3.1 The Annual Governance Statement has been prepared with evidence gathered from various different sources to ensure that it properly reflects the effectiveness of the council’s arrangements during 2021/22. The information gathered to inform the evidence base is summarised in paragraphs 3.1.1 to 3.1.6 below.
3.1.1 Heads of Service have reviewed the effectiveness of governance arrangements within their area of responsibility by completing a Certificate of Assurance and updating a 75 point checklist covering: the control environment, risk management, business planning / information / reporting, financial control processes, project management, monitoring and corrective action, human resources, arm’s length bodies, and assessing whether key controls have been applied during 2021/22.
Through this process Heads of Service have confirmed corporate governance arrangements and financial controls in their area of responsibility have been, or are, working well and there are no other significant matters arising which would require to be raised specifically in the Annual Governance Statement.
3.1.2 The council’s seven arm’s length external organisations (ALEOs) have also completed a Certificate of Assurance and updated the accompanying 58 point checklist to support the preparation of the council’s statements on corporate governance and internal financial control for year ending 31 March 2022.
In this respect, the Chief Executive or Senior Representative for each of the ALEOs has confirmed corporate governance arrangements and financial controls in their organisation have been, or are, working well and there are no other significant matters arising which would require to be raised specifically in the council’s Annual Governance Statement,
3.1.3 Compliance with four specific CIPFA statements.
(1) The CIPFA Statement on the role of the Head of Internal Audit in public service organisations (2019).
To enable the Head of Audit and Risk to fulfil his role in this respect, the Corporate Management Team are required to ensure they “set out how the framework of assurance supports the Annual Governance Statement and identify internal audit’s role within it”. This assurance is provided through the Strategic Governance Framework (which has undergone an annual review and refresh process in order to identify how the effectiveness of the council’s governance arrangements has been monitored and evaluated in the year) and which was endorsed by the Corporate Management Team at its meeting in June 2022.
In line with the Public Sector Internal Audit Standards (PSIAS), and the council’s Internal Audit Charter, the Head of Audit and Risk has provided an annual opinion on the “overall adequacy and effectiveness of the organisation’s framework of governance, risk management, and control”. The Corporate Management Team considered and noted the Internal Audit annual report 2021/22 and annual opinion from the Head of Audit and Risk on 7th June 2022. This report stated that the annual Internal Audit opinion is unqualified and offers a generally positive view of the council’s governance and internal control arrangements.
More specifically the Internal Audit annual report 2021/22 states that it is the opinion of the Head of Audit and Risk that “reasonable assurance can be placed on the adequacy and effectiveness of the council’s framework of governance, risk management, and internal control for the year ended 31st March 2022”.
(2) CIPFAs Position Statement: Audit Committees in Local Authorities (2018).
In this respect the activities and functions of the council’s Audit and Scrutiny Panel are required to reflect the standards set out in the CIPFA Statement.
The Strategic Governance Framework sets out the evidence in this respect and confirms that during 2021/22 the purpose of the Audit and Scrutiny Panel was to “provide independent assurance to the council and those charged with governance on the adequacy of the council's risk management framework and internal control environment” and its activities included providing an “independent review of the council's governance, risk management, performance, and control frameworks and oversees the financial reporting and annual governance processes” - as set out in the Scheme of Administration (December 2019).
(3) The CIPFA Code of Practice on Managing the Risk of Fraud and Corruption (2014). This statement looks for compliance in terms of developing a strategy and identifying the risks. In this respect the council has a number of policies and procedures in place as noted below:
- Corporate Anti-Fraud Policy and Response Plan (updated in June 2017, review scheduled to be undertaken during 2022/23).
- Whistleblowing Procedures (update approved in March 2022).
- Gifts and hospitality policy for employees (incorporated into the Employee Code of Conduct in 2018) with a register that is updated every six months.
- Employee Code of Conduct (update approved in March 2021).
- Code of Conduct for Chief Officers (updated in November 2017, review scheduled to be undertaken during 2022/23).
- Information Security Policy (update approved in June 2021).
The identification of risks is carried out in line with the council’s Risk Management Strategy and through the risk for serious organised crime, fraud, and corruption which sits within the Corporate Risk Register. The Head of Legal and Democratic Solutions (the council’s Monitoring Officer) is the identified lead for this risk.
The CIPFA statement also requires responsibility to be acknowledged. In this respect the Internal Audit annual report 2021/22 from the Head of Audit and Risk specifies that Internal Audit “has responsibility for investigating, as appropriate, alleged frauds and irregularities brought to our attention in accordance with the council’s anti-fraud policy. Where detailed work is carried out, the findings are reported to the Chief Executive and/or the relevant Head of Service with recommendations made which are designed to address any weaknesses identified. Such work is reported to the Audit and Scrutiny Panel, as appropriate, in line with the approved Internal Audit reporting protocol which forms part of the Internal Audit Charter.”
The Internal Audit annual report 2021/22 from the Head of Audit and Risk has confirmed that “All audit investigations of suspected fraud and/or irregularities are reported to the Panel in line with the agreed Internal Audit reporting protocol. I am also pleased to be able to report that there were no material frauds or irregularities identified in 2021-22 that I require to bring to your attention”.
(4) The CIPFA Statement on the role of the Chief Financial Officer in Local Government (2016). It is specified in this CIPFA Statement that the Annual Governance Statement is required to “address the authority’s arrangements for financial and internal control and for managing risk”. This is addressed through the annual audit opinion provided by the Head of Audit and Risk (referenced above).
The extent of the council’s compliance in this respect (and the role of the Chief Financial Officer therein) is further demonstrated through the self-evaluation exercise undertaken in 2022 which concluded that the council’s financial management practices comply with all aspects of the CIPFA Financial Management Code. The self-evaluation also confirmed that the council’s Chief Financial Officer operates in a way that is consistent with the CIPFA Statement.
3.1.4 Various self-evaluation exercises have been undertaken by the council as part of the governance and performance management arrangements. This has been undertaken in line with the refreshed Strategic Self-Evaluation Framework and rolling review programme which were approved by the Audit and Scrutiny Panel in September 2021. During 2021/22 five self-evaluation exercises were completed in terms of:
- Compliance with the CIPFA Financial Management (FM) Code. This self-evaluation concluded that the council’s financial management practices comply with all aspects of the CIPFA FM Code with an average overall rating of 98% from the assessment team in terms of strongly agreeing or agreeing the extent of compliance across all of the 17 financial management standards. This is supported by a significant bank of evidence collected through a desktop exercise and substantiated by the assessment team which comprised members of the Corporate Management Team.
- Reviewing the adequacy and effectiveness of the revised Corporate Management Team arrangements including how well it operates as a vehicle for monitoring and scrutinising progress implementing The Plan for North Lanarkshire and individual Programme of Work items. This self-evaluation identified that the Corporate Management Team has a clear vision and effective leadership with a sound approach that provides a clear direction for its work. In terms of deployment and assessment and review, it was considered that the new arrangements had not yet had the time to be embedded fully. Notwithstanding this, the evidence suggests there is room for improvement in terms of ensuring that the arrangements work effectively in practice and are implemented to their full potential. As such, a number of improvement actions (with responsibilities and timelines) have been agreed for implementation during 2022/23.
- Risk governance arrangements in respect of DigitalNL. This self-evaluation supported the annual review of the DigitalNL Programme Risk Register and, while focusing on both the risk management arrangements and the risks themselves for the DigitalNL programme, it also considered the inter-relationships of associated programme risks across the three levels in the organisation (project, service, corporate). The findings from the self-evaluation exercise were reported to the Transformation and Digitisation Committee in November 2021. One improvement action was identified - this was to consider the inter-connectedness of the DigitalNL programme risks with those on the Corporate Risk Register and the Business Solutions Service Risk Register to ensure risks are managed at the appropriate level in the organisation, and the mitigating actions and controls are aligned and implemented accordingly.
- Reviewing whether the arrangements for the Data Governance Board (DGB) adequately contribute to the achievement of the council’s vision as detailed in the Roadmap. Undertaken at a time that followed changes to the membership of and arrangements for the DGB, this self-evaluation identified two areas requiring improvement for which an action plan has been agreed by the Board. These improvement actions focus on (a) those which require to be considered within the context of the efficient operation of the DGB, and (b) those which require to be aligned to the combined Action Plan for the Board (which comprises the Information Governance Action Plan and Data and Information Management Strategic Roadmap work packages) to avoid any duplication and ensure a fully integrated approach to improvement.
- The effectiveness of current arrangements for the North Lanarkshire health and social care IJB and how well the Board meets its intended outcomes. Findings from this self-evaluation exercise demonstrate the extent of the positive results and good practice examples identified by the assessment team. Only three areas for improvement were identified and these aim to further strengthen existing arrangements and add value to existing practices, rather than fill any gap or address any significant issue in terms of effectiveness. Findings from this exercise also serve to reassure the new members of the IJB (both Elected Members and executive members) of the effectiveness of the current arrangements for the Board and its supporting governance, and sets out the priorities for improvement in this respect.
3.1.5 The evidence has also included an annual review and refresh of the council’s Strategic Governance Framework. In this respect:
- An annual review process is in place to fulfil the requirements of the national Delivering Good Governance in Local Government: Framework. This process also sets out the role of the Chief Officers and Elected Members who are responsible for implementing the council’s governance arrangements and ensuring the local code is assessed on an annual basis to ensure ongoing effectiveness and compliance. The annual review and update of the Strategic Governance Framework was endorsed by the Corporate Management Team at their meeting in June 2022 in line with their role to also identify any improvement actions and/or future planned developments in relation to key governance arrangements and continuous improvement activity.
- In line with the annual review process, each of the elements and mechanisms within the Strategic Governance Framework have been reviewed with updates made as required to the relevant documentation and hyperlinks, as well as the review timeframe and date of next update, and the assessment of the current position (which includes the corresponding RAG status). This process ensures all elements and mechanisms are as up to date as they require to be while providing a method by which to identify and prioritise items requiring to be reviewed and updated further.
- An Internal Audit on Corporate Governance in March 2022 cited the formal assessment process now in place through the Strategic Governance Framework and its accompanying review programme as good practice. It was also cited that there are now “formal and robust arrangements” in place to ensure that such reviews are undertaken on an annual basis.
- The Internal Audit on Corporate Governance also reported on the assessment of the council’s local code against the Delivering Good Governance in Local Government: Framework and found that this process was “generally robust and effective”. The findings also noted that the assessment had indicated a “high level of compliance with the Corporate Governance framework, which was broadly consistent with Internal Audit’s assessment undertaken of Principles A and B”.
3.1.6 Comments made by the external auditors and other audit and inspection bodies, feedback from Elected Members and committees in their scrutiny role, and issues considered by the Audit and Scrutiny Panel.