APPENDIX 1
Internal Audit and Counter Fraud
Quarter 1 Progress Report 2022/23
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Housing Rents - Partial Assurance (2021/22)
1.1 Housing rents are collected from approximately 11,700 rented properties and 2,900 leasehold properties and are paid into the Housing Revenue Account.
1.2 The purpose of this audit was to review the rent accounting key controls, rent setting, collection, recovery, and reconciliations.
1.3 A new housing system, NEC, was introduced in July 2021 to replace OHMS and as part of this audit we reviewed whether policies and procedures had been updated to reflect this change.
1.4 We found that the introduction of the new system had presented some challenges, particularly in light of its introduction during the COVID-19 pandemic. The Implementation Team, Housing Systems Programme Team and the Business Solutions Team were still providing support and training for staff using NEC at the time of the audit.
1.5 The arrears process and timescales for escalation changed during the COVID-19 pandemic, which meant that letters to tenants had to be rewritten to reflect the changes. Notice of Seeking Possession Orders were suspended in compliance with guidance from central government. The new system was designed to work through a normal escalation process and issues arose because of this.
1.6 We found that there was some uncertainty around the calculation of direct debits in the new system and consequently we were unable to verify this. As such, there is a risk that accounts will show an under collection of rent, and an action for the service to check and quantify this has therefore been agreed.
1.7 Account Managers have reverted to using spreadsheets to manage arrears, rather than use the automated NEC process. In these circumstances, there is a risk of loss of transparency and more inconsistency in the application of the arrears policy.
1.8 Information on performance statistics has been delayed as some of the OHMS reports have not been built in NEC. It has not been easy to replicate reports from the OHMS system and more work is required to identify which are the key reports so these can be prioritised.
1.9 Finally, an action was agreed to develop a new strategy to monitor, manage and recover debts for Housing Rents.
1.10 All actions arising from our review have been agreed with management and will be subject to a formal follow-up in due course.
Council Tax – Reasonable Assurance (2021/22)
1.11 This is a key financial system that includes the calculation, billing, and collection of Council Tax.
1.12 Based on the audit work carried out, we found that the Council Tax system is promptly updated with property changes and bills are issued in a timely manner. Reconciliations are completed regularly, and records reviewed were accurate. Controls are also in place to ensure that any changes to billing parameters are restricted to key officers.
1.13 At the time of the audit, collection rates were running below target, representing a risk of uncollected Council Tax. There was an overall deficit in the collection fund of £4.3m.
1.14 Whilst the main controls were found to be in place, we did identify that there was not always sufficient evidence retained to support all discounts, exemptions, and disregards, running the risk that some may not be valid. However, we did note that a programme of annual reviews of the higher risk discounts has restarted, having previously been paused during the COVID- 19 pandemic.
1.15 Finally, the need for further action was also identified in relation to improving collection rates, reducing arrears and to improving the write off procedure.
1.16 In all areas where improvement was required, appropriate actions have been agreed with management.
Accounts Receivable (Debtors) – Reasonable Assurance (2021/22)
1.17 The Central Collections Team are responsible for ensuring that all income due to the Council is collected and correctly accounted for.
1.18 The objective of this audit was to provide assurance that accounts are correctly calculated, timely invoices are raised, reasonable efforts are made to recover all income due to the Council, reconciliations are completed, and aged debt and any write offs are appropriately managed.
1.19 A debt recovery project was put in place before the pandemic to address concerns relating to the recovery of aged debt. However, this project and the team have been significantly impacted by the COVID-19 pandemic and a decision was made to suspend the active recovery of debt.
1.20 At the time of the audit the volume of aged debt had not improved since the previous review and stood at 6,560 invoices and £10.2m.
1.21 We note however, that new processes and controls have been introduced through the debt recovery project and this is now having a positive impact, improving recovery, and reducing 30-to-90-day debt.
1.22 Further improvements include making debt more visible to each directorate and service area so that they can work together to improve recovery rates and considering use of external companies that specialise in debt recovery.
1.23 Further actions have been agreed to manage suspended accounts, where the debt is removed from the automatic recovery cycle, and to reduce cancellation of invoices because of duplicate interface runs.
1.24 In all cases, appropriate actions to address the above issues have been agreed as part of a formal management action plan. This will also be followed up as part of future Accounts Receivable audits.
IT&D Strategic and Operational Risk Management Arrangements – Reasonable Assurance (2021/22)
1.25 IT risk management is the process to continually identify, assess, and reduce IT-related risk. With organisations placing an even greater reliance on IT and the support provided by their IT departments, the Council should adapt to address IT-related risks accordingly and ensure that ownership is appropriate.
1.26 This audit aimed to provide assurance that appropriate risk management arrangements are in place across the Council in relation to IT&D, with awareness and ownership of risks across all departments, including within IT&D.
1.27 The Change Advisory Board is a key control in the risk management process and helps IT&D operate across the three Councils in the Orbis partnership, considering different risk appetites before changes are made.
1.28 We found that robust arrangements are in place to identify risks and develop actions designed to mitigate the risk, with responsibilities clearly assigned to officers.
1.29 Further improvements could be made to ensure that there is wider access to technical risk assessment reports and technical advice, providing a more holistic approach to IT &D related risks and how they are communicated to stakeholders and managed by the respective service areas.
1.30 In all cases, the necessary actions from improvement have been agreed with management.
Network Access Management (Follow-up) – Reasonable Assurance (2021/22)
1.31 Access management is the process by which ‘users’ network accounts, along with access to systems or data, is controlled to maintain a secure data environment and help prevent unauthorised access.
1.32 This audit followed up on the previous Access Management audit (Partial Assurance) to ensure that previously agreed actions had been implemented and the control environment has improved.
1.33 Overall, we found that four of the five actions identified in our previous review were either fully or partially implemented.
1.34 The Access Modernisation project has also made progress and aims to create a more joined-up access management process across the Council. This has included improvements in identifying responsibilities for access management. We found that new controls in place to identify leavers and inactive accounts are working effectively.
1.35 Some further actions to improve controls have been agreed with management, including developing a joint improvement plan for end-to-end access and strengthening the verification process for new accounts.
Post Brexit Information Governance Audit – Substantial Assurance (2021/22)
1.36 Following the UK withdrawal from the European Union in January 2020, there was a transition period to 31st December 2020, where the UK remained subject to EU laws. It was expected that, following this transition, laws could be changed and some of these may relate to information governance.
1.37 This audit sought to provide assurance that Council data is being stored appropriately and in line with relevant legislation, following the Brexit transition period.
1.38 We found that whilst no changes to information governance arrangements have yet been required, controls are in place to identify changes to regulations and any action needed to ensure that the Council is compliant with any new laws.
Schools
1.39 We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:
· Governance structures are in place and operate to ensure there was independent oversight and challenge by the Governing Body;
· Decision making is transparent, well documented, and free from bias;
· The school is able to operate within its budget through effective financial planning;
· Unauthorised or inappropriate people do not have access to pupils, systems or the site;
· Staff are paid in accordance with the schools pay policy;
· Expenditure is controlled and funds used for an educational purpose;
· All unofficial funds are held securely and used in accordance with their agreed purpose; and
· Security arrangements keep data and assets secure and are in accordance with data protection legislation.
1.40 At the time of writing, school audits continue to be undertaken under remote working arrangements.
1.41 One school audit was delivered in quarter 1. The table below summarise our findings together with the final level of assurance given.
|
Name of School |
Audit Opinion |
Areas Requiring Improvement |
|
Downs View School – Woodingdean, Brighton |
Partial Assurance |
· The school should adhere to the statutory regulations regarding the publication of Governors’ updated declaration of interest on the school’s website. · The PE & Sports Premium strategy should be published on the school’s website as per government regulations. · The Headteacher should review and approve the monthly payroll to provide oversight and ensure accuracy of payments. · The school fund needs to be managed adequately, audited annually in accordance with the school fund Terms of Reference and Governors need to have greater oversight of the fund.
|
1.42 We aim to undertake follow-up audits at all schools with Minimal and most schools with Partial Assurance opinions.
1.43 The core financial role of the LA is to set and monitor a local framework including provision of budgetary information, provision of a financial oversight and ultimately intervening where schools are causing financial concerns. Schools (the governing body and the Headteacher) are required to manage their delegated budget effectively ensuring the school meets all its statutory obligations, and through the Headteacher comply with the LA’s Financial Regulations and Standing Orders.
EU Grant – Blueprint for a Circular Economy (Claim 4)
1.44 This is an EU project focussing on helping the Council to implement a circular economy. The total value of the project is EUR 402,322, with EUR 277,602 funded by the European Union. This was the fourth claim on this project.
1.45 No significant issues were identified in the grant certification.
DHSC Grant - Adult Weight Management Grant
1.46 This is a new ringfenced grant available to local authorities from the Department of Health and Social Care to support the commissioning of adult behavioural weight management services. The amount of £99,487 was provided to the Council for 2021-22.
1.47 No significant issues were identified in the grant certification.
2. Proactive Counter Fraud Work
2.1 Throughout the year, we are continuing to liaise with the services to ensure that matches from the National Fraud Initiative are being reviewed and processed and we continue to monitor intel alerts and share information with relevant services when appropriate.
Summary of Completed Investigations
2.2 The team continue to support the Adult Social Care team with investigating a number of allegations of deprivation of capital and potential false statements to obtain direct payments.
Housing Tenancy & Local Taxation
2.3 In addition to the above, a key focus area remains housing tenancy fraud and Local Taxation.
3. Action Tracking
3.1 All high priority actions agreed with management as part of individual audit reviews are subject to action tracking. As at the end of quarter 1, 94.7% of high priority actions due had been implemented.
3.2 There were two high priority actions which were overdue at the end of the quarter, however the service has recently communicated that both actions were completed at the start of quarter 2. Details of these are provided below.
|
Details of Audit Issue |
Dir. |
Due date |
Revised date |
Agreed Action |
|
Temporary Accommodation Management of arrears for former tenancies |
HNC |
30.09.21 |
07.05.22 Implemented July 2022 |
There should be a system in place to identify and recover all debts, including those relating to former tenancies.
Former tenancy accounts should be reviewed to identify where amounts are deemed to be recoverable, and then either pursued where appropriate or written off. |
|
Temporary Accommodation Management of arrears for Emergency Accommodation
|
HNC |
30.09.21 |
07.05.22 Implemented July 2022 |
There should be a system in place to identify and recover all debts, including those relating to Emergency Accommodation.
Prior to the transfer of accounts to NPS, both current and former accounts should be reviewed to identify where amounts are deemed to be recoverable, and then either pursued where appropriate or written off. |
3.4 A number of high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit & Standards Committee.
4. Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following reviews have been added to the audit plan so far this year:
|
Planned Audit |
Rationale for Addition |
|
Highways Contract Management |
This audit was included as part of a response to concerns raised by a previous whistleblowing allegation and will seek to review arrangements against the agreed contract framework, including job specifications and use of materials |
|
Test and Trace Support Payment Grant |
This grant was allocated to the Council to support financially vulnerable people who were required to self-isolate due to a COVID-19 infection. The grant expenditure requires certification by Internal Audit. |
4.2 In order to allow these additional audits to take place, the following audits have been removed or deferred from the audit plan and, where appropriate, will be considered for inclusion in future audit plans as part of the overall risk assessment completed during the annual audit planning process. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits:
· Early Help Services.
· Information Governance (Subject Access Request and Freedom of Information Reporting Arrangements).
5. Internal Audit Performance
5.1 In addition to the annual assessment of internal audit effectiveness against Public Sector Internal Audit Standards (PSIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
|
Quality
|
Annual Audit Plan agreed by Audit Committee |
By end April |
G |
2022/23 Audit Plan approved by Audit & Standards Committee on 19 April 2022 |
|
|
Annual Audit Report and Opinion
|
By end July |
G |
2021/22 Annual Report and Opinion approved by Audit Committee on 28 June 2022 |
|
|
|
Customer Satisfaction Levels |
90% satisfied
|
G |
100% |
|
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
25% |
G |
24% |
|
|
Compliance with Professional Standards |
Public Sector Internal Audit Standards |
Conforms |
G
|
January 2018 – External assessment by the South-West Audit Partnership gave an opinion of ‘Generally Conforms’ – the highest of three possible rankings
Apr 2022 - Updated self-assessment against the standards within the PSIAS underway and preparations for the full independent external assessment in progress.
June 2022 – Internal quality review identified no major areas of non-conformance. |
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified |
|
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
A |
94.7% for high priority agreed actions (see above) |
|
|
Our staff |
Professionally Qualified/Accredited (Includes part-qualified staff and those undertaking professional training) |
80% |
G |
91% |
|
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |