Agenda and minutes

The Chair welcomed all present and read out the Evacuation Procedure.

To receive any declarations of interest.

The minutes of the Corporate Affairs meeting held on 9 December 2021 were submitted and approved as a correct record.

A report of the Head of Strategy, Information and Governance was presented to advise the Corporate Affairs and Audit Committee of arrangements in place to ensure the proper governance of information within the Council, progress made within the 2021 calendar year, risks and issues arising, and priorities for 2022.

The report provided assurance to the Committee that information governance (IG) policy and practice within the Council was in line with legal obligations, and consistent with the principles of good governance.

The last annual report to this Committee (29 April 2021) set out eight key priorities to reduce information risk for the 2021 calendar year and beyond.   During this period the COVID-19 pandemic persisted, and again associated restrictions resulted in some delays to planned activity, as relevant employees were either re-directed to emergency response or otherwise unable to progress work, for example, due to the unavailability of the workplace.

As such, work on these, and other priorities identified during 2021 and set out within this report, would complete during 2022.  Nevertheless, good progress was made in many areas during the year, as summarised in the submitted report, including:

• Cyber security posture.
• ICO consensual audit.
• Information Governance Framework.
• Statutory Information Requests.
• Physical access.
• Historic paper records.
• Surveillance Policy.
• Alignment of major ICT projects and information governance requirements.
• Information Strategy progress.
• Changes to information asset registers.
• Information security.
• Cyber security.
• Records management.
• Data protection.
• Surveillance.
• Information Requests.
• Assessment of information risk.

Key priorities for 2022 to address the issues and risks outlined in the report were as follows:

• review the Council’s approach to cyber security and continuity/ recovery plans in line with changes to National Cyber Security Centre guidance and the Government’s National Cyber Strategy for 2022-2030, focusing on zero-day, internet-facing application and supply chain attacks, particularly in view of the ongoing situation in Ukraine.

• continue to improve the Council’s responsiveness to information requests through use of enhanced 365 tools and increased resourcing of the central team.

• continue to improve the Council’s surveillance practice by implementing in full the provisions of the Surveillance Policy.

• develop an Integrated Operations Strategy for the Council, fully aligning all existing operational strategies including the Information and ICT strategies.

• launch the Council’s revised Information Governance Framework to staff, focusing in particular on those with specific roles in the framework – IAOs, system owners and Information Asset Assistants.

• ensure that the move to and operation of Fountain Court is undertaken in line with the Council’s Premises Security and Access policy to avoid loss of or unauthorised access to information.

• ensure that key ICT projects for 2022 including the migration from the Council’s existing EDRMS to Microsoft SharePoint and the review of the Council’s website are fully aligned with the Information Governance Framework and progress the aims of the Council’s Information Strategy.

The Committee were advised that the Annual CCTV report would be presented to the Committee when completed.

Key messages would continue to be communicated to staff via re-induction, staff training, Information Asset Owners and other means in order  ...  view the full minutes text for item 21/44

A report of the Director of Legal and Governance Services (Monitoring Officer) was presented to summarise complaints received from the Council’s customers in the period 2018-21, alongside their outcomes and the lessons learned by the Council.

The Committee were advised that the report going forward would be an annual report.

The report provided the necessary information to enable the Committee to discharge this responsibility, setting out:

• a summary of the complaints procedures used by the Council;
• key statistics on local complaint volumes and outcomes between 2018-2021.
• a summary of complaints escalated to the LGSCO during these years.
• lessons learned from consideration of complaints received.
• resulting actions to be taken in the future.

AGREED that the information provided was received and noted.

A report of the Director of Legal and Governance Services (Monitoring Officer) was presented to report the outcome of the annual review of the Council’s Local Code of Corporate Governance (LCGG).

The current LCCG, a copy of which was attached at Appendix 1 to the submitted report, was modelled on the CIPFA/SOLACE guidance ‘Delivering Good Governance’ (2016).  

An annual review schedule was put in place to ensure that changes to this guidance were reflected within the LCCG. There had been no changes to the guidance since the current LCCG was adopted by Council in 2017.  As such, no changes to LCCG were proposed from this year’s review.

AGREED as follows that:

1.  the report was received and noted.

2. Middlesbrough Council’s current Local Code of Corporate Governance was retained.

A report of the Director of Legal and Governance Services (Monitoring Officer) was presented to outline the Council’s approach to health and safety management.  The report summarised activity in the past year and planned activity for 2022, in order to provide the Committee with assurance that the Council had robust arrangements in place, as required by the Health and Safety Act 1974.

The Council’s Health and Safety Policy:

• defined the Council’s legal duty.
• outlined the requirements of the health and safety management system.
• detailed specific roles and responsibilities of members, managers, employees and the health and safety unit.

The policy set out the framework for managing health and safety within the Council based on the cycle of ‘Plan, Do, Check, Act’.

A health and safety action plan was developed in 2021/22.  Progress on this plan was reported to Risk Management Group on a quarterly basis and details were provided in the submitted report.  Highlights included:

·        My compliance

·        Roof Work procedure

·        DSE procedure

·        Communication/Consultation procedure

·        Corporate Health and Safety Committee becoming a steering group

·        Development of a Potentially Violent Persons procedure

·        Covid 19 risk assessments

·        Detailed premises health and safety audits

·        Face to face Fire Warden courses

During 2022/23, further work would be undertaken to build on progress made within the previous action plan as part of the Council’s commitment to continual improvement in health and safety management.

The health and safety unit would continue to develop the My Compliance, digitising remaining manual processes and developing a business intelligence through which management could monitor ‘real time’ health and safety performance.

The single Potentially Violent Persons Register would be launched and the COSSH procedure would be reviewed and uploaded onto the intranet.

Detailed health and safety plans for each type of premises would be produced, incorporating both premises and service area health and safety requirements.  Work would also start on service area specific health and safety plans for high-risk service areas.  Health and safety audits would ascertain compliance with the revised plans with the aim of improving compliance and safety standards throughout the Council.

The health and safety unit would continue to support the organisation in dealing with the COVID-19 pandemic and the return to the office, including relocation to Fountain Court in summer 2022.

The health and safety training on Middlesbrough Learns and other bespoke face-to-face training would be reviewed and revised where appropriate to reflect new and updated corporate procedures. Leadership and Management Team would attend an accredited one day IOSH Leading Safety Course.

AGREED that the information provided was received and noted.

A report of the Head of Internal Audit, Veritau, was presented to seek the views of Members on risk areas that should be considered a priority for audit in 2022/23, to help inform the preparation of the annual internal audit work programme.

Internal audit work programmes covered a range of risk areas to ensure that overall, the work undertaken would enable the service to meet the requirements of the standards to provide an overall opinion on the framework of governance, risk management, and control operating at the Council.   Veritau had defined eleven key areas where assurance was required during the course of the year in order to provide that opinion, as follows:

• Strategic planning
• Organisational governance
• Financial governance
• Risk management
• Information governance
• Performance management and data quality
• Procurement and contract management
• People management
• Asset management
• Programme and project management
• ICT governance

A table was included at Figure 1 of the submitted report that set out some initial ideas on areas for consideration for audit in 2022/23.  These were included to prompt discussion and were not intended to be a definitive or complete list of areas that could be reviewed.  Planning would also take into account risks arising from current external factors and emerging issues.

For example the Covid-19 pandemic, which had had a significant and sustained effect, and the developing energy crisis.

Following discussions members felt that the following areas should be considered for audit in 2022/23:

·        Councils Corporate Governance Framework

·        Strategic Planning

·        Ethics and organisational culture

·        High Street Recovery Fund including the Future High Street Fund

·        Local Plan Strategy

·        Leisure Services SLM performance report

·        Planning department including how the department deals with any developers Terms of Reference and how do they deal with complaints ensuring they are dealt with in a timely manner. 

The Chair requested that the report be circulated to all Members of the committee for comment to ensure that all Members had provided a contribution to the areas considered for audit.  A deadline of 2 weeks for responses to be received was agreed.

AGREED that the information provided was received and noted.

A report of the Head of Internal Audit, Veritau, was presented to provide Members with an update on progress with the delivery of internal audit and counter fraud work and on reports issued and other work completed since the last update report to the Committee.

A copy of the internal audit progress report was attached at Annex 1 to the submitted report.  It reported on progress against the internal audit work programme.  This included a summary of current work in progress, internal audit priorities for the year, completed work, and follow-up of previously agreed audit actions.

A copy of the counter fraud progress report was attached at Annex 2 to the submitted report.  It reported on progress against the counter fraud work programme.  A range of work was detailed including activity to promote awareness of fraud, work with external agencies, and information on the level of fraud reported to date.

AGREED that the information provided was received and noted.

A report of the Director of Finance (Section 151 Officer) was presented to give Members of the Corporate Affairs and Audit Committee an update on the status of the external audit of the 2020/21 Statement of Accounts. 

As the financial statements element of the audit was reaching completion, a revised set of accounts were available.  The report identified key revisions to the accounts as part of the audit process.  Although Members were not requested to approve the audited accounts at this stage, it was important that they were informed of progress, any issues raised by the external auditor and any relevant changes in the financial statements and position of the Council.

The audit of the statement of accounts for 2020/21 was now substantially complete and would be finalised once EY issued their opinion on the accounts.  The statutory deadline for completing the 2020/21 audit of the statement of accounts was 30 September 2021.   The main reasons for the length of the current external audit and the reasons why it was not yet complete were set out in the paragraphs 14 to 20 of the submitted report. 

Work on the financial statements part of the audit was now complete and as such, a set of revised accounts and notes were attached in Appendix 1 to the submitted report.  Details of the changes made due to the audit were outlined in paragraphs 21 to 38 of the submitted report.

AGREED as follows that the:

1.  information provided was received and noted.

2.  position on the audit of the Statement of Accounts for 2020/2021 for the Council was noted.

The Chair expressed thanks to Paul Stephens on behalf of the Committee for the support he had provided and wished him well in his future employment.