REDCAR & Cleveland Council could have to fork out a further five figure sum after its external auditor said it needed to carry out more work because of a cyber attack earlier this year.

Mazars said the scope of its considerations had been significantly extended in terms of auditing the council’s financial accounts for 2019/20 and determining whether the authority provided value for money.

The council is already facing a multi-million pound bill because of a ransomware attack on February 8 this year, which Mazars described in its progress report as having a “catastrophic” effect on its IT and telephony functions.

So-called business critical functions were restored within four to six weeks and the council subsequently has been in negotiations with the Government over meeting the cost of the work required.

In its report Mazars said it would have to check the work carried out to restore financial systems and this would cost a minimum of £7,882 plus VAT.

It also proposed a review of the council’s IT arrangements using specialist cyber security expertise, which would cost £11,286 plus VAT, although this sum was subject to further negotiation with council managers and could be reduced.

The report said the review would determine if the council had proper arrangements in place to either prevent or reduce the likelihood of a cyber security breach.

Gavin Barker, a director of Mazars, told members of the council’s governance committee that it was “hearing a lot of people telling us that the council did have proper arrangements in place”.

He said: “We are not doubting that, we just have to reach our own conclusion, based on the evidence presented which is exactly what we intend to do.”

Mr Barker said Mazars fees were “priced fairly”, adding: “We have thought very carefully about what we need to do and how we need to do it, so hopefully members will be able to take some assurance from that.”

Councillor Christopher Massey said: “I welcome the extra work that you are going to put in and I think it will be worth every penny.

“People are not asking these questions to be nasty or critical, they are asking to ensure the right processes are in place.”

Councillor Bill Clarke claimed members had been “neglected” and not received sufficient update reports both on the cyber attack and the impact of the covid-19 outbreak.

But Councillor Glyn Nightingale, who has the financial resources portfolio at the council, said: “Councillor Clarke should be assured that the information was circulated and provided in committee reports.”

He added: “I am delighted that Mazars are doing some extra work because it will be providing us with confirmation of the excellent work IT staff have done.”

Councillors agreed the fee of £7,882 in relation to the additional financial statements work.

Meanwhile, Mazars said it would seek approval for a revised estimate of the additional £11,286 fee in relation to its value for money conclusion at a meeting of the governance committee on September 29.

It said it would present an audit completion report to the same committee on November 24.

Because of the impact of the coronavirus outbreak on local authorities the Government changed the dates they were allowed to publish their draft and final accounts until later in the year.

The deadline for councils to publish their draft financial statements has moved from May 31 to August 31 and final audited statements from July 31 to November 30.