Agenda item

To receive the report from the Audit Manager (Veritau), the Counter Fraud Manager (Veritau), and the Information Governance Manager (Veritau), which asks the Committee to note the update on progress made in delivering the internal audit, counter fraud and information governance work for 2021-22.

The Audit Manager, Veritau presented the quarterly report which provided the Committee with an update on the delivery of the internal audit work plan for 2021-22, along with an update on the counter fraud and information governance work undertaken to date in 2021-22.  It was noted that due to Covid-19, there had been a higher level of outstanding audit work to be completed for the year 2020-21 than would normally be expected, however much of this work had taken place since the last report to Members in July 2021.

Member’s attention was drawn to page 60 of the agenda pack which detailed the new approach of flexible audit plans that had been implemented for the current priorities in the internal audit work, which ensured the audit service was responsive to potential emerging risks.   

A number of questions were asked regarding the impact of Covid-19, and the Local Government Review (LGR) on the internal audit work.  Members were assured that when the pandemic first started normal work was suspended, however over the course of the year the audit work had been brought back on schedule with the current work plan. 

In terms of LGR it was confirmed that the auditors core responsibility was to Selby District Council, and as such the auditors would continue to follow the audit work plan to offer reassurance and identify mitigating actions where and when required.  The Audit Manager further confirmed that Veritau had not contributed to the LGR consultation and there was no conflict of interest as part of the audit services that Veritau provided for other local authorities.

The Counter Fraud Manager, Veritau presented the section of the report related to the Council’s counter fraud activity 2021-22, which highlighted that actual savings of £2.5k had been achieved through fraud investigation; in addition, 8k of Covid-19 grant fraud had been prevented to date.

The Committee heard that a range of work to include activity to promote the awareness of fraud to Council officers and members of the public, data matching as part of the National Fraud Initiative 2020-21 and requests for information from external agencies was ongoing.

Members were informed that there had been a drop in the number of suspected fraud referrals to date in 2021-22, compared to 2020-21, this was attributed to Covid-19 and less social interaction between members of the public, which may have resulted in less suspicions being raised.

The Committee queried once investigations had taken place and fraud had been proven, were the culprits prosecuted.  It was confirmed that Veritau would recommend pursuing the matter through the court system, however there had been no cases considered for court, to date, this year. 

Members were informed that other sanctions such as warnings and cautions could also be considered; it was noted that one investigation had resulted in a warning being issued in relation to a Single Person Discount award.

The Information Governance Manager, Veritau drew the Committee’s attention to annex 3 of the report which provided an update on Information Governance matters, to include the General Data Protection Regulation (GDPR) action plan along with the Information Asset Register, Privacy Notices, Data Protection Impact Assessments, and project specific advice.

Members heard that the Information Commissioners Office (ICO) had published additional guidance in relation to privacy notices, therefore the Councils privacy notices had been reviewed and updated.  The GDPR action plan had been updated, and the Information Policies had been approved by the Leadership Team and published onto the Council website.

In terms of Information Security incidents involving personal data, Members were informed that two such incidents had been reported to the ICO but neither had resulted in further actions for the Council.

The Committee were informed that in relation to Data Protection Impact Assessments (DPIA), Veritau was supporting the Council in completing a number of DPIAs as well as providing advice on whether a DPIA was required for other projects, to include CCTV for Selby town centre.

In response to a query regarding the main reception in the Civic Centre and a perceived issue around data protection which had the potential to arise, as that area was shared by both Police and Council personnel.  It was confirmed that the Solicitor and Data Protection Officers for both organisations had been consulted and the decision was to ensure that the correct signage and privacy notices were in place at reception.  It was further confirmed that appropriate action had been taken to mitigate any risk to the Council. 

RESOLVED:

To note progress on the delivery of internal audit, counter fraud and information governance work.