NOTICE OF MEETING › wp-content › ...2 urgent items / announcements no urgent items were requested. 3 items to be considered in the absence of public and press none. 4 declarations

Sheffield City Region Combined AuthorityRegistered Address: 18 Regent Street, Barnsley, S70 2HG

18 January 2017

To: Members of the Sheffield City Region Combined Authority Audit CommitteeAppropriate Officers

NOTICE OF MEETING

You are hereby summoned to attend a meeting of the Sheffield City Region Combined Authority Audit Committee, to be held at at 11.00 am on Thursday 26 January 2017 for the purpose of transacting the business set out in the agenda.

Diana TerrisClerk to the Combined Authority

WEBCASTING NOTICE

This meeting is being filmed for live or subsequent broadcast via the Combined Authority’s website. At the start of the meeting the Chair will confirm if all or part of the meeting is being filmed.

You should be aware that the Combined Authority is a Data Controller under the Data Protection Act. Data collected during this webcast will be retained in accordance with the Combined Authority’s published policy.

Therefore by entering the meeting room, you are consenting to being filmed and to the possible use of those images and sound recordings for webcasting and/or training purposes.

This matter is being dealt with by:Craig Tyler [email protected] 01226 772824

Gill Richards [email protected] 01226 772806

Contact Details

For further information or assistance please contact

Craig TylerSCR Combined Authority18 Regent StreetBarnsleySouth YorkshireS70 2HG

Tel: 01226 [email protected]

Gill RichardsSCR Combined Authority18 Regent StreetBarnsleySouth YorkshireS70 2HG

Tel: 01226 [email protected]

mailto:[email protected]


AUDIT COMMITTEE

11.00 AM, THURSDAY 26 JANUARY 2017

18 Regent StreetBarnsleyS70 2HG

AGENDA

Item Page

1 Welcome and Apologies

2 Urgent Items / Announcements

3 Items to be Considered in the Absence of the Public and Press

4 Declarations of Interest by Members

5 Reports from and Questions by Members

6 Questions from Members of the Public

7 Minutes of the Previous Meeting held on 21st July 1 - 8

8 SCR Updated Risk Management Strategy and Risk Register 9 - 42

9 Internal Audit Plan Consultation 2017/18 43 - 46

10 Internal Audit Progress Report 47 - 84

11 External Audit Update

AUDIT COMMITTEE

18 REGENT STREET, BARNSLEY, S70 2HG

MINUTES OF THE MEETING HELD ON 21 JULY 2016

PRESENT:

Councillor Karl Reid, Bolsover DC (Chair)Councillor Mark Rayner, Chesterfield BC (Vice Chair)

Councillor Jeff Ennis, Barnsley MBCCouncillor Chris Furness, Derbyshire DalesCouncillor Allan Jones, Doncaster MBCCouncillor Austen White, Doncaster MBCCouncillor Ken Wyatt, Rotherham MBC

Matthew Ackroyd, KPMGRuth Adams, SCR Exec TeamAndrew Frosdick, Monitoring OfficerAdrian Hunt, Barnsley MBCGareth Sutton, Sheffield CC / SCRCraig Tyler, South Yorkshire Joint AuthoritiesRob Winter, Internal Audit

Apologies for absence were received from Councillors P Birkinshaw, G Lindars-Hammond, S Mohammed, G Morley, J Shephard and P Short

SCR Combined Authority21/07/16

1 WELCOME AND APOLOGIES

Apologies were noted as above.

2 URGENT ITEMS / ANNOUNCEMENTS

No urgent items were requested.

3 ITEMS TO BE CONSIDERED IN THE ABSENCE OF PUBLIC AND PRESS

None.

4 DECLARATIONS OF INTEREST BY ANY MEMBERS

None.

5 REPORTS FROM AND QUESTIONS BY MEMBERS

None received.

6 QUESTIONS FROM MEMBERS OF THE PUBLIC

None received.

7 MINUTES OF THE PREVIOUS MEETING HELD ON 28TH APRIL

RESOLVED – That the minutes of the previous meeting held on 28th April are agreed to be an accurate record.

8 SCR DRAFT RISK MANAGEMENT STRATEGY AND RISK REGISTER

A report was received to provide an update to the Audit Committee regarding the developing risk management arrangements that are being put in place to underpin the Sheffield City Region’s own governance and internal control arrangements and to signpost further action that is required to be undertaken in 2016/17.

Members asked that consideration be given to the formatting of future reports given the significant amount of information being presented.

Cllr Jones asked whether ‘Brexit’ related risks were understood enough to be captured. Officers suggested there are likely to be some implications consequent to changes in government policy but these are still generally undeterminable. It was noted that the general message from Government is that all commissioned funding streams will continue to be so and further advice from DCLG is expected in due course.

It was confirmed that no funding is received by the SCR in the form of Euros.

It was confirmed Brexit will be referenced on the risk register once the risks have become appropriately perceivable.


Cllr Wyatt asked if the recently announced HS2 route change is referenced on the risk register. It was noted the route change is being assessed by the Transport Executive Board who would escalate any concerns worthy of risk status to the CA as appropriate.

It was confirmed the updated risk register will be presented to each Audit Committee.

Members welcomed the assurance that a group of officers from across the SCR teams are working on the development of the risk register and strategy.

RESOLVED, that the Audit Committee:

1. Approves the developing risk management arrangements for the Sheffield City Region

2. Agrees to receive further periodic reports regarding the developing risk management arrangements for the Sheffield City Region throughout 2016/17.

9 ASSURANCE AND APPRAISAL PROCESS REVIEW

Members were provided with a presentation on the findings of the assurance and appraisal processes review, based on the lessons learnt via project delivery on 2015/16.

It was noted that the comments received had been distilled into 38 recommended actions relating to 30 identified issues (subdivided into 9 categories; commissioning, prioritisation, funding, engagements, funding agreements, the single assurance framework, programme management, governance and general lessons learnt). These will now be assessed in more detail to assist the identification and implementation of tangible actions and policy changes.

Cllr Furness asked whether the review picked up questions around funding clawback or other remediate measures for schemes which fail to deliver their expected outputs and outcomes. It was confirmed this was a matter considered under the project management banner, and the findings suggested scheme promoters are being more adept at striking appropriate balances between assurance and value for money.

Cllr Ennis asked if lessons learnt were being shared by scheme promoters and whether the track record of promoters was taken into account when deciding what schemes would progress. It was confirmed these matters are all addressed under the existing appraisal and assurance regime.

Members questioned what additional resources could be introduced to help them be more acquainted with the various SCR schemes and thus help with audit and scrutiny enquiries.

It was agreed that programme changes will be a standing item on each Audit Committee agenda.


It was noted that the input of Internal Audit and the amount of support the service can offer to help Members develop their awareness of pertinent matters will continue to develop going forward.

RESOLVED:

1. That members note the findings of the review.

2. That ‘Programme Changes’ will be included on each Audit Committee agenda as a standing item.

10 SCR STATEMENT OF ACCOUNTS AND ANNUAL GOVERNANCE STATEMENT 2015/16

On behalf of the S.151 Officer, G Sutton provided Members with the draft 2015/16 annual accounts and a comprehensive overview of the approval processes the Combined Authority needs to adhere to in deliberating and signing off the group accounts.

The report and presentation explained the complexities of the CA and where accounting rules are the same as or differ from those relating to a local authority. The ‘advisory’ role of the CA’s Audit Committee was noted and explained.

Further information covered the organisations contained under the umbrella of the CA Financial Group, the structure of the accounts, timescales and key approval milestones, the revenue outturn position and a number of key financial highlights from 2015/16.

Cllr Furness noted examples of confusion regarding the relationship between the CA and LEP and sought confirmation that the draft accounts cover the financial affairs of both undertakings. It was confirmed this is the case. Members were advised that whilst the LEP has a significant role to play in influencing spending decisions, it is the CA itself that is the legally accountable body and hence the requirement for a single set of CA accounts.

Members discussed the further potential financial complexities that might be realised on the establishment of the office of SCR Mayor.

Cllr Jones asked whether the accounts (and delivery regime) could be simplified with the dissolution of the PTE. It was noted, however, that in metropolitan regions, there is a legal requirement for a distinct delivery body separate from the funding body (the CA).

Cllr Jones asked why no-one is ‘employed’ by the CA. It was noted this was a decision taken by the Leaders in the CA’s infancy and avoids the need for duplicate payroll and pensions regimes. It was noted all SCR employees are under the legal employment of Barnsley MBC.

RESOLVED, that the draft accounts are approved by the Committee in principle and recommended to the CA.


Cllr Rayner assumed the Chair

11 INTERNAL AUDIT ANNUAL REPORT 2015/16

Members were presented with a report on the Internal Audit Team’s completed assignments throughout 2015/16 and recommendations made, and the Head of Internal Audit’s annual assurance opinion based on the work undertaken during the year.

Members were asked to acknowledge the naturally limited scope of internal audit undertakings to date and were assured that next year’s opinion would be more substantive.

RESOLVED, that Members note the contents of the report.

12 INTERNAL AUDIT EFFECTIVENESS REPORT 2015/16

Members were provided with a report on the information and evidence used in support of the statutory review of the effectiveness of the internal audit function (provided by Barnsley MBC).

It was noted the Audit Committee is required to assess this evidence and form a view as to their satisfaction that the internal audit function is effective and where improvements have been identified, agree these and monitor them during the course of the year.

Members were informed that an external assessment must be conducted at least once every five years and the assessment for Barnsley was undertaken by Audit Mangers from Bradford City Council during November 2015. Details of this assessment were presented to assist Members consideration of the service provided to the CA Audit Committee.

RESOLVED, that the Members:

1. Endorse the information presented in support of the review of the effectiveness of the internal audit function and express satisfaction with the service provided.

2. Agree to receive a progress report in approximately 6-months to monitor progress against the Quality Assurance and Improvement Programme Action Plan.

13 INTERNAL AUDIT PROGRESS REPORT (010416 - 300616)

A report was received to inform the Committee of the Internal Audit work completed and in progress from 1st April 2016 to 30th June 2016, the position with regard to the implementation of recommendations, about planned audit work and the performance of the Team.

It was reported that to date, a total of 22 days have been delivered (of the 120 planned). This is primarily time supporting management to develop and embed the


governance framework. In addition, two compliance reviews have been undertaken, namely Fundamental Financial Systems Review and Skills Capital Grants, and an accrual for 8 days was made to enable these to be completed early 2016-17.

Members were informed that due to the continued work in developing and implementing aspects of the SCRCA’s control and governance framework, much of the planned Internal Audit work is scheduled towards the middle and end of the financial year.

Cllr Jones asked how assurances can be provided that the SCR is paying a ‘reasonable price’ for the service it receives from Barnsley MBC. It was noted that the Barnsley MBC Internal Audit team effectively ‘won’ the contract to deliver services for the SCR and standards of service will be reviewed as the contract renews. It was acknowledged the SCR mayor may have a view on how various services are commissioned.

RESOLVED, that Members note the contents of the report.

14 PROPOSED REGULATIONS FOR COMBINED AUTHORITY OVERVIEW AND SCRUTINY, AND AUDIT COMMITTEES

A report was presented to inform Members of the requirements and expectations of the Cities and Local Government Devolution Act 2016 in relation to the conduct of Audit Committees and demonstrate how it is proposed the Sheffield City Region would discharge these requirements.

It was suggested that despite the Government becoming more prescriptive in respect of their expectations for Combined Authority Audit Committees and Scrutiny Committees; what is being proposed is not dissimilar from the operational regimes already implemented in the SCR.

It was suggested that as the delivery of the City Region governance model begins to pick up pace, it may be expected that the profiles of the Audit Committee and Scrutiny Committee will grow likewise and generate additional work and expectations for Members and officers.

Members considered how any new arrangements may play out in practise including the proposal for the Committee to have at least 1 independent member.

It was noted that DCLG are still receiving comments on the draft proposals and these may be submitted via the Monitoring Officer.

RESOLVED, that Members note the draft regulations pertaining to Overview and Scrutiny, and Audit Committees as determined by the Cities and Local Government Devolution Act 2016

15 EXTERNAL AUDIT UPDATE

Members were provided with a verbal update.

It was noted KPMG’s ‘on-site’ fieldwork has now commenced.


As per previous reports, it was noted that there is a focus on issues experienced with the implementation of the SY Pensions Authority pensions’ administration system (recommendations to go to the CA).

Members were informed that a previously flagged audit of SCR bank reconciliations has completed with no issues identified.

CHAIR

1. Introduction

1.1 Since 2015 the SCR Executive Team have held a number of Strategic Risk workshops in order to identify current and emerging risks. These are recorded in a Strategic Risk Register – reviewed January 2017 and presented at Appendix A. In parallel with this, SCR’s Single Assurance Framework ensures that appropriate processes and protocols are in place for investment decisions. This framework sets out the mechanisms used to make decisions to deliver SCR’s Regional Growth Deal allocations and its Strategic Economic Plan (SEP) and includes a comprehensive approach to the identification, assessment and management of risk at Programme and Project level.

Purpose of Report

The Combined Authority Constitution specifies that the Audit Committee should oversee the effectiveness of the Authority’s risk management arrangements.

This report updates the Committee regarding the status of the strategic risks presented at the meeting held in July 2016 and, in addition, updates the on the progress made in developing and embedding SCRs risk management process.

Freedom of Information and Schedule 12A of the Local Government Act 1972

Under the Freedom of Information Act this paper and any appendices will be made available under the Combined Authority Publication Scheme. This scheme commits the Authority to make information about how decisions are made available to the public as part of its normal business activities.

Recommendations

The Audit Committee is asked to:

• Review the status of the risks recorded on the current register (Appendix A) • Review the progress made in developing SCRs risk management processes and the proposed

approach to risk management going forward • Endorse the Risk Policy and the Risk Management Strategy (Appendix B) for recommendation

to the Combined Authority

Combined Authority – Audit Committee

26th January 2017

Strategic Risk Management

The SCR Executive team recognise that an appropriate and defined risk management process is vital to the successful delivery of its objectives and has, in the context the evolving governance of the organisation, undertaken a review of its approach to strategic risk management.

2. Proposal and justification

2.1 The Sheffield City Region Strategic Economic Plan (SEP) captures the ambition, vision and strategic priorities of the CA and the Local Enterprise Partnership (LEP). SCR recognises that an effective governance and control framework is vital to the successful delivery of the SEP and that by managing the risks to it effectively SCR will be in a stronger position to minimise or avoid threats and exploit opportunities to deliver the objectives of the SEP.

2.2 Following Audit Committee feedback and in line with SCRs evolving governance and control procedures, the SCR Executive Team have reviewed the approach to monitoring and managing risk against relevant governance themes that underpin the successful delivery of the SEP and, going forward, the strategic risk management approach will focus on the effectiveness of, and compliance with, the components of this governance and control framework. This approach is illustrated at annex A in the draft Risk Management Strategy (Appendix B) Appendix B provides a risk description for each of the themes.

2.3 Next steps • Further to endorsement by the Audit Committee, the Risk Policy and Risk Management

Strategy will be presented to the Combined Authority for approval. • Further work is underway within the SCR Executive Team to embed Risk Management

Processes at a strategic, operational and project level. At a Strategic level this involves transitioning current risk processes to the new approach. This will include: - populating ‘current and expected controls’ for each of the strategic risks - assessing the level of exposure - identifying risk owners - identifying actions and action owners - prioritising activity

• In addition, following the conclusion of the organisational restructure, the senior leadership group will work with their teams to identify risks and embed risk management processes at an operational level. Particularly focusing on high risk programmes.

• Risk Management training will be rolled out to relevant team members over the coming weeks.

3. Consideration of alternative approaches

3.1 SCR recognises that to continue with the current, more traditional approach to risk management, which has been appropriate for the organisation to this point, would potentially result in key threats to the successful delivery of SCRs objectives being overlooked or managed inappropriately. In addition, further to feedback from the Audit Committee the format of SCRs risk management documentation has been reviewed. However, it is recognised that the approach to risk management will continue to evolve and the SCR Executive team will act on this in liaison with the Audit Committee.

4. Implications

4.1 Financial As SCR risk management processes evolve there may be resourcing implications and associated costs. This will be considered appropriately with the Finance Officer.

4.2 Legal

There are no legal implications relating to the development and embedding of SCRs risk management processes. However, risk management is a fundamental requirement of good governance, therefore Monitoring Officer and Internal Audit oversight is a continuous process.

4.3 Risk Management

Risk management is vitally important to the successful delivery of SCR’s objectives. Therefore a defined risk management process is a key component of the governance and control framework that underpins this.

4.4 Equality, Diversity and Social Inclusion There are no equality, diversity and social inclusion issues relating to the development and embedding of SCRs risk management processes.

5. Communications

5.1 SCRs risk management processes are internal and do not require external communications. However, the policy and strategy will be publicly available as will any papers presented to the CA and the Audit Committee. Extensive internal communication will be undertaken appropriately.

Should a risk materialise that has the impact of adverse public or Government reaction communication will be managed appropriately.

6. Appendices/Annexes

6.1 • Appendix A – Current Risk Register • Appendix B – Risk Management Policy & Risk Management Strategy

(Annex A – Illustration of the proposed approach to Strategic Risk Management) • Appendix C - Risk description for each of the governance themes

REPORT AUTHOR Claire James POST Governance & Compliance Officer

Officer responsible Ruth Adams Organisation Sheffield City Region

Email [email protected] Telephone 0114 220 3442

Background papers used in the preparation of this report are available for inspection at: Other sources and references:

COMBINED AUTHORITY RISK REGISTER AS AT January 2017

Priority Risk No Risk Title Risk Consequences Risk Owner Existing Control Measures Nov-15 Jul-16 Jan-17 Apr-17 Risk Mitigation Action Owner % comp

Review Date

Recovery Plan

Governance review to lead to a rescoping of Executive Boards as Delivery Boards, full review of advisory and partnership arrangements following stakeholder mapping

Board Lead Officers

31/03/2017

As part of the SEP refresh each area to have a LEP / CA approved investment plan establishing conditional outcomes

Board Lead Officers

30/06/2017

Development of overarching Communications Plan

Andrew Gates

31/03/2017

Establishment of Programme Office function within SCR to coordinate programme activities

Melanie Dei Rossi

31/12/2016

Review and publication of Constitution (pending conclusion of governance review)

Andrew Frosdick

31/03/2017

Review of Financial Regulations Eugene Walker

31/12/2016

Development of a Conflicts of Interest Policy

Andrew Frosdick

31/12/2016

Development of a Risk Management Framework

Ruth Adams 31/12/2016

Development and implementation of an organisational wide File plan and document structure

Melanie Dei Rossi

31/12/2016

- Failure of intra-group / internal partnerships such as the relationship between the CA, Transport and the PTE or the CA and the LEP resulting in discordant policy development and delivery that may unknowingly or inadvertently affect other functions or areas of the internal partnership;- Breakdown in the working relationships regarding 'voluntary' partnerships that rely on goodwill, resulting in missed opportunities to develop and deliver outcomesacross the region;- Failure to be able to influence the pressures partnering bodies may be under(such as financial pressures as a result of government funding settlements) resulting in partners being unable to contribute towards the delivery of shared outcomes for the region;- Negative impact on CA outcomes and performance if partners cut resources in areas relevant to co-delivery;- Tensions arising from the geographic overlap in some areas between Boroughsand Districts as a result of a lack of clear boundaries;- Lack of clarity regarding the engagement of 'new' partners such as DEFRA -failure to ensure other partners are aware of new relationships and the opportunities they bring, leading to missed opportunities and a potential duplication of activities;Disengagement with LEP by SME's;Missed opportunities to manage lobbying activity on behalf of stakeholders;'Democratic Deficiency' due to missed opportunities to engage with the electorate of South Yorkshire as a customer;Perception that that the CA grows and expands, whilst partnering organisation are being cut back and reduced which could lead to tensions within the partnership;Integration of CA, LA and CCG is a fundamental element of the SCR Devolution Deal - failure of this pilot would include reputational damage and a negative impact on the ability to enter into negotiations with both central and local partners to pool budgets into a Local Investment Fund;

Managing Director

Liaison with Executive Board and Political Leaders;Chief Executive representation at Boards with appropriate technical / expert advice available;Governance review undertaken clarifying respective roles and responsibilities and interdependence of groups;Work to align transport governance and processes between Exec and PTE in place; LEP Board formlised arrangements for meeting with all business bodies eg IOD, Chambers, FSB, CBI

2 2 3

Part

ners

hips

/ R

elat

ions

hips

001

Failure of Partnership working to deliver the expected outcomes for the Combined Authority

Inte

rnal

Con

trol

Fra

mew

ork

/ Gov

erna

nce

002

Lack of a robust Internal Control Framework, Governance arrangements and decision making process leading to limited assurances being provided to stakeholders and interested parties regarding the activities the CA are undertaking, and the outcomes the CA and partners should be delivering resulting in the CA not being 'match-fit'.

Governance / Internal Control areas of note include:• Constitution and decision making framework;• Financial Regulations;• Anti-Fraud and Corruption Arrangements, including registers of gifts, hospitalities and interests;• Risk Management Arrangements;• Information Governance Arrangements, including compliance with PSN.

- Lack of clarity regarding which constituent organisation's 'rulebook' is being applied to discrete functions such as Finance (Sheffield City Council) and HR and Legal and Governance (Barnsley MBC);- Lack of consistent language - different language in place depending on whose rulebook is being used and applied;- Inability to provide a sufficient level of assurance as to the activities being undertaken by the CA, and the outcomes the CA should be delivering; - Limited Stakeholder Plan in place and lack of capacity within Communicationsfunction;- Lack of assurances regarding partners own risk management arrangements and outcomes;- Lack of an appropriate framework within the CA that enables a robust and meaningful Annual Governance Review and the subsequent production of the organisation's Annual Governance Statement;- Poor assurance opinion from internal, external and government auditors;- Lack of resilience and business continuity planning regarding IT systems, Human Resourcing / people and property / locations resulting in the organisation experiencing significant 'down-time' in order to recover and return to business as usual;- Decision are challenged, and it becomes difficult to justify and defend them in the public domain;- Lack of transparency resulting in increased FoI requests which draws valuable resource away from the delivery of outcomes;- Lack of internal intranet to enable access to information, standardisation of information etc.- No Risk Management Board or Group in place;- Decisions being taken in isolation, proliferating the feeling of solo working;

Statutory Officers 2 2 3

SCR Assurance and Accountability Framework in Place and reviewed in line with changing governmnet guidelines; Governance and Assurance Group (GAG) in place with agreed Work-plan;Internal Audit function delivered via BMBC with annual audit plan agreed and in place;Internal Audit Plan in place and monitored by Statutory Officers Group;External Audit Plan in place;Performance Management Framework in place;Risk Policy and Strategy refreshed and risk reporting part of Statutory Officers Group responsibilities; Hospitality declaration form in place to record accepted hospitality;

Risks relating to the successful delivery of the CA SEP, resulting in poor levels of growth, job and business creation and GVA resulting in a reduced impact on the economic gap in the region'

Concern Rating 1:Little confidence the

Risk can be improved;

Unachievable Objective;

Difficult to influence;Out of Tolerance.

Concern Rating 2

Concern Rating 3:Some confidence

that the Risk can be improved;

Moderately achievable Objective;Possible to influence;

Barely Tolerable.

Concern Rating 4

Concern Rating 5:Confident that the

Risk can be improved;Achievable Objective;

Easily influenced;Tolerable;

Concern Rating 6

Appendix A


Review Date

Recovery Plan

Organisational redesign in place, further recruitment to vacancies subject to budget underway

Dave Smith 30/06/2017

Review of all services delivered external to core SCR CA team to ensure they are fit for purpose


Development of IT Strategy - refer to IG risk register

Ruth Adams 31/12/2016

SEP refresh and investment plan development work commenced

Fiona Boden

30/06/2017

Assurance Framework review commenced to include recent NAO / PAC / Single pot guidance

SCR Executive Team

31/03/2017


SCR Executive Team

31/03/2017

Organisational redesign to ensure the correct structures are in place to support the delivery of the Assurance Framework completed, process remains to fill vacancies to fully operationalise


Four year investment plans and specification of conditional outcomes leading to improved commissioning planning

Fiona Boden / AD Commisisoning Directorate

30/06/2017

Continual review of Commissioning and programme management arrangements (internally and with internal audit) to improve outcomes and processes

Melanie Dei Rossi

31/12/2016

SEP refresh and investment plan development work commenced

Fiona Boden 30/06/2017

Development of Investment and Commissioning Plans for each of the priority programme areas

AD Policy, AD Commissioning Directorate

30/06/2017

Organisational redesign to ensure the correct structures are in place to support the delivery of theSEP is completed, process remains to fill vacancies to fully operationalise



SCR Executive Team

31/03/2017

Evaluation of projects through monitoring and evaluation plan

Melanie Dei Rossi / Fiona Boden

31/03/2017

Organisational redesign to ensure the correct structures are in place to ensure outcomes are achieved, process remains to fill vacancies to fully operationalise the Operational Contract Management Team


Proj

ects

& C

omm

issi

onin

g

005

Lack of a robust Commissioning and Programme and Project Management framework leading to different arrangements being put in place for similar projects or programmes, resulting in differing levels of quality, issues regarding the CA being a 'commissioner' and 'deliverer' resulting in challenge and the need to re-commission which could affect programming timescales

No standardised approach;No standard appraisal or performance framework to measure and demonstrate outcomes and outputs;Inability to provide appropriate information and assurances to five constituent Executive Boards;Non compliance with Commissioning legislation;Inappropriate involvement / interest from LEP who may present issues regarding conflicts of interest in terms of commissioner / deliverer;Failure to adhere to commissioning and procurement legislation - not complying with procurement regulations and not undertaking procurement in a fair, open and transparent manner;Lack of robust and fit for purpose contracts that set out roles, responsibilities, outcomes etc.Conflict of interests regarding European schemes where there is potential to input into arrangements, and then subsequently bid;

Refresh of SEP and supporting tactical plans and strategies eg SCRIIP, Transport Strategy, Skills and Employment Plan to improve understanding and commitment;Alignment of CA strategies to those of external partners to assist in levering external funding;Partnership in place with representation from constituent Authorities and private sector;Restructuring internally to align resources to appropriate areas;

3 3 4

4 4004

Alig

nmen

t of S

trat

egie

s

007

Failure to ensure that the strategies of the CA and partnering organisations are aligned to ensure a real sense of joined-up working leading to partners looking after their own interests

Too many strategies leading to a lack of focus and mission creep;Lack of joined up working;Loss of commercial edge may result in the loss of private sector stakeholders;Inability to pool budgets in certain thematic areas such as aligning plans around the devolution of employment programmes with the NHS Sustainability and Transformation Plan;

Director Strategy and

Corporate Affairs

Managing Director 3 2 3

Revision and redevelopment of the SEP to include 4 year investment plans specifying the conditional outcomes to be achieved;The Assurance Framework which will be used to measure outcomes and outputs;Need to ensure funding opportunities are aligned to the programming surrounding the delivery of expected outcomes and outputs; 4

Failure to ensure that the CA is undertaking activities that are 'right' for them, rather than those activities partners or other interested parties may expect them to undertake

Inability to maximise benefits and leverage resulting in the CA not being able to deliver on what was promised;Failure to deliver the SEP;Changing expectations from partners in terms of BREXIT - there may be an expectation that the SCR fills the gaps created by the UK leaving the European Union;

Director of Commissionin

g

Staf

fing,

Cha

nge

and

Loca

tion

003

Failure to ensure that the CA benefits from an appropriate level of staffing, resource and capacity, and that they are located in the right areas, to ensure employees have the right skills, in the right areas that enables both the robust management of change and the CA becoming an more agile organisation, leading to the inability to deliver outcomes and ambitions on time and to an expected level of quality.

This also relates to the current lack of co-location (in terms of the physical location of officers and the sharing of systems and processes) leading to duplication, lack of version control and a lack of value for money.

The CA Executive has completed the restructure of existing staff around the newly specified functions;- Consideration as to whether the CA should identify and secure external support, or 'grow their own' in terms of development and competency;- Inappropriate resources will make growth difficult as employees may be asked to deliver more without extra resource;- Inability to keep pace with change and growth;- An under-resourced organisation will have difficulty responding adequately to an emergency event or resilience issue; - Difficulties in ensuring there is an appropriate level of business support in place;- Loss of focus due to external devolution, and the need to ensure original direction and focus is not lost;- Ability and willingness to change in terms of new areas of activity such as Health and Police;- There are currently five IT networks in use due to co-location issues that result in duplication, poor data quality and general governance concerns;- Lack of internal intranet to enable access to information, standardisation of information etc.- There are raised expectation from partners and stakeholders placing more pressure in existing employees, and making the requirement to have high quality employees in place;- Need to ensure there are the right specialist skills and knowledge and organisational capability to be able to successfully implement and deliver against each element of the Devolution deal;

Full review of all policies to ensure relevance to the SCR CA well underway;Business Planning processes assist in the identification of issues and concerns regarding capacity and competency;IT Strategy developed and processes underway to merge systems with PTE as part of wider CA group structure for IT and business continuity;Restructure underway, including creation of some joint services with PTE;Some recent vacancies have resulted in failed recruitments;Review of broad market conditions and pay and reward arrangements undertaken;

'Rig

ht' A

ctiv

ities

3 3 3

Head of Programme

Office

Detailed programme management arrangement in place - approach will be based on MSP (Programmes Management methodology);Single assurance framework in place and assesses schemes against measurable outcomes;Project Appraisal Board, including delegates of the Statutory Offices, in place to 'approve' projects;Processes in place to oversee and monitor programmes;

4 4 5

Del

iver

y of

Out

com

es

008

Lack of control regarding the delivery of outcomes by partners or commissioned service providers leading to a breakdown of the relationship and undermining the trust between 'deliverers' and the CA

Lack of assurances to interest parties such as funders and government departments that performance is being managed, and targets are being met;Changing policy context resulting in changing expectations and the need to ensure flexibility is built into commissions;Need to be able to check and test that specific outcomes can be robustly tracked back to the project or activity that originated them;Lack of benefits realisation;Lack of agreement as to what is to be evaluated due to poor communication as to what the SCR want to be delivered;

Head of Programme

Office

Project governance arrangements;Contractual clauses re clawback linked to output and outcome delivery;Development and Implementation of a robust Monitoring and Evaluation Framework;


Review Date

Recovery Plan

Un-package 'Deal' through negotiation to assist in the identification of opportunities and risks

AD Commisisoning

31/12/2017


SCR Executive Team

31/03/2017

Leader led working group re further consultation to be established


Managing Director

Full governance review undertaken and Governance Work stream in place;Redraft of Assurance Framework to include Mayoral governance controls when required;Consultation Plan revisions to respond to the JR judgement underway;

2 2 2

May

or a

nd D

evol

utio

n

009

Failure to ensure that significant changes and associated opportunities to the structure of the CA in terms of an Elected Mayor and the Devolution Deal are maximised to provide a strengthened approach to governance arrangements

Mayorality disruptive to CA partnership as some unknown effects of governance arrangements;External challenge to the SCR deal;Changing government Ministers (and challenge of BREXIT considerations) creating blockages in progressing the detail of elements of the deal. May result in a shift from commissioner to deliverer;


Review Date

Recovery Plan

Development of Social Inclusion framework and further development and integration of inclusive growth framework

Fiona Boden 31/03/2017

Monitor and Review through Monitoring and Evaluation Framework

Lisa Clark 31/12/2017

Review of Assurance Framework - including the strengthening of gateway processes

Melanie Dei Rossi

31/12/2016

Consideration of Audit involvement in significant schemes - themed audits being developed including Assurance Framework

Sharon Bradley

31/12/2016

013

Failure to ensure the implications of the BREXIT decision are fully understood in terms of the impacts on funding, devolution (and priorities therein), revised budgets (affecting policy), the ability to trade with Europe and the overall stability of partners / providers

Negative impacts on :- Funding opportunities;- Devolution priorities;- Budgets, and the ability to deliver policy outcomes;- The ability to trade with Europe; and,- The stability of partners and providers;Partners may look to SCR for extra provision or assistance with options;

Director Strategic Corproate

Affairs

Forecasting based upon economic and finacial intell eg write down of investment income in advance to manage any future risks post BREXIT

n/a 1

2

Review of CA and programme objectives in light of changing political, economic and social landscape


014

Failure to ensure the liabilities that attach to physical assets in properly understood and managed / mitigated

Lack of oversight regarding asset management arrangements leading to losses and missed opportunities to maximise asset through appropriate use, or disposal;Disjoint between CA and PTE; Managing

Director

CA group Asset Management Plan;

n/a 22

Development of a paper to the Leaders - setting out the issue and proposing a group wide Asset Management Strategy. The aim will be to move the assets to the CA - PTE are the delivery arm, CA is the strategy setter

Gareth Sutton

31/12/2016

Inco

me

and

Expe

nditu

re

012

Unstable finance base, reliant on EZ income to engage in long term planning;

Funding difficulties and issues as a result of inaccurate and late reporting of EZ income;Lack of certainty re gain share;

Finance Officer

Soci

al V

alue

and

CSR

011

Failure to ensure the CA considers wider impacts and outcomes that relate to non-essential impacts such as social value and growth in areas not directly engaged by the CA's activities leading to the CA being unable to recognise and claim success relating to non-economic benefits

Need to identify a balance between Risk and Reward in terms of social value which could negatively affect growth in some areas - for example, if the revised SEP focuses on Inclusive Growth what are the implications for programme areas and communities;If wider objectives are not considered the CA may face criticism and reputational damage - if wider impacts are to be considered they may affect and influence the direct impacts may become more diluted;Any Corporate Social Responsibility Model that the CA develops must be both proportionate and also broad in terms of covering off the large number of areas which the CA operates within;Need to ensure that the focus of the CA is not solely on 'long-term' or 'short-term' impacts - there must be a suitable blend of both;

SCR Senior Leadership

Group4 4 5

Complex finance arrangements requiring tight monitoring;DOFs and Finance Director / Officer regular reporting to CA, CEX and internally;Forecasting based upon economic and finacial intell eg write down of investment income in advance to manage any future risks post BREXIT

2 2 2

Focus on an inclusive growth framework to be embedded within SEP, Programme Management and monitoring and evaluation framework;Liaison with scheme promoters;Development of a policy that will be able to acknowledge trade-offs between risk and reward;The principles of social value are well embedded within the Sheffield City Region Executive Team;

SCR Combined Authority Risk Management Framework | Risk Management Policy

Risk Management Policy

Appendix B


Document Properties Change Record Version Revision Author Description Date 0 1 C James Initial Draft November 2016 0 1 C James Removed specific

reference to ‘transport’. Removed detail at 3rd bullet point and removed 4th bullet

12/01/17

Document Approval Approving Body or Person Role (review, approve) Date


Introduction Sheffield City Region Combined Authority (CA) is responsible for the strategic economic development decision making for the Sheffield City Region (SCR). The CA works closely with the private sector led Local Enterprise Partnership (LEP) to ensure local business representatives are actively involved in decision making processes. The Sheffield City Region Executive Team provides impartial advice to the CA and LEP encompassing the development of policy, strategy, programme commissioning and assurance for the region in order to meet the City Region wide objective of growing the economy. Within the scope of the current Devolution Deal the CA is accountable for agreeing a Strategic Economic Plan (SEP) which captures the ambition, vision and strategic priorities of the CA and the LEP. The SCR Executive Team is responsible for developing this plan and for establishing a set of commissioning plans against the priorities of Skills, Infrastructure, Transport, Housing and Business Growth. Risk management is vital to the successful delivery of the SEP and the CA is committed to developing a risk management framework to identify and assess risks that threaten the achievement of the Plan’s objectives. Policy Objectives The CA and SCR Executive Team will achieve this by:

• actively managing risks in line with best practice through a culture of responsible, informed and controlled risk taking at a strategic, operational and project level

• implementing appropriate responses to identified risks • being responsive to new and emerging risks • contributing to effective corporate governance through the embedding of risk management

policy and procedure into business processes and operations • developing plans for dealing with risks that may occur • being transparent regarding the risks and the effectiveness of the risk management framework

These objectives will be supported through the implementation of a Risk Strategy. The Strategy outlines responsibilities for managing risks and defines how risk management will be applied. It provides the components for delivering the policy and ensuring that risk management arrangements are maintained. The components of the strategy are:

Roles and responsibilities Risk management process

- Risk review - Risk acceptance - Risk recording

Guidance, training and facilitation Assurance A three year Strategic Plan

This policy is subject to regular review and any proposed amendments must be agreed by the Combined Authority.

SCR Combined Authority Risk Management Framework | Risk Management Strategy

Risk Management Strategy


Document Properties Change Record Version Revision Author Description Date 0 1 C James Initial Draft 16/11/16 0 2 C James Amended

reference to Good Governance in Local Government Framework

24/11/16

0 3 C James Amended following meeting with Rob Winter to discuss ‘Governance themes’ approach

30/11/16

0 4 C James Further amendments re ‘Governance themes’

10/01/17

Document Approval Approving Body or Person Role (review, approve) Date


1. Context Within the scope of the current Devolution Deal the Sheffield City Region Combined Authority (CA) is accountable for agreeing a Strategic Economic Plan (SEP) which captures the ambition, vision and strategic priorities of the CA and the Local Enterprise Partnership (LEP). The Sheffield City Region Executive Team is responsible for developing this plan and for establishing a set of commissioning plans against the priorities of Skills, Infrastructure, Transport, Housing and Business Growth. The CA recognises that an effective governance framework is vital to the successful delivery of the SEP and is committed to ensuring that the management of the risks to this is an integral part of the organisation’s internal control and governance arrangements. By maintaining an effective governance framework and managing the risks to it effectively Sheffield City Region (SCR) will be in a stronger position to minimise or avoid threats and exploit opportunities to deliver the objectives of the SEP. SCR also recognizes that the Accounts and Audit Regulations 2015, section 3, requires a relevant authority to have ‘… effective arrangements for the management of risk.’ And, in addition, that Principle F of CIPFA’s Delivering Good Governance in Local Government (2016) outlines risk management as an important and integral part of performance management and crucial to the achievement of outcomes. The purpose of this Risk Strategy is to provide the components for delivering the Policy and ensuring that risk management arrangements are maintained. The components of the strategy are:

Roles and responsibilities Risk management process

- Risk review - Risk acceptance - Risk recording

Guidance, training and facilitation Assurance A three year Strategic Plan

These components are further detailed later in this document. Whilst the principles and mechanics of risk management remain fairly constant, SCR’s role, in a context of a growing policy agenda, growing resources, ambitions and expectations to deliver, is evolving fast. The CA therefore recognises that where there is change, there is risk. Consequently it is critical that both the CA and the SCR Executive Team are clear regarding the importance of an effective and proportionate governance and control framework and the importance of managing the risks to it effectively.

2. Introduction What is Risk & Risk Management? Risk is defined as: an event or situation that could impact positively or negatively on the achievement of SCR’s objectives. A ‘risk’ is made up of an event, which if it manifests will have a negative impact on the SCR’s objectives. Risk is considered in terms of the probability of an occurrence, together with the possible impact, usually expressed by the potential financial loss, and damage to reputation.


However, risk should also be considered and thought of more positively in terms of the context of both missed opportunities, and opportunities that have not been maximised or properly exploited. Risk Management is defined as: the culture, activities and structure that are directed towards the effective management of potential opportunities and threats to an organisation. Why manage Risk? Risk management provides a mechanism for identifying risks which represent opportunities, and those which represent potential pitfalls. It enables the organisation to develop response strategies and allocate resources appropriately. SCR recognises the importance of maintaining a robust risk management system to facilitate and support the evolving governance of the region and the agenda the region faces in a newly devolved set of functions. SCR is clear that embedded risk management processes will ultimately contribute to the provision of assurance regarding the CA’s compliance, performance and overall robustness of its internal control and governance framework. SCRs Approach to Risk Management The CA recognises the importance of having an enabling governance infrastructure through which all activities and responsibilities are discharged. This has been articulated through the identification of 13 themes. These themes, (shown in Annex A) form the basis of the core strategic infrastructure. The risk management approach at this strategic level will therefore focus on how effective the themes are and how they are complied with in order to deliver the CAs objectives. By managing risk to the governance and control framework effectively, SCR will be in a stronger position to minimise or avoid threats and exploit opportunities in order to deliver its objectives. The risk management approach at operational level uses divisional/directorate objectives as a basis for the identification of threats. Risks to Project objectives are identified by scheme promotors and reported through Assurance Framework processes. Further information regarding the reporting and escalation of risks is detailed at section 4.2 and 4.6. The aim of the Risk Management Policy and Strategy is to manage risks that threaten the successful delivery of project objectives, divisional/directorate objectives and ultimately the governance and control framework that underpins the successful delivery of SCRs strategic objectives and, where possible, reduce these to an acceptable level. This strategy document sets out how a culture of risk management will be further developed in the next few years.

3. Roles and Responsibilities In order to ensure that SCR’s risk management arrangements are implemented and delivered effectively, it is essential roles and responsibilities are clearly defined. Risk management is the responsibility of everyone at SCR, but the Combined Authority, Audit Committee, Statutory Officers Group and Executive Managers Group will have specific responsibilities that directly contribute to the effectiveness of the risk management process.


The main roles and responsibilities for risk management at SCR are summarised below. The CA

• Provides strategic direction and determines risk appetite. • Overall responsibility for risk management and sets risk management policy. • Ensures appropriate risk management framework is in place.

Audit Committee

• Provides assurance to the CA on the effectiveness of the risk management framework. • Reviews group risk profile and strategic Risk Management Actions Plans.

Statutory Officers Group

• Foster a supportive environment to promote an 'open' culture which encourages risk reporting.

• Ensure appropriate focus and resources are applied to risk management. • Owns and manages SCR’s strategic risks. • Ensures that key strategies include appropriate risk focus.

SCR Executive Senior Leadership Group

• Encourages business-wide application of risk management. • Ensures the effective and timely upward reporting of significant and emerging risks to

Statutory Officers Group • Provides input to Statutory Officers Group review of strategic risks by reviewing significant

strategic, operational and project risks. Divisions (Programme Commissioning, Programme Assurance and Performance, Strategic and Corporate Affairs)

• Implement an operational risk management process including the maintenance of divisional/ operation Risk Management Action Plans and the management of divisional/operational risks.

• Prepare quarterly reports on significant risk for the Executive Managers Group. Governance & Compliance Function

• Establish and maintain an effective risk management framework. • Design and develop risk management policy and procedures. • Provide support and guidance on the management of risk. • Obtain independent assurance from Internal Audit regarding the effectiveness of and

compliance with risk management processes Individuals

• Comply with SCR’s risk management policy. • Apply risk management processes within their own area.

4. Risk Management Process The Risk Management Process provides a systematic and effective method of managing risks at different levels within SCR. The starting point for an effective risk management process is a clear understanding of the organisation’s objectives and the governance framework that underpins this. This will provide the basis for identifying potential risks that threaten the effectiveness of the governance framework and therefore hinder the delivery of objectives.


The process requires every significant risk to be:

Identified Recorded and owned / allocated to a named manager Assessed for likelihood and impact Mitigated or treated Monitored and reviewed

The key elements of Sheffield City Region's risk management process are shown in Figure 1.


4.3 Risk Assessment Risk assessment is an important step that assists in determining the significance of the risk and informs decisions on where to focus activity to reduce the level of risk. Risks are assessed according to their potential likelihood and impact. SCR’s Risk Assessment Guidelines are included at Annex C. 4.4 Risk Mitigation or Treatment Action plans are developed to manage and reduce the level of risk. Action plans focus on reducing the likelihood of the risk occurring and reducing the impact of the risk should it occur. Contingencies are identified in the event that the risk occurs and the cost of taking action to control the risk is proportioned to the potential benefit gained. Potential ‘losses’ associated with a risk occurring are weighed up against the ‘cost’ of controlling that risk.

4.1

Risk Identification

SCR uses the governance framework underpinning the delivery of the SEP, operational and project objectives as a basis to identify risk. This generates a comprehensive list of threats and opportunities which potentially affect the achievement of objectives. Both external and internal factors are considered. All reports to the CA are required to provide details of any potential significant risks in proposed policy changes, Programmes or Projects. The report must include a specific section on Risk Management implications, where an articulation of the significant risks associated with the proposal, along with assurances that appropriate mitigations actions are (or will be) in place should be detailed. This activity will ensure that report authors are able to provide accurate and appropriate information on the management of risk.

4.2 Risk Recording & Ownership Recording Strategic & Operational The recording, control and monitoring of strategic and operational risks is facilitated through Governance & Compliance function within the SCR Executive Team. Risk Management Action Plans (Risk Register) incorporate specific information about individual risks, the existing controls in place, and action plans intended to further mitigate those risks. SCR’s standard risk description is outlined in Annex B along with further information regarding SCR’s Risk Management Plan template. Project & Scheme Project/scheme risks are recorded and managed by individual scheme promoters. Risks are referenced in the Business Case and appraised as part of the assurance process. Each project is asked to report its most significant risks on a quarterly basis and escalate any requiring the attention of the respective Executive Board. Ownership Every risk is assigned a risk owner and action owner(s). The risk owner carries ultimate responsibility for ensuring the risk is managed and monitored. A risk owner will have sufficient authority to ensure the risk is managed effectively and may assign responsibility to another member of staff with the relevant expertise to manage the risk on their behalf and act as action owner.


4.5 Risk Monitoring The active monitoring of risks is essential to ensuring that risk information remains relevant. Risk Management Actions Plans are formally reviewed and updated as a minimum on a quarterly basis to ensure that new risks are identified, existing risks are continually re-assessed and the effectiveness of controls is reviewed. Regular review and monitoring of risks are embedded into ongoing operational processes. Regular monitoring provides assurance that progress is being made towards controlling risks and that controls are effective. Each Risk Management Action Plan is subject to a formal periodic review by plan owners both in relation to current risks, and the consideration of new and emerging risks. Following each review, those risks falling outside of defined acceptance levels should be escalated and reported to management in accordance with the Risk Acceptance Model. Operational Risk Management Action Plans are also subject to periodic detailed and facilitated reviews, or ‘Challenges’ undertaken by the Governance and Compliance Function in conjunction with Action Plan owners. This process includes a review of the alignment of risks to SEP objectives, the consideration of generic risks, and the reporting and escalation arrangements for ‘out of tolerance’ risks.

4.6 Risk Reporting & Escalation To ensure effective risk management, risks are reported and escalated to the appropriate level in the business. SCR has a reporting and governance structure that is based on a top-down meets bottom up approach which supports risk management at strategic, operational and project/scheme level - this is illustrated in the Risk Reporting Framework at Annex D. Strategic Risks: Strategic Risks are owned by the Statutory Officers Group and managed through the Strategic Risk Management Action Plan. The Executive Team will undertake a twice yearly review to identify any new risks and refresh risk assessments. The strategic risk profile will be presented regularly to the CA and Audit Committee. Operational Risks: Operational risks are managed divisionally (Programme Commissioning, Programme Assurance and Performance, Strategic and Corporate Affairs). Operational risk Management Actions Plans are formally reviewed quarterly in line with an agreed reporting cycle. The most significant risks are reported by the Risk Owner to the SCR Executive Managers Group. This Group reviews and scrutinises these risks to ensure appropriate controls are in place, or in progress, and provide a regular report to the Statutory Officers on significant risks that could that could impact strategic priorities or objectives. Project/Scheme Risks: Project/scheme risks are recorded and managed by individual scheme promoters and reported through Assurance Framework processes. The most significant project risks are escalated to the respective Executive Board by the Risk Owner. In the event that Risk Management Actions Plans are not updated in line with reporting requirements this will be brought to the attention of the relevant committee. 5. Risk Appetite and Acceptance Risk appetite and risk acceptance both set boundaries for how much risk the organisation is prepared to accept in the pursuit of achieving its objectives. Appetite and acceptance are considered through the escalation process. Risk exposure and the requirement for action is considered case by case acknowledging that appetite will differ depending on context.

6. Guidance, Training and Facilitation

• BMBC Risk Management Section provide specialist advice and guidance to the CA and SCR Executive Team. Key members attend the CA, Audit Committee and Statutory Officers Group


Meetings as well as working closely with the Governance and Compliance function with the SCR Executive Team.

• Key SCR Executive Team roles are required to complete appropriate the Risk Managementtraining.

7. AssuranceThe provision of assurance that risks are understood and managed appropriately is an essential measure of the adequacy and effectiveness of the CA’s Risk Management Framework. This assurance is provided in the following ways -

The BMBC Risk Management Section supports the SCR Executive Team in the presentation of an annual Risk Management report to the Audit Committee. This will be supplemented by further update reports throughout the year, and specific reports on the development of the Strategic Risk Management Action Plan. These reports are considered by the Statutory Officers Group prior to being presented to the Audit Committee.

Reports on the development of the Strategic Risk Management Action Plan will also be presented to the Senior Management Team, Audit Committee and Combined Authority

An annual, independent review of Risk Management arrangements is undertaken by the BMBC’s Internal Audit Section and are subject to review as part of the process for the compilation of the Annual Governance Statement.

8. Strategic Plan

The consideration of longer term objectives for the Governance and Compliance function in relation to Risk Management are detailed below:

Phase Year Activity

Dev

elop

men

t and

es

tabl

ishm

ent o

f ris

k m

anag

emen

t cul

ture

2016/17 Embedding of Strategic Risk Management Process CA approval of Risk Policy and Strategy Establishment and development of Operational Risk Management Process (including creation of Risk Management Actions Plans and staff training as appropriate) Full review and refresh of Strategic Risk Management Action Plan to include identification and management of strategic and operational risks presented by MCA Acceptable assurance rating from internal audit Developing and embedding the revised Annual Governance Review process

Embe

ddin

g of

Ris

k M

anag

emen

t pro

cess

es in

to

oper

atio

nal p

roce

sses

2017/18 Self-assessment against Institution of Risk Management best practice Assessment of benefits of establishing an in house risk management function

Review of Risk Policy and Strategy

Internal audit of risk management processes

Wor

king

to

war

ds a

ris

k m

atur

ity

mod

el 2018/19

Financial Management Framework

Programme Performance & Portfolio Management

Decision Making & Transparency

Ethics & Integrity Framework

Strategy Led Prioritisation

WHAT?(our intended

outcomes)

Information Governance

Audit & Scrutiny Arrangements

Business Continuity Management

Stakeholder & Partnership Relationships &

Communications

Risk Management

Leadership & Organisational Capability

Strategic Economic Plan

Organisational Performance & Viability

ComplianceGovernance &

Control Framework(through which we achieve

our intended outcomes whilst acting in the public

interest)

HOW?

Annex A


Annex B


Risk Description & Categories

Description

Risks should be recorded on a Risk Management Action Plan following the standard risk description:

"Failure to…......having the consequence of…… leading to.........." outlined in more detail below.

Risk Description What event could happen that creates uncertainty as to the achievement of objectives? What consequence does this give rise to? What is the impact?

The Risk Management Action Plan is a template that holds all the necessary information about the risks. Sheffield City Region uses a standard Risk Management Action Plan which is included at Annex E. A new version of the action plan should be created each time the plan is reviewed to provide an audit trail of changes to the action plan.

Annex C


Risk Assessment Guidelines – Strategic and Operational Risks - Likelihood and Impact

These guidelines are a tool to assist in the assessment of the level of risk.

LIKELIHOOD

Ranking Probability 4 More than 50% 3 26 – 49% 2 20 – 6 - 25% 1 Less than 1 - 5%

Note: Impact and likelihood are calculated after taking into account those controls and mitigating actions currently in place. The emphasis is on assessing the ‘order of magnitude’ for impact rather than a detailed absolute assessment.

IMPACT

Type of Impact

Level of Impact & Descriptor Political & Economic Reputation Financial

4 Extreme

Government enquiry into operational inadequacies/intervention from Whitehall

Sustained adverse publicity (press, social media) from a national perspective. Serious impact on stakeholder confidence.

Loss of over £10m

3 Major

Concerns or complaints raised in Parliament Adverse publicity (press, social media) from a national perspective. Serious impact on stakeholder confidence. High profile legal proceedings.

Loss of up to £10m

2 Moderate

Local operational issues Regional/Local, short term adverse (press, social media. Significant embarrassment. Moderate impact on stakeholder/partner confidence.

Loss of up to £1m that can be contained within budget

1 Minor

Internal awareness only Isolated, internal issue. Minimal impact on stakeholder/partner confidence.

Loss of up to £200k that can be contained within budget

• Sets Risk Management Policy and Risk Appetite• Regularly reviews reports on Risk Profile

• Provides assurance on the effectiveness of therisk management framework

• Oversight of strategic risks and the adequacy ofcontrols to mitigate risks

• Responsible for implementing risk managementacross all business activities

• Bi-annual assessment of risks to theachievement of SCR’s objectives

• Monitors strategic risks and any significant ornew risks escalated by GAG

• Promotes the embedding of risk managementacross the organisation

• Supports Statutory Officers review of strategicrisk by reviewing significant corporate,operational and projects risks

• Identify and determine appropriate actions toaddress risks

• Quarterly review of divisional operational riskregister for report to SCR Executive ManagersGroup

Programme Office• Monitors risks over the lifetime of the projects• Escalates most significant risks to relevant

Executive Board

Combined Authority

Audit Committee

Executive Management Group

SCR Executive Managers Group

Divisional/Operational Risk Registers

Project Risks

Governance Assurance Group

CA and Audit Committee Oversight

Senior Management

Oversight

Divisional Oversight

• Sets Risk Management Policy and Risk Appetite• Regularly reviews reports on Risk Profile

• Provides assurance on the effectiveness of therisk management framework

• Oversight of strategic risks and the adequacy ofcontrols to mitigate risks

Combined Authority

Audit Committee

Statutory Officers Group

SCR Executive Senior Leadership

Group

CA and Audit Committee Oversight


Annex D

Strategic Risk Management Action Plan Annex E

Ref. Governance

Theme Risk Owner

Risk Description Expected Controls Current Controls Current Risk Assessment Identified Risk Mitigations Completion / Review Date

Action Manager

Progress / Status Residual Risk Assessment Management

Confidence

What Does Success Look Like? / Risk Acceptance

Trend / Direction of

Travel

URN Descriptive title to make it clear to what area, activity the risk relates

Fully described in language that clearly identifies the potential EVENT that gives rise to a CONSEQUENCE that has an IMPACT.

The framework of controls, policies, procedures and good practice that the CA aspires to.

Shows specific aspects of the expected controls that are confidently in place and relied upon to act as ‘current’ controls.

Impact Likelihood

Risk Rating (IxL)

Specific actions to reduce the impact or likelihood

Specific date Responsible officer

RAG Impact Likelihood

Risk Rating (IxL)

Comment on degree of confidence that risk is being managed well

Comment of the overall desired position.

Simple graphic to show periodic change

Easily understood risk.

Include the ‘Theme’ this risk falls under.

Risk Owner - a member of the SMT to show ownership at highest level

Shows that the risk is fully understood in terms of the 3 elements.

Need to review basis for these assessment / scores. Have a clear supporting rationale for the assessment made.

Need to be clear as to what the action is, what the intended outcome will be, if it is to minimise the potential impact or reduce the likelihood. Also, identify any links or dependencies. Expressed in terms of improvements in aspects of the governance framework. Must show how the action will impact on the risk.

End dates or review dates. Cannot use ‘on-going’.

The most appropriate senior manager who would be accountable to the SMT.

Assessment of progress, i.e. on trackor not

Need to review basis for these assessment / scores. Have a clear supporting rationale for the assessment made.

Assessment from ‘SMT’ as to the degree of confidence that the actions can be delivered and that they will have the desired effect on the risk. This is regardless of the residual risk score.

Brief narrative to consider the extent / nature of how the risk will be accepted / tolerated.

Reflect how the ‘risk’ overall is being managed from period to period.


Appendix C SCR Strategic Risks

Financial & Asset Management

Failure to create, maintain and develop an effective strategic and operational approach to financial management that would have the consequence of the CA having the inability to adequately manage its resources and demonstrate compliance with statutory obligations resulting in potentially poor financial management, accountability, transparency and ultimately a failure to achieve intended outcomes.

Programme Performance & Portfolio Management

Failure to create, maintain and develop an effective strategic and operational approach to programme performance and investment management that would have the consequence of the CA having the inability to adequately manage activity and demonstrate the effectiveness of its investments resulting in poor performance, accountability and transparency and, ultimately a failure to achieve intended outcomes.

Reputation Management

Failure to create, maintain and develop and effective strategic and operational approach to engaging, communicating and influencing stakeholders and partners on a local, national and international level, having the consequence of disengagement, misrepresentation and missed opportunities and as well as misaligned objectives and outcomes potentially being delivered that have not taken into account the views of those affect by changes resulting in reputational damage and loss of potential investment and of stakeholder and partner confidence.

Decision Making and Transparency

Failure to have in place clear, defined, effective decision making processes that are in line with transparency rules and public accountability obligations that would have the consequence of the CA potentially making poor and questionable decisions leading to a loss of stakeholder and partner confidence and ultimately a failure to achieve intended outcomes.

Ethics and Integrity Framework

Failure to create, maintain and develop an effective strategic and operational approach to embedding high levels of ethical standards which has the consequence of the CA having the inability to identify and eliminate fraud and bribery and ensure transparency resulting in corrupt or improper practices leading to compliance issues, potential reputational damage and ultimately a failure to achieve intended outcomes.

Information Assurance

Failure to create, maintain and develop an effective strategic and operational approach to information governance having the consequence of the CA having the inability to manage and secure its information assets and systems potentially resulting in poor decision making, security breaches non-compliance and ultimately a failure to achieve intended outcomes.

Appendix C Audit and Scrutiny Arrangements

Failure to have in place effective audit and scrutiny arrangements having the consequence of a lack of independent assurance that the CAs affairs are administered in a proper and effective manner resulting in poor accountability, transparency and ultimately a failure to achieve intended outcomes.

Business Continuity Management

Failure to have in place an adequate, effective approach to business continuity management having the consequence of the CA having poor resilience to factors that could affect objectives, operations and infrastructure and the inability to recover and continue to deliver its intended outcomes in the instance of a negative event or operational disruption.

Risk Management

Failure to create, maintain and develop an effective strategic and operational approach to risk management that would have the consequence of the CA having the inability to actively identify, assess and manage threats and opportunities resulting in poor decisions and a failure to achieve intended outcomes.

Leadership and Organisational Capability

Failure to have in place an appropriate organisational structure and effective leadership and to create, maintain and develop an effective strategic and operational approach to workforce recruitment, development and reward that would have the consequence of the inability of the CA to have in place a structured, skilled and empowered workforce resulting in a lack of organisational capability and a failure to achieve intended outcomes.

Compliance

Failure to create, maintain and develop an effective strategic and operational approach to ensuring legislative, regulatory and statutory compliance having the consequence of the CA having the inability to adequately demonstrate adherence to legal, regulatory and statutory duties resulting in potential litigation, monetary penalties, an inability to maintain trust and confidence causing reputational damage.

Organisational Performance and Viability

Failure to create, maintain and develop an effective strategic and operational approach to managing the performance of the organisation and to ensuring organisational viability having the consequence of the inability of the CA: to adequately manage and demonstrate the effectiveness of its service and; to be able to foster the sustainable development of the organisation, resulting in potentially poor performance, reputational damage, a failure to meet intended outcomes and longer term goals.

Strategy Led Prioritisation

Failure to create, maintain and develop an effective strategic and operational approach to setting the SCR agenda for economic growth and identifying and validating transformational schemes that deliver maximum growth, having the consequence of the inability to deliver potentially game-changing projects having the impact the CA not capitalising on opportunities that could bring about the most positive change.

Purpose of Report

The purpose of this paper is to set out the annual audit planning process and to consult with the Audit Committee with regard to potential projects for consideration in the Internal Audit Plan for 2017/18.



In this section it must be clear if:

A – the paper will be available under the Combined Authority Publication Scheme

B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)

C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)

Recommendations

• Members’ views are sought regarding projects for potential consideration in the Internal Audit Annual Plan for 2017/18.

• Members should pass nominations for the 2017/18 Internal Audit Plan through the Chair for notification to Internal Audit.

• Members consider the proposed planning process and be satisfied that it is sufficiently robust that it will determine a value-adding audit plan, informed by risk and through consultation with appropriate senior management.

27TH JANUARY 2017

AUDIT COMMITTEE: INTERNAL AUDIT PLANNING 2017/18 - CONSULTATION PAPER

http://www.legislation.gov.uk/ukpga/2000/36/part/II

1. Introduction

1.1 The Annual Internal Audit Planning Process for 2017/18 has commenced. The following actions will be undertaken during this process:-

Consideration of issues included in the risk register(s) together with mitigating controls;

Consideration of historical and topical issues as well as horizon scanning to attempt to identify any major issues that might affect the controls, risk or governance of the SCRCA;

Consideration of issues to assist the Section 151 Officer of the SCRCA to fulfil his role and to meet legal requirements;

Consultation with Management responsible for the delivery of services; Consultation with the Audit Committee with responsibility for overseeing delivery of

the work of the Internal Audit Team and with the responsibility for overseeing good governance within the SCRCA.

1.2 The agreed Internal Audit Plan for 2016/17 is included as Appendix A to inform and assist Audit Committee members.

1.3 The consideration of the areas of work to be included in the Audit Plan will have cognisance of risk. Professional standards require audit work to be risk based. It is important therefore that in the process of audit planning the risks associated in the area under consideration have been identified by management.

1.4 The consideration of the areas of work to be included in the Audit Plan will have cognisance of risk. Professional standards require audit work to be risk based. It is important therefore that in the process of audit planning the risks associated in the area under consideration have been identified by management.

1.5 Core financial systems work is completed on a 3 year cyclical basis, unless there is evidence of significant change in the risk profile which may warrant more frequent coverage. This approach was agreed as part of the annual planning process for 2016/17 with the Section 151 Officer and Finance Manager.

1.6 The volume of Internal Audit work will be tailored to the resources the SCRCA allocates for this function. This forms a key part of the audit planning process in order to ensure sufficient overall coverage is provided, but also that opportunities for support to management and the SCRCA are maximised. Irrespective of any resource limitations it is important that the audit planning process identifies all possible pieces of work that are then assessed in terms of risk and importance, i.e. a rationing process is applied to match planned work to risk to resources.

2. Proposal and Justification

2.1 The Audit Committee is Requested to consider possible assignments and general areas for audit coverage. In view of the timetable for Audit Committee meetings and eventual agreement of the Annual Plan members are asked to consider providing the Chair with nominations for collation and notification to the Head of Internal Audit.

3. Implications

3.1 Financial

The cost of the services of the Internal Audit Team is contained within the budget and is periodically invoiced.

3.2 Legal

Section 73 of the Local Government Act 1985 requires the Authority to make arrangements for the proper administration of its financial affairs; and Regulation 6 of the Accounts and Audit Regulations 2011 requires the Authority to maintain an adequate and effective system of Internal Audit of its accounting records and of its system of internal control.

3.3 Risk Management

There are no risk management issues associated with this report.

3.4 Equality, Diversity and Social Inclusion (Equality Act - Public Sector Equality Duty)

There are no diversity issues associated with this report.


4.1 Appendix A – Internal Audit Plan 2016-17

REPORT AUTHOR Rob Winter CPFAPOST Head of Internal Audit

Officer responsible Sharon Bradley CMIIAOrganisation SCRCA

Email [email protected] Telephone 01226 773187

Background papers used in the preparation of this report are available for inspection at: Barnsley Metropolitan Borough Council, Westgate Plaza, Barnsley

Other sources and references: Internal Audit and External Audit reports.

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/85041/equality-duty.pdf


Appendix A

Internal Audit Plan 2016/17

Job Title Audit Type Governance AreasCore Financial System – Main Accounting

Main Financial Systems Financial Management; Internal Controls; Data Quality

Core Financial System – Sales Ledger


Core Financial System - Payroll Main Financial Systems Financial Management; Internal Controls; Data Quality

Core Financial System – Purchase Ledger


Procurement Arrangements Main Financial Systems Financial Management; Internal Controls; Information Governance; Legal

Programme Management Management Audit Financial Management; Internal Controls; Information Governance; Legal; Partnerships

Decision Making incl. Conflicts of Interest

Management Audit Financial Management; Internal Controls; Information Governance; Data Quality; Ethics

Governance Framework Development and Support

Governance Financial Management; Internal Controls; Information Governance; Data Quality; Ethics

Risk Management Governance Financial Management; Internal Controls; Data Quality

AGS Process Governance / Advice Financial Management; Internal Controls; Data Quality

Advice and General contingency Advice All

Audit Committee and Client Liaison; Follow Up of Recommendations; Audit Planning

Advice All

1. Introduction

1.1 As part of its audit committee function the Audit Committee oversees the work of the

Purpose of Report

To inform the Committee of the Internal Audit work completed and in progress from 1st July 2016 to 6th January 2017, the position with regard to the implementation of recommendations, about planned audit work and the performance of the Team.



In this section it must be clear if:

A – the paper will be available under the Combined Authority Publication Scheme

B – the paper is exempt under section 1 to 7 of Schedule 12A to the Local Government Act 1972 (report author to specify which exemption applies and why)

C – the paper is exempt under Part II of the Freedom of Information Act 2000 (report author to specify which exemption applies and why)

Recommendations

It is recommended that Members consider the report and as necessary request further information and/or explanations from Internal Audit or Management.

27th JANUARY 2017

AUDIT COMMITTEE: INTERNAL AUDIT PROGRESS REPORT

http://www.legislation.gov.uk/ukpga/2000/36/part/II

Internal Audit Team and receives various reports. The following have been provided to date:-

April 2016

IA Progress ReportIA Annual Plan Report 2016-17IA Charter & Strategy 2016-17

July 2016

IA Annual ReportIA Effectiveness ReportIA Progress Report

1.2 Assurance Opinion

The Assurance Opinion applied for each piece of work will be selected from the following range:-

Substantial; Adequate; Limited; No Assurance.

The Assurance Opinion is primarily driven by the number and priority level of the recommendations made / agreed. The priority level of recommendations is described either as Fundamental, Significant or Merits Attention.

The Assurance Opinion is influenced by whether the recommendation is in respect of the adequacy (or existence) of a control or the application of an existing control.

The final factor influencing the overall opinion is in relation to the controls assessed and whether the result of that assessment regards the effectiveness of the control as Good, Adequate, Limited or Poor.

2. Implications

2.1 Financial

The charge for the Internal Audit service is estimated to be as planned and consequently there are no financial implications to consider.

2.2 Legal

There are no legal implications.

2.3 Risk Management

Management engagement and responses remain positive which helps support a positive assurance that where opportunities for control, risk or governance improvements are highlighted, these are embraced by management.

2.4 Equality, Diversity and Social Inclusion (Equality Act - Public Sector Equality Duty)

There are no implications.

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/85041/equality-duty.pdf


3.1 The report attached at Appendix A includes:-

significant control or compliance issues; longstanding recommendations; a summary of the work completed and also work in progress since the previous

progress report; assurance opinions given and total recommendations made; recommendations followed-up by Internal Audit since the previous progress report; Internal Audit performance information.

The following section is a legal requirement

REPORT AUTHOR Rob Winter CPFAPOST Head of Internal Audit

Officer responsible Sharon Bradley CMIIAOrganisation Audit Manager (SCRCA)

Email [email protected] 01226 773187

Background papers used in the preparation of this report are available for inspection at: Barnsley MBC Westgate Plaza One office, Barnsley.

Other sources and references: Internal Audit Charter & Strategy 2016-17, Annual Plan 2016-17, Internal Audit Reports, MK Insight (audit management system), Public Sector Internal Audit Standards 2013.


APPENDIX AINTERNAL AUDIT PROGRESS REPORT

1. Annual Plan and Actual Comparison

The annual audit plan for 2016-17 was discussed and agreed in principle with the Executive Director, Section 151 Officer and Monitoring Officer. It was also reported to this Committee at the April 2016 meeting. The plan included a brief description of the work Internal Audit would undertake to support the SCRCA as it evolved during the year to design and embed its control, risk and governance framework arrangements. Each piece of work was to be more clearly defined and scoped as it commenced. In addition, the plan included compliance work to be undertaken by Internal Audit to provide Management and the Committee with assurances that the financial processes were operating effectively and efficiently. It was acknowledged by all parties that a higher number of days was required for 2016-17 (potentially circa. 120 days), to enable Internal Audit to support the SCRCA in establishing its governance framework.

To date, a total of 75 days have been delivered. This is time supporting management to develop and embed the governance framework and also the completion of four compliance reviews (fundamental financial systems 2015-16, skills capital grants, programme management and sales ledger 2016-17). A review of the SCRCA’s procurement arrangement is currently being undertaken.

Due to the continued work in developing and implementing aspects of the SCRCA’s control and governance framework, much of the planned Internal Audit work was scheduled towards the end of the financial year.

It is anticipated that a total of 110 days will be delivered.

2. Significant Control or Compliance issues to bring to the Audit Committee's Attention

The developing and evolving nature of the governance assurance framework during 2015-16 and into the current year resulted in limited audit compliance work being undertaken in 2015/16. Two pieces of work were undertaken, both being concluded during 2016/17.

Whilst not related to any specific audit work, the key message to bring to the Committee’s attention again is the risks associated with the absence of a fully embedded governance framework. No specific issues have been identified based on the audit work undertaken thus far, but clearly the longer the appropriate framework remains not fully implemented, so the risk of problems will increase.

3. Longstanding Recommendations and Management Reponses

This section highlights to Members any recommendations that remain outstanding for 6 months or more following the original recommendation/agreed action target completion date and/or where the recommendation/agreed action target completion date has been subject to 3 revisions.

There are no longstanding recommendations to report at this time.

4. Completed Projects Since last Progress Report

Title of Audit & Date of Report Key Issues and Finding arising from the Audit Assurance

OpinionNo. & Priority of

RecsComments / Follow-up

ActionProgramme Management

20/12/2016

(Refer to Appendix D for full report).

An approved and published Assurance and Accountability Framework is in place to govern the allocation and administration of projects awarded monies from the Growth Deal fund. However, testing confirmed that for one of the sample projects the Project Sponsor had not continued to provide a Dashboard Report demonstrating actual delivery of projected outcomes, outputs and performance measures that were agreed at the original business case stage following receipt of allocated funding; therefore contravening the requirements of the Framework and their Funding Agreement. It was acknowledged that the SCRCA had issued reminders to the Project Sponsor and that the information was provided after conclusion of this review.

The Dashboard approach to reporting on outputs, outcomes and performance against the original Business Case by Project Sponsors is now being utilised across all projects. Project specific reporting requirements are agreed with the Project Sponsor when entering into the Funding Agreement and it is the terms of the Agreement that enables the Performance Team to hold Project Sponsors to account in terms of regular reporting on progression of a project and escalating any failure to provide a return to the relevant Executive Board where appropriate.

A concern that was previously identified and reported upon during a review of the Skills Capital Grants arrangements with regards to the absence of a document file plan upon which to file and retain project related documentation also applies to the projects included within this review. It is acknowledged that an action was agreed with management to address these concerns and that this is currently being progressed. Implementation of the agreed actions in this report will provide for an improved control framework, and this may provide for a more positive (i.e. substantial) assurance opinion should it be reviewed again in future.

Adequate Fundamental (0)

Significant (0)

Merits Attention (3)

No further action required.

Sales Ledger 2016-17

06/01/2017

(Refer to Appendix E for full report).

The Sales Ledger system is currently operated outside of an automated financial system with limited scope for management reporting. However, it is acknowledged that the implementation of the Integra Financial System will provide for improved management reporting functionality. A provision will be made in the 2017-18 Internal Audit planned programme of work to undertake a compliance review on the new system, processes and procedures to be implemented within quarter 4 of 2016-17 and/or quarter 1 of 2017-18.

Substantial None To undertake a compliance review of the new system in 2017-18.

5. Projects / Other work In Progress

Title of Audit or Nature of Audit Activity Key Objective(s) Status / Comment

Procurement Arrangements

To provide assurance that procurement processes are undertaken on a fair, open and transparent basis, comply with regulatory, policy and procedural requirements, and that all actions and decisions fully evidenced. In addition, to confirm that contracts exist and are being effectively managed. The review will include a walkthrough of the procurement arrangements to provide assurance that the processes are robust, efficient and effective.

Testing on site

Main Accounting 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with transactions processed via Main Accounting (i.e. Cash Management and General Ledger systems).

The scope of this review is to provide assurance that the systems, processes and procedures in respect of Main Accounting (i.e. Cash Management and General Ledger systems) are robust and operating effectively & efficiently.

Testing on site

Payroll 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with the Payroll System.

The scope of this review is to provide assurance that the systems, processes and procedures in respect of the Payroll System are robust and operating effectively & efficiently. This includes the recharge arrangements from Barnsley MBC to the SCRCA for payments made to it’s employees.

Testing on site

Purchase Ledger 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with the Purchase Ledger System.

The scope of this review is to provide assurance that the systems, processes and procedures in respect of the Purchase Ledger System are robust and operating effectively & efficiently.

Testing on site

Risk Management To provide advice and support to management with regards to developing a Risk Management Framework. A workshop has been held and a strategic risk register prepared for management.

In progress

Assurance Map To provide advice and support to management with regards to developing an assurance map. In progress

Ethical / Integrity Framework

To review the relevant policies and procedures, in conjunction with management, to identify any points for clarification / further consideration to ensure fully applicable and clear in terms of reporting lines etc (i.e. BMBC policies as the SCR CA Officers are employed by BMBC).

In progress


Attendance at the Governance Assurance Group meetings, to provide advice and also support to management with regards to its governance arrangements.

In progress

Client Liaison Attendance at meetings with the Executive Director, Section 151 Officer and Monitoring Officer, to manage and monitor the audit plan.

In progress

Audit Committee Preparation of reports and attendance at Audit Committee meetings. Throughout the year

6. Planned Work

The audit work undertaken during 2016-17 will be in accordance with the agreed scheduling throughout the financial year.

7. Cancelled / Deferred / Added Assignments

There is one change to the audit plan at this time. The review of IT arrangements has been deferred to 2017-18 due to management currently undertaking a fundamental review of this business area. A review of procurement arrangements is now being undertaken in 2016-17.

8. Internal Audit Performance

The performance indicators for the third quarter are attached at Appendix C. Quarterly performance of the function is satisfactory and all PI’s are either on or exceed target levels.

There has been 1 returned feedback questionnaire for the jobs completed in the financial year to date. An analysis is included at Appendix B.

Table 1ASummary Activity Report

All Audit Reports Completed in each progress report period

Assurance Opinion 01/04/16 – 30/06/16 01/07/16-06/01/17 Cumulative

Substantial 0 1 (50%) 1 (25%)Adequate 2 (100%) 1 (50%) 3 (75%)Limited 0 0 0None 0 0 0TOTAL REPORTS 2 (100%) 2 (100%) 4 (100%)

Total Recommendations

Number of Recommendations

01/04/16 – 30/06/16 01/07/16-06/01/17 Cumulative

Fundamental 0 0 0Significant 1 (17%) 0 1 (11%)Merits Attention 5 (83%) 3 (100%) 8 (89%)TOTAL 6 (100%) 3 (100%) 9 (100%)

Table 1B

Recommendations Followed-up in the period 01/07/16 to 06/01/17

Reporting in the period

Recommendation Classification Followed- Up Completed by

Target DateCompleted After

Target DateNot Yet Completed – Revised Date Agreed

Awaiting ManagementResponse

Fundamental 0 0Significant 3 3Merits Attention 5 5Total 8 8

Table 1CTrend Analysis – All Periods - 2016/17

Assurance Opinions

2016/17 CumulativeP1 P2 P3 P4 2016-17% % % % %

Substantial 0 50 250Adequate 100 50 75Limited 0 0None 0 0

100 100 100

Recommendations

2016/17 CumulativeP1 P2 P3 P4 2016/17No. No. No. No. %

Completed by target date 8 100Completed after target date 0Not yet completed - revised date agreed 0Awaiting Management Response* 0Total followed up 8 100

% Completed by Original Due Date (excl. *) N/A 100

Glossary (For Tables 1A – 1C)

1. Classification of Recommendations

Fundamental A recommendation requiring immediate action – imperative to ensuring the objectives of the system under review are met.

Significant A recommendation requiring action necessary to avoid exposure to a significant risk to the achievement of the objectives of the system under review.

Merits Attention A recommendation where action is advised to enhance control or improve operational efficiency.

2. Assurance Opinions

Level Control Adequacy Control Application

Substantial Assurance

Robust framework of controls exist that are likely to ensure that objectives will be achieved.

Controls are applied continuously or with only minor lapses.

POSITIVEOPINIONS Adequate

AssuranceSufficient framework of key controls exist that are likely to result in objectives being achieved, but the control framework could be stronger.

Controls are applied but with some lapses.

Limited Assurance

Risk exists of objectives not being achieved due to the absence of key controls in the system.

Significant breakdown in the application of key controls.

NEGATIVEOPINIONS

No AssuranceSignificant risk exists of objectives not being achieved due to the absence of controls in the system.

Fundamental breakdown in the application of all or most controls.

The assurance level applied is a judgement based on the overall assessment of the control environment.

Appendix B

Analysis of Internal Audit Feedback Received - period 01/07/16 – 06/01/17

Number ticks shown against each ‘score’ given

Very Good Good Acceptable Poor

A Audit Planning1 Relevance of the audit objectives 1

B Communication1 Consultation on scope and objectives of the audit 12 Communication during all aspects of the audit 13 Helpfulness co-operation of the auditor(s) 14 Professionalism of the auditor(s) 15 The auditor(s) demonstrated an appreciation of any

relevant issues concerning equality and diversity1

C Timing1 Duration of the audit 12 Timeliness of the audit report 1

D Quality of the audit report1 Format and clarity of audit report 12 Accuracy of the findings 13 Relevance of recommendations 14 Overall quality of the report 1

E Value of the audit1 Basic controls assurance the audit has provided 12 Added value given beyond basic controls

assurance1

F Overall Value of the audit1 Overall value of the audit 1

100%

Total Number of ‘ticks’ (A – F) 13 2Percentage 87 13

100

Returned Questionnaires:-Period 1 1Period 2 1Period 3Period 4Total 2

Appendix C

Ref. Indicator Frequency of Report

Target 2015/16

This Period

Year to Date

1.

1.1

2.

2.1

2.2

2.3

3.

3.1

Customer Perspective:

Percentage of questionnaire received noted “good” or “very good” relating to work concluding with an audit report. * Business Process Perspective:

Percentage of final audit reports issued within 10 working days of completion and agreement of the draft audit report. *

Percentage of chargeable time against total available.

Average number of days lost through sickness per FTE (Cumulative 29 days in total)

Continuous Improvement Perspective:

Personal development plans for staff completed within the prescribed timetable.

Quarterly

Quarterly

Quarterly

Quarterly

Annual

95%

80%

73%

6 days

100%

100%

100%

76%

3 days

100%

100%

100%

73%

<2 days

100%

* KPIs relate specifically to the SCRCA.

INTERNAL AUDIT PERFORMANCE INDICATORS FOR 2016/17 (QUARTER 3)

APPENDIX AINTERNAL AUDIT PROGRESS REPORT

1. Annual Plan and Actual Comparison

The annual audit plan for 2016-17 was discussed and agreed in principle with the Executive Director, Section 151 Officer and Monitoring Officer. It was also reported to this Committee at the April 2016 meeting. The plan included a brief description of the work Internal Audit would undertake to support the SCRCA as it evolved during the year to design and embed its control, risk and governance framework arrangements. Each piece of work was to be more clearly defined and scoped as it commenced. In addition, the plan included compliance work to be undertaken by Internal Audit to provide Management and the Committee with assurances that the financial processes were operating effectively and efficiently. It was acknowledged by all parties that a higher number of days was required for 2016-17 (potentially circa. 120 days), to enable Internal Audit to support the SCRCA in establishing its governance framework.

To date, a total of 75 days have been delivered. This is time supporting management to develop and embed the governance framework and also the completion of four compliance reviews (fundamental financial systems 2015-16, skills capital grants, programme management and sales ledger 2016-17). A review of the SCRCA’s procurement arrangement is currently being undertaken.

Due to the continued work in developing and implementing aspects of the SCRCA’s control and governance framework, much of the planned Internal Audit work was scheduled towards the end of the financial year.

It is anticipated that a total of 110 days will be delivered.

2. Significant Control or Compliance issues to bring to the Audit Committee's Attention

The developing and evolving nature of the governance assurance framework during 2015-16 and into the current year resulted in limited audit compliance work being undertaken in 2015/16. Two pieces of work were undertaken, both being concluded during 2016/17.

Whilst not related to any specific audit work, the key message to bring to the Committee’s attention again is the risks associated with the absence of a fully embedded governance framework. No specific issues have been identified based on the audit work undertaken thus far, but clearly the longer the appropriate framework remains not fully implemented, so the risk of problems will increase.

3. Longstanding Recommendations and Management Reponses

This section highlights to Members any recommendations that remain outstanding for 6 months or more following the original recommendation/agreed action target completion date and/or where the recommendation/agreed action target completion date has been subject to 3 revisions.

There are no longstanding recommendations to report at this time.

4. Completed Projects Since last Progress Report

Title of Audit & Date of Report Key Issues and Finding arising from the Audit Assurance

OpinionNo. & Priority of

RecsComments / Follow-up

ActionProgramme Management

20/12/2016

(Refer to Appendix D for full report).

An approved and published Assurance and Accountability Framework is in place to govern the allocation and administration of projects awarded monies from the Growth Deal fund. However, testing confirmed that for one of the sample projects the Project Sponsor had not continued to provide a Dashboard Report demonstrating actual delivery of projected outcomes, outputs and performance measures that were agreed at the original business case stage following receipt of allocated funding; therefore contravening the requirements of the Framework and their Funding Agreement. It was acknowledged that the SCRCA had issued reminders to the Project Sponsor and that the information was provided after conclusion of this review.


A concern that was previously identified and reported upon during a review of the Skills Capital Grants arrangements with regards to the absence of a document file plan upon which to file and retain project related documentation also applies to the projects included within this review. It is acknowledged that an action was agreed with management to address these concerns and that this is currently being progressed. Implementation of the agreed actions in this report will provide for an improved control framework, and this may provide for a more positive (i.e. substantial) assurance opinion should it be reviewed again in future.

Adequate Fundamental (0)

Significant (0)

Merits Attention (3)

No further action required.

Sales Ledger 2016-17

06/01/2017

(Refer to Appendix E for full report).

The Sales Ledger system is currently operated outside of an automated financial system with limited scope for management reporting. However, it is acknowledged that the implementation of the Integra Financial System will provide for improved management reporting functionality. A provision will be made in the 2017-18 Internal Audit planned programme of work to undertake a compliance review on the new system, processes and procedures to be implemented within quarter 4 of 2016-17 and/or quarter 1 of 2017-18.

Substantial None To undertake a compliance review of the new system in 2017-18.

5. Projects / Other work In Progress

Title of Audit or Nature of Audit Activity Key Objective(s) Status / Comment

Procurement Arrangements

To provide assurance that procurement processes are undertaken on a fair, open and transparent basis, comply with regulatory, policy and procedural requirements, and that all actions and decisions fully evidenced. In addition, to confirm that contracts exist and are being effectively managed. The review will include a walkthrough of the procurement arrangements to provide assurance that the processes are robust, efficient and effective.

Testing on site

Main Accounting 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with transactions processed via Main Accounting (i.e. Cash Management and General Ledger systems).

The scope of this review is to provide assurance that the systems, processes and procedures in respect of Main Accounting (i.e. Cash Management and General Ledger systems) are robust and operating effectively & efficiently.

Testing on site

Payroll 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with the Payroll System.

The scope of this review is to provide assurance that the systems, processes and procedures in respect of the Payroll System are robust and operating effectively & efficiently. This includes the recharge arrangements from Barnsley MBC to the SCRCA for payments made to it’s employees.

Testing on site

Purchase Ledger 2016-17 The focus of the Internal Audit work will be on the governance, controls and risk management arrangements associated with the Purchase Ledger System.

The scope of this review is to provide assurance that the systems, processes and procedures in respect of the Purchase Ledger System are robust and operating effectively & efficiently.

Testing on site

Risk Management To provide advice and support to management with regards to developing a Risk Management Framework. A workshop has been held and a strategic risk register prepared for management.

In progress

Assurance Map To provide advice and support to management with regards to developing an assurance map. In progress

Ethical / Integrity Framework

To review the relevant policies and procedures, in conjunction with management, to identify any points for clarification / further consideration to ensure fully applicable and clear in terms of reporting lines etc (i.e. BMBC policies as the SCR CA Officers are employed by BMBC).

In progress


Attendance at the Governance Assurance Group meetings, to provide advice and also support to management with regards to its governance arrangements.

In progress

Client Liaison Attendance at meetings with the Executive Director, Section 151 Officer and Monitoring Officer, to manage and monitor the audit plan.

In progress

Audit Committee Preparation of reports and attendance at Audit Committee meetings. Throughout the year

6. Planned Work

The audit work undertaken during 2016-17 will be in accordance with the agreed scheduling throughout the financial year.

7. Cancelled / Deferred / Added Assignments

There is one change to the audit plan at this time. The review of IT arrangements has been deferred to 2017-18 due to management currently undertaking a fundamental review of this business area. A review of procurement arrangements is now being undertaken in 2016-17.

8. Internal Audit Performance

The performance indicators for the third quarter are attached at Appendix C. Quarterly performance of the function is satisfactory and all PI’s are either on or exceed target levels.

There has been 1 returned feedback questionnaire for the jobs completed in the financial year to date. An analysis is included at Appendix B.

Table 1ASummary Activity Report

All Audit Reports Completed in each progress report period

Assurance Opinion 01/04/16 – 30/06/16 01/07/16-06/01/17 Cumulative

Substantial 0 1 (50%) 1 (25%)Adequate 2 (100%) 1 (50%) 3 (75%)Limited 0 0 0None 0 0 0TOTAL REPORTS 2 (100%) 2 (100%) 4 (100%)

Total Recommendations

Number of Recommendations

01/04/16 – 30/06/16 01/07/16-06/01/17 Cumulative

Fundamental 0 0 0Significant 1 (17%) 0 1 (11%)Merits Attention 5 (83%) 3 (100%) 8 (89%)TOTAL 6 (100%) 3 (100%) 9 (100%)

Table 1B

Recommendations Followed-up in the period 01/07/16 to 06/01/17

Reporting in the period

Recommendation Classification Followed- Up Completed by

Target DateCompleted After

Target DateNot Yet Completed – Revised Date Agreed

Awaiting ManagementResponse

Fundamental 0 0Significant 3 3Merits Attention 5 5Total 8 8

Table 1CTrend Analysis – All Periods - 2016/17

Assurance Opinions

2016/17 CumulativeP1 P2 P3 P4 2016-17% % % % %

Substantial 0 50 250Adequate 100 50 75Limited 0 0None 0 0

100 100 100

Recommendations

2016/17 CumulativeP1 P2 P3 P4 2016/17No. No. No. No. %

Completed by target date 8 100Completed after target date 0Not yet completed - revised date agreed 0Awaiting Management Response* 0Total followed up 8 100

% Completed by Original Due Date (excl. *) N/A 100

Glossary (For Tables 1A – 1C)


Fundamental A recommendation requiring immediate action – imperative to ensuring the objectives of the system under review are met.

Significant A recommendation requiring action necessary to avoid exposure to a significant risk to the achievement of the objectives of the system under review.

Merits Attention A recommendation where action is advised to enhance control or improve operational efficiency.






POSITIVEOPINIONS Adequate

AssuranceSufficient framework of key controls exist that are likely to result in objectives being achieved, but the control framework could be stronger.


Limited Assurance



NEGATIVEOPINIONS



The assurance level applied is a judgement based on the overall assessment of the control environment.

Appendix B

Analysis of Internal Audit Feedback Received - period 01/07/16 – 06/01/17

Number ticks shown against each ‘score’ given

Very Good Good Acceptable Poor

A Audit Planning1 Relevance of the audit objectives 1

B Communication1 Consultation on scope and objectives of the audit 12 Communication during all aspects of the audit 13 Helpfulness co-operation of the auditor(s) 14 Professionalism of the auditor(s) 15 The auditor(s) demonstrated an appreciation of any

relevant issues concerning equality and diversity1

C Timing1 Duration of the audit 12 Timeliness of the audit report 1

D Quality of the audit report1 Format and clarity of audit report 12 Accuracy of the findings 13 Relevance of recommendations 14 Overall quality of the report 1

E Value of the audit1 Basic controls assurance the audit has provided 12 Added value given beyond basic controls

assurance1

F Overall Value of the audit1 Overall value of the audit 1

100%

Total Number of ‘ticks’ (A – F) 13 2Percentage 87 13

100

Returned Questionnaires:-Period 1 1Period 2 1Period 3Period 4Total 2

Appendix C

Ref. Indicator Frequency of Report

Target 2015/16

This Period

Year to Date

1.

1.1

2.

2.1

2.2

2.3

3.

3.1

Customer Perspective:

Percentage of questionnaire received noted “good” or “very good” relating to work concluding with an audit report. * Business Process Perspective:

Percentage of final audit reports issued within 10 working days of completion and agreement of the draft audit report. *

Percentage of chargeable time against total available.

Average number of days lost through sickness per FTE (Cumulative 29 days in total)

Continuous Improvement Perspective:

Personal development plans for staff completed within the prescribed timetable.

Quarterly

Quarterly

Quarterly

Quarterly

Annual

95%

80%

73%

6 days

100%

100%

100%

76%

3 days

100%

100%

100%

73%

<2 days

100%

* KPIs relate specifically to the SCRCA.

INTERNAL AUDIT PERFORMANCE INDICATORS FOR 2016/17 (QUARTER 3)

Sheffield City Region Combined Authority

Programme Management

Final Internal Audit Report

Date of Issue: 20th December 2016

BARNSLEYMetropolitan Borough Council

Contents:

Executive Summary Pages 1 to 3

Findings, Recommendations and Agreed Management Actions Pages 4 to 7

Glossary of Terms Page 8

Feedback Questionnaire

Audit Control Table:

Pre-audit Meeting Date: 28th June 2016

Draft Report Issued: 28th September 2016

Draft Report Discussed: 20th October 2016 & 25th November 2016

Final Report Issued: 6th November 2016Revised 20th December 2016

Report Circulation:

Client Sponsor: Melanie Dei Rossi, Head of Performance

Report Distribution: Ruth Adams, Director of Skills and PerformancePeter Hague, Programme Management OfficerEdward Fletcher, Programme Management OfficerDave Smith, Managing DirectorEugene Walker, Section 151 OfficerAndrew Frosdick, Monitoring Officer

Audit Team: Sharon Bradley, Audit ManagerCaroline Hollins, Senior Auditor

Executive SummarySCRCA - Programme Management

1

Introduction and Background

A review of Sheffield City Region Combined Authority’s programme management arrangements and compliance with the Assurance and Accountability Framework for projects successful in securing funding from the Authority has recently been undertaken. This formed part of the agreed programme of work relating to 2016/17.

Scope

To provide assurance that the programme management framework was robust, operating effectively and efficiently, and that it had been complied with by all relevant parties. In addition, to support the SCR CA to develop an organisational file plan structure upon which to file and retain all project related documentation.

Objectives

The objectives specific to this review were to ensure that:-

An effective Assurance Framework existed clearly outlining the decision making process on the delivery of the City Region's Growth Deal allocation and Strategic Economic Plan, that this had been appropriately approved and that it was fit for purpose;

An effective programme management process had been applied to grant funded projects, demonstrating project delivery against pre-planned outputs / outcomes in accordance with the Strategic Economic Plan;

By sample testing a couple of projects (namely Seymour Link Road and Doncaster Town Centre), there was evidence of compliance with the Assurance Framework requirements by all relevant parties.

In addition, to provide advice, support and guidance to management on the development and implementation of a dynamic reference system for all project files, ensuring that a consistent and adequate management trail had been maintained for grant funded projects.

Risk Management

In preparing and carrying out the review the Auditor took into account the following specific risks from the Strategic Risk Register. In light of the audit findings and the management action agreed it may be necessary to update the relevant risk register.

Risk No 001 - Partnerships / Relationships Risk No 005 - Projects and Commissioning Risk No 008 - Delivery of Outcomes Risk No 012 - Defrayed Expenditure

Overall Conclusion

An approved and published Assurance and Accountability Framework is in place to govern the allocation and administration of projects awarded monies from the Growth Deal fund. However, testing confirmed that for one of the sample projects - namely Seymour Link Road - the Project Sponsor had not continued to provide a Dashboard Report demonstrating actual delivery of projected outcomes, outputs and performance measures that were agreed at the original business case stage following receipt of allocated funding; therefore contravening the requirements of the Framework and their Funding Agreement.


2

It is acknowledged that the SCRCA have issued reminders to the Project Sponsor and that the information was provided after conclusion of this review.


A concern that was previously identified and reported upon during a review of the Skills Capital Grants arrangements with regards to the absence of a document file plan upon which to file and retain project related documentation also applies to the projects included within this review. It is acknowledged that an action was agreed with management to address these concerns and that this is currently being progressed.

Implementation of the agreed actions in this report will provide for an improved control framework, and this may provide for a more positive (i.e. substantial) assurance opinion should it be reviewed again in future.

Assurance Opinion

From the audit review, Internal Audit has made 3 recommendations, these have been classified as:

● Fundamental Recommendations 0● Significant Recommendations 0● Merits Attention Recommendations 3

Based on the above Internal Audit can provide the Head of Performance with an adequate assurance opinion in relation to the internal control framework. This is a positive assurance opinion, and implementation of the agreed actions will improve the further overall control framework. An explanation of the ratings is included within the Glossary of Terms.

Conclusion on Control Adequacy

Adequate assurance indicates that Internal Audit concluded that there is a sufficient framework of key controls in place that are likely to result in the organisation’s objectives being achieved, but that the control framework could be stronger. From this review, two recommendations made related to the adequacy of controls, both were categorised as merits attention.

Conclusion on Control Application

In relation to the application of key controls in the system reviewed adequate assurance indicates the controls in place are applied but with some lapses. From the review, one recommendation made related to the application of controls, this was categorised as merits attention.


3

Positive Findings

The following good practices were identified during the audit:

The Assurance and Accountability Framework clearly sets out the purpose of grant funding, how to apply for the funding and the end to end process that will be adopted in terms of awarding grant funding and monitoring of successful projects;

All grant applications are evaluated to ensure that they meet the Framework requirements prior to approval to advance to the next phase of the process;

A standard process has been adopted for the evaluation of successful projects.

Acknowledgement

Internal Audit would like to take this opportunity to express its thanks to the management and staff within the Policy and Performance Team for their help and co-operation during the audit.

Confidentiality

This report is strictly private and confidential and as such is for the exclusive use of the intended recipients. The content and results of the audit should not be copied in part or in whole without the prior permission of the receiving sponsor of the report.

Audit Methodology

The audit was conducted in conformance with the Public Sector Internal Audit Standards using a combination of enquiry, observation and sample testing techniques.

Findings, Recommendations and Agreed Management ActionsSCRCA - Programme Management

4

Ref Finding Recommendation CategoryAccepted Y/N Agreed Management Action

Agreed Timescale and Responsible

OfficerRisk: Inaccurate reference to the publication of the SCR CA’s register of interests may lead to a lack of openness and transparency.

1.1(R1)

Sheffield City Region's Assurance and Accountability Framework was launched in March 2016 and sets out the mechanisms that will be used to make decisions on the delivery of the City Region's Growth Deal allocation and it's Strategic Economic Plan more broadly.

Part 1 of the Framework relates to the purpose, structure and operating principles of Sheffield City Region and incorporates the requirement of each member of the SCR CA to make a declaration of interest for the purposes of their individual organisations.

The Framework states that the register of interests is published by the South Yorkshire Joint Secretariat on its web page however, this organisation disbanded in March 2016.

Consequently, the document does not provide for the current publication arrangements.

Reference to South Yorkshire Joint Secretariat should be removed from the Assurance and Accountability Framework, with revisions made to accurately reflect the current publication arrangements.

This is a control adequacy issue.

Merits Attention

Y

The Assurance and Accountability Framework now contains an accurate link to publication of the SCR CA’s register of interests.

Complete

Risk: Failure to maintain evidence to support the evaluation of grant applications at each stage, the decisions made, approvals obtained and also communication of the outcome to applicants. This may lead to a challenge that cannot be evidenced, i.e. impacting on the reputation of the SCRCA.

2.1(R2)

The Project Lead has struggled to locate source documentation requested to support the processes undertaken and decisions made for the 2 projects included within this review.

Discussions with the Project Lead and the Head of Performance confirmed that historically an inconsistent approach existed for the filing and retention of documentation. This has resulted in an incomplete audit trail for projects, with

Following establishment of a document file plan for SCRCA related projects, arrangements should be put in place to ensure that all project files are ordered appropriately creating a complete management trail for historic and future grant funded projects.

This is a control adequacy issue.

Merits Attention

Y

Work is on-going to develop common ways of storing and filing documentation and ensuring all staff have the relevant access rights.

Access to copies of board papers will continue to be by request in relation to the Skills and Employment and other Executive Boards.

31st March 2017

Head of Performance


5



Officer

documentation held on Officer's e-mail accounts and /or personal drives.

It is acknowledged that the Head of Performance is currently working with the Principal Records and Information Manager (BMBC) to establish an organisational file plan. This process will identify all documentation required to make up a project file and how this is to be filed, resulting in a consistent approach for the retention of project documentation in future. Advice has been provided by Internal Audit during this review to support the Head of Performance in terms of the structure of the file plan to be adopted.

This finding was originally raised as part of the recent Skills Capital Grant audit; implementation of that agreed action (entered in italics within the agreed management action) will be monitored as part of that review.

Risk: The proposed outcomes / benefits of successful projects are not monitored and/or delivered. This results in failure to meet the original grant application requirements, and failure to effectively utilise the grant funding.

3.1(R3)

The Assurance and Accountability Framework states that the final element of the SCR's programme management life cycle will comprise the monitoring and evaluation of schemes that are being delivered and then completed. Schemes' progress will be monitored against an agreed set of measures including inputs, outputs, outcomes and impacts for:- delivered scheme and timescale; costs; impacts on the economy; and environmental impacts.

The SCR Performance Team should ensure that Project Sponsors submit quarterly performance reports following receipt of the final funding payment evidencing actual outputs, outcomes and performance of individual projects against the original Business Case; in accordance with the Assurance and Accountability Framework.

Merits Attention

Y

Project specific reporting requirements are agreed with the Project Sponsor when entering into the Funding Agreement and it is the terms of the Agreement that enables the Performance Team to hold Project Sponsors to account in terms of regular reporting on progression of a project, with failure to submit returns being escalated to the relevant Executive Board where appropriate.

Complete


6



Officer

At the time of this review, the SCR had recently implemented a dashboard approach to managing the performance of the SCR Investment Fund projects and programmes. One of the projects included in this review (Doncaster Urban Centre - Colonnades) had not reached funding agreement stage and therefore was not a live project.

The second project included in the review (Seymour Link Road) had a Funding Agreement dated 29th October 2015 and a quarterly performance monitoring dashboard was due for submission to the SCR CA by the Project Sponsor at Derbyshire County Council in April 2016 (to cover the period January to March 2016). However, discussions with the SCR's Programme Management Officer confirmed that Derbyshire County Council had not submitted a return for that particular period (all funds had been claimed in 2015/16 (totalling £3,780,000).

It was acknowledged by the Programme Management Officer that this is not in accordance with the Assurance and Accountability Framework requirements, as the Project Sponsor should continue to report on actual outputs and outcomes against those projected in the approved business case throughout the life of the project. A reminder was issued to the Project Sponsor to provide the required information.

Consequently, the SCR has not obtained the required assurance that the objectives / deliverables of the funded project are on track to be fully delivered.

This is a control application issue.

Up to date quarterly reports for the two sample projects - Doncaster Colonnades and Seymour Link Road - were provided to Internal Audit following issue of the draft report confirming that monitoring is now being undertaken.

Since issue of the draft report, considerable progress has been made with implementation of the dashboard approach to reporting on outputs, outcomes and performance against the original Business Case by Project Sponsors.

The Dashboard approach to reporting on outputs, outcomes and performance against the original Business Case by Project Sponsors is now being utilised across all projects.

Glossary of TermsSCRCA - Programme Management

7


Fundamental A recommendation requiring immediate action – imperative to ensuring the objectives of the system under review are met.Significant A recommendation requiring action necessary to avoid exposure to a significant risk to the achievement of the objectives of the system under review.Merits Attention A recommendation where action is advised to enhance control or improve operational efficiency.






POSITIVEOPINIONS

Adequate Assurance

Sufficient framework of key controls exist that are likely to result in objectives being achieved, but the control framework could be stronger.


Limited Assurance



NEGATIVEOPINIONS



Documents

NOTICE OF MEETING › wp-content › ...2 urgent items / announcements no urgent items were requested. 3 items to be considered in the absence of public and press none. 4 declarations