Internal Audit and Counter Fraud

Quarter 1 Progress Report 2023/24

 

 

CONTENTS

1.    Summary of Completed Audits

2.    Counter Fraud and Investigation Activities

3.    Action Tracking

4.    Amendments to the Audit Plan

5.    Internal Audit Performance

 

 

 

 

 

 

 

 


 

1.    Summary of Completed Audits

Accounts Payable

1.1         The Accounts Payable process uses both the Authority Purchasing and Authority Financials (Creditors) modules of the Civica Financials application. Supporting documentation is scanned and retained using the IDOX system. Creditor transactions include supplier invoices, social care payments and periodic invoice payments. During the period 1st April 2022 to November 2022 there were a total of 482,684 creditor transactions totalling almost £367m.

1.2         This review was carried forward from the 2022/23 Audit Plan.

1.3         The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:

·                     Orders are only raised for goods, works and services that are needed by the council.

·                     Invoices are only paid for goods works and services that are needed by the council.

·                     All payments are made to the correct supplier, for the correct amount, at the right time and only for goods, works or services ordered and received satisfactorily by the council.

·                     Only vendors that meet the needs of the council, and that do not already exist in the accounting system, are set up and their details are maintained accurately.

·                     Transactions in the Accounts Payable system are completely and accurately transferred to, and reflected in, the General Ledger.

1.4         We were able to provide an opinion of Reasonable Assurance over the controls operating in this area. A sample of BACS payment runs and the process for setting up new creditors were reviewed, and we found expected controls in place and operating effectively. Where purchase orders were raised, sample testing showed that they were appropriately approved, and a separation of duties was evidenced. Our review of invoices indicated that controls in place to ensure that the payment was correctly made and that goods had been received, were effective. Reconciliations are completed regularly with variances investigated and escalated appropriately.

1.5         However, some further opportunities to strengthen the control environment were identified. These included the need to:

·         Require officers across services to actively reduce raising retrospective purchase orders.

·         Improve processing of invoices to reduce late payments.

·         Review the urgent payment process to further reduce risk of duplicate payments.

·         Ensure verification checks for changes to supplier bank accounts are documented.

 

1.6         A formal action plan to address the findings of this review has been agreed with management.

 

Procurement of IT Systems

1.7         The procurement of IT Systems often forms part of major transformation projects. The emergence of cloud-based systems also means it is easier than ever for services and departments to procure systems which can store and process significant amounts of council information.

1.8         This review was carried forward from the 2022/23 Audit Plan.

 

1.9         The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:

·                     Governance arrangements are in place to ensure that all systems and/or applications are subject to appropriate review by IT&D to ensure they meet council standards.

·                     There are clear and documented processes and requirements for staff procuring and using new IT systems and/or applications.

·                     Council data is held in accordance with relevant legislation with data sufficiently protected by the system provider.

 

1.10      We were able to provide an opinion of Reasonable Assurance over the controls in place. We found that IT&D work proactively and reactively with staff to provide guidance and support to services looking to procure and utilise a new piece of software, including the undertaking of risk assessments of the new system, which advises on areas for improvement prior to implementation. These risks assessments also help to ensure that council data is being stored appropriately and complies with relevant data protection legislation. Technical controls were also present to prevent staff from installing systems onto council devices without the involvement of IT&D.

 

1.11      However, some further opportunities to strengthen the control environment were identified. These included:

 

·                     Ensuring an update of training and guidance for P-card holders in relation to the procurement of new software and/or systems and that IT&D oversight is obtained prior to any purchase.

·                     Updating intranet guidance in relation to the procurement of IT systems. This should be changed to reflect that the requirements also extend to ‘free-to-use’ software, as well as providing a definition as to what Cloud/’Software as a Service’ systems are.

 

1.12      An action plan to address the findings of the review has been agreed with management.

 

Childrens Data Handling

 

1.13      The Families, Children & Learning (FCL) directorate have various tools including mobile phones available to them, which could be used to obtain digital media relating to service users, including audio/video recordings and photographs. Data handling and data integrity controls are important to ensure that data is managed appropriately in a secure environment and is accurate and reliable.

1.14      This review was carried forward from the 2022/23 Audit Plan.

 

1.15      The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:

 

·                     Clear roles and responsibilities are in place to ensure the accountability for data access.

·                     There are documented retention and disposal procedures to include provision for permanent preservation of archival material and secure disposal of information at the end of its life.

·                     Processes and procedures are in place to ensure information is secure from accidental alteration or erasure, and the accuracy and reliability of data provided to management that will be used to inform decisions.

·                     Clear policy, guidance and training is available to council officers in relation to the information/data handling of personal and/or sensitive information and keeping responsibilities through learning or awareness programmes and guidance.

 

1.16      As a result of our work, we were able to provide an opinion of Reasonable Assurance in this area. Staff are required to undertake system, as well as information governance training, before being given access to the FCL case management system, Eclipse. Appropriate policies and guidance in relation to data protection are in place, with a Children’s Services privacy notice available on the council website, as well as a clear data breach policy that is readily available to staff. Robust processes were found to be in place around the production of management information, with daily data quality reports run and checked to ensure the data’s integrity, accuracy, and reliability.

 

1.17      Some areas were identified to further improve overall controls, this included measures to:

 

·                     Provide guidance to FCL staff setting out their responsibilities and requirements when handling and distributing photos and videos, including how to manage geolocation data.

·                     Update the retention schedule to include reference to photos, videos, and audio recordings.

·                     Ensure guidance is made available on the correct disposal of data within FCL, as well as designating responsibility to an officer within FCL for ensuring that data is deleted in accordance with the retention schedule.

 

1.18      A formal action plan to address the findings of the review has been agreed with management.

 

Business Rates

1.19      Business rates are a property tax based on the rateable value of each non-domestic property which is determined by the Valuation Office Agency.

1.20      The Business Rates Retention Scheme has been in place since 2013/14 and sees the council keep 49% of the net amount raised locally. Factors such as the level of successful appeals, additions and deletions to the rating list, and application of available reliefs impact the total income retained.

1.21      For 2022/23, the total business rates income retained by the council (including Section 31 compensation grants) was approximately £71.4m.

1.22      This review was carried forward from the 2022/23 Audit Plan.

 

1.23      The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:

·                     The forecast/modelling of business rates retention for 2022/23 and ahead into 2023/24 is robust;

·                     All hereditaments subject to locally collectable non-domestic rates are recorded and these records are reconciled with the Valuation List;

·                     The annual and revised billing process is effectively carried out, planned, and documented;

·                     Amounts due for each chargeable property have been correctly calculated and promptly demanded;

·                     Arrears are dealt with efficiently and appropriately; write-offs are valid and authorised; and all refunds are approved and accurate;

 

1.24      We were able to provide an opinion of Reasonable Assurance over the controls in place. We found that regular reconciliations took place of the Business Rates system to both the Valuation Office Agency valuation list and the financial system. Annual bills sent to rate payers were found to be comprehensive and accurate. Suitable debt recovery processes are in place, with the reason for write-offs being recorded, and appropriate and timeous authorisation taking place. Recent efforts have seen the previously large backlog of work reduce to more manageable levels, with work continuing to tackle outstanding work.

1.25      However, some further opportunities to strengthen the control environment were identified and include:

·                     Increasing and improving monitoring and review of discounts, to ensure they are valid.

·                     Resuming quality checks for general work.

·                     Resolving internal transfers for the payment of council held Business Rates accounts.

·                    Improve monitoring of collection rates and refine the forecasting of income and management and calculation of bad debt.

 

1.26      A formal action plan to address the findings of the review has been agreed with management.

Carbon Reduction Programme

1.27      In December 2018, Brighton & Hove City Council declared a climate and biodiversity emergency with cross-party commitment.  A target was set of achieving carbon neutrality for the city by 2030 and ongoing climate action work was brought together in the 2030 Carbon Neutral Programme, one element of which is the Carbon Reduction Programme.

1.28      This review was carried forward from the 2022/23 Audit Plan.

 

1.29      The purpose of this audit was to provide assurance that appropriate measures are in place to help achieve the council’s aim of carbon neutrality, in relation to governance and programme management, resourcing, monitoring, and reporting.  In undertaking this work we reviewed the arrangements in place specifically relating to the Carbon Reduction Programme, recognising that the programme is constantly evolving and developing in order to meet legislative requirements, council priorities and the needs of its residents.

1.30      In completing this work, we provided an opinion of Reasonable Assurance over the programme controls in place.  It should be noted that we did not review or provide assurance over the effectiveness of the action being taken in order to reduce carbon output and achieve carbon neutrality, as these would not have been realised or measurable at the time of the audit.

1.31       Whilst we were able to provide reasonable assurance we did also identify opportunities to further strengthen the controls in place, which included the need to:

·                     Evaluate the output of the carbon modelling exercise (decarbonisation pathways study) to identify costs, resources and initiatives that could be undertaken by the council and feed into this programme for future years.  Recognising that the programme’s activities and resourcing matched the agreed and available funding at the time of our review.

·                     Update the terms of reference for the Officer Steering Group (OSG) to further clarify the programme structure, roles, and responsibilities.

·                     Ensure processes are in place to assess and monitor the progress on climate-related projects and programmes, including risks, mitigations, and outputs.

·                     Establish a risk, assumptions, issues, and dependencies (RAID) log/ risk register for the programme, to ensure key risks to the achievement of its objectives are known and appropriate mitigations and escalations are in place.

·                     Ensure plans and processes are in place to include and consider climate related factors that may have an impact on key council decisions and service delivery.

1.32      A formal action plan to address the findings of the review has been agreed with management.

Housing Temporary Accommodation (follow up)

1.33      The council has a legal obligation to provide housing for some clients who present as homeless, are in overcrowded and poor housing and those in receipt of social care services. If the council has determined that clients meet the criteria for longer term housing, they may be offered temporary accommodation until a longer-term home can be found.

1.34      This review was carried forward from the 2022/23 Audit Plan.

1.35      The purpose of this audit was to review progress on agreed actions, in relation to the previous Temporary Accommodation audit in 2018/19 that concluded Partial Assurance and the follow up review in 2020/21 that concluded Minimal Assurance.

1.36      There has been significant financial pressure on this service in recent years with the previous audit findings related to management of the budget and tenancy arrears.

1.37      We are pleased to report that we have now been able to provide an opinion of Reasonable Assurance and that significant progress had taken place since our previous review. The commencement of the Homeless Transformation Project with a dedicated corporate project resource, has resulted in good progress in implementing previously agreed actions.

1.38      Some opportunities to further improve the control environment still however exist, including the need to:

·                     Improve the collection rate methodology to ensure reporting is accurate.

·                     Ensure there is a sustainable process to update data required to aid budget monitoring and forecasting.

·                     Embed processes that identify and manage tenancy arrears.

 

1.39      A formal action plan has been developed and agreed with management to address these findings.

Housing Repairs Service (follow up)

1.40      The council has a legal duty to repair and maintain housing stock, which currently includes approximately 11,550 tenanted homes and 2,900 leasehold properties. Services are also provided to properties managed by Brighton and Hove Seaside Community Homes and properties leased by the council to provide temporary accommodation. Since April 2020 the responsive repairs and empty property refurbishment have been transferred from a contractor to a council run in-house service.

1.41      This review was carried forward from the 2022/23 Audit Plan.

 

1.42      The purpose of this audit was to review progress on agreed actions, in relation to the previous Housing Repairs Service audit in October 2020 that concluded Partial Assurance.

 

1.43      It is important to note that at the time of the previous audit, Covid-19 pandemic restrictions were having a considerable impact on the ability to deliver this new service.

 

1.44      We are pleased to report that our follow up review found that significant progress had been made, and we were able to provide Reasonable Assurance over the control environment.

 

1.45      Although clear improvement has been made there are still opportunities to further improve the control environment, including a need to:

 

·                  Effectively plan competitive procurement processes that attract contractors who are able to deliver required services, thus avoiding direct awards and waivers.

·                  Ensure any agreed contract extensions are signed before contracts expire, to avoid financial exposure.

·                  Prioritise and reduce the backlog of housing repairs.

 

1.46      A formal action plan has been developed and agreed with management to address these findings.

Working Time Directive (follow up)

1.47      The Working Time Regulations (1998) implement the European Working Time Directive into UK law. The council has a statutory duty to comply with the requirements. The regulations set down entitlements of employees to maximum working hours, rest periods, rest breaks whilst at work, annual leave and working arrangement for night workers. For most employees there is a maximum working week of 48 hours, averaged over 17 weeks. Some employees may agree with their employer to work in excess of 48 hours if they complete an opt out agreement.

1.48      A previous audit was undertaken in response to a finding relating to excessive hours, from the investigation into a fatal accident that took place at Blatchington Mill school. The audit concluded Partial Assurance in August 2019. Actions agreed related to the process of reviewing, reporting, and monitoring excessive hours worked.

1.49      The purpose of this subsequent audit was to follow up on our previous follow up review undertaken in December 2020 that only concluded Partial Assurance.

1.50      We are pleased to report that we are now able to provide an opinion of Reasonable Assurance. We found that regular monitoring of excessive hours is being undertaken across all Directorates. Where it is identified that staff are working in excess of 48 hours over 17 weeks, there is a process in place to review and ensure opt out forms and risk assessments have been completed.

1.51      We had one repeated finding in the report that related to the reporting of non-compliance, as our review found the documentation (risk assessment and opt out agreement) was not always captured on PIER. However, we do note that a system issue had meant that managers were finding some documents were overwritten, leading to an over reporting of non-compliance. An action has been agreed to address this issue.

Schools

 

1.52      We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:

·                    Governance structures are in place and operate to ensure there was independent oversight and challenge by the Governing Body;

·                    Decision making is transparent, well documented, and free from bias;

·                    The school is able to operate within its budget through effective financial planning;

·                    Unauthorised or inappropriate people do not have access to pupils, systems, or the site;

·                    Staff are paid in accordance with the schools pay policy;

·                    Expenditure is controlled and funds used for an educational purpose;

·                    The school ensures value for money on contracts and larger purchases;

·                    All voluntary funds are held securely and used in accordance with the agreed purpose.

 

1.53      At the time of writing, school audits continue to be undertaken under remote working arrangements.

1.54      Two school audits were finalised in quarter 1. The table below shows a summary of the schools we audited, together with the final level of assurance reported to them.

Name of School

Audit Opinion

Cardinal Newman School

Reasonable Assurance

Carden Nursery and Primary School

Reasonable Assurance

 

1.55      We aim to undertake follow-up audits at all schools with Minimal Assurance opinions. For Partial Assurance opinions we will write to the Chair of Governors to obtain confirmation that recommendations have been implemented.

 

1.56      The core financial role of the LA is to set and monitor a local framework, including provision of budgetary information, provision of a financial oversight and ultimately intervening where schools are causing financial concerns. Schools (the governing body and the Headteacher) are required to manage their delegated budget effectively ensuring the school meets all its statutory obligations, and through the Headteacher comply with the LA’s Financial Regulations and Standing Orders.

Grant Certifications and Non-Opinion Work

 

EU Grant – Blueprint for a Circular Economy (Claim 6)

 

1.57      This is a European Union (EU) Interreg project that requires grant certification. The total value of the project is EUR 402,322, with 69% funded by the EU.  The funding has been used to grow and embed circular principles into the wider community by supporting the growth of circular business models and practices across existing and new emerging social enterprises based in the city.

1.58      No significant issues were identified in the grant certification.

CIPFA Financial Management Code 2022-23

1.59      The CIPFA Financial Management Code sets the standard of financial management for local authorities.  It is designed to support effective practice in financial management and to assist local authorities in demonstrating their budgetary sustainability. 

1.60      Internal Audit were asked by management to review the CIPFA Financial Management Code self-assessment and provide advice and challenge on the 2022/23 return.  As part of this review, we sought to ensure that sufficient evidence was provided in order to support the self-assessment and areas for improvement were robust.  Given its advisory nature this was a non-opinion piece of work.

1.61      Overall, we were reasonably assured that sufficient evidence had been obtained to support the self-assessment and noted that areas for improvement, in order to meet the standards, had been identified and documented.  We reported to management further opportunities that could be implemented in order to strengthen the contents of the return and action plan.

Enterprise Resource Planning (ERP) Programme

1.62      In July 2022, Policy and Resources Committee agreed to commence procurement of a corporate Enterprise Resource Planning (ERP) system to replace the current Finance and HR/Payroll systems which have been used by the council for 16 and 12 years respectively.

1.63      Internal Audit have been attending Programme Board meetings to provide independent and objective ad-hoc advice, guidance, and challenge. 

1.64      A package of deliverable internal audit work has been agreed with the Board, designed to provide the Board with assurance when making critical decisions, including the provision of assurance over the design of the control environment within the new system. 

1.65      We will continue to update the Committee on our work as the programme progresses.

Housing Repairs Works Management System Replacement Programme

1.66      It was agreed by the Housing & New Homes Committee and the Policy, Resources & Growth Committee in 2018 to bring the responsive repairs and empty property refurbishments service in house on 1st April 2020. This service includes emergency repairs, and the procurement of suppliers to provide specialist works, where the in-house team do not have the skills to complete them.

1.67      We have agreed, to attend programme board meetings and provide ad-hoc advice, support and challenge as appropriate to support the procurement of a Works Management System that works alongside and interfaces with the NEC Housing Management System.

1.68      Whilst no specific internal audit work has yet been required of the new system, internal audit work will be provided to support the programme as and when appropriate, in agreement with the Board.

2.    Proactive Counter Fraud Work

Counter Fraud Activity

2.1       Internal Audit have been liaising with the relevant services to provide advice and support in processing the matches received as part of the National Fraud initiative.

 

2.2       The team continue to monitor intel alerts and share information with relevant services when appropriate.

 

Summary of Completed Investigations

Theft from Hove Library Safe

2.3       Internal Audit conducted a site visit following an allegation of a theft totalling £135.81 from the safe at Hove Library. The visit identified that controls relating to access to the safe keys were inadequate and increased the risk of theft. Following the visit, the service implemented controls to increase security around the storage of the safe keys and cashing up procedures. The theft was reported to the police, but no further action was taken.

 

Housing Tenancy Fraud

2.4         The Tenancy Fraud Team continue to investigate allegations of potential subletting and as a result, two properties have been returned to stock during the quarter.

Council Tax Fraud

2.5         The Tenancy Fraud Team also continue to investigate allegations of false claims for Single Person Discount (SPD) and Council Tax Reduction (CTR), which has resulted in five SPD’s being stopped and one claim for CTR being cancelled.

 

2.6         The results for the 2023/24 financial year, to the end of quarter 1, are summarised in the table below:

 

Fraud Area

Number

Value of Potential Saving (£)

Social Housing Recovered

1

93,000

Succession Prevented

1

93,000

Housing Applications Withdrawn

0

0

Homeless Applications Withdrawn

0

0

RTB Withdrawn

0

0

SPD Removed

5

4,140

CTRS

1

440

Business Rates

0

0

           Total

190,580

 

3.         Action Tracking

3.1       All high priority actions agreed with management as part of individual audit reviews are subject to action tracking. When high priority actions become due, we seek confirmation from Service management that actions have been implemented. As at the end of quarter 3, 95% of high priority actions due have been confirmed as implemented by management.

 

3.2       There was one high priority action which was overdue at the end of Q1. Details are provided below.

 

Details of Audit Issue

Due date

Revised date

Agreed Action

Declarations of Interest, Gifts & Hospitality - Officers

Production of reports that allow review of declarations by Executive Directors had been suspended, due to issues with producing accurate and timely reports from PIER.

31/05/23

N/A

The type and frequency of reports provided to Executive Directors will be considered by management to ensure efficiency and effectiveness in conjunction with other relevant agreed actions arising from this audit review.

 

3.3       A follow-up review of the Declaration of Interests, Gifts and Hospitality – Officers is scheduled in the coming year, where we will seek to assess the level of progress made against the actions agreed.

3.4       A number of high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit & Standards Committee.

4.         Amendments to the Audit Plan

4.1       In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following audits have been added to the audit plan this quarter:

Planned Audit

Rationale for Addition

Direct Payments

An audit of Direct Payments is required to provide assurance that effective control arrangements are in place and actions agreed in previous audits are implemented. The addition of this audit for 2023/24 was also mentioned in the Internal Audit Annual Report and Opinion, presented to the June Audit and Standards Committee.

 

4.2       In order to allow these additional audits to take place, the following audits have been removed or deferred from the audit plan and, where appropriate, will be considered for inclusion in future audit plans as part of the overall risk assessment completed during the annual audit planning process. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits:

Planned Audit

Rationale for Deletion

Seaside Homes

Defer to 2024/25 as the service is currently reviewing future options.

 

5.         Internal Audit Performance

5.1       In addition to the annual assessment of internal audit effectiveness against Public Sector Internal Audit Standards (PSIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:

Aspect of Service

Orbis IA Performance Indicator

Target

RAG Score

Actual

Performance

 

Quality

 

Annual Audit Plan agreed by Audit Committee

By end April

G

2023/24 Internal Audit Strategy and Annual Audit Plan formally approved by Audit and Standards Committee 18th April 2023.

 

 

Annual Audit Report and Opinion

 

By end July

G

2022/23 Annual Report and Opinion presented to Audit and Standards Committee 27th June 2023

 

Customer Satisfaction Levels

90% satisfied.

 

G

100%

 

Productivity and Process Efficiency

Audit Plan – completion to draft report stage

22.5%

G

34.5%

 

Compliance with Professional Standards

Public Sector Internal Audit Standards

Conforms

G

 

Dec 2022 - External Quality Assurance completed by the Institute of Internal Auditors (IIA).  Orbis Internal Audit assessed as achieving the highest level of conformance available against professional standards with no areas of non-compliance identified, and therefore no formal recommendations for improvement arising. In summary the service was assessed as:

 

•           Excellent in:

Reflection of the Standards

Focus on performance, risk and adding value.

•           Good in:

Operating with efficiency

Quality Assurance and Improvement Programme

•           Satisfactory in:

Coordinating and maximising assurance

 

 

Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures and Investigations Act

Conforms

G

 

No evidence of non-compliance identified

 

Outcome and degree of influence

Implementation of management actions agreed in response to audit findings

95% for high priority agreed actions

G

95.2% for high priority agreed actions (see above)

 

Our staff

Professionally Qualified/Accredited (Includes part-qualified staff and those undertaking professional training)

80%

G

88%

 

 

Audit Opinions and Definitions

Opinion

Definition

Substantial Assurance

Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives.

Reasonable Assurance

Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives.

Partial Assurance

There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk.

Minimal Assurance

Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives.