Agenda and minutes

Members are asked to declare any interests in the items under consideration and in

doing so state:

(1) the type of interest concerned; and

(2) the nature of the interest concerned

If any member requires advice on declarations of interests, they are advised to contact the Head of Democratic Governance in advance of the meeting.

There were no declarations of interest on this occasion.

To agree the minutes of the last meeting of the Audit Committee held on 19 January 2017 as a true and correct record.

The Committee agreed that the minutes of the last meeting held on 19 January 2017 be signed by the Chairman as a true and correct record.

To consider a progress report on individual risks identified in the Council’s Strategic Risk Register.

The Committee considered a progress report in relation to the individual risks identified on the Strategic Risk Register, specifically in relation to the risk regarding ‘Unsustainable Local Economy / Increased Deprivation’. The report was introduced by Mr Cavill, Director of Place, who began by outlining a number of actions being taken by the Council in line with its Corporate Priorities of Communities and Economy. These included:

·         The intense programme of getting people into work through Positive Steps.

·         The successful programme of helping businesses to grow.

·         The focus on tourism, including the work that had gone into the development of the Blackpool Museum, the Conference Centre and the promenade improvements.

·         Achieving record visitor numbers at the Zoo and the Sandcastle, the latter which has been operating at capacity.

·         The new jobs created in the south of the town as a result of the Enterprise Zone.

·         The Talbot Gateway development – acquisition of the Wilkinson’s building, together with ambitions for Hounds Hill, including a new cinema complex.

·         Blackpool to become a mini-hub for the Civil Service, with the possibility of the Department for Work and Pensions relocating a large number of staff to the town centre.

Mr Cavill also gave an account of the large programme of highway improvements undertaken in Blackpool over the last few years which were continuing. Successful grant funding applications had been obtained and more would be applied for, going forward. These had contributed to the success of integrated traffic management projects, as well as the Quality Corridors and Blackpool Bridges programmes.

In relation to housing, Mr Cavill spoke of the scale of work carried out to improve the housing stock in Blackpool, including the initiatives as a result of the Selective Licensing Scheme. Additionally, The Blackpool Housing Company was now in operation, with 120 properties let to date and the Council was now in partnership with the Homes and Communities Agency, with a number of new build projects underway.

Mr Cavill responded to a number of questions from the Committee. In relation to sub-risk 8a, ‘Lack of good quality affordable housing’, he was asked what effect the completion of 400 new homes on the Rigby Road site and the Queens Park development would have in relation to this. He explained that in relation to the net score, the impact would be marginal. This was because of the general poor quality of housing stock in the town centre. He added however that the mitigation was likely to increase over time, with the situation likely to be much improved in approximately five years.

The Committee pointed out that there was no reference to improving skills within the risk report. Mr Cavill explained that skills improvement was covered elsewhere and agreed to check and report back on exactly where this could be found.

Committee members pointed out that recently, the Central Drive area had been the subject of negative media comments and asked about specific regeneration plans for that locality. Mr Cavill explained that the major regeneration initiative for that  ...  view the full minutes text for item 3.

To provide the Audit Committee with a summary of the work completed by Risk Services in quarter three of the 2016/2017 financial year.

The Committee considered the Risk Services Quarter Three Report which covered the period 1 October to 31 December 2016. The report was presented by Mrs Greenhalgh, Chief Internal Auditor, who outlined the key developments as detailed within the report, before responding to questions and comments from the Committee. She also pointed out that a new graph had been included in the report following a suggestion by the Audit Committee, which showed the percentage of Business Continuity Plans updated in line with the Quality Review Reports.

The Committee asked whether the £7,800 of identified corporate fraud in relation to Council Tax could be recovered. Mrs Greenhalgh explained that this matter was referred back to the Council Tax team for consideration, although Mr Thompson, Director of Resources, pointed out that the cost of recovery was likely to be greater than that of any monies recovered.

In response to a question about whether any patterns were emerging in the types of fraud being discovered, Mrs Greenhalgh explained that three cases of Direct Payments fraud had been referred to the Audit team recently. As a result, the Direct Payments team would be working closely with fraud investigators going forward. Additionally, as a result of the National Fraud Initiative data matching exercise, approximately 2,000 matches were currently being worked through and a number of those related to concessionary fares.

Mrs Greenhalgh was asked specifically about cases of blue badge fraud. She explained there had been a number of referrals and that currently, a more robust prosecution policy was being worked on, together with more pro-active observation work going forward.

In relation to the Council’s I pool training programme, Members asked whether there had been any improvement in the take up rate. Mrs Greenhalgh pointed to a slow improvement rate, but added that a targeted approach should bring about further improvements in 2017/2018.

The Committee raised questions about the status of Adult Services, and the measures put in place to address some of the issues highlighted that led to the inadequate assessment in relation to compliance. Specifically, Members were concerned whether the staff would have the time to carry out the actions required. Mrs Greenhalgh explained that the required measures would not be overly time consuming and that in addition, the new ‘Mosaic’ system was due to go live on 6 March 2017, which would lead to an improved recording system.

The Committee raised concerns about Placement Order Legal Costs, as highlighted within the report. It was requested that when in post, the new Children’s Services Director attend the Audit Committee to discuss this matter further.

In relation to the Regulation of Investigatory Powers Act 2000, it was noted that there had been no covert surveillance undertaken during the period of this report. The Committee asked why this was the case and Mrs Greenhalgh explained that RIPA surveillance was carried out only in the most serious of cases and that magistrates approval was needed in relation to each case. Asked specifically about dog issues, Mrs Greenhalgh  ...  view the full minutes text for item 4.

To provide an update in relation to the actions being taken to reduce cyber risks.

The Committee considered a report in relation to the actions being taken to reduce cyber risks within the Council. The report was presented by Mr Doyle, Head of ICT Services.

Mr Doyle spoke in relation to the content of the report. He began by explaining that cyber attack was now one of the top five threats to the Gross Domestic Product of all the UK’s major cities. The threat of cyber attack was now greater than it had ever been. To mitigate against the risk, the Council had now taken out insurance as a means of protection, as well as undertaking a number of pro-active initiatives to help minimise the risk of attack. These included:

·         Purchasing leading network and security systems from world class vendors.

·         A partnership with Lancaster University based TNP (The Networking People) who supported the Council in configuring and managing network and security systems.

·         Regular Ethical Hacking/Penetration Tests by highly qualified external experts NTA Monitor, who are accredited under the CHECK system by the Communications-Electronics Security Group, part of Government Communications Headquarters to detect and report on vulnerabilities.

·         Compliance with the Cabinet Office's Public Services Network Code of Connection, a security assessment and standard which included an externally assessed Annual IT Health Check to confirm the Local Authority could be trusted to share and handle information securely with other public bodies.

·         Compliance with the Payment Card Industry Data Security Standard to ensure the Council was trusted to process its large number of credit and debit card transactions.

·         Compliance with the NHS N3 Information Governance Toolkit to ensure the Local Authority could be trusted to share and handle information securely with other NHS bodies.

Mr Doyle went on to explain the top three known cyber threats to the Council and its user community, as follows:

Email – This was explained as the greatest threat and vulnerability. The Council received approximately half a million emails on a typical day. 485,000 of these emails were filtered out with approximately only 15,000 being legitimate emails.

Ransomware – It was explained that some of the zero day threat emails were designed to encourage email users to download a ransomware payload. Ransomware was designed to encrypt the files on the device and the network it sits on. In order to regain access to the files the ransomware demands the victim to pay a ransom. The longer the victim leaves it to pay the ransom, the higher the ransom goes. The only way to recover from a ransomware attack without paying a ransom was to ensure a secure backup of the data was in place before it was encrypted. It was reported that last year Lincolnshire County Council had to shut down all of its computer systems for four days to recover from a ransomware attack.

Password Security - Just before Christmas it was reported that the Internet giant Yahoo was hacked with over one billion customer account details including passwords being stolen.

The Council regularly requires users to reset complex passwords every 90  ...  view the full minutes text for item 5.

To consider approval from the Audit Committee for the Internal Audit Plan 2017/18.

The Committee was asked to consider approving the Internal Audit Plan 2017/2018. The Plan was presented by Mrs Greenhalgh, Chief Internal Auditor, who explained the criteria for the plan as follows:

·         Each risk based review would include core areas of internal control such as business planning, performance monitoring and security of assets. Segregation of duties in key processes would remain an important focus given the current economic climate and issues identified from past work.

·         Compliance testing accounted for approximately fifty percent of the allocated audit resource. As set out in the 2014/2017 audit strategy, the overall approach remained, to complement risk based audit work with a robust set of compliance testing.

·         Changes to the programme of risk based work would only be made following discussion with the Council’s Section 151 officer. Any changes would be made known to the Audit Committee through the quarterly report of the Chief Internal Auditor.

Responding to questions from the Committee, Mrs Greenhalgh confirmed that an equal balance was applied to all risks within the strategic risk register. Provisional timings were included within the Plan, to ensure an appropriate balance of work. She also confirmed that as well as identifying problem areas, that part of the process was to make recommendations in relation to possible solutions, where appropriate.

The Committee agreed to approve the Internal Audit Plan 2017/2018.

Background papers: None.

To consider approval of the updated Internal Audit Charter.

The Committee was asked to consider approving the updated Internal Audit Charter 2017-2018. The Charter was presented by Mrs Greenhalgh, Chief Internal Auditor, who explained the criteria for the document as defining Internal Audit’s mission, purpose, authority and responsibility. It was noted that the Charter was previously included as an appendix in the Internal Audit Plan, but following recommendations from a recent external assessment of Internal Audit, it would now be produced as a standalone document.

Mrs Greenhalgh responded to questions from the Committee. Asked whether the Charter needed to contain anything about whistleblowing, she confirmed that the Whistleblowing Policy sat within the Human Resources department and not Audit.

The Committee agreed to approve the Internal Audit Charter 2017-2018.

Background papers: None.

To consider KPMG’s Audit Plan 2016/2017.

The Committee considered KPMG’s Audit Plan for 2016/2017.

The Plan was presented by Mr Cutler, KPMG. He talked the Committee through the content of the Plan before responding to questions.

Mr Cutler confirmed that KPMG determined the priorities within the Plan, although it was likely that the Council would readily agree with the content. He also confirmed that as part of any recommendations made, these would include identifying possible solutions to any issues that were highlighted. On that topic, any best practice learning from other local authorities would be passed on.

Asked about the possible costs that might be incurred if any formal objections were raised by members of the public, Mr Cutler explained that additional costs would only be incurred if an objection was accepted that warranted further investigation. Furthermore, any additional fees would have to be accepted by the Public Sector Audit Office.

The Committee agreed to note the report.

Background papers: None.

To consider the External Auditor’s report on the certification of grants and returns 2015/2016.

The Committee considered the External Auditor’s report on the certification of grants and returns 2015/2016. The report was presented by Mr Cutler, KPMG who explained that the report summarised the results of work carried out by KPMG under the Public Sector Audit Appointment certification arrangements, as well as the work completed on other grants and returns under separate engagement terms.

The Committee agreed to note the report.

Background papers: None.

To note the date and time of the next meeting of the Committee as Thursday, 20 April 2017, commencing at 6pm.

The Committee noted the time and date of the next meeting as 6pm on Thursday 20 April 2017 at Blackpool Town Hall.