Missing CDs - why the NAO wanted millions of child benefit records

Evidence has emerged of why the National Audit Office asked HM Revenue and Customs for a large download of information from the child benefit database.

After receiving the request, HM Revenue and Customs sent the National Audit Office details of all child benefit recipients: records for 25 million individuals and 7.25 million families. These records included the names of children and their parents, addresses, dates of birth child benefit numbers, national insurance numbers, and, where relevant, bank or building society account details.

The National Audit Office suggested HMRC to remove the names of parents, their addresses and bank details but the department declined.

In the House of Commons on 20 November 2007 the Chancellor of Exchequer, Alistair Darling, asked why the National Audit Office had asked for so much information from the child benefit database.

Darling said: “It is not at all clear to me why seven million records would be necessary, or whether it would be possible for anyone actually to look at seven million records and properly audit them.”

Earlier this week (on 21 November 2007) this blog disclosed that the practice of transferring details all child claimants onto CDs became established in March this year after HMRC’s auditors, the National Audit Office [NAO], ceased to accept sample records for its audit of the department’s accounts.

Now it’s becoming clear why the NAO wanted so much information from the child benefit database rather than merely a sample of data.

The NAO says that child benefit payments amount to £10bn. An NAO senior executive says in a letter dated 9 November 2007 to the director of tax credits and benefits at HMRC: “By any objective measure, Child Benefit is material to [HM Revenue and Customs’] Resource Accounts and we have to carry out substantive audit work on this figure, if we are to obtain sufficient appropriate evidence to support the Comptroller and Auditor General’s audit opinion.”

In the past NAO staff, in seeking assurances about possible levels of fraud and error in child benefit payments, relied mainly on HM Revenue and Customs’ own review of a sample of cases – about 1,500.

This was only a small sample. Before child benefit was run by HMRC it was administered by the Department of Work and Pensions which used many more sample records – about 20,000 child benefit cases – to check for fraud and error.

The Tax Credits Act 2002 transferred the responsibility for the administration of child benefit from the DWP to HM Revenue and Customs.

Worried that HMRC tested too few child benefit cases to give any assurances for audit purposes, NAO staff decided to do their own comprehensive analysis of child benefit data – which is why they asked HMRC to provide the entire child benefit database, though they suggested the names of parents, addresses and bank account details were removed first.

An NAO employee sent an email to the Benefits Office, which is part of HMRC, on 13 March 2007: “I do not need address, bank or parent details in the download – are these removable to keep the file smaller?”

A Benefits Office employee declined politely to provide edited information from the child benefit database. The employee’s reply to the NAO, which was emailed about an hour later, said: “I must stress we must make use of [existing] data we hold and not overburden the business by asking them to run additional data scans/filters that may incur a cost to the department.”

In deciding to do their own larger-scale checks the NAO staff had to bear in mind new, more exacting international standards on auditing.

An NAO executive has written to an HMRC director to apologise for not explaining clearly to HMRC’s Finance Director the implications of the change in audit approach. The executive says to the HMRC director in a letter dated 9 November 2007:

“We are obviously aware that there are a number of lessons to be learned from this incident [that of the two missing, unencrypted CDs which contained information on 25 million people on the child benefit database].

The NAO executive adds:

“Clearly we have to suspend the way in which we are currently accessing child benefit data; and I am happy to confirm that we have now done this. We will need to discuss with you how we can meet our obligations under the auditing standards whilst helping you to maintain the high standards of data security sufficient to satisfy the responsibilities we both have for data protection.”


I have posted a separate analysis and comment on this: Missing CDs – an excuse for ministers to attack the NAO?


Missing child benefit CDs: what went wrong, and why it would have carried on regardless

HMRC calm as search for CDs continues

HMRC: Emails confirm poor CD password protection

An accident waiting to happen

Don’t worry, every detail of your life will be safe with us

Government security failure