Appendix 1
Internal Audit and Counter Fraud
Quarter 2 Progress Report 2024/25
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Cyber Security – Response and Resilience
1.1. This audit reviewed the key controls operating to ensure that Council arrangements are resilient and robust in the event of a cyber-attack or other technology-related outage. The audit also sought assurance over controls to allow the Council to quickly recover from any technology-related disaster, with a focus on corporate systems (supported by IT&D) as well as those procured and managed within directorates.
1.2. This audit review was included in the agreed audit plan for 2023/24, and the work was carried forward into 2024/25.
1.3. The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· Incident Response and Disaster Recovery processes and procedures are executed and maintained, to ensure timely response to cyber-attacks;
· The Council understands the risk to operational activities and mitigates for them accordingly; and
· Response and recovery activities are improved through the incorporation of lessons learned for future incidents.
1.4. We were able to provide an audit opinion of Reasonable Assurance.
1.5. It is not appropriate to share details of our findings within this report as any weaknesses in controls could be exploited. However, robust actions to further improve controls, were agreed and we are pleased to note that some were implemented by management before the report was finalised.
Early Help Services
1.6. This service provides early support to children and families as problems emerge and aims to prevent them escalating. Local organisations and agencies work together to identify children and families who would benefit from early help, undertake an assessment, and provide targeted early help services.
1.7. In 2022, a review of the service brought together key themes and findings from an LGA peer review, self-assessment, and a report by external consultants PeopleToo. This review identified key recommendations and proposals for transformation. In June 2022, the Children, Young People and Skills Committee agreed these principles of Early Help Transformation, leading to a "family hubs" model of support.
1.8. This audit was agreed as part of the audit plan for 2024/25 and was included at the request of the Corporate Director
1.9. The purpose of the review was to provide assurance that controls are in place to meet the following objectives:
· Identified areas for improvement, and recommendations to address these from the Early Help Review, have been considered and implemented as appropriate;
· Objectives of the service are clearly defined, with measurable success criteria and targets agreed;
· Outcomes and interventions are monitored and appropriately documented to provide evidence of progress;
· Effective budget monitoring is in place to review the cost of the service; and
· Appropriate governance arrangements are in place over Early Help services.
1.10. Following our review, we were able to provide an audit opinion of Reasonable Assurance as we found that the majority of recommendations from the Early Help Review had either been implemented or progress was on track with agreed timescales. This includes the introduction of an overarching family hubs model, associated revised staffing structure and online toolkit for staff.
1.11. We found that the use of the Eclipse case management system throughout the service, assists with adherence to consistent processes and recordkeeping. The service has also used Power BI to provide effective monitoring reports and improve oversight of interventions.
1.12. There were some opportunities to further improve the control environment, including ensuring that:
· The Digital Family Hub project, to increase self-service options for families, is delivered in partnership with IT&D and in accordance with the secured grant funding; and
· Plans are developed for wider partnership data-sharing to support early interventions.
1.13. A formal action plan to address the findings of this review has been agreed with management.
Apprenticeship Programme
1.14. The Council is required to pay an Apprenticeship Levy, calculated at 0.5% of the annual pay bill, into a levy pot. The total levy paid in 2023/24 for the Council, including schools was £1.38m. Funds can then be drawn down to pay for apprenticeship training programmes.
1.15. On 5th April 2024, the total in the levy pot was £2.69m and the Council is supporting 130 apprentices. If levy funds are not used within two years of being paid into the pot, they will expire and no longer be available. For 2021/22 levy payments totalled £1.2m, of which £677k (56%) was unused.
1.16. We note that the financial position of the Council and spending and recruitment controls have impacted the recruitment of apprentices. It has been challenging for managers to commit to providing the support that is required for apprentices with limited staff resources.
1.17. This audit was agreed as part of the audit plan for 2024/25 and was included at the request of the Corporate Director.
1.18. The audit sought to ensure that robust processes are in place for the calculation and accounting of the Apprenticeship Levy, stakeholder engagement and workforce planning, monitoring and reporting of levy expenditure, and the application process for relevant qualifications.
1.19. The audit focused on the following control objectives:
· Robust processes ensure Apprenticeship Levy calculations and accounting arrangements are correct;
· Stakeholder engagement and workforce planning arrangements maximise the value the Council achieves from the scheme;
· Monitoring, reporting and governance arrangements ensure Levy expenditure and performance meet organisational and scheme objectives; and
· The organisation has an agreed application process in place to ensure employees are only able to pursue relevant qualifications at a suitable level.
1.20. We were able to provide an audit opinion of Reasonable Assurance as we found evidence that the apprenticeship levy expenditure is actively monitored, and we note that a new system is being introduced that should improve efficiency. We also found evidence of communication and engagement activity, raising awareness of the apprenticeship programme. Sample testing showed that applications for apprentices were appropriately authorised and supported with a training plan.
1.21. There were some opportunities to further improve the control environment, including ensuring that:
· The calculation of the apprenticeship levy is checked for accuracy to avoid the risk of financial penalties from HMRC;
· Including apprenticeships in Our People Strategy.
1.22. Actions were agreed with management to further improve the control environment.
Fleet Management
1.23. The Fleet Service, within City Environmental Management, provides fleet procurement, maintenance, and management services. The Council's fleet includes 468 vehicles that are used across Council services. This includes introducing electric and hybrid vehicles into its fleet, in line with commitments to become carbon neutral. At the time of the audit the fleet included 59 electric cars and vans and 15 hybrid cars.
1.24. This audit was agreed as part of the audit plan for 2024/25 and was included at the request of the Corporate Director.
1.25. The audit aimed to review the adequacy and effectiveness of controls in place to ensure vehicles are procured and managed to support service delivery, provide value for money, and comply with health and safety regulations.
1.26. The audit focused on ensuring the following objectives:
· There is an accurate and complete record of the fleet the Council owns, leases or hires;
· Centralised purchasing through the Fleet service is being adhered to in order to maximise buying power and value for money;
· The Fleet Service completes maintenance and repairs in a timely manner to minimise vehicle downtime;
· Suspected vehicle sabotage is identified, tracked, and escalated;
· Appropriate checks are carried to confirm drivers and vehicles compliance with the relevant legal/regulatory requirements e.g. valid driver/HGV operator licence, driving hours rules, vehicle insurance, tax, and MOT etc);
· There is an established vehicle disposal policy that is being adhered to ensure that Council obtains the best possible return for vehicles disposal, and appropriate delegate authority is obtained before vehicles are disposed; and
· There is regular monitoring and reporting of performance against Key Performance Indicators set out in the fleet management strategy to provide transparency and accountability.
1.27. From the audit work undertaken we found several weaknesses in fleet management processes that could undermine its efficiency and lead to increased cost. We have therefore only been able to provide an opinion of Partial Assurance.
1.28. Actions have been agreed with management to address identified risks from the review and improve the control environment. They include the following:
· Develop and implement a vehicle disposal procedure, ensuring retention of supporting documentation;
· Improve the quality of data by conducting a data cleaning exercise quarterly to maintain accurate central fleet and update insurance records;
· Update fleet procurement procedures and develop a business case for long-term leasing arrangements and replacement of vehicles over 5 years old;
· Review task recording processes and targets for maintenance jobs completed in the workshop; and
· Review and set up appropriate key performance indicators with monthly, quarterly, and annual reviews that provide effective scrutiny and challenge.
1.29. Due to the Partial Assurance opinion, we will complete a follow-up review to assess the extent to which these actions have been implemented.
Direct Payments
1.30. Individuals with eligible care needs have the option of receiving care services provided by the local authority or receiving payments via the Direct Payments scheme to organise and pay directly for the care services they need and have had approved. Direct Payments give individuals greater flexibility and control over their support packages. At Brighton and Hove City Council around 25% of social care clients are receiving Direct Payments and the forecasted spend is £10.5m annually.
1.31. The legal framework for Direct Payments is set out in the Care Act 2014, section 117 (2c) of the Mental Health Act 1983 and the Care and Support Act (Direct Payments) Regulations 2014.
1.32. This audit sought to provide assurance over the administration, payment, and monitoring of Direct Payments within Adult Social Care.
1.33. Following the 2019/20 Direct Payments audit which received an audit opinion of Minimal Assurance, there have been three follow up audits all of which received Partial Assurance. This full audit review was included as an agreed addition to the audit plan for 2023/24, and the work was carried forward into 2024/25.
1.34. The scope of our work was to provide assurance that controls are in place to meet the following objectives:
· Appropriate and proportionate reviews of Direct Payment users, and monitoring of Direct Payment accounts with low balances, are undertaken to ensure that an appropriate level of care is provided to meet identified needs, and that Direct Payments remain the most appropriate option to meet identified needs;
· Client’s pay their assessed contribution, so that agreed service levels can be fulfilled;
· Adequate processes for the administration and payment of Direct Payments ensure that amounts paid are correct; and
· Direct Payment accounts with surplus balances are reviewed and are recovered, where it is legitimate to do so.
1.35. In completing this audit, we found that previous audit findings were repeated, and we found that Direct Payment reviews are not being completed on time for most clients and monitoring Direct Payment accounts is not taking place routinely. Therefore, we were only able to provide an opinion of Partial Assurance. Following this review a new action plan was agreed to address the backlog of annual Direct Payment reviews and improve monitoring. Actions agreed with management included the following:
· Use one off funding to extend a pilot scheme to clear the backlog of Direct Payment reviews;
· Review current processes so there are prioritisation criteria in place for Direct Payment reviews, including key performance indicators with defined targets;
· Build a monitoring report for Direct Payments into the Adult Social Care monthly reporting dashboard;
· Undertake additional sample testing of Direct Payment accounts on a monthly basis; and
· Finalise and update the Direct Payment Policy and procedure guidance.
1.36. Due to the Partial Assurance opinion, we will complete a follow-up review to assess the extent to which these actions have been implemented.
Schools
1.37. We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:
· Governance structures are in place and operate to ensure there is independent oversight and challenge by the Governing Body;
· Decision making is transparent, well documented, and free from bias;
· The school is able to operate within its budget through effective financial planning;
· Unauthorised or inappropriate people do not have access to pupils, systems, or the site;
· Staff are paid in accordance with the schools pay policy;
· Expenditure is controlled and funds used for an educational purpose;
· The school ensures value for money on contracts and larger purchases; and,
· All voluntary funds are held securely and used in accordance with the agreed purpose.
1.38. One school audit was finalised in quarter 2. The table below shows further details, together with the final level of assurance reported to them.
|
Name of School |
Audit Opinion |
|
Queens Park Primary – follow up |
Reasonable Assurance The previous partial assurance audit had 16 findings and agreed actions. For the follow up review we found significant improvement to the control environment, nine actions had been fully implemented, and six actions had been partially implemented, leaving one low priority action not progressed. |
1.39. We aim to undertake follow-up audits at all schools with Minimal Assurance opinions. For Partial Assurance opinions we may instead write to the Chair of Governors to obtain confirmation that agreed actions have been implemented.
1.40. The core financial role of the Local Authority is to set and monitor a local framework, including provision of budgetary information, provision of a financial oversight and ultimately intervening where schools are causing financial concerns. Schools (the governing body and the Headteacher) are required to manage their delegated budget effectively, ensuring the school meets all its statutory obligations, and through the Headteacher comply with the Local Authority’s Financial Regulations and Standing Orders.
Grant Certifications and Non-Opinion Work
Bus Subsidy Grant
1.41. This is a ringfenced grant available to local authorities from the Department of Transport to support the improvement of local bus services. The amount of £172,990 was provided to the Council for 2023-24. The grant expenditure requires certification by Internal Audit.
1.42. No significant issues were identified in the grant certification.
Supporting Families Programme
1.43. The programme has recently passed from Department for Levelling Up, Housing and Communities to the Department for Education. Internal Audit are required to verify a proportion (5-10%) of outcome submissions made by the Local Authority for Supporting Families (SF) Programme, using the updated national Outcomes Framework (October 2023 – March 2025).
1.44. We reviewed 5 of the 24 submissions made under the new Outcomes Framework in quarter 1 of 2024/25 (April to June 2024) and confirmed that these have been subject to appropriate quality assurance checks and no issues were identified.
1.45. No significant issues were identified in the grant certification.
2. Proactive Counter Fraud Work
2.1. The team continue to monitor intel alerts and share information with relevant services when appropriate.
2.2. In addition, we are currently working with the services to ensure that the relevant data extracts are uploaded for the 2024 NFI data matching exercise. The matches from the exercise will be available to review from late January 2025.
Summary of Completed Investigations
2.3 Following notification of an attempted bank mandate fraud in a school, control measures were agreed with the Payroll Team and school staff to strengthen controls in relation to bank changes. Further fraud awareness will be undertaken to promote strong counter fraud culture in schools and payroll teams.
Conflict of Interest
2.4 Internal Audit were asked to undertake an investigation following concerns that a member of staff had set up a consultancy company to secure work in direct competition with the Council’s interests. The employee resigned pending disciplinary action.
Gas Safety Whistleblowing
2.5 Internal Audit were asked to undertake an investigation following a whistleblower raising concerns around the Council’s compliance with gas safety requirements. The investigation found that management were aware of performance issues in this area and that actions had been identified and agreed to improve compliance.
Housing Tenancy Fraud
2.6 The Tenancy Fraud Team continue to investigate allegations of potential sublet. They work closely with Housing Managers and other officers for a joined-up approach to allegations of abandonment, with an increasing emphasis on visits and communication with tenants to increase awareness and reiterate a tenant’s responsibility under their tenancy agreements.
Council Tax Fraud
2.7 The Team continues to investigate allegations of false claims for Single Person Discount (SPD) and Council Tax Reduction Support (CTRS).
|
Fraud Area |
Year to Date |
(£) 2023/24 |
(£) 2022/23 |
(£) 2021/22 |
|
Properties Recovered |
186,000 |
558,000 |
186,000 |
279,000 |
|
Housing Application Withdrawn |
51,396 |
- |
- |
- |
|
Homeless Application Withdrawn |
|
- |
- |
- |
|
Right-To-Buy Withdrawn |
102,400 |
- |
- |
- |
|
SPD Removed |
3,674 |
8,625 |
511 |
9,746 |
|
Revenues Exemption Removed |
1364 |
|
|
|
|
CTRS |
|
440 |
406 |
- |
|
Housing Benefit |
|
3,853 |
3,658 |
- |
|
Business Rates |
|
- |
- |
- |
|
Total |
344,834 |
570,918 |
190,575 |
288,746 |
3. Action Tracking
3.2 There were 5 high priority actions which were overdue at the end of Q2. Details are provided below.
|
Details of Audit Issue |
Due date |
Revised date |
Agreed Action |
|
Organisational Capacity – Key Performance Indicators |
08/01/24 |
31/08/24 |
The framework of risks, benefits, and Key Performance Indicators for Our People Strategy will be completed and submitted for approval once drafted.
We have received confirmation that this action has now been implemented
|
|
Housing Rents – Managing Arrears in the NEC System |
01/04/24 |
31/08/24 |
The Escalation Policy function in NEC is being re-introduced, with an expected ‘Go Live’ for the end of March 2024. are part of the overall project being delivered by BHCC.
|
|
Housing Rents – Managing Arrears |
01/04/24 |
31/08/24 |
The implementation of the Escalation Policies and the introduction of ‘pending actions’ to identify casework will replace the need to work off spreadsheets and allow officers to authorise system-generated recommended actions. It is anticipated that some actions will be fully automated. Contact methods are also being extended to include automated text messaging to target accounts in arrears.
As of September 2023, a revised recovery approach was also introduced focusing on personal contact with debtors and effective case management to support staff in the management of their work.
These actions are underpinned by a recovery plan which has been developed to identify key areas for improvement. |
|
HR Payroll _ Issues with Transferring Data to the Pension Fund |
01/04/24 |
30/09/24 |
Process guides and training support will be created to disseminate required knowledge and expertise across the staff in the Payroll Processing team, to avoid Single Points of Failure in future. Continue regular meetings with East Sussex Pension Fund to discuss progress, issues, improvements etc.
Additional resource will be requested to aid with the iConnect migration work to ensure compliance in this area. |
|
HR Payroll – Payroll Backlogs |
01/04/24 |
30/09/24 |
Compliance is reliant on introducing a new system, as the current one is not fit for purpose. Payroll and HR are investigating alternative systems to provide data capture from customer, efficient back-office workflows and volumetrics to aid system improvements.
|
3.3 Follow up reviews of Payroll and Housing Rents are scheduled to start in Q3, where we will seek to assess the level of progress made against the actions agreed.
3.4 A number of high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit, Standards and General Purposes Committee.
4. Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following audit has been deferred from the audit plan this quarter and where appropriate will be considered for inclusion in the 2025/26 plan as part of the overall risk assessment completed during the annual audit planning process. These changes are made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits.
|
Planned Audit |
Rationale for Removal |
|
Property Maintenance Budget |
Replaced by contract management compliance audit (already in the 2024/25 audit plan) for property services.
|
5. Internal Audit Performance
5.1 In addition to the annual assessment of internal audit effectiveness against Public Sector Internal Audit Standards (PSIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
|
Quality
|
Annual Audit Plan agreed by Audit Committee |
By end April |
G |
2024/25 Internal Audit Strategy and Annual Audit Plan formally approved by Audit and Standards Committee 16th April 2024. |
|
|
Annual Audit Report and Opinion
|
By end July |
G |
2023/24 Annual Report and Opinion presented to Audit, Standards & General Purposes Committee 25th June 2024 |
|
|
|
Customer Satisfaction Levels |
90% satisfied. |
G |
95.2% |
|
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
45% |
G |
52.2% |
|
|
|
Percentage of audit plan days delivered |
45% |
|
50% |
|
|
Compliance with Professional Standards |
Public Sector Internal Audit Standards |
Conforms |
G
|
Dec 2022 - External Quality Assurance completed by the Institute of Internal Auditors (IIA). Orbis Internal Audit assessed as achieving the highest level of conformance available against professional standards with no areas of non-compliance identified, and therefore no formal recommendations for improvement arising.
November 2023 - Updated self-assessment against the Public Sector Internal Audit Standards completed, the service was found to be fully complying with 319 of the standards and partially complying with 2 of the standards, in both cases proportionate arrangements remain in place.
November 2023 - Quality Review exercise completed; no major areas of non-conformance identified. The need to ensure consistency in the quality of the evidence contained within a small number of audit working papers was identified, this will be addressed at the auditor development days during 2024/25. |
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures, and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified |
|
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
A |
83.3% for high priority agreed actions (see above) |
|
|
Our staff |
Professionally Qualified/Accredited (Includes part-qualified staff and those undertaking professional training) |
80% |
G |
88% |
|
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |