|
Planned Audit Reviews |
|
Outline Objective |
|
|
Governance, People & Resources |
|
|
To review the processes and key controls relating to the accounts receivable system, including those in place for ensuring the accuracy of customer details, completeness, accuracy and timeliness of invoicing, recording and matching payments to invoices, and debt recovery. |
|
|
Business Rates (including 2023 Revaluation) |
To provide assurance that controls over business rate revaluation and collection are effective including billing, collection, recovery and reliefs. |
|
Council Tax |
To provide assurance that controls over council tax collection are effective, including billing, collection, recovery and the award of discounts. |
|
Revenue Budget Management |
A review of the Council’s budget management arrangements, to include an assessment of the extent to which planned savings are being delivered. |
|
Payroll |
To review controls in relation to the staff payment system, including those relating to payroll deductions, starters, leavers, temporary and permanent payments and variations of pay. |
|
Off Payroll Payments |
A review of the controls around appointing consultants and other individuals who are paid by invoice, including an assessment of compliance with IR35. |
|
Corporate Governance |
A review of the corporate governance controls, including those around ensuring financial sustainability. |
|
Risk Management |
This review will provide assurance over the effectiveness of the Council’s Risk Framework, building upon audit work completed in 2022/23. |
|
Procurement Contract Standing Orders |
Regulatory changes will require changes to the Council’s Procurement Contract Standing Orders. This review will review whether guidance and policies reflect these changes and appropriate arrangements are in place to help ensure compliance with them. |
|
Information Governance (Subject Access Request (SAR) and Freedom of Information (FOI) Reporting Arrangements) |
This audit will seek to provide assurance that controls are in place to allow the Authority to respond to all FOI and SAR requests in a timely manner and that there are sufficient reporting and governance processes in place to monitor and manage performance. |
|
Recovery and Resilience (including Cyber Securitty) Arrangements |
This audit will review the key controls operating to ensure that Council arrangements are resilient and robust in the event of a cyber attack or other technology-related outage. The audit will also seek assurance over controls to allow the Authority to quickly recover from any technology-related disaster, focussing on corporate systems (supported by IT&D) as well as those procured and managed within departments. |
|
Robotics (Governance Arrangements) |
Robotic Process Automation (RPA) is a form of business process automation that allows a user to define a set of instructions for a robot to perform automatically, often repeating the task quickly. The review will evaluate the effectiveness of the controls to govern the use of Robotics within the Authority, including review of the controls to ensure the accuracy of all data processed by 'robots' and ensuring appropriate failure reports are built into the decision making routines. |
|
Patch Management |
We will review the controls in place to support effective patch management ensuring that patches and system updates are tested prior to being applied and that patches are applied in a timely manner. |
|
Replacement of Back Office Systems |
Provide independent advice, support and challenge on risk, control, probity and governance issues in respect of this programme, including the provision of post go-live activity as agreed with the Board. |
|
Performance Development Plans’s and 121’s follow-up |
To follow up on the previous audit which concluded Partial Assurance. |
|
Working Time Directive follow-up |
To follow up on the previous audit which concluded Partial Assurance. |
|
Health & Safety follow-up |
To follow up on the previous audit which concluded Partial Assurance. |
|
Declaration of Interests Staff follow-up |
To follow up on the previous audit which concluded Partial Assurance. |
|
Review Name |
Outline Objective |
|
Families, Children and Learning |
|
|
Early Help Services |
To review the revised arrangements for the delivery of Early Help Services. We will seek assurance that robust governance and processes are in place and that outcomes are as expected.
|
|
Complex Care Placements for Children |
To review arrangements in place for determining and resourcing suitable care placements, providing assurance that key controls are operating as intended. |
|
Unaccompanied Asylum Seekers (Children) |
To review arrangements in place where there are shared responsibilities with the Home office. Providing assurance that key controls are in place and operating effectively. |
|
School Meals Contract follow-up |
To follow up on the previous audit which concluded Partial Assurance. |
|
Allocation to include a sample of individual schools, general advice and the communication of guidance and best practice to schools. |
|
|
Review Name |
Outline Objective |
|
Health and Adult Social Care |
|
|
Transition from Children to Adults |
To review the arrangements in place over the process in place for the transition from children’s to adult’s services and provide assurance that key controls are operating as intended. |
|
The Debt Management Project in HASC is coming to its completion. This audit will review the effectiveness of the Council’s monitoring arrangements of debt and review the progress of the project. |
|
|
Life Events- Income |
To review the key controls around setting of fees and charges, receipt of income and budget management by the registrar and bereavement services. |
|
Adult Services Data Handling |
This audit will seek to ensure there is an appropriate Data Protection Impact Assessment (DPIA) in place and being complied with, appropriate permissions are sought, and data is encrypted in transit and deleted as appropriate. |
|
Carelink |
A review of the process and controls in place associated with the Carelink service, including service level agreements and recharging. |
|
Eclipse Application Control |
This application audit will review all major input, processing, and output controls, including access controls and the interfaces with any other systems and ensure appropriate system ownership and responsibilities are known. |
|
ASC Income & Assessments follow-up |
To follow up on the previous audit which concluded Partial Assurance. |
|
Review Name |
Outline Objective |
|
Environment, Economy and Culture |
|
|
A review of the process and controls in place associated with parking enforcement and fines, including income collection, banking and reconciliation. |
|
|
Accommodation Strategy and Workstyle Programme |
This audit will focus on the strategy and programme to reduce office occupancy, including security/access and health and safety arrangements. |
|
To follow up on the previous audit which concluded Partial Assurance. |
|
|
EU Interreg Grant – Blueprint for a Circular Economy |
To provide financial scrutiny and certification of the grant in accordance with the EU First Level Controller requirements. |
|
Bus Subsidy Grants |
To check and certify the grants in accordance with the requirements of the Department for Transport. |
|
Transport Capital Grants |
To check and certify the grant in accordance with the requirements of the Department for Transport. |
|
Outline Objective |
|
|
Housing, Neighbourhoods and Communities |
|
|
To review the processes and controls over the allocation of properties to residents on the Council’s waiting list. |
|
|
This audit will review the governance and key controls in this programme, including procurement of contractors. |
|
|
Business Continuity Planning |
To review the key controls and effectiveness of the process to ensure that the Council can continue to deliver key services in the event of a major incident which could prevent systems or staff operating as usual. |
|
This audit will review the governance and key controls in this programme to ensure that payments are appropriately made to support refugees arriving from Ukraine and residents in the City who have opened their homes to host refugees. |
|
|
Review the governance framework and provide assurance that the procurement of services is compliant and in accordance with Council strategy and controls are in place to monitor delivery to agreed timeframes. |
|
|
Housing Major and Planned Works |
To review the programme for major and planned works in light of regulatory changes following on from the Grenfell Tower enquiry and new legislation to tackle mould and damp in homes. |
|
Housing Repairs Works Management System and Supply Chain. |
We will continue to provide independent advice, support and challenge on risk, control, probity and governance issues in respect of this programme, including post go-live assurance activity. |
|
Housing Rents follow-up |
To follow up on the previous audit which concluded Partial Assurance. |
|
Seaside Homes follow-up |
To follow up on the previous audit which concluded Minimal Assurance. |
|
Home Upgrade Grant |
To check and certify the grant in accordance with the requirements of the Department for Business,Energy and Industrial Strategy |
|
Outline Objective |
|
|
Contingencies |
|
|
Anti-Fraud and Anti-Corruption |
To deliver the 2023/24 Fraud Response Plan for BHCC which includes work on fraud awareness, data analytics, cyber fraud, conflicts of interest, excessive personal use of council IT equipment and ad hoc investigations. |
|
Housing Tenancy Fraud |
To deliver investigations into housing tenancy fraud and illegal subletting to help ensure that housing is provided to those most in need.The CIPFA Fraud and Corruption Tracker places housing fraud as the largest threat to local authorities. We receive funding from the Housing Revenue Account to fund investigator resource. |
|
Emerging Risks |
A contingency budget to allow work to be undertaken on new risks and issues identified by Orbis IA and/or referred by management during the year. |
|
General Contingency |
A contingency budget to allow for effective management of the annual programme of work as the year progresses.. |
|
Review Name |
Outline Objective |
|
Internal Audit Service Management and Delivery |
|
|
Action Tracking |
Ongoing action tracking and reporting of agreed, high risk actions.
|
|
Annual Internal Audit Report and Opinion and Annual Governance Statement |
Creation of Annual Report and Opinion and assistance with preparation of the Annual Governance Statement. |
|
Audit and Fraud Management |
Overall management of all audit and counter fraud activity, including work allocation, work scheduling and Orbis Audit Manager meetings. |
|
Audit and Fraud Reporting |
Production of periodic reports to management and Audit Committee covering results of all audit and anti-fraud activity. |
|
Audit Committee and other Member Support |
Ongoing liaison with Members on internal audit matters and attending Audit Committee meetings and associated pre-meetings. |
|
Client Service Liaison |
Liaison with clients and departmental management teams throughout the year. |
|
Client Support and Advice |
Ad hoc advice, guidance and support on risk, internal control and governance matters provided to clients and services throughout the year. |
|
Orbis IA Developments |
Internal Audit and corporate fraud service developments, including quality improvement and ensuring compliance with Public Sector Internal Audit Standards. |
|
Organisational Management Support |
Attendance and ongoing support to organisational management meetings, e.g. Orbis Customer Board, Information Governance Board, Orbis Customer Board, Corporate Health and Safety meetings. |
|
Strategy and Annual Audit Planning |
Development and production of the Internal Audit Strategy and Annual Audit Plan, including consultation with management and Members. |
|
System Development and Administration |
Development and administration of Audit and Fraud Management systems. |
|
Other Auditable Areas Identified During the Audit Planning Process These are potential audits that could be drawn into the 2023/24 annual programme of work on a risk-basis should other audits be postponed or deferred, or should available contingency time allow for it. |
|
Housing Void Properties |
|
Health Protection Review |
|
Educational Disadvantage |
|
Out of Area Residential Rehabilitation |
|
Digital Data Preservation |
|
Allocation of School Places |
|
Microsoft cloud environment - Governance Review |
|
Active Directory/Identity Management (incl 3rd party) |
|
Data Breach Management |
|
Supplier Failure |
|
Apprenticeships |
|
Childrens’ Social Care Case Management |
|
Federation Governance Arrangements |
|
Planned Maintenance - Property Maintenance Budget |
|
Events Management |
|
City Clean Modernisation Programme |
|
Departmental Transport Service |
|
Sports Leisure Facilities |