PAPER D
AUDIT COMMITTEE - 28 JULY 2005
REPORT OF THE CHIEF INTERNAL AUDITOR
1. This report is to provide the Committee with a summary of Internal Audit activity completed since the last report to the Committee’s antecedent body, the Audit Panel, on 16th February 2005. The Committee is invited to note the contents of the report and to seek clarification of any issues arising from audits undertaken.
BACKGROUND
2. In keeping with good corporate governance practice, a Committee of elected members should have oversight of the activities of the Internal Audit Service for the following purposes:
v The Committee should monitor Internal Audit’s performance, both in terms of the quality and quantity of its work;
v The Committee should satisfy itself that Internal Audit has devoted its attention to the appropriate issues;
v The Committee should consider the results of Internal Audit reviews to ensure that any significant findings are addressed, including control weaknesses and to ascertain whether, in the opinion of the Chief Internal Auditor, adequate and satisfactory responses have been given by the Authority’s management;
v The Committee should recommend, if necessary, that further attention should be given to some of the issues raised;
3. To facilitate this process, attached as appendix A are synopses and summaries of significant audit work completed since the February 2005 report to the then Audit Panel.
FINANCIAL, LEGAL, CRIME AND DISORDER IMPLICATIONS
There are no significant financial or legal implications of this report, given that it is a progress report on the Internal Audit function. The Committee is reminded that the Council is required by statute (the Accounts and Audit Regulations) to have an adequate and effective Internal Audit function.
RELEVANT PLANS, POLICIES, STATEGIES AND PERFORMANCE INDICATORS
None.
CONSULTATION PROCESSES
None.
BACKGROUND PAPERS USED IN THE PREPARATION OF THIS REPORT
Audit project files held by G Richardson – ext 3683
APPENDICES ATTACHED
Appendix A – Summary of work completed.
APPENDIX A
1.
HOUSING AND COUNCIL TAX BENEFITS
This audit was carried out as part of the 2004-05 Audit Plan.
The overall objective of this audit was to provide assurance to management that Housing and Council tax Benefits systems were operating satisfactorily. Partial assurance can be given to management that the Benefit system is operating satisfactorily.
Significant findings were that:
v Systems for vetting benefits staff involved in visiting members of the public could be enhanced;
v The clarity and application of the benefits system access controls should be improved;
v The service has inadequate disaster recovery/business continuity plans;
v The service standards expected from ICT support have not been formally specified;
v There is an unacceptably high level of inconsistent and inaccurate assessment of benefit entitlement;
v The benefits system was not being reconciled to the general ledger;
v Processes to control the administration of un-presented cheques were not being appropriately and consistently applied;
v The classification of benefit overpayments between claimant and local authority error was not always being appropriately made;
v Some administrative delays are causing higher levels of overpayments than is necessary.
We made forty-eight recommendations for control improvements, forty-seven of which were accepted by management. The recommendation that was not agreed involved the suggested development of an exception report to guard against rent free weeks allowed by social landlords being missed by benefits staff. The production of such an exception report would not be cost effective.
2.
COUNCIL TAX
This audit was carried out as part of the 2004-05 Audit Plan agreed by the Audit Panel on 29 July 2004. The overall objective was to provide assurance to management that the Council’s Council Tax System is operating in accordance with management’s control arrangements and that they are adequate to ensure the integrity of the Authority’s Financial Management System. The audit was carried out by interviewing relevant officers and carrying out testing on selected areas to determine the level of compliance with Council policies and procedures.
Overall the systems within the Council Tax section are sound with effective controls and procedures in place. There were no major areas of concern.
However, the following areas were highlighted as requiring attention from management:
· After being informed that the Council Tax payer had moved out there were delays in acting to establish a liable party.
· Regular reviews were not carried out in respect of disabled band relief, single person’s discount and second home discount.
· Transactions posted to the Council Tax suspense account were not easily identifiable.
We made three recommendations which have been accepted by management.
3.
PAYROLL
This audit was carried out as part of the 2004-05 Audit Plan agreed by the Audit Committee on 29th July 2004. The overall objective was to provide assurance to management that the internal control system governing the payroll operation is performing in an adequate and effective manner. The audit was carried out by interviewing officers and carrying out testing on selected areas to determine the level of compliance with Council policies and procedures.
Fourteen recommendations have been made all of which have been accepted by management.
The main areas of significance were: -
(a)
Changes to Section 8 of the Asylum and Immigration Act 1996 from 1st
May 2004 - had not been fully implemented;
(b) The gross to net pay reports were found to be incorrect but were not being used any way;
(c) Updating FIDO (The General Ledger System) from PIPS (The Payroll System) - automated system contains errors;
(d) BACS payments to individual accounts –no electronic/hard copy held by Payroll since December 2004.
4.
PENSIONS
ADMINISTRATION
The audit was carried out as part of the 2004-05 Audit Plan agreed by the Audit Panel on 29 July 2004. The overall objective was to provide assurance to management that the Council’s Pensions System is operating in accordance with management control arrangements and that they are adequate to ensure the integrity of the Authority’s Financial Management System. The audit was carried out by interviewing relevant officers and carrying out testing on selected areas to determine the level of compliance with Council policies and procedures.
Overall the systems within the Pensions section are sound with effective controls and procedures in place. There were no major areas of concern.
However, the following areas were highlighted as requiring attention from management:
· Completion of life certificates for pensioners currently living abroad
· Reconciliation to the Main Accounting System on a quarterly / half yearly basis
· Details of BACS transaction need to be stored electronically in a secure location
· Formal succession planning is introduced within the section.
We have included four recommendations which have been accepted by management.
5.
BUILDING CONTROL
The audit was carried out as part of the
2004-05 Audit Plan agreed by the Audit Committee on 29th July 2004. The overall
objectives were to provide assurance to management that the objectives of the
service are being met and that appropriate risk mitigation strategies are in
place and operating satisfactorily.
6 recommendations have been made to management as a result of this audit to improve the effectiveness of Risk Management. The recommendations are summarised as follows:
· Update the Building Regulation Policy to reflect current working practices.
· Consider the use of competency matrices to identify training needs.
· Consider the risks involved in not adequately funding a pro-active response to works in progress.
· Reconcile income received to the main accounting system.
· Produce an action plan in respect of the Marketing Strategy.
· Consider the objectives and develop new targets for the Marketing Strategy.
Assurance can be given to management that
· The section is managed well
· Staff operate effectively as a team and are given adequate support
· The policies and procedures of the authority are being adhered to, and
· Risk mitigation strategies are effective.
6.
HOUSING RENEWAL
GRANTS
The audit was carried out as part of the 2004-05 Audit Plan agreed by the Audit Panel on 29 July 2004. The overall objective was to provide assurance to management that the Council’s Housing Renewal Grants System is operating in accordance with management control arrangements. The audit was carried out by interviewing relevant officers and carrying out testing on selected areas to determine the level of compliance with Council policies and procedures.
No significant findings were identified through testing. The system in place is well documented and procedures are followed by all relevant officers.
One minor recommendation has been made regarding the authorisation of invoices for payment and this has been agreed by management.
7.
SECTION 106 AGREEMENTS
The overall objective of the audit is to provide assurance to management that effective controls and procedures are in place to ensure that the system around Section 106 Agreements is operating effectively.
The audit was carried out by interviewing relevant officers and carrying out
testing on selected areas to determine the level of compliance with Council
policy and procedures.
Overall the systems in place relating to Section 106 Agreements are
sound with effective controls and procedures in place. There were no major
areas of concern however ten mainly administrative recommendations have been
made, which will strengthen the existing control framework.
Areas of significance were:-
·
Monies become due at a certain point in time during the
development and at present there is no system in place to ascertain when that
stage has been reached.
·
A number of Service Units are involved in Section 106
Agreements and each one maintains its own records. Comparison of the records revealed
a number of anomalies and regular reconciliations need to be carried out.
·
It is a statutory requirement that an official register
of Section 106 Agreements is kept and whilst there are a number of lists in
different units the Council does not have an official definitive register.
Despite these relatively minor issues, assurance can therefore be given to management that generally the systems in place are operating satisfactorily.
8.
TOURISM
The audit was carried out as part of the
2005-06 Audit Plan agreed by the Audit Committee on 29th July 2004.
The overall objectives were to provide assurance to management that the
objectives of the service are being met and that appropriate risk mitigation
strategies are in place and operating satisfactorily.
The risks identified in the workshop are understood and being effectively managed by the service.
Since taking
up his appointment the Head of Tourism has initiated effective performance
measurement and direction in the form of team business plans for the service.
Each plan details the following:
· The purpose of an element of the service,
· members of staff involved,
· Key aims an improvements for the current year,
· performance indicators ( in addition to those required for the QPMR process) and,
· Any potential resource issues.
This level of performance measurement should be given positive recognition and can only improve the performance of the service and will assist with the achievement of the service’s objectives.
In addition to this the Head of Tourism has developed, with staff, a guide to services that details the role of Tourism, services provided and the terms and conditions. This level of clarity about the service’s role is refreshing and will no doubt assist in the development of the service.
During the
course of the audit two main areas of concern where raised, relating to the
procedures for recording and retaining credit card information and the
provision of block discounts for businesses using the advertisement service. Other
recommendations have been made to improve the performance indicators used and
to clarify some of the terms and conditions within the guide to services.
9.
WIGHT LEISURE
The audit was carried out as part of the
2004-05 Audit Plan agreed by the Audit Committee on 29th July 2004. The objective of this audit was to establish
the extent to Wight Leisure are aware of their risks and are developing and
implementing effective control measures to manage risks.
As part of the audit process Risk Assessment Templates were completed with Wight Leisure. These document the current controls implemented by the section to manage risks and planned actions to improve their management. These planned actions include:
· A three year budget cycle to enable long term planning,
· Invest to save schemes
· Customer impact studies
· 5 year development plans
· bidding for inclusion within national scheme/ pilots and subsequent funding opportunities
· building on relationships with the media
Assurance can be given to management that
· overall the objectives of the service are being met and that current risk mitigation strategies are operating satisfactorily; and
· that the planned actions once implemented will improve the management of risk and increase the likelihood of achieving objectives.
10.
Environment
Services Overall Risk Management Arrangements
The audit was carried out as part of the 2004-05 Audit Plan agreed by the Audit Committee on 29 July 2004. The overall objective was to provide assurance to management that the Council’s Risk Management procedures within the Environment Directorate are operating in accordance with management control arrangements. The audit was carried out by interviewing relevant officers and carrying out testing on selected areas to determine the level of compliance with Council policies and procedures.
Risk Management at the IW Council is in its early stages. During a relatively short period of time significant steps have been taken to embed risk management particularly within service planning. For the purposes of this audit the intention was to provide assurance by establishing the quality of risk registers used within service planning and ascertain the effectiveness of and compliance with proposed and implemented control measures. All services had made some effort to comply with the risk requirements of service planning. The officers interviewed on the whole understood the risk management process and control measures were understood and had either been implemented or appropriate actions were in progress.
It is the intention that in future audits we will be looking for:
· performance measures to be in place to evaluate the effectiveness of these control measures.
· We will check the quality of information used in the completion of performance indicators and to ensure that risk registers are used effectively in the management of the service.
· Before this can happen the quality of the majority of risk registers used in the Environment Directorate needs to be improved significantly. At the time of the audit three services within the Directorate had not developed their Risk Registers sufficiently. Corrective action has now been taken. Processes need to be in place to ensure all relevant risks are included and given appropriate scores.
· As a step towards this it is recommended that whilst the service planning process only requires Risk Assessment Templates to be completed for risks that score 8 or above, templates are completed for all risks within the service register to ensure that management can monitor any changes either in the behaviour of a risk or the performance of control measures.
· It is also recommended that formal monitoring of the effectiveness of control measures is included in either the Personal Development Review process or at regular planned meetings with officers.
· The development of risk registers is given a higher priority within service planning and appropriate resources are allocated by the service to ensure that registers are both relevant and comprehensive.
11.
ENVIRONMENTAL
HEALTH
The audit was carried out as part of the
2004-05 Audit Plan agreed by the Audit Committee on 29th July 2004. The objective of this audit was to establish
the extent to which Environmental Health are aware of their risks and are
developing and implementing effective control measures to manage risks.
As part of the audit process Risk Treatment Action Plans were completed with Environmental Health. These document the current controls implemented by the section to manage the risk and planned actions to improve the management of risks. These planned actions include:
· Restructuring teams into multi skilled officers within North and South areas
· Consider employing agency staff at peak times,
· Using a competency matrix as a training tool,
· Improving relocation package
· Better use of IT to increase efficiency/productivity,
· Increase awareness of public to the limitations of the service,
· Frequently asked questions (FAQs) to be put on the website.
Assurance can however be given to management that
· overall the objectives of the service are being met and that current risk mitigation strategies are operating satisfactorily and,
· that the planned actions once implemented will improve the management of risk and increase the likelihood of achieving objectives.
12.
PROPERTY SERVICES
The audit was carried out as part of the
2004-05 Audit Plan agreed by the Audit Committee on 29th July 2004. The objective of this audit was to establish
the extent to which Property Services are aware of their risks and are
developing and implementing effective control measures to manage risks.
As part of the audit process Risk Assessment Templates were completed with Property Services. These document the current controls implemented by the section to manage the risk and planned actions to improve the management of risks. These planned actions include:
· Write new asset management plan,
· Review SLAs with Clients such as Courts and School Dioceses,
· Buildings condition review
· DIY manual for Headteachers
· Consider more working from home with broadband connections for surveyors
· Review possible increases in fee structure
· Work load planning
Assurance can be given to management that
· overall the objectives of the service are being met and that current risk mitigation strategies are operating satisfactorily; and
· that the planned actions once implemented will improve the management of risk and increase the likelihood of achieving objectives.
13. SCHOOL VISITS
During the year full audits have been carried out in two Middle Schools, nine Primary Schools and one Special School. In addition audit reviews have taken place at every other school. Reports have been issued to each school with copies sent to Education Finance and the relevant Link Inspector.
Overall the administration and general management within the schools were found to be satisfactory, however the audits visits raised a number of control weaknesses, which were common to many of the schools. These included:
· Failure to review Committee Terms of Reference annually
· Failure to review the Register of Business Interests annually.
· Delays in the production and/or audit of school fund accounts.
· Failure to record approval of Terms of Reference / School Fund Accounts in the minutes.
· Copy of the approved budget not filed with the relevant Governors minutes.
During the course of two of the audits it was noted that a Governor was
employed or to be employed at the schools concerned. In both cases it was
pointed out that this is not allowed under the School Governance (Procedures) (England) Regulations 2003, and the
situation was rectified.
14.
RISK
MANAGEMENT – ADULT & COMMUNITY SERVICES
The audit was carried out as part of the 2004-05 Audit Plan agreed by the Audit Panel on 29 July 2004. The overall objective was to provide assurance to management that the Council’s Risk Management procedures within the Adult and Community Services Directorate are operating in accordance with management control arrangements. The audit was carried out by interviewing relevant officers and carrying out testing on selected areas to determine the level of compliance with the Council’s policies and procedures.
Within this directorate the development of risk registers for service planning and use as an effective management tool has been given priority. This has resulted in accurate and relevant risk registers. Whilst in the majority of the authority Risk Management is still to be fully embedded, within the Adult and Community Services Directorate there is a good level of understanding of Risk Management. Even areas of the Directorate that have adopted Risk Management as a relatively new concept, such as Community Development and Leisure Services, have a good understanding of the requirements and have embedded processes into the general management of the service.
It is the intention that in future audits we will be looking for;
· Performance measures to be in place to evaluate the effectiveness of identified control measures
· We will check the quality of information used in the completion of performance indicators and to ensure that risk registers are used effectively in the management of the service
· Formal monitoring of the effectiveness of control measures is carried out in parts of the directorate as part of the Personal Development Review process or at regular meetings with officers. We would like to see this rolled out to the whole directorate.
· It is also recommended that whilst service planning only requires Risk Assessment Templates to be completed for risks that scored 8 or above, templates are completed for all risks within the service registers to ensure that management can monitor any changes either in the behaviour of a risk or the performance of control measures.