CoG (07/18) Item 8.1.2 · CoG (07/18) Item 8.1.2.1. DATE . 10. th. July 2018. REPORT FOR . Council of Governors . REPORT FROM . Stanley Shreeve – Chair of Audit, Risk and Governance

CoG (07/18) Item 8.1.2.1

DATE 10th July 2018

REPORT FOR Council of Governors

REPORT FROM Stanley Shreeve – Chair of Audit, Risk and Governance Committee / NED

CONTACT OFFICER Director of Finance

SUBJECT Audit, Risk and Governance Committee Annual Report 2017/18

BACKGROUND DOCUMENT (IF ANY)

N/A

EXECUTIVE COMMENT (INCLUDING KEY ISSUES OF NOTE OR, WHERE RELEVANT, CONCERN THAT THE COG NEED TO BE MADE AWARE OF)

This is the annual report from the Chair of the Audit, Risk and Governance Committee to the Trust Board, and summarises the key work of the Committee during 2017/18.

It was received and reviewed by the Audit, Risk and Governance Committee at its meeting on the 17th May 2018 and submitted to the May 2018 Trust Board.

It is supplied to the Council of Governors for information.

COUNCIL ACTION REQUIRED To note the report from the Chair of the Audit, Risk and Governance Committee.

AUDIT, RISK AND

GOVERNANCE COMMITTEE

ANNUAL REPORT

FOR THE YEAR ENDED 31ST

MARCH 2018

Stanley Shreeve FCCA Chair of Audit Committee 17 May 2018

Northern Lincolnshire and Goole NHS Foundation Trust

Audit, Risk and Governance Committee Annual Report for the year ended 31st

March 2018

_________________________________________________________________________

2 | P a g e

Contents

Page

1 Introduction and Purpose of Report…………………………………………………...3

2 Membership and Attendance………………………………………………………......3

3 Principle Review Areas……………………………………………………………........4

3.1 Governance, Risk Management and Internal Control

3.2 Internal Audit

3.3 Counter Fraud

3.4 External Audit

4 Financial Reporting……………………………………………………………………...6

5 Management Reports…………………………………………………………………...7

6 Other Matters Worthy of Note…………………………………………………….........7

7 Conclusion and Plans for 2018/19…………………………………………………….8

Appendix 1 – Schedule of attendance at Audit Committee meetings during 2017/18......9

Appendix 2 – Audit Committee Work Plan for 2018/19……………………………………11



March 2018

_________________________________________________________________________

3 | P a g e

1. Introduction and Purpose of the Report

The Audit, Risk and Governance Committee of Northern Lincolnshire and Goole NHS Foundation Trust (NLaG FT) is established under Trust Board delegation with approved terms of reference that are aligned with the latest Audit Committee Handbook (2014), as published by the Healthcare Financial Management Association (HFMA) in association with the Department of Health. The Audit, Risk and Governance Committee independently reviews, monitors and reports to the Board on the attainment of effective control systems and financial reporting processes.

The Committee changed its name from the Audit Committee to the Audit, Risk and Governance Committee when it took on an extended remit in August 2017 for responsibilities transferred from the former Trust Governance and Assurance Committee which ceased to exist in June 2017.

The Membership and Terms of Reference for the Audit, Risk and Governance Committee are subject to regular review and revision as necessary, most recently in August 2017 to take account of the Committee’s extended remit and further refreshed for minor amendments and approved by the Trust Board in January 2018. The terms of reference will be reviewed again during 2018/19 in line with the Committee’s annual work plan ensure that they remain fit for purpose. The Committee also revisited and re-approved its 2017/18 annual work plan during the year to take account of its extended remit from August 2017.

As part of the Committee’s regular review of its own governance arrangements the Committee conducted a self-assessment workshop in January 2018 which used the latest (at that time) Healthcare Financial Management Association (HFMA) NHS Audit Committee Handbook self-assessment checklist as the basis for review. This exercise did not identify any significant gaps in the Committee’s processes.

This report sets out how the Audit, Risk and Governance Committee has satisfied its terms of reference during the financial year and seeks to provide the Board with evidence relevant to its responsibilities for the Annual Governance Statement (AGS).

2. Membership and Attendance

The Audit, Risk and Governance Committee consists of three Non-Executive Directors (NEDs), for which two must be present at a meeting of the Committee for it to be quorate. The Committee has been chaired since August 2012 by Stanley Shreeve, NED. Current NED members are Linda Jackson and Tony Bramley. There is cross NED membership with other Trust Board sub-committees. The Committee met on seven occasions (six full meetings plus an additional meeting for the audited accounts to be approved) during the 2017/18 financial year and has discharged its responsibilities for scrutinising risks and controls which affect all aspects of the Trust’s business. A record of attendance by Committee members and regular attendees is disclosed at Appendix 1 for information. The record shows excellent attendance rates for both core members and regular attendees, with a good cross section of other managers attending on an ad-hoc basis to provide assurance to the Committee as and when necessary.



March 2018

_________________________________________________________________________

4 | P a g e

3. Principle Review Areas

3.1 Governance, Risk Management and Internal Control During 2017/18 the Audit, Risk and Governance Committee reviewed relevant disclosure statements, in particular the Annual Governance Statement (AGS), the Head of Internal Audit Opinion (HoIAO), External Audit opinion and other appropriate independent assurances and considers that the AGS is consistent with the Committee’s view on the Trust’s system of internal control. Accordingly, the Committee supported Board approval of the AGS for 2017/18. As a result of the Committee’s extended remit, the Committee has received regularly quarterly reports on the Trust’s risk register and BAF during the year. This has been with a view to considering whether the processes are resilient as opposed to reviewing individual risks, and also commenting upon the various iterations of the BAF document as it has evolved positively over the last year. 3.2 Internal Audit The Trust’s internal audit service, provided by KPMG, entered the fourth and final year (2017/18) of its contract with NLaG FT (with the fourth year being an option to extend the contract which was considered and formally approved by the Committee). The contract commenced on the 1st June 2014 following a formal mini-tendering exercise using a national framework agreement. An agreed Internal Audit Charter is in place with KPMG.

Given that 2017/18 was the final year of the internal audit service contract the Trust undertook a mini-tendering exercise using the latest available national framework. The Committee agreed an evaluation panel for this process and subsequently received a recommendation from the panel at its April 2018 meeting to appoint Audit Yorkshire as its new internal audit service provider from the 1st June 2018.

An internal audit plan was considered and agreed for 2017/18 at the February 2017 meeting of the Committee, and kept under review throughout the year. As is normal practice, an internal audit planning workshop was also held in January 2018 to consider the annual internal audit plan for 2018/19 and align it to the Trust’s strategic risks. The workshop process is designed to maximise the value of internal audit reviews and resulting reports. It is accepted that this risk based approach may however lead to an increase in the number of reports resulting in partial assurance outcomes. The following officers were in attendance at the planning workshop:

Stanley Shreeve – Chair of Audit Committee / NED

Peter Reading – Chief Executive

Anne Shaw – Trust Chair

Tony Bramley – NED

Linda Jackson – NED

Marcus Hassall – Director of Finance

Richard Sunley – Deputy Chief Executive / Director of Operations

Kate Wood – Acting Medical Director

Pam Clipson – Director of Strategy and Planning

Jug Johal – Director of Estates and Facilities

Wendy Booth – Director of Governance and Assurance / Trust Secretary

Sally Stevenson – Assistant Director of Finance – Compliance and Counter Fraud

Clare Partridge – Head of Internal Audit - Director - KPMG

Jakira Motala – Assistant Audit Manager - KPMG



March 2018

_________________________________________________________________________

5 | P a g e

As can be seen, there was, once again, good engagement from the Trust Board with the internal audit planning workshop. However, given the status of the internal audit service contract and the fact that at that time KPMG did not know whether it would still be the internal audit service provider for 2018/19, KPMG prepared a draft internal audit plan for 2018/19 following the planning workshop based on key considerations and indicative timings for reviews. This draft plan will however be revisited by the new internal audit service provider and worked up accordingly as a priority task.

The Committee received the Annual Internal Audit Report for 2016/17 at its June 2017 meeting. As in previous years the Audit, Risk and Governance Committee has sought to work effectively with Internal Audit throughout the year to review, assess and develop internal control processes as necessary. The Committee reviewed progress against the agreed internal audit work plan for 2017/18 via routine written progress reports from KPMG at each meeting, at which a representative of KPMG was always present. Written progress reports outline the status of the planned audit work for the year and the outcome of individual reviews performed, along with associated recommendations where appropriate.

Internal Audit completed sixteen reports for 2017/18, of which seven were ‘core’ reviews, seven were ‘risk based’ reviews and two were pieces of advisory work. Eight reports resulted in ‘partial assurance with improvements required’ as to the adequacy and effectiveness of control arrangements in place. Of these eight reviews five related to risk based audits where a lower opinion rating is often anticipated. The remaining reviews received assurance ratings of either ‘significant assurance’ or ‘significant assurance with minor improvement opportunities’.

The 2017/18 Head of Internal Audit Opinion (HoIAO) was also received by the Committee which for the second consecutive year gave an overall opinion as follows: Partial assurance with improvements required can be given on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and controls. Whilst this was once again disappointing it was not unexpected given the range of issues identified by internal audit throughout the year and the number of ‘partial assurance’ reports received. This HoIAO is included within the Annual Governance Statement (AGS) which forms part of the Trust’s Annual Report.

Upon receipt of each internal audit report the Trust has entered new recommendations onto a tracker originally provided by KPMG but now managed by the Trust and followed up each recommendation as its implementation date has become due. The details contained on the tracker produce a routine summary report on the status of recommendations to each meeting of the Audit, Risk and Governance Committee for oversight and scrutiny purposes. The Trust’s internal follow-up process is subject to review by internal audit. KPMG also review the evidence (both narrative and documentary) in support of all recommendations considered to be closed in relation to both high and medium priority recommendations and formally agree closure of the recommendations concerned. The Committee has been working during the latter part of 2017/18 to ensure that old outstanding recommendations from 2014/15 and 2015/16 are either implemented or closed off as appropriate if no longer relevant, etc., and this involved escalating those outstanding to the CEO for information/action.

3.3 Counter Fraud The Audit, Risk and Governance Committee has continued to receive regular written progress reports from the Trust’s Local Counter Fraud Specialist (LCFS) throughout the year. Additionally the Annual Counter Fraud Report for 2016/17 and the Annual Counter Fraud Operational Plan for 2017/18 were also submitted to the Committee during the



March 2018

_________________________________________________________________________

6 | P a g e

reporting year. The Committee notes the continuing efforts of the LCFS to promote awareness of counter fraud issues throughout the organisation and continue developing a strong anti-fraud culture, whilst at the same time investigating allegations of fraud to a criminal standard. The LCFS has continued to liaise effectively with the Trust’s Human Resources team and external professional bodies (e.g. NMC, HCPC) to apply appropriate internal disciplinary and professional body sanctions as necessary. The Trust continues to host and manage an in-house counter fraud collaborative, known as Counter Fraud Plus (CFP) between itself, Doncaster and Bassetlaw Teaching Hospitals NHS Foundation Trust and United Lincolnshire Hospitals NHS Trust. This collaborative arrangement commenced in July 2013 under a formal SLA arrangement. It is designed to provide a more resilient counter fraud service between the three organisations. The Committee has received reports that the collaborative continues to work effectively and successfully across all three organisations. The Committee also received updates in relation to the organisational changes taking place at a national level within NHS Protect, which from 1st November 2017 became a Special Health Authority known as the NHS Counter Fraud Authority (NHSCFA). 3.4 External Audit The Trust initially appointed its current External Auditor, Pricewaterhouse Coopers LLP (PwC), in September 2012. They were re-appointed in September 2016 following a mini-tendering exercise. The Committee supported the Council of Governors with this appointment process. The new contract is for a term of three years, with the option to extend for a further year. PwC were unable to attend one of the seven meetings (August 2017) of the Committee during 2017/18. Verbal or written progress reports are received from the Trust’s External Auditor at Audit, Risk and Governance Committee meetings, including the audit opinion on the Trust’s annual financial statements and Quality report. PwC has in previous years also provided non-audit services to the Trust and the value of such work is routinely disclosed in the Trust’s accounts: no such services were provided during 2017/18. In line with Regulator guidance, the Trust has a ‘Policy for Engagement of External Auditors for Non-Audit Work’ to ensure that potential conflicts of interest, either real or perceived, are avoided in terms of the objectivity of their opinion on the financial statements of the Trust. The policy, which can be found on the documents section of the Trust intranet, is subject to annual review and was duly considered by the Audit Committee at its April 2017 and February 2017 meetings and updated as necessary to reflect the latest National Audit Office (NAO) guidance in this area. During the year private meetings with both the external and internal auditors have taken place before each Audit, Risk and Governance Committee meeting. In these private meetings the auditors have expressed satisfaction with the level of cooperation received from the Director of Finance and his team, and no matters of concern have been raised.

4. Financial Reporting

At its April and May 2017 meetings the Committee reviewed the draft and audited annual financial statements for 2016/17 before submission to the External Auditor, the Trust Board and NHS Improvement (NHSI), and we understand these were in agreement with our accounting records and the current Regulator requirements.



March 2018

_________________________________________________________________________

7 | P a g e

Prior to the preparation of the 2017/18 financial statements, the Committee reviewed and agreed the detailed accounting principles at its February 2018 meeting. The Committee also reviewed the draft and audited annual financial statements for 2017/18 prior to the submission of this report to the May 2018 Trust Board meeting. The Committee approved the 2017/18 financial statements on behalf of the Trust Board (in line with formal delegated authority given by the Board in February 2018), which are due for submission to NHSI on Tuesday 29th May 2018. As with the previous three years, there was once again heightened scrutiny of the 2017/18 financial statements by the External Auditor in relation to the matter of ‘Going Concern’ given the Trust’s financial position. The financial climate for all acute providers continues to prove extremely challenging. However, NHSI have been directly engaged with the Trust on finances since late 2013 and continue to work with the organisation in this regard particularly since it placed the Trust into Financial Special Measures in March 2017. At the April 2018 Committee meeting the issue of Going Concern was discussed with the External Auditor. As a result the Audit, Risk and Governance Committee endorsed the view that the Trust is a going concern for the purposes of the annual accounting exercise. The Committee and the Trust Board have received a number of progress reports throughout the year regarding the work which has been underway to refresh the Trust’s Scheme of Delegation (SoD) and the Standing Financial Instructions (SFIs). However this exercise has not been able to be completed for a number of reasons. As this work continues a three month extension to the existing SoD and SFIs was approved at the March 2017 Trust Board, recognising that the existing versions are sufficient to support the Trust’s management processes.

5. Management Reports

The Committee has requested and reviewed reports and received verbal assurances from various Directors and managers within the organisation in relation to relevant areas of enquiry during the financial year 2017/18. We thank all those who have assisted the Committee in these matters. Officers attending Audit, Risk and Governance Committee meetings on an ad-hoc basis are shown on Appendix 1 for information.

6. Other Matters Worthy of Note

The Committee followed its agreed annual work plan throughout the year and received regular reports covering Significant Variances on the Balance Sheet; Waiving of Standing Orders; Losses and Compensations; Hospitality and Sponsorship declarations; Salary Overpayments and Complaints Ombudsman Compensation Payments. Additional routine reports as a result of the Committee’s extended remit have also been received in relation to Board Assurance Framework and Strategic Risk Register; Fire Action Plans; Document Control and Improving Together. Additional information is called for as appropriate. The Committee once again received the Local Security Management Specialist (LSMS) work plan and annual report. In line with the latest HFMA Audit Committee Handbook (2014), these additional anti-crime items are provided annually to the Audit, Risk and Governance Committee for information. Throughout the year the Committee also received minutes from the Trust’s Finance and Performance Committee, Quality and Safety Committee and the Workforce, Sustainability



March 2018

_________________________________________________________________________

8 | P a g e

and Transformation Committee. The Committee discharged its responsibilities for providing assurance on these matters as per its terms of reference. Minutes of Audit, Risk and Governance Committee meetings are submitted to the above named committees and the Trust Board for information once approved as true and accurate at the following meeting. The Trust Board and Council of Governors also receive highlight reports from the Committee, and other Trust Board sub-committees have matters escalated to them from the Committee where it is felt necessary to do so.

7. Conclusion and Plans for 2018/19

Following a review of its work programme the Audit, Risk and Governance Committee will be moving to quarterly meetings for 2018/19, with an additional meeting in May for sign off of the annual financial statements (as is currently the case). This adjustment is in part to alleviate the demands on other attendees whose work programmes include attendance at many other committees. The Committee’s refreshed work plan for 2018/19 is attached to this report for information at Appendix 2. The Council of Governors will also receive a copy of this annual report and work plan for information. The Audit, Risk and Governance Committee will remain active in reviewing the risks, internal controls, reports of auditors and audit recommendations and will continue to press for action and improvements where required throughout the coming year.



March 2018

_________________________________________________________________________

9 | P a g e

Appendix 1 - Schedule of Attendance at Audit Committee meetings during 2017/18

Member / Attendee Apr-17 May-17 Jun-17 Aug-17 Oct-17 Dec-17 Feb-18 Overall Attendance

Members:

Stan Shreeve – Chair Y Y Y Y Y Y Y 100%

Neil Gammon – NED Y Y Y1 - - - - 100%

Linda Jackson – NED Y N Y N Y Y Y 71%

Anthony Bramley - NED - - Y2 Y Y N Y 86%

Regular Attendees:

Marcus Hassall – Director of

Finance

N3 N3 N3 Y Y Y Y 100%

Wendy Booth – Director of

Governance & Assurance

Y Y Y Y Y y y 100%

Asst. DoF – Compliance &

Counter Fraud

Y Y Y Y Y Y Y 100%

LCFS Y N/A4 Y Y Y Y Y 100%

Head of Procurement Y N/A4 N Y Y5 Y5 Y 100%

Internal Audit Y Y Y Y Y Y Y 100%

External Audit Y Y Y N Y Y Y 86%

Head of Quality Assurance - - - Y6 Y Y Y 100%

Head of H&S and Fire - - - Y6 N Y N 50%

Ad-hoc Attendees:

Asst. DoF – Process & Control (NP) Y Y - - - - Y -

Deputy Director of Finance (PC) Y Y - - - - - -

Chief Executive (RS) - Y - - - - - -

Director of People & Organisational Effectiveness (JA)

- - Y - Y - - -

Associate Freedom to Speak Up Guardian (DB)

- - Y - Y - - -

Emergency Planning & LSMS (MO) - - - Y - - - -

Listening into Action Lead (KF) - - - Y - - Y -



March 2018

_________________________________________________________________________

10 | P a g e

Deputy Director of Improvement (KH)

- - - - - Y - -

IT Network & Telecommunications Manager (JLH)

- - - - - Y - -

Associate Chief Operating Officer – Patient Access (JF)

- - - - - - - Y

Notes:

1 Neil Gammon, NED, last meeting before leaving the Trust

2 Anthony Bramley, NED, first meeting as new member of the Committee

3 Interim DoF in attendance in absence of substantive DoF

4 Not required to attend, Final Accounts meeting only

5 Interim Head of Procurement in attendance

6 First attendance at newly named Audit, Risk and Governance Committee (having extended remit from August

2017 for responsibilities transferred from the former Trust Governance and Assurance Committee).

11 | P a g e

APPENDIX 2 - TRUST AUDIT, RISK AND GOVERNANCE COMMITTEE WORK PLAN - year ended 31st March 2019

Item of Business 19 Apr 18

17 May 18 (Final Accounts

meeting)

26 Jul 18 25 Oct 18

24 Jan 19

Audit Committee - Annual Review of Terms of Reference X

Audit Committee - Annual Review of Work Plan X

Audit Committee - Annual Self-Assessment Exercise & Results X

Audit Committee - Annual Report to Trust Board / CoG X

Audit Committee - Annual meeting dates/times/locations X

Private Discussion with Auditors (internal and external) X X X X X

Receive minutes from other Board sub-committees X X X X

External Audit - Annual External Audit Plan / Timetable / Fees X

External Audit - Routine Progress Reports X X X X X

External Audit - Year End Report & Letter of Representation X

External Audit - Report on Trust’s Quality Account X

Internal Audit - Annual Internal Audit Plan X

Internal Audit - Routine Progress Report / Technical Updates X X X X

Internal Audit - Head of Internal Audit Opinion X

Internal Audit - Annual Report (inc. client feedback survey results) X

Internal Audit - IA Plan strategic workshop results X

Receive Status Report on Implementation of IA Recommendations X X X X

Annual Governance Statement X

Annual Accounts - Review changes to Accounting Policies X

Annual Accounts - Receive draft annual accounts X

Annual Accounts - Receive Going Concern Report X

Annual Accounts - Receive audited annual accounts X

LCFS - Annual Counter Fraud Report X

LCFS - Annual Counter Fraud Work Plan X

LCFS - Written Progress Reports X X X X

LCFS - Concluding investigation reports / related issues as needed as needed as needed as needed

LCFS - Annual review of Fraud and Corruption Policy X

12 | P a g e



meeting)

26 Jul 18 25 Oct 18

24 Jan 19

LCFS - Results of Annual Staff Fraud Awareness Survey X

LSMS - Annual Security Management Report X

LSMS - Annual Security Management Work Plan X

LSMS - Ad-hoc reports and updates as needed as needed as needed as needed

Review of Waiving of Standing Orders X X X X

Review of Losses and Compensations - quarterly X X X X

Review of Hospitality and Sponsorship X X X X

Review of Salary Overpayments & Underpayments - quarterly X X X X

Review of Complaints Ombudsman Compensation Payments - quarterly

X X X X

Review of Balance Sheet Significant Variances - quarterly X X X X

Procurement Update report (inc. invoices without POs) X X X X

Review of finance related policies (SFIs / Standing Orders / Scheme of Delegation, Recovery of Salary Overpayments Policy, Standards of Business Conduct Policy, etc.)

as needed as needed as needed as needed

Annual Review Policy for Engagement of External Auditors for Non-Audit Work

X

Risk Register report - quarterly X X X X

Board Assurance Framework (BAF) report - quarterly X X X X

Annual Review of Risk Management Strategy X

Improving Together update X X X X

Review of External Visit Register – quarterly X X X X

Annual Review of CQC Statement of Purpose X

Annual Review of Trust whistle blowing arrangements X

Freedom to Speak Up Guardian X

13 | P a g e



meeting)

26 Jul 18 25 Oct 18

24 Jan 19

Annual IG Toolkit Return X

IG Steering Group Highlight reports - quarterly X X X X

Document Control report - quarterly X X X X

Fire Action Plan updates - quarterly X X X X

Annual Fire Report X

Annual Health and Safety Policy statement X

Annual Emergency Preparedness, Resilience and Business Continuity Report

X

Documents

CoG (07/18) Item 8.1.2 · CoG (07/18) Item 8.1.2.1. DATE . 10. th. July 2018. REPORT FOR . Council of Governors . REPORT FROM . Stanley Shreeve – Chair of Audit, Risk and Governance