APPENDIX 1
Internal Audit and Counter Fraud
Quarter 2 Progress Report 2025/26
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Home Care Contract Management
1.1 The Council’s Adult Social Care (ASC) directorate commissions home care from a range of providers, equating to approximately £19.7m per annum. The Home Care contract was re-tendered with provision commencing July 2023 for a term of five years, with the option to extend by 36 months.
1.2 The Council has organised the city into four distinct geographical areas for home care; East, West, North and Central. Each area has two contracted care providers, a designated ‘lead provider’ and a ‘back-up provider’. In addition to the eight contracts awarded, a Dynamic Procurement System is in place to identify, and call upon, alternative approved care providers to support the delivery of care when necessary.
1.3 The objective of this audit was to provide assurance that contract management controls are in place and are operating as expected to manage key risks and ensure delivery of home care provision to adult social care clients. The scope covered the following:
· Governance arrangements are robust and sufficient, supporting contract performance, the objectives of the contract, and securing value for money within the contract;
· Monitoring and reporting provide sufficient oversight to the Council to identify and ensure that service delivery is being met and securing value for money within the contract;
· The service delivered and paid for is in line with contractual obligations, with the services being charged for matching the service delivered by care providers and at the agreed rate; and,
· Changes are only made through an approved change process for legitimate reasons and are subject to appropriate approval prior to implementation.
1.4 In completing this review, we were able to provide an opinion of Reasonable Assurance. We found that contracts between the Council and care providers include clearly defined objectives, expectations and key performance indicators (KPIs). There is evidence of good oversight of care provider performance, with dashboards for lead and back-up providers being used to effectively measure and highlight KPI levels. There was evidence that underperformance is identified quickly and is addressed with providers, with the Council and care providers working collaboratively to create and implement improvement plans. We found that effective communication is in place, which includes regular contact with each provider. The use of care provider forum meetings, hosted by the Council, also provides opportunities to share best practices, raise issues and identify performance pressures across the care sector.
1.5 However, we identified some opportunities to further strengthen the control environment, including to:
· Improve data accuracy through exception reports and spot payment checks and identifying manually overridden data in the Electronic Call Monitoring System by working with providers;
· Review and update Care Settings Emergency Response Plan and the Planned Provider Closure Procedure and develop a contingency plan for system failure and a disaster recovery plan;
· Check that Business Continuity Plans for providers are up to date; and,
· Develop Contract Management Plan’s outlining roles responsibilities, communication protocols and escalation paths.
1.6 Actions to address these outstanding areas were agreed with management within a formal management action plan.
Digital Literacy and Skills Training
1.7 The Council is reliant on information technology and data and this has become a key focus to make efficiency savings. As such, it is important that the workforce understands the risks associated with the systems and data they use each day. In this environment, training becomes an integral preventive control to keep systems and data safe.
1.8 The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· The Council has a robust definition of what digital literacy and skills are required of officers;
· Training is current, easily accessible, and communicated frequently; and,
· Information Governance/Information Security (IG/IS) training and the IT Security Policy, is supported by governance and practical IT Training linking the two.
1.9 Based on the work undertaken, we were able to provide an opinion of Reasonable Assurance. Whilst a formal definition of basic digital skills has not been established by the Council, a robust training offer has been developed by the Digital Skills Team structured around the UK Government’s Essential Digital Skills framework, and all officers and line managers are encouraged to understand and promote foundational digital literacy in line with current policy and legislative requirements.
1.10 Whilst the opinion is positive, we do note that at the time of the audit there was no long term strategy beyond November 2025 to sustain and update this training. The team responsible for the Council’s digital literacy and skills has been capital funded for several years, and future funding was unclear[RB1] [CS2] .
1.11 Management action was agreed to improve monitoring of completion by officers of the digital skills training on offer and also to communicate clearly the links between the training and Council policy.
Fleet Management Follow Up
1.12 The Fleet Service sitting within Environmental Services provides a fleet procurement, maintenance and management service for the whole Council. In 2024/25 the Council’s fleet comprised of 468 vehicles, ranging from mopeds, minibuses, tractors, vans and cars. The Council is committed to becoming a carbon neutral city by 2030 and has started introducing electric and hybrid vehicles; of the 468 vehicles in the fleet, 59 were electric cars and vans, and 15 were hybrid cars.
1.13 A review of Fleet Management in September 2024, concluded a Partial Assurance opinion and we agreed with management to undertake a follow-up review as part of our planned work for 2025/26. This sought to assess and provide assurance on the progress made in implementing the agreed actions from the original review.
1.14 We acknowledge that the service has seen significant changes over the last year. We found new management were committed to making improvements to this service, and have clearly demonstrated that progress has been made, however, they have not had sufficient time to review and implement all the agreed actions. Whilst a business case has not yet been completed to determine the most cost effective options for the housing repairs fleet and replacing older vehicles, we saw evidence that the new Head of Fleet Management has started preliminary work on this.
1.15 Although six of the eight actions have not been fully implemented, we were able to provide an opinion of Reasonable Assurance as work to address the findings has commenced in most cases; the only high priority action on the original report has been partially implemented and is now rated as low risk.
1.16 Actions to address these outstanding areas were agreed with management within a formal management action plan.
Debtors (Accounts Receivable)
1.17 The Central Collections Team (CCT) is responsible for ensuring that all income identified by services as due to the Council is collected and correctly accounted for. During the 2024/25 financial year, this amounted to processing 51,737 income transactions with a value of £88.8m. Though most of the transactions are within the corporate centre, over half of the income (£45m), is received from Adult Social Care services.
1.18 This audit aimed to provide assurance over the key controls operating within the Debtors (Accounts Receivable) key financial system. The review followed on from the previous audit in July 2024 that concluded partial assurance and a non-opinion report that focused on debt management within Adult Social Care.
1.19 The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· All income generating activities are identified and accurately raised to customers;
· A customer account maintenance process is in place and operating effectively;
· Amendments to invoices are correct and authorised;
· Collection and debt recovery is managed efficiently and effectively, and resources are
focused on areas of priority debt;
· Write offs are processed accurately and correctly authorised;
· Payments are received and recorded against the correct debtor account in a timely manner; and,
· Reconciliations between the Accounts Receivable system and the General Ledger are
undertaken on a regular basis.
1.20 We were only able to provide an opinion of Partial Assurance over the controls operating within the area under review. Whilst the position has improved since the previous audit, particularly around simplifying and automating recovery processes, some key findings have been repeated from previous years.
1.21 Corporate debt stood at £4.5m for this audit period, while Adult Social Care debt rose from £15.5m in 2023/24 to £21.2m in 2024/25 and requires a strategic review. Whilst we acknowledge that a large payment would significantly change the debt position (both corporately and for Adult Social Care debt) the rising level of Adult Social Care debt has been repeated in previous audit work. In addition, agreed actions to strengthen the control environment have not yet been implemented, including the use of an external agency specialising in debt resolution with vulnerable adult clients.
1.22 Whilst we note that CCT focus on, and prioritise, larger debt, improvement is needed to ensure debt of under £10k is proactively reviewed on a regular basis.
1.23 Actions have been agreed with management to address the identified risks identified during the review, as follows:
· Improved monitoring and review of overdue debt;
· Develop a dedicated Adult Social Care Payment Support and Debt Recovery Policy that aligns with Corporate Debt Policy and Guidelines and relevant legislation;
· Develop a protocol between Adult Social Care and Legal Services clearly defining roles and responsibilities;
· Ensure that proof of debt is provided with invoice requests, to reduce errors and improve information provided to support any legal action;
· Ensure there is compliance with segregation of duties and approval processes to reduce errors and irregularities;
· Ensure supporting evidence is provided for credit notes and refunds;
· Ensure write offs of debts in dispute are appropriately approved and recorded;
· Regular review of periodic invoices;
· Increase use of direct debits to recover debt;
· Improve data accuracy; and,
· Review key performance indicator reporting for accuracy of debt collection data.
1.24 As this is the second time this key financial system has resulted in a partial assurance opinion, this audit will be repeated in 2026/27 and will include assessing whether actions agreed with management have been implemented and are working effectively.
Off Payroll Payments (IR35) Follow Up
1.25 Agency workers and consultants are often used as a flexible resourcing option. Used well, consultants and consultancy services can be an important source of specialist skills and capabilities for teams that need to transform how they do business and provide resources for defined periods of time. When resources are engaged in this way there is a requirement from HMRC to assess individuals to see if they should be paid through payroll, with tax deducted at source, or whether they can be paid as a supplier, via an invoice.
1.26 Where such assessments are not be completed or are determined incorrectly, this can lead to risk of penalties and collection of unpaid tax from HMRC.
1.27 A review of Off Payroll Payments in July 2024, concluded a Partial Assurance opinion and we agreed with management to undertake a follow-up review as part of our planned work for 2025/26. This sought to assess and provide assurance on the progress made in implementing the agreed actions from the original review.
1.28 Unfortunately, we have again only been able to provide an opinion of Partial Assurance over the controls operating within this area because we found that insufficient progress had been made to implement the agreed actions from the previous review.
1.29 In response, we note that a working group has been set up and is in the early stages of addressing the issues raised and implementing appropriate actions to improve controls, which will include further development of financial systems and processes.
1.30 Actions have again been agreed with management to address identified risks from the review and improve the control environment, as follows:
· Central oversight and monitoring will be improved by clearly defining roles and responsibilities across Central Hub services;
· Process mapping will be completed aiming to improve data accuracy and reporting;
· Policy, guidance and training will be updated and effectively communicated to relevant managers;
· Any requirements for business cases will be formalised;
· Completion and retention of Check Employment Status for Tax assessments will be made clear; and,
· Formalise requirements for contract documentation and retention.
1.31 Due to the second Partial Assurance opinion, we plan to complete another review in 2026/27 to assess the extent to which these actions have been implemented.
Schools
1.32 We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:
· Governance structures are in place and operate to ensure there is independent oversight and challenge by the Governing Body;
· Decision making is transparent, well documented, and free from bias;
· The school is able to operate within its budget through effective financial planning;
· Unauthorised or inappropriate people do not have access to pupils, systems, or the site;
· Staff are paid in accordance with the schools pay policy;
· Expenditure is controlled and funds used for an educational purpose;
· The school ensures value for money on contracts and larger purchases; and,
· All voluntary funds are held securely and used in accordance with the agreed purpose.
1.33 One school audit was finalised in quarter 2. The table below shows details of this review, together with the final level of assurance reported to them.
|
Name of School |
Audit Opinion |
|
Elm Grove Primary School |
Partial Assurance Areas requiring improvement included: · Compliance with Procurement Contract Standing Orders; · Declaring and managing conflicts of interest; · Maintaining an accurate record of contracts, through a contracts register; · Approval and raising of purchase orders; and, · Separation of duties in financial processes
|
1.34 We aim to undertake follow up audits at all schools with Minimal Assurance opinions. For Partial Assurance opinions we will undertake a follow up review or alternatively write to the Chair of Governors to obtain confirmation that actions have been implemented.
1.35 The core financial role of the local authority is to set and monitor a local framework, including provision of budgetary information, provision of financial oversight and intervening where schools are causing financial concerns. Schools (the Governing Body [RB3] and the Headteacher) are required to manage their delegated budget effectively ensuring the school meets all its statutory obligations, and through the Headteacher, comply with the Local Authority’s Financial Regulations and Standing Orders.
Grant Certifications and Non-Opinion Work
Fleet Procurement Compliance & Payment Control
1.36 In recent years, Internal Audit have received several referrals relating to the failure to comply with procurement processes when purchasing fleet vehicles. This has resulted in the Council failing to obtain best value for money and purchasing vehicles that are not always appropriate for the needs of the service.
1.37 This review was an agreed addition to the 2025/26 Internal Audit plan, as requested by the Interim Director for Environmental Services. We were asked to explore concerns in relation to how previous procurement and contract management activities have been undertaken, and to provide guidance to help ensure robust arrangements are in place for future procurement and contract management activity.
1.38 Our review looked at some historical contracts with suppliers over several years and as such does not necessarily reflect current practice. It was therefore agreed that this report would not provide an assurance opinion but would instead be issued as a control report.
1.39 Our report found that there had been weaknesses in the following areas:
· Compliance with Procurement Contract Standing Orders
· Retention of procurement and contract documentation
· Lack of financial information and payment controls.
1.40 Against the three key findings we note that action has already been taken in two of the areas and the third relating to improving financial information and payment controls is in progress.
Childcare Expansion Capital Grant
1.41 The Childcare Expansion Capital Grant is funding provided by the Department for Education towards the capital costs associated with projects that help ensure:
· Sufficient places are provided for children taking up an early years place through the expanded 30-hours entitlement for qualifying working parents); and
· Increasing the supply of wraparound childcare for primary-school aged children.
1.42 Brighton and Hove City Council received funds of £412,289. At the time of the review most of the funds had been spent with only £42,562 remaining.
1.43 Internal Audit conducted a review and sample tested transactions to provide assurance that expenditure was claimed appropriately and in accordance with the grant conditions.
1.44 No issues were identified in the grant certification.
Local Transport Capital Block Funding Grant
1.46 Brighton & Hove City Council received funding of £6.7m for 2024/25. A balance of £613,938 from the funding was carried over to 2025/26 in accordance with the grant conditions. We note that funding provided for pothole repairs was fully spent.
1.47 Internal Audit conducted a review and sample tested transactions to provide assurance that expenditure was claimed appropriately and in accordance with the grant conditions.
1.48 No significant issues were identified in the grant certification.
Bus Subsidy Grant
1.49 This is a ringfenced grant available to local authorities from the Department of Transport to support the improvement of local bus services.
1.50 The amount of £172,990 was provided to the Council for 2024-25 and was fully spent during the year, with no remaining balances.
1.51 Internal Audit conducted a review and sample tested transactions to provide assurance that expenditure was claimed appropriately and in accordance with the grant conditions.
1.52 No significant issues were identified in the grant certification.
2 Proactive Counter Fraud Work
2.1. The team continue to monitor intel alerts and share information with relevant services when appropriate.
2.2. The team are continuing to review matches released as part of the National Fraud Initiative. High risk matches will be prioritised for investigation and support provided to services reviewing the reports.
2.3 In addition, the team are liaising with the relevant services to ensure two new mandatory datasets, Residential Care Homes Data and Personal Budget Data, are uploaded as part of the National Fraud Initiative data matching exercise.
2.4 The team have also been running a series of Fraud Awareness sessions for colleagues working in the Welfare Revenues and Benefits Service.
Summary of Completed Investigations
Allegation of Corruption in a Planning Application
2.5 Following receipt of a whistleblowing allegation that Council officers had colluded with a leaseholder to suppress information during a planning application, enquiries were conducted by Internal Audit. Our review found that all issues had been fully investigated previously by several different Council departments without identifying any wrongdoing. In addition, the complaint has gone through the Corporate Complaints Process (all stages) and had been reviewed by the Ombudsman. As a result, there was no case to answer.
Housing Tenancy Fraud
2.6 The Tenancy Fraud Team continue to investigate allegations of potential sublet. They work closely with Housing Managers and other officers for a joined-up approach to allegations of abandonment, with an increasing emphasis on visits and communication with tenants to increase awareness and reiterate a tenant’s responsibility under their tenancy agreements.
Council Tax Fraud
2.7 The Team continues to investigate allegations of false claims for Single Person Discount (SPD) and Council Tax Reduction Support (CTRS).
2.8 The table below shows the estimated financial value saved through the work of the Tenancy Fraud Team.
|
Fraud Area |
(£) Year to Date |
(£) 2024/25 |
(£) 2023/24 |
(£) 2022/23 |
|
Properties Recovered |
313,200 |
930,000 |
558,000 |
186,000 |
|
Housing Application Withdrawn |
107,075 |
359,772 |
- |
- |
|
Homeless Application Withdrawn |
|
|
- |
- |
|
Right-To-Buy Withdrawn |
|
102,400 |
- |
- |
|
SPD Removed |
6,424 |
5,559 |
8,625 |
511 |
|
Revenues Exemption Removed |
1,910 |
2,947 |
|
|
|
CTRS |
|
4,659 |
440 |
406 |
|
Housing Benefit |
4,369 |
|
3,853 |
3,658 |
|
Business Rates |
|
|
- |
- |
|
Total |
432,978 |
1,405,337 |
570,918 |
190,575 |
3 Action Tracking
3.2 In addition a number of other high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit, Standards and General Purposes Committee.
4 Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following audits have been added to the audit plan this quarter:
|
Planned Audit |
Rationale for Addition |
|
Home Purchase Scheme follow up |
Early follow up review requested by the service following previous partial assurance audit. |
|
Cyber Security in Schools (Themed Review) |
Audit added in response to incidents highlighting vulnerabilities, both locally and nationally. |
4.2 In order to allow these additional audits to take place, contingency available for emerging risks has been used. In addition, the following audits have been removed or deferred from the audit plan and where appropriate, will be considered for inclusion in future audit plans as part of the overall risk assessment completed during the annual audit planning process. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas, which may require a reschedule of audit assignments.
|
Planned Audit |
Rationale for Removal |
|
Local Government Reorganisation & Devolution |
Audit activity deferred to 2026/27 in accordance with timescales which will confirm plans for Sussex. |
|
Prepayment Cards – (Huggg) follow up review |
Since the audit a control report has been issued following financial loss on unapproved vouchers issued via a school account. This follow up review is deferred to 2026/27 to allow further time to review usage and embed actions to improve controls. |
5 Internal Audit Performance
5.1 In addition to the annual assessment of internal audit effectiveness against Global Internal Audit Standards (GIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
|
Quality
|
Annual Audit Plan agreed by Audit Committee |
By end April |
G |
2025/26 Internal Audit Strategy and Annual Audit Plan formally approved by Audit, Standards & General Purposes Committee - Tuesday, 22nd April 2025. |
|
|
Annual Audit Report and Opinion
|
By end July |
G |
2024/25 Annual Report and Opinion presented to Audit, Standards & General Purposes Committee 24th June 2025. |
|
|
|
Customer Satisfaction Levels |
90% satisfied. |
G |
100% |
|
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
45% |
A |
44.8% |
|
|
|
Percentage of audit plan days delivered |
45% |
A |
43.3% |
|
|
Compliance with Professional Standards |
Global Internal Audit Standards |
Conforms |
G
|
April 2025 - Self Assessment against the recently introduced Global Internal Audit Standards (GIAS) completed. No major areas of non-conformance identified. Some areas to ensure full compliance have been identified including the update of the Audit Charter. |
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures, and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified |
|
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
G
|
100% for high priority agreed actions (see above) |
|
|
Our staff |
Professionally Qualified/Accredited (Includes part-qualified staff and those undertaking professional training) |
80% |
G |
88% |
|
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |