Agenda and minutes

Venue: Committee Room - Civic Centre, Doncaster Road, Selby, YO8 9FT

Contact: Dawn Drury  01757 292065 Email: ddrury@selby.gov.uk

Items
No. Item

28.

Apologies for Absence

Minutes:

The Democratic Services Officer informed the Committee that apologies for absence had been received from Councillor Brook. 

 

29.

Disclosures of Interest

A copy of the Register of Interest for each Selby District Councillor is available for inspection at www.selby.gov.uk.

 

Councillors should declare to the meeting any disclosable pecuniary interest in any item of business on this agenda which is not already entered in their Register of Interests.

 

Councillors should leave the meeting and take no part in the consideration, discussion or vote on any matter in which they have a disclosable pecuniary interest.

 

Councillors should also declare any other interests. Having made the declaration, provided the other interest is not a disclosable pecuniary interest, the Councillor may stay in the meeting, speak and vote on that item of business.

 

If in doubt, Councillors are advised to seek advice from the Monitoring Officer.

Minutes:

Councillor Mackman declared a personal interest in agenda item 11, Internal Audit, Counter Fraud and Information Governance Progress Report 2019-20: as he was the Chair of the Selby and District Housing Trust (SDHT).

 

30.

Minutes pdf icon PDF 170 KB

To confirm as a correct record the minutes of the Audit and Governance Committee held on 23 October 2019.

Minutes:

The Committee considered the minutes of the Audit and Governance Committee meeting held on 23 October 2019.

 

RESOLVED:

To approve the minutes of the Audit and Governance Committee meeting held on 23 October 2019.

 

31.

Chair's Address to the Audit and Governance Committee

Minutes:

The Chair was pleased to note the improved attendance at the pre-meeting briefing sessions, as he explained that the sessions were vital to develop the knowledge to assist in the important role of scrutinising the Councils control and governance frameworks.

 

Members were asked to consider their future needs and interests as officers began to plan the Audit and Governance work programme for 2020-21; and feed any comments to the Democratic Services Officer.

 

The Chair explained that this was the final meeting for the Assistant Director, Audit Assurance, Veritau as he was moving to a different Authority for a six month period, and wished him all the best in his new role; they then welcomed Ed Martin, who would be taking the lead at Selby District Council.

 

RESOLVED:

To feed any requests for items to be added to the Audit and Governance work programme for 2020-21 to the Democratic Services Officer.    

32.

Audit Action Log pdf icon PDF 18 KB

To review the Audit Action Log.

Minutes:

The Committee reviewed the Audit Action Log.  It was noted that the information requested in relation to the Local Government and Social Care Ombudsman Annual Review Letter had been circulated to the Committee, and therefore the action was noted as complete.

 

RESOLVED:

To note the Audit Action Log.

 

33.

Audit and Governance Work Programme pdf icon PDF 219 KB

To note the current Work Programme and consider any amendments.

Minutes:

The Committee considered the current Audit and Governance Work Programme.

 

RESOLVED:

To note the Work Programme.

 

34.

Information Governance Annual Report 2019 (A/19/13) pdf icon PDF 383 KB

To note the report from the Senior Solicitor, which provides an update on information governance arrangements for 2019.

 

Minutes:

The Senior Solicitor presented the report, which provided the annual update on information governance within the Council for 2019.  The Senior Solicitor highlighted the following information within the report:

 

  • With regard to the General Data Protection Regulations (GDPR) a new Information Governance Strategy and policies had been put in place; with a Corporate Information Governance Group (CIGG) consisting of internal officers and Veritau to monitor compliance.

 

·       All staff had received mandatory training on GDPR during 2018, and further training in relation to data protection took place in 2019.  

 

·       An information security check had been carried out in September 2019 at the Civic Centre by Veritau, to test the systems in place, and check that confidential, personal and sensitive information was stored securely.  The audit findings had established that improvements had been made since the previous check.

 

·        With regard to the North Yorkshire Multi Agency Information Sharing Protocol, the Council remained a signatory and had completed a data sharing agreement in relation to Safeguarding Children.  To reflect changes brought about by GDPR a variation to data sharing agreements in relation to the settlement of Syrian refugees in the District had been made.

 

·       The number of data protection breaches represented an increase in incidents compared to the previous year, however this was considered to be the result of increased awareness of the requirements around data breaches and how these should be reported.  It was noted that a number of data security incidents had been investigated since the last report to Committee in January 2019; however none of the breaches had required reporting to the Information Commissioner’s Office (ICO).

 

·       With regard to freedom of information requests the Council had a well-defined system in place to administer and respond to such requests.  The Council was currently responding to just over 88.7% of requests on time, above its target of 86%. 

 

In relation to freedom of information requests, the Committee noted that year on year the response times to requests within the required timescales had been reducing and queried what procedures were in place to mitigate this.  The Senior Solicitor confirmed that the Council had a robust system in place which logged and tracked all requests to ensure that they were responded to within the statutory time limits.  

 

RESOLVED:

                    To note the report.   

 

35.

External Audit Progress Report (A/19/14) pdf icon PDF 204 KB

To consider the External Audit Progress Report.

Additional documents:

Minutes:

The Manager, Mazars LLP presented the report which highlighted that the planning work in relation to the 2019/20 external audit was underway, and the Audit Strategy Memorandum would be presented to the Audit and Governance Committee in April 2020.

 

The Committee was informed that the 2018/19 Housing Benefits Subsidy report to the Department of Work and Pensions (DWP) had been submitted ahead of the deadline of 30 November 2019. The Manager, Mazars highlighted that following the prescribed testing, two reporting issues out of a sample of 60 had been detected in both rent rebates and rent allowances; however the issues were minor when compared with the total claim.

 

A query was raised regarding the 2017/18 Housing Benefits Subsidy return which had required amendments, and whether procedures had been put in place to ensure this did not happen again.  The Committee was assured that Mazars were working closely with officers to ensure it would not happen again.

 

In response to a query regarding the error on rent allowances, where benefit had been incorrectly paid as a result of a miscalculation on a claimants earned income, it was explained that this was a common occurrence, and could be something as simple as the rounding of a penny which had caused the discrepancy.  The Chief Finance Officer stressed that the amounts were very small in monetary value.   

 

In relation to the national publications listed within the report, and specifically the Chartered Institute of Public Finance and Accountancy (CIPFA), Financial Management Code the Committee queried if work was in progress to ensure that the Council met the first full year of compliance with the Code, in 2021-22.  The Chief Finance Officer informed the Committee that a report on the Code had been taken to the Leadership Team, and that a self-assessment document would be brought to Committee in due course.

 

The Democratic Services Officer was requested to re-circulate the links to the national publications contained within the External Audit Progress Report. 

 

RESOLVED:

i.              To note the report.

  

ii.            To ask the Democratic Service Officer to re-circulate the links to the national publications contained within the External Audit Progress Report.

 

36.

Review of the Risk Management Strategy (A/19/15) pdf icon PDF 328 KB

To receive the report from the Assistant Director (Veritau), which presents the reviewed Risk Management Strategy following consultation with the Leadership Team, and asks the Committee to note the revisions to the Risk Management Strategy.

 

Additional documents:

Minutes:

The Assistant Director, Audit Assurance, Veritau presented the report, whichset out the strategy for managing risk within Selby District Council. 

 

The Committee were informed that the Risk Management Strategy had been reviewed following consultation with the Leadership Team, and it was noted that the strategy remained largely unchanged following the review, however minor amendments had been made and an updated definition of risk management had been included at section 2, page 3; the amendments had been shown as tracked changes in Appendix 1 of the report.

 

In response to a query regarding possible incidents within the District which had not been identified as a risk at the start, the Chief Finance Officer explained that the Council had individual service risk registers and a corporate risk register which were reviewed regularly to identify the possibilities for risk.  It was further explained that the vigilance of officers and councillors was relied upon to highlight any areas of concern.

 

RESOLVED:

                      To note the revisions to the Risk Management Strategy.

37.

Corporate Risk Register 2019-20 (A/19/16) pdf icon PDF 409 KB

To receive the report from the Assistant Director (Veritau), which provides an update on movements within the Corporate Risk Register, and asks the Committee to note the current status of the Corporate Risk Register.

 

Additional documents:

Minutes:

The Committee received the report, presented by the Assistant Director, Audit Assurance, Veritau who explained that this report contained the twice-yearly update on movements within the Corporate Risk Register, which was last reported to the Committee in July 2019. 

 

The Committee was informed that there were a total of 12 risks on the Council’s Corporate Risk Register for 2019/20.  The Committee’s attention was drawn to page 53 of the agenda which contained a summary of the current risks.

 

In response to a query regarding the risks defined as high risks relating to financial resources and economic environment, the Chief Finance Officer highlighted that financial uncertainty remained pending the reform of local government funding which was why the risk was considered to be high.  It was explained that in the absence of a clear forward funding settlement from local government, the Council’s medium term financial plan to 2022-23 showed an annual savings requirement of £2.5m.  

 

RESOLVED:

                     To note the current status of the corporate risk register.

 

38.

Internal Audit, Counter Fraud and Information Governance Progress Report (A/19/17) pdf icon PDF 413 KB

To receive the report from the Assistant Director (Veritau) and Assistant Director – Corporate Fraud (Veritau), which asks the Committee to note the update on progress made in delivering the internal audit, counter fraud and information governance work for 2019/20.

 

Additional documents:

Minutes:

The Assistant Director, Audit Assurance, Veritau presented the quarterly report which depicted current progress in relation to the 2019-20 internal audit work plan, along with an update on the counter fraud and information governance work undertaken to date in 2019-20.  It was noted that currently there was eleven 2019-20 audits in progress, with three reports being finalised since the last report to the Committee

 

The Corporate Fraud Assistant Director, Veritau presented the section of the report related to the Council’s counter fraud activity 2019-20 which highlighted that savings of £9.4k had been achieved through fraud investigation.

 

The Committee was informed that in December 2019 the Council had prosecuted a former tenant for subletting a council property over the course of two years; the tenant had pleaded guilty to all charges and was fined £1,400.  The Corporate Fraud Assistant Director praised the work of the Council’s legal team and thanked them for their help with the prosecution.

 

The Assistant Director, Information Governance presented the section of the report which updated the Committee on Information Governance matters and developments in the Councils Information Governance arrangements and compliance with relevant legislation.

 

In relation to privacy notices, the Committee heard that individual privacy notices were being prepared by each service team; these would be reviewed by Veritau as they were completed and would then be published on the Council website.

 

In terms of training, the Committee were informed that a training session on Data Protection Rights and Principles had been delivered to which 21 staff members had attended; a second session was being planned for early 2020.

 

The Committee heard that 14 security incidents had been reported to Veritau in 2019-20, however none of the reported incidents had needed to be reported to the Information Commissioner’s Officer (ICO).

 

Members queried in light of the number of audits about to be commenced, was there sufficient capacity to complete the work, it was explained that the resources were there, as Veritau had a large team of auditors. 

 

The Committee raised concerns around the costs of detecting fraud, and queried if the money would be better spent in protecting against fraud, the Chief Finance Officer explained that Veritau provided both fraud detection and protection services, and that the whole counter fraud arrangements were robust.  It was further queried if the Council was spending a disproportionate amount of money on the service; the Chief Finance Officer stated that the cost was not disproportionate and that the cost of the Counter Fraud Service could be provided should the Members request it.

 

The Chair raised a query regarding membership of the Corporate Information Governance Group (CIGG), and whether any Councillors sat on the group, the Chief Finance Officer explained that it was an operational officer group who reported directly to her.

 

The Committee expressed interest in the training sessions on Data Protection Rights and Principles which had been delivered to staff members, but stated that the training would need to be in the evening or something that could be accessed  ...  view the full minutes text for item 38.

39.

Counter Fraud Framework Update (A/19/18) pdf icon PDF 362 KB

To approve the revised Counter Fraud and Corruption Strategy Action Plan; in addition the Committee are asked to comment on and note the updated Counter Fraud Risk Assessment.

 

Appendix C to the report is exempt from publication by virtue of paragraph 3 in Part 1 of Schedule 12A of the Local Government Act 1972 (as amended). If councillors wish to discuss information contained within the appendix it will be necessary to pass a resolution to exclude the press and public.

 

 

Additional documents:

Minutes:

The Chair informed the Committee that Appendix C, Fraud Risk Assessment, contained exempt information and therefore if the Committee wished to discuss this information, they would need to move into Private Session.

 

The Corporate Fraud Assistant Director, Veritau presented the report, which updated the Committee on the progress made against the actions set out in the Counter Fraud and Corruption Strategy; in addition the Council’s Counter Fraud Risk Assessment had been updated to reflect fraud risks currently facing the Council.

 

The Corporate Fraud Assistant Director, Veritau highlighted that procurement fraud remained the highest perceived area of threat nationally, and although levels of housing fraud detected had fallen, the average loss per case remained high at £32k.  It was explained that housing fraud was attractive to fraudsters as the increase in new council homes had also increased the risk from false applications, illegal subletting and fraudulent rights to buy.  The Committee was informed that to mitigate the risk, procurement and housing frauds were areas of focus for Veritau in 2020-21; along with raising awareness by working with officers to put stringent checks in place.

 

In response to a query regarding the procurement procedure in place within the Council, the Chief Finance Officer explained that the Head of Commissioning, Contracts & Procurement managed the overall procurement function, with levels of spend set to control the amounts that Directors and individual officers could authorise for payment.

 

The Committee stated they wanted to discuss the information outlined in appendix C, therefore agreed to move into private session.

 

In accordance with Section 100(A)(4) of the Local Government Act 1972, in view of the nature of the business to be transacted, the meeting be not open to the Press and public during discussion of the following item as there will be disclosure of exempt information as defined in Section 100(1) of the Act as described in paragraph 3 of Part 1 of Schedule 12(A) of the Act.

 

It was proposed, and seconded, that the Committee moved into Private Session.

 

The Counter Fraud Manager, Veritau informed the Committee that the Fraud Risk Assessment was reviewed annually, with the highest area of risk identified as creditor payments.

 

The Committee asked a number of questions in relation to the report.

 

RESOLVED:

i.          To approve the updated Counter Fraud and     Corruption Strategy Action Plan.

 

ii.         To note the updated Counter Fraud Risk Assessment.

It was proposed, and seconded, that the Committee return to Public Session.

 

40.

Review of Annual Governance Statement Action Plan 2018-19 (A/19/19) pdf icon PDF 505 KB

To note the report from the Chief Finance Officer, which presents the progress made against the Action Plan for the Annual Governance Statement (AGS) 2018-19.

 

Minutes:

The Chief Finance Officer presented the report, which updated the Committee on progress made against the Action Plan for the Annual Governance Statement for 2018-19; this was the half yearly review and the Action Plan was included at appendix A.

 

The Chief Finance Officer explained that since the last update, a review of Overview and Scrutiny arrangements had been completed.  It was further explained the training needs of all Committee members was being monitored, along with quarterly discussions and the sharing of work programmes between the Executive and the Chairs of Scrutiny.

 

In terms of Information Governance and Data Protection, as the Committee had heard in an earlier item, an action plan was now in place and significant progress had been made to address the implications of GDPR; however it was stressed that Officers and Councillors must be vigilant to the importance of data security. 

 

In relation to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS), the Committee was informed that Northgate PARIS, the Council’s current payments and income management system had been bought out by Civica; who had informed the Council that they could not commit to supporting the software.  The Committee were also informed that as a result of this, the Council had put an order in to purchase new software, Civica Pay, which removed the software risks around compliance.

 

The Chief Finance Officer explained that in terms of the “mandate fraud” which had taken place in 2018-19, resulting in a payment being made to the wrong recipient, the Counter Fraud team had investigated the incident and Internal Audit had reviewed the procedures, and put in actions to strengthen the process.  The Committee heard that the 2019-20 audit was currently in progress, and any further update would be reported in due course.  

 

RESOLVED:

                    To note the report.