Agenda and minutes

16.1     The Committee agreed amend the minutes of the last meeting prior to approval, so that minute 12.12 reads as follows:

12.12   The Committee requested clarity on the level of exposure the Strategy envisaged.  In particular, the Committee requested information in future proposals on the proportion of the Council’s liabilities that will be tied to assets exposed to the commercial property market. The Chief Property Officer set out that the proposal was a 1-2% return on a fund of £150m.  It was confirmed that the proposal was not to meet the Council’s funding requirement, but to provide additional income without detracting from core services.

16.2     The Committee RESOLVED to approve as correct record the amended minutes of the meeting held on the 14 July 2017, as described in 16.1 above.

17.1     There were no apologies for absence.

Disclosures by all members present of personal interests in matters on the agenda, the nature of any interest and whether the member regards the interest as prejudicial under the terms of the Code of Conduct.

18.1     There were none.

Notification of items which the Chair considers to be urgent and proposes to take at the appropriate part of the agenda. Any members who wish to raise urgent items are asked, wherever possible, to notify the Chair before the start of the meeting. In so doing, they must state the special circumstances which they consider justify the matter being considered urgent.

19.1     The Chair was notified of one urgent item on the future proposals for the former St. Anne’s School site.

Report by the Chief Internal Auditor.

20.1     The Senior Audit Manager introduced the report. He confirmed that the Orbis Chief Internal Auditor continues to be able to provide reasonable assurance that the Council has in

place an effective framework of governance, risk management and internal control. During the reporting period, the Internal Audit Service has moved from using range of five audit opinions (full, substantial, partial, minimal and no assurance), to a range of four opinions (substantial, reasonable, partial and minimal assurance). All audits undertaken in the quarter, apart from one, have received an opinion of either substantial or reasonable assurance.

20.2     One audit received an opinion of partial assurance, which was the audit of Adecco who operate a manged service to provide temporary agency staff to the Council. An action plan for improvement has been agreed, and a follow up audit will be conducted later in the year. An update will also be included in the report on the Council’s use of agency staff at the November Scrutiny Committee meeting.

20.3     During the quarter the Internal Audit Service completed two follow up reviews of Microsite management and the ContrOCC system, which have improved to achieve an opinion of substantial assurance. The Internal Audit Service also met all performance targets during the period.

20.4     The Committee RESOLVED to note progress report and performance, and had no further comments on audits or risks.

Report by the Chief Information Officer to provide further information on the Council’s arrangements to protect the Council from cyber-attack.

21.1     The Chief Operating Officer introduced the Head of IT & Digital Strategy & Engagement and the IT & Digital Information Governance & Continuity Manager who are the ESCC leads on cyber security and information governance. The Head of IT & Digital Strategy & Engagement explained that ESCC has an Information Strategy in place which deals with data breaches and a Security & Identity Management Strategy which deals with Cyber-security. The Council employs a number of information security qualified staff, who specialise in protecting the Council’s information systems.

21.2     The Committee received a presentation on the risks and measures being taken to protect the Council from cyber-attack and keep information secure. The key points of the presentation are summarised below.

·        Cyber security and information security are interchangeable and there are a range of risks from malware, compliance, and physical data losses.

·        Cyber security breaches arise from deliberate threats, accidental losses and lack of awareness.

·        The public sector, along with the manufacturing sector, has been targeted by ransom ware and cybercrime has been growing in the UK.

·        ESCC may be attacked for financial gain; politically motivated attacks; and attacks by script kiddies (a term used to describe toolsets used by low skilled attackers).

·        Globally cybercrime is going up so ESCC is having to spend more on this issue.

·        Attacks are targeting people as well as servers, and the use of ransom ware is increasing.

·        Emails are an important attack vector and there are risks from them such as phishing and clicking on links which then infect systems with malware.

What is being done to protect ESCC

21.3     ESCC has strategies in place to protect IT systems and information. The arrangements for Information Governance are audited regularly. The Council undertakes risk management assessments which are audited internally and externally. The design of the network is regularly reviewed, patched and penetration tested.

21.4     The Committee asked how the Council provides assurances to residents that their information is safe in the event of an attack, and that we will not ask them to re-provide their information (to protect them from Phishing attacks). The IT & Digital Information Governance & Continuity Manager responded that the Council uses social media to provide information to residents. The Council is using software to help people check an email is really sent from ESCC.

21.5     The Committee were assured that there are robust and tested backup, disaster recovery and business continuity plans in place to protect services and restore them should that become necessary. The IT & Digital Information Governance & Continuity Manager confirmed that the Council keeps all security arrangements under regular review, and examines the use of new technology to protect IT systems and to keep them secure.

21.6     The Committee RESOLVED to:

1) Note the strategies and controls in place to maintain the security and integrity of the corporate infrastructure, together with plans to adapt it to continuously meet future needs; and

2) Agree they were satisfied with the measures that are in place to protect the Council and that further assurance was not required  ...  view the full minutes text for item 21.

Report by the Chief Operating Officer.

22.1     The Chief Operating Officer introduced report which updates the Committee on the current strategic risks faced by the Council.

22.2     The Committee discussed the two areas of government policy which will have an impact on the financial sustainability of small rural schools namely, the draft schools funding formula (e.g. any school under 216 pupils) and the Apprenticeship Levy. East Sussex has a lot of schools which may be adversely affected, and if a school should fail then ESCC will have additional costs. Depending on the scale of the potential adverse impact this could represent a strategic risk to the Council and should be monitored.

22.3     The Chief Operating Officer responded that strategic risks are dynamic. Dealing with these risks is inherent in RPPR process, which considers risks and how we currently deal with them. The risk to smaller schools will be managed within the Medium Term Financial Plan process. ESCC has also reviewed what other similar local authorities have on their strategic risk registers, and ESCC is covering all the main strategic risks.

22.4     The Committee observed that there is an increase in the number of children moving through primary schools, and in the next 5-7 years East Sussex will need more secondary school places. The Chief Operating Officer outlined that the school places planning team are looking at this, and school place planning feeds into capital programme as a core need. The school place planning process is very robust, and together with the capital programme, addresses this risk.

22.5     The Committee RESOLVED to note:

1) the current strategic risks and the risk controls / responses being proposed and implemented by Chief Officers; and

2) the potential financial risks for small schools raised by the Committee in minute 22.2 above.

Report by the Chief Executive.

23.1     The Lead Member for Resources introduced report. The report provides the Committee with the opportunity to explore any savings that have not been considered, and to identify any further information it requires on the RPPR process. The savings outlined in Appendix 3 of the report have been in the medium term financial plan (MTFP) for three years now, and are required to achieve a balanced budget. The savings put forward are those that officers consider will have least impact on services, but that is not to say they will not have an impact.

23.2     The Chief Executive highlighted the State of County report that was presented to Cabinet in June, which set out the Council’s overall financial position. The Scrutiny Committee RPPR report seeks to focus attention on the services which are within the remit of the Committee. There is information on the revenue and capital budgets for those services; the more detailed service plans contained in the Portfolio Plans and; the agreed savings programme. The Chief Executive asked if the Committee required any more information, and whether there were any further areas for savings which it wished to examine.

23.3     The Committee Members commented that there was a lot of information and it was difficult to get to the detail in terms of the performance indicators, service plans and the impact on services. The Chief Executive explained that the Portfolio Plans were intended to provide information on individual service plans and the Council Plan targets that applied to those services. The Council Plan itself brings together all the performance targets and has very detailed plans which underpin it.

23.4     The Lead Member for Resources acknowledged that many of the Committee members are joining the savings process towards the end of the three year MTFP programme. The Council is in the really difficult position managing a reduction in budget, whilst the pressure on services is increasing. The Council has been doing this quite well for the last six or seven years, but will struggle to continue to do this without there being an impact on services. There are examples of innovative approaches to this situation, such as Orbis, which is one of the biggest shared business service partnerships providing better value for money for each of the partners.

23.5     The Committee commented that it would be helpful to have information on the likely revenue budget framework going forward, and an indication of where the Council was now in terms of the operational financial position.

23.6     The Chief Executive responded that the likely future budget framework is outlined in the State of the County report. The Council has a 3-5 year MTFP, but there is a note of significant caution on what the final figures will be due to the uncertainty of future funding. This will be updated as more precise information is known, including an update that will be presented to Cabinet in October. The Council’s current operational financial position is reported through the quarterly monitoring reports which  ...  view the full minutes text for item 23.

A presentation on the Procurement Service by Ross Duguid, Acting Assistant Director, Procurement and Commissioning.

24.1     The Chief Operating Officer introduced the report and the Acting Assistant Director for Procurement & Commissioning. The Procurement Service is an integrated service which adopted a new structure in April 2017 and covers the procurement function for all three Orbis Partners. The restructure will deliver 10% savings on the operating budget, in addition to previous shared service savings.

24.2     The Acting Assistant Director Procurement & Commissioning gave a presentation to the Committee regarding the current Procurement Service activity. The key points of the presentation included:

• East Sussex County Council (ESCC) spends around £500million per annum and around 50% is spent with local suppliers (the bulk being for Adult Social Care). The Procurement Team is actively involved in 70% of contracts and over a third of expenditure is with the top 25 suppliers. The Procurement Team also aim to manage the expenditure with the ‘tail’ of a large number of smaller suppliers/contracts through the Sourcing Solutions team.

• The Orbis integration process has included appointing a joint Head of Service and there is now a joint management team and a single integrated structure. The structure is designed to ensure it is fit to operate across the three different organisations (East Sussex County Council, Surrey County Council and Brighton and Hove City Council). There are dedicated procurement leads in each organisation.

• The move to the revised structure has enabled the Team to deliver better value across the three organisations and to be more strategic. The Service has been able to develop a category management team and to start to routinely deliver longer term strategies for procurement. This is supported by better commercial analysis and information on contract coverage and renewal.

• The Procurement Team aims to be actively involved in each service area to improve contract management and performance monitoring. A dedicated contractor and supplier management team has been introduced to provide better contract management over the life cycle of a contract.

• The Team measure the value that procurement delivers through four types of value:
  • Cashable – reducing the cost of services
  • Financial - mitigating cost increases (i.e. not cost releasing)
  • Quantifiable - Social value (social value measurement charter) and value added
  • Non-quantifiable – where risks have been mitigated.

24.3     The Committee asked about the level of due diligence that is carried out when letting contracts. The Chief Operating Officer responded that the level of due diligence varies with the value of the contract and the risks associated with it. For higher value contracts there is a strategic sourcing plan and tenders are reviewed by a board made up of representatives from Procurement, Legal and Finance. The Sourcing Solutions team has been set up to manage the ‘tail’ of lower value expenditure with smaller suppliers.

24.4     The Committee asked what capacity the Procurement Service has to provide a service to other customers. The Acting Assistant Director Procurement & Commissioning explained that the Team already establish procurements and name other authorities so they can take part in joint procurement. The Team want to prove the service  ...  view the full minutes text for item 24.

Former St. Anne’s School Site

25.1     Councillor Philip Daniel outlined that he had a lot of enquiries about the future of the former St. Anne’s School site. The Committee requested that proposals for the site be brought back to the Committee on this issue.

25.2     The Chief Operating Officer responded that he will bring a report to the Committee on the future of the site and there will be a consultation process. He also advised the Committee that there will be some activity on site to deal with some health and safety issues related to the buildings and to undertake some ecology survey work.

Libraries Review Board

25.3     The Senior Democratic Services Advisor outlined the work to date of the Review Board and the plans to consider further issues in more detail, namely:

• Library closures
• Ceasing of mobile library
• Book fund reductions; and
• Outcomes from the public consultation.

25.4     The Review Board will work in parallel with the public consultation and is likely to be able to feedback progress to RPPR Board in December. It is hoped this will include consideration of library closures and ceasing of mobile library. The Review Board plans to provide more detailed comments on the draft Libraries Strategic Commissioning Strategy to Cabinet in March 2018.

RPPR

25.5     The Committee resolved to establish an RPPR Board which will meet after Cabinet on 12 December 2017 (see minute 23.10 above).

The Forward Plan for the period to 31 December 2017. The Committee is asked to make comments or request further information.

26.1     The Committee RESOLVED to note the Forward Plan.

27.1     The urgent item notified under item 4 on the former St. Anne’s School site was considered under the Work Programme (see 25.1 above).