Agenda and minutes

RESOLVED that the minutes of the meeting held on 27 August 2020 be confirmed.

No declarations of interest were received.

Sally Brooks, Data Protection Officer:

a)    presented a report to update Audit Committee on progress made with Information Management monitoring the councils compliance with data protection legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA)

b)    highlighted that update reports were submitted to Audit Committee on a bi-annual basis, given the implementation of GDPR in May 2018 and compliance now becoming business as usual for the council

c)    reported that due to the coronavirus pandemic a report had not been provided since September 2019, and in March the Information Commissioner’s Office (ICO) confirmed that delays on data protection requests were understandable during the pandemic when resources were focused elsewhere on the response and that they would take this into account in any enforcement action

d)    advised that Information Management resources had been utilised in the governance arrangements surrounding the increased sharing of data required in the response to the pandemic, whilst continuing to ensure data protection compliance

e)    explained that the Audit team completed a report on Information Management and the GDPR in June 19 and gave the council ‘substantial assurance’ for its Information management and Information governance arrangements

f)     outlined a number of recommendations made for improvements by the Audit team as detailed at paragraph 3.3 of the report which had now been completed with further work planned

g)    reported on continuous resources required to ensure compliance with data protection laws was business as usual for the council as detailed at paragraph 3.4 of the report

h)    highlighted that In 2019 there was a significant 172% increase in data protection requests likely due to an increase in public awareness of individual’s data rights following implementation of the GDPR

i)     reported on work completed in relation to contracts as detailed at paragraph 4 of the report

j)     further reported on data protection training underway by the council at paragraph 5 of the officers report which was a legal requirement under the GDPR and the ICO

k)    updated members of Audit Committee in relation to progress made with Information Management in the following areas:

·         Policies

·         Implementation of 365

·         Increased Home Working

·         Brexit

l)     reported that the Annual Governance Statement (AGS) status for Information Governance had been downgraded from Red to Amber due to progress made in the implementation of the GDPR and had since been removed from the AGS although remained a ‘watching item’ to be monitored by High Performing Services Group

m)  requested that the report and outcome of the audit be noted by members

n)    invited members’ questions and comments.

Question: when members of staff left the authority, was their account deleted?

Response: Yes, a process for deletion was in place.

Question: In relation to the 365 implementation, could teams be FOI’d?

Response: All information on Microsoft Teams had the potential for FOI and DPA requests.

Question: How were the phone lines monitored with people working from home?

Response: All staff had received instructions on transferring phones to mobiles which were monitored  ...  view the full minutes text for item 63.

Joanne Crookes, Customer Services Manager:

a.    presented the annual complaints report which included reference to the Annual Review of Local Authority Complaints issued by the Local Government and Social Care Ombudsman (LGSCO), and details of the decisions of the Housing Ombudsman

b.    reported also on the overall number of complaints received by the Council including response times and percentage of complaints upheld on a directorate basis for the full year 2019-2020

c.    highlighted the background to the council’s complaints procedure at paragraph 2 of the report

d.    advised that there was no published time target for the handling of complaints, however, resolution times were recorded and reported to Departmental Management Teams (DMT’s) and staff were encouraged to seek solutions at the first point of contact or otherwise resolve the issue at the earliest opportunity

e.    reported that the ongoing trend over the past four years was for a reduction in the number of complaints received however it had increased this year due to there being an increase in repairs/tenancies this year

f.     stated that there had been a slight decrease in the amount of time taken for officers to respond to complaints at 7.4 days over all four directorates

g.    detailed further the breakdown of directorate complaints at paragraph 4 of the report

h.    highlighted that of the 338 complaints responded to in 2019-2020, 40% (134) were upheld, this was a small increase on the percentage upheld in the previous year which was 34%

i.     explained that tenancy related complaints i.e. those which were classed as a landlord function, were now referred to the Housing Ombudsman (HOS) rather than being dealt with by the LGSCO

10. highlighted the trend in complaints as detailed at paragraph 8 of the report

11. highlighted the number of compliments received from members of the public acknowledging professionalism of staff across all service areas

12. invited members' questions and comments.

Members questioned whether there had been a theme in the type of complaints received through Housing?

Response: Officers had spoken to Daryl Wright and he confirmed that there was no particular theme in the complaints that were received.

Members of Audit Committee discussed the content of the report in further detail.

Members suggested this particular area could be looked at by Housing Scrutiny Sub-Committee. Officers agreed that it would be useful to refer it.

RESOLVED that:

1.    Trends in complaints be reviewed by the Housing Scrutiny Sub Committee.

2.    The content of the 2019-2020 complaints report be noted.

John Scott, Audit Manager:

a)    presented the audit plan which internal audit worked to which was agreed by Audit Committee and senior management

b)    explained that the development of the plan used a combination of the following:

-       The Council’s Combined Assurance Model, an assessment of risk – based on the significance and sensitivity of key activities

-       Consultation with Senior Management

-       Issues raised by the Audit Committee

c)    highlighted that using the Combined Assurance Model helped streamline and avoid duplication of effort where assurances could be drawn from other sources

d)    referred to the Draft Audit Plan for 2020/21 outlined at Appendix A of the report

e)    stated that due to the impacts of Covid-19 the audit plan took account of resources available for the remainder of 2020/21 which commenced on 1^st September 2020 and that between April and August 2020, audit resources were re-prioritised to respond to the Covid-19 pandemic

f)     detailed the audits that were postponed outlined at paragraph 4.3 of the report

g)    invited members comments and questions.

Question: In relation to the £9,000 being saved from a vacancy in Audit, would this cut affect the Audit team going forward?

Response: In 2021 when the next audit plan would be presented, it was proposed that it be reduced by 50 days.

Question: Had there been any impacts working alongside Boston Borough Council?

Response: The contact with Boston and Assurance Lincs was still in place and would be reviewed over the next year. If anything was to change it was hoped it wouldn’t have a major impact on the service.

Question: With regards to Bereavement being highlighted as a risk, was it a risk that would increase?

Response: It was definitely an area of concern. It was a 2 stage process, involving a detailed risk assessment to set out where the risks were and the assurances in place. The second stage was to review it and look forward.

RESOLVED that the draft plan be noted.

John Scott, Audit Manager:

a.    presented the Internal Audit Progress Report to Audit Committee, incorporating the overall position reached so far and summaries of the outcome of audits completed during the period June to September 2020, as detailed at Appendix A

b.    highlighted that Audit Committee held the responsibility for receiving a regular progress report from Internal Audit on the delivery of the Internal Audit Plan as a key requirement of public sector internal audit standards

c.    detailed the content of the report covering the following main areas:

·         Progress Against the Plan

·         Summary of Audit Work

·         Implementation of Audit Recommendations

·         Current Areas of Interest Relevant to the Audit Committee

d.    detailed audit work completed and a final report issued in respect of:

·         Homelessness (Substantial)

·         Housing Allocations (Substantial)

e.    highlighted that in line with corporate strategy responding to the pandemic, audit resources had been redeployed to deliver key services, supporting businesses and protecting the most vulnerable

f.     explained that:

·         The 2020/21 audit plan had not yet commenced, other than some initial work on housing benefit subsidy testing.

·         The Audit team had been supporting business services and grants administration.

·         A much smaller, revised plan would be developed for 20-21 taking account of COVID risks/issues and be presented at the August/September committee.

·         Sufficient audit coverage would be undertaken to meet statutory responsibilities and provide an audit opinion for 2020-21

7. invited members questions and comments.

Officers asked if instead of Health and Safety and Safeguarding recommendations being referred to Executive, was it possible for them to be considered under the current terms where a request could be made on an ad hoc basis and it be presented to the Audit Committee?

Members confirmed that they were all in agreement with this to be presented at Audit Committee as and when requested.

RESOLVED that:

1.    Updates on Health and Safety and Safeguarding be presented to Audit Committee on an ad hoc basis rather than to Executive.

2.    The contents of the report be noted.

John Scott, Audit Manager:

a)    presented an update to Audit Committee on outstanding audit recommendations including recommendations over 12 months old.

b)    referred to Appendix A attached to his report which provided details of relevant audits, outstanding recommendations, agreed actions and the current position/explanation from the service manager

c)    invited members’ questions and comments.

Members discussed the report in further detail.

Question: Had there been a post implementation review carried out for the Boultham Park project?

Response: Officers would investigate further would find out the information and report back to a future meeting.

Question: Why had the Malware anti-virus and IT Policy been extended until December?

Response: There were a couple of areas from previous reviews that took longer than anticipated. Officers agreed to feedback the reasons why at a future committeemeeting.

Question: There had been a lot of changes to the Internal Audit Recommendations, could this be referred to Executive as an update?

Response: Officers agreed to refer this to Executive.

Members were in agreement that they would like to receive further updates on the audit recommendations as outlined in 3.3 of the report.

RESOLVED that:

1)    Feedback be provided to the committee on whether a post implementation review took place on the Boultham Park Project

2)    Officers be tasked to feedback the reasons why the Malware anti-virus and IT Policy had been extended until December

3)    An update on the changes to the Internal Audit Recommendations be referred to Executive

4)    Further updates on the audit recommendations be presented to members in future meetings.

5)    Updates on audit recommendations older than 12 months be noted.

John Scott, Audit Manager:

a)    provided a report to Audit Committee to update on Counter Fraud arrangements.

b)    Highlighted the specific ColC Specific Priorities for 2019/20 and progress:

·         Tenancy Fraud – work with Housing to complete matched

·         NFI – work with teams to complete matches

·         Fraud training (residual and new staff members)

·         Identity fraud – work with teams on best practice

·         Scam busters/friends against scams – publicise and roll out to be completed

·         Money laundering – risk assessment

·         Update Counter Fraud risk register

·         Health check – assessment against good practice

·         Fraud policy updates – anti-bribery

·         Whistleblowing/fraud reporting best practice and publicity

·         CIPFA fraud return

·         Possible data matching service for Small Business rates relief

·         Lincolnshire Resilience Forum/MHCLG Cyber Resilience Group and related exercises.

c)    invited members questions and comments.

Question: the report was difficult to navigate in places, could things be summarised in tables to make it clearer?

Response: Yes, this has been noted.

Question: Was there any evidence on people fraudulently registering their businesses for Business rates?

Response: For each business that was trying to claim business rates, it went to a panel of officers to determine whether business rates would be awarded. There were a lot of unhappy people whose cases didn’t get awarded.

Question: Does the Council have any Cyber security in place incase of any cyber-attacks?

Response: There were a number of attacks received every day but the software repels them successfully.

RESOLVED that the content of the report be noted.

John Scott, Audit Manager:

a)    presented the Council’s current whistleblowing policy and guidance

b)    explained that the current whistleblowing policy had been updated to reflect changes in the personnel and other external links and had been re-formatted to make the presentation shorter and clearer

c)    highlighted that the councils whistleblowing policy was part of a range of counter fraud policies which were reviewed every two years (or sooner if required).

d)    stated that a whistleblower is generally a term used for a person who worked in or for an organisation and raised an honest and reasonable concern about a possible fraud, crime, danger or other serious risk that could threaten colleagues, service users, customers, members of the public or the success and reputation of an organisation

e)    advised that the content of the whistleblowing policy and guidance remained largely unchanged with the exception of personnel changes, external links and presentational changes to help improve understanding.

f)     Invited members questions and comments.

RESOLVED that the policy and guidance be noted.

John Scott, Audit Manager:

a)    presented a report to inform members of Audit Committee on the work programme for 2020/21 as detailed at Appendix A

b)    advised that the frequency of meetings had been reviewed and revised to take into account impacts relating to the pandemic and was considered appropriate for 2020/21.

RESOLVED that the contents of the Audit Committee work programme 2020/21 be noted.