Venue: Committee Rooms 1-2, City Hall. View directions
Contact: Claire Turner (01522) 873619 Email: email@example.com
RESOLVED that the minutes of the meeting held on 21 March 2023 be confirmed and signed by the Chair.
Declarations of Interest
Please note that, in accordance with the Members' Code of Conduct, when declaring interests members must disclose the existence and nature of the interest, and whether it is a disclosable pecuniary interest (DPI) or personal and/or pecuniary.
No declarations of interest were received.
Amanda Stanislawski, Audit Manager:
a. presented the Annual Internal Audit Report to the Audit Committee for comments.
b. explained that the purpose of the Annual Internal Audit Report as outlined at Appendix A was to provide a summary of Internal Audit work undertaken during 2022/23, timed to support the Annual Governance Statement by providing an opinion on the organisation’s governance, risk management and internal control environment
c. highlighted that:
· The three areas, Governance, Risk, Internal Control and Financial Control were working well having no concerns that significantly affected the governance framework and successful delivery of the Council priorities.
· Internal control was assessed as performing adequately – some improvements were identified over the Council’s Governance, Risk and Control Framework. This was due to a number of factors which included there being two Limited Assurance reports this year and an increase in the number of high recommendations. There was however, a significant reduction in the number of outstanding actions from prior years.
d. explained that there had been no restrictions on the scope of the work to be undertaken; the reduction in time due to the Auditor and Principal Auditor leaving had been covered through the employment of consultants and removal of items from the plan.
e. advised that the performance of the Internal Audit Service remained good with 91% of the revised plan being completed and a high level of customer satisfaction. Performance had been impacted due to capacity in some areas including audit span and the ability to chase management responses.
gave an update on the current staffing level within
Internal Audit and explained that the post of Principal Auditor and
Auditor were currently being advertised for recruitment.
g. invited members questions and comments.
Comment: Expressed concerns about the
difficulties in recruiting and retaining staff.
Questions: Commented that only 14 out
of 59 recommendations had been implemented following an audit,
leaving a substantial amount of recommendations outstanding, and
asked for more details.
Question: Asked if an exit interview
took place when a member of staff left the Authority and further
asked if the statistics regarding the reasons why staff were
leaving could be shared with Audit Committee.
Amanda Stanislawski, Audit Manager:
a. presented a report to update Audit Committee on the performance against the 2022/23 Counter Fraud Work Plan and the outcomes of pro-active fraud work and investigations
b. summarised the number of fraud cases during 2022/23 compared to the previous year and advised that overall, there had been a general reduction in cases with the exception of NFI where the 2022 exercise had resulted in a significant increase from 322 to 622 for Housing Benefit and Council Tax Reduction (HB/CTR). The 2020 NFI exercise had resulted in 27 errors being identified with HB/CTR saving £39, 351, with an additional £39,076 currently being recovered. There had not been a review of Single Person Discounts undertaken this year.
c. gave an overview of the progress that had been made against completing the actions within the Counter Fraud Action Plan as detailed at paragraph 2.2 of the report
d. further updated members on the following areas of work that had been undertaken as detailed within the report:
· Whistleblowing Referrals in Relation to Housing Benefit, Housing Tenancy and Single Person Discount
· Cyber Crime
· Housing Tenancy
· Counter Fraud Risk Register
e. invited members questions and comments.
Question: Asked how the Council identified fraud in relation to single person discount.
Response: There were a range of methods. A contract with Lincolnshire County Council and the other Districts was being procured to undertake rolling single person discount reviews, this would look at information from credit agencies, mail shots and they would also undertake data matching exercises.
Question: Referred to payroll and resources and asked if the fraudulent attempt to change a member of staffs bank details was related to a previous cyber-attack in relation to phishing emails.
Response: The previous cyber-attack was unsuccessful. They did not harvest passwords and the individual affected immediately changed their password. The only information harvested were corporate email addresses which were already easily available. The individual affected was advised to check that all of their personal data was in order.
Question: Further asked if the attempt to change bank details was made from a corporate email address?
Response: It was requested from a home email address.
Comment: Referred to photographic ID in relation to elections and commented that it could potentially be a deterrent for voting and that electors needed to be made aware of future changes to postal votes.
Question: Referred to the fraud risk register and asked if the purchase order system was audited.
Response: Yes, the purchase order system was audited.
Question: Commented that invoicing and matching purchase orders had a low target and a low achievement rate and expressed concern that 39% of invoices did not have the authority to make a purchase.
Response: It was best practice to provide a purchase order when placing an order, however, if a purchase order was not provided it did not mean that the purchase was not authorised. A system of delegation was in place according to the financial procedure rules and purchases could be made and ... view the full minutes text for item 4.
Michelle Hoyles, Business Manager Corporate Policy and Transformation:
· Recruitment issues and limited capacity within frontline Council services, and equivalent issues within internal professional support services that provide the advice and oversight necessary to ensure effective governance of significant and complex projects; and
· Ongoing need to ensure financial, legal and procurement advice was sought for projects in a timely manner
e. further explained that both issues were assigned the RAG rating ‘amber’. It was therefore proposed that whilst neither met the ‘significant governance issue’ threshold, both nonetheless required ongoing monitoring.
Members referred to the proposed activity for the coming year and asked if work had commenced on Vision 2030.
Michelle Hoyles, Business Manager Corporate Policy and Transformation advised that this action related to the Lincoln Performance Management Framework which would underpin Vision 2030. Work on Vision 2030 had not started yet.
RESOLVED that the contents of the Annual Governance Statement 2022/23 be noted and incorporated into the Council’s draft Statement of Accounts.
Amanda Stanislawski, Audit Manager
a. presented a report to inform members of the Audit Committee on the work programme for 2023/24 as detailed at Appendix B of the report
b. referred to paragraph 3 of the report which highlighted the changes to the work programme
c. advised that the Audit Committee Terms of Reference was attached at Appendix A of the report for information
d. invited members’ questions and comments:
RESOLVED that the contents of the Audit Committee work programme 2023/24 be noted.
Sally Brooks, Data Protection Officer:
a. presented a report to update Audit Committee on progress made with Information Management monitoring the Council’s compliance with data protection legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA)
b. highlighted that update reports were submitted to Audit Committee on a bi-annual basis. The last report was provided in November 2022.
c. provided details of the following key areas:
· Data Protection Training (Risk 1)
· Data Protection Reform ( Risk 3- Policies and Procedures)
· Retention and Disposal of Personal Data/ Records ( Risk 5)
· Data Subject’s Rights (Risk 8)
· Annual Governance Statement (AGS)
d. invited members’ questions and comments;
Members referred to the disposal of personal data/records and asked how a data cleanse would be carried out.
Sally Brooks, Data Protection Officer explained that the data cleanse would take place via an automated system which would be set to remove data based on the legal retention requirements. This would ensure that no data was kept longer than necessary which was key for business efficiency.
RESOLVED that the content of the report be noted.
You are asked to resolve that the press and public be excluded from the meeting during the consideration of the following item(s) because it is likely that if members of the press or public were present, there would be disclosure of ‘exempt information’
RESOLVED that the press and public be excluded from the meeting during consideration of the following item(s) of business because it is likely that if members of the public were present there would be a disclosure to them of ‘exempt information’ as defined by Section 100I and Schedule 12A to the Local Government Act 1972.
Information Governance Update - Appendix A
Minute number 7 included details of the discussion associated with this item.
(Only Appendix A Information Governance Risk Register was contained here as exempt information.)