 Na fydd mwynol, wrth gwrs, ac mae'n gweithio'n gweithio y fydd cymaint ac mae'n gweithio y fânânau iawn yn 2017. Mae hynny'n meddwl i ddweud y cabinet fel cysybeth o'r mathes o'r cyfnod, ac mae gennym iawn eich bydd yr unig, dweud eich ei wneud yn y cydydig iawn. Ieithio y cwrs yn ysgolid yn ddiddordeb yn grwymoedd gynhyrchol yng Nghaerhwfodol. Y gwyllCON Gweithwyr Yng Nghaerhwyr sy'n chi gwyllt ar draws y Uch, The exercise helps to identify fraud and error in the public sector by comparing data submitted by different public bodies and flagging up data matches which suggest error or fraud has taken place. The exercise is overseen by the Cabinet Office with exercises in Wales, Scotland and Northern Ireland, run by each jurisdiction's respective audit office. Our committee's interest arose from an evidence session with Audit Scotland on the most recent national fraud initiative exercise in Scotland. As part of our new post-legislative scrutiny role, we decided to examine whether there were any ways that the legislation underpinning the operation of the NFI could be improved to help to secure even better outcomes. We will have two panels today. The first consists of representatives from local authorities who responded to our call for evidence. I very much welcome Brian Muldoon, who is the corporate investigation team manager at Aberdeen City Council, Elaine Greaves, who is the internal audit manager and Heather Mohadin, senior auditor at Midlothian Council, Assel Scott, internal audit manager at Murray Council, Yvonne Douglas, audit and compliance manager and Cecilia McGee, audit adviser both from South Lanarkshire Council. Welcome to you all. It is a large panel. You do not all need to feel the need to answer, but I will let my colleagues direct the questioning. Let me kick off today's session by asking each council to state whether you feel the act underpinning the national fraud initiative is clear about which bodies should take part, how they should do so and whether participation is compulsory. Let me start off with Brian Muldoon, because he is not looking at me, so he gets to go first. We have been involved in the national fraud initiative since it started. We believe that it is very important to tackle the area of fraud within public authorities. Obviously, we have put our submission forward, which we listed down in our areas that we feel that we could strengthen in relation to national fraud legislation. It is okay. I was looking at more clarity about which bodies should take part in terms of the legislation, how they should do so and whether participation is compulsory, because there seems to be a slight difference of opinion between the local authorities as to who is covered, who is in the scope of the legislation. I certainly believe that all public bodies should contribute to it after all it is public money. I certainly know from that there seem to be some issues with universities providing what it is gotland with data. It is important that everybody works together in relation to this, so I do not think that where public money is being spent, whether it is directly by a local authority or a Government department or whether we involve private industries. There is an example that I gave in here that Aberdein city council has put out to tender and we have a private contractor who is building the new Aberdein exhibition centre. Because that is public money, it was our view that we should be able to extract data from that company as well. In order to do that, obviously, legislation would need to be strengthened. Thank you very much. I do not know whether Elaine or Heather wants to take this one on. I suppose that I am asking principally about existing legislation and its coverage rather than just an extension. At the first point of participation being compulsory, I think that that is how important it is. The more organisations that take part, the value of doing so is increased. Other bodies that should be involved are things such as HMRC, because there is a lot of data there that could be used. I also think that the awareness of the exercise, the NFI exercise, should be increased among the general public to show that this is the sort of thing that we are doing to try to access our preventative measure. Legislation-wise, one of the things that we feel is quite important in England is the prevention of social housing fraud act 2013. We do not seem to have anything in Scotland, so when you are actually investigating the matches, having the legislation to do something about it, because we have recovered quite a lot of council houses in Midlothian. The onus is getting the house back rather than taking any prosecution or legal action, because you do not really have the legislation to do so. Moving forward, I think that it would be quite good if that legislation could be strengthened to help with doing the actual matches. Okay. Thank you very much. Heather, do you have anything to add? No, I do not have anything to add. Okay. Mr Scott. Thank you, convener. From a married council perspective, I believe that the NFI should be compulsory. I think that we have been dealing with this for a number of rounds now, and I think that certainly all local authorities participate under review by Audit Scotland. I do not have a strong view of other bodies that could participate. Other bodies have been added recently, and that has assisted in getting the scope and coverage of potential matches and has improved the range of matches that are available. However, in that context, it means that we are being provided with an increasing number of matches at each round. Those have to be validated, and there is a resource implication to that. I am quite keen to see additional bodies participate, provided that it does not result in us being swamped with too much information, because in the meantime, an awful lot of the matches that are returned to us are valid. The match is okay. There is nothing to be concerned about in relation to the match, so there are a lot of false positives in there that need to be considered. I support what my colleagues have already said. We make extensive use of the NFI exercise, and we welcome as many public bodies participating in that as possible, because it increases the datasets and, therefore, the matches that come to us. What we can then do as a local authority is to risk assess those matches when they come back to us and prioritise them. I do accept that we would maybe increase the matches that we would get if we included more public bodies, but what we would then do is apply our own local risk assessment to what ones that we would consider prioritising in terms of investigation. As the point has been made with constraints on our resources, that is something that we need to consider at the point that matches are returning to us. We had pulled out that HMRC has been a particular body that we would be interested in in matching, because we feel that we would pull out possible conflicts of interest. That is something that we have been particularly interested in over the past couple of years, particularly in relation to procurement arrangements and trying to strengthen our internal arrangements in relation to that, but we would welcome the opportunity to be able to match against HMRC data, because it would give us something else to allow us to independently check what our own employees are already declaring to us. I will turn to questions from members, and I think that Colin Beasie was fast. I was quite interested in the submission from Audit Scotland. For the first time, I have seen reference to real-time pre-transaction checking, and I did not even know that that existed. It does say that there is a cost for this, but would you see a use for that? Are you aware of that facility and have you considered it and rejected it for cost reasons? Have you considered whether there are advantages in doing real-time checking? I will take that one. We are aware of the facility that is on the website to allow us to do it. There is certainly an argument that is made that, if you can do checks at the very beginning of a claim, you can perhaps rule out some elements of fraud. The cost implication is—I have put that in my report as well—that, because there is a cost associated with that, us in Aberdeen Council have not taken on board. It is very much left to individual service managers to decide whether they want to take or if they want to do that proactive approach to claims. I did not bring the print out with me. It is on a scale. The more that you do it, the better value it works out, but I cannot remember the cost just now. We already have deadlines in the council to produce or to put benefits in payment or to produce services on time. If we are going to start doing additional checks at the very beginning, yes, it can perhaps reduce the risk of fraud, but it does have a knock-on effect that it does slow the system down, so things like that would have to be addressed. Do any others have a view on it? From my perspective, what you are talking about there is probably a preventative measure, and I think that it is quite interesting that the people from the councils tend to review things after the fact. I think that the NFI population that we look at is almost a retrospective position, so things have happened. People have claimed entitlement to benefits, people have been paid public funds on the payroll or through the credit system or whatever. All that information is matched, and it comes to us retrospectively. As my colleague says, having risked to assess the data, we then do the checks. I think that the point that you are referring to is almost for the service departments in terms of it is another potential check when somebody seeks to access a service or seek delivery of a service, so there are almost the pre-checks, if you like, which that would form part of, and the follow-up checks that we would do when the data is published every two years. I was just interested because I had not seen reference to the real-time checking before. Given the scope of NFI, we have talked about the possibility that other public bodies could be included in that. It seems to me that there would be a huge benefit in having the housing associations and allios included in that. How would you view that? What would the implications be if that happened? The result would just be that we would have more matches. The matches run into thousands. What we are trying to do is make sure that they are good matches, which means that they match across a number of fields, which means that it is an area that is worth investigation. I do not think that we would have any resistance to including more bodies. I think that the resulting effect for us would be that we would be presented with a lot more data matches for us to look at. Of course, we would need to develop our procedures for risk assessing because, as you add in different bodies, the risks attached to that are different, so there would be a bit of a learning curve for local authorities to make sure that we were adapting our processes to continue to take that risk-based approach that we have always taken. If, for example, housing associations were included, what would the cost implications be in terms of resources or whatever for yourself? For us in South Lanarkshire, we are the facilitator, so we do not do the investigation. We co-ordinate the upload of data to Audit Scotland and then we facilitate when the matches come in to make sure that that information is passed on to council resources and we then monitor how they are proceeding with the individual investigations. For us, it would not have a particular impact as I know it at function, but for all of these things there is a time cost attached to it and I suppose that would be where housing associations would argue that there was a cost to them because it would involve people's time in uploading the data and obviously bringing in new organisations as well. It would be a new process for them, so probably not as efficient as it now is within local authorities because we have worked with it for a number of years. Still looking at the implications of the matching process, would it improve things at all if there were mandatory follow-ups of matches? At the moment, I would say definitely not. In my submission, I indicated that it is absolutely essential that public bodies participate in the process. The requirement that is currently on us to provide data for the matching process is vital, but as I indicated in my introductory piece, there is an awful lot of matches that can be quickly dispensed with, so you look at a match and you can very quickly say that there is no issue surrounding that. I think that as we talked about intensive, each organisation risks assessing what is important and what is less important. We do have an external audit process within local government, such that our appointed auditors take an interest in what we are doing. Those auditors are looking for us to take a proportionate approach. If we did not follow-up any matches, that would be commented upon in the review of the council's accounts. It is important that that part of the exercise is left to the individual body to determine what the priorities are, what should be followed up, what should not be followed up, and to make that justification locally to the external auditor. So, you would not favour mandatory follow-ups? I would not favour mandatory follow-ups of all matches. Does anyone disagree with that? Actually, I echo what Athel is saying. I do not think that putting a specific deadline would be—I do not see where we would benefit from it. We have to remember that the volume of matches that come in can be an issue. For example, the matches come in in January, and it takes many months for us to process the matches, whether they are false positives or whether there is an indication of fraud there. In Aberdeen, we have a dedicated investigation team. However, it takes us over a year still to go through all the matches. By putting an actual deadline on it, it would impact on other duties that the investigators have got as well. Does not a year seem an extraordinary time? I agree. However, it is the simple volume of work that is associated with the national fraud initiative. Although we have a lot of referrals coming in, we also have referrals coming in from staff, from members of the public, from management. The investigative team is very busy, so while we try to prioritise the national fraud initiative, it comes at a cost of some of our other inquiries. What sort of period do other councils take to complete the matching process, or at least to complete the investigations? We have a dedicated corporate fraud team. We have two officers, and we are in a similar position where we have all the day-to-day work that we normally do, and we are doing the NFI exercise on top of that. Our senior auditor is the lead contact for Midlothian and does all the updating on the website. It is very resource intensive. One of the concerns that we have is that a lot of the matches now go to DWP to investigate, so we are relying on them to do the investigations and achieve the outcomes. From the point of view, I agree that making it mandatory is probably not agree with that, but if you are relying on other organisations to do their bit and they do not, because they have thousands of matches to do as well, then it is difficult for us on the back of that to take action, say for the council tax reduction scheme, to be reliant on DWP investigating for the housing benefits side. That is for not just for NFI, but for other cases that we have. There are swings in mind about it, so I will leave it from that point of view, but it is resource intensive. It is quite good to have that ability to say that we have checked so many matches, that it is risk-based, that we are not getting anything from this. Let us draw a line under it and move on to something else where it might be a bit more fruitful. What sort of timescale are you looking at to complete the investigations? The investigations in the main matches are distributed to the various services, housing and other areas in the council. The officers in the various services do it along with their current work, checking the matches to see if it is a data issue or if there is genuinely a potential for fraud in there. I have distributed all the matches to the people. They are in the progress of checking at the moment, and I will be following up with them later on. By September, I expect that all the matches to have been gone through, checked and any potential frauds to be identified. When were the matches actually created? The data was uploaded at the beginning of October, and the matches were released in January, with subsequent matches being continued to be released up to May. The whole process again is virtually a year. Is that the same for everybody? We passed the matches out to resources to individual departments to investigate. We asked them to set targets of numbers and timescales. We aim for the majority of them to have them all finished by September. The exception to that is the housing benefit. That is really because of the volume and also the process of the interaction with DWP. We have to send information to DWP to get it back. There is quite a delay there before we can confirm whether it is a fraud or an error. With the exception of housing benefit, we aim to have all the other matches finished by September. I think that we asked the departments to set their own targets. We basically take into account the other controls that they have in place. They have other processes where they are checking for fraud, particularly in housing benefit, where they are doing their own reviews. I would say that, to make it mandatory, we would take away the flexibility with being able to and build continuous controls in departments where they are looking for fraud on a daily basis. I will ask you to track back one stage. It is all rather complex. The initiative seems rather complex. Elaine Greaves made an important point earlier on that an awful lot of public awareness needs to be built into that, if there is to be a deterrent effect. Colin Beattie just talked about the process taking year. Just at the outset, would one of you mind just setting out what that process is as you see it from beginning to end, just very briefly, how does the initiative stack up? I will have a go. Essentially, there is a whole range of data sets that are provided in a specification that comes from the Cabinet Office. Around October each year, we have to make arrangements within the council for each of those data sets to be uploaded to the secure database that the Cabinet Office operates. It is a bit of work to be done in September, October time, in relation to that process. We then wait for the matches to be returned, which is typically at the end of January. These matches can either be internal to the authority. For example, in relation to payroll matches, they can be internal to the authority, so you may have two payments for a similar amount to the same contractor. They will appear as a match or you can have two different bodies involved, so you can have somebody who is on Murray Council payroll and they are also on Highland Council payroll. That would be a match. Therefore, there are different matches that appear within each of the criteria. In Murray Council's case, at the end of January, we got back in the last cycle about 2,800 matches. They were spread across all of the different match groups, be it housing benefits, student loans, payroll, credit or payments, housing waiting lists, etc. What I essentially do then, at the end of January, beginning of February, is carry out some kind of overview. Have a look at the matches, what are the volumes, what are the potential issues, issues that have been mentioned already, issues that relate to housing benefit for the council tax reduction scheme. They tend to be passed over to the single corporate fraud investigator that we have in the council because she has a background in benefits and council tax. She gets these. The remainder are reviewed by me in terms of do I think they are appropriate. I gave you a couple of examples. You can quite easily have an employee, for example, a supply teacher who does two days in Highland Council, three days in Murray Council. It appears as a match, but it is not an issue. You can quickly discount that. Similarly, if you look at the credit or payments, you may have a contract with a school bus provider. The charge is the same rate per day, so if you get 20 days at £100 in March, 20 days at £100 in May, the invoice value will be the same, but it is not an issue. I do an overview across all the sections to determine which matches should be looked at. Within the process, there are recommended matches that come forward from the Cabinet Office, and of my £2,800, about £700 are recommended. As I have indicated already, some of these I review, some of them I do not depend on the risk assessment. The information will be passed out potentially to the fraud person that I mentioned, somebody, a housing officer, somebody who works in community care, who deals with blue badges in residential care, and one of my auditors. They will not work on this constantly. There is other demands on their time, as has already been said, but essentially I will look to these people over the period, February, March, April, to review some of the matches in more detail, the ones that I have indicated are at a higher risk. In this most recent period, they are starting to feedback information in terms of investigations that are complete, or, as has also been mentioned, if there is another party involved, we will send away a request, which is feasible within the system. We will send away a request to the third party to say, can you confirm your side of the information so that we can then determine what further action might need to be taken? That is over at this period in the spring, if you like. At this point in time, the work that started in October is not fully completed, but what ordinarily happens is that our external orders have a progress update, usually around the 30th of June. In terms of my programme, five months after the matches have been issued, we should at least have a position statement for the council and the external order to say, that this is what we have done with our 2,800 matches, and some of them will fall off the end of the table in terms of no further action, because they have been deemed by me to be low risk. That gives an overview, if that is what you are looking for. That is extremely useful, thank you very much. I will move from there to Mr Muldoon in your submission. You talk about data being uploaded to the NFI website in September, October, but the results are not being available until January. You say that the results at that point are now out of date. What do you mean by out of date? Does that mean that they are unusable? Some of them will be unusable, because if we submit data on 1 September, for example, and the person's circumstances that the data relates to have changed two days later, the NFI is not capturing that information, but the council system is. What then happens is that in January, when we get the data matches that have all been submitted, for example, that were done on 1 September, we have already dealt with the customer who came in to tell us about a change of circumstances on the 2nd, 3rd, 4th or whatever of September. What that means is that we are then having to recheck that data when the national fraud initiative data comes in in January. It is part of what my colleagues are saying. It is all about assessing the risk, but some of that risk has already been negated, and it is simply because of the delay between us submitting data and actually getting the matches back. That can be a bit problematic, because that costs us a lot of administrative time. One of the solutions to that is possibly not having the NFI done every two years, if we were able to put a process in place where the matches were done six months later or, for example, quarterly, we would potentially catch that and not spend as much time simply doing administrative work. What proportion—Mr Scott talked about 2,800 potential issues or matches coming in—what proportion, across all of you, of those matches are ultimately found to be fraudulent? Certainly, measurable outcomes for the matches that we receive are very, very low. I couldn't declare it as a percentage. We received four and a half thousand matches this year, and I expect that it will be a good return if we have 20 positive outcomes. Could the rest of you answer that? That is quite significant, isn't it? A lot of it really depends on the data match. There are so many data matches. For example, you could have matches that are always saying about care homes. Where somebody is in a care home, the resident may have passed away, but the care home continued to send invoices into the council, whereas we have learned that the person has deceased through data matches or other avenues. Their errors will appear on that, so that means that we can go back to, for example, the care home and say that you have been overbilling us and that we want the money back. You then have other avenues. For example, we take the housing benefit one, because that is always the biggest match. Local authorities cannot investigate them any more. They go to the Department for Work and Pensions, but there is still an awful lot of administrative work on what the council has to take. Some of it boils down to what is fraud and what is an error. Errors can be caused by a lack of evidence to suggest that a fraud is taking place. It could be an error by the council itself in not doing something on time. Each match has its own unique indicators of whether there is liable to be fraud in that match. However, when I first started out, it was probably more fraud was getting found, but as every year goes on, the results of the positive outcomes coming from it are diminishing. I assume that that is the case across the witnesses. Maybe we do not report in terms of percentages. What we do is we report in terms of actual numbers when we report to our own committee. For the 2014 exercise, we were only reporting 91,000 pounds worth of outcomes, and we were reporting that that was an £82,000 decrease from the previous exercise. Of that, there is only a percentage of that that is actually recoverable. There may be some of that that is not recoverable. What we are trying to demonstrate to our own committees is that there is the cost of employees' time in investigating that, so that is what we are trying to match is the outcome figure, which is relatively low of 91,000, with the cost associated of employee time of investigating all of the matches. That is where I am going. At some point, do you draw a conclusion that the cost of running the system outweighs the benefit of it? Whether that benefit be recovery, whether it be uncovering fraud or whether it be deterrent, does the cost of it outweigh the benefit? We can do the crude number check in terms of here are the numbers in terms of outcomes, here is what costs an employee times, what is really difficult to measure as a deterrent factor that all of that has. I do not think that we should underestimate that in terms of just even the notification to our own employees to say to them, we are about to data match, which is one of the things that we are required to do. Please make sure that your records are up to date. I do not think that we should underestimate and it is very difficult to attach a figure to that. That is not in there and it is difficult to capture, but it is always the qualification that we attach to this. Even just looking at the numbers, you are not really getting the full picture because to not do that we could be in a much worse position, we just cannot quantify it at this point in time. I may come back on that depending on what my colleagues asked. Mr Scott wanted to come in. I just wanted to make the point that the actual numbers that are reported in terms of actual fraud are relatively low, but what we do find is that there are potentially errors to be disclosed. Errors in national insurance numbers, errors in credit or reference numbers and such like which have always to improve the quality of our data. At the same time, if we are not picking up too many issues through the NFI, then we are getting some kind of assurance that the systems that we have in place, the checks and balances and so on, are reasonably robust. The money side of it, as Yvonne has indicated, is not a huge amount, but it is certainly worth getting and the deterrent effect also is appropriate. From my perspective, I can say to the committee that we have submitted all these key data sets which take in benefits, payrolls, credit or payments. Having done the reviews, we are reasonably satisfied with the quality of our data. In terms of providing assurance to the elected members that the systems that we have in place are robust, it does add something to the process. To be clear, Mr Scott, you are comfortable that the benefits outweigh the cost. I think that that is perhaps the point that I made earlier, that we need to make sure that that remains the case. If the process was to be expanded in any way, we would need to be sure that any additional inputs that we are required to make would be worthwhile in terms of the benefits that would be derived. Thank you very much, convener. Before asking my questions, I should probably remind the committee that, a couple of weeks ago, I was a councillor on Aberdeen City Council. My question is directed to Mr Maldun. Within the submission from Aberdeen City Council, it states that, instead of solely matching data against public bodies, consideration should be given to matching this information against HMRC data, and that the wider scope would likely require legislative changes. However, it would allow more potential frauds to be identified. Can you talk me through some of the benefits that such legislative changes would bring, if there are any other data sets that could increase the utility of the NFI and what the resource implications of that would be if it was to improve outcomes? Some of that stems back from our experience of doing housing benefit investigations. The legislation for housing benefit investigations was very specific. We had the Social Security Administration Act, and I have listed a couple of them in there. The authority that investigators were granted to do that allowed us certainly to compel financial institutions, such as banks, credit reference agencies and so forth, to give us information that we could then use. We could also get that information from HMRC. The circumstances are slightly different, but the premise is still there. Social Security legislation allowed—we used to call it the general matching service—housing benefit matching service. It allowed matches to be undertaken monthly or bi-monthly compared to housing benefit data, with data such as employment data, payroll data and national insurance data. Those matches were done frequently, and it helped when you were doing housing benefit investigations that you knew who was employed, obviously paying national insurance and tax etc. If that record showed that somebody was in employment and they were claiming benefit, it was a relatively simple process. Obviously, they should not be, so we could then do the housing benefit investigation based on that solid information. However, we do not have that legislation to allow us to compel financial institutions to actually be able to talk to us. That is where I see additional legislation could be brought in by the Scottish Government to allow us to investigate, but also to take that to the Procurator Fiscal because we then have hard evidence. Whereas, at the moment, we simply think that that avenue is not open to us. In terms of the workload side of things, it has already been mentioned in evidence that there is obviously a high volume of work for each investigation team, and things are very busy. If there was to be legislative change that was to come through Parliament, would that increase your workload if you are referring things to the Procurator Fiscal and would new resource have to be put on, and should that come nationally as well, given that it would be a national legislative change, should the Scottish Government put resource into supporting that? Resource and is always going to be an issue as well, and no public authorities are under increasing financial scrutiny. There would be a knock-on effect in the sense that if we were investigating somebody at the moment, we would look at it and say, right, we need to go to body A, body B, body C in order to obtain evidence. If we had the additional authority, we would be able to compel the organisations to give us the information. Instead of, at the moment, we use the Data Protection Act, however, data holders can refuse to give us the information. We are already wasting time potentially trying to get this information, where we do not have authority to ask for it, but we cannot compel a data provider to give us the information. If we had the authority to say that we must supply us by this, it would allow us to take those investigations forward and allow us to submit to the Procurator Fiscal. Yes, that process would be slightly longer, but I do believe that it feeds into what Yvonne was talking about, the deterrent factor, because then we were able to say that Aberdeen City Council referred a number of people to the Procurator Fiscal this year. It resulted in fines, sentences, et cetera, et cetera, but we just do not have that backing at the moment. It was interesting, because I think it was in one of your previous answers. It is also in the submission that is the example of Aberdeen Exhibition and Conference Centre. I think that that is interesting, because given the financial environment for councils across Scotland, particularly with depleting resource, councils are thinking of more innovative ways of delivering projects, whether that is capital projects or whatever. I know in Aberdeen that there are a number of them, and it involves private partners. I wonder if you could expand on how helpful it would be if consideration could be given to giving increased powers to Audit Scotland to request the information from the private sector. If I can go back to the example of the authorised officers powers for social security legislation, if we had a suspicion that a private company was employing people and that some of these employees were claiming benefits, the authority was there to go to the private company and say, okay, we want a list of all your employees, you must supplies with names, national insurance numbers, addresses, et cetera, et cetera. When that information was received, we would then match it up against the benefit systems, and then anybody who found that it was working and claiming benefits would be part of an investigation. Now, it is all public money. I am certainly not saying that the companies that are involved in Aberdeen Exhibition Centre, that was just an example for capital projects. However, if we were then able to say, okay, if companies want to tender for work from public or local authorities, then because of the amounts that are involved, I think that that is £300 million, the substantial amounts of money, we should then be saying, well, if you want to bid for this work, you are there going to have to provide us with assurances or provide us with data in order that we can do similar checks to make sure that both the organisation and the staff are not committing fraud against any local authority. This has to be the authority where they are working for. I think that by strengthening the NFI legislation, Audit Scotland could then perhaps take a bigger role in looking at some of the major players. It is not being done before, so we simply do not know if it would be worthwhile. Certainly, as my colleagues have said, identifying more fraud has a knock-on effect for resources in the time taken to investigate what is true. To the other authorities, is there a consensus around that? In terms of the proposed considerations and changes, would there be agreement among other councils that there could be some welcome changes? I would like to support the appeal for further powers for our investigating officers, because it makes it much more difficult. The NFI exercise that we are being given lots of matches from which there may be some fraud identified. Once we have that fraud identified, we then have to investigate to see whether the person is sublet in their house, if the person is working on long-term sick and working elsewhere. We then need to contact relevant people to get background information about the people who may be involved in the potential fraud. Are they living in the house that they say they are living in? Can we link them to other properties? Our investigators used to have very strong powers under the Social Security Act, and now, because there are no longer housing benefit investigators, they have only limited powers and are able to request information under the Data Protection Act, and, as has been said, that does tie their hands. I would support that. Also, because a number of our investigations have been related to housing. We have had a lot of houses back, but we have not been able to prosecute anybody because we do not have any legislation to prosecute against, so I will mention the prevention of social housing fraud act again. I have learned quite a bit already this morning, but I am a little bit concerned that it appears that everyone is drowning in data. I wonder if you are a potential fraudster or criminal sitting at home if you are a bit more relaxed about your things. It seems like there are resort issues here, but I wonder if witnesses can say if they think that this initiative is helping to reduce the risk of frauds and crime and some of the errors, or that it might create conditions for people to be a bit more innovative and creative. Mr Scott? It is quite a difficult one. I think that the NFI process, as far as I am concerned, was indicated earlier, provides a degree of assurance to the council on the adequacies of its systems. As one or two of my colleagues have mentioned, the regulatory framework for investigating frauds has altered somewhat. I do not have a huge amount of detail on that, and there may well be merit in having a look at that again. From my perspective, the national fraud initiative processes a whole volume of data and gives indicators of fraud, so participation in that is very welcome. It is quite useful. Can you, just before the other witnesses, respond, like Ross Thomson, to declare that, until a couple of weeks ago, I was an elected member at South Lancer Council? Thanks. Please continue. From our perspective, we would say that, in regards to fraud, our first line of defense is our own internal controls, and that is where we place greatest reliance on. That is what the audit function looks at and provides assurance over, is the effectiveness of those controls. What the NFI is doing is providing additional data for us to almost double-check that those controls should be in place. None of the things that are being identified through the NFI exercise should be happening because we should have internal controls in place that prevent that, but what it is able to identify as human error or fraud that has not been picked up by our internal controls. Probably the point that I would like to make is that our own internal control environment is the first line of defense in relation to deterring fraud and identifying it at an early stage to prevent it from happening. I wonder if I can pick up on a point that Brian Muldoon made at the start. When you talked about the other routine work, if people are making complaints or whistleblowers, whether that is to public or staff within the organisation, I wonder if people are aware and get frustrated that there is a time lag and that it takes a long time so that you have got your data matches and we are hearing that there are thousands of them, but people are lifting the phone and saying that there might be an issue here. If, for example, the public knows that it is going to take a long time before that is looked at or that anyone gets back to them, they might wonder what is the point in bothering, is that a concern that people have? Yes, frankly, we do have members of the public and also staff as well that we come to us and say we believe that this claim or this is not quite right, can you look at it? We cannot go back to people and actually say this is what we have done, this is what, the outcome of what, the information that you have given us, we are simply not allowed to do it, and that when you have members of the public phoning up the hotline and saying I want to tell you that Joe Bloggs is doing ABC, all we can do is say thank you very much, we will have a look at that. Now, several weeks later that person, it happens frequently, we will phone up and say I told you about Joe Bloggs, you have not done anything with it, well yes we actually have, we have looked at it but we are not allowed to go back to them under that protection and policies to actually sort of give them any information, so from a customer's point of view, yes it does look as if the local authority or certainly the investigative team hasn't done it, but we have, but that has to be measured up against what the amount of information that they have given us, is that going to take us a long time to actually pursue or are we better putting resources against, for example, the national fraud initiative or some of the other initiatives that we are constantly working on? There isn't an easy answer to it, simply as we can't, we have to take a risk based approach, how much time is it going to take us to look at the inquiry, what's the likely outcome? Do we have to say right, we're not going to deal with that one just now because we've got 20 other cases that are higher priority and that's just the way that we operate. So from a customer point of view, I accept that it may look as if we're not doing anything and that some people might be getting, it may look like people might be getting or fraud allowed to continue, sorry, but we will look at it and assess it as best as we can. In order for this initiative to work and to minimise and tackle frauds, would you all accept that you do need to buy in from the wider public and have that confidence that people feel that there is a process that will work and can be effective? How do you, in each of your authorities, try and promote awareness of this initiative and some of the successes that we're really getting at? How do you, I suppose, market this and show that there are some positive outcomes? I will report our findings to the Audit, Risk and Scrutiny Committee where we have cases of particular interest that have went through the criminal justice system. We will issue appropriate press releases, but when we are putting results into the national fraud initial database, there are areas that we can put areas of interest where we will upload anything that people have taken to court, maybe there's been a sentence or somebody's been fined, or whatever the sanction is, and we then leave that side of it to Audit Scotland to be able to publicise. I must say, before I started working in the job I'm working in, I'd never heard of the national fraud initiative, and I think that that's probably quite common, and that is one of the points that I think could be made, that if people knew that we were matching all this data, whenever a new privacy notice comes out, you get the occasional headline in the papers that the big data and people are snooping, but if people knew that we were able to take your data from one organisation and another organisation, that would be a really helpful deterrent. To answer the question, I don't think that Midlothian Council advertises the fact that they take part in the national fraud initiative, apart from the fact that every form that you have to fill in has a privacy statement on it saying, we will share your data with Audit Scotland for the purposes of the prevention and detection of fraud. It's a small print at the bottom of a form. I think that it would be worthwhile to publicise it further. As Brian was saying, whenever we have a successful case, we publicise that, but, as I said, it isn't very frequent. In the past, when we did the last exercise, we put an article in the local newspaper and we put something on our website to say all about the national fraud initiative. In Midlothian, we also do an annual corporate fraud report. We report on all fraud-type work that we've done and the savings that have been made from that. A big part of that for our council is at the moment the recovery of council houses. That goes to all our various committees, which are all public documents. However, I think that we definitely need to agree with how we need to focus on the preventative side and to try to get the message out there that we're actively doing this type of work to try and prevent the fraud in the first place. Are there any examples, again, Heather or Elaine, where you have been able to promote a successful outcome? Has that triggered other inquiries? Are people saying, oh, actually, there was a pattern here? Does that trigger anything in people? We have a reporting mechanism on our website where people can report anonymously any allegations. Every year, we send an article in the tennis newsletter and, after that, that sometimes triggers a bit more response via that communication line. We have also done internal training sessions of our staff, all raising awareness about fraud, and that ended up being quite a lot of referrals from our own housing staff. Again, we are getting the message out there, the awareness that we have this resource and the type of local data matching that we can do as well. It complements the NFI, so there are some matches that we do in Midlothian that are not part of NFI, and they have been quite fruitful. Things like matching joint tenants to single-person discount and things like that. It is, again, just thinking of other ways that we can use data to match and highlight any potential frauds. What about South Lanarkshire Council in terms of promoting awareness of NFI and to try to build up that public confidence? We have something at the start of every exercise on our website that advises the public. We are about to start the exercise and explain what we are doing, all the matches that we do. In the past, we have put notices in our local South Lanarkshire reporter that goes around each household. We promote it quite wildly within our staff. We do employee bulletins and management bulletins and messages on pay slips about the time that we are about to start the NFI and, again, on the benefits forms and things. There is always a statement on that that advises people that their details can be matched. We prepare a report that goes to the risk and audit scrutiny forum on the results of the NFI, so that tells the members and it is a public document on the investigations that we have carried out and the results of them where we have identified error. We do not tend to publicise on our internet or in public newspapers the results from that. We do a wee bit of publicity at the beginning to comply with the fair processing notices. I would say that it is probably heavily weighted towards benefits, claimants and employees, but we put some information on the internet to advise the public that we are doing the exercise. Do you feel that you have enough resources within your team to keep up with the volume of work? We coordinate the exercise in the internet, so we do not do many of the investigations unless we have put something in our audit plan. We allocate time every year in our audit plan for the NFI. We do a cost-benefit analysis at the end to make sure that the amount of time and resources spent on it is not outweighing the benefits that we get. We do review that every exercise. I would say that it is more error than fraud within the council at the moment. We are identifying more and doing corrective action than we are spending on resources, so it is benefit at the moment. Unless Athlaskot wants to add anything to that particular question. No, I think that our processes are relatively similar here. One of the things that I was wondering about is that I know in the Audit Scotland report that there are a number of tips on how to work more efficiently. One of the concerns raised is that many participants are not using the latest software enhancements. You were all talking about resources and a volume of work. What has happened in each of your authorities to make sure that staff are keeping up-to-date with the new features on the web application? How do you ensure best practice? Do you speak to each other in your respective councils to exchange good practice and learn from each other? The investigative team has a dedicated area on the council's intranet that relates to the national fraud initiative and how the matches should be done. The national fraud website is also very good. It has training material on it, which gives staff clear guidelines as to how they should actually be doing the matches. From that point of view, we do as best as we can to make sure that staff are certainly aware of the latest matches that are available. As one said, throughout the year, we get updates from Audit Scotland. Certainly, from my point of view, we are not always able to fully resource those updates. Some of the times, we rely on the information that comes in at the beginning of the year. For example, the last data match was received in January. Although it gets updated, we do not always have the time to go in and have a look to see what the most up-to-date data is. We are certainly working on that. When you say that you are working on that, is that trying to get more resources for that particular task? Is it just not having enough people? Is that what the problem is? Some local authorities have a dedicated investigative resource that will do the majority of the national fraud initiative work. Other local authorities do not. They tend to put that out to staff to look at fraud and errors. You could have a massive fraud team and you would be able to look at those things a lot quicker. However, as I said earlier, there are cost implications for the local authorities to have that in place. In Scotland, we have the Scottish local authority investigators group that all local authorities are members of. We meet once every six months or quarterly. That is the meeting where managers or staff attend and we share good practices. We find out what the latest techniques are available for detecting fraud and what problems we find. Between that forum, there are more online forums through the Knowledge Hub. We share good practices so that we are dealing with those issues as quickly as we can. I am conscious of time. Can we now just get one more question? If anyone wanted to add anything briefly to that, that would be fine. Obviously, I wondered whether that relies on other organisations playing their part and responding quickly to inquiries. In your experiences, can that be quite a slow process when you are trying to get information through other organisations? Likewise, do you sometimes struggle with yourself to deal with inquiries promptly? There is a facility on the website to share comments with other councils when you are investigating a match. The problem and delays can happen through that. Your sample of matches that you are investigating might not necessarily be the same, so you have to keep going in and making sure that comments have been answered and follow-up. That is not such a big issue. Probably the main delays come from the DWP side. We do not have any investigators for benefit left in Syslan. I am sure that they all transferred over, so our employees can only take it so far. When they make the decision that it looks like a fraud rather than an error, the information all gets passed over to DWP, that is where the delay can be, because they will need to do their investigation to confirm to us whether it is a fraud or not. I would say that that is our main delay rather than any other organisations. However, in Syslan, we record that as an overpayment as soon as we identify it as an overpayment rather than waiting for the fraud to be confirmed. We will take the steps to start recovering and take corrective action. The only thing is that the website will not be updated to say whether it is fraud or error until the DWP has confirmed it. That is probably where the delay is, and it is just keeping track of the investigations that you have passed over to DWP to make sure that we can close them down on our side. I would say that that is probably the main delay. The other delays really are easy to cope with. It is contacting other authorities and that can be done through the website. Mr Scott, is that your experience of the website? Yes, I was just going to mirror that in terms of that. The website has a facility on it where you can share information with the other side of the march, as it were. It also has contact details of the various officers who are responsible for the different types of march speed, housing or benefits or whatever. You have an email contact and you also have a sharing facility. So what we tend to do is we share the comment or the question through the secure facility, and then if we do not get a response within a couple of weeks, we will then email the person out with the NFI process and just say that we referred a question to you in relation to NFI. Please check the website so that the detailed information is kept secure, but we still have contact details to get in touch with other bodies, so we do not really have a big issue with that. Forgive me, because I am obviously not familiar with the website, but is there scope for things to be easily missed? It sounds like it relies on a lot of human input rather than just the computer telling you everything, so could things easily be forgotten or missed or do you get constant alerts from reminders? Perhaps I am misleading you a wee bit just through lack of detail, but on any particular march, if we have a tightly comparison I made earlier between the Murray Council and the Highland Council, if we had an issue in Murray Council where perhaps we had an employee working as a supply teacher two days a week, and the Highland Council entry suggested that that same person was working five days a week at the Highland Council, we would send through the system a request, please confirm the status of your employee, and then we would hope that the Highland Council would come back and say that employee was previously full-time, which goes back to the point that Brian was with me, but they have now moved on to a part-time contract, so that then satisfies us that the two part-time contracts are okay, but you can share information with every other body who participates, just by, through an internal mechanism within the NFI system. If I website there is a message that comes up that says you have got shared comments that you haven't read, so you can go in and you can focus in on those and deal with them, so that there is a flag, but only when you go into the system you don't get constant reminders to go in and check, so you have to be in the system to know. Okay, so could that be improved, do you think? I think during the investigation cycle you're in and out of that system so often anyway, I don't think it needs any change really. Thank you very much, Willie Coffey. I could just continue that interesting thread there that Monica Lennon was leading as him. I presume that you can decide for yourselves which kind of direction of travel to pursue in terms of potential fraud. You're not driven by the data matches presented to you. For example, if someone, a perpetrator, has exposed one particular ear, I presume that you follow that person in subsequent years. You don't just wait for a random dataset to be given to you, to be your checklist, I presume. You do that, don't you? You carry on checking someone who's been found to be. You don't? No, we don't. Each allegation, we don't watch somebody, so to speak. However, if information comes in on somebody on one ear and we didn't get round to reviewing that data match, it will show up on the next year's data match. Maybe to give a bit of context. When we get the data matches in, for example, I think we got about 4,000 data matches, but out of that there was just over 1,200, if memory serves, that were actually recommended as high priority through Audit Scotland. That's the ones that we will focus on, certainly, first of all. Of the other matches that we haven't got round to perhaps looking at, because it obviously could take a year, as we've discussed earlier, those matches will appear on the next NFI report, but we've already got a new set of higher recommended matches. We simply don't have the resources to watch one particular person. If a person is caught, exposed, defroding the system and so on, surely to the goodness, you would check it the second year as well for that person, or do you not? That match may not appear on the next thing. I mean, it's not in a matching set of data that you're giving, but you now have intelligence about a behaviour that leads to fraud. Do you know how to check that in the second year and the third year? Well, if there is a case that we discover, we would deal with it at the time and take them, remove their house, if perhaps this is someone who is subletting a house, then we would remove the house from them and deal with that incident. What we do is produce some profile matching. For example, we will look at what the latest reports are that might indicate whether males or females of our particular age are more liable to commit fraud. We do things like that, but that's outwith the national fraud initiative. What are you guys in the memory of? Full-up repeat offenders in a sense. To have the repeat offenders, I think that's the point that we're trying to make, that when they show up, if we've investigated, they've committed fraud, we stop it at that point. The same person? Well, we're hoping that we've taken the house off them or that they've had the sanction, or that we've dismissed them if they're an employee and we've moved on. If we've dismissed an employee because of fraud, it will be on the record, so if they try to come back, we'll see that. What our job is to look at why did it happen in the first place? We have improvement plans that follow behind the NFI exercise, so it's trying to understand why did our internal controls allow that to happen. Part of our job is to go in and make recommendations and suggest improvements to stop that happening. Even if that same individual had to go through that same process again and try to defraud us a second time, the action is meant to strengthen our internal controls to prevent them being able to do it a second time, rather than tracking the individual. We're trying to strengthen our systems all the time so that we make them stronger and we fraud proof them for want of a better word. All right. That's very interesting. I wonder if I could just ask again about the role of HMRC. I think both Elaine and Yvonne, you mentioned HMRC in your submissions. It would be useful if they were included within the scope of the NFI, but I do see from one of your submissions that HMRC does provide some data for us, but I think what you were probably getting at was could they perhaps provide a whole host of data, but I think that you then suggested that that might take us out of the public sphere of public interest. Could you just clarify what you mean there? Have you said that you've maybe lost or had to close down particular lines of inquiry because you weren't able to access HMRC data or did you request it and it was denied or could you just give us a little flavour of why you're saying that HMRC should be included? We've never formally approached HMRC for data, so we haven't been turned down as such. It's just in other investigations that we've had on-going. We've been able to flag up one of the examples that we've given was conflict of interest for an employee that worked for us and we were just flagging up the fact that if we had this information, we would be able to match payroll data so that they would be able to come and data us of the employees that work for South Lanarkshire Council. We have information that they are also an employee employment for the following people, and it was just to allow us to try and manage it particularly in relation to high-risk areas where we know that people might be contracting on behalf of the council. We do some work with HMRC through the real-time information and the information comes to that and that helps us with the benefits over payment side because it flags up where people haven't declared additional income. We use that information and that is in place at this point in time. We just thought that it could be extended into other spheres that we thought would be useful in terms of the wider audit work that we do for the authority. Elaine, you mentioned HMRC to begin with. What would the advantage to us of bringing HMRC within the whole scope of the enterprise? I think that it would just provide more data and things like probably the benefit side of somebody's climate benefits with Midlothian. They were highlighted with that HMRC is receiving a sally from a private company. That is the type of information that we would never be party to. That is the kind of ideas that we had. I think that particularly the other things that are possibly DVLA and things like that, where there is public information that could be useful in the exercise. Had you approached HMRC for this information? I thought that these would be extra datasets that would be useful to bring into the NFI mix so that the NFI is checking our employment records against South Lanarkshire's employment records. As well as that, we could also be matching against HMRC's records because they have records for everyone's employment. That would be useful. There is currently a legal gateway for local authorities to approach HMRC to request the information. That was done under the social security side of it when we were dealing with housing benefit investigations. I see that it sounds as though everybody is saying that that would be a useful extension to the whole initiative if HMRC was within scope and there was a legal gateway to request the information that you sought. Can I go back to an earlier answer that Yvonne gave in terms of the cost versus the outcomes and the benefits of the national fraud initiative? I think that you mentioned a figure of 91,000 that had been recovered. Was that for a year? That was in relation to the 2014 NFI exercise. What we were doing was taking the Audit Scotland report and reporting that, but we also added the South Lanarkshire council context to give our own members the data that related to our own authority. In South Lanarkshire in that year, 91,000 pounds were recovered as a result of the anti-fraud activity? 91,000 was identified as an outcome. The recovery process starts thereafter. Do you know the recovery figure? I do not have the specific recovery figure, but I am fairly confident in saying that it will not be 100 per cent because there are some that we simply will not pursue because of the age of the individual or the particular circumstances. However, as a policy, we seek to recover all over payments. Based on previous years, what percentage would you expect roughly to recover? I do not have that figure to hand. Even ballpark, is it 50 per cent? Is it 75 per cent? With the recovery, the majority of our fraud and error comes from housing benefits. To recover that takes a period of time. It gets reduced off their benefits, so recovery for those will still be on-going. There is a chance that that could take two years because you are only allowed to recover so much at a time when the person is on benefits. Things like where there is a duplicate payment in a creditor will be covered immediately in full. As I say, the majority of our fraud and error takes the time over. Can you ask about the cost of recovery? For example, are sheriff officers used to recover some of those debts? They can be. We have a debt recovery process in place in the council and it goes through the stages of first reminder, second reminder and it will eventually go to sheriff officers if it needs to. I hear that you said, Yvonne, that it is impossible to quantify the deterrent effect of what is happening, and I totally appreciate that. But looking at the actual cost to get to that £91,000 figure, what is the cost to the council of your department and the people involved in this activity in that year? In that same report, we were saying that the employee cost attached to it was approximately £27,000, and that is based on the salary costs of the individuals involved in the exercise. We were still able to demonstrate that there is a difference. What we were pulling out in the report was that differences were becoming more marginal as the outcomes were reducing. Even without taking the deterrent impact in, you were recovering three times what the cost was of carrying out the exercise. There was still a clear benefit that we could demonstrate, and the benefit to the council exceeded the cost. That is assurance that we were expected to provide as part of the exercise. To some extent, this is a more general question, but how much of that would have been recovered without the national fraud initiative? If you look back to the years when you did not have the national fraud initiative, would you have recovered that money anyway, or would you only have recovered it because you were involved in the national fraud initiative, or would there have been half of it recovered? What is the added value? Where is the additionality of the national fraud initiative? I have not really got that analysis. There would be an element of it that would be recovered, but I would suggest that the majority of it would not have been recovered, particularly in relation to duplicate payments, because if you paid somebody twice and it has not been identified through normal monitoring processes, it is highly unlikely that that would be picked up at a later stage. It is only really the NFI exercise that is going to pick up duplicate payments. On the benefit side, where we are identifying most of our outcomes come from, people's circumstances are constantly under review. There is a chance that we may have identified it, but I think that the NFI is usually the added value. I would say that the accounts for probably the significant part of that is because we did the NFI exercise. There is real added value in the NFI exercise from your point of view? There is, yes. Can I ask you, and this is my final question, about the scope of the NFI? Obviously, we all want to minimise fraud right through the public sector, but the emphasis and focus of the NFI is on housing benefit and related activity. However, do you have colleagues who look at a wider issue of fraud? For example, with recent cases in other councils of fraud allegations resulting from activity related to framework contracts and misuse of framework contracts, would you cover that? The national fraud initiative does not really cover that. Do you think that there is value in extending the scope of the national fraud initiative to cover those aspects of fraud, not just the people who are recipients of housing benefit? In relation to your particular example about framework contracts, you would need to think carefully as to what match you were going to make that would identify fraud in that particular area. The example would be a very good example from recent experience. If the framework contract is for school roofing and it is used to provide school doors and a range of other activity, that would lead you to investigate at least why that happened. For most authorities, that would form part of their annual audit plan rather than a data match, because at the end of the day, to do the match, we would probably be taking contractors off of a contract register and probably high-level detail from invoices, which would not give you that information that somebody was under a framework for a particular type of work but was actually delivering something differently. That kind of work comes from probably more detailed audit where people are actually going in and having a look at a process and pulling an actual sample of projects to compare what we contracted for and what we actually received. I am not sure that the NFI at a high level would be able to match and identify those kinds of specific issues. The report in one council suggested, the internal audit report, suggested that there had been malpractice going on for 15 years until an anonymous letter was received, nobody in audit external, internal or whatever had identified it. That suggests to me that the auditing of those contracts is wholly inadequate for identifying where there is potential fraud. To be fair, that is outwith your responsibility at the moment. It is certainly not particularly to say if I excise, but it is a challenge for local authorities in terms of our internal logic work and in terms of making sure that we target our resources in the correct area and target them in areas of high risk. We are learning all the time in terms of where the risk lies and reassessing where our work needs to be in procurement that is becoming a greater area of focus for local authorities. Thank you very much. I thank all the witnesses for their attendance this morning and I will suspend the meeting briefly to allow a change over. The second panel this morning is Russell Frith, assistant auditor general from Audit Scotland, Darren Shillington, senior data matching manager at the Cabinet Office, meal grade director at Northern Ireland Audit Office and Anthony Barrett, assistant auditor general for Wales and David Rees governance manager for the Welsh Audit Office. I thank you all for responding to our call for evidence and also for travelling from across the UK to be with us this morning. It is very much appreciated. To begin with, is there anything in the quite extensive session that we held earlier on mentioned by the first panel that particularly stood out for you that you want to deal with just now? Russell? If I could say from my point of view as the person within Audit Scotland who has overseen the exercise in Scotland since it started in about 2004, it was actually quite pleasing to hear the positive comments coming from those who are actually at the sharp end of the exercise. Certainly recognise some of the points that they were making about the volume of matches and that is precisely why the Cabinet Office team provide software tools to all the bodies taking part that enable them to filter and prioritise those matches so that they can concentrate on those that are most likely to generate a result. They talked about there being several thousand matches, which is absolutely right. However, because the NFI is a relatively mechanical exercise, the matches will include those take housing benefit, for example, where somebody has not shown any income on their housing benefit claim but may be earning £200 a week. That is a match, so it is something where they have declared that they are earning £198 a week, but the payroll data shows that they are earning £200 a week. At the gross level, the matches do not distinguish between a significant error or a minor difference. That is why the filter tools are provided to help councils and other participants to focus on those that are most likely to give a result. To be clear, as Audit Scotland, we do not expect them to investigate every match. If they have started with the big ones and, for whatever reason, they are getting to find that they are legitimate, we do not expect them to then go on and do all the very small ones in the same match set. Okay. Is there anything that any of the other panel would pick up on, Mr Shillington? I would certainly echo that. That is one of the challenges that we face. It is around the balance between giving the authorities the matches and the technology to allow them to identify those and meet their own criteria for investigation and, obviously, not overloading them and not making it appear that there are too many and they are over-faced with it. That is one of the challenges and one of the drivers that we have is around improving that technology. Still, we are looking at ways in which we can improve that further. That rate of return, if you like—we are talking about the £91,000 and the £27,000—is a key focus for us in looking at whether there are other external data sets such as credit reference agencies and other sources of information that we can bring in. They also talked around the fact that every two years they get a batch of matches and it takes quite a while to work through those matches. That is one of the reasons why we have looked at the application checking service, which you alluded to, which is around preventative controls, which are controls that can be embedded into internal controls. Again, they talked about internal controls. It is about working with them and giving them the tools and the technology to allow them to use it effectively to target fraud. That is very helpful. Thank you. I am sure that the committee will return to the issue of cost and benefit, but I would probably make the point that, in terms of cost of recovery, one should not forget that the fraud has been stopped and it would have continued for quite some years, potentially, without having been identified. There is also that element of the cost to bear in mind that it has been stopped. Mr Gray, anything to add? No, I have nothing to add to that. Thank you very much. Liam Kerr. Given the time that you will forgive me if I just fire a couple of points over, we heard about the timing and frequency of the process. Mr Shillingson, you just picked up on the two years there. Is the timing and frequency different across the jurisdictions? If so, are there any lessons that we can be learning from that? If we are talking here about the main exercise, it is pretty similar across the UK. Most of the exercise is undertaken every two years, as you have heard, elements of it. There is a council tax single-person discount match that we undertake annually. Some parts of the UK are undertaken annually in England. There was a challenge there around should it be done more often, and I know that they talked about quarterly, yearly. In terms of context, there are 1,300 organisations that provide around 8,000 data sets, around 300 million pieces of information. There are lots of challenges there around data quality processing that, and going through a process that allows you to generate matches that are effective and valuable to those participants. There are cost implications. Clearly, that is something that you can look at, and you can do the exercise more regularly, but it is obviously that risk reward and that balance. I think that the power of NFI is about bringing that intelligence together from across the organisations. In terms of timing, taking the data in October, releasing the matches in January, that is around making sure that we try to capture as much information as we can, and when we release those matches in January, they are as complete as possible. Not all the data comes in on 1 October, as you can imagine. We probably get around 90 per cent of the data by the time we cut off in December, and then we start the matching process, but that also allows for data quality issues. The real balance is there that you could undertake the exercise more often, but it is that risk reward. In an ideal world, would you say that it would be worse doing more often? If the cost benefit was not a consideration, ideally, would you do it more often? We have a strategy that looks at, over the next five years, a journey that would allow us to look at automation of that data collection and then allow us to do it on a more regular and potentially real-time basis. That is certainly the strategy in the direction that we would like to go, all things being equal. Mr Shillington, in your statement, you talked about where there is no follow-up to the matches and where a decision is taken, let us not pursue that. You described that as, this means that the fraud continues, which suggests to me that the implication of that is that there is fraud there and it is being missed, which was not the impression that I got from a number of the witnesses this morning. Mr Barrett, you talked about that the fraud has been stopped, but again that predicates on there being fraud there in the first place, which was not the impression that I necessarily got. Could you comment on that? This is about a risk-based approach, and this is about balancing resources available to target frauds. What we are talking about here is that NFI is a source of referrals, there are other sources of referrals, and there are frauds in there, and the track record of the NFI exercise has proven that we find fraud across a wide range of areas. Having said that, not every match indicates fraud, but may indicate their anomalies, which may represent fraud, and they need further consideration. We would never suggest that all authorities need to therefore follow up every particular match in there. It is a balanced approach and a targeted approach about looking at their environment, their resources, their awareness and their own internal controls and their fraud risk appetite, and then targeting those that meet that. We will have to accept that there is fraud against the public sector that goes on. We are not going to get to take 100 per cent of it. We do not have the resources, so it is about using the resources that you have got and targeting them. I suspect that the deterrent point is particularly important, but I suspect that my colleague is going to ask about that. I will stand down. First of all, according to the Cabinet Office evidence, the savings in Scotland as a result of uncovering fraud, since the scheme was created, is about £110 million a year, which is an average of around £9 million in the 13 years that it has been going. Can I ask about the profile? Extrapolating the evidence that we had from the first panel, it would appear that, because of the effectiveness of the national fraud initiative, the annual amounts being discovered as being fraudulent are going down because of the deterrent impact, which is immeasurable at the moment. Although the average is £9 million a year over 13 years, it would be right to say that, if you look at the more recent years, that figure is a lot lower than the average, and if you look at the early years, it was a lot higher simply because people were being caught, who otherwise would not have been. Certainly the profile of the areas where the savings, the outcomes have been generated has changed since the exercise started. When it first started, housing benefit was the biggest single value outcome from the exercise, followed by pensions being paid to deceased persons. Clearly the first exercise that was run on that particular one did pick up a significant number of pensions that were being paid to deceased persons. Each exercise since has only picked up anything that happened in the previous two years, so that did fall. Out of the last exercise, where the value of the outcomes was £16.8 million, only £3 million this time was housing benefit, which is the lowest in relation to housing benefit, but a relatively new type of match, the council tax single person discounts, accounted for £5.6 million, and that was this time round the largest. As NFI has developed, it has looked at different aspects of fraud, and the relative proportion from each type has changed. I suspect that we will continue to change. For example, when the new social security powers are finally enacted in Scotland, I would expect those payment streams to come within NFI, and that might form a new fruitful area. The nature of the problem is obviously changing over time. If you look at housing benefit, what you are suggesting is that housing benefit now has been going down to £3 million in the latest figures. How does that compare in the earlier years with housing benefit? Off-hand, not certain, but I would have said at least double that. If you take housing benefit as an example, in terms of the deternt effect, I fully understand that having done a lot of evaluation stuff in a previous life, the difficulty of trying to even estimate, let alone estimate, the deternt impact of those schemes but two points. First of all, is it not time to look at the deternt impact? For example, a proxy for deternt impact might be the number of repeat offenders, so if the number of repeat offenders is going down, that would suggest by proxy that the deternt effect was operating and effective. Do you have any evidence at all? I realise that it is difficult to be precise about those things, but do you have any evidence at all about the deternt effect? I do not think that we do in Scotland, but I do not know whether any of my colleagues do. No, I mean, what I would have is each LFI exercise is taken as a standalone exercise, and certainly the legislation powers that we have and the code that we work around require us pretty much to start again for each exercise, so we are able to take as they alluded in the previous session, we are able to take previous comments, and so if a match generates again, because that person is still in receipt of benefits, say for example, I'm still working, we're able to show them that the outcome of their investigation last time, but because of the restrictions around what we can, can't keep, we don't have that sort of intelligence over time about. You can't tell who's a repeat offender? No. Is that not a loophole in the law? It may be something that you want to consider. I mean, we look at known fraud data intelligence from other areas, so we use Amber Hill, which is around stolen and fraudulent identities, and we're just doing some pilot work with SyFath, which is around known fraudsters in the private sector, and looking to see whether that known fraud intelligence can add value, and the Cabinet Office is also looking in England about sharing known fraud intelligence across utilities, tech and local authorities and private banking sectors. So there is work going on, looking at whether we should be expanding that. Can I say it? I remember two or three years ago, when I was housing minister, I'm visiting Edinburgh City Council, and they did an exercise looking at the private rented sector and comparing people who had registered as private rented, owners of private rented property. Actually, that exercise, I remember them telling me, I uncovered a lot of social security and housing benefit fraud, and a lot of these were not a lot, but a percentage of the people who owned the private rented houses were involved with the tenants in the fraud, in many cases. So that kind of exercise, is that being repeated across Scotland and across the country? I don't know the extent to which that is being repeated across Scotland, but as you heard from one of the earlier panel, the recovery of council housing stock has been one of the more recent successes of NFI, and some of those I am aware did link through into private sector, whether it was private rented in the same area, I'm not sure. So is there a way, we've got 32 local authorities in Scotland, so if the likes of Edinburgh has got a proven track record and very effectively using its PRS registration system to uncover fraud, that's not the primary purpose of their exercise, but it was one of the silver linings of it. Would that good practice in Edinburgh, is there a way of spreading that across all 32 authorities for example? There certainly should be because there are numerous forums of local authority practitioners in various areas, including internal audit, including the fraud prevention teams as well, so there certainly should be. So the Scottish executive, are you not benchmarking performance in this between each of the 32 authorities? For example, if Edinburgh is doing that very effectively, that should presumably show up in the stats, so are you not looking at how then you can proactively spread good practice throughout the system? That's something that Audit Scotland does try and do when we become aware of good practice. I don't think that that's an area that we have looked at in recent years. Do you not be looking at it? Perhaps we should. I will take that back to my point. There could be quite a return on that, for example. Can I just finalise, finally ask a picking up a point that was raised by one of the ladies from Midlothian in the panel when she said that she thought that if the national fraud initiative was better advertised, then there was more awareness of the existence and indeed the effectiveness of the national fraud initiative that the deternt effect could probably be substantially enhanced. Do you not think that it's worthwhile to be picking up that suggestion, looking at different ways of advertising it and targeting that advertising to potential, you know, there must be a profile of people who are most likely to offend, as there usually is, but is it not a suggestion worthwhile looking at, to see, even piloting to see if that's effective? I certainly think that it's worth considering because we do encourage councils to publicise the exercise both before it takes place, as some of the previous panel referred to, and in particular when they have successes to get them into the local press, for example. We publish the report on each exercise. We've brought it to this committee and its predecessors, partly deliberately, to raise its profile in some of the earlier exercises. You need to advertise it for your people. In some of the previous exercises, we have also managed to get interest from broadcast media, so we have appeared on the various news programmes. That's obviously an opportunistic approach. It's a not-need-for-a-more-proactive, comprehensive, targeted, focused, advertising strategy, at least to pilot it, to see if that has an impact on the figures. It's certainly worth considering, yes. So is that something that you'll take up then? We will look at it, yes. Good, thank you. Broadly, I'll stick to the same questions that I asked the previous panel, but first I'd like to ask Russell Frith a particular question. Previously, giving oral evidence, I asked you about whether there was any penalties for bodies that don't participate or whatever, and you said, and I quote, no, not in the legislation. But in your written submission, Audit Scotland says, the legislation already mandates participation and provides for fines and conviction for bodies that do not provide information. Were we talking about two different things? No, we were not. I had forgotten about the provision in the legislation, which is indeed there, but, as I think I emphasised in the previous answer and indeed in the written submission, our philosophy has been to try and encourage participation because we think that the better outcomes will occur from willing and active participation. As some of the previous panel said, it's not just the provision of data that makes the exercises effective, it's how you follow through on those matches. Yes, there is a mandate in the legislation for bodies to provide data, but not a mandate to use it effectively. Okay. Coming back to what I spoke to the other panel about, I was interested in this real-time pretransaction checking. Does anybody actually do this? I can answer that. Possibly colleagues in Wales might want to come in. Yes, it's a simple answer, so it's not a mandatory initiative. It's a piece of work that we've launched alongside the NFI batch product, so it allows the same checks to be done in real-time. The point that you talked about in the previous session is around at the point that somebody puts an application in, the NFI, is able to check against the data that it already holds and to provide the information back on that individual. That's able to identify potentially fraudulent applications. It's also able to identify those that are consistent with the information that we have. In effect, risk or applications. We talked a lot earlier about resources. I suppose one of the key points here is that it allows those resources to be better targeted rather than saying you need a lot more resources to do lots more checks. It's about saying you can use this as one of the ways of risk or applications and then you can check the more potentially those that seem to indicate they're more likely to be fraudulent. So it's a service that's rolled out. Around 50, 60 local authorities and other participants are using it across the UK. I'll bring colleagues from Wales in, if I may, just to talk about. Just picking up on one of the things that Darren said earlier, he referred to the two-yearly exercise as being the main NFI exercise and to a certain extent had to take issue with that. I think the two-yearly exercise produces a number of matches and investigation of those matches is very resource intensive. It would be far, far better and I think the way we would like to go is to move towards picking up frauds before they actually occur. If we can pick them up before they occur, they're not in the system, there's no recovery action actually needed, there's no detailed investigations needed and this is what the new tool that's been introduced in the last 18 months to two years is designed to actually do for public bodies who are giving grants, giving benefits, giving services out, to be able to check real time to see whether there are anomalies which could be due to fraud and as a result not give those awards if they can avoid doing it. In Wales the decision was actually made by the Auditor General to provide the service to all NFI participants and that is actually funded through the Welsh Consolidated Fund so all NFI participants have access to the service. The extent to which it's being used in Wales is variable. What we'd like to see is public bodies building it into their system controls so it's not a counter fraud tool as such, it's simply a process they go through when deciding whether to grant an application. They don't maybe think of it as a counter fraud tool. What we're finding is some of our participants are using the tool for certain services, not for other services and it's going to take time I think for it to fully embed but over time I do think probably that service should become the main NFI exercise. If it's working effectively it should also reduce dramatically the number of matches in the two-yearly exercise. I have to say that having listened to the previous panel they didn't seem to be terribly enthusiastic. Going back to the cost point it costs, there's either a pay-as-you-go service which works out around £1 a cheque or for a local authority they can pay £1850 for a year and then does many cheques as they wish. I think maybe the difference is in England the cabinet office recharge local authorities directly for their NFI participation so local authorities in England are used to paying for the NFI anyway so the fact that they now pay for an additional service isn't an alien concept to them. I think in Scotland it's funded differently and the main exercise is part of the audit fee so then the fact that there is a fee to pay for NFI for the application checking service maybe isn't what they used to so that might be where some of that. The other thing that I was asking about was the question of housing associations and allios and clearly there should be a great benefit in bringing housing associations into the NFI scheme. Do we have experience of this elsewhere and has it actually shown greater results incorporating housing associations? Certainly in England we're very similar to Scotland in terms of we don't get much participation much engagement with housing associations we do get some around the edges and we've had some good cases where housing associations have discovered and recovered lots of properties and we also have cases where local authorities will incentivise the housing associations to come on board and we'll work with them so they may say put your data in and we'll help you follow up the matches because it's in our interests so the sort of collaborative approach but in the main the vast majority of the housing association stock isn't included in the NFI and obviously that starts to impact on the effectiveness to which you can target social housing fraud. I mean clearly it's a big gap is there any intention to make it mandatory for housing associations and perhaps allios? In England we've committed to working with housing associations and the wider local authority arena to understand how we can better target NFI to help them and for example we just talked about the application checking service we've got an example of one authority in London that's recovered 10 properties or prevented 10 applications going through so it may be the solution it better sits with a real-time service for them so it's at the minute we're in collaboration with them to understand how we can better develop the product to allow them to effectively target their fraud risk. Have experience? I wonder whether I could bring in Mr Gray at this point. Have experience? We have brought in on a voluntary basis the two largest housing associations so that gives us the majority of all the social housing in Northern Ireland is now encapsulated within the NFI. We did it for the first time in the last run. We haven't as yet identified huge outcomes from that. What it has shown up though is a number of data quality issues in the data that's held by housing associations so when they've addressed those issues their data will be a lot more valuable to the NFI and I would expect them to start seeing some outcomes from that. Any experience of this in Wales? Housing associations are not mandatory participants. We have a couple of housing associations that participate on a voluntary basis but the Auditor General has made representations to the National Assembly for Wales about introducing or amending legislation to increase the mandatory participants to include, for example, housing associations and others. I suppose that just to finish this off the question in my mind is would you make it mandatory or are you content to continue with voluntary arrangements because I'm not clear what you're saying to us. Mr Gray, oh sorry. Certainly from our point of view if they're mandatory participants it's going to make it much more straightforward. Obviously there's clearly issues with data and data quality that have to be overcome in the first couple of years but once that's there, once the data sets in, it's much easier to operate on a voluntary basis and our experience of voluntary basis despite the fact it doesn't cost them anything in terms of a fee and despite the kind of awareness raising we've done we haven't been as successful as we would like in encouraging voluntary participation. Is that a view that's shared? Yes. As a traditional public auditor I'm very keen on following the money so where bodies are in receipt of public money I think it's incumbent upon them to participate in those things. It's good public policy. Okay, Mr Rees. I think in terms of the legislation itself simply because organisations can be mandated to participate it doesn't mean that they have to be asked to participate and I think that's an important distinction because for example some housing associations are very very small and the question of proportionality comes into it. Okay, that's a helpful point to make. Willie Coffey. I could ask you a similar question to ask the previous panel. Where a fraud is perhaps established in, say, year one and there's potential for that fraud to be attempted in, say, year two, three, four, five, why wouldn't that data be part of the data set for consideration in years two, three, four, five, you know, to try to stamp out any attempted repeat frauds by a person? I can talk more generally I suppose one of the areas we've looked at is we've started to look at the value of this known fraudster intelligence and as I've alluded to earlier we're looking at Amberhill which is sort of stolen fraud and identities and we're just now working with CyFAS which is database of sort of known fraudsters in the private sector who've committed fraud against the banking and financial sectors and we're looking to see if there is any value. There's also been discussion around the creation of that sort of known fraudster database but as yet I'm unaware of a known fraudster database that anybody retains that would be accessible on something that you could bring into NFI. As I say, Cabinet Office is looking and working with others around a wider sort of known fraudster intelligence sharing service so I think that that is something that's being looked at and considered but at this stage I'm not aware of a sort of, if you like, a benefit fraudster database that we could take and cross-match. If there is an outcome that identifies a person that's having committed a fraud and so on, is that not recorded back in the data somehow? That was a positive match and it led to a conviction or whatever it is. Is that not fed back into the system so that there's kind of red flag possibility there for the next year for that same person? We capture information as you allude. There's a case management system so the participants are able to record on the system so they are able to record the outcomes and the status so they can classify a case as fraud or error and they can tick prosecution or not. Generally you don't know whether it's a successful prosecution and a lot of the time the fraud definition is dependent on how they've defined fraud locally. We give guidance around what you define as fraud and sort of balance of probability, but it is around local interpretation and how they want to record that. I would suggest that we have considered whether we could start to take that information and utilise it but there are lots of challenges there around what's going into that data part, the robustness of it and then data subject notifications. You'd need to then notify the individuals that they've then been put on that database and then you'd need the right of appeal. There is a process that you could explore, but it's not quite as simple. I don't personally think as saying, right, we're going to capture that and we're going to utilise it. The data part, we heard from local authority colleagues that they don't systematically do this, they don't follow up on potential repeat offenders, but is there anything stopping them actually doing it given that they know that they've had a successful case, for example, that are they required only to operate with the dataset that they're presented with? It seems ridiculous that if they know that people are trying to perpetrate and commit certain frauds and have done so, that they would then ignore those people in subsequent years. Are they able to do that from your understanding of the legislation? I suppose from my perspective that if it is a determined fraudster who's out to commit fraud, they're not necessarily likely to use the same details next time, so they're likely to start changing their identity or factors of that application, so it's not going to be Joe Bloggs exactly matching to the previous time. From my perspective, the better way to utilise it, and again they talked about this in the first session, is to look at how those frauds were perpetrated, look at where the internal controls maybe could be strengthened to stop similar incidents going through the system in the future, because if it is a determined fraudster, they're not necessarily likely to use the same details. Russell, in your paper, you mentioned it in your comments earlier about the council tax single person discount, assuming there were 4,846 of them in whatever particular year. When is it to stop those people trying it again in the second year and third year? There's nothing to stop them trying it again, but if they do, they will be caught on the next exercise again. But only if they're in the data set that's presented in the second year? Through the NFI, yes. They might not appear in the second data set for year two or year three. Well, they should do so if they're still doing the same thing, they will appear again, because they will still be matching to the electoral role to claiming the single person discount. But one thing I should say, I think, is that NFI, we believe, is a valuable exercise, but it is only one part of a council or any other bodies fraud prevention and detection arrangements. As one of the previous panel alluded to, internal control is their first line of defence. I could ask a question about the role of HMRC as well. You've heard several colleagues talking about the benefits of densely bringing HMRC within the scope of the NFI. One of the colleagues said, we don't have a legal channel to require or request information. Is that the case? Could HMRC voluntarily give the data on request, or would it require to be brought within the scope of the NFI scheme? Certainly, the data matching powers in England, the same in the other parts, do allow voluntary participation. There have certainly been barriers around sharing Government data, and there have been particular restrictions on Government departments that have been prevented on certain occasions. There has been a digital economy bill that has just gone through Parliament, and part of the remit of that is to look at data sharing to enhance and to facilitate better data sharing. I suspect that you would need to look at the particular cases and the particular HMRC data that you wanted to target, but I think that those gateways are opening if they are not already open. I would also, as the previous session did, allude to the fact that there is already data sharing between the DWP and HMRC around real-time income, which is cross-matched to the housing benefits. The local authorities for the housing benefit element only are getting that information cross-matched and getting those referrals that relate to them. Similarly, DWP is getting the relevant referrals from that intelligence. Yes, there would be benefits in bringing that into NFI, but one of the key benefits would have been housing benefits. That has been done through the different initiatives, so it is just about making sure that we join up those initiatives and understand where the additional benefits lie. We have heard colleagues saying that they had not asked HMRC on a number of occasions, but they just had not asked. What I am trying to find out is, had they asked, would they have been given the data, or has it only come about as a requirement to be part of the legislative framework to hand over the data? From my experience outside NFI, I am aware of some local authorities interacting with HMRC, but I am aware also of the difference of opinion about what they can and cannot get. I would not say that there is a one-standard approach to try this, but there are examples of it working. Is it your considered view across all four areas that HMRC data should be able to be accessed? Yes or no? It is as simple as that. Just so that we have clarity from you, Mr Gray? It would be of tremendous value in preventing and detecting fraud, which is obviously what the NFI is all about, but potentially it does offer other opportunities for data matching. If, for example, we had access to income data, we could, for example, by matching that against social security data, we could identify client individuals and groups of folk who perhaps were not claiming all the benefits they were entitled to. That has certainly been a proposition that has come to me from members of our assembly. It is not just about preventing and detecting fraud. There is a wider social benefit to this. I agree that access to full HMRC data would significantly increase the benefit of the exercise. I like unanimity of opinion. I have one final question from Monica Lennon. In the last panel session, I raised the issue about not using the software updates, perhaps not responding promptly to other organisations. We are getting at some of the resources and capacity issues, but I see that the source of those concerns is, indeed, from the Cabinet Office NFI team. Mr Shillington, it is in the appendix 3 of the Audit Scotland report, if you have it in front of you. If those concerns and patterns that you have identified relate to capacity and resources, or is it more about skills and a lack of training in some of the teams? I think that some organisations have the best of intent and do not necessarily use the tools that they can to target the work that they do. Others do not have the capacity that is about targeting that capacity. I think that there are examples of some that do not have the intent to follow up the matches. It is across the spectrum. As I alluded to earlier, what we are looking to do is provide the tool and the technology to allow those participants to target their action, target their resources at those cases that meet their investigative requirements. The tool allows them to prioritise and to use the tool to identify those that meet their criteria for investigation. I think that lack of awareness and lack of training sometimes means that they are not aware of that, but we certainly do not expect organisations to follow up every match. That has never been the intention. It is about using the tool effectively. What I would say is that, from a central co-ordination angle, we have management information that we are looking at. If we can spot poor practice, we will try to stop that so that we can see ineffective use of the tool. We will intervene and try to encourage organisations to use it more effectively. That is helpful. Is that just hoping that people will be a bit of goodwill and that they will respond to that appropriately? You cannot, I suppose, compel people to use the software in a certain way? No, we cannot. Obviously, we can encourage them where we do not feel they are using it effectively to maximise the benefits and equally where we think they are using it ineffectively and that their resources could be better targeted. We will try and support them, so we will support them through that process. Now that we are part of the Cabinet Office, when we are part of the Audit Commission, we have those audit avenues that you talked about in the previous session open. We do not have those. I wanted to add something. If I could just add something from our experience in Wales, organisations that are mandatory participants are required to provide the data sets. There is nothing mandatory about what happens with the matches. The only sanction available to us is ultimately publicity. We have said in the past to an organisation who was not investigating matches. We will name you in our annual report as the only organisation in Wales who has not investigated any matches. That spurred them on into looking at some of the matches and finding matches and recovering information. For want of a better phrase, naming and shaming is probably the only sanction available to us in terms of persuading them to participate, other than us talking and sitting down with them, working through various things about how they could further privatise the matches. In the absence of other questions, I have one last thing to clarify with Mr Frith, if I might. You mentioned, both in your submission and in oral evidence, about the issue of electoral role data. There appear to be different legal views as to whether electoral law allows electronic copies of the register to be provided for data-matching purposes. Would it be helpful if the committee clarified the extent of the power with the cabinet secretary when we have him before us? It would be very useful to have his views, yes. You do not think that you currently have that power? We think that the power could be read into the legislation. A couple of authorities have come to a different view. If my understanding is right about England, I think that every local authority provides the equivalent data. In relation to those electoral roles, they are used mainly in relation to the single person discounts. We do accept that NFI is not the only way in which you can obtain that information. For example, if a council employs a credit reference agency, they can get other data sets in that way, which can also help them to identify errors in single person discounts. I thank all of the witnesses, particularly those who are far travelled for coming this morning. If there are any matters of detail that we wish to pursue with you, we will write to you once we have had an opportunity to reflect on the first panel's evidence, and we may come back to you with questions. The committee will note that we have the Scottish Government coming to give evidence on NFI on 15 June. I thank our witnesses and move us on to item 2, but before I do so, I will suspend the meeting briefly to allow you to move away from the table. Thank you very much. I am conscious of time, so I will move to agenda item 2 very quickly. The committee has a note of all the major capital projects progress. It is an update from the Scottish Government, which we considered is for March 2017. The covering paper by the clerks highlights four suggestions for inclusion in future updates. I think that those suggestions came from the Auditor General. Do members agree to ask the Scottish Government to progress these? Yes. Okay, great. I wonder whether I could also suggest that we ask for some additional information. Things like economic impact, the jobs generated during the construction phase, because I think that there is a good story to tell with the amount of investment that there is through procurement, and for those that are revenue projects, because we have been given capital costs, but a number of these are revenue projects, so there is a net, I think, present value, it is called NPV, which is different to the capital costs. Actually getting both those figures allows us to understand what the true cost is, so I think that that would be useful. I am conscious that there may be other committees interested in this, and members have pointed this out previously. Can I suggest that we share this information with other committees, as is the practice of the clerks? If people are happy with that, the only thing left to consider is whether we would like to take oral evidence in September. Can I make a suggestion that we wait and see what information we get back in and then make a judgment, hopefully before September starts, as to whether that would be a helpful thing to do? Is that agreed by the committee? Excellent. Thank you very much. On that basis, there is no meeting next week for some strange reason, so I close this meeting and I look forward to seeing you all in a fortnight's time.