Internal Audit and Counter Fraud
Quarter 2 Progress Report 2022/23
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Health and Safety - Partial Assurance
1.1 The Council has a statutory duty to secure, so far as reasonably practicable, the health and safety of employees and others who may be affected by the Council’s activities. The Health and Safety Executive (HSE) has developed a framework (HSG65), to help organisations understand the actions they may need to take to comply with legislation.
1.2 The purpose of this audit was to provide independent assurance on the adequacy of the governance and controls in place to manage health and safety across the Council.
1.3 In providing an audit opinion of Partial Assurance, we found that further improvements are required to ensure that the Health and Safety processes and controls are robust. These include the following:
· Developing and approving a formal Health and Safety Improvement Plan and tracking its performance;
· Developing corporate key performance indicators for health and safety that are regularly measured and reported;
· Reviewing, updating, and communicating key information (including responsibilities and key contacts), guidance and mandatory training for staff; and,
· Reinstating regular formal reporting to members on health and safety matters.
1.4 Following the audit, we formally agreed 8 actions with management to address the issues highlighted in the report, as follows:
· The Executive Leadership Team will review and approve the Health and Safety Improvement Plan and performance will be tracked via the Performance Management Framework;
· Key performance indicators will be developed and regularly reported;
· All documentation and guidance will be risk profiled and reviewed as prioritised or where there is legislative change;
· Health and safety competencies will be aligned to role responsibilities and will inform future training;
· Communication pathways will be reviewed as part of the improvement plan;
· The online incident reporting system will be reviewed;
· Directorate Health and Safety policies will set out the escalation process for serious incidents; and,
· Health and safety annual reports to members will recommence.
1.5 For all Partial Assurance audits, we will plan for a formal follow-up review to report whether the agreed actions are implemented and have addressed the issues raised.
Payroll – Reasonable Assurance (2021/22)
1.6 This is a key financial system and expenditure on staff accounts for a significant portion of the Council’s budget. It is therefore essential that effective controls are in place to ensure the integrity and accuracy of the system.
1.7 The purpose of this audit was to provide assurance that payments (including temporary payments) to staff are genuine, calculated accurately, paid on time, and are appropriately authorised. We concluded an opinion of Reasonable Assurance over the controls in place.
1.8 Our testing showed that controls over starters, leavers, and changes to pay were operating as expected. We also found that appropriate segregation of duties and authorisation is in place for BACS payments.
1.9 At the time of the audit, capacity issues within the service meant that officers were unable to provide us with all of the requested information and as a result, we were unable to provide assurance that salary overpayments are being processed correctly. In addition, we were also not provided with evidence that the service is completing checklists of payslips verified each month. These areas will be reviewed in the next planned audit of Payroll.
· The need to clear the significant backlog of work in the team’s email inbox;
· Addressing a number of historical variances and queries from payments made to third parties (HMRC, LGPS & Unions) that remain outstanding;
· Reviewing and resolving a number of historical cases where the payroll system and general ledger do not match; and,
· Ensuring that line managers are adequately checking mileage claims, particularly to confirm that staff are licenced and insured.
1.11 Appropriate actions to address all of the above areas have been agreed with management, as part of a formal action plan.
Care Payments – Reasonable Assurance (2021/22)
1.12 This audit was undertaken to obtain assurance on the operation of key controls in two social care payment systems, fostering (in-house and independent placements) and residential care. Home Care was excluded from this review and has been covered in previous audits.
1.13 We concluded an opinion of Reasonable Assurance over the controls in place as we found that most controls were in place and operating as expected. Payments made were in accordance with pay rates and approved care plans.
1.14 Some opportunities for further improvement were identified, and included the following:
· Standardising the processes for setting up and paying providers for shared funding care packages with the Clinical Commissioning Groups (CCG) to help ensure prompt payment;
· Strengthening authorisation controls within the Specialist Community Disability Service to ensure invoices agree to an approved care plan before payment; and,
· Reviewing and improving authorisation controls within the payment function of Care First for officers in Business Operations.
1.15 Following the audit, a formal action plan to implement further improvements was agreed with management.
Revenue Budget Management – Reasonable Assurance (2021/22)
1.16 Budget management processes are a key control to ensure that the Council aligns available financial resources to corporate priorities. There is increasing budget pressure on the Council which makes the budget setting process challenging.
1.17 The purpose of the audit was to provide assurance that budgets are accurately set on the available information at the time, approved within the agreed timescales, and that appropriate budget monitoring takes place that highlights variances and pressures so effective remedial action can be taken. The audit also looked at the progress of planned savings target of £10.687m for 2021/22.
1.18 We concluded an opinion of Reasonable Assurance. Whilst controls are generally good, we found that further improvements could be made and some of the issues highlighted are repeated from previous audits, these included;
· Increased focus on income variances within budget monitoring and considering appropriate mitigations;
· Developing a consistent approach to retaining supporting documentation for virements; and,
· Reviewing and updating training and guidance provided to staff.
1.19 Appropriate actions have been agreed with management in a formal action plan.
Risk Management – Substantial Assurance
1.20 Risk management is a process that facilitates the identification, understanding and management of risks that the Council and individual services face. The Council uses risk management software for strategic risks using the three lines of defence model. Directorate risks are recorded locally by directorates as agreed by the Executive Leadership Team.
1.21 Based on the work carried out, we have been able to provide substantial assurance over the adequacy and effectiveness of risk management arrangements.
1.22 We found that the risk management process following the Risk Management Framework was robust and managers were well sighted on strategic and directorate risk. New emerging risks are identified and there is an appropriate escalation process in place. Members receive detailed reports at regular intervals.
· Formally reviewing and approving the Risk Management Framework/Policy with the Executive Leadership Team annually;
· Developing a statement on the Council’s risk appetite; and,
· Ensuring that all mitigating actions on directorate risk registers have target implementation dates.
1.24 Formal actions were agreed with management in relation to all of the above areas.
Treasury Management – Substantial Assurance
1.25 Treasury management is a key financial system and refers to the management of the Council’s cash flows, borrowing and investments and their associated risks.
1.26 The audit sought to provide assurance that adequate controls and procedures are in place to safeguard funds and deliver the approved strategy. This included a review of cash flow forecasting, segregation of duties, financial investments and borrowings and the use of treasury advisors.
1.27 We concluded Substantial Assurance for Treasury Management as we found that the expected controls were in place and operating effectively.
1.28 We found that clear guidance is provided on key Treasury Management activities and performance against the strategy is monitored and reported to the Policy and Resources Committee. Our sample testing showed that investments and borrowings are made in line with the strategy and appropriately reviewed and authorised.
1.29 We were able to observe that a process is in place to monitor all interest and principal repayments to ensure they are appropriately authorised and made on time. Testing also showed that regular independent reconciliations are completed by officers.
1.30 No issues or actions were identified during this audit review.
Schools
1.31 We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:
· Governance structures are in place and operate to ensure there was independent oversight and challenge by the Governing Body;
· Decision making is transparent, well documented, and free from bias;
· The school is able to operate within its budget through effective financial planning;
· Unauthorised or inappropriate people do not have access to pupils, systems, or the site;
· Staff are paid in accordance with the schools pay policy;
· Expenditure is controlled and funds used for an educational purpose;
· All unofficial funds are held securely and used in accordance with their agreed purpose; and,
· Security arrangements keep data and assets secure and are in accordance with data protection legislation.
1.32 At the time of writing, school audits continue to be undertaken under remote working arrangements.
1.33 No school audits were finalised in quarter 2, but one is in progress at the time of writing and will be reported in the Q3 progress report.
1.34 The core financial role of the LA is to set and monitor a local framework including provision of budgetary information, provision of a financial oversight and ultimately intervening where schools are causing financial concerns. Schools (the governing body and the Headteacher) are required to manage their delegated budget effectively ensuring the school meets all its statutory obligations, and through the Headteacher comply with the LA’s Financial Regulations and Standing Orders.
EU Grant – Solarise (Claim 8)
1.35 This is a European Union (EU) Interreg project that requires grant certification. The full title of the project is ‘Solar Adoption Rise in the 2 Seas’. The total value of the project is approximately EUR 320,686, with 60% funded by the EU. The funding has been used to support solar innovation projects at three council housing sites. This was the eighth claim on this project and the final claim for the project is expected later this financial year.
1.36 No significant issues were identified in the grant certification.
PHE – SOGU Universal Drug Treatment Grant
1.37 This is a new ringfenced revenue funding available to local authorities from Public Health England (PHE) for additional drug treatment to support crime and harm reduction activity. The amount of £519,103 was provided to the Council for 2021-22. The grant expenditure requires certification by Internal Audit.
1.38 No significant issues were identified in the grant certification.
DHSC Grant – Contain Outbreak Management Fund
1.39 This is a Covid-19 grant available to local authorities from the Department of Health and Social Care (DHSC) to support proactive containment and intervention measures. The amount of £8,885,584 was provided to the Council for 2020-21 and 2021-22. The grant expenditure requires certification by Internal Audit.
1.40 No significant issues were identified in the grant certification.
DHSC Grant – Test and Trace
1.41 This is a Covid-19 grant available to local authorities from the DHSC to support mitigation against the management of local outbreaks. The amount of £1,862,523 was provided to the Council for 2020-21. The grant expenditure requires certification by Internal Audit.
1.42 No significant issues were identified in the grant certification.
DHSC Grant – Test and Trace Support Payment
1.43 This is a Covid-19 grant available to local authorities from the DHSC. This grant was allocated to support financially vulnerable people who were required to self-isolate due to a COVID-19 infection. The amount of £2,942,540 was provided to the Council for 2020-21 and 2021-22. There was an underspend of £542,526 which was repaid to the funding authority. The grant expenditure requires certification by Internal Audit.
1.44 This was an addition to the audit plan as reported in the Q1 progress report.
1.45 No significant issues were identified in the grant certification.
DfT Grant – Bus Subsidy Transport (Revenue)
1.46 This is a ringfenced grant available to local authorities from the Department of Transport (DfT) to support the improvement of local bus services. The grant replaces the Bus Subsidy Operators Grant. The amount of £172,990 was provided to the Council for 2021-22. The grant expenditure requires certification by Internal Audit.
1.47 No significant issues were identified in the grant certification.
2. Proactive Counter Fraud Work
2.1 Internal Audit are currently working with services to ensure that the relevant data extracts are uploaded for the 2022 National Fraud Initiative (NFI) data matching exercise. The matches from the exercise will be available to review from 26 January 2023. The team continue to monitor intel alerts and share information with relevant services when appropriate.
Summary of Completed Investigations
Corruption Allegation
2.3 Advice was provided following an allegation from a service-user that adaptations completed on their property in 2015 were sub-standard and that Council officers had received unauthorised payments from the contractor. The review found no evidence to substantiate the allegation of wrongdoing and due to the historical nature of the allegation no further action was taken by Internal Audit. However, the service was advised to conduct a desktop review of work orders and completion statements.
False Representation
2.4 Advice was provided to the Parking Team following concerns of abuse of a ‘My Account’ by two residents when purchasing Visitor Parking Permits. The matter was subsequently managed by Parking and IT&D, and no further action was required by Internal Audit.
Misconduct
2.5 Advice was provided following concerns regarding misconduct by a member of school staff. HR colleagues and a Chair of Governors contacted Internal Audit seeking advice regarding the whistleblowing process and whilst advice was provided, but specific nature of the concerns did not fall within the remit of Internal Audit.
2.6 Following concerns being raised regarding covert surveillance by a member of staff, advice was also provided to a service relating to the legality of surveillance and the requirements of the Regulatory Investigatory Powers Act.
Adult Social Care
2.7 The team continue to support the Adult Social Care team with investigating a number of allegations of deprivation of capital and potential false statements to obtain direct payments.
Housing Tenancy & Local Taxation
2.7 In addition to the above, a key focus area remains housing tenancy fraud and Local Taxation.
3. Action Tracking
3.1 All high priority actions agreed with management as part of individual audit reviews are subject to action tracking. As at the end of quarter 2, 100 % of high priority actions due have been confirmed as implemented by management.
4. Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following grant certification has been added to the audit plan this quarter:
|
Planned Audit |
Rationale for Addition |
|
SOGU Universal Drug Treatment Grant
|
This grant was allocated to the Council to provide additional drug treatment to support crime and harm reduction activity. The grant expenditure requires certification by Internal Audit. |
4.2 For this additional review contingency days, included in the agreed audit plan, have been used.
5. Internal Audit Performance
5.1 In addition to the annual assessment of internal audit effectiveness against Public Sector Internal Audit Standards (PSIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
|
Quality
|
Annual Audit Plan agreed by Audit Committee |
By end April |
G |
2022/23 Audit Plan approved by Audit & Standards Committee on 19 April 2022 |
|
|
Annual Audit Report and Opinion
|
By end July |
G |
2021/22 Annual Report and Opinion approved by Audit Committee on 28 June 2022 |
|
|
|
Customer Satisfaction Levels |
90% satisfied
|
G |
100% |
|
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
45% |
G |
49% |
|
|
Compliance with Professional Standards |
Public Sector Internal Audit Standards |
Conforms |
G
|
January 2018 – External assessment by the South-West Audit Partnership gave an opinion of ‘Generally Conforms’ – the highest of three possible rankings
Apr 2022 - Updated self-assessment against the standards within the PSIAS underway and preparations for the full independent external assessment in progress.
June 2022 – Internal quality review identified no major areas of non-conformance. |
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified |
|
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
G |
100% for high priority agreed actions (see above) |
|
|
Our staff |
Professionally Qualified/Accredited (Includes part-qualified staff and those undertaking professional training) |
80% |
G |
91% |
|
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |