Legal Framework

From October 2010

From October 2010 (NFI 2010/11) Audit Scotland intends to conduct data matching exercises under new powers which are expected to be included at Part 2A of the Public Finance and Accountability (Scotland) Act 2000.

Under the new powers:

1. Audit Scotland may carry out data matching exercises, or arrange for them to be carried out on its behalf, for the purpose of assisting in the prevention and detection of fraud or other crime; and for assisting in the apprehension and prosecution of offenders.

2. Audit Scotland may require certain persons (or bodies) to provide data for data matching exercises. These bodies are listed below. These are bodies to which the Auditor General or the Accounts Commission appoints auditors.

3. Audit Scotland may allow other persons to participate in data matching exercises on a voluntary basis. Where they do so the legislation states that there is no breach of confidentiality and generally removes any other restrictions in providing the data for matching.

4. The requirements of the Data Protection legislation continue to apply.

5. Audit Scotland may disclose the results of data matching exercises where this assists the statutory purposes described at 1 above, including disclosure to bodies that provided the data and to the auditors appointed by the Auditor General or the Accounts Commission.

6. Audit Scotland may disclose both data provided for data matching and the results of data matching to the Auditor General for Scotland, the Accounts Commission, the Audit Commission in England, the Auditor General for Wales, the Comptroller and Auditor General for Northern Ireland and the National Audit Office, for the purposes described at 1 above.

7. Wrongful disclosure of data obtained for the purposes of data matching by any person is a criminal offence.

8. Audit Scotland may impose reasonable charges on any body that discloses data for, or which receives the results of, a data matching exercise.

9. Audit Scotland must prepare and publish a data matching code of practice. All bodies conducting or participating in its data matching exercises, including Audit Scotland itself, must have regard to the code.

10. Audit Scotland may report publicly on its data matching activities.

Before October 2010

The framework described under this sub-heading applies to NFI exercises undertaken in Scotland up to NFI 2008/09 (i.e., data collected for matching prior to October 2010). This framework may also be applied at future exercises (e.g. NFI 2010/11) if anticipated new powers for data matching are not enacted. It may also support future areas of data matching that are not provided for in the new legislation.

The NFI is conducted in Scotland as part of the statutory audits of public bodies. It is a condition of the statutory audit appointments for auditors to follow a Code of Audit Practice prepared by Audit Scotland. That Code and relevant auditing standards impose certain duties on auditors relating to the prevention and detection of fraud and the arrangements made by audited bodies. The Code of Audit Practice is available to download from Audit Scotland’s web-site

Data is required from bodies by auditors under section 100 of the Local Government (Scotland) Act 1973. Under section 100 a local authority auditor may obtain information from the audited body and ‘any other person’ provided that information appears to the auditor to be necessary for the purpose of auditing the accounts of a body governed by the 1973 Act. Auditors may therefore obtain information from non local authority bodies, for example, to help detect housing benefit fraud committed in councils by students and individuals employed elsewhere in the public sector.

It is a criminal offence for a person to wilfully or negligently fail to comply with a requirement of an auditor under section 100.

For NFI purposes, auditors are assisted by staff in Audit Scotland and the Audit Commission under arrangements permitted under section 53 of the Local Government in Scotland Act 2003.

The Audit Commission also has powers under paragraph 9 of Schedule 2A of the Audit Commission Act 1998 to provide advice and assistance to another public authority. The definition of a public authority includes Audit Scotland and appointed auditors of public bodies in Scotland.

The Audit Commission matches the data on behalf of Audit Scotland.

Audit Scotland will report the results of NFI exercises to the Accounts Commission and the Auditor General for Scotland, and may publish any such report.  Audit Scotland expects that such reports will deter individuals from defrauding public bodies.

Link to Scottish Government Website