Home Publications

Audit and Accountability Meeting Minutes - 19 October 2022

Our business

Our business icon

Audit and Accountability Meeting Minutes - 19 October 2022

25 Jan 2023
Our business Audit and Accountability Committee minutes
Content

Agenda

Chair – Welcome and Apologies 
Declaration of Interests – review & update 
Minutes and actions arising from previous meeting 
Commissioner 
Finance 
Any other business

Attendees     

Audit & Accountability Committee                                                                     

Catherine Dyer (Chair) 
Elizabeth Humphreys (LH) (attending via MS Teams) 
John McCroskie (JMcC) 
Lena Collins (LC) 
Michelle Wailes (MW) (attending via MS Teams) Robert Scott (RS) 

PIRC 

Michelle Macleod     Commissioner (MM) 
Phil Chapman          Director of Operations (PC) 
Sharon Smit            Accountable Officer / Head of Corporate Services (SS) 
Jennifer Fisher         Secretariat (JLF) 

Auditors 

Michael Gibson, RSM (MG) (attending via MS Teams) 
Nneamaka Ochuba, AZETS (NO) 

Welcome and Apologies 

No apologies were noted. 

Declaration of Interests – review and update 

No declarations were noted. 

Minutes and actions arising from previous meeting 

The minutes of the July 2022 meeting were approved. 

Internal Audit – RSM 

In addition to the Progress Reports circulated prior to the meeting, Michael Gibson (MG), of RSM UK Risk Assurance Services provided members with the following update: 

Progress against the 2022/23 internal audit plan (as agreed by the Committee on 25 April 2022): 75% 
The next scheduled audit is a follow-up audit of previous Internal Audit Management Following discussion with PIRC, it has been agreed that this review will take place the week commencing 7 November 2022 and will be reported to the Committee in January 2023. 
Two reports have been finalised and issued since the previous Committee meeting: 
HR Recruitment and Selection: This audit resulted in 1 medium and 6 low priority actions being 
Creditor Payments (including Procurement Cards): This audit resulted in 1 medium and 6 low priority actions being 
In relation to the HR Recruitment and Selection audit report, LH questioned if there were any plans to recruit further staff prior to the end of 2022 and if the current HR policies are in line with current legislation i.e., Equalities legislation etc. SS advised that there are still a small number of posts that PIRC is seeking to fill. MG confirmed that the policies reviewed during the HR Recruitment and Selection Audit were those available at that time. He advised that RSM are not able to provide HR or legal advice to PIRC in relation to amending policies, however, if there were any significant omissions, this would be highlighted within the audit report for PIRC to address. 

SS confirmed that all HR policies are reviewed annually or bi-annually, taking cognisance of current legislation and best practice from other organisations. Any amendments to HR policies are discussed with the PIRC Staff Representative Group prior to final approval by the Senior Management Team. 

LC asked if any of the highlighted issues in relation to providing evidence of information / compliance were due to changes in working practice due to COVID-19 restrictions/changes to process. SS confirmed that, due to internal changes by the third-party service provider, Optima Health, the outcome of pre-employment medical checks can be viewed online, and an email is sent confirming the outcome but that it had not been retained in staff files. This will now be done. SS also advised that PIRC obtains vetting and references for all new starts to ensure that candidates meet the requirements of the offer of employment. 

JMcC questioned if PIRC were able to provide feedback to Optima Health regarding the service provision. SS advised that she meets regularly with the Optima Health Account Manager to review any issues and that the Account Manager is very responsive to feedback. 

In relation to the Creditors Payments, including Procurement Cards, audit report, JMcC noted that the report was reassuring and questioned if, in relation to Management Action 6, if it would be appropriate for PIRC to develop “How to” training videos for staff in respect of procurement of goods / items / use of Procurement Cards. SS confirmed that processes were being reviewed to ensure they were fit for hybrid working and that training would take place for staff. 

AP43 - PIRC to consider developing training videos for staff on procurement of goods / items rather than only referencing Procurement Manual. 

Additionally, MG provided a verbal update in respect of the IT Health Check Audit report finalised in August 2022. 

AP44 – provide members with a copy of FINAL IT Health Check Audit Report – Complete 

This audit resulted in 1 high and 2 medium priority actions being identified. It was highlighted in the report that PIRC is heavily reliant on Scottish Government to perform regular penetration testing on systems in use but that no defined policy or Service Level Agreement (SLA) is in place to cover this aspect. 

SS advised members that she was in contact with SG to see what assurances they could provide, and the audit log will be updated to reflect this by the next meeting. 

AP47 - Scottish Government to provide formal and documented assurance to PIRC for all penetration testing carried out. 

MM advised that the recently held Business Continuity Test (20 September 2022) was designed to test staff response to a cyber-attack event. It was further noted that feedback from this test event was being collated and reviewed, by the Business Continuity Group. Once feedback was reviewed and an action plan drafted, it will be forwarded to the Senior Management Team for further review / action.                                                                                         
LH commented that it would be helpful if the feedback from the Business Continuity Test could be shared with members at the next meeting. 

AP45: Feedback from Business Continuity Test on 20/9/2022 to be shared with members when available. 

JMcC asked what steps are being taken regarding Cyber Security Training and the timescales for completion. SS advised that Cyber Security Awareness sessions are now in place for all staff with a further mandatory session taking place in January 2023. 

MW asked if the opinion within the IT Health Check report had made any difference to the overall opinion of the Annual Internal Audit Report. MG advised that the Annual Internal Audit Report was currently under review by a Senior Partner and would be shared when available and that it did not alter the overall opinion. 

AP46 – Provide members with a copy of Annual Internal Audit Report 2021/22 when available - Complete 

LH advised that she was is the Chair of the Audit & Risk Committee for SAMH and would be happy to share her experience of Cyber Attack Recovery, if helpful. SS welcomed LH’s offer of assistance. 

RS asked if the new PIRC website was stand alone and if any statements of assurance were held. PC confirmed that as part of the procurement process, assurances around security and cyber integration had formed part of the process. 

JMcC questioned if there was any proposal to audit the Scottish Government IT provision in future audits. SS advised that PIRC has an SLA with the SG for IT services and that a Scottish Government IT Business Partner is involved (informally) prior to any SG IT changes or initiatives being implemented. 

External Audit – Azets 

In addition to the 2021/22 Annual Audit Report Progress Report circulated prior to the meeting, Nneamaka Ochuba, Audit and Assurance Manager, provided members with the following update: 

The auditors were content with revised annual accounts, including audit of revisions and disclosure of changes identified during audit 
In contact with Nat West Bank plc to review bank confirmation – Now Complete 
All material disclosures required by relevant legislation and applicable accounting standards have been appropriately 
No material weaknesses or significant deficiencies were 
No potential adjustments, other than those considered to be trivial, were identified during 
Strategic Plan and Business Plan 2022/23 were delayed due to the anticipated impact of legislative changes following Lady Angiolini Review – Public Consultation response. 
Bullet point 56 (page 25) to be amended: 
Bullet point 58 (page 25) Fraud Prevention Policy will be updated in November 2022 
Page 32 – Audit Fee, to be amended to note that the Audit is for the Police Investigations and Review Commissioner – fee is 
MW questioned if there would be any amendment to the report once Auditors are in receipt of the Annual Internal Audit Report 2021/22. NC advised that the opinion would not change. 

MW also asked if the assurances that were noted in the AR could be circulated. – Now Complete                 

Annual Report including Accounts 

In addition, the DRAFT PIRC Annual Report had been circulated prior to the meeting, and members suggested a number of amendments. 

Update: the paragraphs were amended to read: 

Page 5, Paragraph 10 

“Following the publication of Dame Angolini’s preliminary report, PIRC transitioned the Audit and Accountability Committee (AAC) to a formal structure with a Chair and five non-executive members, all with relevant and diverse expertise and skills. The appointments were made through a transparent, fair and open competitive selection process which included Scottish Government representation on the appointments panel.” 

Page 31, Paragraph 17 

“PIRC has an AAC which met four times during the year. The AAC provides independent challenge in areas of risk management, governance, internal audit and performance. It also reviews our annual accounts and assurances provided by management.” 

Page 32, Paragraphs 2-4 

“The audit results provided assurance with no high risks identified. Due to circumstances beyond our control, there was a delay in the completion of the final IT health check report. This has now been concluded with final recommendations issued in August 2022. The auditors also reviewed recommendations arising from previous audits with no issues arising. All actions are recorded, and updates are reported to the Audit and Accountability Committee for oversight and approval at the quarterly meetings. They concluded that we had made good progress.” 

Page 33 – Remuneration – Staff resources: 

In 2021-2022, the total remuneration for the members of the Audit and Accountability Committee was £4,425.00. 

LH noted that the report was well written and congratulated all staff involved. 

CD advised that once the above amendments were made, she would be content to receive members endorsement via email of the Annual Report. CD asked that future Annual Reports are shared with members in a more timeous fashion to allow a longer time to review and provide feedback in advance of the relevant Committee meeting. 

Commissioner 

MM provided a written update to members on a range of ongoing work, including: 

  • Sheku Bayoh Public Inquiry 
  • Lady Angiolini Review – Public Consultation response submission 
  • Civil Case 
  • Performance Reporting Review (See agenda item 10) 
  • Stakeholder Engagements 
  • Revised Statutory Guidance issued to Equality and Human Rights Commission (EHRC) 
  • Joint Audit between PIRC and SPA – of the Complaint Triage by Police Scotland’s national Complaint Assessment and Resolution Unit (NCARU) 
  • Website / Intranet Development Members noted the update 
  • Risk and Audit 

SS advised that two Strategic Risks have increased in residual risk score since the last Committee: Risk 1 (Capability and Capacity) and Risk 3 (Finance). 

In terms of Risk 1 - SS advised that a request for additional funding has been submitted for 2023 to Scottish Government to maintain current staffing levels. 

In terms of Risk 3 – SS advised that the Scottish Government is aware and regularly appraised in respect of the increased costs associated with the Public Inquiry legal fees which are out with PIRC’s annual budget. 

JMcC questioned if Risk 4 (Recommendations of Review) should be increased in residual risk scoring if Risk 1 and 3 have been increased. MM advised that PIRC await the outcome of the Dame Angiolini Review - Public Consultation (expected in November 2022), and once received, a further review of residual risk scoring will be undertaken. 

MM noted that the Scottish Government has been advised that additional funding will be required if PIRC is to undertake additional responsibilities as outlined within the Dame Angiolini Review. MM further noted that implementation of some recommendations would be cost neutral, however, others would have significant financial implications. 

RS asked for clarification when an applicant within the “pool” would become an employee. SS confirmed that when a vacancy arises, or is identified, applicants within the “pool” would be contacted to confirm availability and the on boarding process would commence. 

LH queried if there was a review of current recruitment marketing. SS advised that despite best efforts, PIRC is not attracting many applications from candidates from minority groups. SS further noted that she has contacted HR counterparts within other Non- Departmental Public Bodies (NDPB’s) to learn from their experiences and best practice. 

LH asked, in terms of Risk 2 (Confidence and Trust), if wider inequalities are considered other than the protected characteristics including, for example, poverty. SS advised that the Equality and Diversity group minutes are provided to the Senior Management Team for review and approval and that feedback from recently held in-house Equality and Diversity training sessions is under review. SS further advised that PIRC are taking steps to raise awareness and highlight all issues relative to Equality and Diversity. 

PC advised that the Communications team have been tasked to establish key contacts which could be utilised as a network of people who could be used in an advisory capacity in terms of the development of policies and procedures going forward. 

Audit Action Log 

SS provided a detailed summary of the Audit Log to September 2022 (circulated in advance). 

SS highlighted actions 57-58 (Review of Trainee Programme) are now complete, as are actions 59-60 (IT Health Check). Action 61 (IT Health Check) is in progress. The actions from the Recruitment and Creditor Payments audit will be added to the log and an update given at next meeting. 

Finance 

SS provided a summary of the Management Accounts as at end September 2022 (circulated in advance). 

SS reiterated that a request for additional funding has been submitted to Scottish Government to maintain current staffing levels. 

RS noted his concern following the announcement of a 5-year flat budget and asked for assurance that Scottish Government is aware of the PIRC position in terms of budgets and projected overspends going forward. SS advised she and the Finance Manager regularly meet to monitor budgets and discussions from these meetings are escalated to Scottish Government. 

MM further noted that she maintains regular contact with the Safer Communities Director and Deputy Director, and both are fully appraised of PIRC forecast expenditure. 

Additionally, MM advised that the Director is fully appraised of the Legal Costs associated with PIRC’s participation. MM further noted that Sharon Clelland, Head of Legal Services is spending 60-70% of her time working on the Public Inquiry in order to mitigate legal fees of our appointed Senior and Junior Counsel. 

LC asked if there were any increased costs associated with increase in energy prices. SS advised that there was a slight increase but nothing of significant variance. 

top