Agenda, decisions and minutes

The agenda and reports associated with this minute can be found here.

Please note that if any changes are made to this minute at the point of approval, these will be outlined in the subsequent minute and this document will not be retrospectively altered.

There were no declarations of interest or transparency statements.

The Committee had before it the minute of their previous meeting of 27 June 2023.

The Committee resolved:-

to approve the minute as a correct record.

The Committee had before it the minute of the special meeting of 15 August 2023.

The Committee resolved:-

to approve the minute as a correct record.

The Committee had before it the Committee Business Planner as prepared by the Interim Chief Officer – Governance (Assurance).

The Director for Resources advised that the internal audit in relation to Asset Management had not been completed this cycle due additional work relating to the RAAC incident and that it would be complete in time for the next meeting.

The Committee resolved:-

(i)       to note the information provided in relation to the Asset Management Audit and that this would be submitted to the Committee at it’s meeting in November 2023; and

(ii)      to otherwise note the content of the Committee Business Planner.

The Committee had before it a report by the Director of Commissioning which presented the annual report in relation to the Council’s Information Governance Performance, which included information about the changes implemented through the Council’s information assurance improvement plan.

The report recommended:-

that the Committee note the information provided about the Council’s information governance performance at sections 3.1 to 3.5 and in the Information Governance Report at Appendix 1.

In response to a question relating the origin of the high number of external cyber incident attempts and how the Council were dealing with them, the Director of Customer Services advised that the majority of the attempts were phishing via email and that the Council had various tools and security protocols to tackle the situation.

In response to a question relating to training for staff to help them identify rogue emails, the Director of Customer Services advised that training was provided to staff with reminders available on the intranet.

In response to a question relating to whether there was a reason for the increase in Freedom of Information (FOI) requests and where the source of the requests had come from, the Chief Officer – Data Insights advised that there was an increasing trend for FOI requests and that he was trying to put in place mitigations so that requests could be responded to without using the legislation due to the information being available. 

The Committee resolved:-

(i)       to note that the Chief Officer - Data Insights would circulate by email a response in relation to the origin of the Freedom of Information (FOI) requests;

(ii)      to note that the Chief Officer – Data Insights would provide an update in relation to the number of FOI requests that were received that could have been dealt with outwith FOI legislation; and

(iii)      to otherwise approve the recommendation contained in the report.

The Committee had before it a report by the Director of Commissioning which was provided to ensure that Elected Members reviewed the Council’s use of investigatory powers on a quarterly basis and had oversight that those powers were being used consistently in accordance with the Use of Investigatory Powers Policy.

The report recommended:-

That the Committee -

(a)      note the information provided in relation to the positive inspection from the Investigatory Powers Commissioner;

(b)      note the covert surveillance activity; and

(c)      note the update on Communications Data.

The Team Leader – Regulatory and Compliance advised that since the report had been submitted, the Council had received a Notice of Inspection from the Investigatory Powers Commissioner which concluded that the Council were operating appropriately within its powers.

The Committee resolved:-

to approve the recommendations contained in the report.

With reference to article 7 of the minute of it’s previous meeting, the Committee had before it a report by the Chief Internal Auditor which provided an update on the progress against the approved Internal Audit plans, audit recommendations follow up and other relevant matters for the Committee to be aware of. 

The report recommended:-

That the Committee -

(a)      note the progress of the Internal Audit Plan; and

(b)      note the progress that management had made with implementing recommendations agreed in Internal Audit reports.

In response to a question relating to the cyber essentials accreditation and whether this would be achieved, the Director of Customer Services advised that the team were aiming for October to have the evidence submitted.  The Chief Internal Auditor advised that the Chief Officer – Digital and Technology was very proactive in this area.

The Committee resolved:-

to approve the recommendations contained in the report.

The Committee had before it a report by the Chief Internal Auditor which presented an audit on Adults with Incapacity which was undertaken to ensure that there was evidence-based controls in place regarding funds managed on behalf of clients.

The report recommended:-

that the Committee review, discuss an comment on the issues raised within this report and the attached appendix.

In response to a question relating to content of the management response and whether the Chief Internal Auditor was reassured that there was no financial loss to service users, the Chief Internal Auditor advised that he was reassured and that there had been no incidents identified during the audit.

In response to a question relating to whether a further audit would be more appropriate due to the severity of the findings than including in the annual audit report, the Chief Internal Auditor advised that a further audit would not usually be undertaken.  He stated that as part of the follow up process with management, evidence would be requested to provide assurance that the recommendations had been implemented.

In response to a statement relating to the protocols in place for identifying service users with incapacity not being followed, the Chief Internal Auditor advised that management would implement changes to ensure that the processes are followed.  The Chief Officer – Adults Social Work advised that guidance had been requested from the Department of Work and Pension (DWP) to clarify who could make the decision on where a service user had capacity.

In response to a question relating to whether the actions would be complete within the timescales, the Chief Officer – Adult Social Work advised that the actions were already being progressed with guidance being updated. 

In response to a question relating to the short life working group and what the remit would cover, the Chief Officer – Adults Social Work advised that the working group would be focusing on the governance to ensure the processes were working and would have oversight on the sub groups established to work on each of the recommendations from the report.

In response to a question relating to whether the controls were to safeguard staff and service users, the Chief Officer – Adults Social Work advised that it was a balance of control and giving choice to the service user whilst ensuring the funds were controlled properly.

The Committee resolved:-

(i)       in response to a question relating to how the Committee would get assurance that the service was on track between now and June 2024, to note that the Chief Internal Auditor would seek a progress update from Officers and report these in the progress report presented at each meeting; and

(ii)      to otherwise endorse the recommendations for improvement as contained in the internal audit report.

-        COUNCILLOR M. TAUQEER MALIK, Convener