Agenda and draft minutes

1.1   RESOLVED that the minutes of the meeting of the Audit and Risk Committee held on 12 December 2024 be confirmed as an accurate record.

2.1No interest was declared.

3.1The Chief Accountant presented the External Audit Update report and provided a brief summary of the audit updates:

·       Council signed off the statement of accounts for 2023/24 on 15 February 2025; one of the first London local authorities signed off by KPMG.

·       The final audited statement of accounts have been published on the Council’s website.

·       There are recommendations on the main statement of accounts audit, the Value for Money (VFM) audit and the Pension Fund audit.

·       Additional management updates to the management responses to these recommendations will be included in reports to the Committee throughout the year.

3.2The Committee asked questions and noted responses on the following matters:

·       What are non-current assets?

o   The Chief Accountant advised these are fixed assets such as land and buildings, vehicles, Council dwellings – anything that lasts more than one year.

·       A question to the independent members – one of the issues highlighted by KPMG is valuation across properties, PPE – for various years valuation has come up in some form. Is this a problem which most local authorities experience in terms of valuations, is there something Lewisham is doing which we should be looking to change or is it a sector wide tolerated risk?

o   The Co-Optee Member commented he did not believe Lewisham was doing anything different to good practice; it is a feature of accounting. Assets value can vary, for example the pension fund. Accounting is to do with income and expenditure, essentially you have something that is concrete – you receive, and you spend, whereas assets have to be valued based on independent professional assumptions. It is a risk that you have to ride the more assets you have and in London it is probably a greater risk. The Council is not doing anything wrong; it just needs to ensure it is following best practice and can demonstrate this.

o   The KPMG representative commented, as auditors, they highlight this as an area of audit risk and this is common for the majority of local authorities; it is not particular to Lewisham. Given the size and scale of Lewisham’s asset base there are a number of assumptions and different valuations depending on the type of asset; therefore the data that feeds in to it is complex which could lead to an error. On the audit this year, there were a couple of adjustments because valuers had valued at a certain point in time in January and then had to look again as of 31 March if the values had changed, which they had. As the accounts had already been prepared using the earlier value, they therefore had to be updated with the correct value which was quite a large adjustment of £23m. This was a product of timing not driven by something that had been done wrong. KPMG also found in some of the data a wrong floor area in one of the large schools had been used which resulted in an adjustment of £7m.

·       Was the £23m variation  ...  view the full minutes text for item 3.

4.1The Chief Accountant presented the External Audit Update – Management Review and Challenge of Asset Valuation Instructions report and provided a brief summary:

·       One of the recommendations was that Council officers should review documents and challenge the assumptions provided by the independent external valuers to be used in the valuation of Council dwellings and land and buildings.

·       Various meetings have been held with WHE to go through their assumptions; officers have reviewed those and are comfortable with the default assumptions WHE would be using.

4.2The KPMG representative advised the report and the response to the recommendations was helpful.

4.3The Committee asked questions and noted responses on the following matters:

·       With regards to valuation of Council stock, what impact does the condition of the stock have and does the stock condition survey impact the valuation of the stock and the baseline value that is given.

o   The Chief Accountant advised that WHE stated the stock is valued using a beacon valuation method and is valued as decent.  

o   The KPMG representative commented although WHE describe the valuation approach as decent, what is actually meant by that was is it tenantable? If it was necessary to decant properties it could mean there was some impairment; because the Council did not have to do that and had not been served with any Notices then the properties are deemed as decent and the valuations stand.

o   The Executive Director of Corporate Services noted social housing is valued at 25% of its market value on the books. The risk of errors are then mitigated by the lower value.

4.4RESOLVED that the report and recommendation be agreed.

5.1The Chief Accountant presented the External Audit Update – Management Review of Actuarial Assumptions and provided a brief summary:

·       Reviewing and challenging the assumptions of our actuaries in valuing our pension fund, assets and liabilities under IRS19.

·       Actuaries work is significantly more complex than valuing fixed assets.

·       Hymans Robertson provided valuations on the Local Government Pension Scheme (LGPS) and Barnett Waddingham provided valuations on the London Pensions Fund Authority (LPFA) scheme.

5.2The KPMG representative commented the report and detail was very helpful.

5.3The Committee asked questions and noted responses on the following matters:

·       There is no reason to suspect that Lewisham is nothing other than a typical employer. On mortality assumptions, the actuaries were caught out on longevity where tables were stuck on life expectancy in the 70s and 80s and missed out on a lot of medical and social advances. It is worth keeping an eye on the assumptions and how they play out over time.

·       The Executive Director of Corporate Resources advised Hymans Robertson have a slightly more uplifting monitor of mortality assumptions. The Council is going into triennial valuation; in November it would be expected the actuaries attend the Pension Investment Committee to explain how they came to their conclusions and what assumptions were made.

5.4RESOLVED that the report and recommendation be agreed.

6.1The KPMG representative presented the paper and advised a full external audit plan will be presented to the June meeting. The below points were highlighted:

• Discussions and planning have started for 2024/25.
• Attended a meeting at the Council to give a debrief on 2023/24 audit and also attended the Finance awayday, which was helpful.
• Paper provided to give Committee sight on the areas of focus this year from an audit perspective.
• Valuation of Council dwellings remains an area of risk from an audit perspective, which is a standard approach.
• The other area of significant audit risk is management override. A lot of work is done on things like journal entries; making sure auditors are comfortable there has not been any manipulation in the riskier areas.
• A risk that has gone up is the leasing accounting and the disclosures associated with that, making sure the Council have complete information to prepare that.
• Thoughts have already been given to the Value for Money audit this year with a view to bringing a risk assessment and where there could be weaknesses to the June Committee meeting.

6.2The Committee asked questions and noted responses on the following matters:

·       In the management override of controls, there is a reference to segregation of duties not being overridden; is there some scope to have system enforced segregation of duties?

o   The Chief Accountant advised this referred to Lewisham Homes’ Integra system which is no longer used either by Lewisham Homes or the Council. Within the Oracle system that the Council uses, there is a clear management segregation of duties within the system and someone within an approval hierarchy are the only people that can approve those journals – once approved they cannot be amended.

6.3The Chair referred to the schedule provided by KPMG and asked if there were any reflections on how KPMG could ensure they would be able to meet their timetable.

6.4The KPMG representative advised a helpful debrief session was held with the council where things that caused delays were looked at, some of which were inevitable being the first year KPMG had audited the Council. KPMG are confident their timetable is realistic and expect the audit to be signed off for the November Committee meeting and approved by full Council in November also.

6.5The Executive Director of Corporate Resources commented it was a challenging year; there was a lot to learn. This year we are aware what is needed and are comfortable the November date can be met.

6.6RESOLVED that the report be noted.

7.1The Audit and Risk Manager presented the internal audit update report and highlighted the below points:

·       The report sets out progress being made against the 2024/25 audit plan.

·       We are a little behind on the plan for a number of reasons – the delayed start to the year with the late agreement of the plan, introduction of new standards and some performance issues in the team which have now been addressed.

·       An audit contractor has been appointed to help complete more of the plan.

·       On the work completed, only one limited assurance report has been issued on one school.

·       Audit recommendations have been followed up with 79% of outstanding audit recommendations being completed.

7.2The Committee asked questions and noted responses on the following matters:

·       What is the timeline currently being looked at for a new Head of Assurance being finalised?

o   The Executive Director of Corporate Resources advised the new Head of Assurance is scheduled to start on 19 May 2025.

·       The Chair referred to delays and asked the Audit and Risk Manager how confident he is that he would be able to make up that ground.

o   The Audit and Risk Manager stated he was reasonably confident; with the audit contractor being appointed, performance issues in the team being addressed he was hopeful that the plan would be achievable.

7.3RESOLVED that the report and recommendation be noted.

8.1The Audit and Risk Manager presented the update report on the corporate risk register and highlighted the below points:

·       Four risks have increased to the high or very high range which are significant cyber security breach, Building for Lewisham homes programme, unable to set a balanced budget and impact of climate change.

·       One new risk added which is for end of year processes and procedures.

·       Three risks have reduced.

·       A new Risk Officer (Kelly Thompson) has been appointed and been in post since 7 January 2025 and has made significant progress in the development of the risk management process. Kelly has worked on development of service level risk registers and cross service registers, such as resilience, IT, fraud, information governance and climate change.

8.2The Committee asked questions and noted responses on the following matters:

·       With reference to two of the increased risks - the failure of partner IT and reflecting uncertainty in upcoming management changes and risk of significant cyber security breach which mentions delays in recruiting to key posts. Are the management issues in the IT service linked across the two risks?

o   The Executive Director of Corporate Resources advised there is a link and there is an overlap, but they are not directly linked. The cyber security risk recruitment is on the council side and the management changes in the shared technology side (which is the Brent, Southwark and Lewisham shared technology partnership) was more specifically to the team at Brent who employ the partnership resources. The overlap is that both are focused on security and resilience systems, hence why Lewisham are taking the additional step to recruit someone to keep monitoring the estate. The reason the cyber security was put up is because the general environment is getting more hostile and challenging. As a public body we are continually under attack in one form or another. The partnership risk is a general business point on knowledge that was leaving the partnership and the ability to continue to function smoothly.

·       It would be helpful at one of the Committee meetings if some of the mitigating actions that are in place could be included in the report, particularly for some of the high risks. Perhaps a deep dive on the high-risk items could be considered.

o   The Chair commented it had been discussed previously about looking at specific risks in more detail and looking at mitigation. The Chair suggested this could be put forward as a Part Two item to scrutinise and gain assurance. The Committee agreed particularly with potentially large financial issues.

o   The Executive Director of Corporate Resources stated they would be happy to do this noting the challenge would be for which risk, because the very high financial ones have a number of other reports that Committee have sight of. IT, for example, might be more interesting.

·       As done in previous years, looking at risks with the greatest variance between the target and current score would be worthwhile. IT and cyber security is worth  ...  view the full minutes text for item 8.