Agenda and minutes

Standards & Audit Sub Board - Thursday, 11th January, 2024 6.00 pm

Venue: Council Chamber

Contact: Linda Coote  Email: linda.coote@gosport.gov.uk

Items
No. Item

75.

Apologies for Non Attendance

Minutes:

There were none

76.

Declarations of Interest

Minutes:

There were none

77.

Minutes of the Meeting of the Sub Board held on 16 November 2023 pdf icon PDF 200 KB

Minutes:

RESOLVED: That the mnutes of the meeting held on 16 November 2023 were signed as a true and correct record.

 

Members noted that the suggested discussion regarding the Code of Conduct was not on this agenda, and hoped it would be on the next.

78.

Deputations- Standing Order 3.4

(NOTE: The Board is required to receive a deputation(s) on a matter which is before the meeting of the Board provided that notice of the intended deputation and its object shall have been received by the Borough Solicitor by 12 noon on 9 January 2024. The total time for deputations in favour and against a proposal shall not exceed 10 minutes)

Minutes:

There were none

79.

Public Questions - Standing Order 3.5

(NOTE: The Board is required to allow a total of 15 minutes for questions from Members of the public on matters within the terms of reference of the Board provided that notice of such Question(s) shall have been submitted to the Borough Solicitor by 12 noon on 9 January 2024)

Minutes:

There were none

80.

Data Breach Report pdf icon PDF 206 KB

To inform the Committee of any Data Security Breaches and actions
agreed/taken since the last meeting

 

Additional documents:

Minutes:

Consideration was given to a report by the Data Protection Officer informing the Sub Board of any Data Security Breaches and actions agreed/taken since the last report.

 

Members suggested that the reason for the breach by a member of agency staff should be changed from human error to inappropriate action by staff.

 

The Data Protection Officer advised Members that the ICO had been contacted to seek advice regarding the biggest breach. Because of the prompt action taken and the fact that the recipient had not accessed the data, the ICO decided no further action was necessary.

 

Members were advised that the biggest threat/risk was human error and staff were encouraged to report any breaches in order that they can be corrected and potential training identified. If no breaches were reported, then an investigation would take place. Audits of benefits and council tax check the safeguards departments have in place.

 

Officers advised that if a breach occurs, the data subject is not always informed. It is at the discretion of the Service Head.

 

RESOLVED: That the Sub Board noted the report

81.

Internal Audit Progress Report and Updated Audit Charter & Code of Ethics pdf icon PDF 109 KB

To update the sub board on the progress of the Audit Plan 2023/24, agreed (April 2023), to the Members with responsibility for governance.

 

 

To present the reviewed Audit Charter & Code of Ethics to the board for approval, as set out in Appendix B.

 

Additional documents:

Minutes:

Consideration was given to a report by the Chief Internal Auditor (CIA) updating the Sub Board on the progress of the Audit Plan 2023/24 agreed (April 2023) and seeking approval for the reviewed Audit Charter and Code of Ethics.

 

The CIA advised that this was the standard Audit report brought to every meeting, and that the only update to the Charter was to change the name of the Sub Board. They were confident that the programmed work will be completed by the end of March, and there would be enough to give the audit opinion, even if all reports are not necessarily finalized, the testing will be completed.

 

A Member raised a number of issues of errors and clarification required within the Audit Plan, which the CIA agreed to address.

 

Members were advised that the work on the DSO review started by the Interim Head of Streetscene would be picked up by the Chief Executive.

 

Members were advised that the Head of IT was confident that the team would be on top of the work required to improve the limited assurance assessments.

 

The Head of IT explained to the Sub Board of the current system in place with off site storage of data. In the case of a failure, it was difficult to say how long it would take to rebuild the physical system that could then process our software systems. The business would have to determine how long it could be without its systems and the emergency solution designed to meet that timescale.

 

The CIA explained that the probability of any problem occurring was not as high to push it into Critical Risk. The risk register took a broader look at data loss including cyber security, not just backing up of systems.

 

Members suggested looking at a partnership with PCC, but understood that there will always be a tradeoff between what is ideal and what can be afforded.

 

RESOLVED: That the Standards & Audit Sub Board noted the progress of the Audit Plan 2023/24 and approved the updated Audit Charter & Code of Ethics.

 

82.

Risk Register Update pdf icon PDF 108 KB

To present the Strategic Risk Register, for noting, as at December 2023, in line with the Risk Management Policy.

 

Additional documents:

Minutes:

Consideration was given to a report by the Chief Internal Auditor (CIA) presenting the Risk Register as at December 2023 in line with the Risk Management Policy.

 

Members were concerned that with the Interim Head of Streetscene now gone the report that had been started would now not be completed. The CIA agreed to check the status of this work with the Chief Executive and advise if it was going to be taken to P&O.

 

Members understood that the register was quite a fluid document and might never reflect the current position at Sub Board due to submission dates for reports.

 

In answer to a Members question the CIA agreed to consider if the target for the Criterion project needed to be adjusted to reflect the delay to applying for grants caused by the ongoing business plan.

 

The CIA agreed to consider compiling a table of risks blocked by their scores to help identify the order of priority, and to hi-light new risks on the table.

 

RESOLVED: that the Members noted the Strategic Risk Register

83.

Any Other Items