Agenda and minutes

Venue: 1908 Suite, Prince of Wales Stadium

Contact: Sophie McGough, Democracy Officer 

No. Item




There were no apologies.


Declarations of Interest


There were no declarations of interest.


Minutes of the Last Meeting pdf icon PDF 83 KB


The minutes of the last meeting had been circulated with the agenda.


Upon a vote it was unanimously


RESOLVED that the minutes of the meeting held on 19 September 2018

be agreed and signed as an accurate record.



Public Questions

These must be received no later than 12 noon on the fourth working day before the date of the meeting


There were no public questions.


IT & Cyber Security Report pdf icon PDF 266 KB

Tony Oladejo, ICT Audit and Compliance Manager

Additional documents:


The Chair welcomed Tony Oladejo, ICT Audit and Compliance Manager, who introduced the IT and Cyber Security report which had been circulated with the agenda. 


Mr Oladejo explained that the report was a follow up to previous work and he summarised the key activities undertaken by ICT to date, as well as the planned work.


Mr Oladejo reported that there is continuing progress on cyber security and that Publica had recently recruited a Cyber Officer to ensure that there is constant and consistent focus and horizon scanning on this area of their work.


Looking ahead, Publica ICT will be working with other government agencies and other partners to provide improved assurance, advice and guidance on current and future cyber security challenges and mitigation.


A focus on prevention of threats to cyber security is a priority for Publica, with emphasis on information, training and education.   To date, there are have been no breaches of security.


Members had a number of questions and comments about the recent ‘health check’, part of which, Mr Oladejo explained, involves the supplier attempting to gain unauthorised access to our networks from outside through our firewalls and other security barriers.  They also attempt to access all networks from internally to test and rate vulnerabilities on  licences, applications and passwords.  Once they gain access, they highlight and rate all vulnerabilities so the risk can be properly assessed and mitigated.  Members enquired as to the name of the supplier which was provided.


The Chair requested a top level report to this committee of what their findings are in order to get a better understanding of what the suppliers undertake.  Clearly this is sensitive information and Mr Oladejo will take that request back to Publica. The Chairman asked that he and the Vice Chairman be given access to the full report from NTS.


Raising awareness is recognised as a requirement as staff, including Members, need to sufficiently competent and knowledgeable about cyber security.   In response to a question about plans for ensuring staff are more informed, Mr Oladejo explained that ICT is working with the learning and development team on the roll out of training packages in the spring.  This will be completed by all staff online, and will be mandatory.  A communications plan is being developed to support the roll out.   It was suggested that member of this committee would be useful trial users of the training packages and Councillor Brownsteen offered to represent the committee.


With regard GDPR training for new councillors, it was suggested that it should be mandatory before they are set up on the council’s network. Mr Oladejo suggested he share the GDPR written guidance with the committee.


In response to a number of other questions, Mr Oladejo confirmed that Publica is actively involved with NCS and that in terms of working with suppliers there is a very robust due diligence process.  He also confirmed that looking at licences is part of the health check.   He would refer more detailed questions to  ...  view the full minutes text for item 5.


External Audit Plan for 2018/19 pdf icon PDF 445 KB

Grant Thornton


The Chair welcomed Sophie Morgan-Bower who introduced the External Audit Plan and summarised the key points. 


Of the ‘significant risks’ identified on page 3, ‘management override of controls’ has to be included.


Members raised a number of questions and comments:


·         Under ‘value for money arrangements’ on page 12, Ms Morgan-Bower confirmed that the work proposed for Publica Group (Support) Limited is related to the council’s contract management, monitoring and governance arrangements.

·         On page 6, it was noted that UBICO Limited has no risks recorded.  This is because UBICO is not significant in terms of the group. 

·         Regarding assurances for the Pension Fund and Public Group (Support) Limited referenced on page 9, Ms Morgan-Bower confirmed that these are written assurances and are standard procedure.

·         It was noted that The Cheltenham Trust is not included in the group audit scope. This is because they are a completely independent body, outside of the council’s audit scope.


The report was approved by the committee.


Certification of Grants and Returns pdf icon PDF 150 KB

Grant Thornton


Ms Bower-Morgan explained the detail of the certification of grants and returns, and the specifics highlighted in the letter, resulting in one recommendation.


In response to a question regarding the reference to cells, Ms Bower-Morgan confirmed that this is the way of reporting to the Department of Work and Pensions.


The report was noted.


Internal Audit Monitoring Report pdf icon PDF 87 KB

Internal Audit

Additional documents:


Lucy Cater, Assistant Director, SWAP Internal Audit Services introduced and summarised the internal audit monitoring report and pointed out that Appendix E is new to the report.

Substantial assurance around treasury management and bank reconciliation.


The audit plan for 2020 is currently being developed.  Members of the committee are requested to let Ms Cater have suggestions for inclusion in the plan.  The Chair emphasised that the role of the committee is to provide robust challenge.


There were particular questions regarding the UBICO error which had been identified and confirmation was given that relevant parties, including the cabinet member, had been informed.  Sarah Didcote, Business Partner Manager, confirmed that this issue had been fully investigated and that processes and financial controls have been improved which the internal audit team will follow up.


Action:  Sarah Didcote to send Councillor Chris Coleman, Cabinet Member Clean and Green Environment, a copy of the  report.


The report was noted.




Briefing Notes pdf icon PDF 94 KB

Leisure@ Refurbishment Project Review An update on the success or otherwise, of using a development partner to deliver the Leisure-at redevelopment project



The Chair thanked Councillor Brownsteen for suggesting the tour of Leisure-at before the start of this meeting to see the redevelopment work.


The briefing note was noted.


Work Programme pdf icon PDF 58 KB


Members requested that ‘draft accounting policies’ be added to the agenda for the next meeting. ‘External audit plan’ can be removed from the next meeting agenda.






Any Other Item the Chairman Determines to be Urgent and Requires a Decision


There were no items. 


Date of Next Meeting

24th April 2019


The date of the next meeting is 24 April 2019.