Agenda and minutes

There were no apologies for absence.

To invite Councillors to declare any Disclosable Pecuniary Interests and/or Other Disclosable Interests they may have in items on the agenda, and to confirm the nature of those interests.

There were no declarations of interest.

The minutes of the meeting of Audit, Governance and Standards Committee held on 24 July 2025 will be considered at this meeting.

The minutes of the meeting of Audit, Governance and Standards Committee held on 24^th July 2025 were submitted for Members’ consideration.

RESOLVED that

The minutes of the Audit, Governance and Standards Committee meeting held on 24^th July 2025 be approved as a true and correct record and signed by the Chair.

Members of the public have an opportunity to speak at meetings of the Audit, Governance and Standards Committee. In order to do so members of the public must register by 12 noon two days prior to the date of the meeting. A maximum of 15 minutes will be allocated to public speaking.

There were no public speakers who had registered to speak at this meeting.

To receive a verbal report from the Feckenham Parish Council Representative on standards matters relating to the Parish Council.

The Chairman of Feckenham Parish Council provided an update on Feckenham Parish Council standards matters and in doing so explained that although there were no specific standards matters to report in relation to the Parish Council, he wished to update on matters of general concern, as this Committee was the main forum where Feckenham Parish Council matters could be raised with Borough Councillors.

The Chairman of Feckenham Parish Council expressed ongoing concern about the development of battery storage systems and other developments, including placement of 300-500 metal canisters, within the Green Belt surrounding Feckenham. The allocation of house-building target within Feckenham was also cited as a concern including the potential that 5,500 houses could be built in the Parish.

The Chairman of Feckenham Parish Council also commented on the uncertainty with regard to what local government reorganisation (LGR) would mean for Feckenham and the difficulty in responding to any consultation/questionnaires on the issue in an informed manner. It was highlighted that Parish Councils were uncertain how they would be affected by LGR and whether this would entail any change to the status or responsibilities for Feckenham Parish Council.

In response, it was noted that at this stage the district authorities and the county council in Worcestershire were considering the high-level aspects of unitarisation before submission of proposals to the Government by end of November 2025. More detail on the impact and requirements on the parish councils would be available after the Government had made its decision on proposals, expected around summer 2026.

Officers undertook to arrange information on progress with LGR to be provided to the Chairman of Feckenham Parish Council through informal meeting with the Council’s Chief Executive and/or through Worcestershire County Association of Local Councils (CALC).

RESOLVED that

the Feckenham Parish Council’s Representative update be noted.

The Deputy Monitoring Officer presented the Monitoring Officer’s report and in doing so reported that since the last report there had been one complaint submitted by a member of the public against three Borough Councillors, which was currently at the initial assessment stage, and one complaint submitted by a member of the public against a Borough Councillor, which, following assessment, was found not to be a code of conduct matter.

In relation to the meeting of Constitutional Review Working Party (CRWP), it was noted that the meeting which had been scheduled for October 2025 had been postponed.

It was reported that member briefings and engagement sessions on local government reorganisation (LGR) continued to take place in the run up to the Extraordinary Council meeting on the issue of LGR which would be on 17 November 2025. It was reiterated that 28 November 2025 was a final date for when proposal(s) for LGR structure within Worcestershire must be submitted on behalf of all seven Worcestershire councils.

RESOLVED that

the Monitoring Officer’s report be noted.

The Committee received a report which set out statistics on the Local Government and Social Care Ombudsman’s (LGSCO) cases relating to the Council in the period ending 31 March 2025.

During the one-year period ending 31 March 2025, the Ombudsman received 14 complaints relating to the Council, of which all 14 were decided within that year. Of these cases, there was one case where the LGSCO upheld the complaint and found the Council to be at fault. This related to a decision made under the Council’s housing allocations policy. It was noted that this was a complex case and whilst the Ombudsman did not criticise the Council’s decision making, the Council was found to be at fault for not having offered the complainant the right to appeal when the original homelessness decision was reversed in that case. The remedy was for the Council to offer the complainant the option to appeal.

Of the remaining 13 complaints, in two cases the complaint was closed by the Ombudsman after initial inquiries, in seven cases early advice was given by LGSCO to customer, three cases were referred back to Council for local resolution and in one case the complaint was deemed incomplete by Ombudsman as there was insufficient information to proceed.

The Deputy Monitoring Officer explained that from this year there had been a change to the LGSCO’s reporting of statistics back to councils. The annual statistics were now forwarded to councils and published on LGSCO website. An annual letter that was previously sent to all local authorities would now only be sent to those local authorities where LGSCO identified exceptional practice or where LGSCO had concerns about an organisation’s complaint handling. The Council was one of the authorities that did not receive the annual letter this year, only statistics. Following a question from a Member, it was clarified that no reasons had been provided by LGSCO as to why this change to reporting had been made.

RESOLVED that

the Annual Statistics Report from the Local Government and Social Care Ombudsman be noted.

The External Auditor from Ernst and Young provided an update on the audit status of the Council’s Statements of Accounts, including the audit of 2023/24 Accounts.

It was recapped that across the local government sector in England, there had been a significant backlog in completion and auditing of accounts in recent years. This had prompted the backstop legislation to clear the auditing backlog across the sector with the Ministry of Housing, Communities and Local Government (MHCLG) in collaboration the Financial Reporting Council (FRP) and other system partners having developed an approach to address the backlog in three phases.

The first phase involved clearing the backlog of historic audit opinions up to and including financial year 2022/23 by 13 December 2024 and the second phase involved recovery starting from 2023/24 financial statements to ensure that audit assurance across the sector was rebuilt across multiple audit cycles. The External Auditor reported that the Council did not meet the deadline for phase 1 and phase 2 of the recovery plan to clear the audit backlog due respectively to delays in the preparation of the financial statements for 2020/21, 2021/22 and 2022/23, and the challenges with changes to the Council’s auditor arrangements for financial years 2023/24 onwards.

The Committee was reminded that the Council had produced draft statement of accounts for 2023/24 in mid-January 2025 with the inspection period ending on 28 February 2025. Due to Ernst and Young’s appointment as auditor to the Council by PSAA not being until 2024/25, following completion of acceptance and onboarding procedures, the audit for 2023/24 Accounts did not commence until June 2025.

The External Auditor highlighted that challenges had been experienced following the commencement of their audit of the Council’s 2023/24 Accounts. This included the Council’s resources being initially focused on meeting the 30 June 2025 deadline for publishing the 2024/25 draft statement of accounts. External Audit resource was reallocated to July and August; however, further challenges were met, including matters requiring further investigation being identified including VAT, capital budgeting, compliance with laws and regulations and Value for Money which had led to further information requests. It was noted that some information had been provided but the External Auditor had currently paused its 2023/24 Accounts audit until these further information requests could be addressed.

It was reported that it was now highly unlikely the External Auditor would have available resource to recommence the audit of the 2023/24 financial statements until the 2024/25 planned audit period. As such, there would

be an impact on the delivery of the 2024/25 audit. The Assistant Director Finance and Customer Services reported that the Council had allocated additional resource for 2024/25 Accounts to ensure the backstop deadline for those accounts of 27 February 2026 would be met by the Council.

Questions were asked in respect of risks of significant weaknesses in Council’s Value for Money arrangements. A Member asked on the status concerning high staff turnover and a high number Governance

of the Council’s positions being filled through interim / temporary arrangements.  ...  view the full minutes text for item 25.

The Internal Audit Progress Report was presented on behalf of the Head of Worcestershire Internal Audit Shared Service. It was reported that of the audit assignments planned for 2025-25, at the time of report writing, one audit assignment had been fully completed, two assignments were at the draft report stage, one assignment was at the fieldwork completion stage with report to be issued shortly, six assignments were in progress, three assignments were at the planning stage, and five assignments had not yet been started.

It was highlighted that this year’s plan remained on track to achieve the targets set out in the Annual Plan. It was noted that the internal audit service was now fully resourced.  

Progress against the key performance indicators for internal audit service was provided, including that at the current stage the target of 90 per cent delivery of audit days against the full year plan target was on track to be achieved. A Member queried why the delivery of audit days target was set at 90 per cent rather than 100 per cent. The Assistant Director Finance and Customer Services undertook to obtain a response to this question from the Internal Audit Shared Service and report back to Members.

It was reported that there were no emerging issues to report arising in relation to Council’s internal controls. There were 23 outstanding internal audit recommendations which remained to be fully actioned by the Council, 1 of which was high-risk overdue recommendation in relation to the provision of assurance that cyber security awareness training had been completed by all Members.

Following the presentation, Members discussed the outstanding high-risk internal audit recommendation. It was requested that a reminder be sent to all Members who had yet to fully complete the cyber security awareness training, including a reminder on how to access the system.

The cyber security risk was deemed to be the main risk for the Council with 6000 cyber threats being reported as intercepted by Council’s firewall systems on a weekly basis. The Committee requested that presentation be provided at the next meeting from the Council’s Emergency Planning / Resilience team regarding the ramifications that a cyber-attack would have on the Council and the response and recovery processes that the Council had in place to respond in the event of a cyber security breach.

It was also requested that a report on cyber security be added as a standing item at every meeting of the Committee, to provide regular data to Members on the cyber security risks status.

An issue of cyber security refresher training for Members was also raised and it was reiterated that provision of refresher training would continue to be investigated and championed by the Executive.

A Member suggested that the Council should consider making its email system inaccessible on devices when located outside the United Kingdom. In the Member’s experience from another organisation, blocking access to mailboxes when outside the country had led to significant reductions in phishing emails and other cyber threats.

RESOLVED  ...  view the full minutes text for item 26.

The report on the Annual Governance Statement (AGS) 2024/25 was presented to the Committee. It was explained that the production of the AGS was part of the annual closure of accounts process. It was not a financial exercise but rather a corporate overview of the processes and procedures adopted by the Council to manage its affairs.

The preparation of AGS was necessary to meet the statutory requirements

as set out in the Accounts and Audit (England) Regulations 2015. The Council’s AGS and governance arrangements established by the Council were consistent with the seven principles of the Chartered Institute of Public Finance and Accountancy (CIPFA) and Society of Local Authority Chief Executives (SOLACE) Framework.

The Council’s key governance components were set out which included internal controls, such as corporate risk register, performance monitoring, constitutional arrangements, overview and scrutiny function, audit functions, including internal audit control, external audit arrangements and decision-making governance of Council, including the council-owned company, Rubicon Leisure.

Significant governance issues were also outlined within the AGS. The main governance challenge was in relation to the Council in November 2023 having received a Section 24 Statement from its External Auditor at the time for non-delivery of the 2020/21 to 2022/23 Accounts within the required timescales due to the challenges with the implementation of a new financial ledger. Other governance issues were also highlighted including the disclaimer audit opinions being received on the 2020/21 to 2022/23 Statements of Accounts, which was also the expected opinion for 2023/24 Accounts, and a C3 Regulatory Judgment following a comprehensive inspection by the Regulator of Social Housing, with failings identified in key service areas of social housing including repairs, fire safety, tenant engagement, and data management.

The Council undertook improvement actions in all the areas highlighted as governance issues. This included the Financial Recovery Plan in response to the Section 24 Statement and the associated key and improvement recommendations set out in that report, the Medium-Term Financial Plan to provide financial planning over the medium-term, enhanced risk and project and programme management processes, and, in relation to Council’s social housing stock, a comprehensive Housing Improvement Plan.

The Annual Governance Statement (AGS) for 2024/25 was approved by the Committee. No further areas for consideration to those included within the AGS were raised by Members during discussion.

RESOLVED that

1)    The arrangements for compiling, reporting on and signing the Draft Annual Governance Statement be noted.

2)    The Draft Annual Governance Statement including any areas which should be considered be reviewed and commented on; and

3)    Subject to any changes identified, as detailed above, that the statement be agreed and approved for signature by the Chief Executive and Leader of the Council for inclusion in the statement of accounts.

The Financial Compliance Report was presented which detailed the position regarding legislative reporting requirements and the position on submission of the Council’s Statements of Accounts.

In reference to key legislative reporting requirements to central Government, it was noted that the Council continued to provide the majority of key legislative deliverables within timeframes. The key outstanding returns were the VAT returns and Whole of Government accounts.

It was recapped that although the Council’s VAT returns were now up to date, and, from December 2024 onwards, monthly VAT returns were being submitted to HMRC. Work continued to provide assurance to HMRC regarding VAT return that had been submitted in December 2024, which covered the previous three years. In order to provide additional assurance, the Council had employed an experienced VAT accountant to work alongside the existing VAT consultants, PS Tax. The Council had also arranged mandatory VAT training for all finance department staff and budget managers.

It was reported that the Whole of Government Accounts returns had not been submitted by the Council for a number of years due to delays in producing the Statement of Accounts for years 2020/21 onwards, which followed the introduction of the TechOne system in February 2021. These were no longer required for previous years but remained outstanding for cycle 1 2024/25. It was unlikely that the Council would submit that return by the required deadline as its Accounts for 2023/24 and 2024/25 remained unaudited.

Members were reminded that the Council had closed their Accounts for years 2020/21 and 2022/23, receiving a ‘disclaimer’ audit opinion for these three sets of accounts. For 2023/24 Accounts, the draft accounts were presented for public inspection, which ended on 27 February 2025. The draft 2024/25 Accounts were ready for public consultation on 20 June 2025 in line with timescales set out in the existing Government legislation. The public inspection period end date for this set of accounts was 11 August 2025. The backstop date for having the 2024/25 Accounts audited was 27 February 2026.

The key recent deliverables being achieved by the Council were set out which included the drafting of the Financial Stability Plan following the successful completion of the Financial Improvement Plan, the health check on the TechOne system done in collaboration with the system provider following the successful remedy of the miscodings on the system, and the staff arrangements put in place in the finance department team including the recruitment of a chief accountant and interim staffing arrangements around the senior business partner posts.

The Portfolio Holder for Finance addressed the Committee and stated that the Council was now in a position to move towards medium-term financial planning as exemplified by the Finance Stability Plan replacing the Financial Recovery Plan. Risks nevertheless remained around the TechOne system, robustness of the finance team (in terms of staffing), and the external sign-off of the Council’s Statements of Accounts.

RESOLVED that

1)    The Committee note the position in relation to the delivery of the 2024/25 Accounts and the auditing of the  ...  view the full minutes text for item 28.

The report concerning the proposed Council’s staff policies on Artificial Intelligence (AI) Acceptable Use and WhatsApp Use was presented to the Committee.

It was explained that the purpose of developing the AI Acceptable Use Policy was to ensure the ethical, transparent, and responsible use of AI technologies across the Council. The draft Policy as set out in Appendix 2 to the report covered key principles that the Council and its employees would need to adhere to when utilising AI technologies. These principles covered:

·       Transparency and Accountability – All AI tools used must be registered in the Council’s Information Asset Register. Any automated decision-making must comply with UK GDPR and include human oversight.

·       Data Protection and Confidentiality – No personal or confidential information should be input into public AI tools. Data Protection Impact Assessments (DPIAs) were required for AI processing of personal data.

·       Procurement and Third-Party Use – AI use must be declared in procurement processes. Contracts must prohibit unauthorised AI use. Only approved AI tools may be used within the Council.

·       Ethical Use and Bias Mitigation – AI must not be used to generate discriminatory or offensive content. Equality Impact Assessments (EIAs) were required with use of AI to ensure fairness.

·       Training and Oversight – Council staff must receive training on responsible AI use. AI-generated content must be reviewed and clearly disclosed.

The WhatsApp Policy at Appendix 3 was developed to guide Council staff as to appropriate use of WhatsApp for Council-related communication. The main aspects of this policy were:

·       Permitted Use – If utilised, WhatsApp may only be used by staff for non-sensitive, logistical communication (e.g. meeting times, location changes).

·       Prohibited Use – WhatsApp must not be used for customer communication or sharing of personal/confidential data (e.g. personal data, internal decisions).

·       Security and Compliance – WhatsApp was deemed not secure for sensitive data by the Council. Any use of WhatsApp by staff on personal devices may be subject to Freedom of Information (FOI) requests.

·       Photos and Media – Images of people required consent and staff must exercise caution when sharing photos to ensure photos did not contain sensitive information in the background.

·       Emergency Use: WhatsApp may be used for emergency alerts (e.g. civil emergencies) under strict guidelines.

Following the Officer presentation, there was a detailed discussion of the following matters by Members:

·       It was clarified that both the AI Acceptable Use and WhatsApp policies presented were new policies which, subject to approval by the Executive Committee, would become formal policy documents for the Council. It was noted that these policies had been created in line with best practice examples from other authorities.

·       Assistant Director Finance and Customer Services explained that the use of AI tools by the Council were currently limited to basic processes such as to assist with presentations and document summaries. It was reiterated that the Council exercised caution with the phasing in of use of AI and the AI Acceptable Use policy was designed to provide guidelines for use of this technology across the Council.

·       The  ...  view the full minutes text for item 29.

The Council’s Risk Champion addressed the Committee and explained that there would be no update at this meeting, but a comprehensive update would be provided to the next meeting in January 2026.

It was requested that the following items be added to the Audit, Governance and Standards Committee Work Programme:

·       Presentation on cyber security including the ramifications of a cyber-attack against the Council and recovery processes in place in the event of a cyber-attack – item to be presented at the 20^th January 2026 meeting.

·       Cyber security report, summarising Council’s risk status and data in this area - standing item at meetings of Audit, Governance and Standards Committee.

RESOLVED that

The Audit, Governance and Standards Committee Work Programme be updated as per the pre-amble above.