Audit and Governance Committee Minutes

Audit and Governance Committee Minutes

Thursday 11 April 2013
10:00 a.m.
Oberhausen Room,Town Hall, Middlesbrough

Attendance Details

Junier, (Chair), Loughborough, Taylor, McPartland (as substitute for Councillor P Khan)
P Clark, S Harker, I Hope, M Padfield and S Reynolds
Apologies for absence:
were submitted on behalf of Councillors Harvey, Hawthorne, C Hobson and P Khan
Declarations of interest:

There were no Declarations of Interest at this point in the meeting.

Item Number Item/Resolution

The minutes of the meeting of the Audit and Governance Committee held on 7 March 2013 were taken as read and approved as a correct record.


The External Auditor presented a report on Deloitte’s certification work for the year ended 31 March 2012. The report summarised the principal matters that had arisen from the Auditor’s work and highlighted the most significant matters to draw to the Committee’s attention.


This year, only four grants required certification, being the Housing and Council Tax Benefit Subsidy Claim, the National Non-Domestic Rates Return (NNDR), Teachers’ Pension Return and Tees Valley Bus Improvement Network return. The number of grants received by the Council had reduced.


Both the NNDR and Teachers’ Pension Return were certified with no matters to report. This was consistent with the previous year. Minor adjustments were noted on the Tees Valley Bus Improvement Network return but had no significant impact on the underlying claim.


The Housing and Council Tax Benefit Subsidy Claim testing revealed numerous errors of both underpayment and overpayment of benefit, across all three types of benefit. The individual errors ranged from £2 to £1200 and error rates ranged from 0.004% to 10.8%. Overall the claim was not adjusted and a qualification letter was submitted to the Department for Work and Pensions setting out the various errors found.


Given the nature of the benefits system, with a high volume of low value transactions, there would always be an element of human error. Errors noted in 2011/2012 primarily occurred in similar areas to the previous year, and were detected by the CAKE (Cumulative Audit Knowledge and Evaluation) testing.


The findings highlighted a series of human errors which appeared to indicate pressure on resources rather than a lack of knowledge or skills. The Auditor was required to report on errors of as little as 1 pence. A lot of manual intervention went into these particular claims so human error did occur.


The External Auditor highlighted that if there was a rising level of errors going forward there might come a point where the Council had to return the grant. It was a risk for the Council to keep under review and to take into account when developing its programme of IT reform. It was noted that the Council’s partner, Mouchel, were in the process of recruiting a Training Officer to provide additional support to staff.


Going forward the Auditor expected that grant levels would remain the same and was not therefore expecting an increase in work. For 2012/2013 some European funding claims had been completed outside of this process but there were no issues to report.


AGREED that the information provided be received and noted.


The Information Governance Manager gave a power-point presentation in relation to Information Governance. Information Governance was an over-arching term used to cover managing information that was held in any form including creation, handling, sharing, storing and disposal.


Information Governance was not solely about reducing the risk to the Council, it was also about transformation for the future. Benefits included shared knowledge, reduction of physical and electronic storage, enabling secure mobile and home working, reducing the risk of releasing confidential information and providing a better service to the public.


The Council, Elected Members, employees and partner organisations all had a duty to ensure that both business and personal information was dealt with legally, securely, efficiently and effectively, in order to deliver the best possible services. It was vital to get people to take ownership and responsibility to deal with information securely and legally. In some cases people became immune to the sensitivity of the data they were working with and forgot how sensitive it was.


The Information Commissioner (ICO) had the power to issue monetary penalties of up to £500,000 for breaches of information and data security. Examples of penalties issued and prosecutions completed were highlighted in the presentation. So far over £1 million in fines had been issued to Local Authorities. The ICO publicised details of breaches and prosecutions to encourage people to take data security more seriously.


The two major issues identified within the Council were that there was no mandatory training on information governance and control and nobody responsible for the risk to the Authority for information governance issues and security. The Council had now appointed a Senior Information Risk Owner and Information Governance Manager. The Senior Information Risk Owner was responsible for setting strategic direction to ensure accountability throughout the Council. The Information Governance Manager’s role was to develop corporate standards and policies and provide operation advice and guidance to staff.


To date there had been two significant incidents within Middlesbrough Council and fifty incidents overall during 2012. In response to the significant incidents, the Council completed an investigation and sent an Action Plan to the ICO. The ICO agreed not to issue mandatory penalties.


An E-Learning programme was now available for all staff and an Information Strategy was being developed. Managers were responsible for ensuring that all staff undertook the training and the target for completion was the end of June 2013. An Incident Management Plan had been established to promote the fact that staff needed to report incidents and to raise awareness. Spot checks on desks and computer screens were also taking place. An Information Working Group had been established with a remit of agreeing an ongoing programme of work to improve Information Governance in all departments.


The Information Governance Team was developing a corporate information sharing protocol. The Council now worked with more partners than ever before and commissioned services from other organisations. Agreements would be put in place to ensure that information was shared securely and personal and confidential information was not shared with third parties.


During 2012 there had been 42 data protection and subject access requests and 1064 freedom of information and environmental information requests. There had been 24 Regulation of Investigatory Powers Applications (RIPA) and 52 information security incidents. The majority of RIPA applications had been for investigation of illegal cigarette and tobacco sales.


A tile had been published on the Lotus Notes system for all staff and Members providing further information, guidance and contact numbers for Information Governance.


AGREED that the information provided be received and noted.


Powered by E-GENDA from Associated Knowledge Systems Ltd