HEREFORDSHIRE Council still offers “limited assurance” over data protection despite warnings about its systems last year.
The latest limited assurance finding is in a final report from the council’s former auditors KPMG.
While the report recognises progress the council has made on data protection and processes it warns of further work needed to prevent breaches of the Data Protection Act (DPA).
In July last year, the Hereford Times revealed that a single data protection breach could cost the cash-strapped council a fine of up to £200k imposed by the Information Commissioner’s Office (ICO).
The breach, in the People’s Services directorate, was said to be so sensitive that to reveal its details would also risk breaching the DPA.
Then, both the ICO and KPMG said the council’s systems offered “limited assurance” with 80 data protection incidents logged between June 2012 and June 2013 alone.
As a result, the council was recommended to carry out personal data audits across its service areas.
Other areas of “limited assurance” recorded in the final KPMG report are food hygiene and the council’s ability to complete a full programme of inspections (as reported by the Hereford Times in June last year); and processes and controls related to rent collection and the gypsy and travellers service.
The report finds the council offers “substantial assurance” over the collection of council tax and “adequate” assurance over the likes of treasury management and procurement.
Last month, as reported by the Hereford Times, the council confirmed the end of its three-year internal audit contract with KPMG to select the South West Audit Partnership (SWAP) as preferred provider.
Cabinet was recommended to select SWAP over KPMG who charged the council £236,000 for 300 days work.
The cost of the council’s contract with SWAP is expected to be around £225k a year.
Internal audit is an essential backroom function for the council, assessing the effectiveness and efficiency of operations, the reliability of financial and management reporting, compliance with laws and regulations and the safeguarding of assets.
SWAP has scheduled a number of meetings with the council’s senior management team over the council’s 2014-15 annual plan.
This week, the council’s audit and corporate governance committee will be told that a 2014-15 annual plan already submitted by KPMG is expected to “change significantly” over the coming months.