Agenda and minutes

Corporate Affairs and Audit Committee - Thursday 16th March, 2023 3.30 pm

Venue: Mandela Room

Contact: Susan Lightwing 

No. Item


Welcome and Evacuation Procedure


The Chair welcomed all present to the meeting and read out the Building Evacuation Procedure.


Declarations of Interest

To receive any declarations of interest.


There were no declarations of interest received at this point in the meeting.


Risk and Performance Management: Annual Assurance Report 2022 pdf icon PDF 206 KB


A report of the Interim Head of Strategy, Governance and Information was presented to outline the Council’s approach to performance and risk management, to summarise activity in the past year and planned activity for 2023 to provide the Committee with assurance that the Council had robust arrangements in place for these disciplines.


The Council’s approach to these disciplines was articulated within the following policies:


·        Performance Management Policy.

·        Programme and Project Management Policy.

·        Risk and Opportunity Management Policy.


The policies were scheduled to be reviewed during 2023 to ensure they continued to meet the organisation’s needs in relation to these disciplines.


At a meeting of the Executive on 5 April 2022, a refreshed Strategic Plan workplan for the 2022-24 period and Directorate Priorities for 2022/23 was approved, which combined provide a cohesive approach to the delivery of key priority activities across Council services.


Significant work was also undertaken in the year to improve Directorate and strategic performance management, with the implementation of a monthly performance review cycle using an integrated performance dashboard drawn from a range of feeder systems which recorded different aspects of corporate performance.


The monthly Directorate and LMT performance reviews held throughout 2022/23 considered the following items on a ‘by exception’ basis, with only matters considered to require discussion or steer, raised:


  • Actions agreed by the Executive (including responses to scrutiny reports).

·        The Strategic Plan workplan (both in terms of activity and outcomes).

  • Directorate priorities.
  • The Council’s portfolio of programmes and projects.
  • Compliance indicators (e.g. completion of audit actions).
  • Directorate and strategic risk registers.


Output from the monthly performance reviews was reflected in a quarterly update on wider corporate performance, to the Executive and Overview and Scrutiny Board; an approach which had served to significantly improve focus upon and strengthen delivery of corporate performance disciplines.


A refresh of the Strategic Plan was deferred in 2022/23 due to the need to consider the implications of several key White Papers over the past year, therefore the issue of articulating outcomes and measures, would be addressed in a full refresh of the Strategic Plan in 202/23.


The Programme and Project Management (PPM) policy and its underpinning framework provided a standardised approach to the governance of programmes and projects, including standard documentation.


All projects within the Councils portfolio continued to be connected to overarching programmes and portfolios wherever possible to clearly articulate their contribution.


Currently there were projects in the portfolio that were being managed under the PPM framework.  These projects were supported and monitored by the Portfolio Management Office (PMO) and were reported by exception to the monthly Directorate and Leadership Team performance review meetings and in the quarterly reports to the Executive and Overview and Scrutiny Board.


The Councils approach to PPM was also the base methodology for delivery of Strategic Plan workplan activities and all change and savings programme initiatives, requiring robust milestone delivery plans which were subject to the monthly performance management and governance regime for project delivery, as set out in detail in  ...  view the full minutes text for item 22/65


Annual Assurance Report for Business Continuity pdf icon PDF 264 KB


A report of the Director of Legal and Governance Services (Monitoring Officer) was presented to outline the Council’s approach to business continuity management, summarise activity in the past year and planned activity for 2023, to provide the Committee with assurance that the Council had robust arrangements in place, as required by the Civil Contingencies Act 2004.


The Council’s Corporate Business Continuity Plan defined critical functions as those which, if interrupted could result in:


  • risk of serious injury;
  • risk of death;
  • massive financial losses; or
  • significant damage to the Council’s reputation.


The Council would consider activating its business continuity plans if there was a business interruption event that:


  • was likely to last for more than half a working day;
  • affected a vulnerable group of service users;
  • impacted on the delivery of key critical activities;
  • restricted access to one of the key council buildings;
  • could generate significant damage to the Council’s reputation; or
  • was highly likely to escalate into one of the above categories.


The Council had the following plans in place to respond to the variety of events that could occur:


  • the Corporate Business Continuity plan;
  • supporting Departmental Business Continuity plans;
  • Relocation Plan;
  • ICT Disaster Recovery Plan.
  • Fuel Plan;
  • Pandemic Plan.


The Council did not publish its business continuity plans as they outlined sensitive information around its critical functions and their recovery that could be misused and contained personal information relating to employees that had agreed to share personal contact details to enable the Council to get in touch with them quickly in the event of an incident.  Paragraphs 8 to 14 of the submitted report outlined the content of the Council’s plans in broad terms.


The Council aimed to test its plans at least once every 12 months, or produce a lessons learned report if a live incident had occurred during the past year.  Due to the ongoing nature of the pandemic, no test was undertaken in 2022, however during 2023 a live test of business continuity was planned to ensure that senior managers understood their roles and responsibilities during an incident and to test the robustness of plans.


During the 2022 annual review of plans, there was an increased focus on the impact loss of power could have on critical activities to ensure services planned effectively for this event.


Details of the actions delivered in 2022 to ensure good governance in relation to business continuity were detailed in paragraphs 20 to 23 of the submitted report.  During 2023/2024 further work would be undertaken to build on progress made as part of the Council’s commitment to continual improvement in business continuity planning as follows:



  • Officers planned to undertake a cyber-attack/power cut exercise on a key system as the next ICT Disaster Recovery Plan exercise to test its effectiveness.
  • Increase the number of trained loggists to support Business Continuity responses in an invocation.
  • Refresh training to implement an eLearning package range in relation to Business Continuity capturing basic awareness raising and advanced practice.
  • Produce and deliver  ...  view the full minutes text for item 22/66


Annual Report of the Senior Information Risk Owner (SIRO) pdf icon PDF 395 KB


A report of the Interim Head of Governance Policy and Information was presented to advise the Corporate Affairs and Audit Committee of arrangements in place to ensure the proper governance of information within the Council, progress made within the 2022 calendar year, risks and issues arising, and priorities for 2023.


The Council must create, protect, manage, share and disclose information in line with a complex legal framework.  The report dealt principally with information governance arrangements relating to the following, and the risks arising from:


           Data Protection Act 2018 (DPA);

           UK General Data Protection Regulation 2016 (UK GDPR);

           Privacy and Electronic Communications Regulations 2003 (as amended);

           Environmental Information Regulations 2004 (EIR);

           Freedom of Information Act 2000 (FOI);

           Regulation of Investigatory Powers Act 2000 (RIPA); and

           Protection of Freedoms Act 2012 (PoFA).


The Council’s activity in this area was largely regulated by the Information Commissioner’s Office (ICO), with the Investigatory Powers Commissioner’s Office (IPCO) acting as the regulatory body for RIPA and compliance with the Surveillance Camera Code of Practice and the relevant provisions of PoFA encouraged by the Biometrics and Surveillance Camera Commissioner.


The Interim Head of Governance Policy and Information acted as the Council’s Senior Information Risk Owner (SIRO)/Senior Responsible Officer (SRO) for Biometrics and Surveillance and RIPA, and was the owner of the Council’s Information Strategy.  The SIRO advised the Chief Executive and the Council’s management team on information risk, reporting quarterly to the internal risk management group and annually to Leadership Team and to the Corporate Affairs and Audit Committee.


The submitted report provided an overview of compliance, issues and risks in 2022 in the following areas:


           ICO Consensual Audit 2019 and 2020 recommendations.

           Information Governance Framework.

           Statutory Information Requests.

           Physical Access.

           Surveillance Policy.


Performance reporting showed an increase in FOI/EIR compliance and Members noted this positive improvement.


During 2023 a refreshed approach to Information Strategy would be developed alongside the refresh of the Strategic Plan to ensure the operational aims of the Council aligned with the Strategic vision set by Members.


The Council’s information asset registers were significantly developed in previous years and reviewed/consolidated with UK GDPR ‘Records of Processing Activity’ in 2019/20.  Various in-year updates by individual Information Asset Owners would need to be merged with changes as a result of the Council’s accommodation strategy, bulk transfer of records to digital formats, procurement of electronic systems – including the SharePoint Online migration and decommissioning of others.


In relation to Information Security, details of the numbers of personal data breaches and ICT/other security incidents were provided at paragraph 17 of the submitted report.  Only two personal data breaches were reported to the ICO in 2022.  Reported personal data breaches had decreased by 20% on the previously year, whilst ICT/other security incidents had increased, largely owing to more reports or lost or stolen ICT hardware devices.  An update of actions taken in relation to Cyber Security and Records Management  ...  view the full minutes text for item 22/67




In accordance with Council Procedure Rule No 5, the Committee agreed to vary the order of business to deal with the items in the following order: Agenda Item 11, Agenda Items 7 to 12.


Update on Section 151 Officer Arrangements

Verbal Report


The Director of Legal and Governance Services (Monitoring Officer) provided an update on the Section 151 Officer arrangements for Middlesbrough Council. 


The current Section 151 Officer’s employment would cease on 31 March 2023, and it was proposed that the Section 151 Officer function was temporarily re-designated to the Head of Financial Planning, who was one of the current Deputy Section 151 officers, for a period of up to three months.  Approval would be sought from full Council at an Extraordinary Meeting to be held on 22 March 2023 for the proposed re-designation of the function.


The Chief Officer Appointments Committee had delegated authority to the Chief Executive, in consultation with a representative group of Members from the Committee, to secure the appointment of an interim Section 151 Officer.  The Extraordinary Council meeting on 22 March 2023 would also consider the appointment of an interim Chief Executive.  In recognition that a new interim Chief Executive would be appointed it was appropriate that they should make the interim Section 151 Officer appointment as one of the first tasks of their new role. 


AGREED that the proposed Section 151 Officer arrangements for Middlesbrough Council were noted.


Health and Safety: Annual Assurance Report 2022 pdf icon PDF 198 KB


A report of the Director of Legal and Governance Services (Monitoring Officer) was presented to outline the Council’s approach to health and safety management and summarise activity in the past year and planned activity for 2023, in order to provide the Committee with assurance that the Council has robust arrangements in place, as required by the Health and Safety Act 1974.


The Council had a governance framework structure in place to oversee health and safety, ensure compliance with legal requirements and deliver ambitions in relation to Health and Safety.


The digitised health and safety management application (My Compliance)

continued to be developed and its processes embedded within day-today

risk management.  As a significant level of data had built up in the system it had enabled the Council to improve the intelligence it could develop from:


  • incident reporting and investigation;
  • health and safety audits;
  • fire risk assessment; and
  • action tracking.


This had been used to improve understanding of the impact of violent incidents, unblock systematic issues to improve compliance and increase

Officer and Member visibility and oversight.  Regular reviews of underpinning documentation with the governance framework were undertaken.  


During 2022 the Control of Substances Hazardous to Health (COSHH) procedures were refreshed.   Reporting content for oversight of health and safety had also been refreshed, utilizing the new capabilities of My Compliance and Power BI to enable reports to focus on the lessons to be learned, trends and areas of concern, while providing assurance as to the robust datasets in place to track health and safety compliance.


A key focus of the team during 2022 had been the ongoing transition from Covid-19 to the new way of working and ensuring appropriate health and safety measures were embedded within that, as well as supporting the move of a significant number of staff and Members to Fountain Court.


The Council continued to deliver training and support to staff to ensure compliance with health and safety obligations and understanding of roles and responsibilities. In addition to the suite of e-learning materials that were already available to all staff, during 2022:


  • Leadership and Management Team members attended an accredited one day IOSH Leading Safety Course.
  • Face-to-face incident investigation awareness, evacuation chair and fire warden courses were delivered to supplement e-learning.
  • e-learning resources were refreshed to enhance Manual handling training.


During 2023, further work would be undertaken to build on progress made within the previous action plan as part of the Council’s commitment to continual improvement in health and safety management.


The health and safety unit would continue to monitor and assist in developing the digital solution linking Power BI and My Compliance, to further develop business intelligence capabilities.


The following policies and procedures will be produced, reviewed and uploaded onto the intranet:


  • Personal Protective Equipment policy.
  • Noise Procedure.
  • Vibration Procedure.


In order to be compliant with legal duties, the Council must have a Legal register in place which provided details of legislation applicable to the Council.   A gap analysis was currently underway to map leads for pieces  ...  view the full minutes text for item 22/70


Internal Audit and Counter Fraud Progress Report pdf icon PDF 154 KB

Additional documents:


The Head of Internal Audit, Veritau, provided Members with an update on progress with the delivery of internal audit and counter fraud work and on reports issued and other work completed since the last update report to the Corporate Affairs and Audit Committee.


A copy of the internal audit progress report was attached at Annex 1 to the submitted report.   It reported on progress against the internal audit work programme. This included a summary of current work in progress, internal audit priorities for the year, completed work, and follow-up of previously agreed audit actions.


The counter fraud progress report was contained in annex 2.  It reported on progress against the counter fraud work programme.   A range of work was detailed including activity to promote awareness of fraud, work with external agencies, and information on the level of fraud reported to date.


Members of the Committee raised several queries and some concerns in relation to recently circulated Audit Reports on Burials and Creditors.   


The Chair requested that Final Audit Reports on the Middlesbrough Development Company and Senior Management Review should be finalised and brought to the Committee at the earliest opportunity, and preferably prior to the forthcoming elections in May 2023.


AGREED as follows that the:

1.         report was received and noted.

2.         progress of internal audit and counter fraud work in 2022/2023 was noted.


Update on 2020-2021 and 2021-2022 Audits

Verbal Report


A verbal update on the 2020-2021 and 2021-2022 Audits was provided. 


With regard to the 2020-2021 audit the main outstanding issue was around Going Concern.  In terms of the accounting standards, when the accounts were signed, the public and regulators had to be assured that the organisation was a going concern at that time and for the next twelve months.  The Budget approved by Council on 27 February 2023 was currently being reviewed by the External Auditor and the aim was to have the audit signed off prior to the local elections in May 2023.


The External Auditor confirmed that EY was working through the disclosures in the financial statements.  Whilst the Accounts would be published two years after the end of that financial year, Going Concern had to be assessed for the twelve month period from date of publishing.  The narrative needed tweaking to capture the right period of the assessment.  There had also been a disclosure issue in 2021-2022 that reached back to the previous set of accounts.  Whilst quite minor it was a reasonably sized number. 


The 2021-2022 audit was ongoing and the accounts would not be signed off before the May elections.  Other local authorities were in a similar position. The Finance team would complete as much work as possible before 31 March 2023 and then move onto closing the 2022-2023 accounts before moving back to the audit work.    It was anticipated that the 2021-2022 audit would be finished from July onwards.  There was no capacity in the finance team to continue with an audit whilst trying to close a set of accounts. 


AGREED that the information provided was received and noted.


Appointment of Returning Officer and Electoral Registration Officer pdf icon PDF 145 KB


A report of the Chief Executive was presented to seek approval for the appointment of Charlotte Benjamin, Director of Legal and Governance Services as the Returning Officer and the Electoral Registration Officer in accordance with the Representation of the People Act 1983.


Every district council in England was required by Section 35(1) of the Representation of the People Act 1983 Act to appoint an officer of the council to be the Returning Officer for elections of councillors of the county and every district council should appoint an officer of the council to be the returning officer for the elections of councillors of the district and an officer of the council to be the returning officer for elections of councillors of parishes or communities within the district.


Section 8(2)(a) of the Act also required the Council to appoint an officer to be the Electoral Registration Officer.  The Electoral Registration Officer was responsible for the preparation and maintenance of the electoral register for any parliamentary constituency or part of a constituency within its area.


According to Section 24(1) (b) the returning Officer for Parliamentary Elections was the Chair of the Council, who delegated authority for the management of the election to the Acting Returning Officer who was the Electoral Registration Officer. 


According to Section 28(1) of the Act, only the Electoral Registration Officer may act as the (Acting) Returning Officer at Parliamentary elections, therefore it made sense to ensure that one officer was appointed to both the roles and therefore responsible for all local and national elections and referenda.


It was highlighted that the duties of the Returning Officer were separate from the officer’s duties as a local government officer.  The Returning Officer was personally liable for the conduct of the election, and only Council could designate an alternative Returning Officer to discharge these functions.  The Corporate Affairs and Audit Committee had delegated authority to consider and approve the appointment on behalf of the Council.


ORDERED as follows that:

  1.  The report was received and noted.
  2.  Charlotte Benjamin, Director of Legal and Governance Services,  

       was appointed as the Returning Officer and Electoral Registration 

       Officer for Middlesbrough Council.

  1.  The Returning Officer had the power to appoint deputies in the case of all elections.


Any other urgent items which in the opinion of the Chair, may be considered