3.1 The Annual Governance Statement has been prepared with evidence gathered from various different sources to ensure that it properly reflects the effectiveness of the council’s arrangements during 2022/23. The information gathered to inform the evidence base is summarised in paragraphs 3.1.1 to 3.1.6 below.
3.1.1 Chief Officers have reviewed the effectiveness of governance arrangements within their area of responsibility by completing a Certificate of Assurance and updating a 78 point Checklist (covering: the control environment, risk management, business planning / information / reporting, financial control processes, project management, monitoring and corrective action, human resources, arm’s length bodies, and assessing whether key controls have been applied during 2022/23) to support the preparation of the council’s statements on corporate governance and internal financial control for the year ending 31 March 2023.
- Through this process Chief Officers have confirmed corporate governance arrangements and financial controls in their area of responsibility have been, and are, working well and there are (in their opinion) no significant matters arising which would require to be raised specifically in the Annual Governance Statement.
3.1.2 The council’s five arm’s length external organisations (ALEOs) have also reviewed the effectiveness of governance arrangements within their organisation by completing a Certificate of Assurance and updating a 61 point Checklist to support the preparation of the council’s statements on corporate governance and internal financial control for the year ending 31 March 2023.
- In this respect, the Chief Executive or Senior Representative for each of the ALEOs has confirmed corporate governance arrangements and financial controls in their organisation have been, and are, working well and there are (in their opinion) no significant matters arising which would require to be raised specifically in the council’s Annual Governance Statement.
3.1.3 Compliance with four specific CIPFA statements.
(1) The CIPFA Statement on the role of the Head of Internal Audit in public service organisations (2019)
To enable the Chief Officer (Audit and Risk) to fulfil his role in this respect, the Corporate Management Team are required to ensure they “set out how the framework of assurance supports the Annual Governance Statement and identify internal audit’s role within it”. This assurance is provided through the Strategic Governance Framework which has undergone an annual review and refresh process in order to identify how the effectiveness of the council’s governance arrangements has been monitored and evaluated in the year, and which was endorsed by the Corporate Management Team at its meeting in June 2023.
In line with the Public Sector Internal Audit Standards (PSIAS), and the council’s Internal Audit Charter, the Chief Officer (Audit and Risk) has provided an annual opinion on the “overall adequacy and effectiveness of the organisation’s framework of governance, risk management, and control”.
Both the Business Management Team and Corporate Management Team considered and noted the Internal Audit annual report 2022/23 and annual opinion from the Chief Officer (Audit and Risk) on 8th and 16th June 2023 respectively. This report states that the annual Internal Audit opinion is unqualified and offers a generally positive view of the council’s governance and internal control arrangements.
More specifically the Internal Audit Annual Report 2022/23 states that it is the opinion of the Chief Officer (Audit and Risk) that “reasonable assurance can be placed on the adequacy and effectiveness of the council’s framework of governance, risk management, and internal control for the year ended 31st March 2023”.
(2) CIPFAs Position Statement: Audit Committees in Local Authorities (2018)
In this respect the activities and functions of the council’s Audit and Scrutiny Panel are required to reflect the standards set out in the CIPFA Statement.
The Strategic Governance Framework sets out the evidence in this respect and confirms that during 2022/23 the purpose of the Audit and Scrutiny Panel was to “provide independent assurance to the council and those charged with governance on the adequacy of the council's risk management framework and internal control environment” and its activities included providing an “independent review of the council's governance, risk management, performance, and control frameworks and oversees the financial reporting and annual governance processes” - as set out in the Scheme of Administration (October 2022).
The Panel’s specific duties are also reflected in the Scheme of Administration, in that it is the Panel’s remit to “review the Annual Governance Statement prior to approval and consider whether it properly reflects the risk environment and supporting assurances, taking into account Internal Audit’s opinion on the overall adequacy and effectiveness of the council’s framework of governance, risk management and control.”
(3) The CIPFA Code of Practice on Managing the Risk of Fraud and Corruption (2014)
This statement looks for compliance in terms of developing a strategy and identifying the risks. In this respect, the council has a number of policies and procedures in place as noted below:
- Corporate Anti-Fraud Policy and Response Plan - last updated in June 2017. Findings reported to the Audit and Scrutiny Panel in May 2023, from an Internal Audit corporate governance review, show an update is underway and expected to be completed by October 2023.
- Whistleblowing Procedure - last update approved in March 2023.
- Gifts and Hospitality and Conflicts of Interest procedures for employees - guidance in this respect was incorporated into the Employee Code of Conduct in 2018. Chief Officers are required to maintain corresponding registers for their services that are submitted for review and assurance purposes annually. The 2022/23 review of Registers found no significant trends or issues of concern that required to be reported to the Corporate Management Team.
- Employee Code of Conduct - last update approved in March 2021. Findings reported in May 2023 from an Internal Audit corporate governance review show an update is underway and due to be completed by September 2023.
- Code of Conduct for Chief Officers - last update approved in June 2023.
- Information Security Policy - last update approved in June 2023.
- Cyber Security - a review and assessment was undertaken in February 2023 using a structured format (using templates and guidance created by the National Audit Office, National Cyber Security Centre (NCSC), and the Scottish Government). This assessment - categorised as reasonable assurance - determined the council has robust and effective information governance arrangements, duly recognises the risks associated with cyber security threats, and operates practices commensurate with the good practice recommended by bodies such as the National Audit Office.
The identification of risks is carried out in line with the council’s Risk Management Strategy and through the risk for serious organised crime, fraud, and corruption which sits within the Corporate Risk Register. The Chief Officer (Legal and Democratic) - the council’s Monitoring Officer - is the identified lead for this risk.
The CIPFA statement also requires responsibility to be acknowledged. In this respect the Internal Audit annual report 2022/23 from the Chief Officer (Audit and Risk) specifies that Internal Audit “has responsibility for investigating, as appropriate, alleged frauds and irregularities brought to our attention in accordance with the council’s anti-fraud policy. Where detailed work is carried out, the findings are reported to the Chief Executive and/or the relevant Chief Officer with recommendations made which are designed to address any weaknesses identified. Such work is reported to the Audit and Scrutiny Panel, as appropriate, in line with the approved Internal Audit reporting protocol which forms part of the Internal Audit Charter.”
The Internal Audit annual report 2022/23 from the Chief Officer (Audit and Risk) has confirmed that “All audit investigations of suspected fraud and/or irregularities are reported to the Panel in line with the agreed Internal Audit reporting protocol. I am also pleased to be able to report that there were no material frauds or irregularities identified in 2022-23 that I require to bring to your attention”.
(4) The CIPFA Statement on the Role of the Chief Financial Officer in Local Government (2016)
It is specified in this CIPFA Statement that the Annual Governance Statement is required to “address the authority’s arrangements for financial and internal control and for managing risk”. This is addressed through the annual audit opinion provided by the Chief Officer (Audit and Risk), referenced above.
The extent of the council’s compliance in this respect (and the role of the Chief Financial Officer therein) is further demonstrated through the biennial self-evaluation exercise (undertaken in 2022) which concluded that the council’s financial management practices comply with all aspects of the CIPFA Financial Management Code. The self-evaluation also confirmed that the council’s Chief Financial Officer operates in a way that is consistent with the CIPFA Statement.
3.1.4 Various self-evaluation exercises have been undertaken as part of the council’s governance, performance management, and continuous improvement arrangements. This has been undertaken in line with the Strategic Self-Evaluation Framework and rolling review programme which was approved by the Audit and Scrutiny Panel as at November 2022. During 2022/23 two self-evaluation exercises were completed in terms of:
- Project management. This self-evaluation supported the review and refresh of the corporate project management model to ensure the council’s arrangements remain fit for purpose and able to effectively support delivery of The Plan for North Lanarkshire. This followed recommendations arising from Internal Audit reports on managing strategic change and the governance of capital projects. The review was also considered necessary in light of the changes in the council’s operating environment since the implementation of the model in 2018. These changes had led to a rapid evolution of programmes and projects across the council, as well as increasing complexities in the delivery of many of these, and a growing need for good governance and good project management to set up and deliver a wider range of projects at pace and scale (particularly during the pandemic), and ensure these are well-directed, delivered to time, cost, and quality targets, and provide the expected benefits and improved local outcomes. To support the review, a group was established comprising officers from across council services with practical on the ground experience of project management in both construction and non-construction projects. Following work to collate and analyse the information collected through the review, five themes on areas for improvement consistently emerged. Three of the areas for improvement related to the development of the refreshed Project Management Framework which was completed and published across the council in December 2022. One area for improvement related to ongoing training, staff learning and development, and awareness raising in line with the refreshed Framework for which a programme was launched council-wide in March 2023. A series of full-day training courses (aimed at employees with no project management experience, new to the council, or for those who required a refresher) and half-day training courses (aimed at employees with some project management experience, or for those who are currently responsible for delivering on council projects) is now in place for the remainder of 2023. The remaining area for improvement relates to enhancing opportunities for more collaboration, sharing, and learning for which a Yammer site has been established for further development and roll out later in 2023.
- Risk governance arrangements in respect of DigitalNL. This self-evaluation supported the annual review of the existing risk management arrangements and risks for both the DigitalNL programme and Business and Digital. In light of the fast-evolving environment and many moving parts within which the service’s wide range of programmes and projects operate - programmes and projects which often call upon the same resources - it was considered essential that the Business and Digital risk profile be considered as a composite in order to continue to facilitate good governance and proactively support delivery of the actions that will enable achievement of the digital ambition. The findings from the self-evaluation exercise were reported to the Business and Digital Delivery Board in December 2022. Three areas for improvement were identified for the improvement plan (ensuring a central approach to capturing/updating/reviewing/discussing / managing all risks together, deploying the one approach across the whole of Business and Digital, and ensuring ongoing learning, development, and action). Implementation of these areas for improvement will be monitored by the Business and Digital Delivery Board to ensure they have oversight of all inter-related risks and issues and the supporting risk management arrangements.
3.1.5 The evidence has also included an annual review and refresh of the council’s Strategic Governance Framework. In this respect:
- An annual review process is in place to fulfil the requirements of the national Delivering Good Governance in Local Government: Framework. This process also sets out the role of the Chief Officers and Elected Members who are responsible for determining and implementing the council’s governance arrangements and ensuring the local code is assessed on an annual basis to ensure ongoing effectiveness and compliance.
- The annual review and update of the Strategic Governance Framework was endorsed by the Corporate Management Team at their meeting in June 2023 in line with their role to identify any improvement actions and/or future planned developments in relation to key governance arrangements and continuous improvement activity.
- In line with the annual review process, each of the elements and mechanisms within the Strategic Governance Framework have been reviewed with updates made as required to the relevant documentation and hyperlinks, as well as the review timeframe, date of next update, and assessment of the current position (which includes the corresponding RAG status). This process ensures all elements and mechanisms are as up to date as they require to be, while providing a method by which to identify and prioritise items requiring to be reviewed and updated further.
- The annual assessment process in place through the Strategic Governance Framework and its accompanying review programme has been recognised as an area of good practice in the latest two annual Internal Audits on Corporate Governance. In May 2023 it was cited that there are “formal and generally robust arrangements in place to ensure that such reviews are undertaken on an annual basis”.
- The Internal Audit on Corporate Governance also reported in May 2023 on the assessment of the council’s local code against the Delivering Good Governance in Local Government: Framework and found that this process was “generally robust”. The findings also noted that the assessment had indicated a “high level of compliance with the Corporate Governance framework, which was broadly consistent with Internal Audit’s assessment of Principles C and D”.
3.1.6 Where appropriate, comments made by the external auditors and other audit and inspection bodies, feedback from Elected Members and committees in their scrutiny role, and issues considered by the Audit and Scrutiny Panel (in line with their audit, governance, and scrutiny roles) have also been considered in the development of the Annual Governance Statement.