Agenda item

Members gave consideration to the Annual report on identified fraud during 2022/23 and the proactive measures undertaken to counter fraud during the year, and actions for the following year. The report covered a summary of the counter fraud work carried out within the year. This was a summary of the work rather than the full list of detailed work. It summarised by providing key definitions and a breakdown of the cost of fraud to the public purse.

Work carried out in 2022/23 included but was not limited to:

•                Participating in all National Fraud initiative testing

•                Revenues and Benefits Counter Fraud work

•                Cyber Crime prevention.

The details of which were listed in sections 4 and 5. The Authority’s work programme for 2022-23 was provided in section 7.

A further report would come to Members in the winter when the Economic Crime Bill became law. This would require a re-write of the Authority’s policies and strategies to ensure they were compliant with future changes and obligations. Further information was scheduled to be provided during the Members Audit committee training in September 2023.

The National Fraud initiative was a large national data matching exercise controlled by the Cabinet Office whereby the Cabinet Office requested data sets from Local Authorities, which included supplier data, Council Tax Data, Business rates data and Employee Data. This data was then mined and matched across the public sector creating high quality intelligence for Government on tax evasion, Healthcare Fraud and Benefit Fraud.

The report also requested, that in line with good governance and best practice, a full fraud risk assessment be undertaken in Q2 with the outcome of a fraud action plan and specific fraud risk register to reported to Committee at its November meeting.  Up until 2023/24 the Council subscribed to a Counter Fraud service provided by Assurance Lincolnshire (Lincolnshire Fraud Partnership). This service provided support to County Wide fraud prevention exercises and provided guidance and advice. This service was no longer available from the County Council although some exercises would continue. It was essential that West Lindsey District Council procured a programme to replace that service to ensure that all duties and responsibilities could be fulfilled.

In order to implement the proposed work, the Authority would need to request funding from earmarked reserves as detailed in in the report. Subject to approval by the Committee the report advised that procurement would be undertaken by the S151 Officer used a supplier listed on the Crown Commercial Services Audit and Assurance Framework. The risk assessment was considered to be a key tool in enabling the Council to focus its resources on the maximum level of counter fraud activity, achievable as a Local Authority with limited resources. The amount required equated to the market rate for 10-15 days consultancy time and disbursements.

Debate ensued, and Members recognised that the Council had a number of systems in place to prevent and detect fraud but queried what safeguards where in place when those systems were attacked or needed to be taken offline given the vast majority of information and system were now digital.  In demonstrating the point reference was made to problems other large organisations had experienced when finding themselves in that position.

By way of reassurance Members were advised that West Lindsey District Council was part of a Lincolnshire wide emergency planning group which met regularly and undertook emergency planning scenarios, testing procedures for such situations, at a District, County, Regional and National level, depending on the scenario. Only in the last few months had there been an extensive exercise in response to national news of potential power cuts, all local agencies had attended, including health, police and local authorities. Information learned through planning exercises helped formulate an emergency plan, in the event an emergency realised.

Members indicated the robust answer gave great assurance and indicated that it would be useful to receive further information on such emergency planning exercises via a report to Members Bulletin.

Concerning tackling cybercrime, the Authority received constant potential attacks, but this was managed with robust defences plans, policies procedures and software.  Staff were regularly reminded of the risks to systems and how to keep their systems as safe as possible, this practice would now be extended to Members on a more regular basis too. 

Members were assured that the level of resources would be considered in the follow-up report later in the civic year following the new legislation, which would consider the budgeting and minimising and mitigating risks.

Members sought an understanding of when within the process a successful, or otherwise cyberattack would be reported as a crime and were advised that the Authority’s duty in the matter was to report any successful cybercrime against the Authority   to the Information Commissioners Office (ICO) and Action Fraud, as opposed to directly to the Police, noting however that Action fraud was a part of the Police Service on a national scale its primary focus being fraud, all institutes including banks were under similar obligations.

In reply to questions on the internal audit’s capacity to undertake the fraud risk work on this occasion, and in response to suggestions that the agreed Internal Audit plan could potentially be reworked to accommodate it.  Members were advised that approved plan focused on internal audit work and there were not currently the resources within the team to undertake the work within then timescales needed. The Head of Internal Audit and Risk Management advised that consideration was being given to ensuring that the Team could take on more local government fraud work in the future.

Having been proposed and seconded, upon taking the vote, it was unanimously

RESOLVED that:-

a)         the contents of this report be endorsed and the ongoing counter fraud work to protect the Authority’s interests be supported;

b)         a full Counter Fraud Risk Assessment be procured and carried out in Quarter 2 2023-24 with the results reported back to the November 2023 Governance and Audit Committee.