Agenda and minutes

The minutes of the meeting held on 25 November 2016 were taken as read, confirmed and signed.

The Chief Executive reported that no questions had been received under Standing Order 35.

The Chief Executive reported that no questions had been received under Standing Order 7(3) and 7(5).

There were no urgent items for consideration.

The Chairman invited members who wished to do so to declare any interest in respect of items on the agenda for the meeting.

It was noted that all Members who were also members of a Parish, Town or District Council would have personal interests in those items relating to those authorities.

Mr Shepherd CC declared a personal interest in item 7: Annual Report on Grants and Returns, as a member of the teachers’ pension scheme. Mr Lynch CC also declared a personal interest in item 7, as his wife was a member of the teachers’ pension scheme.

The Committee considered a report of the Director of Corporate Resources which presented the External Audit Plan 2016/17. A copy of the report marked ‘Agenda Item 6’, is filed with these minutes.

The Chairman welcomed John Cornett and Daniel Hayward of KPMG, the County Council’s external auditors for 2016/17, to the meeting. 

RESOLVED:

That the update provided by KPMG be noted.

The Committee considered a report of the Director of Corporate Resources the purpose of which was to present the 2015/16 Annual Report on Grants and Returns for approval. A copy of the report, marked ‘Agenda Item 7’ is filed with these minutes.

In answer to a question it was confirmed that where issues had been identified with grant claims feedback was provided.

RESOLVED:

That the annual report on Grants and Returns 2015/16 be approved.

The Committee considered a report of the Director of Corporate Resources the purpose of which was to present the Treasury Management Strategy and Annual Investment Strategy 2017/18. A copy of the report, marked ‘Agenda Item 8’, is filed with these minutes.

RESOLVED:

That the Treasury Management Strategy Statement and Annual Investment Strategy 2017/18 be noted.

The Committee considered a report of the Director of Corporate Resources which set out the actions taken in respect of treasury management in the quarter ended 31 December 2016. A copy of the report, marked ‘Agenda Item 9’, is filed with these minutes.

RESOLVED:

That the contents of the report be noted.

This item will include a presentation on the risks associated with information security and data breaches.

The Committee considered a report of the Director of Corporate Resources, the purpose of which was to provide an overview of key risk areas and the measures being taken to address them. A copy of the report, marked ‘Agenda Item 10’, is filed with these minutes.

The Committee also received a presentation on the risks associated with information security and data breaches as per risks 3.1 and 3.2 on the Corporate Risk Register. The presentation was in addition to a visit by Members to the Data Centre at County Hall which had taken place before the meeting. A copy of the slides forming the presentation is filed with these minutes.

Presentation

Arising from the presentation the following points were noted:

(i)            The County Council’s IT system could experience an outage due to events such as fire or flood, a technical failure or a cyber attack. The level of risk for this was calculated by multiplying the score given for the likelihood of the event happening by the score given for the severity of the impact. This calculation gave this particular risk a score of 15 which brought it within the remit of the Corporate Risk Register.

(ii)          A disaster recovery procedure was in place and tests had been conducted of this procedure. The system could be restored to a particular date and time before any corruption had taken place. Under the Council’s insurance policy support would be provided on how to deal with the effects of a breach including how to manage the media.

(iii)         Officers were prepared for all types of cyber-attacks on the County Council including Phishing, Denial of Service, long term hacking, and ransomware. The Centre for Cyber Security had just opened and its role was to provide information and advice. Officers at the County Council were subscribed to an email distribution list where updates on cyber security matters were sent out.

(iv)         During the visit to the Data Centre officers had confirmed that there were no arrangements in place for vetting Data Centre staff to make sure that they were not vulnerable to coercion from outside persons. Members asked for this issue to be addressed.

(v)          A neighbouring Council had been subjected to a Ransomware attack which led to a breach of cyber security. The problem had been exacerbated by a delay in the officer concerned reporting the incident and it was highlighted that these incidents needed to be reported as soon as possible. 

(vi)         Were there to be a breach of Information Security the Council could be fined by the Information Commissioner’s Office (ICO). The Council was due to be audited by the ICO in the autumn of 2017.

(vii)        To prevent a breach of Information Security measures were in place comprising of both technical features such as software which analysed traffic and spotted irregularities, and behavioural guidance. Council staff were required to complete an e-learning course on Information Security.

Risk Register

(viii)      In response to a question from a Member the County Council’s auditors confirmed that they were aware of the Fairer Funding booklet and had worked closely with the Director of Corporate Resources on it.

RESOLVED:

a)        That the current status of the strategic risks facing the County Council and the updated Corporate Risk Register be approved;

b)        That the updates on the following areas be noted:

(i)        content of the revised Risk Management Policy and Strategy;

(ii)       results of the 2016/17 Fraud Risk Assessment;

(iii)      organised crime;

(iv)      counter fraud policy updates.

c)         That officers be requested to provide a presentation on the risks associated with the costs of Special Educational  ...  view the full minutes text for item 156.

The Committee considered a report of the Director of Corporate Resources, the purpose of which was to provide a summary of progress against the Internal Audit Plan 2016-17 and report on progress with implementing high importance recommendations. A copy of the report, marked ‘Agenda Item 11’, is filed with these minutes.

RESOLVED:

That the contents of the report be noted.

The Committee considered a report of the Director of Corporate Resources, the purpose of which was to inform members that Leicester City Council had decided to delegate its internal audit function to Leicestershire County Council and transfer over its internal audit staff. A copy of the report, marked ‘Agenda Item 12’, is filed with these minutes.

RESOLVED:

a)        That the approach by the City Council to delegate its internal audit function and TUPE its general internal audit staff to the County Council be noted.

b)        That it be recommended that Cabinet and full County Council accept the delegation and staff transfer of Leicester City Council’s Internal Audit Function to Leicestershire County Council.

The Committee considered a report of the Director of Law and Governance which presented the revised Members’ Planning Code of Good Practice for consideration prior to it being submitted to the County Council on 22 March 2017 for approval. A copy of the report, marked ‘Agenda Item 13’, is filed with these minutes.

Members suggested that where the Code referred to ‘Presentations by Applicants/Developers’ it could be made clear whether this referred to public or private presentations and whether exhibitions were included.

RESOLVED:

(a)       That it be noted that the revised Planning Code of Good Practice will be considered by the Development Control and Regulatory Board on 9 March 2017;

(b)     That the County Council be recommended to adopt the revised Planning Code of Good Practice, subject to the amendments now suggested by the Committee and any changes arising from its consideration by the Development Control and Regulatory Board.

The next meeting of the Committee will take place on 26 May 2017 at 10:00am.

RESOLVED:

That the next meeting of the Committee be held on 26 May 2017at 10:00am.