Appendix 1
Internal Audit and Counter Fraud
Quarter 1 Progress Report 2024/25
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Adult Social Care Service Agreements (Residential & Non-residential) Follow Up
1.1. Adults requiring care and support contact the Council who will undertake an assessment which determines the required package of care and the cost. Once the package of care has been determined and agreed, a service agreement between the client, provider of the supported care (for example, residential, nursing and community care) and the Council is put in place. As of January 2024, the total gross cost of open service agreements for 2024/25 was approximately £2.5m.
1.2. An audit of this area was completed in October 2023, with an opinion of Partial Assurance, and six actions were agreed with management in response to the report findings. These are summarised in the 2023-24 Q2 progress report, which was presented to Audit & Standards Committee on 30th January 2024.
1.3. An early follow-up review was agreed with the service and added to the 2023/24 audit plan and was in progress at year end. The objective of this was to provide assurance over the progress made in implementing the agreed actions from the previous audit.
1.4. Actions included improvements in defining roles and responsibilities, reducing delays in setting up service agreements, updating guidance and procedures, authority levels for approvals of changes to packages, reducing input errors from Eclipse to Care First and timely closure of service agreements.
1.5. We are pleased to report that we found that all of the agreed actions have now been implemented and we are therefore able to give an improved opinion of Substantial Assurance.
Adult Social Care Financial Assessments Follow Up
1.6. The Care Act 2014 permits local authorities to undertake financial assessments to determine the level of someone’s financial resource, and the amount (if any) which they may be likely to be able to pay towards the cost of meeting their needs through care and support services. Financial assessments are undertaken by the Financial Assessments Team, the Council has approximately 3,500 adults with a care package for either home care or residential nursing care that have had a financial assessment or may need reassessment at any given time.
1.7. An audit of the financial assessments for Adult Social Care clients was completed in January 2023, and we provided an audit opinion of Partial Assurance with eight actions agreed with the service. These are summarised in the Q3 2022-23 Progress Report presented at the 18th April 2023 Audit & Standards Committee
1.8. As part of the 2023/24 audit plan, we agreed with management to undertake a follow-up review to assess the extent that actions to improve control, agreed with management in the original audit, had been implemented.
1.9. In completing this follow-up review, we were able to provide an improved opinion of Reasonable Assurance. The only high risk finding identified from the original audit, where a review of capacity to deliver financial assessment reviews for non-residential clients was required had been implemented. Other improvement actions implemented included developing guidance and procedure notes, including information and deadlines on outcome notification letters, and improving communications with clients to remind them of their responsibility to notify the Council where there are changes in financial circumstances.
1.10. A formal action plan to address the outstanding actions of this review has been agreed with management.
Council Tax Follow Up
1.11. Council tax is a key financial information system, dealing with the calculation, billing, and collection of the council tax revenue. The funds received from council tax form an integral part of the Council’s budget. Brighton & Hove City Council’s 2023/24 total budget was £891.1 million, with £170.3 million (19.1%) of this coming from collection of council tax.
1.12. An audit of council tax was completed in December 2023, and we provided an opinion of Partial Assurance, with ten actions agreed with the service in response to findings. A summary of this report can be found in the 2023-24 Quarter 3 Progress Report, presented to the Audit & Standards Committee on 16th April 2024.
1.13. An early follow up review was agreed with the service as an addition to the 2023/24 audit plan.
1.14. This follow-up review found that eight of these actions had been implemented, including in response to the one high-risk finding relating to reducing the significant backlog of processes. As the majority of agreed actions had been implemented, we were able to provide an improved opinion of Reasonable Assurance in this area.
1.15. Other actions implemented included improving accuracy of liable party details which included strengthening communication with housing services, identifying resources to conduct reviews of discounts and more clearly documenting reasons for write offs.
1.16. A formal action plan to address the outstanding actions has been agreed with management.
Health and Safety Follow-up
1.17. The Council has a statutory duty under the Health and Safety at Work Act 1974 to secure, as far as is reasonably practicable, the health and safety of employees and others who may be affected by the Council’s activities. The Health and Safety Executive (HSE) has developed a framework to help organisations understand the actions they need to take to comply with health and safety legislation.
1.18. An audit of the management of Health and Safety was completed in September 2022 and an audit opinion of Partial Assurance was provided. A summary of this report can be found in the 2022-23 Quarter 2 Progress Report, presented to the Audit & Standards Committee on 29th November 2022.
1.19. We agreed with management to undertake a follow-up review as part of our planned work for 2023/24.
1.20. In completing this follow-up review, we were able to provide an improved opinion of Reasonable Assurance. Of the eight agreed actions from the previous audit, three actions had been fully implemented, including the approval of the updated Health and Safety Improvement Plan, reporting to members, and improving the guidance for escalation of serious incidents.
1.21. The remaining five actions have been partially implemented and a new action had been raised regarding key performance indicators for reporting incidents. A formal action plan to address the outstanding actions has been agreed with management.
Parking Enforcement
1.22. Parking income accounts for a significant element of the Council’s budget. Penalty Charge Notices (PCNs) accounted for approximately £7.3m in income to the Council for 2023/24, with around 140,000 notices issued annually. The issuing of PCNs and enforcement of unpaid PCNs is contracted out to external suppliers.
1.23. This audit was included in the 2023-24 audit plan at the request of the Corporate Director.
1.24. The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· The contract with NSL is robustly managed to ensure that the contractor is performing in accordance with contract and service requirements;
· Fees and charges are adequately communicated to the public and all chargeable parking spaces have sufficient signage and road markings;
· Unpaid PCNs are promptly passed to enforcement agents for collection;
· Contracts with collection agencies are managed and ensure that contractors are performing in accordance with contract and service requirements;
· There are robust appeals process in place and all challenges are dealt with in a fair and timely manner;
· Refunds and write-offs are only processed in appropriate circumstances after senior officer approval: and
· There is a complaints process in place that operates in accordance with corporate policy and is used to inform service improvements.
1.25. In reviewing the parking enforcement arrangements, we were able to provide an opinion of Reasonable Assurance over the controls in place. We found that the contract with NSL is being effectively managed, fees and charges are updated promptly and reflect the current charging structure, complaints follow the corporate process and are reviewed within defined timescales, and new processes have been introduced to tackle debt. However, there were opportunities to further enhance controls, including ensuring that:
· The backlog of unpaid PCNs is processed. This will be achieved through new contracts with collection agencies and a new contract with detailed key performance indicators used to monitor all aspects of collection performance;
· Quality checks are undertaken on a sample of appeals each month;
· Monthly reports are produced showing all PCNs cancelled due to issues with signage and/or road markings, this will be monitored monthly and be a key performance indicator; and
· Spot checks are undertaken for automated write-offs and development of a strategy for transparency of write-off approval by appropriate officers.
1.26. A formal action plan to address the findings of this review has been agreed with management.
Information Governance (Subject Access Request and Freedom of Information Reporting Arrangements)
1.27. The Freedom of Information Act 2000 (FOI) and the Data Protection Act 2018 (SAR) give people the right to access information held by public authorities, such as the Council. The Council has to respond to these requests in a timely and lawful manner, and report on its performance and compliance to the Information Commissioner's Office (ICO), the regulator for these laws, Failure to comply can result in warnings and enforcement notices. Any serious breaches can lead to significant fines.
1.28. This audit was agreed for the 2023-24 audit plan and was in progress at year end.
1.29. The objective of the review was to provide assurance that controls are in place to allow the Council to respond to all freedom of Information requests and subject access requests in a timely manner and that there are sufficient reporting and governance processes to monitor and manage performance.
1.30. The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· An effective governance framework is in place to support compliance with FOI and SAR responsibilities;
· Policies and procedures are in place covering the Council’s approach to fulfilling FOI and SAR requests to ensure compliance with legislation, as well as documenting and communicating associated responsibilities; and
· Council officers have awareness of their requirements and responsibilities when handling requests.
1.31. We were able to provide an opinion of Reasonable Assurance over the arrangements in place. We can confirm that a governance framework is in place to support the Council in meeting its compliance responsibilities as set out by the Information Governance Commissioner. This includes appropriate policies and guidance, training, and oversight by the Senior Information Risk Owner (SIRO). We note that the Information Rights Team provide good support to services throughout their completion of assigned requests.
1.32. We found some areas where further improvements could be made to the control environment, and these include:
· Documenting the roles and responsibilities of staff involved in FOI and SAR requests more clearly;
· Documenting the processes and guidance for managing system releases, which are updates or changes to the IT systems that store information;
· Ensuring that SAR responses are reviewed for accuracy and quality before they are sent out;
· Improving the format and clarity of the performance reports that are sent to senior managers;
· Monitoring and enforcing the completion of mandatory information governance training for all staff and councillors; and
· Reviewing and updating the procedure notes for FOI and SAR requests regularly.
1.33. A formal action plan to address the findings of this review has been agreed with management.
System Change Control & Release Management (Patch Management)
1.34. System change control and release management is the process of identifying, acquiring, testing, and deploying IT system changes and releases. These changes and releases may aim to correct problems, close vulnerabilities, and/or improve system functionality. By implementing system changes and updates the Council can minimise the risk of known vulnerabilities being exploited, enhance its cyber security, as well as ensuring that all systems have optimal or improved functionality.
1.35. This audit was agreed as part of the 2023-24 audit plan and the objective was to provide assurance that robust controls are in place around system changes and supplier releases, and these are operating as expected to manage risks to the Council’s systems, data, and services. The audit focused on changes and update processes on critical systems managed by IT&D hosted on-premises. Third party systems hosted off-premises were not included as part of this audit.
· Updates and changes for all systems, and applications in use are identified and applied to all relevant systems;
· Updates and changes are applied in a timely manner and prioritised appropriately;
· Use of outdated, unsupported software (for which updates are no longer available) is minimised. Where remaining in use, additional precautions are taken to mitigate the risk associated with such software;
· Adequate testing and roll-back arrangements are in place to minimise disruption to users and service provision from the application of changes and updates; and
· Comprehensive records of changes and update application are maintained.
1.37. We were able to provide an opinion of Reasonable Assurance over the controls in place. We found that there is a clear and appropriate process in place for custom changes to IT&D managed systems. This is clearly documented with roles and responsibilities assigned. Risk assessments are completed and help officers prioritise the request and understand the impact on other systems. We also noted that information around implementation and system downtime is effectively managed and communicated to system users.
1.38. We found a few areas where further improvement could be made, including:
· Preparing of RACI (Responsible, Accountable, Consulted, and Informed) documentation to enhance the details of roles and responsibilities for business-critical systems;
· Developing guidance or process documentation to detail the principles and management of system releases; and
· Strengthening approval steps for changes to ensure only appropriate changes are made.
1.39. A formal action plan has been agreed with management to address these findings.
Corporate Governance Policy Framework and Associated Guidance
1.40. Governance is the combination of processes and structures put in place by an organisation to inform, direct and monitor activities in order to achieve its objectives. Each local government body operates through a governance framework which brings together an underlying set of legislative requirements, governance principles and management processes (policies and procedures). Through the publication of an Annual Governance Statement (AGS), this will make the adopted practice open and explicit.
1.41. It was not within the scope of this audit to review how the organisation as a whole is being directed and managed, defined as ‘Corporate Governance,’ but rather to examine the underpinning policy framework and associated guidance/documentation. Our review, therefore, focussed on the completeness, accuracy, quality, and timeliness of the documentation available, and the extent of awareness of this amongst management and staff. In addition, we reviewed and analysed the documents that feed into and underpin the Council’s corporate governance arrangements. We excluded an in-depth assessment of the risk management and performance management frameworks, as separate audit reviews have been completed in these areas recently.
1.42. The scope of this audit was to provide assurance that controls are in place to meet the following objectives;
· Activities to ensure Council governance arrangements, and therefore the integrity, transparency, and efficiency of the Council, are identified and taken in a timely manner by appropriate individuals;
· Key policies and procedures that contribute to the Council's overall governance arrangements are in place, subject to regular review, updated and approved, and there are effective communication arrangements of these documents;
· The Council has measures in place which monitor compliance with key policies ensuring that services to residents remain unaffected; and
· The process for compiling and reporting the AGS is efficient, effective and fit-for-purpose, and information provided is clear and accurate.
1.43. In completing this work, we identified weaknesses in the current arrangements, which mean opportunities to improve the corporate governance policy framework and associated guidance/ documentation continue to exist. Therefore we were only able to provide an opinion of Partial Assurance over this defined area. A robust action plan was agreed with management to ensure that:
· The Whistleblowing Policy and process is reviewed and updated to ensure this is robust;
· The Local Code of Corporate Governance is updated to include information pertaining to the Council’s corporate governance and adherence to the CIPFA/SOLACE Governance Framework. In addition, key policies and procedures linked to governance will be included in the Local Code of Corporate Governance and the AGS;
· Communication of key policies and procedures that feed into corporate governance will be increased and made available on the Council’s intranet site; and
· Directorate Management Teams are involved with the development of the AGS at the initial stage and all necessary detail is included in the AGS on the Council’s governance arrangements.
1.44. Improvement actions in all of these areas were agreed with management and we will complete a follow-up review to assess the extent to which these actions have been implemented.
Off Payroll Working (IR35)
1.45. Employees paid through the payroll make up the majority of the workforce at the Council, with agency workers, consultants and contractors generally being paid ‘off-payroll.’ The HMRC off payroll working rules, known as IR35, aim to ensure that a worker or contractor pays broadly the same Income Tax and National Insurance as an employee would. The engager is responsible for checking the employment status of the worker/contractor to determine if they are in scope (where Income Tax and National Insurance contributions deducted from their pay) or out of scope and paid via the accounts payable system.
1.46. The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· There are clear criteria as to when individuals should be employed, and when off-payroll payments are appropriate, to ensure compliance with off-payroll working rules;
· There are robust policies in place to ensure compliance with IR35 legislation, reducing the risk of regulatory penalty and financial loss;
· There are regular reports on off-payroll workers, ensuring sufficient oversight; and
· Robust procurement practices are in place to ensure value for money.
1.47. From the audit work undertaken, we found weaknesses in identifying, monitoring, and reviewing engagements across the Council where there is a potential for off-payroll working rules (IR35) to apply. As a result, we were only able to provide an opinion of Partial Assurance. We acknowledge that the Council’s financial system is not compatible to introduce system controls for off-payroll payments and, therefore, a robust action plan was agreed with management to ensure that:
· Quarterly reports are developed, and spot checks undertaken to report on off-payroll payment arrangements to ensure compliance and maintain economies of scale;
· Guidance is developed for managers engaging individuals in off-payroll working;
· Over the longer-term, a system solution is developed to request, upload and store, the self-assessment for those individuals being paid off-payroll for services supplied;
· Supplier set up is explored to see if an IR35 designation can be added; and
· Communication of IR35 requirements is shared with management across the Council.
1.48. Due to the Partial Assurance opinion, we will complete a follow-up review to assess the extent to which these actions have been implemented.
Debtors/ Accounts Receivable
1.49. The Central Collections Team (CCT) is responsible for ensuring that all income due to the Council is collected and correctly accounted for. For 2022/23 £78.9m of income was processed. This is made up of £41.1m of corporate income, and £37.8m of Adult Social Care income.
1.50. This audit was agreed as part of the 2023/24 audit plan and included as a key financial system. The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· All income generating activities are identified and invoices accurately raised to customers;
· A customer account maintenance process is in place and operating effectively;
· Amendments to invoices are correct and authorised;
· Collection and debt recovery is managed efficiently and effectively, and resources are focused on areas of priority debt;
· Writes offs are processed accurately and correctly authorised;
· Payments are received and recorded against the correct debtor account in a timely manner; and
· Reconciliations between the Accounts Receivable system and the General Ledger are undertaken on a regular basis.
1.51. We were only able to provide an opinion of Partial Assurance as a number of weaknesses in the control environment were identified, including around the current management of collection and debt recovery which has resulted in expected controls not performing adequately, increasing the risk of income being lost. We note that processes were found to be hindered by limited resources in the team, which management have recognised. A robust action plan was agreed with management to ensure that:
· New recovery routes are implemented, and recovery guidance is updated and published;
· A clear system for prioritisation and escalation of debt is introduced;
· Reports on suspended debt are run and reviewed;
· Accuracy of key performance indicators is improved and ensure write-off figures are reported separately from collection figures;
· Individual’s authorisation levels are aligned to their job role;
· Use of reports to identify duplicate debtors and duplicate invoices is explored; and
· Notes and supporting evidence are captured to the debtor’s system.
1.52. Due to the Partial Assurance opinion, we will complete a follow-up review to assess the extent to which these actions have been implemented.
Schools
1.53. We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:
· Governance structures are in place and operate to ensure there is independent oversight and challenge by the Governing Body;
· Decision making is transparent, well documented, and free from bias;
· The school is able to operate within its budget through effective financial planning;
· Unauthorised or inappropriate people do not have access to pupils, systems, or the site;
· Staff are paid in accordance with the schools pay policy;
· Expenditure is controlled and funds used for an educational purpose;
· The school ensures value for money on contracts and larger purchases; and,
· All voluntary funds are held securely and used in accordance with the agreed purpose.
1.54. Three school audits were finalised in quarter 1. The table below shows details of the schools audited, together with the final level of assurance reported to them.
|
Name of School |
Audit Opinion |
|
Brunswick School |
Partial Assurance Areas requiring improvement included: · Ensuring governors declarations of interest are updated annually and published on the school website; · Ensuring contractors have the correct level of public liability insurance; · Improving expenditure controls and oversight of expenditure; and · Management of debt. |
|
Hove Park School |
Partial Assurance Areas requiring improvement included: · Ensuring the single central record is kept up to date; · Ensuring governors declarations of interest are updated annually and published on the school website; · Ensuring contractors have the correct level of public liability insurance; and · Improving expenditure controls and oversight of expenditure. |
|
Balfour School |
Reasonable Assurance Areas requiring improvement included: · Ensuring governors declarations of interest are updated annually and published on the school website; and · Improving expenditure controls and oversight of expenditure. |
1.55. We aim to undertake follow-up audits at all schools with Minimal Assurance opinions. For Partial Assurance opinions we will write to the Chair of Governors to obtain confirmation that recommendations have been implemented.
1.56. The core financial role of the LA is to set and monitor a local framework, including provision of budgetary information, provision of a financial oversight and ultimately intervening where schools are causing financial concerns. Schools (the governing body and the Headteacher) are required to manage their delegated budget effectively ensuring the school meets all its statutory obligations, and through the Headteacher comply with the LA’s Financial Regulations and Standing Orders.
Grant Certifications and Non-Opinion Work
Library On Grant
1.57. The Council applied for a capital grant from the British Library and received £42,395 to deliver the project Community Connect. A requirement of the grant conditions was that Internal Audit reviewed and certified expenditure against this grant.
1.58. In completing this work we identified some overspending against individual budget lines in excess of 5% that should have been communicated, however this was not significant as the total budget was not overspent. Expenditure for the grant was certified.
Supporting Families Programme Grant
1.59. The Department of Levelling Up, Housing and Communities (DLUHC) requires Internal Audit to verify a proportion (5-10%) of outcome submissions made by the Local Authority for Supporting Families (SF) Programme, using the updated national Outcomes Framework (October 2023 – March 2025).
1.60. We reviewed 5 of the 23 submissions made in quarter 4 of 2023/24 and found no significant issues. The eligibility criteria were met, and the required outcomes evidenced as achieved.
Adult Social Care Debt Management and Recovery
1.61. Income from charging is an essential contribution to Adult Social Care’s (ASC) budget to support the delivery of service to help people live and age well. The Care Act 2014 revised the legal framework for the recovery of debts and introduced the Deferred Payment Agreements, which require the property owners’ agreement for a charge against property.
1.62. At the time of this review, an audit of the Council’s corporate Debtor’s/Accounts Receivable system was underway, which looked at the recovery and debt management processes across the Council as a whole. Given the timing of the Debtors audit report (summarised above), and the fact that many of the issues highlighted in that report directly impact on ASC debt management and recovery, this review has not sought to provide an assurance opinion, as this would have likely resulted in duplication. Similarly, any control weaknesses identified during this review which have already been reported on as part of the Debtors audit have not been repeated as part of this work.
1.63. Overall based on the audit work undertaken, areas of good practice were identified as there is regular discussions of the ASC debt position and action taken. In addition, pilot schemes are currently in progress to address areas of outstanding debt. However, some areas for improvement were identified, including the need to ensure that:
· The development of an ASC collection strategy, ASC debt policy and procedures/guidance;
· Roles and responsibilities are defined in the ASC debt management and recovery process;
· Key performance indicator reporting on ASC direct debits will be requested and a review will be undertaken to see if uptake could be increased; and
· Reconciliations will be completed between the Council’s financial system and the data reporting system.
1.64. A formal action plan has been agreed with management to address the findings raised.
Commissioning of Supported Accommodation
1.65. The Council’s Core-Funded Single Person Pathway provides short-term supported accommodation to individuals with support needs, including those related to mental health, physical health, and substance misuse. This provision currently comprises 111 low support, 96 medium support and 23 high support bedspaces, via a range of providers, with a budget for these services in excess of £3m for 2023/24. The previous 5-year arrangement ended in March 2024, and so an exercise to recommission these services took place, with new contracts to be in place by July 2024.
1.66. Whilst we did examine the commissioning arrangements for the provision of supported accommodation, we did not provide a formal audit opinion due to the commissioning exercise being already near completion at the time of the review and the service would be unable to implement meaningful actions to address risks identified in relation to the current commissioning.
1.67. However, our work did provide an opportunity to explore lessons learnt and apply these to future similar exercises. We identified that there was opportunity for improvement around having formal documentation in place to evidence key decisions and information relating to the commissioning.
1.68. We have agreed with management that a full audit of the ongoing contract management arrangements for the new contracts will be included in the Internal Audit plan for 2025/26. This will consider controls in place for ongoing contract arrangements and is likely to include those relating to performance monitoring and reporting, budget, variations to contracts, business continuity arrangements and data handling.
2. Proactive Counter Fraud Work
2.1 Internal Audit have been liaising with the relevant services to provide advice and support in processing the matches received as part of the National Fraud Initiative.
2.2. The team continue to monitor intel alerts and share information with relevant services when appropriate.
2.3. We provided advice and support to services in several cases that did not require internal audit investigation.
Summary of Completed Investigations
2.4 An application from a known offender was identified and stopped prior to offer of employment. This was the result of active investigations at the two other Orbis partner councils.
Housing Tenancy Fraud
2.5 The Tenancy Fraud Team continue to investigate allegations of potential sublet. They work closely with Housing managers and officers on a joined-up approach to allegations of abandonment with an increasing emphasis on visits and communication with tenants to increase awareness and reiterate a tenant’s responsibility under their tenancy agreements.
Council Tax Fraud
2.6 The Team continues to investigate allegations of false claims for Single Person Discount (SPD) and Council Tax Reduction Support (CTRS).
|
Fraud Area |
Year to Date |
(£) 2023/24 |
(£) 2022/23 |
(£) 2021/22 |
|
Properties Recovered |
- |
558,000 |
186,000 |
279,000 |
|
Housing Application Withdrawn |
51,396 |
- |
- |
- |
|
Homeless Application Withdrawn |
|
- |
- |
- |
|
Right-To-Buy Withdrawn |
|
- |
- |
- |
|
SPD Removed |
433 |
8,625 |
511 |
9,746 |
|
CTRS |
|
440 |
406 |
- |
|
Housing Benefit |
|
3,853 |
3,658 |
- |
|
Business Rates |
|
- |
- |
- |
|
Total |
51,829 |
570,918 |
190,575 |
288,746 |
3.2 There was one high priority action which was overdue at the end of Q1. Details are provided below.
|
Details of Audit Issue |
Due date |
Revised date |
Agreed Action |
|
Payment Card Industry Data Security Standards – Roles and Responsibilities |
30/11/23 |
12/04/24 |
A Responsibility, Accountability, Consulted and Informed (RACI) matrix will be completed. This will map out every task, milestone, and key decision in relation to the Payment Card Industry Data Security Standards process. Assigning roles to these responsibilities and timescales where appropriate |
3.3 A follow up review of Payment Card Industry Data Security Standards is scheduled in the coming year, where we will seek to assess the level of progress made against the action agreed.
3.4 A number of high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit & Standards Committee.
4. Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following audits have been added to the audit plan this quarter:
|
Planned Audit |
Rationale for Addition |
|
General Ledger |
This audit was deferred from 2023/24 and is included to provide assurance before the development and implementation of updates to back-office systems. |
|
Building Health & Safety Regulations Housing |
Provide some advice work around new building regulations and progress towards compliance |
|
Property Asset Collection Controls in Housing |
Included to provide assurance that appropriate controls are in place following an incident where cash was found during clearance of a Council owned property. |
|
Payment Card Industry Data Security Standards follow up |
Follow up audit is required following Partial Assurance audit opinion in 2023/24 |
4.2 In order to allow these additional audits to take place, contingency days have been used. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits:
5. Internal Audit Performance
5.1 In addition to the annual assessment of internal audit effectiveness against Public Sector Internal Audit Standards (PSIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
|
Quality
|
Annual Audit Plan agreed by Audit Committee |
By end April |
G |
2024/25 Internal Audit Strategy and Annual Audit Plan formally approved by Audit and Standards Committee 16th April 2024. |
|
|
Annual Audit Report and Opinion
|
By end July |
G |
2023/24 Annual Report and Opinion presented to Audit, Standards & General Purposes Committee 25th June 2024 |
|
|
|
Customer Satisfaction Levels |
90% satisfied. |
G |
100% |
|
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
22.5% |
G |
29.3% |
|
|
|
Percentage of audit plan days delivered |
22.5% |
|
24.3% |
|
|
Compliance with Professional Standards |
Public Sector Internal Audit Standards |
Conforms |
G
|
Dec 2022 - External Quality Assurance completed by the Institute of Internal Auditors (IIA). Orbis Internal Audit assessed as achieving the highest level of conformance available against professional standards with no areas of non-compliance identified, and therefore no formal recommendations for improvement arising.
November 2023 - Updated self-assessment against the Public Sector Internal Audit Standards completed, the service was found to be fully complying with 319 of the standards and partially complying with 2 of the standards, in both cases proportionate arrangements remain in place.
November 2023 - Quality Review exercise completed, no major areas of non-conformance identified. The need to ensure consistency in the quality of the evidence contained within a small number of audit working papers was identified, this will be addressed at the auditor development days during 2024/25. |
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures, and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified |
|
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
G |
97.4% for high priority agreed actions (see above) |
|
|
Our staff |
Professionally Qualified/Accredited (Includes part-qualified staff and those undertaking professional training) |
80% |
G |
94% |
|
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |