Appendix 2
Internal Audit and Counter Fraud
Quarter 4 Progress Report 2023/24
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Risk Management Actions – Implementation and Progress Reporting
1.1 Risk management is the identification, evaluation and prioritisation of risk, followed by the application of resources to minimise, monitor, and control the probability, impact, or to maximise the realisation of opportunities. At the Council risks are recorded and managed both within directorates and at a strategic level and are subject to review by Directorate Management Teams, the Executive Leadership Team and Council Committees, as appropriate.
1.2 The risk management framework was audited in 2022/23 and we concluded Substantial Assurance. The purpose of this audit was to review compliance with the framework with regards to the documentation and progression of identified actions, and to provide assurance that controls are in place to meet the following objectives:
· Actions identified in response to the Council’s strategic risks are implemented fully and timeously; and
· Strategic risk registers are updated regularly and provide clear communication to senior management, on the progress of actions. This would include where actions are implemented, in progress, have been delayed or need to be changed.
1.3 For this audit we focused on three of the Council’s risks captured on the strategic risk register:
· SR15: Not keeping children safe from harm and abuse;
· SR24: The council is unable to provide an effective welfare support response to households facing financial hardship; and
· SR38: Not taking effective action to improve our city’s resilience to the impacts of climate change and biodiversity loss.
1.4 We were able to provide an opinion of Substantial Assurance in this area as the narrative on the Strategic Risk Register of the progress of risk actions was found to be an accurate reflection of progress. Officers responsible for implementing actions understood their role and responsibilities in reviewing and updating progress of the risk action on a regular basis and in a timely manner, and they had oversight of this. Furthermore, the Executive Leadership Team (ELT) and Directorate Management Teams (DMTs) had oversight and could feed into this process in order to hold targeted discussions and to focus attention, for example, if the risk profile or identified risk action had changed.
1.5 We identified one area where further improvement could be made to help ensure risk actions are SMART (Specific, Measurable, Achievable, Relevant and Time-based) and aligned with Directorate Plans and an action has been agreed with management in this area.
Declaration of Interests, Gifts and Hospitality (Officers) Follow-up
1.6 Local authority employees are expected to always act in the best interests of the Council and to do so with integrity and professionalism. Officers of the Council are required to follow the Code of Conduct, which includes declaring any potential conflicts of interest and declaring gifts or hospitality offered to them during the course of their employment. Any declared conflicts of interest should be managed, and gifts and hospitality declined so that the Council ensures decision making is free from bias and corruption.
1.7 An audit of the Declaration of Interests, Gifts & Hospitality (Officers) was completed in 2022/23 and we provided an audit opinion of Partial Assurance. Due to the opinion given, we undertook a follow-up review of this audit to ascertain progress made in implementing the agreed actions.
1.8 Our review found that considerable progress had been made since the last audit with seven of the ten agreed actions being implemented. A further two actions had been partially implemented and the risk associated with these has been reduced from a medium to low. Therefore, we are able to give an improved opinion of Substantial Assurance.
1.9 A formal action plan to address these remaining two low risk findings has been agreed with management.
Unaccompanied Asylum Seekers (Children)
1.10 Unaccompanied Asylum-Seeking Children (UASC) are children and young people who are seeking asylum in the UK but have been separated from their parents or carers. The Home Office, under immigration laws, considers a UASC to be a person who is under 18 when the asylum application is submitted, is not being cared for by an adult who by law has responsibility to do so or has applied for asylum to the UK in their own right.
1.11 UASC are considered a Looked After Child and so are under the care of the local authority. The Authority receives children either as a ‘Spontaneous Arrival’ or through the National Transfer Scheme (NTS), which is a protocol to enable to safe transfer of unaccompanied children in the UK from the entry authority to a different local authority. This review did not include children already receiving support from the Home Office and children who have been granted British citizenship.
1.12 The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· Arrangements are in place and operate effectively to ensure early identification of UASC so that care is transferred, and support services start. Timescales for the referral and transfer process are in accordance with legislation;
· Services are set up for UASC that identify local needs and meet national guidelines;
· Costs are appropriately controlled, authorised, and recorded in accordance with financial procedures; and
· There is a robust system to record and report UASC data, including when funding thresholds are reached to ensure that the Council receives all the funding available through the government scheme.
1.13 We were able to provide an opinion of Reasonable Assurance in this area. We found that robust arrangements are in place to ensure services and support are available for UASC. Visits and regular supervisions are taking place in a timely manner, performance is regularly monitored, and adequate documentation and guidance is in place. Grant funding is monitored and there is underspend due to efficient and effective processes being administered by the directorate.
1.14 We did, however, find some areas where improvement was required in order to further strengthen the controls already in place, including the need to:
· Undertake regular reconciliations of UASC payments and bus passes;
· Improve cash controls and holding of bus scratch cards; and
· Communicate the need to raise purchase orders in a timely manner.
1.15 A formal action plan to address the findings of this review has been agreed with management.
Life Events Income
1.16 The Life Events service includes registration of births and deaths as well as services relating to marriages, civil partnerships, British citizenship ceremonies and Bereavement. The service also operates Woodvale Crematorium, seven cemeteries across the city and a natural burial ground. Many of these services levy fees and charges.
1.17 The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· Procedures for collecting income are documented and effectively communicated to staff;
· Debtors’ invoices are raised promptly and accurately;
· Income is receipted and promptly reconciled and banked;
· There is adequate segregation of duties in the cash collection process;
· Debt recovery procedures are in place to ensure that debts are promptly chased and recovered;
· Refunds and credit notes are recorded and approved in accordance with procedures; and
· Budget monitoring is taking place regularly to identify variances in cash receipts.
1.18 In completing this work, we were able to provide an opinion of Reasonable Assurance over the controls in place. The debt level and value for the service was relatively low, regular budget monitoring is taking place and meetings are held with the Corporate Collection Team and the service on the pursuance of outstanding income. We identified that all fees and charges were raised for the correct amount and income received was banked in a timely manner.
1.19 We did identify some areas where improvement could be made in order to strengthen the control environment. In response to this audit an action plan was agreed with management that included measures to:
· Automate a manual process for raising invoices;
· Ensure all invoices are issued with the correct company name and these are used for all correspondence and billing;
· Develop documented procedures for all processes, containing version control;
· Ensure training on potential fraud is completed by officers who take card payments onsite using a PDQ machine;
· Document, review, and approve new process for write off of debts;
· Accurately record reconciliations that have been undertaken; and
· Ensuring cash receipts from the cash collection company are retained.
Parking Income
1.20 The Council operates nine off-street car parks and 29 on-street parking zones across the city, with over 40,000 residents parking permits are currently on issue. The Council also issues over 140,000 parking fines (Penalty Charge Notices (PCNs)) on an annual basis. The majority of parking payment transactions are made using the Pay by Phone app, by telephone, or online.
1.21 Brighton & Hove's parking services budgeted to generate a total of £43.5m in income during 2023/24. Most (97%) of the total income comes from: on and off street parking charges which are expected to generate £23m, £11.7 from residential and non-residential parking permits, and £7.3m from Penalty Charge Notices (inclusive of bad debt provision).
1.22 The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· Charges applied at the off-street car parks and on-street parking zones are in accordance with those approved by committees and the Administration. That these are able to be operationalised in accordance with progress on the agreed implementation date set by committees;
· Effective controls are in place for recording and receipting parking transactions when residents or visitors pay for parking at off-street car parks and on-street parking locations;
· Appropriate arrangements are in place to ensure that payments received from car parks, on-street parking locations, and PCNs are recorded onto the accounting system, banked in full, and regularly reconciled;
· Effective controls are in place over the issuing of car parks annual season tickets and collecting associated income; and
· Effective controls are in place over the issuing of resident parking permits and collecting associated income.
1.23 In providing an opinion of Reasonable Assurance, we found a number of areas of good practice, with only a small number of areas where controls could be improved to mitigate potential risk to the service. These included ensuring that:
· Implementing price changes has greater clarity in decision records in terms of implementation dates and simplifying the administrative exercise;
· The Parking Team engage with the Council’s Counter Fraud Team at the earliest opportunity to report any fraudulent activity;
· Payment confirmation is issued to members of the public from the system, in order for correct permits to be issued; and
· Annual reviews of the permit system database are undertaken to identify any variances.
1.24 A formal action plan to address the findings of this review has been agreed with management.
Housing Allocations
1.25 The Council is required by Section 166A (1) of the Housing Act 1996 to operate an allocation scheme for determining priorities and defining the procedures to be followed in allocating social housing. ‘Homemove’ is the Council’s Choice Based Lettings scheme that fulfils this obligation for both Council and Housing Association properties, via the Home Connections system.
1.26 The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· A defined allocations scheme is in place, in accordance with legislative requirements and Council priorities;
· Initial applications to the housing allocations register are assessed in line with the scheme, with only those eligible accepted to the register;
· Details held of existing individuals on housing allocations register are up-to-date and reflective of current circumstances; and
· Allocation of properties is appropriate and made in accordance with the Council’s scheme, to the most appropriate individual.
1.27 This audit did not include the allocation of temporary accommodation.
1.28 Overall, we were able to provide Reasonable Assurance in this area, finding that it is generally well managed, with appropriate controls in place to ensure Council properties are allocated in line with the current allocations scheme. Some areas for improvement were, however, identified, including ensuring that:
· Procedural documentation is up-to-date, and roles and responsibilities are defined;
· A review takes place of applicants’ recorded circumstances to ensure these are current, and that allocations are in line with the Allocations Policy; and
· Requirements for a replacement Housing Needs IT system are defined and feed into the procurement of this, taking into account identified shortcomings with the current system.
1.29 A formal action plan to address the findings of this review has been agreed with management.
Operational Accommodation Strategy and Workstyles Programme
1.30 The Workstyles Programme commenced in May 2009 and has introduced flexible working practices and technology across the Council’s corporate buildings. One element of the Workstyles Programme is the future Operational Accommodation Strategy, which is the Council’s strategy for the buildings used by Council services.
1.31 The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· Robust governance arrangements are in place over the Workstyles Programme to ensure it is fit for purpose and able to meet its objectives;
· The future Operational Accommodation Strategy, which is one part of the Workstyles programme, is fit for purpose and contains all necessary detailed information about how it will meet the Council’s corporate objectives/priorities; and
· Appropriate controls are in place regarding the letting out of the third and fourth floors of Bartholomew House, this includes:
o Roles and responsibilities are clearly defined between the Council as the lessor and the lessee and, once in place, accommodation rental agreements will be actively managed and monitored; and
o Management arrangements are in place to ensure Council offices, assets, and systems are secure from inappropriate access, appropriate escalation is in place where this does occur, and security is strengthened where gaps are identified.
1.32 In providing an opinion of Reasonable Assurance, our review indicated that the majority of key controls were found to be in place and operating as expected to mitigate potential risks in this area. However, our work identified some opportunities to further strengthen the process, including in relation to:
· Re-establishing the Workstyles Programme Board, to enhance governance and oversight over the programme;
· Developing a Programme Initiation Document (PID) for the next phase of the Workstyles Programme, to help reduce potential scope creep, or budget and time overruns. This will also include a risk assessment/register, the programme plan, and detailed programme procedures and guidance as an appendix; and
· Undertaking a lessons learned exercise after every project that feeds into the Workstyles Programme to help incorporate continuous improvements to the programme of work.
1.33 A formal action plan to address the findings of this review has been agreed with management.
Performance Development Plans and 121 Follow-up
1.34 In 2021/22, an audit was conducted to assess the adequacy of arrangements in place for employee’s performance and development and ensure this was compliant with the Council’s policies and procedures. In completing this work, we were only able to provide an audit opinion of Partial Assurance, with a number of areas for improvement being identified, including the need to:
· Ensure that Directorate Management Teams (DMTs) agree the mechanisms they will use to assure themselves of the recording of Personal Development Plans and 1-2-1s, and monitor compliance with agreed targets;
· Remind managers and team leaders that the appropriate templates should be used for PDPs and Mid Year Reviews (MYRs), and that adequate records of 121 meetings need to be retained;
· Monitor PDP and 1-2-1 completions by Directorates, and overseen and periodically reviewed by HR; and
· Introduce new monitoring and reporting processes for each Directorate to accurately reflect the use of local arrangements for performance reviews.
1.35 We have, therefore, undertaken a follow up review to assess the extent that actions to improve control, agreed with management in the original audit, had been implemented. In completing this follow-up review, we were able to provide an improved opinion of Reasonable Assurance. The only high risk finding identified from the original audit had been implemented, and the remaining three findings had been partially implemented and we identified one new finding as part of our work.
1.36 In discussing these items with management, further action was in the process of being taken in order for Human Resources to monitor compliance, reinforce the need for 121s, provide support to managers and directorates, ensure information on the intranet is accessible and up-to-date, and ensure all communication is provided to managers who manage Council staff.
1.37 A formal action plan to address the findings of this review has been agreed with management.
Contract Management Follow-up
1.38 The Council has in place a Contract Management Framework, developed by Orbis Procurement, which provides an approach for the management of contracts to ensure delivery of value and quality of goods and services purchased from suppliers. Although Orbis Procurement is responsible for maintaining the Framework, it is the responsibility of individual contract managers to familiarise themselves with this and apply it to their contracts as appropriate.
1.39 An audit of contract management was completed in August 2023, and we provided an audit opinion of Partial Assurance, with nine actions agreed with the service. We agreed with management to undertake an early follow up review of this audit, due to the opinion and their progress in implementing the agreed actions in order to improve the control environment.
1.40 In completing this follow-up review, we were able to provide an improved opinion of Reasonable Assurance. Of the nine agreed actions from the previous audit, eight of these had been implemented. One action has been repeated regarding capturing the contract manager information on the contracts register.
1.41 A formal action plan to address the findings of this review has been agreed with management.
1.42 To provide further assurance in this area we are intending to review contract management compliance in Directorates in 2024-25
Robotic Process Automation
1.43 Robotic Process Automation (RPA) is a form of business process automation that allows a user to define a set of instructions for a robot to perform automatically, often repeating the task quickly.
1.44 The main benefits of automation are to remove repetitive, rule based and time-consuming tasks which allows staff to use their time much better doing more complex tasks. If automation is not suitably governed and managed, this could represent significant risk to the security and integrity of Council data.
1.45 This review evaluated the effectiveness of the controls to govern the use of Robotics within the Council. We were able to provide an opinion of Reasonable Assurance noting that B&HCC do not currently have any plans to exploit the efficiencies of Robotic Process Automation (RPA) processes. Further, no specific instances of RPA in use were identified during the audit.
1.46 Although the current assurance opinion is Reasonable, if the appetite for RPA's changes, we would expect more robust controls to be put in place before any automations are developed. Having undertaken similar audits across all three Orbis partners, we have found that robust control arrangements for RPAs are in place elsewhere and we believe these could be implemented at B&HCC relatively simply.
1.47 Our audit found that governance arrangements, which include Change Advisory Board (CAB), Digital Design Group and Digital Data and Technology Board (DDAT), apply to any strategic / high risk process automation. IT&D Business Partners act to signpost any new developments in this area to the aforementioned governance arrangements before any development commences.
1.48 Where arrangements to develop automated processes are not available, opportunities to improve the efficiency and effectiveness of the Authority may not be fully utilised.
1.49 Actions were agreed in relation to the one low priority finding identified during the audit.
Surveillance Cameras – Follow up
1.50 Section 33 of the Protection of Freedoms Act 2012 (PoFA) requires all local authorities to pay due regard to the surveillance camera code of practice (SC Code) where they operate surveillance cameras overtly in a public space (e.g. in town centres, municipal buildings, libraries, leisure centres, body worn videos worn by enforcement officers etc). The Council has 435 cameras in operation and is required to ensure that the use of cameras in public places is regulated and they are only used in pursuit of a specified purpose.
1.51 An audit of surveillance cameras was completed in 2019/20 and provided an opinion of Partial Assurance. The primary focus of this audit was to follow up on the actions agreed in the previous audit but also to consider any changes in requirements or practice since the previous review.
1.52 Based on this work, we have now been able to provide an opinion of Reasonable Assurance. We found that many of the actions from the previous report had been implemented either partially or in full, reducing the Council’s exposure to risk in relation to the use of surveillance cameras.
1.53 We found that considerable work had been completed to improve governance in this area. Data Protection Impact Assessment’s have been completed for the camera systems in operation.
1.54 We note that there are still some further improvements required in this area to ensure that all cameras in operation meet the approved standards in line with the code of practice.
1.55 A formal action plan to address the findings of this review has been agreed with management.
Eclipse Application Control
1.56 Eclipse is a key system within the Council, used for recording and processing information relating to adult social care and children’s care needs. This includes the management of contracts, referrals, and support plans, as well as safeguarding issues. Therefore, the information held on Eclipse is determined as special category data and is particularly sensitive.
1.57 This application audit reviewed all major input, processing, and output controls, including access controls and interfaces with other systems.
1.58 The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· System access is restricted to appropriately authorised individuals and the permissions
provided to those users are in line with job functions;
· Data processed through interfaces is authorised, accurate, complete, securely processed
and written to the appropriate file;
· Outputs produced by the system are complete, accurate, reliable, distributed on time and
with confidentiality where appropriate;
· System updates and enhancements are performed in a consistent manner and subject to
sufficient testing and authorisation before implementation; and
· Appropriate support arrangements are in place to manage changes within the system.
1.59 Based on the work carried, we have been able to provide an opinion of Reasonable Assurance. We found that most expected controls are in place and user access and outputs from the system are closely monitored and reviewed. Penetration testing is conducted in line with ISO27001 certification.
1.60 We found a small number of areas for further improvement and a formal action plan to address these has been agreed with management, including the need to…ensure that technical risk assessments are saved into the project archive and are accessible, reminders are sent to managers of the process of removing access to staff who leave the council and the Data Protection Impact Assessment is fully completed and signed off..
Schools
1.61 We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:
· Governance structures are in place and operate to ensure there was independent oversight and challenge by the Governing Body;
· Decision making is transparent, well documented, and free from bias;
· The school is able to operate within its budget through effective financial planning;
· Unauthorised or inappropriate people do not have access to pupils, systems, or the site;
· Staff are paid in accordance with the schools pay policy;
· Expenditure is controlled and funds used for an educational purpose;
· The school ensures value for money on contracts and larger purchases; and,
· All voluntary funds are held securely and used in accordance with the agreed purpose.
1.62 One school audit was finalised in quarter 4. The table below shows details of the school we audited, together with the final level of assurance reported to them.
|
Name of School |
Audit Opinion |
|
Varndean School |
Reasonable Assurance |
1.63 We aim to undertake follow-up audits at all schools with Minimal Assurance opinions. For Partial Assurance opinions we will write to the Chair of Governors to obtain confirmation that recommendations have been implemented.
1.64 The core financial role of the LA is to set and monitor a local framework, including provision of budgetary information, provision of a financial oversight and ultimately intervening where schools are causing financial concerns. Schools (the governing body and the Headteacher) are required to manage their delegated budget effectively ensuring the school meets all its statutory obligations, and through the Headteacher comply with the LA’s Financial Regulations and Standing Orders.
Grant Certifications and Non-Opinion Work
Supporting Families Grant
1.65 The Department of Levelling Up, Housing and Communities (DLUHC) requires Internal Audit to verify a proportion (5-10%) of outcome submissions made by the Local Authority for Supporting Families (SF) Programme, using the updated national Outcomes Framework (October 2023 – March 2025).
1.66 No significant issues were identified in the grant certification as all families selected in our sample had met the criteria to be eligible for the programme and have also sustained the required outcomes at six months from case closure.
Complex Care Placements for Children – SEN & Disability
1.67 Residential care placements for children fall under either Safeguarding and Care, or Health, SEN, and Disabilities. The audit work for this review covered placements within Health, SEN, and Disabilities, and a separate report has already been issued in relation to Safeguarding and Care. For our work we have defined complex care as a placement with an above-average weekly cost.
1.68 The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· Assessments and approvals for complex care placements are determined by clear procedures that are both statutorily compliant and effectively balance appropriate provision of care need with cost;
· Robust gateways for checking and approving complex care placements allow consistency, quality, and value for money to be achieved;
· Within the context of the prevailing market conditions, appropriate arrangements are in place to commission and purchase complex care placements once packages have been authorised;
· There are effective processes operating to provide Council management with reliable and accurate information both on incurred and forecast spend as far as possible; and
· Ongoing review of care packages and placements is mindful of both meeting the care need and maintaining a sustainable budget.
1.69 At the time of the audit there were ongoing changes in the area under review, which had not yet had a chance to become embedded but were likely to have an impact on the control environment. Potential outcomes of these changes, including to the appropriateness and quality of residential placements in use, and the service’s financial position, were not fully determined. Consequently, we were not in a position to provide a formal audit opinion in this area, at this stage, instead producing a position statement for management.
1.70 Our work identified that the controls and good practice in the review of Children’s Complex Care Placements – Safeguarding and Care, which was provided with Reasonable Assurance, were being expanded to the Health, SEN, and Disabilities process.
1.71 We agreed with management that a full audit of the revised commissioning arrangements for complex care placements for Health, SEN and Disabilities will be included in the Internal Audit plan for 2024/25.
2. Proactive Counter Fraud Work
2.1 Internal Audit have been liaising with the relevant services to provide advice and support in processing the matches received as part of the National Fraud Initiative.
2.2 The team continue to monitor intel alerts and share information with relevant services when appropriate.
Summary of Completed Investigations
2.3 Internal Audit investigated an allegation of potential bribery when awarding a contract for the supply of diesel and oil to the Council. The referrer alleged that two former members of City Clean staff had received a £20k bribe to award a contract to a preferred supplier. The investigation found that the two members of staff had left the employment of the Council prior to the contract being awarded and there was no evidence that they had been involved in the procurement exercise. Furthermore, the investigation did not identify any concerns that the supplier had acted inappropriately.
Misconduct
2.4 Internal Audit conducted initial enquiries and provided advice to a service following an anonymous referral that a member of City Clean staff was carrying out secondary employment. The service interviewed the member of staff, and no evidence of secondary employment was identified. The case was closed with no further action.
Fraudulent Use of a Purchase Card
2.5 Advice was provided to a school following a Purchase Card being used for a fraudulent transaction.
Phishing Email
2.6 Advice was provided to the Business Operations Team following a potential phishing email being received from a bank.
Housing Tenancy Fraud
2.7 The team continue to investigate allegations of potential subletting and have recovered 6 properties in 2023/24. A summary of the scope and work of the team is included in the Annual Counter Fraud Report and results for the full year summarised below:
|
Fraud Area |
(£) 2023/24 |
(£) 2022/23 |
(£) 2021/22 |
(£) 2020/21 |
|
Properties Recovered |
558,000 |
186,000 |
279,000 |
186,000 |
|
Housing Application Withdrawn |
- |
- |
- |
- |
|
Homeless Application Withdrawn |
- |
- |
- |
- |
|
Right-To-Buy Withdrawn |
- |
- |
- |
- |
|
SPD Removed |
8,625 |
511 |
9,746 |
4,241 |
|
CTRS |
440 |
406 |
- |
- |
|
Housing Benefit |
3,853 |
3,658 |
- |
- |
|
Business Rates |
- |
- |
- |
- |
|
Total |
570,918 |
190,575 |
288,746 |
190,241 |
3 Action Tracking
3.1 All high priority actions agreed with management as part of individual audit reviews are subject to action tracking. When high priority actions become due, we seek confirmation from service management that actions have been implemented. At the end of quarter 4, we can report that 100% of high priority actions due, have been confirmed as implemented by management.
3.2 A number of high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit & Standards Committee.
4 Q4 Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following audits have been added to the audit plan this quarter:
|
Planned Audit |
Rationale for Addition |
|
Contract Management follow up |
Management requested an early follow up review of the previous partial assurance audit |
|
Service Agreements (Residential & Non-residential) follow up |
Management requested an early follow up review of the previous partial assurance audit |
|
Digital City Clean Project |
To provide a review and support through advice. Non-opinion work providing a position statement. |
4.2 In order to allow these additional audits to take place, the following audits have been removed or deferred from the audit plan and, where appropriate, will be considered for inclusion in future audit plans as part of the overall risk assessment completed during the annual audit planning process. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits:
|
Planned Audit |
Rationale for Removal |
|
General Ledger |
This review has been deferred to 2024/25 |
|
Early Help Services |
This review has been deferred to 2024/25 |
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |