Agenda and minutes

The Democratic Services Officer informed the Committee that apologies for absence had been received from Councillor Mrs M McCartney.

A copy of the Register of Interest for each Selby District Councillor is available for inspection at www.selby.gov.uk.

Councillors should declare to the meeting any disclosable pecuniary interest in any item of business on this agenda which is not already entered in their Register of Interests.

Councillors should leave the meeting and take no part in the consideration, discussion or vote on any matter in which they have a disclosable pecuniary interest.

Councillors should also declare any other interests. Having made the declaration, provided the other interest is not a disclosable pecuniary interest, the Councillor may stay in the meeting, speak and vote on that item of business.

If in doubt, Councillors are advised to seek advice from the Monitoring Officer.

There were no disclosures of interest.

To confirm as a correct record the minutes of the Audit and Governance Committee held on 27 September 2017.

The Committee considered the minutes of the Audit and Governance Committee meeting held on 27 September 2017.

RESOLVED:

To approve the minutes of the Audit and Governance Committee meeting held on 27 September 2017.

The Chair wished the Committee and officers all the best for the New Year, and informed Councillors that he was attending the upcoming General Data Protection Regulation (GDPR) seminar hosted by Mazars. The Manager, Mazars LLP noted that the seminar would also include a session on how IT could be used as an enabler to improve Councils’ service delivery.

The Chair further informed the Committee that he was attending ‘Notwestminster 2018’ in February, which was a two day event in Huddersfield that focussed on facilitating stronger local democracy. The Chair stated that he would also attend a Councillor event in February, also in Huddersfield, which explored the recent ‘Voice of the Councillor’ report. Councillors were encouraged to attend these free events if they were able to.

To review the Audit Action Log.

The Committee reviewed the Audit Action Log.

In response to questions, the Chief Finance Officer and the Audit Manager, Veritau explained that the action related to amending the format of internal audit progress reports, dated 28 September 2016, had been implemented and, subject to positive feedback from the Committee, it was expected that the action would be removed from the action log by the end of the municipal year.

Officers provided updates on the remaining actions, which were noted by the Committee.

RESOLVED:

i.              To note the Audit Action Log.

ii.            To ask the Democratic Services Officer to update the Audit Action Log accordingly.

To note the current Work Programme and consider any amendments.

The Committee considered the current Audit and Governance Work Programme.

The Chair asked the Committee to consider issues that they wanted to be included in the 2018/19 Work Programme, which would be included in the agenda for the next meeting in April.

The Chief Finance Officer reminded the Committee that there would be four meetings of the Committee in 2018/19, rather than the five held in 2017/18, and that the accounts would be considered in July as per the revised timescales.

RESOLVED:

                        To note the Work Programme.

To consider the report from the Solicitor to the Council, which provides an update on information governance issues matters during 2017.

The Solicitor to the Council presented the report, which provided the annual update on information governance within the Council for 2017. The Committee was informed that the recommendation to provide an annual report on information governance came from the 2014 internal audit.

It was explained that an information security check would be carried out at the Civic Centre by Veritau in the near future, to check that information was stored appropriately, particularly when staff had left the office. The Committee noted that information governance was of even higher importance due to partners such as the Police moving into the Civic Centre.

The Solicitor to the Council highlighted that there had been a reported increase in data protection breaches, but stated that this was largely attributed to increased staff awareness of what constituted a data breach and the correct procedure that needed to be followed in the event of a breach. The Committee was informed that breaches did not attract a ‘blame culture’, but that they allowed the Council to learn, so that more robust procedures could be developed.

The Solicitor to the Council further informed the Committee that since the publication of the agenda, there had been a data protection breach which involved the disclosure of complainants’ identities. The Committee was reassured that a full investigation would take place, and further information would be available once officers knew more. In response to questions, the Solicitor to the Council confirmed that the incident would be reported to the Information Commissioner if required, but that from May 2018, it was compulsory that incidences such as these were reported under the new GDPR.

The Committee confirmed that it was satisfied with the contents of the report, but requested that the subsequent report for 2018 contained the information within a table rather than paragraphs.

In response to further questions, the Solicitor to the Council explained that a USB stick could not be used to gather information from the Council, as all USB ports on Council devices were locked and could only be accessed if an encrypted Council USB stick was used. The Solicitor to the Council also pointed out that as all Council USB sticks were encrypted, they could not be accessed by members of the public if found.

RESOLVED:

i.              To note the report.

ii.            To ask the Solicitor to the Council to present the information in a table in the 2018 annual information governance report.

To consider the External Audit Progress Report.

The Manager, Mazars LLP presented the report, which highlighted that the main work undertaken since the last Committee meeting was on the Housing Benefits Subsidy Claim, which was completed by the statutory deadline. The Committee was informed that the Housing Benefits Subsidy Claim was certified with a qualification letter with minor amendments, and that the value of the claim was £15.6 million, which denoted the value of the benefits that the Council managed on behalf of the Department of Work and Pensions.

The Committee was informed that the Housing Benefits Subsidy Claim underwent detailed testing, which detected two errors out of the 65 incidences that were tested. The Manager, Mazars LLP highlighted that the errors detected were not significant, and that the impact on the claim would have been £2,000 if the error was extrapolated to 100% of the population.

The Manager, Mazars LLP praised officers’ assistance with the Housing Benefits Subsidy Claim, stating that officer cooperation increased efficiency in delivering the work.

The Manager, Mazars LLP also highlighted that the planning work for the 2017/18 external audit work was underway, and the Audit Strategy Memorandum would be presented to the Audit Committee in April 2018.

The Committee was informed that Mazars was confirmed as the Council’s external auditor for 2018/19, and that Public Sector Audit Appointments (PSAA) was now consulting on the audit fees for 2018/19, and that there was a proposed reduction in fees of 23%, which would deliver more value for the Council.

The Committee was also informed that in a recent report by PSAA, Selby District Council was named as one of only 83 principal bodies that had successfully delivered the accounts to the revised timescales, out of a total of 497.

RESOLVED:

                        To note the report.

To receive the report from the Audit Manager (Veritau), which presents the reviewed Risk Management Strategy following approval by the Extended Leadership Team, and asks the Committee to endorse the actions of officers in furthering the progress of risk management.

The Audit Manager, Veritau presented the report, which included the Council’s reviewed Risk Management Strategy, amendments to which were highlighted in yellow in appendix one. The Committee was informed that the main amendments had been made under item 13 ‘Monitoring of Risk Trends’.

The Committee queried the ‘Legislative’ risk in the table on page 61 of the agenda, in relation to Brexit and the potential for EU law to be repealed. The Audit Manager, Veritau explained that there was an element of risk going forward, but that it was a difficult risk to consider at present due to the level of uncertainty surrounding Brexit; however the Committee was assured that developments would be monitored.

In response to questions about ‘Risk Culture’, the Chief Finance Officer explained that the Council needed to be open in its approach to risk, and avoid a ‘blame culture’. The Committee was informed that risk was managed daily, and officers were aware that a certain level of risk was involved when making decisions, but that clear plans were in place to mitigate risk.

RESOLVED:

To endorse the actions of officers in furthering the progress of risk management.

To receive the report from the Audit Manager (Veritau), which provides an update on movements within the Corporate Risk Register, and asks the Committee to note the current status of the Corporate Risk Register and the changes since the last update.

The Chief Finance Officer presented the report, which contained information on the Council’s current risks. The Chief Finance Officer informed the Committee that a workshop had been arranged for February 2018 with the Extended Leadership Team to refresh and update the Corporate Risk Register, which was attached to the report at appendix one.

The Committee asked officers what contingencies were in place if its largest contractor, Amey went into liquidation, as seen recently with the firm Carillion. The Chief Finance Officer stated that the Council had Performance Bond arrangements, which meant that there was cash available to the Council to retender or provide services in-house should Amey enter into difficulty; however it was highlighted that this was not expected to occur.

The Committee was satisfied that at least three of the risks on the Register showed a downward trend.

RESOLVED:

                        To note the current status of the Corporate Risk Register.

To receive the report from the Audit Manager (Veritau) and Counter Fraud Manager (Veritau), which asks the Committee to note the update on progress made in delivering the internal audit and counter fraud work for 2017/18.

The Audit Manager, Veritau presented the quarterly report to the Committee which depicted current progress in relation to the 2017/18 Internal Audit Plan for the Committee to note.

The Counter Fraud Manager, Veritau presented the section of the report related to the Council’s counter fraud activity 2017/18, which highlighted that 32 investigations had been completed to date, and £11,000 worth of fraud had been detected in relation to Council Tax Support. The Committee was also informed that officers had recovered a property which was being fraudulently sub-let.

The Counter Fraud manager, Veritau informed the Committee about the work being done to raise fraud awareness among Council officers. The Committee was assured that good progress was being made regarding the promotion of reporting fraud among officers, and noted that in terms of costs and savings, the Counter Fraud Team was performing remarkably well.

In relation to questions about Blue Badge Parking Fraud, the Counter Fraud Manager, Veritau stated that the Council outsourced all parking inspections to Harrogate Borough Council, and that Veritau was currently trying to build a relationship with Harrogate Borough Council so that suspected Parking Fraud was immediately reported to Veritau. The Counter Fraud Manager, Veritau explained that Veritau could give on the spot confirmation of whether suspected fraud was actual fraud, which would enable Parking Inspectors to issue a parking ticket immediately.

The Committee was also informed that there were relatively low incidences of Blue Badge Parking Fraud, but that Veritau was ready to deal with it if it did occur, as demonstrated by a member of the public being recently cautioned over the misuse of their parents’ Blue Badge.

The Committee requested that the Counter Fraud Manager, Veritau gather information from Harrogate Borough Council on the number of tickets issued to Blue Badge holders in the Selby District.

RESOLVED:

i.              To note the report.

ii.            To ask the Counter Fraud Manager, Veritau to gather information on the number of tickets issued to Blue Badge holders in the Selby District.

To review the report from the Chief Finance Officer, which presents progress on the Annual Governance Statement (AGS) 2016/17 Action Plan 2016/17, which was approved in July 2017.

The Chief Finance Officer presented the report, which updated the Committee on progress made against the Action Plan for the Annual Governance Statement for 2016/17.

The Committee was informed that the Annual governance Statement highlighted any particular control issues within the Council, and the Action Plan was included at appendix A for review.

The Chief Finance Officer explained that a number of actions had been completed, which was positive news, and that there was still work to do in relation to the Payment Card Industry Data Security Standard. The Committee was informed that progress would continue to be made on the Action Plan through to the end of the year, after which the Committee would consider the Annual Governance Statement again.

The Committee stated that it was satisfied with the progress made.

RESOLVED:

                        To note the report.

It was proposed, and seconded, that the Committee sit in Private Session doe to the nature of the business to be transacted.

RESOLVED:

That, in accordance with Section 100(A)(4) of the Local Government Act 1972, in view of the nature of the business to be transacted the meeting be not open to the Press and public during discussion of the following item as there will be disclosure of exempt information as described in Section 100(1) of the Act as described paragraph 3 of Part 1 of Schedule 12(A) of the Act.

To receive the report from the Counter Fraud Manager (Veritau), which provides an update in relation to the Council’s counter fraud arrangements, and asks the Committee to approve the updated Counter Fraud and Corruption Strategy Action Plan. The Committee is also asked to comment on and note the updated Counter Fraud Risk Assessment.

Appendix C to the report is exempt from publication by virtue of paragraph 3 in Part 1 of Schedule 12A of the Local Government Act 1972 (as amended). If Councillors wish to discuss information contained within Appendix C it will be necessary to pass the following resolution to exclude the Press and public and to then readmit the press and public following consideration of this item:

In accordance with Section 100(A)(4) of the Local Government Act 1972, in view of the nature of the business to be transacted, the meeting be not open to the Press and public during discussion of the following item as there will be disclosure of exempt information as defined in Section 100(1) of the Act as described in paragraph 3 of Part 1 of Schedule 12(A) of the Act.

The Counter Fraud Manager, Veritau presented the report, which updated the Committee on the Council’s new Counter Fraud Policy and Corruption Strategy, which the Committee reviewed annually to ensure that it was fit for purpose.

The Committee was informed that awareness needed to be raised in relation to Cyber Fraud and the risks associated with electronic working, as this posed a significant fraud risk.

The Counter Fraud Manager, Veritau also highlighted that Veritau was looking into Procurement Fraud and how to detect it and therefore mitigate risk, as Procurement Fraud was outlined as one of the largest areas of fraud nationally, yet it remained difficult to detect.

RESOLVED:

i.              To approve the updated Counter Fraud and Corruption Strategy Action Plan.

ii.            To note the updated Counter Fraud Risk Assessment.

There was no other business.