Agenda and minutes

of the previous meeting held on 28 October 2021 attached.

RESOLVED that the Minutes of the meeting held on 28 October 2021 be signed as a correct record.

Under the National Audit Office (NAO) Code of Audit Practice, the Authority’s external auditor, Grant Thornton, is required to consider whether the Authority has put into place proper arrangements to secure economy, efficiency and effectiveness in its use of resources.  The auditor is no longer required to give a qualified/unqualified opinion on the Value for Money (VFM) conclusion but instead provides a more detailed view of overall arrangements in an Annual Report.

The report categorises the Authority’s arrangements under specific criteria, namely:

·       Financial sustainability;

·       Governance; and

·       Improving economy, efficiency and effectiveness.

The external auditor’s Annual Report, including their opinion measured against the above criteria, is attached FOR INFORMATION.

Councillor Mark Shayer declared a personal, non-pecuniary interest in this item by virtue of his being an Authority appointed Non-Executive Director of Red One Ltd.

The Committee received for information the Annual Report on Devon & Somerset Fire & Rescue Authority’s Value for Money (VFM) arrangements as submitted by the external auditor, Grant Thornton.

Under the National Audit Office Code of Practice, the external auditor was required now to consider whether the Authority had put into place proper arrangements to secure economy, efficiency and effectiveness in its use of resources in 2020-21 rather than giving a qualified/unqualified VFM conclusion. This process had been delayed as a result of the Covid-19 pandemic and a letter explaining this was included elsewhere on the agenda for reference.

The criteria under which the Authority’s VFM arrangements were judged was:

·       Financial sustainability;

·       Governance; and

·       Improving economy, efficiency and effectiveness.

The external auditor had to consider whether there were any risks of significant weakness in the Authority’s arrangements for securing economy, efficiency and effectiveness in its use of resources.  There were no significant weaknesses identified in the Authority’s arrangements in all three of the above areas but improvement recommendations were made as set out within the report circulated.

The external auditor reported that its work on financial sustainability had demonstrated that the Authority had a strong performance and that arrangements were in place for the delivery of savings.  The key assumptions in the Medium Term Financial Plan had been reviewed, part of which was the Change & Improvement Programme which was delivering savings, with a good level of reserves in place.  Reference was made to the position on the Authority’s trading company, Red One Ltd. as the risk profile had changed as the company had evolved and appropriate governance needed to be in place for this, hence a recommendation that this should eb included on the Authority’s Corporate Risk Register. 

The Director of Governance & Digital Services responded that the move to an Annual Report was positive as this provided an extra strand of assurance on how Red One Ltd. was run.  The Authority determined what arrangements were put into place for oversight of the company which was delegated to its Resources Committee to monitor currently.  He acknowledged that the company had grown substantially, however, and that the responsibility for oversight may need to be reviewed.  This would be explored in conjunction with the annual review of the Authority’s constitutional arrangements in June 2022. 

Reference was made to the issue of rising costs and whether this had been covered in the Medium Term Financial Plan.  The Risk Manager responded that this had been recognised and that a risk was included (CRR074) in respect of supply chain disruptions.

NB.  Minute AGC/21/16(b) and AGC/21/19 below also refer.

The VFM extension letter is attached FOR INFORMATION.

The Committee received for information the extension letter submitted in accordance with the 2020 Code of Audit Practice, explaining the reasons for the delay in submission of the external auditor’s Annual Report which was usually required by 30 September. 

The National Audit Office had updated its guidance to permit a postponement of the completion of this work in view of the delays associated with the Covid-19 pandemic and the impact on the auditing of accounts.  The Annual Report had been published now and this letter had been included alongside this for the purposes of compliance with the Code.

NB.  Minute AGC/21/16(a) above also refers.

The purpose of this report attached and submitted by the external auditor, Grant Thornton, is to contribute towards the effective two-way communication between Devon and Somerset Fire and Rescue Authority's (the Authority) external auditors and the Authority’s Audit and Governance Committee, as 'those charged with governance'.

The report covers some important areas of the auditor risk assessment where the external auditor is required to make inquiries of the Audit and Governance Committee under auditing standards and is submitted FOR INFORMATION..  

The Committee considered the document “Informing the Audit Risk Assessment for Devon & Somerset Fire & Rescue Authority 2021/22” submitted by the external auditor, Grant Thornton.  The risk assessment was required under the International Standards on Auditing as a mechanism for a two-way communication between the auditor and the Audit & Governance Committee to facilitate a constructive working relationship.

It was noted that the auditor was required to obtain an understanding of management processes and had looked at the Authority’s oversight of the following areas:

·       General enquiries of management;

·       Fraud;

·       Law and regulations;

·       Related parties;

·       Going Concern; and

·       Accounting estimates.

This was pertinent as the Authority would be preparing Group Accounts for the first time in 2021-22.

Thanks were expressed to the external auditors at this point for the work that had been undertaken during difficult times in 2020 and 2021.

RESOLVED that the Audit Risk Assessment for Devon & Somerset Fire & Rescue Authority be approved.

NB.  Minutes AGC/21/16(a) and AGC/21/16(b) above also refer.

Report of the Director of Governance & Digital Services (AGC/22/1) attached.

The Committee considered a report of the Director of Governance & Digital Services (AGC/22/1) setting out the proposed Internal Audit Plan for 2022-23.

The Committee noted that eleven audits were proposed for 2022-23 with a focus on the Authority’s environmental agenda and the requirements of Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS).

Attention was drawn to the position on fitness testing and whether the Committee could be assured that all Firefighters were being trained to the correct standard now.  It was noted that there was assurance of this now and the Chief Fire Officer added that he was confident that the culture on fitness had improved across the organisation.  The Chief Fire Officer was asked to confirm if HMICFRS had sent a letter to confirm it was content now with the fitness training in place within Devon & Somerset Fire & Rescue Service.  It was noted that this letter had not been received but the Chief Fire Officer would be writing to HMICFRS again to seek the clarification required.

RESOLVED that the 2022-23 Internal Audit Plan be approved.

Report of the Director of Governance & Digital Services (AGC/22/2) attached.

The Committee received for information a report of the Director of Governance & Digital Services (AGC/22/2) on the progress made against the approved Internal Audit Plan for 2021-22 as at Quarter 3 (October to December 2021).

The report provided information on:

·       A request from Service Delivery for a change to the audit plan for 2021-22 to accommodate an audit of the Flexi Duty System which was achieved by deferring the application of learning audit to the start of 2022-23;

·       An overview of the planned completion timescales for audits in 2021-22;

·       Details of the audits completed and the assurance level given, including on the Light Support Fleet (limited assurance), fitness testing (reasonable assurance) and Station Compliance: Legionella Management (reasonable assurance);

·       Audits ongoing which included Community Safety: Fire Prevention, Key Financial Systems and Personal Protective Equipment (amongst others);

·       Details of audits not yet started including Working with Children and People and Fleet Management.

The report also covered the position on action tracking against existing recommendations.  It was noted that there were 75 open items requiring actions of which approximately 20 were overdue.  The audit work completed showed that some requirement was required in the systems of governance, risk management and control although the audit work undertaken was providing a reasonable level of assurance overall.

Councillor Randall Johnson (seconded by Councillor Prowse) MOVED:

          “that the Committee was satisfied with the work undertaken and      level of assurance provided and endorsed the audits undertaken under   the Internal Audit Plan for 2021-22 to date”.

Upon a vote, this was CARRIED unanimously.

RESOLVED that the Committee was satisfied with the work undertaken and level of assurance provided and endorsed the audits undertaken under the Internal Audit Plan for 2021-22 to date.

Report of the Director of Governance & Digital Services (AGC/22/3) attached.

The Committee received for information a report of the Director of Governance & Digital Services (AGC/22/3) that provided an update on the Corporate Risk Register. The Corporate Risk Register captured and described the most significant risks, both internally and externally, facing the Devon & Somerset Fire & Rescue Service (“the Service”), with a focus on cross-cutting risks and major projects.

The risk management process included the identification, assessment and recording of risks together with mitigating activities.  The Service’s risk profile had changed since the previous report to the Committee on 28 October 2021.  There were 18 risks entered with 2 risks escalated from the local risk register, 5 de-escalated to local and thematic risk and no risks closed.  Of the 18 risks, 1 was a high risk and 17 were medium.  In terms of the risks escalated, one was in respect of the shortage of Heavy Goods Vehicle drivers which had been incorporated within risk CRR074 in respect of supply chai issues.  The second risk escalated (CRR079) was on the inability to provide assurance that Home Fire Safety data created, held and reported was correct which was a high risk.

In terms of horizon scanning, a meeting had been held with the Extended Leadership Team to discuss the key issues.  The key risk identified for the future was on cyber attacks.  The Risk Manager also confirmed that, following the points raised by the external auditor, Red One Ltd. had been added as a risk on the Corporate Risk Register.

The Committee expressed its thanks to the Risk Manager for the work undertaken on this and on addressing issues it had raised previously.  The Committee was pleased to see that the Executive Board was considering the Corporate Risks on a regular basis.

NB.  Minutes AGC/21/16 (a) and (c) above also refer.