1.1 Unsurprisingly, like all Council services, the Coronavirus pandemic has had a significant impact on Internal Audit, including the way in which our staff work, the nature of the work we are able to carry out and the extent to which we are able to deliver our planned audit activities.
1.2 As explained in previous update reports to this committee, the decision was taken at the outset of the pandemic to effectively suspend all 2020/21 planned audit activities in order to avoid interfering with the organisation’s response to the pandemic and also to enable us to refocus our efforts on providing advice and support to services over the control environment, especially where significant changes to working practices have been required. In addition to this, a number of staff from across Orbis Internal Audit were also redeployed to other front-line teams to assist with their own response to the pandemic.
1.3 Now that much of this work has been completed and most staff have returned from redeployment, it has been necessary to revise the original audit plan in order to reflect the new risk environment and the reduced period of coverage. The purpose of this report is therefore to present to management and the committee the revised plan for 2020/21, covering the period from September 2020 to March 2021. Full details of the revised Internal Audit plan are provided in Section 5 of this report.
2. Process for amending the plan
2.1 The update to the plan has followed a similar (but reduced) process as that used to produce the original 2020/21 Internal Audit Plan, including management’s assessment of risk and our own risk assessment of the Council’s major systems and other auditable areas. It has involved consultation with a range of stakeholders, the re-review of risk registers and external guidance, comparison with other authorities’ and our knowledge of the impact of Covid 19 on this organisation and the delivery of its services.
2.2 Despite the extent of changes that have been made to our audit coverage in 2020/21, it is anticipated that, taking into account the Covid 19 reactive work carried out in the first part of the year and delivery of the revised plan set out below, sufficient work will still have been completed to enable the Chief Internal Auditor to provide an overall annual internal audit opinion for the organisation covering 2020/21. Periodic update reports on progress and performance of the service will continue to be provided to management and the Audit and Standards Committee.
3. Deletions from the original audit plan
3.1 The table below details the proposed deletions from this year’s Internal Audit Plan. Only one key financial system has been deleted. This is the audit of Housing Benefits which will be scheduled for quarter 1 of 2021/22. The prioritisation of the other audits in this list will be considered as part of the audit planning process for 2021/22.
|
Directorate |
Audit Title |
|
EEC |
Parking Enforcement |
|
EEC |
Section 106 (Planning) |
|
F&R |
Capital Programme |
|
F&R |
Housing & Council Tax Benefits |
|
FCL |
Apprenticeship Levy |
|
FCL |
Special Education Needs |
|
HASC |
Residential Care for the Elderly |
|
HASC |
Payments to GPs and Pharmacies |
|
HNC |
Housing Local Delivery Vehicle (Follow-up) |
|
IT&D |
Orbis ICT Cross-authority Working Arrangements |
|
IT&D |
IT&D Major Projects |
|
IT&D |
GCSX Replacement |
|
IT&D |
Departmental IT Teams |
|
IT&D |
End Users and Senior Stakeholder Behaviour |
|
IT&D |
Data Sharing Arrangements (with other Authorities and Health Partners) |
4. Additions to the Original Audit Plan
4.1 The following audits have been added to the revised Internal Audit Plan for 2020/21. These include a number of reviews that have a direct focus on the Covid 19 pressures faced by the Council, and/or the Council’s response to managing the impact of the pandemic.
4.2 A narrative description of each of the audits is contained under paragraph 5 of this report.
|
Directorate |
Audit Title |
|
EEC |
City Clean - Commercial Waste (Follow-up) |
|
F&R |
Covid 19 System Changes |
|
FCL |
Home to School Transport (COVID 19) Grant |
|
FCL |
School Attendance |
|
FCL |
Children’s Assessments - EHCP’s |
|
HASC |
Better Lives, Stronger Communities Programme |
|
HASC |
Health and Social Care Integration (Strategic Risk 20) |
|
HASC |
Direct Payments (Follow-up) |
|
IT & Digital |
Cyber Security during COVID |
|
IT & Digital |
Information Governance (Remote Working) |
|
IT & Digital |
IT Asset Management During COVID |
|
IT & Digital |
Housing Management System implementation |
5. Counter Fraud
5.1 The Counter Fraud Team has continued to operate during the whole of 2020/21 but with significant restrictions on some areas of activity e.g. the investigation of housing tenancy fraud.
5.2 This service will continue throughout the remainder of 2020/21 with contingencies in place to ensure the delivery of both an effective reactive and proactive counter fraud service.
5.3 In addition, Internal Audit will promote an anti-fraud and corruption culture within the Council to aid the prevention and detection of fraud. Through the work of the Counter Fraud Team, Internal Audit will maintain a fraud risk assessment and deliver a programme of proactive and reactive counter fraud services to help ensure that the Council continues to protect its services from fraud loss. This includes leading on the National Fraud Initiative data matching exercise on behalf of the Council.
6. Revised Internal Audit Plan 2020/21
6.1 The table below details the full list of audits to be delivered as part of the revised 2020/21 Internal Audit Plan.
|
Outline Objective
|
|
|
Finance and Resources |
|
|
Working Time Directive (Follow-up) |
A follow-up on a partial assurance 2019/20 report, including providing assurance that effective monitoring arrangements are in place, opt-out agreements are being signed and that managers and staff are aware of their statutory obligations. |
|
Recruitment |
An audit of the Council's recruitment arrangements. To provide assurance that all recruitments comply with approved procedures and that controls mean that appropriate evidence of identity and competency is obtained to support all decisions made. |
|
Payroll |
To review controls in relation to the staff payment system, including those relating to starters, leavers, temporary and permanent payments, variations of pay, and pre-employment checks. |
|
Debtors |
To review the processes and key controls relating to the accounts receivable system, including those in place for ensuring the accuracy of customer details, completeness, accuracy and timeliness of invoicing, recording and matching payments to invoices, and debt recovery. |
|
Creditors |
To review the processes and key controls relating to the accounts payable system, including those in place for ensuring the accuracy of vendor details, the processing of invoices, goods receipting and promptness of payments. |
|
Council Tax |
To provide assurance that controls over council tax collection are effective, including billing, collection, recovery and the award of discounts. |
|
Business Rates (Amended) |
That controls over business rate collection are effective including billing, collection, recovery and reliefs. Additional assurance work will be carried out on Covid Business Grant awards. |
|
Review Name |
Outline Objective |
|
Budget Management |
A review of the Council’s budget management arrangements, to include an assessment of the extent to which planned savings are being delivered. |
|
Covid 19 System Changes (New) |
To revisit changes to processes and systems that were made in response to Covid-19 to ascertain whether these remain appropriate and, if so, are adequately controlled. |
|
Families, Children and Learning |
|
|
Schools Audits |
Allocation to include a sample of individual schools, general advice and the communication of guidance and best practice to schools. |
|
EU Grant- Providing Access to Childcare and Employment (PACE) |
To provide financial scrutiny and certification of the grant in accordance with the EU First Level Controller requirements. |
|
Home to School Transport (COVID 19) Grant (New) |
To check and certify the grant in accordance with the requirements of the Department for Transport. |
|
School Attendance (New) |
To review the council's arrangements to ensure that school attendance is effectively managed and monitored across the city during the Covid pandemic. |
|
Children’s Assessments - EHCP’s (New) |
To review the assessment process for education, health and care packages for young people. To include examining the timeframes for assessment and review. |
|
Health and Adult Social Care |
|
|
Hospital Discharge Arrangements |
An audit to review governance and accountability arrangements between organisations and teams for discharge planning. |
|
Home Care Follow-up |
A follow-up on the 2019/20 Minimal Assurance report on this service. To provide assurance that actions relating to the recording of visits and payments to service providers have been implemented. |
|
Better Lives, Stronger Communities Programme (New) |
To review the Better Lives, Stronger Communities Programme. To provide a assurance on the programme management arrangements . |
|
Health and Social Care Integration (Strategic Risk 20) (New) |
A review of Strategic Risk 20. The risk reads, "Failure to achieve Health and Social Care outcomes due to organisational and resource pressures on the CCG and BHCC. The audit will review the management of this risk and the documented mitigations put in place. |
|
Direct Payments (Follow-up) (New) |
A follow-up on the 2019/20 audit review of Direct Payments which concluded Partial Assurance. |
|
Environment, Economy and Culture |
|
|
City Clean (Follow-up) |
To follow-up on actions arising from Internal Audit work and investigations within this service in 2019/20. |
|
Review Name |
Outline Objective |
|
EU Grant - Shaping Climate change Adaptive PlacEs (SCAPE) |
To provide financial scrutiny and certification of the grant in accordance with the EU First Level Controller requirements. |
|
EU Interreg Grant- Brighton Cultural Heritage Tourism |
To provide financial scrutiny and certification of the grant in accordance with the EU First Level Controller requirements. |
|
Transport Capital Grants |
To check and certify the grant in accordance with the requirements of the Department for Transport. |
|
City Clean - Commercial Waste (Follow-up) – (New) |
To follow-up on actions agreed that arose from an Internal Audit review in 2017/18. |
|
Neighbourhoods, Communities and Housing |
|
|
Housing Temporary Accommodation |
A follow-up on the 2019/20 audit of Housing Temporary Accommodation. To focus on budget management and debt collection. |
|
Housing Repairs Contract |
To provide advice and assurance over the arrangements to bring the housing repairs service in house. |
|
EU Grant - Solar Adoption Rise in the Two Seas (Solarise) |
To provide financial scrutiny and certification of the grant in accordance with the EU First Level Controller requirements. |
|
EU Grant - Sustainable Housing Initiatives in Excluded Neighbourhoods (SHINE) |
To provide financial scrutiny and certification of the grant in accordance with the EU First Level Controller requirements. |
|
Housing and Right to Buy Fraud |
The investigation and prevention of HRA housing fraud, including illegal subletting and the prevention of Right to Buy irregularities. |
|
IT and Information Governance Audits |
|
|
Care System Implementation - ECLIPSE |
An audit of the controls over the implementation of the ECLIPSE care system. |
|
MCM Housing Repairs Application |
To enable a smooth transition to an in-house Housing repairs, service the Council has opted to use the Mears MCM works management system for a period of two years. This audit will review major input, processing and output controls and will review the controls in place to interface with the payment system and general ledger. |
|
Cyber Security during COVID (New) |
This review will ensure that cyber security controls that are in place remain appropriate and continue to function as expected in this period. |
|
Information Governance (Remote Working) (New) |
The audit will review the controls in place to ensure information governance arrangements are in place when staff are working remotely. The audit will include review of the controls over printing, confidentiality of data, use of communication and 3rd party 'cloud' tools. We will also ensure there are sufficient arrangements to undertake the investigation and reporting of Data Breaches (remotely). |
|
IT Asset Management during COVID (New) |
This review will evaluate the effectiveness of the controls in place to support effective ICT asset management to support remote working arrangements. |
|
Housing Management System implementation (New) |
Project review of the implementation on the new Housing Management System. |
|
GDPR Follow-up |
This audit will follow-up the previous GDPR audit to ensure actions have been implemented as agreed and to identify any further work required to comply with the requirements of the GDPR. |
|
Children's Safeguarding Data Handling |
Social workers/safeguarding teams often use video to record interviews and other interactions with children. This audit will seek to ensure there is an appropriate Data Protection Impact Assessment (DPIA) in place and being complied with, appropriate permissions are sought, and data is encrypted in transit and deleted as appropriate. |
|
Internal Audit Service Management and Delivery |
|
|
Action Tracking |
Ongoing action tracking and reporting of agreed, high risk actions. |
|
Annual Internal Audit Report and Opinion |
Creation of Annual Report and Opinion. |
|
Audit and Fraud Management |
Overall management of all audit and counter fraud activity, including work allocation, work scheduling and Orbis Audit Manager meetings. |
|
Audit and Fraud Reporting |
Production of periodic reports to management and Audit Committee covering results of all audit and anti-fraud activity. |
|
Audit Committee and other Member Support |
Ongoing liaison with Members on internal audit matters and attending Audit Committee meetings and associated pre-meetings. |
|
Client Service Liaison |
Liaison with clients and departmental management teams throughout the year. |
|
Client Support and Advice |
Ad hoc advice, guidance and support on risk, internal control and governance matters provided to clients and services throughout the year. |
|
Orbis IA Developments |
Audit and corporate fraud service developments, including quality improvement and ensuring compliance with Public Sector Internal Audit Standards. |
|
Organisational Management Support |
Attendance and ongoing support to organisational management meetings, e.g. Orbis Customer Board, Information Governance Board, Orbis Customer Board, Corporate Health and Safety meetings. |
|
Strategy and Annual Audit Planning |
Development and production of the Internal Audit Strategy and Annual Audit Plan, including consultation with management and Members. |
|
System Development and Administration |
Development and administration of Audit and Fraud Management systems. |