Agenda and minutes

To receive declarations of interest from Members in respect of items listed on the agenda.

There were no Declarations of Interest to report.

To receive questions relating to items of business on the agenda from members of the public or press who are present at the meeting.

No questions had been received in advance of the meeting nor were there any members of the public or press in attendance.

To determine whether the following item should be considered under the categories suggested in accordance with Part 1 of Schedule 12A (as amended 2006) of the Local Government Act 1972.

Under Section 100A(4) of the Local Government Act 1972, the press and public be excluded from the meeting for:-

Agenda Item 13 (Assistant Chief Executive – Risk Management) on the grounds that it involves the likely disclosure of exempt information as defined in Paragraph 3 of Part I of Schedule 12A to the Local Government Act 1972 (information relating to the financial or business affairs of any particular person (including the authority holding that information)).

Resolved:- That, under Section 100A(4) of the Local Government Act 1972, the press and public be excluded from the meeting for Minute No. 41 (Risk Management Presentation – Assistant Chief Executive) as defined in Paragraph 3 of Part 1 of Schedule 12A to the Local Government Act 1972 (information relating to the financial or business affairs of any particular person (including the authority holding that information)).

To consider and approve the minutes of the previous meeting held on 29^th July, 2025, as a true and correct record of the proceedings and to be signed by the Chair.

Consideration was given to the minutes of the previous meeting of the Audit Committee held on 29^th July, 2025.

With regards to Minute No. 21 (Review of Surveillance and use of Regulation of Investigatory Powers) it was noted that external training had been arranged for 21^st October, 2025.

Resolved:- That the minutes of the previous meeting of the Audit Committee be approved as a correct record of proceedings.

Grant Thornton, External Auditors, to give a verbal progress update

The Chair invited Greg Charnley, Audit Senior Manager, Grant Thornton, to provide an update on the current position with regard to the External Audit.

The audit had commenced and no material or significant issues had been identified of concern. It was, therefore, expected the findings of the audit would be presented to the November meeting of the Audit Committee.

Resolved:-  That the update be received and the content noted.

Paul Vessey, Head of Information Management, to present the Information Governance 2024-25 Annual Report

Consideration was given to the annual report presented by Paul Vessey, Head of Information Governance, which set out the detail of Council’s compliance with Data Protection and Freedom of Information legislation.

The report, therefore, set out in detail performance for Freedom of Information, Right of Access Requests and any Data Protection Incidents and Breaches.

In terms of responses to Freedom of Information Requests (within the statutory time limits) overall performance was at 98% with the number of requests received during Year 2024/25 up to 1,347 compared to 1,307 in 2023/2024.

This was an improvement in performance compared to the previous year and following analysis of the data there were no concerns raised on the year’s performance.

With regards to Right of Access Requests during 2024/25 there had been an increase leading to an improvement in performance by 22% percentage points for requests dealt with within the statutory time frame.

In terms of Data Protection Incidents and Breaches, the Council actively encouraged services to report any suspected data incidents and all reported cases were investigated. Attached to the report was an Appendix which provided a breakdown of the number and classification of incidents.

There had been one complaint received direct from the Information Commissioner’s Office which was addressed.

In the main all the breaches reported were of a minor nature.

The Committee in the course of its questioning asked further about the complex nature of Right of Access Requests, whether they were mainly personal requests or part of a specific investigation, the context of the Information Data Incident Statistics and if there was any year-on-year data.

In their response officers explained and gave examples of complex Right of Access Requests which were primarily related to Social Care and Children and could be resource intensive and lengthy when collating historical records.  In the main requests were of a personal nature, but there were occasions where requests were received as a result of an investigation.

Unfortunately, there was no further breakdown for the statistics, but every single request received was investigated.  The tables within the appendices provided numbers on a year-on-year basis for all requests in accordance with the Data Protection and Freedom of Information legislation.

Further examples of low-risk data protection incidents and breaches were provided which were often due to misdirected emails with limited or no personal data, emails sent with Carbon Copy (CC) instead of Blind Carbon Copy (BCC) exposing email addresses, and Council Tax bills sent to the wrong address.

Serious beaches were reported to the Information Commissioner’s Office and two incidents were reported in 2024/2025 financial year. No action was taken by the Information Commissioner.

The Committee wished to explore further the complaint from the Information Commissioner’s Office and were advised this related to a bus pass application and the request for information.

Further the Committee asked about performance for Freedom of Information Requests at 98% and why this was not 100% and were advised this was down to responses from individual Directorates who were responsible for  ...  view the full minutes text for item 35.

Louise Ivens, Head of Internal Audit, to present the report

Consideration was given to the report presented by Louise Ivens, Head of Internal Audit, which detailed the proposed update to the Council’s Anti-Fraud and Corruption Policy and Strategy.

The update followed an annual review process which was designed to ensure that the Policy and Strategy were up-to-date with current best practice and to take into account any changes to the Council’s organisational structure.

The Committee was advised that there had been only minor updates to the Policy and Strategy since the last review. The Fighting Fraud and Corruption Locally checklist had been used to review the Council’s arrangements against current best practice. The self-assessment against the checklist and resulting actions were included as part of the report.

In considering the content, the Committee referred to Section 15 of the Self-Assessment Checklist and the programme of work to ensure a strong counter fraud culture across all Departments.  With this in mind was there an opportunity to provide an e-learning package of training and for this to be mandatory.

The Head of Internal Audit advised that the training programme for staff was currently being reviewed including which training was mandatory.  The counter fraud training was currently in development and it would be reviewed as to whether this should be mandatory or not.  In response to a question regarding the Economic Crime and Corporate Transparency Act, advice had been sought from Legal Services and it was confirmed that this was not applicable to Rotherham Council. 

Resolved:-  (1)  That the content of the revised Anti-Fraud and Corruption Policy be noted.

(2)  That the revised Anti-Fraud and Corruption Strategy be approved.

(3)  That the actions taken to strengthen the Council’s fraud and corruption arrangements be noted.

(4)  The further information be provided on the counter fraud training and whether this would be mandatory for staff.

Louise Ivens, Head of Internal Audit, to present the report

Consideration was given to the report presented by Louise Ivens, Head of Internal Audit, which set out in detail the progress report and the latest up-to-date position on the Internal Audit Plan.

The report, therefore, provided a regular summary of Internal Audit work completed during the period 1st May to 31st July 2025 and the key issues that have arisen from it, along with the status of actions arising from audits.

The report also detailed information regarding the performance of the Internal Audit function during the period and a review of the Performance Indicators that had taken place.

A Draft Audit Strategy 2025-28 had been developed in accordance with the Global Internal Audit Standards (UK Public Sector). The Strategy set out the vision, strategic objectives and initiatives and an action plan of how they would be delivered.

The Performance Indicators to encompass the objectives have been reviewed and  KPI information would continue to be reported on quarterly.  Appendix B to the report set out in detail the current latest position against the audit plan.

There were 32024-25 ongoing audits.  The overall summary of reports issued during the period May to July were set out in detail at Appendix C to the report.

Appendix D  detailed the Internal Audit Dashboard, Appendix F the Quality Assurance and Improvement Programme Action Plan and Appendix G the Draft Internal Audit Strategy for 2025-2028.

The Draft Internal Audit Strategy had 3 objectives:-

·            Developing agile and data driven approaches to auditing.

·            Workforce planning and professional development.

·            Developing the assurance framework.

The Internal Audit Strategy would be reviewed every 3 years. However, if significant changes occurred, then the Strategy would be revised more frequently. An annual review of progress against the actions in the Strategy would be undertaken and reported to the Strategic Leadership Team and the Audit Committee.

As part of their questions the Audit Committee asked about the KPI’s and the need to ensure there were no delays by management and asked that this be followed up.

A query was raised regarding the Sundry Debtors report for Regeneration and Environment to which the Assistant Director of Community Safety and Street Scene confirmed that a regular report on Sundry Debt was now discussed at the Directorate Leadership Team.

The Head of Internal Audit confirmed actions would be followed through and picked up through normal audit progress and routine review.

In terms of the Audit Plan it was noted there were 40 Audit areas, not all of which had been started.  A question was raised as to how confident officers were of all areas being achieved given the carry forward of some audits from 2024/25.

A further question referred to potential failures to achieve audits within planned timescales and the risk of failing to complete the wider assurance plan.

The Head of Internal Audit addressed both questions and confirmed that whilst it was difficult to set amounts of time within the Audit Plan, where the audit budget was exceeded this related to audits which were  ...  view the full minutes text for item 37.

Simon Dennis, Corporate Improvement and Risk Manager, to present the revised Code of Corporate Governance

Consideration was given to the report presented by Simon Dennis, Corporate Improvement and Risk Manager, which detailed how in April 2016 the Chartered Institute of Public Finance and Accountancy and the Society of Local Authority Chief Executives published revised guidance on delivering good governance in Local Government. In May 2025 CIPFA issued an addendum to the guidance covering the annual review of governance and the annual governance statement.

The Council’s Code of Corporate Governance was refreshed to comply with this new guidance and attached as an appendix was the tracked change version. It was good practice to review and revise the Council’s Code on an annual basis. Although there had been no specific changes to the 2016 guidance as a result of the 2025 addendum, an annual review of the Code had been completed to ensure it remained up-to-date and relevant to the Council. The changes this year took account of the additional clarifications included in the 2025 addendum and could be seen on Appendix 1.

In their receipt of the report, the Committee asked about Principle G: Implementing good practices in transparency, reporting and audit to deliver effective accountability and how this was evidenced on the Council’s website and asked was this, therefore, sufficient in reaching all audiences?

The Corporate Improvement and Risk Manager confirmed the website allowed for compliance examination and had received no feedback to confirm this was insufficient.

Resolved:- That the refreshed version of the Code of Corporate Governance be received and noted.

Louise Ivens, Head of Internal Audit, to present the Audit Committee forward work plan for November, 2025 to September, 2026

Consideration was given to the proposed forward work plan for the Audit Committee for next year.  The plan showed how the agenda items related to the objectives of the Committee, which was presented for review and amendment as necessary.

Whilst a suggestion had been maybe allow Scrutiny to suggest items, the functions of each area should not be confused.

Resolved: That the Audit Committee forward work plan as submitted be approved.

Louise Ivens, Head of Internal Audit, to present the partial opinion audits progress report

Consideration was given to the report presented by Louise Ivens, Head of Internal Audit, which provided assurance to the Audit Committee in relation to the actions taken and implementation of the recommendations made with regard to the partial assurance Internal Audit reports on:-

•        Asset Management property acquisitions and disposals.

•        Building Security follow up.

•        Water safety (legionella) compliance (Corporate Landlord).

•        Water safety (legionella) compliance (Housing).

•        Music Service income.

•        Home to School Transport.

Officers from relevant services were present to provide updates and the Chair extended an invitation individually for this to be undertaken.

The Assistant Director for Community Safety and Street Scene provided an update on the number of actions which were prioritised for progression and achieved completion by the 30th June 2025. These primarily related to driver compliance and it was noted all records have been brought up-to-date and a new monthly report showing compliance across DBS checks and training records had been established within a dashboard.

The other actions due for completion and implementation by 31st August 2025 have been complied with and evidenced. All identified actions in relation to processes and procedures have been developed and implemented, along with scheduled monthly dip test checks and relevant toolbox talks planned for staff involved in the day-to-day operation of the service.

A Project Team had now been established consisting of officers from the Home to School Transport and Procurement teams. During the first couple of meetings an initial scoping and analysis of requirements/route to market was undertaken and a project plan now in the process of being developed.

In considering the detail the Committee was concerned that the Home to School Transport Service did not have a current contract/framework in place with the external operators providing transport for the Service and asked if this would be corrected by the end of 2026.

The Assistant Director for Community Safety and Street Scene confirmed the challenge was welcomed and many of the issues would be addressed.  He provided a reassurance that value for money would be achieved through a framework of local suppliers and through a competitive tendering relationship.  This area was a high priority for Procurement.

Contract extensions have been approved via exemptions from retendering to continue operating the Service out of contract. However, the latest approved exemption expired in March 2024 exposing the Council to risk of challenge.  It was imperative that this was pursued within a reasonable timescale and the risks be mitigated against and reduced.

The Assistant Director for Property and Facilities Services reported on Asset Management property acquisitions and disposals and how the Council had incurred substantial costs to remedy damage to a town centre property which was acquired and not promptly secured.  This contributed to an overspend against the budget within the Asset Management Service in 2023-24 of £0.3m.

Of the 19 recommendations, 18 were now complete with the last recommendation remaining within timescale for completion.  However, as of today this was now also complete.

The Assistant Director for  ...  view the full minutes text for item 40.

Phil Horsfield, Assistant Director, Legal Services, to present

Consideration was given to the report presented by the Assistant Director of Legal Services (as the Strategic Director of Finance and Customer Services had been called away to deputise for the Chief Executive), which provided details of the current position of the Assistant Chief Executive’s Directorate Risk Register and risk management activity within the Directorate.

Due to the departure of the Assistant Chief Executive, temporary management arrangements were in place and the Risk Register would be reviewed.

An additional risk was to be added to the register relating to equal pay and this would be picked up in due course.

The Committee in their consideration of the report made reference to ACX35 and the lack of Elected Member engagement in the Member Development Programme or Neighbourhood Working.  Questions were raised on how this suggestion had been arrived at when engagement was difficult unless Members were on the membership of the Member and Democratic Panel.

The Assistant Director for Legal Services acknowledged the difficult interpretation and on reflection agreed that the risk would be reviewed to address the wording and more clearly articulate the risk.  This would need to be discussed further.

The Committee asked further about equal pay and whether the arrangements increased the risk as this Directorate had no incumbent in the Assistant Chief Executive role.

The Assistant Director of Legal Services confirmed arrangements were in hand to fully manage risk.  Management arrangements were in place to ensure any transition were undertaken smoothly and risks managed appropriately.

The Committee also noted that ACX40 had since transferred to Finance and Customer Services, although this would remain a risk to the whole Council.

The Committee further referred to ASX32 and the potential failure to deliver key workplace priorities and it was confirmed this would form part of the review of the Directorate.  Every effort would be made to strengthen any changes and with full engagement.  Further details would follow.

With this in mind the Committee asked that instead of this risk register being reviewed annually, that this be reconsidered by the Committee in January, 2026 where any changes would be clearly outlined.

Resolved:- (1) That the progress and current position in relation to risk management activity in the Assistant Chief Executive’s Directorate, as detailed in the report submitted, be noted.

(2)  That due to the management changes and proposed review of the risks the risk register be reconsidered by the Committee in January, 2026.

(Exempt under Paragraph 3 (information relating to the financial or business affairs of any particular person (including the Council) of Part 1 of Schedule 12A))

To consider the referral of matters for consideration by the Overview and Scrutiny Management Board.

There were no items for referral to Scrutiny.

To consider any item which the Chair is of the opinion should be considered as a matter of urgency.

There was no urgent business for consideration.