Agenda item

To provide an update on the delivery of the internal audit work plan for 2020/21. The report also updates the committee on counter fraud and information governance work undertaken so far in 2020/21. Due to Covid-19, work on the annual audit plan was delayed so this report updates members on the plans for completion of work over the remainder of 2020/21.

The Audit Manager, Veritau presented the report which provided an update on progress made in delivering the internal audit work plan for 2020-21, along with an update on the counter fraud and information governance work undertaken to date in 2020-21.   

The Audit Manager, Veritau explained that due to Covid-19 work on the annual audit plan had been delayed, however planning had commenced on eleven audits for 2020-21, with fieldwork expected to commence shortly.  It was further explained that there were nine 2019-20 audits where fieldwork had been completed and where action was required, this would be agreed with managers as part of the 2020-21 work. 

In relation to the counter fraud aspect of the report, the Assistant Director Counter Fraud, Veritau informed Members that normal areas of work for the Counter Fraud team had been hindered by Covid-19 but new work had emerged relating to Covid-19 grants. It was highlighted that four investigations of suspected fraudulent Covid-19 grant applications had been completed to date and £30k of payments had been prevented.  It was further confirmed that post assurance checks had been undertaken on successful grant applications; of the seventy two successful applications reviewed seventy one applications were verified as being correctly awarded, and one had been flagged for further checks.

The Assistant Director Information Governance, Veritau drew the Committee’s attention to appendix C of the report which provided an update on Information Governance matters, to include the General Data Protection Regulation (GDPR) action plan along with data breaches.  Members were informed that to respond to Covid-19 a new privacy notice for council employees had been written and published; and an overall Information Sharing Agreement (ISA) had been put in place with North Yorkshire County Council for Covid-19 related sharing.

In relation to a query regarding when the Council had last been inspected for compliance regarding the Regulation of Investigatory Powers Act 2000 (RIPA), the Solicitor to the Council was unable to confirm the specific date but confirmed that the policy was being reviewed at present, and stated that she would circulate the information to the Committee.

The Committee asked a number of questions in relation to the three identified fraudulent Covid-19 grant applications, it was confirmed that one company had not been operational and two had provided false details to divert monies.  It was further confirmed that the perpetrators had been reported to the necessary authorities and were being pursued. 

In relation to the review of the Council’s privacy notices, Members queried what gaps had been identified in the review, and why a new privacy notice had been written for Council employees in response to Covid-19.  The Assistant Director Information Governance, Veritau informed Members that the gaps had been identified in service area’s where specific privacy notices were required, and that the new employee privacy notice informed employees  about what the Council did with their personal details and how they protected the data. 

RESOLVED:

To note the progress on delivery of internal audit, counter fraud and information governance work.