Agenda item

(Minute No. 19 – 17 August, 2016) 

Further to the above Minute, the Committee considered a report which built on the Counter Fraud report presented to the Committee in August and was intended to give the Audit Committee:-

·         an understanding of the fraud risks that the Council was currently exposed to;

·         an assessment of the Council’s current compliance with the CIPFA Code of Practice for Managing Fraud and Corruption;

·         an understanding of the innovative work being undertaken in the field of data matching and data analytics to prevent and detect fraud for the Council.

The Council had identified, 30 high level types of fraud (fraud risks) to which it is exposed.  Inherent risk ratings had been assessed for all of these risks and work was underway to agree final residual risk ratings for all risks.  New fraud risks continued to emerge all the time, particularly in the field of cyber-crime/cyber-fraud. Maintaining resilience to these risks was key to protecting the public purse and the interests of the Council and the citizens that it serves.

The Council had assessed itself as compliant with the Code of Practice on Managing Fraud and Corruption. Members noted that 2 actions remained on going but were not considered to fundamentally affect compliance with the Code.  These actions included finishing the assessment of residual fraud risk and to launch the previously delivered face to face fraud training undertaken in February/March 2016 in electronic format to the rest of the Council. These actions were considered to be progressed to a sufficient stage to meet the requirements of the code or are covered (in the case of the electronic training) by other training provisions delivered in the last 12 months.

It was reported that good progress was being made within the Council with regard to producing a Risk Register and showed that against the CIFPA Code, the Authority was compliant in managing fraud and corruption.

In response to a question from Members, Colin Earl, Head of Internal Audit reported that the risk register had been developed following extensive engagement with Service Managers.  He stated that a report would be submitted to the next meeting on how identified risks were managed.  In addition, Members were informed that the next pre-meeting training session of the Committee was to focus on anti-fraud in more detail.

Kathryn Smart enquired whether the Council had the right skills in place to prevent cyber fraud and Malware attacks. Members were informed that the Information Risk Officer and the Information Governance Group were continually looking at the threats that were emerging and ensuring the Council had got the appropriate safeguards in place to prevent such risks. The Council was aware of other authorities who had suffered from attacks and had been held to substantial ransoms. It was acknowledged this was a real risk, particularly in terms of a financial risk as well as control and loss of the Councils security.

Awareness raising of these risks was considered critical and a range of measures were being put in place to address this including, the development of an electronic training package and it was anticipated that this was to be rolled out to management in January 2017.

RESOLVED 

(1)        the draft fraud risk register for the Council, be endorsed;

(2)         to support further developments in the field of data matching and data analytics and;

(3)        to note the Council’s assessment of its compliance with the CIPFA Code of Practice on Managing the Risk of Fraud and Corruption.