Agenda and minutes

To receive any apologies for absence

Apologies for absence were submitted on behalf of Councillors Birnie and Tindall.

To receive any declarations of interest

A member with a disclosable pecuniary interest or a personal interest in a matter who attends a meeting of the authority at which the matter is considered -

(i)            must disclose the interest at the start of the meeting or when the interest becomes apparent

and, if the interest is a disclosable pecuniary interest, or a personal interest which is also prejudicial

(ii)        may not participate in any discussion or vote on the matter (and must withdraw to the public seating area) unless they have been granted a dispensation.

A member who discloses at a meeting a disclosable pecuniary interest which is not registered in the Members’ Register of Interests, or is not the subject of a pending notification, must notify the Monitoring Officer of the interest within 28 days of the disclosure.

Disclosable pecuniary interests, personal and prejudicial interests are defined in Part 2 of the Code of Conduct For Members

[If a member is in any doubt as to whether they have an interest which should be declared they should seek the advice of the Monitoring Officer before the start of the meeting]

There were no declarations of interest.

To confirm the minutes of the previous meeting and consider the actions

The minutes of the meeting held on 25 July 2018 were agreed by the members present and signed by the Chairman. There were no action points to consider. Councillors Douris and Taylor requested that any future record of ‘action points’ should be reported in the same style as that being used for the Finance and Resources Overview & Scrutiny Committee.

An opportunity for members of the public to make statements and ask questions in accordance with the rules as to Public Participation

None

To provide an update on the Strategic Risk Register for 2018/19.

J Deane, Corporate Director (Finance and Operations) introduced the item, saying there were no significant changes to the risk scores to be reported and that the document had been checked and signed-off by the Leadership Team. The revised Risk Register is due to be considered at the next meeting of the Cabinet (18 Sept).

Cllr Silwall clarified the risk scoring system being adopted and confirmed that it is not changing in the revised version being considered at Cabinet.

1. Members will find included the Annual Review Letter 2018 published by the Local Government Ombudsman (LGO).  The Annual Review Letter contains the LGO’s annual summary of statistics on the complaints about this Council for the year ended 31 March 2018.

2. In addition the LGO has attached the following spreadsheets:

·         Additional information on the complaints and enquiries received in the period

·         Additional information on the decisions made in the period.

3. The annual letter and corresponding data tables were published on the LGO website on 25 July 2018.

N Howcutt; Assistant Director (Finance & Resources) took the committee through the various elements of the report and suggested conclusions to be drawn from it.

He pointed out that the vast majority of the complaints to the Ombudsman had resulted in decisions in the Council’s favour. He stressed that this is a good result. However, two complaints had resulted in the Ombudsman making recommendations for action to be taken by the Council.  NH outlined the complaints and advised that they are seen as lessons learned. The actually involved time taken to respond to complaints and not the subject matter of the complaint. He advised that since they occurred we have updated our procedures and officers now received reminders to ensure that all deadlines are met.

S Ironmonger of Grant Thornton was asked for her opinion and she advised that highlighting delays in addressing complaints is part of the Ombudsman methodology, the council needs to take heed of comments made and use them as an opportunity to learn; but DBC should keep this in perspective, as two slight negatives out of 36 complaints received is not a significant number.

Councillor Douris was advised that a reply to the MP was one of the delayed responses and that these are now being dealt with using the same improved reminder process as other complaints. 

Councillor McLean was anxious to know if the finding against DBC could result in a fine. NH advised that no fine is suggested as yet and that he would advise the committee if one was imposed.

Cllr Douris pointed out that he expected to see a report on our responses to Freedom of Information requests and Cllr Taylor advised that he would speak to Cllr Tindall who is also expecting an update.

To consider  any update from the Council’s External Auditor.

S Ironmonger of Grant Thornton updated the committee on the current position. She confirmed the unqualified opinion on the 2017/18 accounts as set out in the executive summary.

She then went on to outline the progress with the 2018/19 Accounts and drew attention to the deliverables and timescales set out in page seven of the report.

There was a short discussion on the sector update; and the Herts CC and other Herts’ councils possible bid for the handling of business rates.

The Internal Auditor, M Towler of Mazars, introduced the second report of the year. In their opinion, good progress is being made through the various audits; two reports have been finalised so far; and all undertakings have been met. As far as the follow-ups are concerned there are two outstanding from the 17/18 audit year and these will be dealt with in the agenda for this meeting.

To consider the following report:

·         GDPR

·         Social Media

The committee considered the Mazars report on the audit of General Data Protection Regulations

(Evaluation assurance: Substantial. Testing assurance: Substantial).

The audit raised two Priority 2 recommendations and one priority 3 recommendation as follows:

Recommendation 1: Framework to be implemented for conducting Privacy Impact Assessments in line with the guidance on such processes contained in GDPR (Priority 2).

Recommendation 2: All staff to complete GDPR mandatory training (Priority 2)

Recommendation 3: Incident Management Policy to be updated with a workflow document (Priority 3)

The committee took into account the responses of J Worts, Information Security Team Leader to the recommendations and circulated with the agenda.

Cllr Taylor expressed regret that no full record had been kept of the names and number of staff who had attended the staff training at Cupid Green, but assured the committee that the attendance had been good and all staff were aware that their attendance is mandatory.

He then went on to lead a discussion on the provision of training for Councillors, stressing that they should be treated the same as staff and attendance at training should be mandatory. Cllr Douris wanted the Member training to be ‘obligatory’.

MT advised that he has found no evidence that member training is mandatory in any of the authorities he examined. However he stressed that it is a ‘must’ that anyone who has access to and handles data must undergo some form of training. In his opinion the Information Commissioner would expect this as a minimum.

JD confirmed that 400 of the council’s 490 staff have been trained, though some training attendance had not been recorded. He advised the committee that a revised ‘flow-chart’ had been produced in response to recommendation 3 and the process examined and reduced to three simple steps.

Cllr McLean wanted to know what DBCs position would be if our IT was ‘hacked’? Would we be liable; could we be fined; and is there a budget to deal with such a contingency. Both J Deane and the auditors pointed out that in such a case we would have to evidence that we had taken all reasonable steps to avoid such an incident and have policies and procedures in place to mitigate the effects of any error. All large organisations are being very careful and doing all they can to protect data and DBC are doing all we can to protect our residents data as we do not wish to fall foul of the Information Commissioners Office. Cllr McLean was reassured by the fact that we had an officer designated to monitor the Council’s GDPR arrangements.

The committee considered the Mazars report on the audit of Social Media

(Evaluation assurance: Full. Testing assurance: Substantial).

The audit raised two Priority 3 recommendations as follows:

Recommendation 1: The responsibility for providing training on Social Media should be formally assigned (Priority 3); and

Recommendation 2: The Social Media training process should be formalised and updated when necessary to take into account developments in Social  ...  view the full minutes text for item 79.

To consider the Audit Committee Work Programme for September 2018.

The committee considered the work programme for 2018/19.

The committee noted that the Revised Risk Register would be considered at Cabinet on 18 Sept and that they would be made aware of any revisions at a future meeting.

Resolved: That the work programme for 2018/19 be agreed.