APPENDIX 1
Internal Audit and Counter Fraud
Quarter 4 Progress Report 2025/26
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
1. Summary of Completed Audits
Accounts Payable
1.1 Accounts Payable (AP) is the end to end process through which the Council purchases goods works and/or services. It is represented as the Creditors module within the Council’s corporate finance system Civica Financials. During the 2024/ 25 financial year (excluding cancelled transactions) there was a total of approximately, 380,000 creditor transactions totalling circa £600M.
1.2 The objective of the audit was to provide assurance that controls are in place to meet the following objectives:
· Purchase orders are raised for goods, works and services that have been appropriately approved and are needed by the Council;
· All payments are made to the correct vendors, for the correct amounts, at the right time and only for goods, works or services ordered and received satisfactorily by the Council;
· Only vendors that meet the needs of the Council, and that do not already exist in the accounting system, are set up, and their details are maintained accurately; and
· Transactions in the Accounts Payable System are completely and accurately transferred to, and reflected, in the General Ledger.
1.3 From the work undertaken we were able to provide an opinion of Reasonable Assurance as we found that, payments were processed and paid accurately, the payment run and BACs release process is well controlled, there is appropriate segregation of duties in the payment system, there is a low volume of urgent payments processed, there are controls in place to detect potential duplicate payments in a timely manner and there is a robust process in place for General Ledger reconciliations..
1.4 We identified opportunities to strengthen the control environment including to ensure that:
· The number of retrospective purchase orders is reduced and the training for staff is enhanced;
· Reports on retrospective orders are shared and circulated;
· A procedure note for the new process around temporary amendments to authorisation levels is introduced and circulated; and
· The scheme of delegation is reviewed annually to ensure it is up to date.
1.5 Actions to address these areas were agreed with management within a formal management action plan.
Payroll
1.6 Payroll is a key financial system for the Council. In September 2025, over 8,500 payments were made to employee records. This includes council officers and staff employed in schools across the city.
1.7 The purpose of this audit was to provide assurance that controls were in place and operating as expected to meet the following objectives:
· Only genuine starters are set up, approved, and pay is calculated from the correct date;
· Leavers are removed from the payroll in a timely manner and paid correctly and accurately to the correct dates;
· Permanent variations to pay accurately reflect employees’ grades and/or changes to their contracts, calculated and paid from the correct dates;
· Pay runs and bank transfer (BACS) transmissions are correct and authorised;
· Payroll data is accurately reflected in the General Ledger;
· Temporary payments (including additional hours, expense claims and payments to casual staff) are only made for hours worked and expenses incurred legitimately as a result of employment;
· Changes to standing data are reviewed, authorised, and input accurately; and,
· Accurate data is provided to the East Sussex Pension Fund in line with the requirements of the Fund.
1.8 The 2024/25 audit concluded with an opinion of partial assurance, therefore, this audit also reviewed the implementation of previously agreed actions.
1.9 We were able to provide an opinion of Reasonable Assurance as we found that the backlog had been significantly reduced and progress had been made on actions agreed from the previous audit. However, we acknowledge that this area continues to be under operational pressure due to the capacity of the service and system issues.
1.10 We found evidence that submission of payroll data to the East Sussex Pension Fund is up to date; this is an area where we have raised findings in previous audit reports.
1.11 Compliance testing showed that starters, changes to pay and the pay run process are subject to appropriate authorisation, with adequate separation of duties within the process. For leavers, we found that all sampled employees had been removed from the payroll in a timely manner. Our testing demonstrated that payroll data is regularly reconciled to the General Ledger, with BACS transmissions being correct and appropriately authorised.
1.12 We have, however, identified the following areas where there are opportunities to further improve the control environment, including:
· Taking measures to reduce the level of overpayments as we noted that these had risen slightly from October 2024 to October 2025;
· Reviewing the vetting process and ensure that all vetting reports, designated as ‘important,’ are being checked prior to the pay run, as these may increase the risk of payroll failure;
· Ensuring changes to standing data are checked by a second senior officer; and,
· Ensuring information submitted to the service by managers is accurate and timely.
1.13 Actions to address these areas were agreed with management within a formal management action plan.
Risk Management
1.14 Effective risk management is a core element of the Council’s governance and performance frameworks. The Council is legally required under regulation 3 of the Accounts and Audit Regulations 2015 to maintain robust arrangements for managing risk. It is also a requirement of the Council’s Local Code of Governance and reflected in the Annual Governance Statement, which evidences the strength of internal controls.
1.15 For this audit we assessed the adequacy and effectiveness of arrangements in place to identify, assess, escalate and mitigate risks at Directorate level.
1.16 The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· The Directorate Risk Register’s are maintained as a live document, include accurate and up to date descriptions of risk and is reviewed regularly by the Directorate Leadership Team;
· Risk scoring (likelihood and impact) in the Directorate Risk Register follows the prescribed corporate guidance;
· Mitigating actions are in place, assigned to an accountable officer; and,
· Escalation guidance is in place to support risk movement between service, directorate and corporate leadership levels.
1.17 We were pleased to find that each Directorate is maintaining its own risk register and risks are being assessed and prioritised. For each mitigation action there is an assigned accountable officer and escalation guidance is in place to support risk movement between service, directorate and corporate levels. We were therefore able to provide an opinion of Reasonable Assurance in this area.
1.18 We have, however, identified the following areas where there are opportunities to further improve risk identification and management, including:
· Consistent application of risk identification and review processes across Directorates;
· Consideration of risk registers at service level, particularly in key service areas; and,
· Clear ownership and documenting of mitigating actions.
1.19 An action plan was agreed with management to address the areas of improvement identified.
Corporate Governance – Code of Conduct
1.20 Corporate Governance is the combination of processes and structures put in place by an organisation to inform, direct and monitor activities to achieve its objectives. The council is responsible for ensuring that business is conducted in accordance with the law and proper standards, public money is safeguarded and properly accounted for, and used economically, efficiently and effectively.
1.21 This audit focused on the Code of Conduct (Code) for employees which form an important element of the Corporate Governance arrangements. The council’s Code sets out clear expectations for professional behaviour, ethical standards and employees’ responsibilities as well as how these underpin the council’s organisational values. All employees are expected to comply with the Code whether they are employed on a permanent, temporary or casual basis, with deliberate breaches of the Code being treated as a disciplinary offence and in some cases may result in dismissal or criminal prosecution.
1.22 The main objective of this audit was to provide assurance that the council’s Code supports good governance across the council by setting and communicating clear expectations of behaviour that are understood and complied with by employees.
1.23 We were able to provide an opinion of Reasonable Assurance for governance processes under the Code of Conduct. We found that expectations of behaviour are promoted and communicated by senior management. We conducted a survey that found awareness of the Code was high with staff.
1.24 Whilst we found that most controls were in place and operating as expected there were a few areas where we identified that further improvements could be made:
· Capture and share data, which highlights trends and key learning, to enhance and aid visibility and oversight for management;
· Clarity over frequency of training for all staff related to expected behaviours; and,
· Updating and co-ordinating information held on the staff intranet, guidance and policies.
1.25 An action plan was agreed with management to address the areas of improvement identified.
Property Disposals
1.26 The Council’s Capital Strategy has highlighted the need to obtain capital receipts to support the Council’s current innovation and change programmes as part of the Medium Term Financial Plan.
1.27 The purpose of the audit was to provide assurance that project management controls were in place and operating as expected in order to meet the following objectives:
· Robust strategies, policies, and procedures are in place in relation to property disposals to ensure transparent identification, legal compliance, alignment to the Council’s objectives, and achieving value for money;
· Adequate financial monitoring and reporting is in place to ensure all committed expenditure, in relation to property disposals, is accounted for; and,
· Capital receipts are received in a timely manner once the sale has been completed.
1.28 In completing this review, we were able to provide an opinion of Reasonable Assurance for the following reasons:
· A robust process is in place as properties are identified as soon as possible, reviewed, assessed, appropriately approved, and are legally compliant;
· Independent advice and valuations are taken on property disposals to ensure they receive best consideration;
· Financial monitoring is in place to ensure monies due from disposals are received in full, on time and accounted; and,
· Disposals are removed from the Council’s asset register in a timely manner after completion.
1.29 We did, however, identify one high risk finding regarding the capacity to undertake the volume of disposals identified in the programme.
1.30 Actions were agreed with management around this area to review vacancies within the team, the recruitment strategy and keep this risk open on the risk register to ensure it is known, monitored and escalated where appropriate.
Brighton Marina to River Adur Flood and Coastal Erosion Risk Management Scheme
1.31 The Brighton Marina to River Adur Flood and Coastal Erosion Risk Management (FCERM) Scheme is a partnership between Brighton and Hove City Council, Adur District Council and Shoreham Port Authority. Brighton and Hove City Council is the lead authority for the scheme, which has a value of £41.5m (including a grant in aid contribution from the Environment Agency of £12.1m, subsequently increased by £2m for accelerated works).
1.32 Phase one of the FCERM scheme has recently been completed at a cost of £5.67m, with Phase 2 works having recently commenced, at an anticipated cost of £19m. This includes work at Kings Esplanade and Southwick Beach including building new, extended groynes and replenishing shingle.
1.33 The purpose of the audit was to provide assurance that project management controls were in place and operating as expected in order to meet the following objectives:
· There has been sufficient purpose, planning and preparation to support the programme;
· An appropriate governance structure is in place including relevant oversight at a Directorate and Corporate leadership level;
· Effective quality and cost controls are in place;
· Risk management is appropriately addressed;
· Reporting and communication during the programme is well managed, including escalation where appropriate;
· Implementation of the programme is effective; and,
· The key deliverables of the programme are met.
1.34 We were able to provide an opinion of Reasonable Assurance. We were pleased to note that with the scheme entering phase 2 works, there was ongoing progress to improve the control environment. This included consolidation and review of key documentation, recording of financial information and a revised project structure. We also found that key stakeholders, including partners and contractors are engaged via monthly project board meetings, and communications with the public about the scheme are timely and working well. Cost controls are in place and operating as expected.
1.35 There were, however, some areas of improvement still required, including the need to ensure that:
· Governance, escalation and decision-making arrangements are specified and documented;
· Project roles and responsibilities are defined, appropriate and understood;
· Key documentation is in place and up to date, including the business case and project plan;
· Risk management arrangements are optimised via a comprehensive risk register; and
· Officers with contract management responsibilities are familiar with, and adhere to, the requirements of the corporate Contract Management Framework.
1.36 An action plan was agreed with management to address the areas of improvement identified.
Artificial Intelligence Tools
1.37 Artificial Intelligence (AI) has become ever more prevalent across multiple sectors, and local government is not immune to this trend. Many staff are already utilising AI tools such as Microsoft Copilot and others, both in their professional and personal lives. Whilst there are undoubtedly some benefits to be had from the use of AI tools, they also bring a range of significant risks to the organisation.
1.38 With such a fast-changing area, clear direction and oversight is needed to allow the organisation to reap the full benefits of such tools, whilst remaining compliant with regulatory requirements and meeting operational obligations.
1.39 This audit reviewed the Council’s governance arrangements in relation to Microsoft Copilot (and other AI tools), including its use when generating text, as well as its influence over users.
1.40 The purpose of the audit was to provide assurance that controls are in place to meet the following objectives:
· Mandatory change management processes are in place to ensure smooth adoption of AI tools across the organisation;
· Robust policies and guidance are present, helping staff understand their responsibilities around the usage of all AI tools, including those corporately available;
· A clear request process is in place to allow staff to request access to new and existing AI tools and follows a defined organisational strategy; and
· Education and training are available to staff, helping to alleviate concerns around AI tools and improve productivity.
1.41 During the audit, several digital innovation pilot programmes were initiated, some of which involved extensive use of AI tools. These pilot programmes were not included within the scope of this audit.
1.42 The context of the audit centred around the use of Microsoft Copilot, which at the time of writing is the primary AI tool being used within the council in an official capacity. A select number of 150 users were provided with Enterprise licenses as part of an initial pilot programme.
1.43 We have been able to provide an opinion of Reasonable Assurance over the arrangements for managing the risks associated with the use of AI tools.
1.44 We found that education and training is available for staff through the Digital Skills Team, who support new users with initial training and ongoing education. All users that receive a license for Copilot, for example, will automatically have access to Digital Skills content. This content aligns with the organisation's Artificial Intelligence (AI) & Robotic Process Automation (RPA) policy. The AI & RPA policy is comprehensive and well-structured and exists alongside guidance that assists users in their understanding and responsibilities around AI usage, clearly stating the responsibilities of staff.
1.45 The Council utilised external consultancy resource to identify the benefits of tools such as Copilot, with particular emphasis on time and cost savings and we found a considered and methodical approach to implementing AI tools. Throughout the pilot, the effectiveness of Copilot was systematically monitored. The Council has a clear strategy, setting out how it intends to harness the capabilities of AI tools. Staff may request Copilot licenses and are encouraged to suggest ideas for utilising AI tools through various internal channels.
1.46 Some areas to improve the control environment were identified to ensure that:
· There is appropriate engagement with change management colleagues; and
· There is clarity over approved tools for staff to use.
1.47 An action plan was agreed with management to address the areas of improvement identified.
Direct Payments Adults Follow-up
1.48 Direct payments are available as a means of providing support to adults who have had an assessment of their needs undertaken by a social worker. They were introduced to offer a greater level of independence to service users by providing them with funds to buy in support instead of using council services.
1.49 A succession of previous audits in this area have resulted in a Partial Assurance opinion.
1.50 We therefore completed a follow-up audit to assess the extent to which the previously agreed actions had been implemented. In completing this review, we were pleased to be able to provide an improved opinion of Reasonable Assurance. Based on our work, we found that the majority of actions had been either fully or partially implemented, and risks have been sufficiently mitigated. There has been a significant increase in the number of reviews completed on time.
1.51 There were, however, some areas of improvement still required, including the need to ensure that:
· The targeting of annual reviews of direct payment accounts continues and are completed in a timely manner, in compliance with legislation;
· Regular monitoring of direct payment accounts is undertaken to identify any outside of tolerance levels to ensure the individual is receiving their assessed level of care;
· All checks undertaken as part of monitoring and reviews of direct payment accounts to ensure compliance with terms of use, including client contribution checks, will be recorded; and,
· Operational guidance is reviewed to ensure it is up-to-date and covers the end-to-end processes.
1.52 An action plan was agreed with management to address the areas of improvement identified.
Direct Payments – Children’s Services
1.53 Direct payments are available as a means of providing support to children and young people who have had an assessment of their needs undertaken by a social worker. They were introduced to offer a greater level of independence to service users by providing them with funds to buy in support instead of using council services. Direct payments can be made for special educational provision, health care provision and social care provision.
1.54 The purpose of the audit was to provide assurance that controls were in place and operating as expected in order to meet the following objectives:
· Monies provided under the direct payment scheme are being used for their intended purpose;
· Effective processes for the administration and payment of direct payments ensure that amounts paid are correct and an appropriate level of care is received;
· Reporting from external providers (if used) is timely and relevant, and client balances are used to ensure the provision of appropriate care; and,
· Robust agreements are in place with external providers (if used) to support the timely transfer of client accounts into, and out of, these organisations.
1.55 In completing this work, we were able to provide an opinion of Partial Assurance. Whilst we identified areas of good practice, we did find areas of non-compliance with regulations and weaknesses in the process to ensure sufficient monitoring is taking place to ensure individuals are receiving their assessed care. This is compounded as the number of children’s direct payment cases has doubled over the past year due to the ending of a support service contract in April 2025.
1.56 Areas for improvement were identified relating to the need to:
· Strengthen the annual review process of direct payment accounts to ensure the majority are completed in a timely manner and compliant with relevant regulations;
· Monitoring accounts, including reporting and escalating any surpluses on accounts to agree appropriate action;
· Establish quality assurance checks of direct payment accounts, to ensure all elements of the process are complete and accurate;
· Review, validate and formally authorise the pay-run prior to it being issued;
· Undertake regular reconciliations between the corporate and care financial systems to ensure these are the same and any variances are investigated; and,
· Update and review policies, procedures and guidance to promote a consistent approach.
1.57 A robust action plan to address the findings was agreed. A follow-up audit will be undertaken to assess the extent to which the agreed actions for improvement have been implemented.
Council Tax
1.58 Council Tax is a key financial information system, managing the calculation, billing, and collection of the Council Tax revenue. The funds received from Council Tax form an integral part of the Council’s budget, with £195.4 million (20.3% of the total budget) coming from the collection of Council Tax.
1.59 The main objective of this audit was to provide assurance that controls over Council Tax collection are effective, and to provide assurance that controls are in place to meet the following objectives:
· All taxable domestic properties have been identified, and records are regularly reconciled to the Valuation List;
· Discounts and exemptions are correctly awarded;
· Arrears are dealt with efficiently; write-offs are valid and authorised; and all refunds are approved and accurate;
· All payments are posted promptly to the correct accounts, reconciliations to the main accounting system are undertaken and suspense accounts are regularly cleared; and,
· Processes are completed in a reasonable timeframe, including customer enquiries.
1.60 A previous audit of Council Tax, finalised in December 2023, gave an opinion of Partial Assurance, with one high level risk finding relating to a significant backlog of processes. A follow up review in April 2024 concluded Reasonable Assurance and noted the reduction of the backlog.
1.61 For the 2025-26 audit of this area, we were able to provide an opinion of Partial Assurance over the controls in place. Since the previous audit we found that the backlog had again increased significantly. This was mainly caused by the implementation of a document management system, and officers are working with the provider to resolve the issues. The increase in the backlog presents a risk and is a considerable challenge for the service, with its limited resources.
1.62 In addition, forecasting collection rates has been particularly difficult and rates are falling. This is partly due to the increased backlog but also impacted by the additional measures offered to support households that are struggling financially. We note that more flexible payments to help vulnerable households, reduce in year collection rates but may have a more positive impact on long term recovery.
1.63 A number of actions were agreed with management to address these issues, including:
· Implementing a backlog recovery plan;
· Collaboration with Housing colleagues to tackle arrears where the Council is the liable party; and
· Review and update procedures.
1.64 We will undertake a formal follow-up review in this area as part of the 2026/27 internal audit plan.
Contract Management Facilities & Building Services Follow-up
1.65 As part of previous Internal Audit work, it was found that whilst a contract management framework is in place, compliance with the framework was poor. The Procurement team have taken action to improve awareness of the framework. This audit reviews compliance with the contract management framework.
1.66 An audit of Contract Management in Facilities and Building Services was undertaken in 2024/25, which resulted in an audit opinion of Partial Assurance. This follow-up review was, therefore, undertaken to assess and provide assurance on the progress made in implementing the agreed actions from the previous audit and provide assurance that compliance with the contract management framework in this area had improved.
1.67 In completing this review, we were able to provide an opinion of Partial Assurance. One of the key agreed actions from the original review was that training would be undertaken with contract managers on the contract management framework. Whilst this was duly actioned, this training and elements of the framework have not been embedded into practice. It is acknowledged at the time of our review there were limited resources with vacancies in the team. We also note that the majority of the larger contracts were due for re-tendering. It is important that practices within the contract management framework are followed to ensure contractors are performing as per contractual requirements and the contract is achieving value for money for the Council. Our work confirmed that there are still areas of non-compliance with the contract management framework in this area. Therefore, it was agreed with management that:
· All contracts, contract extensions, and key information are published on the Council’s contract register;
· Contract management plans, contractor performance monitoring, minutes/ notes of contractor meetings, risk registers, business continuity plans and variation logs will be implemented across all high value/ high risk contracts initially, and all contracts once they have been re-tendered; and
· The service business continuity plan will be updated.
1.68 An action plan was agreed with management, and this will be subject to a second follow-up audit.
Planned and Reactive Maintenance
1.69 In 2013 the Council adopted the Corporate Landlord model, where the Property & Design Team maintained the Council’s non-housing property assets including schools, social care, environment, and civic buildings, as well as managing urban and agricultural portfolios. The Property & Design service was disaggregated in 2025 with functions moving elsewhere in the Council structure.
1.70 The Facilities & Buildings Team are responsible for the reactive and planned preventative maintenance (referred to as planned maintenance throughout this summary) of approximately 500 corporate properties, excluding commercial and social housing properties.
1.71 The purpose of the audit was to provide assurance that project management controls were in place and operating as expected in order to meet the following objectives:
· Robust arrangements are in place to ensure reactive and planned maintenance of Council owned properties is effective, efficient and adheres to regulations, legislation and Council priorities;
· The contracts (and any variations) in place support effective and timely maintenance of Council properties, deliver value for money, and are in compliance with appropriate regulations and legislation;
· Reporting and communication are clear, concise, transparent and timely;
· Budgets are properly set, monitored and reported; and,
· Risks are appropriately identified, evaluated and managed.
1.72 In completing this work, we were able to provide an opinion of Minimal Assurance. We found that the budget had been overspent, despite a decision taken to only undertake essential/ critical works. This has resulted in some maintenance works not being completed early to ensure there is not further deterioration of corporate properties and higher future costs. Roles and responsibilities were not clearly defined, which is further compounded by gaps in personnel, meaning key activities are not always undertaken.
1.73 There was a lack of documentation, policies and procedures, in place for this operation reducing the transparency around roles and responsibilities and consistency of practice. The operating model for this service places a high reliance on contractors/ suppliers, with not all contractors having a contract with the Council and performance not being sufficiently monitored due to capacity and working arrangements (manual monitoring via spreadsheets), therefore, issues may not be picked up as early as possible.
1.74 A number of actions were agreed with management to address these issues, to ensure:
· Financial management, monitoring and fee setting is robust, transparent and consistent;
· Appropriate resourcing is in place to undertake contract management duties and site inspections;
· Roles and responsibilities in relation to management and maintenance of buildings are clearly defined and understood;
· Policies and procedures in relation to building safety and maintenance are in place and circulated;
· The building management system is further developed to record all corporate property information;
· A procurement forward-plan is in place for re-procurement exercises in this area;
· Key performance indicator reporting across all contractors is in place and recorded centrally;
· An operational risk register is in place to identify, manage and monitor risks in this area; and
· Actions as part of the Contract Management Compliance Facilities & Buildings Follow-up, will feed into and enhance contract management arrangements in this area.
1.75 We will undertake a formal follow-up review in this area as part of the 2026/27 internal audit plan.
Grant Certifications and Non-Opinion Work
IT Service Management Replacement Project
1.76 Additional support to IT&D this year has been provided through our involvement in the IT Service Management (ITSM) replacement project. The ITSM is a crucial system which supports IT teams in the management of the end-to-end delivery of IT services to customers.
1.77 As part of our support to the project, we have attended board meetings and have provided advice on governance, risk and control issues. As the current governance structure is separating, as of writing we are reviewing our support arrangements for 2026/27.
2 Proactive Counter Fraud Work
2.1. The team continue to monitor intel alerts and share information with relevant services when appropriate.
2.2. The team are continuing to review matches released as part of the National Fraud Initiative (NFI). High risk matches will be prioritised for investigation and support provided to services reviewing the reports.
Summary of Completed Investigations
2.3 Internal Audit and Counter Fraud undertook an independent review following a concern being raised that an external consultant had not been through the correct procurement process prior to being appointed. The review found evidence that staff involved in the procurement exercise had not adhered to Council guidance when procuring the consultant. Action has not been taken by management to ensure that all staff involved in the procurement of goods and services have access to appropriate advice and guidance.
Housing Tenancy Fraud
2.4 The Tenancy Fraud Team continue to investigate allegations of potential subletting. We work closely with Housing Managers and other officers for a joined-up approach to allegations of abandonment, with an increasing emphasis on visits and communication with tenants to increase awareness and reiterate a tenant’s responsibility under their tenancy agreements.
Council Tax Fraud
2.5 The Team continues to investigate allegations of false claims for Single Person Discount (SPD) and Council Tax Reduction Support (CTRS).
2.6 The table below shows the estimated financial value (using NFI methodology), saved from the public purse through the work of the Tenancy Fraud Team.
|
Fraud Area |
(£) Year to Date |
(£) 2024/25 |
(£) 2023/24 |
(£) 2022/23 |
|
Properties Recovered |
626,400 |
930,000 |
558,000 |
186,000 |
|
Housing Application Withdrawn |
325,508 |
359,772 |
- |
- |
|
Homeless Application Withdrawn |
|
|
- |
- |
|
Right-To-Buy Withdrawn |
102,400 |
102,400 |
- |
- |
|
Council Tax |
16,559 |
13,165 |
9,065 |
917 |
|
Housing Benefit |
4,369 |
|
3,853 |
3,658 |
|
Business Rates |
|
|
- |
- |
|
Total |
1,075,236 |
1,405,337 |
570,918 |
190,575 |
3 Action Tracking
3.2 At the end of quarter 4, we can report that 92% high priority actions are showing as overdue which is below the key performance target of 95% of all high priority actions implemented.
3.3 There were four high priority actions which were overdue at the end of Q4, and these are summarised in the table below. Three of the actions outstanding relate to the use of prepayment vouchers in schools and this is an area where we have seen fraudulent attempts to access vouchers resulting in financial loss.
|
Details of Audit Issue |
Due date |
Revised date |
Agreed Action |
|
Potential misuse of the Parking Dispensation Scheme for Council Officers |
31/10/25 |
31/03/26 |
A corporate review of the dispensation policy will be undertaken involving the relevant stakeholders including the Customer Contact Lead, Parking Customer Services Manager, Parking Fraud Manager and HR Policy Lead.
|
|
Clarity around cyber security support for schools. |
01/01/26 |
N/A |
Whilst the Council does not manage cyber security in schools, it will promote good practice and provide guidance where appropriate.
· Improve awareness in schools and provide guidance to improve cyber security resilience and response; · Assurances will be sought from schools that appropriate arrangements are in place; and · A retrospective risk assessment of the voucher platform will be completed.
|
|
Corporate oversight of balances of pre-payment vouchers held by services across the Council. |
28/02/26 |
N/A |
A process will be developed that will provide Corporate Finance with oversight of all voucher wallets and their balances. The process will include a corporate reconciliation spreadsheet that wallet owners will be required to complete monthly.
|
|
Corporate oversight of pre-payment voucher systems. |
28/02/26 |
N/A |
Management will investigate the use of other voucher distribution tools and complete a cost-benefit analysis. |
3.4 In addition a number of other high priority actions have had their implementation deadlines extended, in agreement with management. Where the revised deadlines are not met, these will be reported to the next meeting of the Audit, Standards and General Purposes Committee.
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |