APPENDIX 1
Internal Audit and Counter Fraud
Quarter 3 Progress Report 2025/26
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Home Purchase Scheme Follow Up
1.1 The Home Purchase Scheme is an initiative by the Council aimed at increasing the supply of affordable housing in response to high demand and rising property costs across the city. The scheme allows the Council to buy back former council homes, including those sold under the Right to Buy policy, as well as to purchase additional properties on the open market.
1.2 A review of the Home Purchase Scheme was concluded in May 2025, where we provided a Partial Assurance opinion and agreed with management to undertake a follow-up review. This follow up sought to assess and provide assurance on the progress made in implementing the agreed actions from the original review.
1.3 We have been able to provide an opinion of Substantial Assurance, as all agreed actions had been fully implemented at the time of this follow-up review, thereby strengthening the control environment surrounding the Home Purchase Scheme process.
Business Rates
1.4 Business rates are collected by the Council and are a tax on commercial properties based on the rateable value of each non-domestic property as determined by the Valuation Office Agency.
1.5 The Business Rates Retention Scheme allows 49% of the net amount raised to go towards local services with the balance going to central government. Factors such as the level of successful appeals, additions and deletions to the rating list, and application of available reliefs impact the total income collected.
1.6 During 2025/2026 the total business rates income retained by the Council is expected to be £87 million, though we note that collection rates have decreased and are below forecast.
1.7 The objective of this audit was to provide assurance that controls are in place to meet the following objectives:
· The forecast business rates retention for 2025/2026 is robust;
· All non-domestic business properties (hereditaments) subject to locally collectable non-domestic rates are recorded and these records are reconciled with the Valuation List;
· Reliefs and exemptions are correctly awarded;
· All payments are posted promptly to the correct accounts, reconciliations to the main accounting system are undertaken and suspense accounts are regularly cleared;
· Processing, including amendments, takes place promptly and accurately to ensure integrity of billing, reporting, and forecasting; and,
· Arrears are dealt with efficiently; write-offs are valid and authorised; and all refunds are approved and accurate.
1.8 From the work undertaken we were able to provide an opinion of Reasonable Assurance as we found that suitable processes are in place for payments, regular reconciliations take place, a robust forecasting process was in place and arrears are managed efficiently.
1.9 Following findings raised in previous audits, action has been taken to reduce the backlog and reducing the number of accounts where the Council is the liable party, however, we note that the value of the debt has increased.
1.10 We also note that management have reported technical issues with its electronic document management system (EDM) that have slowed down the pace of work.
1.11 We identified further opportunities to strengthen the control environment including the need to ensure that:
· Forecasting of collection rates is adjusted following analysis of liability movements;
· Improvements are made in checking and retaining evidence of eligibility for reliefs and discounts;
· Further reduction to the historic backlog takes place;
· Improved oversight of amendment to business rate accounts;
· The service continues to reduce arrears of £496k where the Council is the liable party; and,
· There are documented process and procedure notes.
1.12 Actions to address these outstanding areas were agreed with management within a formal management action plan.
Madeira Terrace
1.13 Madeira Terrace is an 865 metre, grade II listed, cast iron structure along Brighton seafront. An historic reduction in funds for maintenance has resulted in the structure deteriorating, with Madeira Terrace permanently closed to the public around 10 years ago. Since then, a project to restore Madeira Terrace has been agreed and due to the size of the project, the works are being undertaken in phases, with phase one having commenced on site in November 2024.
1.14 The purpose of this audit was to provide assurance that project management controls were in place and operating as expected in order to meet the following objectives:
· An appropriate governance structure is in place to ensure the project’s objectives are delivered;
· There has been sufficient purpose, planning and preparation to support the programme and the phase one project;
· Outline and detailed project design takes into account all relevant factors to enable accurate costs to be calculated and secure funding;
· Effective quality and cost controls are in place through robust programme management arrangements;
· The requirements of the contract are delivered in accordance with the contract specification to achieve value for money;
· Project slippage and potential cost variations are reported in sufficient time to allow effective decision making;
· Payments are made correctly in accordance with contract terms and Financial Regulations and are made only for works actually delivered;
· Risk management is appropriately addressed, to ensure all risks are identified and appropriately mitigated; and,
· Reporting and communication during the programme is professionally managed and accurately reflects the position of the programme and the phase one project.
1.15 In completing this review, we were able to provide an opinion of Reasonable Assurance for the following reasons:
· There is a well-established and sufficient governance structure in place to support the work of the project, including escalation and reporting mechanisms;
· Comprehensive planning and preparation were undertaken, prior to the commencement of the project, to inform the scope and cost estimates through surveys and feasibility studies;
· Adequate and appropriate contracts were in place in order for the project to achieve its objectives and value for money;
· Change control processes are clearly documented, including segregation of duties, and are followed to ensure all change is necessary and achieving value;
· Early warning notices are in place to inform the Council of any potential issues as soon as they arise in order to be addressed; and
· Regular budget monitoring takes place to provide effective oversight of the budget, scrutiny of spend, and early identification of any potential variances.
1.16 Some areas for further improvement were also identified, including:
· Reviewing project roles and responsibilities and identifying potential additional resources to be included in the project to strengthen resilience;
· Enhancement and development of project documentation (for this project and future projects), to ensure that all documentation accurately captures all necessary information in order to effectively manage the project;
· Ensuring highlight reports/ progress reports are produced to be shared at each project board meeting, to increase transparency and aid decision making; and,
· Financial reporting is enhanced to include contract variations for ease of reporting and forecasting.
1.17 In all cases, actions for improvement were agreed with management.
Petty Cash
1.18 Petty Cash floats enable staff or service users to be reimbursed for expenditure, incurred for purchases up to £100, where the use of the creditors system is either not possible or practical. Petty cash accounts can be replenished by any value up to £500 by cheque or via cash delivery through the corporate security carrier. These methods must only be used when there is no alternative to paying by cash, with purchasing cards and prepayment vouchers being the preferred option to pay for these expenses. Staff and service user payments over £100, as well as all supplier payments must be paid via the creditors system.
1.19 This review was added to the audit plan at the request of Finance management who had concerns that corporate policy and procedure was not being complied with resulting in an increased risk of financial loss.
1.20 The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· There are up-to-date clear policy, procedures, and instructions in place and available to staff to support the use of petty cash;
· Petty cash floats are appropriately managed and align with Council policy. This includes ensuring that only approved and legitimate expenditure is incurred, and that regular monitoring and reconciliations are undertaken;
· Petty cash transactions are supported by documentation such as invoices or receipts; accounts are reconciled with any discrepancies investigated and are coded correctly on the general ledger; and,
· Petty cash floats are held securely and there are effective controls over the top up and transfer of cash funds, including appropriate authorisation and evidence of receipt.
1.21 We were able to provide an opinion of Reasonable Assurance over the controls operating within the area under review. Whilst our audit did identify some poor practice and controls being circumvented, officers have been successful in reducing the use of cash across the Council. This has been replaced with the use of approved procurement cards and prepayment cards or vouchers in services, which has decreased the risk of financial loss. During the audit there was evidence that the number of petty cash accounts being held was reducing further.
1.22 Most services maintain their account with a positive balance, and submit monthly reconciliations as required by corporate guidance, but there are, however, some services which are regularly overdrawn, all of which sit within Adult Social Care or Children’s Services.
1.23 The following areas for improvement in controls were identified:
· Improve the escalation process and action taken to address overdrawn accounts;
· Ensure there are regular reconciliations by services using petty cash;
· Further limit the use of petty cash, so that more transactions are paid via the creditors system, payment card or prepayment cards or vouchers;
· Ensuring that there is appropriate authorisation recorded for the use of petty cash;
· Ensure any practice of pre-signed cheques is stopped and officers understand this represents a high risk of financial loss, contravenes Standard Financial Procedures, and invalidates insurance claims.
1.24 Actions to address these areas for improvement were agreed with management within a formal management action plan.
Schools
1.25 We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The objectives of our work are to ensure that:
· Governance structures are in place and operate to ensure there is independent oversight and challenge by the Governing Body;
· Decision making is transparent, well documented, and free from bias;
· The school is able to operate within its budget through effective financial planning;
· Unauthorised or inappropriate people do not have access to pupils, systems, or the site;
· Staff are paid in accordance with the schools pay policy;
· Expenditure is controlled and funds used for an educational purpose;
· The school ensures value for money on contracts and larger purchases; and,
· All voluntary funds are held securely and used in accordance with the agreed purpose.
1.26 One school audit was finalised in quarter 3. This follow up audit was to provide assurance that actions agreed from a previous audit, that concluded Partial Assurance, had been implemented. At the time of the audit the school was being governed through an Interim Executive Board (IEB), approved by the Department of Education in June 2025. As financial expertise and support was being provided directly by the Council and a local secondary School, we did not provide an assurance opinion.
1.27 The table below shows details of this review and areas outstanding.
|
Name of School |
Audit Opinion |
|
Middle Street Primary School |
Non- opinion Report Our review found that eleven of the seventeen actions arising from the previous audit had been implemented. The issues raised during the audit relate to transactions and recruitment that occurred before the IEB. We note that since the IEB has been in place controls have gradually improved. We did, however, find that remaining actions were required to: · Declare and effectively manage conflicts of interest; · Improve financial controls regarding raising purchase orders, evidence of monthly payroll approval and maintaining a contract register; · Improve the process of new starters to ensure that all pre-employment checks are completed, and appropriate information is retained to evidence this; · Improve the process of exit interviews for staff leavers to ensure feedback and insight is shared appropriately with senior leadership; and, · Maintain and implement a Data Protection Policy.
|
1.34 We aim to undertake follow up audits at all schools with Minimal Assurance opinions. For Partial Assurance opinions we will undertake a follow up review or alternatively write to the Chair of Governors to obtain confirmation that actions have been implemented.
1.35 The core financial role of the local authority is to set and monitor a local framework, including provision of budgetary information, provision of financial oversight and intervening where schools are causing financial concerns. Schools (the Governing Body and the Headteacher) are required to manage their delegated budget effectively ensuring the school meets all its statutory obligations, and through the Headteacher, comply with the Local Authority’s Financial Regulations and Standing Orders.
Grant Certifications and Non-Opinion Work
Online Safety Act – Position Statement
1.36 The Online Safety Act 2023 is designed to protect children and adults online. It puts a range of new duties on social media companies and search services, giving them legal duties to protect their users from illegal content and content harmful to children. The Act gives providers new duties to implement systems and processes to reduce risks that their services are used for illegal activity, and to take down illegal content when it does appear. The Act is expected to be fully implemented in 2026. Ofcom is the independent regulator for online safety and non-compliance can result in fines and/or blocking of services.
1.37 Initial consideration of the Online Safety Act identified that the Council, as a public body, is exempt. However, it would be prudent for the Council to adhere to the principles of the Act, as it does have a wider role in promoting online safety. Due to this we have not provided an assurance opinion and have instead focussed on exploring awareness of the Act and how the Council is embedding online safety principles.
1.38 The Act focus is primarily on user-to-user and search services (directing to third-party
content). In speaking to key staff, we found that, in general, they had an awareness of the
Act but had not identified any such services provided by the Council. Additionally, awareness and consideration of the Act was demonstrated through explicit reference to it within Council documentation, including the Violence Against Women and Girls Strategy and the Strategic Assessment of Crime and Community Safety.
1.39 The Council is also seen to support wider awareness of online safety issues, for example, through its Social Media Policy and guidance, e-learning regarding children’s safeguarding, and inclusion of digitally enabled abuse in the Support for Staff Affected by Domestic Abuse Policy.
1.40 Where applicable, in future audit work, we will look to include consideration of controls in place at the Council to further enhance, promote and embed online safety.
2 Proactive Counter Fraud Work
2.1. The team continue to monitor intel alerts and share information with relevant services when appropriate.
2.2. The team also continue to review matches released as part of the National Fraud Initiative. High risk matches will be prioritised for investigation and support provided to services reviewing the reports.
2.3 In addition, the team have recently received matches for two new mandatory datasets, Residential Care Homes Data and Personal Budget Data and are working with the service to prioritise review of the results.
Summary of Completed Investigations
False Representation by Supplier
2.5 Internal Audit and Counter Fraud undertook an independent review of concerns raised by an employee under the Council’s Whistleblowing Policy. The allegations included concerns that a supplier had billed for work not completed and had deliberately complicated invoicing arrangements to confuse reconciliation of amounts due. Whilst no evidence of fraud could be substantiated, the investigation did identify weaknesses in contract management activities and supplier invoice reconciliation processes, which have been highlighted to management and actions agreed to strengthen arrangements.
Housing Tenancy Fraud
2.6 The Tenancy Fraud Team continue to investigate allegations of potential sublet. They work closely with Housing Managers and other officers for a joined-up approach to allegations of abandonment, with an increasing emphasis on visits and communication with tenants to improve awareness and reiterate a tenant’s responsibility under their tenancy agreements.
Council Tax Fraud
2.7 The Team continues to investigate allegations of false claims for Single Person Discount (SPD) and Council Tax Reduction Support (CTRS).
2.8 The table below shows the estimated financial value saved through the work of the service:
|
Fraud Area |
(£) Year to Date |
(£) 2024/25 |
(£) 2023/24 |
(£) 2022/23 |
|
Properties Recovered |
391,500 |
930,000 |
558,000 |
186,000 |
|
Housing Application Withdrawn |
299,810 |
359,772 |
- |
- |
|
Homeless Application Withdrawn |
|
|
- |
- |
|
Right-To-Buy Withdrawn |
102,400 |
102,400 |
- |
- |
|
SPD Removed |
8,739 |
5,559 |
8,625 |
511 |
|
Revenues Exemption Removed |
1,910 |
2,947 |
|
|
|
CTRS |
|
4,659 |
440 |
406 |
|
Housing Benefit |
4,369 |
|
3,853 |
3,658 |
|
Business Rates |
|
|
- |
- |
|
Total |
808,728 |
1,405,337 |
570,918 |
190,575 |
3 Action Tracking
3.1 All high priority actions agreed with management as part of individual audit reviews are subject to action tracking. When high priority actions become due, we seek confirmation from service management that actions have been implemented. At the end of quarter 3, we can report that no high priority actions are showing as overdue. Whilst most actions were confirmed as implemented, this does include some actions that are repeated in the follow up audit reports, summarised in section 1, with new target implementation dates.
3.2 In addition a number of other high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit, Standards and General Purposes Committee.
4 Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the Internal Audit plan for the year has been kept under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management the following audit has been added to the audit plan this quarter:
|
Planned Audit |
Rationale for Addition |
|
Cyber Security Programme Support |
This assignment has been added to provide ad-hoc advice, governance, and support regarding risk, control, and probity for a recently launched programme aimed at enhancing the Council’s cybersecurity arrangements. |
4.2 In order to allow any additional audits to take place, the following audits have been removed from the audit plan and where appropriate, will be considered for inclusion in future audit plans as part of the overall risk assessment completed during the annual audit planning process. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas, which may require a reschedule of audit assignments.
|
Planned Audit |
Rationale for Removal |
|
Cybersecurity and Data Loss Risks in Third Party Supply Contracts and Cloud Services |
The dedicated audit on cybersecurity risks related to third-party contracts and cloud services was cancelled to allow resources to support broader programme activities. Nevertheless, key findings from work already completed in this area have been conveyed to the cybersecurity programme for further action. |
|
Shadow IT Governance Arrangements |
The audit to cover computer systems and applications used by the Council outside the direct control of IT&D was cancelled for 2025-26 to support additional priority work within IT&D. |
5 Internal Audit Performance
5.1 In addition to the annual assessment of internal audit effectiveness against Global Internal Audit Standards (GIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
|
Quality
|
Annual Audit Plan agreed by Audit Committee |
By end April |
G |
2025/26 Internal Audit Strategy and Annual Audit Plan formally approved by Audit, Standards & General Purposes Committee - Tuesday, 22nd April 2025. |
|
|
Annual Audit Report and Opinion
|
By end July |
G |
2024/25 Annual Report and Opinion presented to Audit, Standards & General Purposes Committee 24th June 2025. |
|
|
|
Customer Satisfaction Levels |
90% satisfied. |
G |
100% |
|
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
67.5% |
A |
66.7% Whilst performance is slightly below target we are confident that it will improve in the final quarter and 90% of the audit plan should be complete. |
|
|
|
Percentage of audit plan days delivered |
67.5% |
A |
64.7% Whilst performance is slightly below target we are confident that it will improve in the final quarter and 90% of the audit days will be delivered. |
|
|
64.7Compliance with Professional Standards |
Global Internal Audit Standards |
Conforms |
G
|
April 2025 - Self Assessment against the recently introduced Global Internal Audit Standards (GIAS) completed. No major areas of non-conformance identified. Some areas to ensure full compliance have been identified including the update of the Audit Charter. Dec 2025 - Our latest quality review exercise identified no major areas of non-conformance with only minor improvements required relating to internal record keeping within the service. |
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures, and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified |
|
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
G
|
100% for high priority agreed actions (see above) |
|
|
Our staff |
Professionally Qualified/Accredited (Includes part-qualified staff and those undertaking professional training) |
80% |
G |
80% |
|
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |