Blisland Parish Council

Primary Navigation

Policies and Procedures

Internal Audit and Control Policy

By

1.Scope of responsibility

Blisland Parish Council is responsible for ensuring that there is an adequate and effective system of internal audit of its accounting records, and of its system of internal control in accordance with proper practices.

The system of internal control is designed to ensure that the council’s activities are carried out properly and as intended.  Internal controls are set up by the RFO but it falls on the Council members to ensure that they have a degree of control and understanding of those controls.  Controls will include the checking of routine financial procedures; the examination of financial comparisons; the recording of assets and liabilities; the identification of risk and to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically.

2. Internal audit procedure

 a. Councillors

Two Councillors will fulfil an internal audit procedure as directed in the internal audit form at least 6-monthly.  The same two councillors will not perform the audit on more than one occasion within twelve months.  The internal audit procedure checks:

  • Previous Internal Audit Report
  • Proper bookkeeping
  • Standing Orders and Financial Regulations
  • Risk Management Arrangements
  • Budgetary Controls
  • Income Controls
  • Payroll Controls
  • Assets Controls
  • Bank Reconciliation

b. Internal Auditor

The Council will appoint an Independent Internal Auditor who will report to the Council on the adequacy of its:

  • Records
  • Procedures
  • Systems
  • Internal control
  • Regulations
  • Risk Management
  • Reviews

The effectiveness of the internal audit is reviewed annually, and the Council agrees to the appointment of the Internal Auditor. The Internal Auditor, who is competent and independent, is advised of the scope of the work required by the Council.

The scope of the work (and the charge) of the IA is reviewed annually and the review and the appointment is minuted.

The IA will inspect the accounts at the yearend (prior to completion of the Annual Return pages 2 and 3) and will complete page 5 of the Annual Return

The IA will write a separate report to the Council (a copy of which is sent to the Chairman) detailing any findings they might have.

The report of the IA is copied to all members of the Council and considered as an agenda item at the next meeting.  Recommendations from the report will be recorded in the minutes.

3. Review of effectiveness

The Council has responsibility for conducting an annual review of the effectiveness of the system of internal control. The review of the effectiveness of the system of internal control is informed by the work and any issues identified by:

  • Full Council – identification of new activities
  • Clerk to the Council / Responsible Financial Officer who has responsibility for the development and maintenance of the internal control environment and managing risks – risks identified
  • Internal Auditor who reviews the Council’s system of internal control. The auditor will make a written report to the Council (in addition to Section 4 Report in the Annual Return.) – action arising from reports

The Council’s External Auditors, who make the final check using the Annual Return, a form completed and signed by the Responsible Financial Officer, the Chairman and the Internal Auditor. The External Auditor issues an annual audit certificate – action arising from Audit Report.

 

Adopted October 2020.

Information and Data Protection Policy

By

Blisland Parish Council recognises its responsibility to comply with the General Data Protection Regulations (GDPR) 2018 which regulates the use of personal data.

Introduction

In order to conduct its business, services and duties, Blisland Parish Council processes a wide range of data, relating to its own operations and some which it handles on behalf of partners. In broad terms, this data can be classified as:

  • Data shared in the public arena about the services it offers, its mode of operations and other information it is required to make available to the public.
  • Confidential information and data not yet in the public arena such as ideas or policies that are being worked up.
  • Confidential information about other organisations because of commercial sensitivity.
  • Personal data concerning its current, past and potential employees, Councillors, and volunteers.
  • Personal data concerning individuals who contact it for information, to access its services or facilities or to make a complaint.

Blisland Parish Council will adopt procedures and manage responsibly, all data which it handles and will respect the confidentiality of both its own data and that belonging to partner organisations it works with and members of the public. In some cases, it will have contractual obligations towards confidential data, but in addition will have specific legal responsibilities for personal and sensitive information under data protection legislation.

This Policy is linked to our Information Security Policy which will ensure information considerations are central to the ethos of the organisation.

The Parish Council will periodically review and revise this policy in the light of experience, comments from data subjects and guidance from the Information Commissioners Office.

The Council will be as transparent as possible about its operations and will work closely with public, community and voluntary organisations. Therefore, in the case of all information which is not personal or confidential, it will be prepared to make it available to partners and members of the Parish’s communities. Details of information which is routinely available is contained in the Council’s Publication Scheme which is based on the statutory model publication scheme for local councils.

Protecting Confidential or Sensitive Information

Blisland Parish Council recognises it must at times, keep and process sensitive and personal information about both employees and the public, it has therefore adopted this policy not only to meet its legal obligations but to ensure high standards.

The General Data Protection Regulation (GDPR) which become law on 25th May 2018 and will like the the Data Protection Act 1998 before them, seek to strike a balance between the rights of individuals and the sometimes, competing interests of those such as the Parish Council with legitimate reasons for using personal information.

The policy is based on the premise that Personal Data must be:

  • Processed fairly, lawfully and in a transparent manner in relation to the data subject.
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Data Protection Terminology

Data subject – means the person whose personal data is being processed. That may be an employee, prospective employee, associate or prospective associate of BTC or someone transacting with it in some way, or an employee, Member or volunteer with one of our clients, or persons transacting or contracting with one of our clients when we process data for them.

Personal data – means any information relating to a natural person or data subject that can be used directly or indirectly to identify the person.
It can be anything from a name, a photo, and an address, date of birth, an email address, bank details, and posts on social networking sites or a computer IP address.

Sensitive personal data – includes information about racial or ethnic origin, political opinions, and religious or other beliefs, trade union membership, medical information, sexual orientation, genetic and biometric data or information related to offences or alleged offences where it is used to uniquely identify an individual.

Data controller – means a person who (either alone or jointly or in common with other persons) (e.g. Parish Council, employer, council) determines the purposes for which and the manner in which any personal data is to be processed.

Data processor – in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Processing information or data – means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:

  • organising, adapting or altering it
  • retrieving, consulting or using the information or data
  • disclosing the information or data by transmission, dissemination or otherwise making it available
  • aligning, combining, blocking, erasing or destroying the information or data. regardless of the Technology used.

Blisland Parish Council processes personal data in order to:

  • fulfil its duties as an employer by complying with the terms of contracts of employment, safeguarding the employee and maintaining information required by law.
  • pursue the legitimate interests of its business and its duties as a public body, by fulfilling contractual terms with other organisations, and maintaining information required by law.
  • monitor its activities including the equality and diversity of its activities
  • fulfil its duties in operating the business premises including security
  • assist regulatory and law enforcement agencies
  • process information including the recording and updating details about its Councillors, employees, partners and volunteers.
  • process information including the recording and updating details about individuals who contact it for information, or to access a service, or make a complaint.
  • undertake surveys, censuses and questionnaires to fulfil the objectives and purposes of the Council.
  • undertake research, audit and quality improvement work to fulfil its objects and purposes.
  • carry out Council administration.

Where appropriate and governed by necessary safeguards we will carry out the above processing jointly with other appropriate bodies from time to time.

The Council will ensure that at least one of the following conditions is met for personal information to be considered fairly processed:

  • The individual has consented to the processing
  • Processing is necessary for the performance of a contract or agreement with the individual
  • Processing is required under a legal obligation
  • Processing is necessary to protect the vital interests of the individual
  • Processing is necessary to carry out public functions
  • Processing is necessary in order to pursue the legitimate interests of the data controller or third parties.

Particular attention is paid to the processing of any sensitive personal information and the Parish Council will ensure that at least one of the following conditions is met:

  • Explicit consent of the individual
  • Required by law to process the data for employment purposes
  • A requirement in order to protect the vital interests of the individual or another person

Who is responsible for protecting a person’s personal data?

The Parish Council as a corporate body has ultimate responsibility for ensuring compliance with the Data Protection legislation. The Council has delegated this responsibility day to day to the Parish Clerk.

Policy adopted October 2020.