Bristol, North Somerset and South Gloucestershire

Audit, Governance and Risk Committee

Minutes of the meeting held on 26th September 2018 at 12pm in the Executive

Boardroom, South Plaza, Bristol

Minutes

Present

John Rushforth Committee Chair, Lay Member Audit and Governance

JRu

Peter Marriner Lay Member Strategic Finance PM

Nick Kennedy Independent Clinical Member Secondary Care Doctor

NK

Apologies

Barrie Morris Director, Grant Thornton BM

In attendance

Sarah Truelove Chief Financial Officer ST

Mike Vaughton Deputy Chief Finance Officer MV

Rob Moors Assistant Chief Financial Officer RM

Steve Freeman Head of Financial Services SF

Jenny McCall Head of Internal Audit, Audit South West JMcC

Russ Caton Manager, Audit South West RC

Elias Hayes Counter Fraud Manager, Audit South West EH

Michelle Burge Auditor, Grant Thornton MB

Sarah Carr Corporate Secretary (note taker) SC

Laura Davey Corporate Manager (Items 7.5, 7.6 and 7.7) LD

Item

Action

01 Apologies

The above apologies were noted.

02 Declarations of interest

There were no new declarations of interest and no declarations of interest arising for the agenda. It was agreed that future meetings would receive the Committee’s register only for this item.

SC

Page 2 of 12

Item

Action

03 Minutes of the previous meeting, matters arising and actions

arising from previous meetings

The minutes were agreed as a correct record. The action log was reviewed:

24/05/18 item 4 ref 1 and 24/05/18 item 4 ref 2 remained open; these actions were linked to the ongoing CHC Review.

24/05/18 item 11 ref 2 Governing Body Counter Fraud training would be completed by the end of December ’18. The action was closed.

All other actions due were closed

04 Identification of any other business not on the agenda

There was none.

05 Internal Audit Update and Reports

Russ Caton (RC) presented the report. Two of the planned audits

were in progress; draft terms for reference for seven audits were

in place and these would commence. The scope of two audits

would be agreed with CCG officers. The Internal Auditors were

confident that the programme would be delivered by the end of

the financial year. There had been some slippage however this

was would not impact on timescales. Jenny McCall (JMcC)

confirmed the Internal Audit team would look to enhance

engagement with the CCG to ensure timely assurance and

provide value. There had been discussions with ST to take this

forward.

RC explained that a briefing on the scope of the Data Security

and Protection Toolkit audit was due from NHS Digital. In lieu of

this, the Internal Auditors were developing a proposed scope

based on available information. RC highlighted the number of

outstanding audit recommendations. Internal Auditors were

working with CCG managers to confirm that actions had been

taken and review verifying evidence. The outstanding

recommendations related to audits issued to the three former

CCGs. The Committee expressed concern regarding the number

of recommendations outstanding. It was noted in a number of

instances no management response had been received by the

Internal Auditors. It was the responsibility of the CCG

management to ensure that recommendations were acted on and

responses with evidence provided. It was recognised that the

organisation had been through a challenging period; the position

needed to be improved and the Committee sought reassurance

that this would happen.

Page 3 of 12

Item

Action

JMcC confirmed that discussions to improve the process were

ongoing. Mike Vaughton (MV) confirmed processes would be

implemented to ensure that recommendations were taken forward

and responses provided to the Internal Auditors. It was important

that there was CCG management ownership of recommendations

and actions. MV explained that finance would hold discussions

with managers when audits were agreed to ensure obligations

were understood. It was noted that if the outstanding

recommendations continued responsible managers would be

requested to attend the Audit Committee to explain the position.

It was agreed that an update on the outstanding

recommendations would be shared with the committee at the end

of October. It was asked if there were concerns regarding any of

the outstanding recommendations. RC confirmed that there were

no major risks to the CCG.

RC drew attention to the completed Audit Reports. The STP

Partnership Working – Position Statement was highlighted; this

audit was part of the 2017/18 Audit Plan for each CCG. The

objective was to provide a high level position statement giving

assurance that the CCGs had robust communications about the

STP and its progress. There was clear evidence that there was

communication and information. A number of recommendations

were made in the report. No significant risks were identified and

an overall assurance level of ‘satisfactory’ was given. Sarah

Truelove (ST) noted that there would be a Governing Body

seminar looking at the STP and the aspirant ICS programme. The

actions identified would feed into the programme. The STP was

moving from strategy setting to a more operational mode which

would require a review of governance arrangements.

The Personal Health Budget (PHB) reports for the three former

CCGs were considered. An overall ‘limited’ assurance level was

given. There were clear policies in each CCG however there was

no clear proactive, operational plan to manage and drive PHBs,

robust review processes were not in place and there were no

clear controls to monitored and take forward PHBs. Clarification of

the reasons for the position was sought. It was explained that

resources were an issue and that at the time PHBs were not seen

as a priority. These issues were being addressed in the new

MV/ RC

Page 4 of 12

Item

Action

CCG. JRu observed that there was a focus on CHC, which was

evident in discussions at the Strategic Finance Committee.

It was asked if PHBs would generate financial savings. ST

explained that there was insufficient evidence to confirm this. A

key aspect of PHBs was improved patient outcomes and the CCG

recognised that more focus was required. Accounting tools were

now available to provide real time reporting on expenditure which

would support the role out of PHBs. It was asked where oversight

of PHB sat within the CCG governance structure. It was noted

that CHC was reviewed at the Quality Committee. It was agreed

to raise the oversight and monitoring of PHBs with the Chair of

the Quality Committee.

Nick Kennedy (NK) sought clarification of the potential risks

relating to PHBs. It was explained that risks related to potential

overspend of budgets, inappropriate expenditure and the potential

for fraud. Internal Audit had developed a financial checklist for

PHB assessors to support decision making. JRu asked if there

were examples nationally of good practice. JMcC explained that

the position nationally was developing. NK asked about the likely

scale of increase in PHBs? It was explained that the number of

PHBs would increase significantly. NK asked if patient outcomes

were measured. There was a discussion about the availability of

benchmarking data. Peter Marriner (PM) noted that national data

was available for benchmarking. It was explained that the three

policies were to be consolidated into one. It was noted that CHC

was a control centre. It was agreed to investigate the CCGs target

number of PHBs.

Elias Hayes (EH) presented the Counter Fraud and Security

Management Services Interim Report. The NHS Counter Fraud

Authority had moved its focus and regional activity was now

supported by local and national networks. Fraud awareness

activity, undertaken and planned, across Directorates was

highlighted. The Counter Fraud team were members of the CCG

Corporate Policy Review Group enabling direct input into CCG

policies as they developed. The fraud investigation summary was

highlighted. Both investigations were now closed. The

investigation relating to a Personal Health Budget and the action

to raise awareness of the potential for fraud with the CHC and

nursing and quality teams was noted. Three of the

ST ST

Page 5 of 12

Item

Action

recommendations arising from the investigation into agency

invoices had been completed and actions were in progress to

address the final recommendation.

Attention was drawn to the update following the security breach at

South Plaza. The incident had been appropriately reported and

mitigating actions to address security issues were immediately

implemented. It was asked if security had been tested post

breach. It was confirmed that a test would be planned.

JRu sought clarification of the comment that action

‘SWRT/16/0016 ref 6.1’ was completed and open. It was

explained that the open comment referred to the requirement for

further evidence which had been received. Evidence had been

received for recommendations 6.2 and 6.3.

The Committee received the Internal Audit Interim Report

06.1 External Audit Progress Report and Sector Update

Michelle Burge (MB) presented the report. JRu asked if the

Executive Team received the sector update and the Insight report

from the Internal Auditors. ST explained that the executive team

would be aware of the individual issues highlighted. JMcC

commented that the Internal Audit Insight Report would be shared

monthly. It was agreed to share the Sector Update Report with

Governing Body members.

The summary of progress at September 2018 was highlighted.

External Auditors had met with CCG officers to plan the interim

audit commencing November 2018. There would be early testing

of the organisation’s opening balances and the Value for Money

risk assessment would begin. The three sub criteria for

assessment were highlighted in the report. A further update would

be presented to the next committee meeting.

The Committee received the External Audit Progress Report

and Sector Update

ST/ SC

06.2 External Audit Letters

MB presented the three Annual Audit Letters for the former

CCG’s, highlighting the executive summary. For each CCG:

an unqualified opinion on the financial statements was given

Page 6 of 12

Item

Action

Qualified Regularity Opinions were made and Section 30

Referral letters were issued

Qualified Value for Money conclusions were provided.

The report had recognised the challenge that faced each CCG.

JRu commented that the reports were positive and strong given

the challenges.

The Committee received the Audit Letters for Bristol, North

Somerset and South Gloucestershire CCGs

07.1 Primary Care Internal Audit Framework

MV explained that there were three elements to the NHSE

framework. The NHSE Audit and Risk Assurance Committee

expected CCGs with delegated authority for primary care

commissioning to complete and publish an annual self-

assessment of compliance report. CCGs were also required to

publish annually a report covering the outcomes achieved through

the delegated commissioning responsibilities. The framework set

out the internal audit of delegated commissioning functions. The

delegated primary care commissioning functions within the scope

of the audit framework were described in the paper.

MV explained that the uptake of delegated functions was a

transitional process and that the 2018-19 audit would reflect this.

The NHSE guidance was that additional audit fees were not

expected. The CCG would programme the audit work into the

existing internal audit plan. JMcC confirmed that this activity was

in the plan. MV agreed to share the link to the NHSE paper.

There would be a meeting with the CCG to develop the audit work

and an update on the elements to be included in the first audit

would be provided.

JRu asked if there were implications for External Audit. It was

confirmed that there were no immediate implications. The

relationship with NHSE was a key issue, noting that statutory

responsibility remained with NHSE. NK asked if the CCG was

confident regarding the management of delegated primary care

commissioning. ST explained that the CCG was not yet

managing the full range of delegated functions. The audit for this

year would test those areas in place. There was a discussion

about the management of primary care commissioning and the

transition from NHSE to the CCG. It was noted that it was a

MV MV

Page 7 of 12

Item

Action

significant challenge. JRu observed that delegated primary care

commissioning was more established in other areas and asked

Internal Auditors to use knowledge gained in other places to

support the CCG. NK asked if NHSE would provide assurance to

the CCG on the functions that were not delegated. It was noted

that these issues could be raised at the Primary Care

Commissioning Committee (PCCC). It was agreed to discuss this

with the Chair of the PCCC.

The Committee received the report

MV

07.2 Accounting for Primary Care Prescribing

MV highlighted that a significant element of the prescribing budget

related to repeat prescriptions and for patient care beyond the

period for which they were funded and dispensed. The CCG

intended to account for the value of pre-paid primary care

medicines in the annual accounts. This adjustment would bring

the accounting treatment for medicines in line with acute contract

activity; this was consistent with general accounting principles.

MV highlighted the work completed with the medicines

optimisation team to assess the value of drugs dispensed and

funded in year that went on beyond the end of the financial year.

There was no seasonal impact on dispensing repeat medicines;

the key issue was the number of dispensing days. ST explained

that an increasing proportion of primary care prescribing related to

the management of long term conditions. NHSE had been asked

for a formal response to the proposal; no concerns or issues had

been raised. The matter had been raised with the External

Auditors who had commented on the proposal and these

discussions would continue.

MB explained that the External Auditors did not share the CCG

view. It was explained that the value concerned would not match

the level of materiality for the accounts. If there were a differing

opinion on the treatment it would be a reporting item in the

accounts. JRu commented that the proposal appeared

reasonable. It was important that the amount spent was disclosed

through a note in the accounts. There would be continuing

discussions within Grant Thornton regarding the proposal. JRu

asked for a formal position from NHSE. A further update would

be provided at the next meeting.

MV MV

Page 8 of 12

Item

Action

The Committee agreed the proposed change in accounting

treatment for 2018-19

07.3 Financial Control Environment Assessment Q1

Rob Moors explained that the self-assessment covered 12

domains with 52 criteria. The CCG reported green RAG ratings

against 6 domains, amber ratings against two domains and red

ratings for four domains. These were set out in the report with the

explanations for the assessments. It was noted that actions were

in place to address all the issues identified. There was a

discussion about the Capability and Capacity domain and the

requirement for staff turnover to be below 5%. It was noted that

this was a challenging target for all organisations.

JRu asked how the CCG compared to others. ST explained that

different approaches were adopted across CCGs. JMcC

explained that previously Internal Auditors had been asked to

express a view on the annual return. This was not the case for

the quarterly return. It was agreed that in future the report would

be for information only with exception report. PM asked if

discussions with trust contract leads on non- financial elements

were now complete. It was agreed to explore this.

The Committee received the report and agreed that future

reports would be for information only with exception

reporting

ST

07.4 HMRC Governing Body Payments Compliance

Steve Freeman (SF) explained that the paper was a progress

report. Nationally HMRC had deemed Governing Body members

to be ‘Office Holders’ and therefore subject to PAYE. Compliance

checks were issued to the three previous CCGs requesting

information on payments made. SF explained that the Bristol

CCG position was now agreed; work was ongoing in relation to

the South Gloucestershire and North Somerset positions. It was

explained that the CCG had accrued funds to cover the claims

and it was expected that the final claims would be within the

accrued sum. It was noted that this was a national issue.

The Committee received the update

07.5 Management of Declared Interests

Laura Davey (LD) highlighted the requirement for an annual audit

of conflicts of interest and explained the CCG had introduced an

Page 9 of 12

Item

Action

internal sample audit of declared interests to check for accuracy

and completeness. The sample audit found that out of five tested

declarations four matched the information held on the register.

The declaration that was found not to match the register related to

declarations that had not been removed once expired.

NHSE requirements relating to training were noted. It was

anticipated that modules two and three would become mandatory

and work was underway to ensure that these modules could be

accessed through the CCG online training platform. The CCG

required all staff to complete module one training; at September

compliance was at 75.4%; this reflected the number of new

starters and it was expected that this figure would improve.

JRu asked what actions were in place to reduce the number of

outstanding declared interests from GPs. It was explained a

targeted approach had been adopted and the position had

improved significantly since the report was prepared. It was

agreed to circulate current figures to committee members. JRu

asked how the CCG compared with others. It was explained that

the Internal Auditors would be able to comment when work across

the area was completed. RC noted that the audit would be

completed in January. It was asked if GP returns of declarations

would be discussed at the PCCC. It was explained that the

declarations related to the GP membership of the CCG as

commissioners. There was a discussion about working with

primary care colleagues to improve the return rate.

The Committee received the report

SC

07.6 Review of Risk Management Framework

LD highlighted the approach to the Directorate and Corporate

Risk Registers (CRR) described in the report. The version control

of registers was important to ensure a full audit trail. Staff were

encouraged to use a consistent form of wording when populating

the risk registers. The risk training provided by the PMO was

highlighted. Staff were encouraged to attend this training. An

Internal Audit of the CCG’s risk management arrangements had

been agreed. It was noted that the CRR was received at the

Governing Body and its committees.

PM observed that it was important to be clear and concise when

describing risks and mitigations. It was noted that staff were

Page 10 of 12

Item

Action

encouraged to use a consistent language and the format of the

registers support this. It was noted that training was an important

element. LD highlighted the positive level of engagement through

the Directorate leads. Work with leads was underway to develop

approaches to managing reporting of overlapping risks.

The Committee received the report

07.7 Corporate Risk Register

LD explained that actions were in place with Directorate leads to

ensure targets dates, etc were added. Further work to review

duplications was in progress. The Area Teams had introduced a

BNSSG Area Directorate risk register for their teams. The CRR

had been received at the Commissioning Executive and the

Quality Committee and would be presented to the Strategic

Finance Committee.

There was a discussion about the downward trend in risk score

primary care risks. It was asked if this reflected the actual

position. It was explained that this reflected the progress made by

the Primary Care Directorate in understanding and managing

issues. It was noted that the CRR would be reviewed at the

Governing Body and there would be further discussion of risks.

JRU asked where external risks such as the impact of Brexit on

providers were discussed. It was agreed that these risks would

be considered further by the executive team. There was further

discussion of the reported downward trend in risk scoring and it

was agreed to keep this under review and ensure realistic

timescales were set as part of the risk management process.

Directorates would have a monthly review of the risk registers.

LD sought the view of the Committee regarding the reporting of

progress on the CRR. It was agreed that current progress would

be reported on future versions. PM recommended that further

reports have a concise narrative report highlighting key issues

and movements in risk. There was a discussion about the use,

where appropriate, of a confidential risk register. The view was

this would not be appropriate.

The Committee received the Corporate Risk Register

ST

07.8 Waiver of Detailed Financial Policies

It was explained that the CCG had in place Detailed Financial

Policies that set out the financial limits for procurements. The

Page 11 of 12

Item

Action

report detailed where these Detailed Financial Policies were

waivered. Processes were established for the reporting of

waivers with executive director sign-off. It was commented that it

was encouraging to see a small number of waivers had been

approved.

The Committee received the report and noted the waivers

07.9 Governing Body Assurance Framework (GBAF)

The paper described the development of the GBAF, its format and

the processes followed to populate and update the principal risks

and assurances. It was noted that the GBAF was received at the

monthly committee meetings. The GBAF would be reviewed at

the October Governing Body. The GBAF was presented to the

Committee for review and consideration.

It was commented the GBAF was comprehensive; it was noted

that issues were discussed at the committees. It was commented

that the format and presentation were helpful; the information

reported reflected discussions and data reported at other

committees.

JMcC highlighted the inclusion of how assurances were graded in

relation to quality would be helpful. It was agreed that it was

important to show the quality of the assurance and what the

assurance was. It was commented that timescales for actions to

be completed would be helpful. It was asked how the GBAF

compared to others; it was commented that the Framework was in

line with approaches taken in other organisations. The External

Auditors asked how the GBAF linked to the CRR. it was explained

that there were links and some of the risks were reported on both,

however the GBAF also contain risks that were strategic. The

reference to the wider system in the GBAF was welcomed.

The Committee reviewed the Governing Body Assurance

Framework and agreed that assurance could be provided to

the Governing Body that it was valid and suitable for the

Governing Body’s requirements

SC

07.10 Audit Issues within the STP

JRu commented that it was important to build relationships at

governing level with other organisations in the STP. A potential

mechanism was to have a meeting of Audit Chairs to discuss

issues of common interest. JRu sought the views of committee

Page 12 of 12

Item

Action

members as to the issues for discussion. Potential issues

included:

how did Audit Committees receive assurances that savings

plans across the system were being delivered

how was the quality of information received tested?

how were assurances gained regarding HR issues and

systems?

It was noted that there would be a requirement for more formal

governance arrangements across the STP in the future. It was

noted that the Healthier Together mandate had been refreshed

and it would be helpful to have a further discussion of the key

risks and receive assurances regarding risks that were mitigated

through the STP work streams such as workforce. PM highlighted

that the issue of lay member governance at an ICS level was

being considered in Gloucestershire. JRU welcomed the

comments and agreed to discuss the matter further with ST. ST

would raise the issue at the STP Chairs’ Reference Group.

The Committee agreed the issues highlighted and supported

further discussion

JRu ST

08 Losses and Compensation Payments

The item was presented for information.

The Committee received the report

09 Redundancy Provisions

The item was presented for information

The Committee received the report

10 Audit, Governance and Risk Committee Workplan

The item was presented for information

The Committee received the workplan

17 Committee Effectiveness

Members considered the checklist and agreed the meeting had

been effective.

Sarah Carr

Corporate Secretary

October 2018