Bristol, North Somerset and South Gloucestershire Audit ... · Page 4 of 12 Item Action CCG. JRu...
Transcript of Bristol, North Somerset and South Gloucestershire Audit ... · Page 4 of 12 Item Action CCG. JRu...
Bristol, North Somerset and South Gloucestershire
Audit, Governance and Risk Committee
Minutes of the meeting held on 26th September 2018 at 12pm in the Executive
Boardroom, South Plaza, Bristol
Minutes
Present
John Rushforth Committee Chair, Lay Member Audit and Governance
JRu
Peter Marriner Lay Member Strategic Finance PM
Nick Kennedy Independent Clinical Member Secondary Care Doctor
NK
Apologies
Barrie Morris Director, Grant Thornton BM
In attendance
Sarah Truelove Chief Financial Officer ST
Mike Vaughton Deputy Chief Finance Officer MV
Rob Moors Assistant Chief Financial Officer RM
Steve Freeman Head of Financial Services SF
Jenny McCall Head of Internal Audit, Audit South West JMcC
Russ Caton Manager, Audit South West RC
Elias Hayes Counter Fraud Manager, Audit South West EH
Michelle Burge Auditor, Grant Thornton MB
Sarah Carr Corporate Secretary (note taker) SC
Laura Davey Corporate Manager (Items 7.5, 7.6 and 7.7) LD
Item
Action
01 Apologies
The above apologies were noted.
02 Declarations of interest
There were no new declarations of interest and no declarations of interest arising for the agenda. It was agreed that future meetings would receive the Committee’s register only for this item.
SC
Page 2 of 12
Item
Action
03 Minutes of the previous meeting, matters arising and actions
arising from previous meetings
The minutes were agreed as a correct record. The action log was reviewed:
24/05/18 item 4 ref 1 and 24/05/18 item 4 ref 2 remained open; these actions were linked to the ongoing CHC Review.
24/05/18 item 11 ref 2 Governing Body Counter Fraud training would be completed by the end of December ’18. The action was closed.
All other actions due were closed
04 Identification of any other business not on the agenda
There was none.
05 Internal Audit Update and Reports
Russ Caton (RC) presented the report. Two of the planned audits
were in progress; draft terms for reference for seven audits were
in place and these would commence. The scope of two audits
would be agreed with CCG officers. The Internal Auditors were
confident that the programme would be delivered by the end of
the financial year. There had been some slippage however this
was would not impact on timescales. Jenny McCall (JMcC)
confirmed the Internal Audit team would look to enhance
engagement with the CCG to ensure timely assurance and
provide value. There had been discussions with ST to take this
forward.
RC explained that a briefing on the scope of the Data Security
and Protection Toolkit audit was due from NHS Digital. In lieu of
this, the Internal Auditors were developing a proposed scope
based on available information. RC highlighted the number of
outstanding audit recommendations. Internal Auditors were
working with CCG managers to confirm that actions had been
taken and review verifying evidence. The outstanding
recommendations related to audits issued to the three former
CCGs. The Committee expressed concern regarding the number
of recommendations outstanding. It was noted in a number of
instances no management response had been received by the
Internal Auditors. It was the responsibility of the CCG
management to ensure that recommendations were acted on and
responses with evidence provided. It was recognised that the
organisation had been through a challenging period; the position
needed to be improved and the Committee sought reassurance
that this would happen.
Page 3 of 12
Item
Action
JMcC confirmed that discussions to improve the process were
ongoing. Mike Vaughton (MV) confirmed processes would be
implemented to ensure that recommendations were taken forward
and responses provided to the Internal Auditors. It was important
that there was CCG management ownership of recommendations
and actions. MV explained that finance would hold discussions
with managers when audits were agreed to ensure obligations
were understood. It was noted that if the outstanding
recommendations continued responsible managers would be
requested to attend the Audit Committee to explain the position.
It was agreed that an update on the outstanding
recommendations would be shared with the committee at the end
of October. It was asked if there were concerns regarding any of
the outstanding recommendations. RC confirmed that there were
no major risks to the CCG.
RC drew attention to the completed Audit Reports. The STP
Partnership Working – Position Statement was highlighted; this
audit was part of the 2017/18 Audit Plan for each CCG. The
objective was to provide a high level position statement giving
assurance that the CCGs had robust communications about the
STP and its progress. There was clear evidence that there was
communication and information. A number of recommendations
were made in the report. No significant risks were identified and
an overall assurance level of ‘satisfactory’ was given. Sarah
Truelove (ST) noted that there would be a Governing Body
seminar looking at the STP and the aspirant ICS programme. The
actions identified would feed into the programme. The STP was
moving from strategy setting to a more operational mode which
would require a review of governance arrangements.
The Personal Health Budget (PHB) reports for the three former
CCGs were considered. An overall ‘limited’ assurance level was
given. There were clear policies in each CCG however there was
no clear proactive, operational plan to manage and drive PHBs,
robust review processes were not in place and there were no
clear controls to monitored and take forward PHBs. Clarification of
the reasons for the position was sought. It was explained that
resources were an issue and that at the time PHBs were not seen
as a priority. These issues were being addressed in the new
MV/ RC
Page 4 of 12
Item
Action
CCG. JRu observed that there was a focus on CHC, which was
evident in discussions at the Strategic Finance Committee.
It was asked if PHBs would generate financial savings. ST
explained that there was insufficient evidence to confirm this. A
key aspect of PHBs was improved patient outcomes and the CCG
recognised that more focus was required. Accounting tools were
now available to provide real time reporting on expenditure which
would support the role out of PHBs. It was asked where oversight
of PHB sat within the CCG governance structure. It was noted
that CHC was reviewed at the Quality Committee. It was agreed
to raise the oversight and monitoring of PHBs with the Chair of
the Quality Committee.
Nick Kennedy (NK) sought clarification of the potential risks
relating to PHBs. It was explained that risks related to potential
overspend of budgets, inappropriate expenditure and the potential
for fraud. Internal Audit had developed a financial checklist for
PHB assessors to support decision making. JRu asked if there
were examples nationally of good practice. JMcC explained that
the position nationally was developing. NK asked about the likely
scale of increase in PHBs? It was explained that the number of
PHBs would increase significantly. NK asked if patient outcomes
were measured. There was a discussion about the availability of
benchmarking data. Peter Marriner (PM) noted that national data
was available for benchmarking. It was explained that the three
policies were to be consolidated into one. It was noted that CHC
was a control centre. It was agreed to investigate the CCGs target
number of PHBs.
Elias Hayes (EH) presented the Counter Fraud and Security
Management Services Interim Report. The NHS Counter Fraud
Authority had moved its focus and regional activity was now
supported by local and national networks. Fraud awareness
activity, undertaken and planned, across Directorates was
highlighted. The Counter Fraud team were members of the CCG
Corporate Policy Review Group enabling direct input into CCG
policies as they developed. The fraud investigation summary was
highlighted. Both investigations were now closed. The
investigation relating to a Personal Health Budget and the action
to raise awareness of the potential for fraud with the CHC and
nursing and quality teams was noted. Three of the
ST ST
Page 5 of 12
Item
Action
recommendations arising from the investigation into agency
invoices had been completed and actions were in progress to
address the final recommendation.
Attention was drawn to the update following the security breach at
South Plaza. The incident had been appropriately reported and
mitigating actions to address security issues were immediately
implemented. It was asked if security had been tested post
breach. It was confirmed that a test would be planned.
JRu sought clarification of the comment that action
‘SWRT/16/0016 ref 6.1’ was completed and open. It was
explained that the open comment referred to the requirement for
further evidence which had been received. Evidence had been
received for recommendations 6.2 and 6.3.
The Committee received the Internal Audit Interim Report
06.1 External Audit Progress Report and Sector Update
Michelle Burge (MB) presented the report. JRu asked if the
Executive Team received the sector update and the Insight report
from the Internal Auditors. ST explained that the executive team
would be aware of the individual issues highlighted. JMcC
commented that the Internal Audit Insight Report would be shared
monthly. It was agreed to share the Sector Update Report with
Governing Body members.
The summary of progress at September 2018 was highlighted.
External Auditors had met with CCG officers to plan the interim
audit commencing November 2018. There would be early testing
of the organisation’s opening balances and the Value for Money
risk assessment would begin. The three sub criteria for
assessment were highlighted in the report. A further update would
be presented to the next committee meeting.
The Committee received the External Audit Progress Report
and Sector Update
ST/ SC
06.2 External Audit Letters
MB presented the three Annual Audit Letters for the former
CCG’s, highlighting the executive summary. For each CCG:
an unqualified opinion on the financial statements was given
Page 6 of 12
Item
Action
Qualified Regularity Opinions were made and Section 30
Referral letters were issued
Qualified Value for Money conclusions were provided.
The report had recognised the challenge that faced each CCG.
JRu commented that the reports were positive and strong given
the challenges.
The Committee received the Audit Letters for Bristol, North
Somerset and South Gloucestershire CCGs
07.1 Primary Care Internal Audit Framework
MV explained that there were three elements to the NHSE
framework. The NHSE Audit and Risk Assurance Committee
expected CCGs with delegated authority for primary care
commissioning to complete and publish an annual self-
assessment of compliance report. CCGs were also required to
publish annually a report covering the outcomes achieved through
the delegated commissioning responsibilities. The framework set
out the internal audit of delegated commissioning functions. The
delegated primary care commissioning functions within the scope
of the audit framework were described in the paper.
MV explained that the uptake of delegated functions was a
transitional process and that the 2018-19 audit would reflect this.
The NHSE guidance was that additional audit fees were not
expected. The CCG would programme the audit work into the
existing internal audit plan. JMcC confirmed that this activity was
in the plan. MV agreed to share the link to the NHSE paper.
There would be a meeting with the CCG to develop the audit work
and an update on the elements to be included in the first audit
would be provided.
JRu asked if there were implications for External Audit. It was
confirmed that there were no immediate implications. The
relationship with NHSE was a key issue, noting that statutory
responsibility remained with NHSE. NK asked if the CCG was
confident regarding the management of delegated primary care
commissioning. ST explained that the CCG was not yet
managing the full range of delegated functions. The audit for this
year would test those areas in place. There was a discussion
about the management of primary care commissioning and the
transition from NHSE to the CCG. It was noted that it was a
MV MV
Page 7 of 12
Item
Action
significant challenge. JRu observed that delegated primary care
commissioning was more established in other areas and asked
Internal Auditors to use knowledge gained in other places to
support the CCG. NK asked if NHSE would provide assurance to
the CCG on the functions that were not delegated. It was noted
that these issues could be raised at the Primary Care
Commissioning Committee (PCCC). It was agreed to discuss this
with the Chair of the PCCC.
The Committee received the report
MV
07.2 Accounting for Primary Care Prescribing
MV highlighted that a significant element of the prescribing budget
related to repeat prescriptions and for patient care beyond the
period for which they were funded and dispensed. The CCG
intended to account for the value of pre-paid primary care
medicines in the annual accounts. This adjustment would bring
the accounting treatment for medicines in line with acute contract
activity; this was consistent with general accounting principles.
MV highlighted the work completed with the medicines
optimisation team to assess the value of drugs dispensed and
funded in year that went on beyond the end of the financial year.
There was no seasonal impact on dispensing repeat medicines;
the key issue was the number of dispensing days. ST explained
that an increasing proportion of primary care prescribing related to
the management of long term conditions. NHSE had been asked
for a formal response to the proposal; no concerns or issues had
been raised. The matter had been raised with the External
Auditors who had commented on the proposal and these
discussions would continue.
MB explained that the External Auditors did not share the CCG
view. It was explained that the value concerned would not match
the level of materiality for the accounts. If there were a differing
opinion on the treatment it would be a reporting item in the
accounts. JRu commented that the proposal appeared
reasonable. It was important that the amount spent was disclosed
through a note in the accounts. There would be continuing
discussions within Grant Thornton regarding the proposal. JRu
asked for a formal position from NHSE. A further update would
be provided at the next meeting.
MV MV
Page 8 of 12
Item
Action
The Committee agreed the proposed change in accounting
treatment for 2018-19
07.3 Financial Control Environment Assessment Q1
Rob Moors explained that the self-assessment covered 12
domains with 52 criteria. The CCG reported green RAG ratings
against 6 domains, amber ratings against two domains and red
ratings for four domains. These were set out in the report with the
explanations for the assessments. It was noted that actions were
in place to address all the issues identified. There was a
discussion about the Capability and Capacity domain and the
requirement for staff turnover to be below 5%. It was noted that
this was a challenging target for all organisations.
JRu asked how the CCG compared to others. ST explained that
different approaches were adopted across CCGs. JMcC
explained that previously Internal Auditors had been asked to
express a view on the annual return. This was not the case for
the quarterly return. It was agreed that in future the report would
be for information only with exception report. PM asked if
discussions with trust contract leads on non- financial elements
were now complete. It was agreed to explore this.
The Committee received the report and agreed that future
reports would be for information only with exception
reporting
ST
07.4 HMRC Governing Body Payments Compliance
Steve Freeman (SF) explained that the paper was a progress
report. Nationally HMRC had deemed Governing Body members
to be ‘Office Holders’ and therefore subject to PAYE. Compliance
checks were issued to the three previous CCGs requesting
information on payments made. SF explained that the Bristol
CCG position was now agreed; work was ongoing in relation to
the South Gloucestershire and North Somerset positions. It was
explained that the CCG had accrued funds to cover the claims
and it was expected that the final claims would be within the
accrued sum. It was noted that this was a national issue.
The Committee received the update
07.5 Management of Declared Interests
Laura Davey (LD) highlighted the requirement for an annual audit
of conflicts of interest and explained the CCG had introduced an
Page 9 of 12
Item
Action
internal sample audit of declared interests to check for accuracy
and completeness. The sample audit found that out of five tested
declarations four matched the information held on the register.
The declaration that was found not to match the register related to
declarations that had not been removed once expired.
NHSE requirements relating to training were noted. It was
anticipated that modules two and three would become mandatory
and work was underway to ensure that these modules could be
accessed through the CCG online training platform. The CCG
required all staff to complete module one training; at September
compliance was at 75.4%; this reflected the number of new
starters and it was expected that this figure would improve.
JRu asked what actions were in place to reduce the number of
outstanding declared interests from GPs. It was explained a
targeted approach had been adopted and the position had
improved significantly since the report was prepared. It was
agreed to circulate current figures to committee members. JRu
asked how the CCG compared with others. It was explained that
the Internal Auditors would be able to comment when work across
the area was completed. RC noted that the audit would be
completed in January. It was asked if GP returns of declarations
would be discussed at the PCCC. It was explained that the
declarations related to the GP membership of the CCG as
commissioners. There was a discussion about working with
primary care colleagues to improve the return rate.
The Committee received the report
SC
07.6 Review of Risk Management Framework
LD highlighted the approach to the Directorate and Corporate
Risk Registers (CRR) described in the report. The version control
of registers was important to ensure a full audit trail. Staff were
encouraged to use a consistent form of wording when populating
the risk registers. The risk training provided by the PMO was
highlighted. Staff were encouraged to attend this training. An
Internal Audit of the CCG’s risk management arrangements had
been agreed. It was noted that the CRR was received at the
Governing Body and its committees.
PM observed that it was important to be clear and concise when
describing risks and mitigations. It was noted that staff were
Page 10 of 12
Item
Action
encouraged to use a consistent language and the format of the
registers support this. It was noted that training was an important
element. LD highlighted the positive level of engagement through
the Directorate leads. Work with leads was underway to develop
approaches to managing reporting of overlapping risks.
The Committee received the report
07.7 Corporate Risk Register
LD explained that actions were in place with Directorate leads to
ensure targets dates, etc were added. Further work to review
duplications was in progress. The Area Teams had introduced a
BNSSG Area Directorate risk register for their teams. The CRR
had been received at the Commissioning Executive and the
Quality Committee and would be presented to the Strategic
Finance Committee.
There was a discussion about the downward trend in risk score
primary care risks. It was asked if this reflected the actual
position. It was explained that this reflected the progress made by
the Primary Care Directorate in understanding and managing
issues. It was noted that the CRR would be reviewed at the
Governing Body and there would be further discussion of risks.
JRU asked where external risks such as the impact of Brexit on
providers were discussed. It was agreed that these risks would
be considered further by the executive team. There was further
discussion of the reported downward trend in risk scoring and it
was agreed to keep this under review and ensure realistic
timescales were set as part of the risk management process.
Directorates would have a monthly review of the risk registers.
LD sought the view of the Committee regarding the reporting of
progress on the CRR. It was agreed that current progress would
be reported on future versions. PM recommended that further
reports have a concise narrative report highlighting key issues
and movements in risk. There was a discussion about the use,
where appropriate, of a confidential risk register. The view was
this would not be appropriate.
The Committee received the Corporate Risk Register
ST
07.8 Waiver of Detailed Financial Policies
It was explained that the CCG had in place Detailed Financial
Policies that set out the financial limits for procurements. The
Page 11 of 12
Item
Action
report detailed where these Detailed Financial Policies were
waivered. Processes were established for the reporting of
waivers with executive director sign-off. It was commented that it
was encouraging to see a small number of waivers had been
approved.
The Committee received the report and noted the waivers
07.9 Governing Body Assurance Framework (GBAF)
The paper described the development of the GBAF, its format and
the processes followed to populate and update the principal risks
and assurances. It was noted that the GBAF was received at the
monthly committee meetings. The GBAF would be reviewed at
the October Governing Body. The GBAF was presented to the
Committee for review and consideration.
It was commented the GBAF was comprehensive; it was noted
that issues were discussed at the committees. It was commented
that the format and presentation were helpful; the information
reported reflected discussions and data reported at other
committees.
JMcC highlighted the inclusion of how assurances were graded in
relation to quality would be helpful. It was agreed that it was
important to show the quality of the assurance and what the
assurance was. It was commented that timescales for actions to
be completed would be helpful. It was asked how the GBAF
compared to others; it was commented that the Framework was in
line with approaches taken in other organisations. The External
Auditors asked how the GBAF linked to the CRR. it was explained
that there were links and some of the risks were reported on both,
however the GBAF also contain risks that were strategic. The
reference to the wider system in the GBAF was welcomed.
The Committee reviewed the Governing Body Assurance
Framework and agreed that assurance could be provided to
the Governing Body that it was valid and suitable for the
Governing Body’s requirements
SC
07.10 Audit Issues within the STP
JRu commented that it was important to build relationships at
governing level with other organisations in the STP. A potential
mechanism was to have a meeting of Audit Chairs to discuss
issues of common interest. JRu sought the views of committee
Page 12 of 12
Item
Action
members as to the issues for discussion. Potential issues
included:
how did Audit Committees receive assurances that savings
plans across the system were being delivered
how was the quality of information received tested?
how were assurances gained regarding HR issues and
systems?
It was noted that there would be a requirement for more formal
governance arrangements across the STP in the future. It was
noted that the Healthier Together mandate had been refreshed
and it would be helpful to have a further discussion of the key
risks and receive assurances regarding risks that were mitigated
through the STP work streams such as workforce. PM highlighted
that the issue of lay member governance at an ICS level was
being considered in Gloucestershire. JRU welcomed the
comments and agreed to discuss the matter further with ST. ST
would raise the issue at the STP Chairs’ Reference Group.
The Committee agreed the issues highlighted and supported
further discussion
JRu ST
08 Losses and Compensation Payments
The item was presented for information.
The Committee received the report
09 Redundancy Provisions
The item was presented for information
The Committee received the report
10 Audit, Governance and Risk Committee Workplan
The item was presented for information
The Committee received the workplan
17 Committee Effectiveness
Members considered the checklist and agreed the meeting had
been effective.
Sarah Carr
Corporate Secretary
October 2018