The Public Sector Audit Appointment

Can I then ask the following

1. Can you confirm what accounting you use please?

2. When was this system started in use?

3. Can you confirm if you are part of the volunteer scheme under the Public Sector Audit Appointment, whereby your accounts are reviewed by outside auditors who have been chosen for their expertise?

4. If you are not part of this scheme why not, and if you are please can you confirm if your accounts were signed off, or were they part of over 200 that were dismissed? What was the reason for the accounts not being signed off?

5. Please can you confirm your working procedures for your computer systems in terms of the information you received under the Cyber Assessment Framework for local government provided by GCHQ?

6. If you do not have procedures in place, please can you confirm why? If this is confidential, then please confirm that there is a procedure and when it was last updated?

7. When was your systems last tested for intrusion controls? Most large business now pay an outside firm to come in and test their systems. If this has been done, was the advice from this simulated attack taken on board?

8. Has your council been subject to a hacking attack in the last 10 years, please can you confirm the outcome?

9. Please can you confirm if you have had any warning letters from HMRC in terms of compliance issues and your accounting systems/taxes?

10. Lastly how many whistle blowers have you had in the last five years and please can you provide your working procedures for handling these issues?

1. Business World is the Council’s main ERP (enterprise Resource Planning) system.

2. The Council started to use Agresso from 1st April 2015 which has since evolved into the current Business World system we currently use.

3. Yes, we are signed up with the PSAA to appoint our external auditors.

4. Not applicable as we are part of the PSAA

5-6. LCC follow standard operational procedures for our computer systems aligned with the Cyber Assessment Framework guidance provided by GCHQ, to ensure compliance and security.

7. Intrusion controls are regularly tested and resulting advice evaluated.

8. The Council defends against large number of hacking attempts on a daily basis, these are unsuccessful. The last successful hacking against the council was in 2016, this was ransomware. Knowledge of this hack are already available in the public domain.

9. There has been no warning letters from HMRC in terms of compliance issues and the accounting systems/taxes.

10.Please see link to the whistleblowing Policy https://www.lincolnshire.gov.uk/directoryrecord/61723/whistleblowing-policy