Agenda, decisions and minutes

The agenda and reports associated with this minute can be found here.

Please note that if any changes are made to this minute at the point of approval, these will be outlined in the subsequent minute and this document will not be retrospectively altered.

The Committee had before it the minute of its meeting of 28 July 2025.

The Committee resolved:-

to approve the minute as a correct record.

The Committee had before it the Committee Business Planner prepared by the Chief Officer - Governance.

The Committee resolved:-

to note the content of the business planner.

The Committee had before it a report by the Executive Director of Corporate Services which provided the annual assurance on the Council’s Business Continuity arrangements that are required to comply with the requirements of a Category 1 responder under the Civil Contingencies Act 2004.

The report recommended:

that the Committee notes the activities undertaken in 2024 and planned in 2025 to review, exercise and improve the Council’s Business Continuity arrangements.

In response to a question relating to the link between the Business Continuity Group and frontline groups, the Assurance Manager advised that the Business Continuity Group had members from across the organisation and that Mr McKean co-ordinated their efforts to update and maintain their Business Continuity Plans.  She further advised that assurance is sought via the Risk Board and the directorate management teams.

In response to a question relating to the reasons for the increase of disruptive events over the last few years, the Assurance Manager advised that there had been an increase in weather related events which had seen an increase in the activation of Business Continuity Plans.   She advised that occasionally there were issues with IT Systems and that those plans were well tested and more routine in a day to day basis rather than a full scale activation.

In response to a question relating to the Business Continuity intranet pages, the Assurance Manager advised that these were updated on a regular basis to ensure services had the most up to date information.

In response to a question relating to how the Council managed the risks associated with storms, the Assurance Manager advised that the Council had learned over the last few years and that warnings were issued providing the potential impact and strength of the storm to enable preparations for such events.  She further advised that a preparatory Incident Management Team would be convened to monitor any storm warnings.

The Committee resolved:-

to approve the recommendation contained in the report.

The Committee had before it a report by the Executive Director of Corporate Services which presented the annual Information Governance Performance, including information about the changes implemented through the Council’s Information assurance improvement plan. 

The report recommended:

that the Committee note the information provided about the Council’s information governance performance at sections 3.1 to 3.5 and in the Information Governance Report at Appendix 1.

In response to a question relating to the drop in performance for responding to FOI’s , the Customer Services Manager advised that the response rate varied from service to service and that each year there were specific topics that generated an increase in requests.  She further advised that the increase in requests was a combination of higher profile issues and more awareness of what people can ask for.

In response to a question relating to whether Directors were holding their teams accountable for performance in this area, the Executive Director of Corporate Services advised that teams were held accountable for performance and that the service were looking at different ways to respond to make the process easier.

In response to a question relating to the increase in data breaches, the Data Protection Manager advised that there was an increased awareness for staff around their responsibilities to report any breaches.  She further advised that all breaches were assessed to see if there was a risk to the rights and freedoms of the individual and where there was not assurance, these were reported to the Information Commissioners Office (ICO) and that where there was assurance that there was not a risk to the person, the incident files were closed.

In response to question relating to the obligations of the ICO and reporting arrangements, the Data Protection Manager advised that the ICO would report back on how the Council handled the investigation.  She provided assurance that of the four that had been reported to the ICO, there was no further action required.

In response to a question relating to the risks associated with the increase in external cyber incidents, the Chief Officer – Digital and Technology advised that the number of incidents had increased however the complexity of the incidents remained the same and that the cyber security framework was robust.

In response to a question relating to the overall performance in relation to Subject Access Requests (SAR) and Freedom of Information Requests, the Customer Services Manager advised that SARs were challenging especially with Care Experienced related requests and that the team were focusing on FOIs to identify improvements.  She further advised that there was an increased awareness in both of these areas which had impacted the number of requests.

In response to a question relating to whether there had been an increase in the number of Care Experienced requests, the Customer Services Manager advised that when these requests are made, it was the volume of information involved and the resource required to complete the task not necessarily an increase in number.

In response to a question relating to  ...  view the full minutes text for item 4.

With reference to article 7 of the minute of its meeting of 8 May 2025, the Committee had before it a report by the Executive Director of Corporate Services which was provided to ensure that Elected Members reviewed the Council’s use of investigatory powers on a quarterly basis and had oversight that those powers were being used consistently in accordance with the Use of Investigatory Powers Policy.

The report recommended:

that the Committee -

(a)      note the Council’s use of covert surveillance activity during Q3; and

(b)      note there had been no applications to acquire communications data during Q3.

The Committee resolved:-

(i)       in relation to a question regarding the cancellation of the directed surveillance and whether this meant that it was activated, then cancelled or the whole procedure was cancelled, to note that the surveillance was cancelled after a successful investigation and that officers would ensure the terminology was amended for future reports;

(ii)      to otherwise approve the recommendations contained in the report.

The Committee had before it a report by the Executive Director of Corporate Services which provided the security incident report relating to the incorrect listing of a member’s political party on 15 August 2025.

The report recommended:

that the Committee -

(a)      note the findings of the report;    

(b)      note the additional controls being implemented; and

(c)      note the timeline for system upgrade as being end of 2025.

In response to a question relating to whether the bug had been replicated, the Chief Officer – Digital and Technology advised that the vendor had replicated the bug and implemented a solution.

In response to a question relating to whether Councillor McLellan had received an apology, the Chief Officer – Digital and Technology advised that the Executive Director of Corporate Services had provided an apology.

In response to a question relating to how a similar incident in the future will be prevented, the Chief Officer – Digital and Technology advised that whilst the current version of the software was still being used, there would be potential for a similar incident to occur.  He further advised that interim measures had been put in place until such time as the planned upgrade had taken place.

In response to a question relating to whether the Council were aware of the bug, the Chief Officer – Digital and Technology advised that the description of the bug within the release notes, was not sufficient enough to indicate the implication it may have on the system.

In response to a question relating to figures being in euros and whether this was accurate, the Chief Officer – Digital and Techology advised that he would ensure the template was amended to reflect the correct currency.

In response to a question relating to whether this incident would be reported as a data breach, the Chief Officer – Digital and Techology advised that there was an assessment undertaken at the time which showed that is was not a data breach as it was incorrect information published.

In response to a question relating to whether there was human error with the incident, the Executive Director of Corporate Services advised that there were robust vendor logs to show the user and the activity that was being undertaken and that he user would not have known that this incident had occurred.

The Committee resolved:-

(i)       to note that the bug was contained in the release notes provided to the Council however the description of the bug was insufficient to identify the implication it would have in the system; and

(ii)      to otherwise approve the recommendations contained in the report.

With reference to article 6 of the minute of its previous meeting, the Committee had before it a report by the Executive Director of Corporate Services which presented provided information on all Scottish Public Services Ombudsman (SPSO) and Inspector of Burial, Cremation and Funeral Directors decisions made in relation to Aberdeen City Council since the last reporting cycle, to provide assurance to Committee that complaints and Scottish Welfare Fund applications were being handled appropriately.

The report recommended:-

that the Committee note the report.

The Committee resolved:-

to approve the recommendation contained in the report.

With reference to article 4 of the minute of meeting of Council on 17 February 2025, the Committee had before it a report by the Executive Director of Corporate Services which provided an update on the implementation of the Accounts Commission recommendations, following consideration of the s102 report by the Council in February 2025.

The report recommended:-

That the Committee -

(a)      note the content of the report;

(b)      note that the Accounts Commission Findings had been progressed to conclusion; and

(c)      note that the Council Tax system and process priority actions were complete.

In response to a question relating to the means in which the funding was recovered, the Chief Officer – Finance advised that there was pension sacrifice following conviction, an insurance payment and additional funding was awarded via proceeds of crime.

In response to a question relating to whether additional support was given to victims, the Chief Officer – Finance advised that the Council was the victim of the crime and that there had been a number of people affected by this which officers were identifying and reimbursing them.

In response to a question relating to whether it was possible to cross reference employee bank accounts with the systems the Council had, the Chief Officer – Finance advised that to date, this had been a manual process and that the Council did have the capability to do this and that officers were working on an automated process.

In response to a question relating to whether the cloud-based bank validation tool and the NXG Forensics software were expensive and whether the Council were considering these, the Chief Officer - Finance advised that the systems were expensive and that the Council were looking at current suppliers to see how they were building this into their processes.

In response to a question relating to whether more could have been done, the Chief Officer - Finance advised that there had been various actions identified which had been implemented to improve the control processes.

In response to a question relating to Whistleblowing and whether this situation would be used to encourage staff , the Legal Manager advised that the policy had recently been reviewed and that staff had been advised.  The Chief Officer – Finance advised that the employee who reported the incident didn’t seek protection under the whistleblowing policy and that they had reported an anomaly to management for investigation. 

In response to a question relating to how progress with implementing the action plan would be reported, the Chief Officer – Finance advised that the Chief Internal Auditor will review the control processes as part of the Internal Audit Plan and report via that process.

In response to a question relating to the arrangements in place for reimbursing those affected by this incident, the Chief Finance Officer advised that there was a standard process being used for reimbursing those affected and that staff were working through the accounts.

In response to a question relating to whether similar circumstances had presented previously  ...  view the full minutes text for item 8.

With reference to article 7 of the minute of its meeting of 20 February 2025, the Committee had before it a report by the Chief Internal Auditor which sought agreement for the Internal Audit Charter.

The report recommended:-

That the Committee approve the attached Internal Audit Charter. Significant changes had been made to the Charter approved in February 2025 by the Committee to ensure compliance with the Global Internal Audit Standards (GIAS), which replaced the previously used Public Sector Internal Audit Standards (PSIAS).

In response to a question relating to the why the differences between the Charter approved in February and this version were not highlighted, the Chief Internal Auditor advised that the standards had completely changed and it was not possible to provide a comparison.

The Committee resolved:-

to approve the recommendation contained in the report.

The Committee had before it a report by the Chief Internal Auditor which provided an update on the work of Internal Audit since the last update to Members.  The report contained details of progress against the approved Internal Audit plans, audit recommendations follow ups, and other relevant matters for the attention of the Committee.

The report recommended:-

that the Committee –

(a)      note the progress of the Internal Audit Plan; and

(b)      note the progress that management had made with implementing recommendations agreed in Internal Audit reports.

In response to a question relating to the Review of Internal Audit methodology and the timescale for the briefing session for members, the Assurance Manager advised that it would be before the end of the year.

In response to a question relating to audit AC2313 and the underlying cause in delays to completing the transformation for fleet and roads, the Chief Officer – Strategic Place Planning advised the allocation of resources and that there was some complexity in that three clusters were involved to complete the recommendation.

In response to a question relating to audit AC2417 and the reason why the dates for completion had been amended, the Chief Officer – Digital Technology advised that changes across the infrastructure would not be implemented whilst new firewalls were being installed and that staff had been working with services through the issues they had been experiencing.

In response to a question relating to audit AC2313 and the different types of vehicles and whether there was a specific risk with new technologies, the Chief Officer – Strategic Place Planning advised that progress had been made with purchasing of new vehicles.  He further advised that the experience staff had on using the vehicles helped to identify vehicles which are assessed and evaluated. 

In response to a question relating to the supply of hydrogen and was this a liability having vehicles on the balance sheet not being used, the Chief Officer – Strategic Place Planning advised that commercial vehicles were duel fuel so would still operate regardless of the hydrogen supplies and that hydrogen cars which were European funded that were part of the co-wheels and now the enterprise fleet would be handed back if they reached a date they were no longer operable.

In response to a question relating to audit AC2514 and whether the cluster risk registers action was on target, the Assurance Manager advised that these were now complete with updates provided to Internal Audit.

In response to a question relating to audit AC2313 and whether the due date of May 2026 was realistic, the Chief Officer – Strategic Place Planning advised that this was the goal that the service were working towards to complete the action.

The Committee resolved:-

(i)       to note that the Chief Officer – Strategic Place Planning would provide an update by email relating to the status of hydrogen cars;

(ii)      to otherwise approve the recommendations contained in the report.

The Committee had before it a report by the Chief Internal Auditor which presented the planned Internal Audit report on Purchase Cards.

The report recommended:-

that the Committee review, discuss and comment on the issues raised within this report and the attached appendix.

In response to a question relating to whether consideration had been given to modernising the system by going digital, the Chief Officer – Finance advised that the system that supported the use of cards was digital in nature and that the provision of cards had assisted with purchasing certain items rather than using purchase orders.  He further advised that in terms of providing receipts, this was required for HMRC and for VAT receipts, with a more flexible way to submit the receipts available for staff.

In response to a question relating to whether discussions with colleagues in other Local Authorities had taken place, the Chief Officer Finance advised that discussions around next steps would be introduced.

In response to a question relating to the risks associated with expanding the use of cards and the controls in place to manage this, the Chief Officer – Finance advised that the action plan in place would address the risks outlined in the report.

The Committee resolved:-

to note the report and the attached internal audit report.

The Committee had before it a report by the Chief Internal Auditor which presented the planned Internal Audit report on Bond Governance.

The report recommended:-

that the Committee review, discuss and comment on the issues raised within this report and the attached appendix.

In response to a question relating to the Credit Rating risks and how these would be dealt with, the Chief Officer – Finance advised that the credit rating agency looked over the accounts, balance sheet and the debt indicators to form an opinion as well as looking at the affordability test and the national picture.  He further advised that the Council had agreed the level of debt as being 12% of net spend with the Prudential Indicators showing that this fluctuates throughout the year.

In response to a question relating to the Economic Policy Panel, how they were identified and appointed and how was the report used , the Chief Officer – Finance advised that the panel had been in place since 2017 with members going through an assessment and interview process. He further advised that he used the report during the meeting with Moodies as it showed the local perspective and provided an independent view of the situation and the future of the local economy.

In response to a question relating to the reason for the change in the credit rating, the Chief Officer – Finance advised that the report was in two parts, one being an assessment of the Council on its own which then added the legal structure layer on top of that to provide a more positive credit risk for anyone looking to invest.  He further advised that there was also an annual assessment of other local authorities in the UK whereby all local authorities are grouped together which on this occasion resulted in the rating being downgraded by one point.

In response to a question relating to the phasing out of EU Regulations within reports and whether this was being addressed, the Chief Officer – Finance advised that as policies and procedures were amended, these would be amended.

The Committee resolved:-

to note the report and the attached internal audit report.

The Committee had before it a report by the Chief Internal Auditor which presented the planned Internal Audit report on Early Learning and Childcare Setting Visits.

The report recommended:-

that the Committee review, discuss and comment on the issues raised within this report and the attached appendix.

In response to a question relating to the how head teachers were expected to follow the complex financial processes in relation to managing school funds, the Quality Improvement Manager advised that working with finance colleagues, guidance documents for all of the financial processes were added to a shared drive that all Head Teachers had access to.  She further advised that as part of the head teacher induction programme, finance colleagues provided information in relation to those guidance documents.  She explained that as part of the improvements, all head teachers had been asked to indicate their level of confidence in theirs and the admin teams around financial processes so that additional training could be offered if required.

In response to a question relating to Ref 1.2 – Purchase Cards and specifically whether more details could be provided in relation to the in person head teacher meeting, the Quality Improvement Manager advised that attendance at these meetings would be all head teachers or a suitable representative and that information relating to the purchase card guidance would be shared at that meeting.  She further advised that each Purchase Card holder is aware of the processes to be followed and that there were a small number of card holders in each school who had to complete mandatory training before a card was issued.

In response to a question relating to Ref 1.4 – School Fund and whether there was a model school fund constitution available, the Quality Improvement Manager advised that there was an exemplar school fund constitution in the finance folder.

In response to a question relating to whether the dates provided for completing the recommendations were on target, the Quality Improvement Manager advised that work was ongoing and that the service were on track to meet the deadlines.

The Committee resolved:-

to note the report and the attached internal audit report.

-        COUNCILLOR M.T. MALIK, Convener