Update from the SIRO on FWP and Cyber Security

ACARAC (05-16) Paper 12 – SIRO Annual Report 2015-16

8.1        Dave Tosh presented the Senior Information Risk Owner (SIRO) annual report, which in future would be timed to coincide with the Assembly Commission’s Annual Report.  He assured the Committee that the report portrayed a continuing good picture of work on information governance, particularly in terms of compliance and awareness raising.

8.2        Dave highlighted that there were no incidents or personal data losses requiring reporting to the Information Commissioner’s Office.  He praised Alison Bond (Information Governance Manager) and legal colleagues for their work with Assembly Members (AMs) and their support staff pre-and post-election.  They also commended the thorough preparation of an action plan prior to the new General Data Protection Regulations (GDPR) which the Information Commissioner’s Office had endorsed as best practice.

8.3        He then described the penetration testing of internal facilities management systems and the IT infrastructure in general.  He was assured by the safeguards in place, but increased vigilance was required by Commission staff, AMs and support staff.   

8.4        Along with the cyber security awareness sessions that had been rolled out, the Investment and Resourcing Board had recently agreed to appoint a cyber security specialist.  All Outlook mailboxes had been successfully migrated to the cloud, with migration of the data planned for next year, which would strengthen controls. 

8.5        Dave had discussed cyber security with a contact at the Ministry of Justice who described similar awareness sessions and guidance that they had developed. 

8.6        Dave also mentioned the roll out of Office 365 which had security benefits for sharing sensitive documents in a secure manner.  Dave would look into potential options for sharing access to Office 365 with Committee members.             

8.7        Dave confirmed that all but three employees had now been security cleared to CTC or above.                            

Action

-        Dave to consider strengthening the advice to AMs and AMSS on their responsibilities around cyber security. 

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 11 July, actions and matters arising

Supporting documents:

  • Restricted enclosure 245
  • Restricted enclosure 246

Minutes:

2.0           Item 2 - Minutes and matters arising

           ACARAC (05-16) Paper 1 - Minutes of 11 July 2016

           ACARAC (05-16) Paper 2 - Summary of actions

2.1           The minutes of the meeting on 11 July 2016 were agreed and the updates on actions, captured in paper 2, were noted.

2.2           Suzy Davies thanked the Chair, Assembly Commission staff and the Wales Audit Office (WAO) for taking the time to meet with her since the previous meeting. 

2.3           Gareth provided an update to the Committee on changes to the Governance and Audit team (ref action at paragraph 3.4).  He stated that following a productive team away day in May, some changes had been implemented to provide a more joined up governance advisory and support service across the Commission. 

2.4           He added that the Business Continuity Manager and Information Governance Manager joining the team on a permanent basis had increased resilience within the wider team.  An example of this was the combined work being done on reviewing our cyber security risks and resilience and raising awareness of this across the Commission and with Assembly Members and their support staff.

2.5           Gareth then described a number of initiatives that had been continued or recently introduced by the team. They included:

·                ‘Governance Matters’ meetings which had been conducted with all Heads of Service for the second year running. 

·                The launch of a key governance dates calendar which had been well received.  This was used to inform Heads of Service of key governance events that they may have to prepare for or contribute to. 

·                A partnership approach with a member of the Governance and Audit team assigned to specific service areas to act as an initial point of contact and to develop links and forge closer relationships. 

2.6           Victoria Paris described her work on the key performance indicator (KPI) reports and on the policy review. This review will create a formal policy register for the Commission, provide for clear branding of policies, clarify ownership, and review responsibilities and timescales.

2.7           Gareth informed the Committee that a follow up session would be arranged in January to track the actions agreed in May and he would present a further update to the Committee in February.

Action

-                        Gareth to feedback to the Committee on the outcome of the Governance and Audit team away day.

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 19)

Forward Work Programme

Supporting documents:

  • Restricted enclosure 249

Minutes:

18.0     Forward Work Programme

ACARAC (05-16) Paper 21 – Forward Work Programme

18.1    The Clerking team would update and circulate the Forward Work Programme.  

19.0   Private session

19.1    Dave and Nia had attended a private session with members of the Committee prior to the meeting.  No minutes were taken.

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 16)

HR Payroll review

Supporting documents:

  • Restricted enclosure 252

Minutes:

15.0     HR Payroll review

ACARAC (05-16) Paper 19 – HRP project review

15.1    The Committee welcomed this honest and useful review of the recent HR/Payroll project and urged officials to ensure future reviews captured benefits realisation and post implementation analysis.

 


Meeting: 21/11/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

Update on replacement Finance system project

Supporting documents:

  • Restricted enclosure 255
  • Restricted enclosure 256

Minutes:

13.0     Update on replacement Finance system project

ACARAC (05-16) Paper 17 – Finance system project update

ACARAC (05-16) Paper 17 – Annex A – Dashboard

13.1    Adrian introduced the update paper and dashboard.  Comprehensive project planning and preparation had resulted in identification of a capable supplier which was approved by the Investment and Resourcing Board in April.  The Finance team and the project board were content with progress so far, with the project on track to complete all three phases by the end of the financial year.    

13.2    Dave agreed with Adrian’s analysis of the capability of the supplier from an ICT perspective, especially their history of working with other public sector organisations. 

13.3    The Committee were pleased to note that Keith would continue to act as a critical friend and officials agreed to ensure that the necessary documentation was circulated to him for comment.  They also noted Gareth’s membership of the project board, which provided additional independent assurance. The Committee also noted that this demonstrated improvement in the project management capability of the organisation.

13.4    In response to questions from the Committee on the timescales for the project, especially considering the thorough User Acceptance Testing (UAT) required, Adrian and Nia agreed to revisit the ‘go live’ criteria, roll back and contingency plans with the project manager and board. 

Actions

-        Officials to engage Keith Baldwin in discussions around implementation of the Finance System Replacement Project and feed back to the Committee at the February meeting.

-        Adrian and Nia to discuss the UAT, ‘go live’ criteria, roll back and contingency plans with the project manager and board. 

 


Meeting: 11/07/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Business Efficiency review

Minutes:

ACARAC (04-16) Paper 6 – Business Efficiency Review – Additional Information

ACARAC (04-16) Paper 7 – Review of the Assembly Commission’s Approach to Organisational Efficiency and Effectiveness (previously circulated in May)

5.1        The Chair welcomed these papers, especially the quantitative analysis presented to the Committee. 

5.2        Dave described the impressive levels of savings as a result of insourcing ICT services and the on-going work across the organisation to continuously look for opportunities to change and improve processes.  Although the papers primarily captured savings realised within the Resources Directorate, any good practice would be shared across the organisation. 

5.3        He then described the capacity planning round that was due to be conducted by Management Board.  This piece of work, as well as scenario planning and the Assembly Members survey, would all feed into future efficiency and effectiveness work.

5.4        The Committee encouraged Dave to take a holistic and challenging view of business efficiency, and to consider measuring the saving/efficiencies through corporate key performance indicators.  They were pleased that this approach would be shared with other Directorates. 

5.5        Claire described her role in giving evidence to the Finance Committee that resources were being used wisely.  She believed that combining these Business Efficiency Review papers would demonstrate, in a tangible way, how the Commission is achieving its goal of driving for efficiency, whilst delivering excellent customer services. 

5.6        Dave agreed to combine both papers as a briefing paper for Claire and the Commissioner in time for the Finance and Public Accounts Committee meetings in the autumn.  This would also be shared with ACARAC members for comment.       

Action

-        Dave to combine both papers in preparation for the Public Accounts and Finance Committees in the autumn, and to canvass the views of ACARAC members. 

 


Meeting: 11/07/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Forward Work Programme

Minutes:

ACARAC (04-16) Paper 8 – Forward Work Programme

6.1        The Secretariat agreed to add the items captured during the meeting to the forward work programme and to consider the Commission’s new strategy.  

6.2        They would also arrange meetings for Suzy Davies with the following:

·         Chair of ACARAC

·         Head of Internal Audit

·         Ann Marie Harkin (WAO)

Action

-        Committee to consider the Assembly Commission’s strategy (yet to be agreed).   

Next meeting is scheduled for 21 November 2016.

 


Meeting: 11/07/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 13 June, actions and matters arising

Minutes:

ACARAC (04-16) Paper 1 - Minutes 13 June

ACARAC (04-16) Paper 2 – Summary of actions

2.1     The minutes of the meeting on 13 June 2016 were agreed and the updates on actions, captured in paper 2, were noted.

2.2     Following a discussion on the significant issues which had previously been discussed by the Committee, and other important reference materials, the Secretariat agreed to prepare a pack of papers for Suzy Davies to ensure she was fully informed of the Committee’s work to date. 

2.3     The Chair asked Dave Tosh to update the Committee on the Commission’s work on Cyber Security.  Dave confirmed that although this was not a risk on the corporate risks register, a presentation was scheduled for the July Management Board. 

2.4     Dave described his responsibilities as Senior Information Risk Owner (SIRO) and agreed to provide the Committee with a paper highlighting his programme of work over the coming months.    

2.5     Claire Clancy informed the Committee that following a recent recruitment exercise to appoint a new Director of Finance, they had been unable to appoint a suitable candidate.  She assured the Committee that she had no concerns regarding the management of Assembly funds and that other arrangements were being put in place.

Actions

-      Secretariat to prepare a pack of papers for Suzy Davies AM on the significant issues that have been considered by the Committee and other reference material.    

-      SIRO to provide his on-going programme of work to the Committee.  Secretariat to add this to the FWP.      

 


Meeting: 11/07/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1        The Chair welcomed Suzy Davies to her first meeting of the Committee and noted three apologies. 

1.2        The Chair declared that he was a Non-Executive Director on the Cabinet Office Modern Electoral Registration Programme.

1.3        No other interests were declared.

 


Meeting: 13/06/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Update on Fifth Assembly transition

Minutes:

Oral item

8.1     Claire provided the Committee with a very positive report on the transition to the Fifth Assembly.  Planning for dissolution and the post-election period had been very thorough and effective and she and her staff had received high praise from returning and new Assembly Members.  A letter of thanks and praise had also been received from Her Majesty the Queen.  The take up of Continuous Professional Development across all parties had also been positive. 

8.2     Claire described how the procedural side of the early days post-election had also worked well, particularly as Commission officials were responding to unfamiliar circumstances around the appointment of a First Minister and the challenge of different ways of working, such as secret ballots for election of the Llywydd (Presiding Officer) and Deputy Presiding Officer.  She also explained that risks around compliance with the Political Parties, Election and Referendums Act (PPERA) 2000 were being managed.

8.3     During the dissolution period, the Siambr in the Senedd had undergone a complete refresh as had some of the Members’ offices.  The Chair praised the Commission for demonstrating effective business continuity for the use of Siambr Hywel during this period for the recall of the Assembly due to the steel industry crisis.  The recent Royal opening had also been very successful due to effective planning and Claire expressed her pride in everyone’s efforts. 

8.4     Claire also updated the Committee on discussions held by Business Committee on plans for early business, including the structure of Assembly committees and a further review of Standing Orders.

8.5     The Chair thanked Claire for this update and congratulated her and her team for delivering such an outstanding service.     

 


Meeting: 13/06/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 25 April, actions and matters arising

Minutes:

ACARAC (03-16) Paper 1 – minutes of 25 April

ACARAC (03-16) Paper 2 – Summary of actions

2.1     The minutes of the meeting on 25 April 2016 were agreed and officials provided the following updates on the outstanding actions.

2.2     Claire Clancy confirmed that Dave Tosh would be presenting an updated Business Efficiency Review document at the July meeting.  This would take account of comments from Committee members. 

2.3     Claire agreed to keep the Committee informed on the potential purchase of Hywel but stressed that this was dependent on the new Assembly Commission’s priorities. 

2.4     Claire also confirmed that the Management Board would be considering the risks around senior management changes at its meeting in June and that a meeting in July had been assigned to undertake a full review of the Commission’s risks.   

2.5     The clerking team would ensure that any comments relating to Internal Audit reports circulated out of committee would be captured and stored appropriately.  They also confirmed that the Assurance Framework was on the Forward Work Programme for November.   

 


Meeting: 13/06/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Papers to note and any other business

Minutes:

ACARAC (03-16) Paper 10 - Departures summary

ACARAC (03-16) Paper 11 - Forward Work Programme

11.1    The Committee noted one departure from normal procurement procedure.

11.2    A revised forward work programme would be circulated in July to reflect changes agreed by the Committee.

11.3    Claire informed the Committee about an issue regarding the payment of the Auditor General For Wales.  

11.4    The Chair concluded the meeting by thanking everyone for their papers and contributions. 

Actions

Clerking team to:

-        update FWP for November 2016 to include both the HR/Payroll project closure report and feedback from the Chair on presentation of the ACARAC Annual Report to the Commission.

-        confirm dates for future meetings when Commissioner with responsibility for governance has been confirmed.

 

Next meeting is scheduled for 11 July 2016.

 


Meeting: 13/06/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Fraud Report

Minutes:

ACARAC (03-16) Paper 5 – Annual Report on Fraud

5.1     Gareth was pleased to report that during 2015-16 there had been no cases brought to his attention of actual or suspected fraudulent activity regarding cash, allowances and expenses or theft of assets. 

5.2     The Committee and the WAO made reference to work undertaken by the Commission to strengthen internal controls to prevent or detect fraud and in raising staff awareness which had been a priority following the previous incident.  The WAO frequently shared examples of fraud across the public sector with Nia Morgan and Gareth and would continue to do so.  They believed that prevention and awareness, including sharing details of attempted fraudulent behaviour, as well as having robust controls in place, were fundamental to tackling fraud.  

5.3     The Committee welcomed this well written report, subject to the rewording of paragraphs 3.1 and 3.2.

Action

-        Gareth to clarify reference to coverage of live data in the Annual Fraud Report.

 


Meeting: 13/06/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1        The Chair informed the Committee that although Commissioners had been appointed, there was no representative at this meeting as their portfolios had not yet been agreed.  He also wanted to formally thank Angela Burns on behalf of the Committee for her five years of service as a member of the Committee and wished her the best for the future. 

1.2        The Chair welcomed Ian Summers to the meeting.  Ian is providing support, challenge and assurance to the Statement of Accounts.

1.3        The Chair declared that he was a Non-Executive Director on the Cabinet Office Modern Electoral Registration Programme.

1.4        No other interests were declared.

 


Meeting: 25/04/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 15)

Update on Fifth Assembly Transition

Minutes:

Oral Item

15.1     Claire was pleased to report that Fifth Assembly Transition plans were all on track and praised the team for their hard work.

15.2     From an Assembly Members’ perspective, Angela Burns wanted to praise those involved as the arrangements had been handled and explained extremely well.

15.3     The Chair congratulated Claire and her team for their thorough preparatory work.  

 


Meeting: 25/04/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 18)

Papers to note and any other business

Supporting documents:

  • Restricted enclosure 279
  • Restricted enclosure 280
  • Restricted enclosure 281

Minutes:

ACARAC (32) Paper 19 – Terms of Reference

ACARAC (32) Paper 20 - Departures summary

ACARAC (32) Paper 21 - Forward Work Programme

18.1     The revised Terms of Reference were agreed.

18.2     The Committee noted three departures from normal procurement procedure.

18.3     The Chair concluded the meeting by thanking everyone for their papers and contributions. 

Private session

A private session with Committee members was attended by the Commission’s external audit representative Matthew Coe. No minutes were taken.

 

Next meeting is scheduled for 13 June 2016.

 


Meeting: 25/04/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

Draft Governance Statement for 2015-16

Supporting documents:

  • Restricted enclosure 284

Minutes:

ACARAC (32) Paper 16 – cover paper and Draft GS 2015-16

14.1     Claire presented the draft Governance Statement to the Committee and thanked Keith Baldwin for his input at the challenge session at Management Board in February.  Keith added that the process had worked well, particularly the focus on Director-level statements.

14.2     The drafting of the Commission’s Annual Report and Accounts was well advanced and Claire was confident it would be finalised according to the timetable. 

14.3     The Committee made some minor suggestions which would be taken on board for the next draft but welcomed early sight of the statement and were encouraged by the progress of the Annual Report and Accounts.   

Action

-        Claire to consider including an organisational structure chart under the appropriate heading in the Governance Statement. 

 


Meeting: 25/04/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 13)

Update on Assurance Framework

Supporting documents:

  • Restricted enclosure 287
  • Restricted enclosure 288
  • Restricted enclosure 289

Minutes:

ACARAC (32) Paper 15 – cover paper

ACARAC (32) Paper 15 – Annex A

ACARAC (32) Paper 15 – Annex B

13.1     The Chair welcomed this exemplar framework document and the discussion that proceeded on the benefits of its use in the organisation.

13.2     Dave and Kathryn advised that they would be taking on board feedback from Management Board members when considering the most efficient and effective way to gather assurances going forward.     

Action

-        Gareth to update the Committee on further use of the Assurance Framework.

 


Meeting: 25/04/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 12)

Update on fraud and whistleblowing policies

Supporting documents:

  • Restricted enclosure 292

Minutes:

ACARAC (32) Paper 14 – Whistleblowing Policy and Fraud Policy Updates

12.1     Following a review of both policies, Gareth informed the Committee that he would be working with the Head of Human Resources to publicise the whistleblowing policy. 

12.2     The Committee welcomed this approach, especially as there were no cases of whistleblowing reported which, whilst this could mean there was no cause for concern, could also potentially indicate that employees were unaware of the policy. 

12.3     The Annual Report on Fraud would be presented to the Committee in June.

 


Meeting: 25/04/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 8 February, actions and matters arising

Supporting documents:

  • Restricted enclosure 295
  • Restricted enclosure 296

Minutes:

ACARAC (32) Paper 1 - Minutes of 8 February 2016

ACARAC (32) Paper 2 – Summary of actions

2.1        The minutes of the meeting on 8 February 2016 were agreed and officials provided the following updates on the outstanding actions.

2.2        Dave Tosh confirmed that a paper presenting the work around the Business Efficiency Review was on the Committee’s forward work programme for the June meeting.  

2.3        In relation to the action for approaching the Wales Governance Centre (2.4), Claire Clancy confirmed that the dates of future meetings had been passed on and the item would be added to the forward work programme in due course.  

2.4        Kathryn Hughes would gather feedback from the observer at the February meeting to be presented at a future meeting.    

2.5        All other actions would be covered as agenda items at this, or future meetings. 

 


Meeting: 25/04/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1        The Chair welcomed Nia Morgan to her first meeting.  He also noted the late apology from Ann-Marie Harkin and urged attendees to prioritise the long-standing commitment to meetings of this Committee.  

1.2        The Chair declared that he was a Non-Executive Director on the Cabinet Office Modern Electoral Registration Programme.

1.3        No other interests were declared.

 


Meeting: 08/02/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1        The Chair welcomed Rheon Tomas as an observer to the meeting.  He is Chair of the audit committee at Estyn - HM Inspectorate for Education and Training in Wales, and a member of the audit committees at National Museum Wales, Welsh Language Commissioner and Qualifications Wales.

1.2        Rheon declared that he was a trainer for CIFPA’s Certificate in Corporate Governance and Effective Audit Committee course which had been attended by few Assembly officials.  

1.3        No other interests were declared.

 


Meeting: 08/02/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes, actions and matters arising

Supporting documents:

  • Restricted enclosure 303
  • Restricted enclosure 304

Minutes:

ACARAC (31) Paper 1 - Minutes of 16 November 2015

ACARAC (31) Paper 2 – Summary of actions

2.1        The minutes of the meeting on 11 November 2015 were agreed and officials provided the following updates on the outstanding actions.

2.2        In relation to the action to Research CIPFA Finance Review (5.2), Nicola Callow confirmed that this was being handled by the internal audit contractor, TIAA.  She had also been in touch with a contact from the Ministry of Justice who had been provided by the Chair, to discuss lessons learnt on the finance system replacement project. 

2.3        No suggestions had been received in relation to the action for Committee and officials to inform Chair of areas of significant interest where an external presenter may provide some added value (10.1).  This action would remain open to accommodate any future ideas and, in the meantime, the Chair would share a ‘lessons learned’ review of the Electoral Registration Transformation Programme (ERTP) with the committee. 

2.4        Hugh Widdis suggested arranging a presentation to gain an external perspective around constitutional change.  The Chair and Claire welcomed this and asked the clerking team to make the necessary arrangements.      

2.5        The Chair agreed to receive an update on the Business Efficiency Review (11.3) at the June meeting. 

2.6        In relation to the action around progress of the CODA finance system replacement (12.3), Nicola advised that a revised version of the business case had been presented to the Investment and Resourcing Board and a revised analysis of the costs would be submitted shortly.  Keith Baldwin was providing independent support. 

2.7        Dave Tosh informed the board that a final draft of the HR and Payroll project closure report (13.1) was being prepared and would be circulated in due course.

2.8        In relation to the action for Management Board to re-assess Cyber Security risk (14.3), Dave advised that good progress had been made. An internal review of ISO 27001 (Certification in Information Security Management) had provided strong assurance from an infrastructure perspective but had highlighted gaps in policy and the general need to raise awareness across the organisation.  Committee members welcomed the proposed use of an expert from North Wales Police to assist with further assessment of the risks faced by the Commission.     

2.9        All other actions would be covered as agenda items at this, or future meetings.

Actions

-        Chair to circulate an ERTP ‘lessons learned’ report.

-        Liaise with Head of Strategic Transformation to discuss approaching Wales Governance Centre in relation to attending an ACARAC meeting in June or November to discuss constitutional issues from an external, independent perspective. 

-        Dave to advise on progress with the Business Efficiency Review at June ACARAC meeting. 

-        Dave to circulate HR/Payroll closure report when available.    

 


Meeting: 08/02/2016 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Update the committee on recent training events and co-operation between auditors and other review bodies

Minutes:

11.1     The Chair had recently attended a session organised by the WAO for Chairs of Audit Committees in Wales.  The session focused on assurance mapping, fraud and annual reporting.  He would circulate an NAO report on best practice for annual accounts, and would give an Effectiveness Review presentation at the next WAO Audit Committee Chairs meeting.

11.2     Assembly officials had attended a course run by CIFPA on Effective Audit Committees.  The course, attended by a variety of people from Chairs to non-executive members provided further reassurance of the good practice already in place at the Assembly.  The following points were reported back from the course:

·                Revising/updating the current terms of reference to be more user friendly and jargon free. 

·                Keeping Committee members informed by continuing to circulate any documents for information, e.g. KPI Report, Chief Executive update etc.

·                Different approaches to self-assessment e.g. a 5-point rating scale.

·                With a focus on the Governance Statement, at each meeting, a check on each item on the agenda to assess any impact on the Governance Statement. 

·                At end of each meeting, members to be given the opportunity to add anything in relation to specific items discussed.

11.3    Gareth informed the committee of a recent meeting with the Head of Audit at the Welsh Government where he shared the Assembly’s Assurance Framework and our approach to the Governance Statement.  During 2016-17, Gareth has to complete an External Quality Assurance Review.  The Welsh Government had recently concluded theirs so he was able to acquire a copy for information.     

11.4    Gareth would also be attending an Intra Parliamentary Forum in Scotland in February to share examples of best practice and approaches to audit planning.  He planned on discussing approaches to cyber security audit work with his counterpart from Northern Ireland and meeting with his Scottish counterpart to understand the auditing of Members’ expenses.

Action

-        The Chair to circulate a NAO report on best practice for annual accounts.

 


Meeting: 16/11/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 16)

Papers to note and any other business

Supporting documents:

  • Restricted enclosure 309
  • Restricted enclosure 310

Minutes:

ACARAC (30) Paper 15 - Departures summary

ACARAC (30) Paper 16 - Forward Work Programme

16.1     The Committee noted the three departures from normal procurement procedure.

16.2     The Clerking team would ensure that the Forward Work Programme (FWP) captures the information published in the HMT handbook.

Action

-        Ensure FWP captures HMT handbook information.

 

Next meeting is scheduled for 8 February 2016, timing to be confirmed.

 


Meeting: 16/11/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 12)

Update on project to replace Finance system

Supporting documents:

  • Restricted enclosure 313

Minutes:

ACARAC (30) Paper 11 - CODA Finance System Replacement

12.1     Nicola stated that Microsoft Dynamics appeared to meet the Commission’s needs in terms of functionality and bilingual capability.  Further work was required to finalise the business case and procurement strategy.  She explained that the planned in-house development work and the scheduled go-live date of April 2017 was based on a full OJEU tender.    

12.2     The Committee welcomed the update and were interested in the process of implementing an in-house developed IT system.  Keith Baldwin (as external challenge) had commented on the business case and felt that the project was going in the right direction, although concerns were raised about the length of time the planning phase was taking.

12.3    Dave Tosh informed the Committee that Microsoft Dynamics was a mid-range finance system and the configuration element of system could be managed internally.  This complied with the Application Strategy of the organisation and two successful projects, Sharepoint and Lync, were delivered using a similar methodology.  The Commission would visit reference sites using Microsoft Dynamics.    

Actions

-        Update on progress of the CODA Finance system replacement.

-        Chair to share Ministry of Justice Finance system replacement project contact with Nicola.

 


Meeting: 16/11/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Review of HMT and other guidance for ACARAC

Minutes:

5.1        There were no changes to the HM Treasury handbook apart from guidance for simplifying and streamlining accounts which was in hand.

5.2        The Chair reported that the Ministry of Justice Legal Aid Agency, where he is a Non-Executive Director, had undergone a CIPFA Finance Review, covering all aspects of financial management, and that this had been a useful and informative exercise.  Nicola will research this.  The Chair will attend a meeting for Wales Audit Committee chairs in February and report back to ACARAC.

5.3        Gareth and Buddug will attend a CIPFA Effective Audit Committee workshop in December and will update ACARAC.  

Action

-        Nicola to research CIPFA Finance Review. 

-        Eric to share learning points/experiences post Wales Audit Committee chairs.

-        Gareth and Buddug to share learning points/experiences post CIPFA Effective Audit Committee training.

 


Meeting: 16/11/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 13)

Update on phase 2 HR and Payroll project

Supporting documents:

  • Restricted enclosure 318

Minutes:

13.1     The Chair welcomed this update and asked for the closure report and benefits review to be circulated to the Committee. 

Action

-        HR and Payroll project to circulate closure report and benefits review.

 


Meeting: 16/11/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Consider external presentation/input

Minutes:

10.1     The Chair had invited an external presenter to the autumn 2014 ACARAC. The Chair asked the Committee to consider ways that external expertise could add the most value to Committee discussions. 

Action

-        Committee and officials to inform Chair of areas of significant interest where an external presenter may provide some added value.

 


Meeting: 16/11/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 9 July meeting, actions and matters arising

Supporting documents:

  • Restricted enclosure 323
  • Restricted enclosure 324

Minutes:

ACARAC (30) Paper 1 - Minutes of 9 July 2015

ACARAC (30) Paper 2 – Summary of actions

2.1        The minutes of the meeting on 9 July 2015 were agreed and progress on actions noted.

 


Meeting: 16/11/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1        The Chair declared that he was a Non-Executive Director in the Cabinet Office Constitutional Reform team.

1.2        No other interests were declared.

 


Meeting: 09/07/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1        The Chair welcomed attendees to the meeting and thanked them for their commitment and flexibility.  He would like to review the 2014-15 Annual Report/Statement of Accounts process and would agree the approach to this with Claire Clancy and Nicola Callow.

Action

-        Eric, Claire and Nicola to agree approach to reviewing 2014-15 Annual Report/Statement of Accounts process.    

1.2        No interests were declared.

 


Meeting: 09/07/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 4)

Paper to note and any other business

Supporting documents:

  • Restricted enclosure 331
  • Restricted enclosure 332
  • Restricted enclosure 333

Minutes:

Compliance checklist

ACARAC (29) Paper 6 – compliance checklist to those charged with governance

ACARAC (29) Paper 7 – compliance checklist to those charged with management

4.1        Ann-Marie Harkin introduced the item on the compliance checklist, the use of which had been recommended by the National Audit Office for England and Wales.  The WAO were grateful for the Committee’s prompt response and subsequent approval of the compliance checklist.  Although it may be presented in a different format, the checklist had been added to the forward work programme to be considered at an appropriate time next year. 

4.2        The Chair questioned the term used to describe the Committee as ‘those charged with governance’ and reminded the WAO that the Committee was advisory. 

4.3        The WAO confirmed that this would be corrected in future documentation.          

Departures Summary

ACARAC (29) Paper 8 – Departures summary

4.4        The Committee noted one departure from normal procurement procedure.

 


Meeting: 09/07/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 3)

Committee's Forward Work Programme

Supporting documents:

  • Restricted enclosure 336

Minutes:

ACARAC (29) Paper 5 – Draft Forward Work Programme

3.1        The Chair welcomed the comments that he had received regarding the forward work programme and would work with the Clerking team to ensure that agenda items remained scheduled around key events and as evenly spread as possible. 

3.2        An updated version would be circulated to all members before being published on the Committee’s Internet pages.   

Action

-        Kathryn Hughes to circulate finalised FWP to Committee members.            

 


Meeting: 09/07/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 5)

Annual Report and Statement of Accounts

Minutes:

ACARAC (29) Paper 3 – Annual Report and Accounts- cover paper

ACARAC (29) Paper 3 – Annual Report and Accounts

5.1        Claire introduced the Annual Report which she felt was an accurate and strong narrative of the work delivered by the Assembly Commission in 2014-15.

5.2        The Committee agreed that this was an impressive document and praised Claire and her team for the hard work in producing such a comprehensive report.

5.3        Nicola presented the Statement of Accounts and confirmed that the final outturn figure had increased by £2000 to £64000, representing a 0.1% underspend.

5.4        The actions taken regarding all suggested changes to and comments on Using Resources Wisely and the Statement of Accounts raised by ACARAC and the WAO were itemised to provide a full audit trail.            

5.5        The Committee concluded by recommending to the Accounting Officer that she should sign the accounts.  The Chair noted that any further audit findings would be covered in the Management Letter which would be circulated over the summer.

Action

-        Nicola confirmed that she would circulate the Management letter to Committee Members over the summer.


Meeting: 09/07/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 8 June meeting, actions and matters arising

Supporting documents:

  • Restricted enclosure 341
  • Restricted enclosure 342

Minutes:

ACARAC (29) Paper 1 - Minutes of 8 June 2015

ACARAC (29) Paper 2 – Summary of actions

2.1    The minutes of the meeting on 8 June 2015 were agreed.

2.2    Sharing knowledge on fraud (action 6.4) – the WAO agreed to update the board at the appropriate time.

2.3    Streamline structure of accounts (action 7.2) – the Chair asked for this to be considered as early as possible.

2.4    Role and responsibilities of SRO of Fifth Assembly (action 10.2) – Claire confirmed that this was complete.  

2.5    Dave Tosh updated the committee on the recent comprehensive review of the Commission’s corporate risk register by Management Board.  A number of new risks were identified and were being fully documented.

2.6    Claire confirmed that a number of other potential risks were also discussed.  However the Board had agreed that, due to confidence in the controls in place to manage these through effective planning and delivery of service level objectives, they did not need to be recorded on the corporate risk register.  This would help ensure that the focus was placed on those risks that gave the Management Board greatest cause for concern.

 

 

 

 

 

 


Meeting: 08/06/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Internal Audit Annual Report on Fraud

Supporting documents:

  • Restricted enclosure 345

Minutes:

ACARAC (28) Paper 7 - IA Annual Report on Fraud

6.1        This report gave the Committee a synopsis of the one case of fraud, identified in May 2014.  An assessment of the adequacy of the controls in place, the work undertaken to raise staff awareness of fraud risks and to establish areas of focus for covering fraud risks would be carried out over the coming year. 

6.2        Ann-Marie Harkin and Matthew Coe informed the Committee that the WAO had prepared a generic questionnaire on dealing with fraud for all its clients to complete.  A copy would be sent to Claire Clancy.

6.3        When questioned about the Commission’s sources of intelligence on fraud, Gareth confirmed that TIAA and the WAO provided regular updates on fraud incidents. 

6.4        The Committee agreed that Gareth should explore the role of the National Fraud Authority (NFA) and to be pro-active in the sharing of intelligence in the future.                  

Actions

-         Gareth Watts to liaise with WAO to ensure intelligence and contacts around fraud are shared, especially with the National Fraud Authority (NFA).

 


Meeting: 08/06/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 20 April meeting, actions and matters arising

Supporting documents:

  • Restricted enclosure 348
  • Restricted enclosure 349

Minutes:

ACARAC (28) Paper 1 - Minutes of 20 April 2015

ACARAC (28) Paper 2 – Summary of actions

2.1        The minutes of the meeting on 20 April 2015 were agreed.

2.2        3.8 Security – Dave Tosh confirmed that South Wales Police were happy to provide confidential briefings on potential threats. The Committee suggested that Dave develop clear mutual understanding with South Wales Police about methods of communicating and recording such briefings.

 


Meeting: 08/06/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1     The Chair welcomed the attendees to the meeting and declared that he was currently a Non-Executive Director on the Electoral Registration Transformation Programme.

1.2        David Melding declared that he was a Trustee for the National Assembly for Wales Members' Pension Scheme.

1.3        No other interests were declared.


Meeting: 08/06/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 12)

Papers to note and any other business

Supporting documents:

  • Restricted enclosure 354
  • Restricted enclosure 355

Minutes:

ACARAC (28) Paper 12 - Departures summary

ACARAC (28) Paper 13 - Forward Work Programme

12.1     The Committee noted one departure to normal procurement procedures. 

12.2     An updated Forward Work Programme would be prepared by the Clerking team and presented to the Committee in July. 

Next meeting is scheduled for 6 July 2015.

 


Meeting: 08/06/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Update following the Business Continuity exercise 27 April 2015

Minutes:

11.1   This item was discussed under item 9.

 


Meeting: 08/06/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

2014-15 Draft Annual Report and Statement of Accounts

Supporting documents:

  • Restricted enclosure 360

Minutes:

ACARAC (28) Paper 9 – 2014-15 Draft Annual report and Statement of Accounts

8.1     An extensive discussion took place on the annual report and statement of accounts.  The report was commended by the Committee and the following suggestions were made:

·                     Cross reference the KPI report to evidence the key achievements in performance.

·                     The transition to an insourced ICT arrangement needed elaboration.

·                     The Business Efficiency Review could be expanded upon.

·                     Highlight the Value for Money successes but also describe enhanced levels of service.

·                     Be clear about when savings could be rolled over year-on-year, and when costs should be re-baselined.

·                     Capture positive quotes from staff and Assembly Members’ survey results if available.

·                     Ensure the section on losses was explained fully.

8.2       Officials accepted the comments and a final version would be presented to the Committee in July.    

 


Meeting: 20/04/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 15)

Papers to note and any other business

Supporting documents:

  • Restricted enclosure 363
  • Restricted enclosure 364
  • Restricted enclosure 365

Minutes:

ACARAC (27) Paper 18 – Revised Terms of Reference

ACARAC (27) Paper 19 – Departures Summary

ACARAC (27) Paper 20 – Forward Work Programme

15.1    All three papers were noted and Committee members were asked to inform the Clerking team of their availability for future meeting dates.

 

Next meeting is scheduled for 11:00 8 June 2015.

 


Meeting: 20/04/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 14)

Northern Ireland Assembly visit by Assembly Officials

Minutes:

14.1        Dave thanked Hugh and his colleagues for the opportunity to visit the Northern Ireland Assembly.  They had found discussions about current and future budgets, VfM, benefits realisation and process improvements extremely beneficial.  Constitutional issues were also considered, and there would be further discussion of the business management system.       

 


Meeting: 20/04/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 12)

Meeting The Commission's Needs For Project And Change Management

Supporting documents:

  • Restricted enclosure 370

Minutes:

ACARAC (27) Paper 16 – Update on Project Management approach

12.1    Covered under item 4.

 


Meeting: 20/04/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Capacity Planning and Recruitment

Supporting documents:

  • Restricted enclosure 373

Minutes:

ACARAC (27) Paper 14 – Capacity Planning and Recruitment

10.1        Mike and Dave presented this paper and confirmed that the guidance and procedures detailed in the paper were now fully in place and that IRB considered each Recruitment Authorisation Document in the context of the capacity planning exercise.  They felt that this was extremely beneficial and, when assessing a request to recruit, always considered whether the service could be delivered in a different way.  

10.2        The Committee were pleased with the progress and the twice yearly review of capacity planning.  They felt that it was a comprehensive process. 

10.3        Officials confirmed that, when a new Assembly Commission is established in 2016, a new strategy would be agreed and it would be a natural point to review and take stock.  

 


Meeting: 20/04/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 11)

Draft Governance Statement for 2014-15

Supporting documents:

  • Restricted enclosure 376
  • Restricted enclosure 377

Minutes:

ACARAC (27) Paper 15 – Draft GS 2014-15 – cover paper

ACARAC (27) Paper 15 – Draft GS 2014-15

11.1        Claire thanked Hugh for his participation in the governance review meeting.  The draft governance statement was in a relatively advanced state, and Hugh and Eric had already provided comments.  A final draft would be brought to the Committee in June 2015. 

 


Meeting: 20/04/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 9 February meeting, actions and matters arising

Supporting documents:

  • Restricted enclosure 380
  • Restricted enclosure 381

Minutes:

ACARAC (27) Paper 1 - Minutes of 9 February 2015       

ACARAC (27) Paper 2 – Summary of actions

2.1        The minutes of the meeting on 9 February 2015 were agreed and officials provided the following updates on the outstanding actions.

2.2        Claire Clancy provided an update on the strategic programme of change to prepare for the Fifth Assembly.  A business as usual, centralised approach was being adopted with a number of work streams identified.  The approach had been discussed in principle with the Assembly Commission.

2.3        The evaluation of the transition to the Fourth Assembly indicated that a more streamlined method of delivery should be adopted.  Claire agreed to circulate details of the Fifth Assembly work streams to ACARAC members (complete).   

2.4        All other actions would be covered as agenda items at this, or future meetings.

 


Meeting: 20/04/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions, apologies and declaration of interests

Minutes:

1.1        The Chair welcomed the attendees to the meeting.  He declared that he was currently a Non-Executive Director on the Electoral Registration Transformation Programme, as the Committee would be discussing constitutional change.

1.2        No other interests were declared.

 


Meeting: 09/02/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 13)

Review of the Assembly's Commission's assurance framework

Supporting documents:

  • Restricted enclosure 386
  • Restricted enclosure 387
  • Restricted enclosure 388
  • Restricted enclosure 389
  • Restricted enclosure 390

Minutes:

13.1    The Committee welcomed this excellent piece of work.  They praised both the mapping exercise of linking with corporate risks and the gap analysis.  Members encouraged officials to include external co-operation, external peer reviews and to continually review the framework in order to validate assurance arrangements and strengthen the few ‘amber’ assurance sources.

13.2    Members asked to be kept informed when the framework was used in the future and to monitor the level of resource being dedicated to ensure that the overall RAG status remained Green.

13.3    Claire thanked the Committee for their comments and the Governance and Audit team for producing a valuable piece of work.  She would ensure that the right balance was kept in terms of appropriate resources for the level of risk. 

 


Meeting: 09/02/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions and apologies and declaration of interests

Supporting documents:

  • Restricted enclosure 393

Minutes:

1.1        The Chair welcomed the attendees to the meeting and congratulated Dave Tosh on his permanent appointment as Director of Resources and Nicola Callow as Director of Finance.  He also welcomed Ann-Marie Harkin and Matthew Coe as the new representatives from the Wales Audit Office.

1.2     No interests were declared.

 

 


Meeting: 09/02/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 18)

Papers to note and any other business

Supporting documents:

  • Restricted enclosure 396
  • Restricted enclosure 397
  • Restricted enclosure 398

Minutes:

18.1    The Committee noted the two departures from normal procurement procedure.

18.2    The Clerking team would update the Forward Work Programme (FWP) to reflect the Commission’s strategy and business planning timetable, change programme activity, and the external audit opinion of the Committee’s effectiveness.  The Chair and the Clerking team would consider the structure of future meetings and would consult with Committee members.

18.3    In response to a query from Hugh, Gareth agreed to include details of the internal assessment of Internal Audit services in his Annual Report and Opinion. 

18.4    The Committee agreed to return to the paper on Capacity Planning and Recruitment as an agenda item in April.  The Chair noted the good progress in implementing the Internal Audit recommendations.

18.5    The Chair concluded the meeting by thanking everyone for their papers and contributions.

      Actions

-        Clerking team to update the FWP as outlined in paragraph 18.2.

-        Gareth to share details of Internal Audit self-assessment (in relation to 5 year external assessment cycle) – this will be included in Internal Audit Annual Report.

-        Add capacity planning and recruitment to the agenda for the April meeting.

Private session

A private session with Committee members was attended by Gareth. No minutes were taken.

 


Meeting: 09/02/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Coda Finance System - Assurance on Resilience

Supporting documents:

  • Restricted enclosure 401

Minutes:

10.1        Nicola’s objectives were to assure the Committee that the finance system remained fit for purpose and that the system would be managed appropriately until its anticipated replacement. 

10.2        In response to queries raised about the business case for a replacement system, Nicola explained that a replacement system would not be based on delivering efficiency savings because the time released from changing processes would be used to increase the value added services that the Finance team offer across the organisation.  The Business Analysts were working with the team and customers within the organisation to capture requirements and opportunities for process changes.  Nicola highlighted that work-arounds and data manipulation in spreadsheets were currently necessary to produce meaningful Management Board reports.

10.3        Nicola confirmed that KPMG had developed the business case, that she had followed the HM Treasury 5 case model and had held several discussions with internal stakeholders, including Procurement, Members’ Business Support and ICT about the scope of the project.  This had included investigating the potential of the Sharepoint platform and the Microsoft finance system, which had helped to address the concern of keeping up to date with recent finance systems capabilities.  In addition, an Internal Audit review was already built into the process.

10.4        The business case was scheduled to be presented to the Investment and Resourcing Board in March.

10.5        Members urged Nicola and the wider project team to apply any lessons learnt from previous projects.  The Committee were grateful for the work to date, but emphasised the need for Nicola to work with her counterparts in other organisations and to undertake site reference visits to inform any future decision.

 


Meeting: 09/02/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Information Governance Framework

Supporting documents:

  • Restricted enclosure 404

Minutes:

8.1     The Committee welcomed this comprehensive document which brought together disparate policies and guidance documents relating to information governance into a single framework.

8.2     Dave thanked Alison Rutherford (Information Governance Manager) for the concise report.  The framework clearly identified roles and responsibilities and signposted staff to specific sources of information.  Twice yearly reviews of the Information Asset Registers had emphasised Heads of Service responsibility.  There were also clear escalation routes for emerging information risks.  Dave would ensure that once approved by Management Board, the document would be published and publicised internally.     

 


Meeting: 09/02/2015 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 10 November meeting, actions and matters arising

Supporting documents:

  • Restricted enclosure 407

Minutes:

2.1        The minutes of the meeting on 10 November 2014 were agreed and officials provided the following updates on the outstanding actions.

2.2        4.2c Fixed Assets – Nicola confirmed that the task of tagging 1,700 items was 90% complete with the remaining 10% on target for completion by the end of February.

2.3        4.6 Recruitment – Dave referred the Committee to paper 20 for further information and confirmed that the Recruitment Authorisation Document was in use.  The Committee agreed to come back to the Capacity Planning and Recruitment paper at the April meeting. 

2.4        4.12 HR Payroll project – Eric informed the Committee of his attendance at Investment and Resourcing Board on 10 December where the Project Initiation Document (PID) for phase 2 of the HR/Payroll project was discussed.  Although the bilingual element remained outstanding from phase 1, a robust testing plan for phase 2 was expected.  The Chair endorsed the governance and due diligence for the project.

2.5        5.0 External Audit – recommendations in Management Letter.  Nicola confirmed that when the Committee discussed the Management Letter in November, there were two items outstanding; ICT testing and reconciling Coda with Folding Space.  Nicola went on to provide the following update on the latest position on both items, which had provided assurance to the WAO:

i)             the penetration testing of the Assembly website had been carried out and would be repeated regularly;

ii)           the data centre, which had been well maintained since being in the Commission’s control, had a newly installed air conditioning system and operational alarm system and the generator had undergone a successful load test in August 2014; and

iii)          reconciliation work on the Coda and Folding Space systems had been completed and was being done on an on-going basis.  Specifically, the team was working on the latest reconciliation for the period ending 31 December 2014 (publish date 31 March 2015).  

2.6        9.1 Continued Commission engagement – Eric welcomed Angela Burns’ return to the Committee which was important in maintaining the Committee’s relationship with the Assembly Commission.  The following engagement activity was noted:

i)             Attendance by two of the Assembly Commissioners for a presentation at the November ACARAC meeting.

ii)           Eric’s intention to once again present the ACARAC Annual Report at the Assembly Commission in July and to discuss Risk and Scenario planning at a future Commission meeting.

2.7        9.2 Consideration of new guidance - Gareth Watts and Eric had reviewed new guidance produced by NAO and HMT and there were no changes to be implemented.  The Chair commented that the Committee’s self-assessment process was more robust than that suggested in the guidance. 

2.8        9.2 ACARAC members to liaise with Commission teams – Claire and Eric would continue to look for opportunities to liaise with Commission teams when appropriate.  Eric referred to the following recent engagement of ACARAC members with Commission teams:

i)             Eric scrutinised the HR/Payroll PID and attended an Investment and Resourcing Board meeting to review the revised PID.

ii)           Assembly Officials were visiting the Northern Ireland  ...  view the full minutes text for item 2


Meeting: 10/11/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 7)

Presentation - Programme Director Individual Electoral Registration (IER)

Minutes:

7.1        The Chair welcomed David Melding AM, Rhodri Glyn Thomas AM, Anna Daniel and Suzanne Scarlett and introduced Colin Dingwall to the Committee.           

7.2        Colin has been the Programme Director since its inception.  He described the following:

-       the fundamentals of the programme, including robust governance arrangements;

-       the complex stakeholder management with Ministers, the Electoral Commission and Local Authorities across England, Scotland and Wales;

-       the capacity testing methods used e.g. substantial load testing of the IT infrastructure;

-       identifying vulnerabilities and single points of failure where it was necessary to work with numerous supply chains;

-       the importance of comprehensive ‘go live’ criteria; and 

-       the final phases of the programme including the focus on benefits realisation.

6.1        Colin highlighted the benefits of external scrutiny throughout the programme.  Resourcing has been a key issue throughout, with senior external expertise required for some key roles including the Programme management Office (PMO).  Internal staff had gained from this expertise and knowledge had been transferred. 

6.2        Colin answered a series of questions and offered the Commission further support and guidance in the future. 

6.3        The Committee thanked Colin for his comprehensive and interesting presentation.

 


Meeting: 10/11/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Papers to note and any other business

Supporting documents:

  • Restricted enclosure 412
  • Restricted enclosure 413

Minutes:

10.1    Claire asked Committee members to note that a departure had been incorrectly approved by an official.  It had since been signed by the appropriate Head of Service.  

10.2    The Clerking team would circulate the February Forward Work Programme with the agreed actions. 

 


Meeting: 10/11/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 7 July meeting, actions and matters arising

Supporting documents:

  • Restricted enclosure 416
  • Restricted enclosure 417

Minutes:

2.1        The minutes were agreed and officials provided the following updates on the outstanding actions.

2.2        Dave Tosh provided the following update on the action to accelerate the Business Continuity work and consider the Scottish Parliament’s approach to engaging MSPs:

-       learning from desk-top exercises, which had been carried out with 10 out of 12 service areas to test their BC plans, would be used to inform improvements to those plans;

-       arrangements were being made for further training on incident management by strategic and tactical teams before testing could be carried out at a corporate level which was scheduled for April 2015; and

-       advice from the Scottish Parliament and Cardiff Council would inform the approach for engaging with Assembly Members.

2.3        Dave and Claire assured the Committee that the extended deadline of April 2015 for corporate testing did not increase the Commission’s exposure as controls and tested contingencies were in place to respond to a range of incidents. They also confirmed that most of the audit recommendations would be completed by February.

2.4        All other actions would be covered as agenda items at this, or future meetings.

 


Meeting: 10/11/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Assembly Commission Governance

Supporting documents:

  • Restricted enclosure 420
  • Restricted enclosure 421
  • Restricted enclosure 422
  • Restricted enclosure 423
  • Restricted enclosure 424
  • Restricted enclosure 425

Minutes:

6.1        Nicola Callow introduced the item on the 2014/15 budget position and the 2015/16 final budget document.

6.2        Nicola advised that the current forecast outturn was for a £200k-£300K underspend but that figure would change as the year end approached. The budget document for 2015/16 will be laid on 12 November.

6.3        Nicola assured the Committee that the 2015/16 budget reflected the overall position of the Welsh Block grant i.e. a 1% reduction in real terms and that different scenarios are being looked at to help prepare for the possible outcomes of the Comprehensive Spending Review following the 2015 General Election.

6.4        Committee members requested that a breakdown of the Value for Money savings showing staff and non-staff savings be brought to the Committee at the year end.

6.5        Gareth Watts introduced the item on the Assembly Commission Assurance Framework.

6.6        The Committee was pleased to see the work coming to an end and requested to see the final draft at their next meeting. They made the following recommendations:

-     that the work being done on assurance should also identify any replication or redundancy of assurance;

-     the strengths and deficiencies in the framework should be highlighted;

-     the framework should reference the business case framework;

-     an assurance map should be produced showing a RAG status for each type of assurance; and

-     that thought should be given to how to evidence that on-going effectiveness of assurance within the Assembly.

6.7        Gareth Watts introduced the revised Whistleblowing policy.

6.8        The Committee commented on the need for clarity on who the policy covers and the link to the complaints procedure. They agreed that the policy should be finalised and published as soon as possible.

 


Meeting: 10/11/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions and apologies and declaration of interests

Minutes:

Apologies:

Richard Harries, Wales Audit Office (WAO)

Angela Burns (Assembly Member and Commissioner)

1.1        The Chair welcomed the attendees to the meeting.    

1.2        The Chair declared that he was currently a Non-Executive Director on the Electoral Registration Transformation Programme, on which a presentation was being delivered at this meeting.

1.3        No other interests were declared.

 


Meeting: 10/11/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 8)

Broader Strategic Discussion

Supporting documents:

  • Restricted enclosure 430
  • Restricted enclosure 431
  • Restricted enclosure 432
  • Restricted enclosure 433
  • Restricted enclosure 434

Minutes:

8.1        Claire introduced the item on Corporate Risk and highlighted the decisions taken at the last Management Board meeting.

8.2        Committee members discussed the corporate and static risks and how the risks are reviewed. They made the following recommendations:

-     risks and issues should be identified and separate registers set up for each;

-     corporate and static risks should be formatted and presented in the same way; and

-     consideration should be given to adding a corporate risk around project and programme management.

8.3        There was discussion around the corporate capacity risk and how that is being addressed. It was suggested that the timescale for the removal of the risk should be extended to reflect the level of work and change in the Assembly.

8.4        Claire introduced the corporate performance report for information.

8.5        The Chair welcomed Anna Daniel to the discussion on Future Constitutional Change. 

8.6        Claire set the scene on changes since 2011.  The following timeline was presented:  

-       Establishment of the Silk Commission (first report published November 2012);

-       subsequent debates in the House of Commons and House of Lords;

-       Wales Bill to gain Royal Assent by May 2015.  Financial powers and electoral reform would follow in the coming years. 

8.7        Anna described the capacity planning work that the Strategic Transformation Service is doing for additional Assembly Members.  The current legislative programme was extremely demanding and pressure on current Assembly Members was high.  Proposals including scenario planning were to be discussed at the next Assembly Commission meeting.

Committee members advised Claire and Anna against just replicating current structures and services to meet the needs of additional Members.  Detailed scenario planning and business process reviews would be key, informed in part by the changes to, and further engagement with, the Scotland and Northern Ireland legislatures.


Meeting: 07/07/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions and apologies and declaration of interests

Minutes:

1.1        The Chair welcomed the attendees to the meeting.    

1.2        No interests were declared.

1.3        Apologies from Angela Burns (Assembly Member and Commissioner)

 


Meeting: 07/07/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Paper to note

Minutes:

ACARAC (24) Paper 5 Departures

6.1        The Committee noted one departure from normal procurement procedure.

6.2        An updated forward work programme would be circulated to Committee members, along with a draft action plan following the effectiveness survey.  The Chair suggested that the autumn meeting be extended to ensure that risk and performance matters were discussed at length.  The Clerking team would contact Committee members individually to discuss the arrangements.

 

Next meeting is scheduled for 10 November 2014.

 


Meeting: 07/07/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 4)

Annual Report and Accounts

Minutes:

 

ACARAC (24) Paper 3 Cover paper – Annual Report and Accounts

ACARAC (24) Paper 4 Annual Report and Accounts 2013-2014

4.1        A draft annual report was considered at the June meeting and comments had been submitted to Nicola.  The Chair thanked the team for the updated document.

4.2        Nicola Callow gave a short introduction to the Annual Accounts and confirmed the final resource outturn of £34,000 less than the total authorised budget.  The main changes to the Statement of Accounts concerned the writing off of depreciation to reserves as a consequence of the revaluation.  Nicola confirmed the accounting changes arising from the revaluation concerned writing off the depreciation to the revaluation reserve, essentially setting the depreciation for revalued buildings to zero.  This was a result of following the modified historic cost accounting treatment, as directed by HM Treasury. 

4.3        The Chair questioned whether the Future ICT programme had a material effect on the asset register, but Nicola confirmed that it had not.

4.4        Nicola described the accounts process as being more challenging than expected this year, due to staff absence and difficulties in obtaining Civil Service Pension information, but confirmed that she was still on target to deliver the Annual Report and Statement of Accounts to the agreed timetable, with WAO expecting to lay the document on 16 July.  Officials and WAO staff would discuss any lesson learnt at a future meeting.   

4.5        The Chair thanked all those involved and noted that the limited number of comments evidenced the high quality of the accounts.  

 


Meeting: 07/07/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 9 June meeting, actions and matters arising

Minutes:

ACARAC (24) Paper 1 Minutes of 9 June 2014

ACARAC (24) Paper 2 action summary

2.1        The minutes were agreed and officials provided the following updates on the outstanding actions:

·                     Procurement financial checks (action 3.17) – further to the update provided on 20 June 2014, Nicola Callow informed the Committee that Procurement checks were high level ones, using credit rating reports such as that provided by Dun & Bradstreet. 

·                     Review of accounting policies (action 5.7) – this was captured on the forward work programme, and the Committee asked Nicola to produce a timeline for the accounting policies and to confirm with the Clerking team a suitable date to present this to the Committee.

·                     Actions in response to the effectiveness survey (action 5.10) – the Clerking team would circulate a draft action plan for Committee members to comment on. 

·                     ACARAC members’ expenses (action 6.1) – Nicola confirmed that there was no statutory reason for ACARAC members’ expenses to be disclosed in the Annual Accounts.

·                     Business continuity (action 3.4 and 3.11) – Committee members agreed for both actions to be merged and for an update to be provide in the autumn.           

Actions

-                    Nicola to produce a timeline for accounting policies. 


Meeting: 09/06/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 9)

Assembly's approach to project and programme management

Minutes:

9.1        Dave Tosh provided the Committee with an overview of the Commission’s approach to project and programme management.  The level of change across the organisation was such that a programme approach was essential.

9.2        Some Committee members questioned the domination of ICT projects and Dave confirmed that the change programme would be facilitated by ICT projects and once the IT changes were in place, the programme would become more business led.  Constitutional change would also have to be captured within the programme.    

9.3        The Chair concluded that Dave and his team were moving in a positive direction and offered a number of contacts who were currently working on a similar process.

 


Meeting: 09/06/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 10)

Papers to note

Supporting documents:

  • Restricted enclosure 447
  • Restricted enclosure 448

Minutes:

10.1   The Committee noted the four departures from normal procurement procedure.

10.2     The Forward Work Programme (FWP) would be discussed outside the meeting.

Actions

-        Committee members agreed to pass any suggested FWP items to the clerking team.

11.0     Private session

11.1   A private session with Committee members was attended by Gareth Watts, Head of Internal Audit, and Vicky Davies of TIAA.  No minutes were taken for this part of the meeting.

 

Next meeting is scheduled for 11:00 7th July 2014.

 


Meeting: 09/06/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 6)

Annual Report and Accounts

Supporting documents:

  • Restricted enclosure 451

Minutes:

6.0        Nicola Callow introduced this item and welcomed comments on the annual report via email.  The WAO were currently on site reviewing the accounts, and a revised set would be considered for approval in July.

6.1        Committee members recommended the following amendments:

·         give more prominence to the underspend of £34,000 in 2013-14  as it is a very positive achievement;

·         highlight achievements measured against KPIs;

·         move the main areas of Legislation and Constitutional change to the front of the annual report and highlight more compelling achievements;

·         include a summary of Change Programme projects; and

·         include a case study of tweets and responses.        

Actions

-               Committee members to submit changes to the annual report to Nicola as soon as possible.

-               Nicola to ensure that Committee members are kept informed of the accounts.

-               Nicola to confirm that ACARAC members’ expenses do not need to be broken down and displayed separately in the accounts. 

 


Meeting: 09/06/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 2)

Minutes of 7 April meeting, actions and matters arising

Supporting documents:

  • Restricted enclosure 454
  • Restricted enclosure 455

Minutes:

2.1        The minutes were agreed and officials provided the following updates on the outstanding actions:

·                     Impact of Internal Audit recommendations (action 3.6) – Gareth confirmed that an update of these recommendations and their outcomes were highlighted in his annual report, as in paper 3b which was discussed under item 3.     

·                     Updated strategic priorities (action 3.15) – Kathryn agreed to email Committee members the updated Assembly Commission strategic priorities document.

·                     Governance Statement (action 6.2) – Virginia confirmed that all comments had been incorporated into the Governance Statement which formed part of the draft Annual Report to be considered during this meeting under item 6. 

 


Meeting: 09/06/2014 - Senedd Commission Audit and Risk Assurance Committee (Item 1)

Introductions and apologies and declaration of interests

Minutes:

1.1        The Chair welcomed everyone to the meeting.

1.2        No interests were declared.

 


 

 

You are in :

  1. Home
  2. Senedd Business