Agenda item

6.1  The Performance and Programme Manager gave an update on the regulatory activity. There are three external regulators: Audit Wales, Care Inspectorate Wales, and Estyn. Each body is responsible for providing assurance that the Council is fulfilling its statutory duties and providing value to the public. This report covered the regulatory reports / inspections completed by each body between April 2023 and December 2023 including a summary of the Council’s response (where applicable), and any additional actions which the Council is undertaking to respond to the recommendations.

The report also included an update with any actions in progress from the previous report to Governance and Audit Committee. Four national thematic reports had been published by Audit Wales and two local reports.

Care Inspectorate Wales had delivered two national reports and one inspection of an adult residential provision. Estyn delivered six school inspections and five national thematic reviews.

Comments of Committee Members:

6.2  Dr Barry noted that, 29% of elected members had not attended the training; Dr Barry asked how this would be addressed and what was covered in the training.  Mr Reed also asked what steps would be taken in relation to non-attendance, and queried whether the Committee require feedback in terms of names of those that did not attend.

6.3  Dr Barry added that the testing of business continuity plans was not included in the report, and this was a requirement. 

6.4  Dr Barry referred to building control registration competency issue, did this need to be completed by 1 April with nine months to complete an action plan, this was a long time and could it be completed within a month or two.

6.5  Dr Barry referred to three national themed reports, with 11 recommendations in total, but it was not clear which of these recommendations referred to which reports, so this could be clearer.

6.6  Dr Barry thought that the National Fraud Initiative self-appraisal checklist should be brought forward.

6.7  The Head of People, Policy and Transformation responded to both Dr Barry and Mr Reed’s query on cyber training.  Every councillor received training before they could access the system at the beginning of their term, although Audit Wales did refer to additional cyber training provision.  Since this was last reported to the Committee, training attendance had increased, and this was also supplemented with online training. This was an interactive online session, with colleagues running through all aspects of data protection, information management and security including cyber control.  Attendance at the training would continue to be encouraged and promoted.

6.8  The Head of People, Policy and Transformation referred to business continuity testing, this did not meet control set by Audit Wales but was being reviewed and therefore testing would be completed at a later stage. They noted the comments of the Committee and would provide feedback to the service area. 

6.9  The Strategic Director for Transformation and Corporate added that every member had completed compliance training around cyber security. This represented additional training, and the Committee may wish to make a recommendation on if it should be mandatory. There is a difference between training that is considered mandatory under legislation and a list of training suggested as useful and important. Cyber training, however, was continually changing and training should be accessed on a regular basis.

6.10    Councillor Jordan pointed out training slides were provided for all councillors following a session and these were available for those that were unable to attend training sessions.

6.11    Councillor Mogford mentioned that in the past he had requested training slides for those courses he had attended but had not received them. The Chair noted that officers would pick this up outside of the committee. 

6.12    Dr Barry was concerned about cyber-attack and the consequences around information security The Strategic Director for Transformation and Corporate suggested that this could be taken as a Part 2 update to Committee Members.

6.13    The Chair took on board the points and understood that training took place in July 2023, but the audit report was not issued until August 2023, which was after the date of the initial training. The Chair requested that the committee’s concern regarding councillor attendance at cyber training be noted as an ongoing concern.

6.14    The Chair also referred to testing arrangements around cyber security and business continuity. The Strategic Director for Transformation and Corporate suggested that cyber compliance was to be discussed in private. In terms of business continuity, the Strategic Director for Transformation and Corporate noted that there was an arrangement in place, which had been well-tested during the pandemic.

6.15    The Chair suggested a lead officer should be named as accountable for delivering these recommendations, as it was not listed in the report. The Policy and Programme Manager assured the Chair that all reports would go to the Head of Service, who are ultimately responsible for those reports, however, they would look at making the chain of accountability clearer in the report.

The Chair referred to the National Fraud Initiative (NFI) and asked if reassurance was provided by the Audit Manager regarding training. The Head of Finance advised that there would be two pieces of work, one on NFI, with a lot of those checks undertaken within service areas with a mop-up of reports from the Audit Manager during March/April. There would also be a bigger piece of work on the fraud risk assessment, which would inform the audit plan over a number of years.

6.16    The Chair considered that recommendations in one of the CIW reports, required a wider narrative on how they were being dealt with.  The Policy and Programme Manager would feed this back to the relevant officers for future reports.

6.17    The Chair referred to the Estyn report, where it should say that all schools had received training on the Additional Learning Needs (ALN) system rather than nearly all schools had received training. The Policy and Programme Manager advised that Education services used Estyn’s ratings in terms of how they were assessed and did not realise that it had a different interpretation for the Governance and Audit Committee. This would be made clear in future when reporting back in future.

6.18    Mr Reed referred to Page 66 regarding National Fraud Initiative where it stated that 13 out of 22 Welsh Local Authorities identified 95% of fraud. It did not make it clear in the report that Newport was not one of them, therefore under NCC Action should there be a comment that Newport was one of the LA’s that contributed to identifying the 95%. The Policy and Programme Manager advised that it was addressed when it was last looked at but not included in the information.

6.19    Mr Reed referred to page 68, there was no recommendations and Mr Reed wanted to congratulate officers for this.

Recommendation:

The Governance and Audit Committee considered the contents of the report and the regulatory activity completed, and noted that where recommendations were raised, the Council took necessary action as a response.

That the comments of the Governance and Audit Committee be noted.