APPENDIX A
INTERNAL AUDIT
ANNUAL REPORT & OPINION
2020/2021
1. Internal Control and the Role of Internal Audit
1.1 All local authorities must make proper provision for internal audit in line with the 1972 Local Government Act (S151) and the Accounts and Audit Regulations 2015. The full role and scope of the Council’s Internal Audit Service is set out within our Internal Audit Charter.
1.2 It is a management responsibility to establish and maintain internal control systems and to ensure that resources are properly applied, risks appropriately managed and outcomes achieved.
1.3 Annually the Chief Internal Auditor is required to provide an overall opinion on the Council’s internal control environment, risk management arrangements and governance framework to support the Annual Governance Statement.
2. Delivery of the Internal Audit Plan
2.1 The Council’s Internal Audit Strategy and Plan is updated each year based on a combination of management’s assessment of risk (including that set out within the departmental and strategic risk registers) and our own risk assessment of the Council’s major systems and other auditable areas. The process of producing the plan involves extensive consultation with a range of stakeholders to ensure that their views on risks and current issues, within individual departments and corporately, are identified and considered.
2.2 The impact of the Covid 19 has made 2020/21 a unique year for Internal Audit as was the case for the vast majority of the services we have audited. This has meant that we have had to adopt our working practices, reschedule audits and make a much greater number of amendments to the year’s audit plan than would normally be the case.
2.3 The significant changes to our workplan meant that it was necessary to produce a revised audit plan part way through the year. This was agreed by the Audit & Standards Committee in October 2020 and replaced the Internal Audit Plan that was approved in March 2020.
2.4 In addition, Orbis Internal Audit redeployed some of its resources during the year to support the Covid 19 response and recovery work streams across the Council. This work has been detailed in our quarterly update reports but is also summarised elsewhere in this report.
2.5 During 2020/21 we have seen a substantial increase in the number of government grants that need to be certified by Internal Audit, all of which are specific to supporting the City Council through the pandemic. In addition, significant resources have been directed to providing advice and support on system changes (to support remote working) and data analytics to identify any issues arising from new ways of working.
2.6 Notwithstanding the above, we have still been able to deliver sufficient audit and assurance activity within the year to enable us to form an overall annual audit opinion for the Council in the normal away. This includes delivery of the revised programme of audits and investigating any allegations of fraud and other irregularities.
2.7 All adjustments to the audit plan were agreed with the relevant departments and reported throughout the year to the Audit & Standards Committee as part of our periodic internal audit progress reports. It should be noted that whilst there were a number of audits reports still in draft at the year-end, the outcomes from this work have been taken into account in forming our annual opinion. Full details of these audits will be reported to the Audit & Standards Committee once each of the reports have been finalised with management.
3. Audit Opinion
3.1 No assurance can ever be absolute; however, based on the internal audit work completed, the Chief Internal Auditor can provide reasonable([1]) assurance that Brighton & Hove City Council has in place an adequate and effective framework of governance, risk management and internal control for the period 1 April 2020 to 31 March 2021.
3.2 Further information on the basis of this opinion is provided below. Overall, whilst the majority of audit opinions issued in the year were generally positive, internal audit activities have identified a number of areas where the operation of internal controls has not been fully effective, as reflected by one minimal assurance opinion and the number of partial assurance reports issued in the year.
3.3 Where improvements in controls are required as a result of any of our work, we have agreed appropriate remedial action with management.
4. Basis of Opinion
4.1 The opinion and the level of assurance given takes into account:
· All audit work completed during 2020/21, planned and unplanned;
· Follow up of actions from previous audits;
· Management’s response to the findings and recommendations;
· Ongoing advice and liaison with management, including regular attendance by the Chief Internal Auditor and Audit Managers at organisational meetings relating to risk, governance and internal control matters;
· Effects of significant changes in the council’s systems;
· The extent of resources available to deliver the audit plan;
· Quality of the internal audit service’s performance.
4.2 No limitations have been placed on the scope of Internal Audit during 2020/21, however, as explained above, Covid 19 and remote working have impacted on how our work was delivered, with a number of specific audits having to be rescheduled or in some cases, replaced with other activities.
4.3 It should be noted Covid 19 has had a significant impact on many of the services we have audited in the 2020/21 financial year. In some instances this has led to a reprioritisation of work to front line services which has meant that some projects to improve the management of internal control risks have been delayed.
5. Key Internal Audit Issues for 2020/21
5.1 The overall audit opinion should be read in conjunction with the key issues set out in the following paragraphs. These issues, and the overall opinion, have been taken into account when preparing and approving the Council’s Annual Governance Statement.
5.2 The internal audit plan is delivered each year through a combination of formal reviews with standard audit opinions, direct support for projects and new system initiatives, investigations, grant audits and ad hoc advice. The following graphs provide a summary of the outcomes from all audits finalised during 2020/21:
Audit Opinions
*Not applicable: Includes grant certifications and audit reports where we did not give a specific audit opinion.
5.3 A full listing of all completed audits and opinions for the year is included at Appendix C, along with an explanation of each of the assurance levels. During 2020/21, one audit was completed, relating to a follow up on Housing Temporary Accommodation, where we have concluded minimal assurance. Once finalised, details of the report’s findings and agreed actions will be presented to the September 2021 Audit & Standards Committee.
5.4 In addition to the above, a total of seven audits received partial assurance opinions within the year as follows:
· Debtors;
· Direct Payments (Follow-up);
· IT Access Management;
· Home Care (Follow-up);
· Housing Management System implementation (Draft);
· Housing Repairs Service;
· Working Time Directive (Follow-up).
5.5 Whilst actions arising from these reviews will be followed up by Internal Audit, either through specific reviews or via established action tracking arrangements, it is important that management take prompt action to secure the necessary improvements in internal control.
Key Financial Systems
5.6 Given the substantial values involved, each year a significant proportion of our time is spent reviewing the Council’s key financial systems, both corporate and departmental. Of those completed during 2020/21, all of these have resulted in either substantial or reasonable assurance being provided over the control environment, with the exception of the Debtors System. This replicates our conclusion on the Debtors System in both 2018/19 and 2019/20 and therefore remains a concern, albeit recognising that the delivery of the service has been impacted by the Covid 19. A comprehensive project is, however, now in place to improve the service with details of the improvement plans reported in detail by management to the Audit & Standards Committee.
5.7 At the year-end we had not completed our work on the Council Tax system, and the audit of the Housing Benefits system was removed from the revised audit plan for the year. Both of these audits will be delivered in the first quarter of 2021/22.
Housing Audits
5.8 During 2020/21, we carried out a number of audits of housing related areas within the Housing Neighbourhoods and Communities Directorate. Two of these audits resulted in partial assurance opion and one minimal assurance. These were:
· Housing Management System Implementation (Partial Assurance);
· Housing Repairs Service (Partial Assurance);
· Housing Temporary Accommodation (Minimal Assurance).
5.9 In addition, another (non-opinion) review was carried out following concerns being raised about some of the procurement arrangements within the housing response repairs service, which also identified the need for improvements in control.
5.10 It should however be noted, when considering all of the above findings, that Covid 19 has had a significant impact on all housing activities, including the demand for temporary accommodation services. As such, resources have naturally been prioritised to meet operational demands during this period. Likewise, the housing repairs service has also been significantly impacted by the pandemic, along with the challenges of being the first year of insourcing, which was also impacted by industrial relations and associated resourcing issues. Management have recognised the importance of strengthening arrangements in the future and this is something Internal Audit will aim to activity contribute to.
Other Internal Audit Activity
5.11 During the year, Internal Audit have continued to provide advice, support and independent challenge to the organisation on risk, governance and internal control matters across a range of areas. These include:
· Orbis Customer Board/DMT/Finance & Resources Lead Business Partners Meetings;
· Business Intelligence Group/ Governance Assurance Meetings;
· Corporate Risk Assurance Group;
· Whistleblowing Co-ordination Meetings;
· Information Governance Board.
5.12 As well as actively contributing to, and advising these groups, we utilise the intelligence gained from the discussions to inform our own current and future work programmes to help ensure our work continues to focus on the most important risk areas.
5.13 In addition, for 2020/21, we have provided significant support to individual Covid 19 response and recovery work streams. As noted in our quarterly progress reports this has included:
· Verification of Business Rate Grants: including verification of individual grants and undertaking batch verification checks, assisting in overall risk assessments and post payment verification plans;
· Supporting the Ways of Working Recovery Group;
· Supporting Public Health with the Covid-19 related work;
· Supporting the set up the Council’s own food bank in the city centre and providing advice over the administration of food purchasing;
· Helping to administer a city-wide volunteer register;
· A redeployment to the Community Hub within Adult Social Care;
· A redeployment to provide project support to the Vulnerable Housing Cell;
· Supporting the Executive Director of Health & Adult Social Care with the completion of a Local Care Home Support Plan;
· Supporting the Ways of Working Recovery Group Governance and Accountability working groups and Programme Management Office Covid-19 meeting/group;
· Supporting the delivery of Council Covid-19 newsletters to households across the city;
· Laptop distribution to priority staff.
Anti-Fraud and Corruption
5.14 During 2020/21, the Internal Audit Counter Fraud Team continued to deliver both reactive and proactive fraud services across the Orbis Partnership.
5.15 The team logged 43 allegations under the Council’s Anti-Fraud and Corruption Strategy, with cases being identified through the Council’s confidential reporting hotline or referrals from other departments. As a result of the allegations, 36 cases were taken forward to investigation by Internal Audit or support was provided to a management investigation. Seven cases were logged with no action required or insufficient information to progress an investigation.
5.16 The following provides a summary of the investigation activity undertaken by the Internal Audit Counter Fraud Team in the last 12 months:
• Providing the Business Rates Team with advice and support when administering applications for the Small Business Grant and the Retail, Hospitality and Leisure Grant Fund. The team have also received 20 referrals of alleged false applications for the grant. 18 referrals were investigated and resulted in the recovery of £10,000 that had been wrongfully paid out, as well as the prevention of payment of several other grants.
• The team investigated an allegation that a member of staff had ordered goods for private use on a Corporate Amazon account and then attempted to conceal the theft by deleting and falsifying records. The investigation uncovered goods to the value of £3,908 had been purchased by the member of staff. The full value of the loss has been recovered and the employee subsequently resigned before a disciplinary hearing took place.
• Following the HR team raising a concern relating to a declaration of interest submission, we undertook an investigation into a member of staff who had a financial interest in an external Brighton & Hove City Council business that was frequently engaged to carry out work for the Council. The investigation concluded that there was no misconduct by the member of staff, but that there was a potential conflict of interest that needed to be effectively managed. The declaration of interest has since been reviewed and management controls implemented by the member of staff’s line manager.
• Advice was provided to a service following concerns being raised over a potential bank mandate fraud by a PPE provider. The service later advised that there was no case to answer.
• The team investigated an allegation that a community interest company had made a false claim to the Communities Fund for a grant to assist them to put in place policies and procedures that were COVID-19 compliant. However, investigation has confirmed that there was no case to answer.
• Following referrals from the Council’s Parking Department, we have undertaken five investigations into alleged fraudulent applications for residents parking permit. The investigations have resulted in four permits being either stopped or cancelled.
• Advice and support continues to be provided to Adult Social Care on individual cases where concerns have been expressed over false applications, the potential deprivation of capital and the misuse of direct payments.
5.17 Four investigations remain open at the time of writing this report.
5.18 In addition to the above, a key focus area remains housing tenancy fraud and local taxation. Resources have been impacted by COVID-19, especially with the redeployment of key staff, however, the following progress has still been made:
• Tenancy fraud identified in 6 cases, resulting in 5 properties returned to the Council;
• The recovery of £1,386 in housing benefit overpayment and £9,984 in Council Tax Reduction overpayments;
• Single Person Discounts to the value of £22,935 have been removed from Council Tax accounts following investigation.
5.19 Any internal control weaknesses identified during our investigation work are reported to management and actions for improvement are agreed. This work is also used to inform future internal audit activity.
5.20 As well as the investigation work referred to above, we continue to be proactive in the identification and prevention of potential fraud and corruption activity across the Authority and in raising awareness amongst staff.
|
Priority |
Progress to date |
|
Reactive investigations |
The Counter Fraud Team is responsible for assessing and evaluating fraud referrals received by each sovereign partner, and then leading on subsequent investigations. The team have implemented a coordinated approach to assessing and logging referrals and adopted consistent procedures for recording investigations and continue to work with sovereign audit teams to investigate allegations across the partnership. |
|
NFI Exercise |
Internal Audit coordinated the recent submission of Council datasets to the biennial NFI exercise. The results from the data matching were provided to the Council on 31 January 2021 and Internal Audit have been liaising with the relevant departments to ensure that flagged matches are investigated and actioned appropriately. Results from the exercise will be shared with the committee in future progress updates. |
|
Counter Fraud Policies |
Each Orbis partner has in place a Counter Fraud Strategy that sets out their commitment to preventing, detecting and deterring fraud. Internal Audit has reviewed the sovereign strategies to align with best practice and to ensure a robust and consistent approach to tackling fraud. These were approved by Audit & Standards Committee on 10 March 2020 and are now available on the council’s intranet. |
|
Fraud Risk Assessments
|
Fraud risk assessments are regularly reviewed to ensure that the current fraud threat for the Council has been considered and appropriate mitigating actions identified. We have updated the risk assessment to include new and emerging threats as a result of Covid 19. This includes potential threats to payroll, staff frauds relating to home working and cyber frauds. |
|
Fraud Response Plans |
The Fraud Response Plans take into consideration the results of the fraud risk assessments and emerging trends across the public sector in order to provide a proactive counter fraud programme. The Fraud Response Plan for 2020/21 included a pilot data analytics programme for key financial systems. The pilot is currently paused and will be reviewed. The Fraud Response Plans will be refreshed for 2021/22 and will set out the proactive work plan for Internal Audit. |
|
Fraud Awareness
|
The team have published fraud bulletins raising awareness to emerging threats, in particular risks from the Covid 19 pandemic. These have been published on the intranet and shared with high risk service areas. In addition, the team continuing to monitor intel alerts and work closely with neighbouring councils to share intelligence and best practice. |
Amendments to the Audit Plan
5.21 In accordance with proper professional practice, the Internal Audit plan for the year was kept under regular review to ensure that the service continued to focus its resources in the highest priority areas based on an assessment of risk. As already noted, Covid 19 meant that for the first time, we found it necessary to revise and re-issue the audit plan part way through the year. This update was presented to and approved by the October 2020 Audit & Standards Committee. However, even since then, revised plan was issued, a number of further additions and amendments have taken place, principally as a result of the most recent national lockdown. This includes the following addition audit activities:
· Review of Payroll Control Issues;
· IT Access Management;
· Middle Street Primary School;
· Public Convenience Contract Issues;
· Housing Repairs Subcontractor Issues;
· Asset Management During Covid 19;
· Emergency Active Travel Grant.
5.22 In order to allow these additional activities to take place, the following audits have been removed or deferred from the audit plan and, where appropriate, will be considered for inclusion in future audit plans as part of the overall risk assessment completed during the annual audit planning process. These changes have been made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits:
· School attendance;
· Better Lives, Stronger Communities Programme;
· Health and Social Care Integration;
· Children's Safeguarding Data Handling.
6. Internal Audit Performance
6.1 Public Sector Internal Audit Standards (PSIAS) require the internal audit service to be reviewed annually against the Standards, supplemented with a full and independent external assessment at least every five years. The following paragraphs provide a summary of our performance during 2020/21, including the results of our first independent PSIAS assessment, an update on our Quality Assurance and Improvement Programme and the year end results against our agreed targets.
PSIAS
6.2 The Standards cover the following aspects of internal audit, all of which were independently assessed during 2018 by the South West Audit Partnership (SWAP) and subject to a refreshed self-assessment in 2020/21:
· Purpose, authority and responsibility;
· Independence and objectivity;
· Proficiency and due professional care;
· Quality assurance and improvement programme;
· Managing the internal audit activity;
· Nature of work;
· Engagement planning;
· Performing the engagement;
· Communicating results;
· Monitoring progress;
· Communicating the acceptance of risks.
6.3 The results of the SWAP review and our latest self-assessment found a high level of conformance with the Standards with only a small number of minor areas for improvement. Work has taken place to address these issues, none of which were considered significant, and these are subject to ongoing monitoring as part of our quality assurance and improvement plan.
Key Service Targets
6.4 Performance against our previously agreed service targets is set out in Appendix B. Overall, client satisfaction levels remain high, demonstrated through the results of our post audit questionnaires, discussions with key stakeholders throughout the year and annual consultation meetings with Chief Officers.
6.5 As reported a small number of outstanding reviews were nearing completion at year end and, due to the impact of the Covid 19 crisis, there were a number of reports still in draft at the year end. Where this is the case, this is noted against the title of the audit in this report.
6.6 Internal Audit will continue to liaise with the Council’s external auditors (Grant Thornton) to ensure that the Council obtains maximum value from the combined audit resources available.
6.7 In addition to this annual summary, ELT and the Audit & Standards Committee will continue to receive performance information on Internal Audit throughout the year as part of our quarterly progress reports and corporate performance monitoring arrangements.
Appendix B
Internal Audit Performance Indicators 2020/21
|
Aspect of Service |
Orbis IA Performance Indicator |
Target |
RAG Score |
Actual Performance |
|
Quality
|
Annual Audit Plan agreed by Audit Committee (2020/21) |
By end April |
G |
Approved by Audit & Standards Committee on 10 March 2020. |
|
Annual Audit Report and Opinion (2019/20)
|
By end July |
G |
Approved by Audit & Standards Committee on 3 July 2020. |
|
|
Customer Satisfaction Levels |
90% satisfied
|
G |
100% |
|
|
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
90% |
Not applicable |
During the COVID-19 pandemic, the audit plan was suspended before being revised and reauthorised. As a result this PI is not applicable. |
|
Compliance with Professional Standards |
Public Sector Internal Audit Standards |
Conforms |
G
|
January 2018 – External assessment by the South West Audit Partnership gave an opinion of ‘Generally Conforms’ – the highest of three possible rankings
|
|
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures and Investigations Act |
Conforms |
G
|
No evidence of non-compliance identified. |
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
95% for high priority agreed actions |
A |
93.8% |
|
Our staff |
Professionally Qualified/Accredited
|
80% |
G |
94% |
Appendix C
Summary of Opinions for Internal Audit Reports Issued During 2020/21
Substantial Assurance:
(Explanation of assurance levels provided at the bottom of this document)
|
Audit Title |
Department |
|
Budget Management |
F&R |
Reasonable Assurance:
|
Audit Title |
Department |
|
Business Rates |
F&R |
|
Care System Replacement Project – Eclipse |
HASC/FCL |
|
City Clean Fleet (Follow-up) |
EEC |
|
Cloud Computing (2019/20) |
F&R |
|
Creditors |
F&R |
|
Cyber Security |
F&R |
|
GDPR (Follow-up) |
F&R |
|
Hospital Discharge Arrangements |
HASC |
|
IT Asset Management during Covid 19 |
F&R |
|
Patch Management |
F&R |
|
Payroll (Draft) |
F&R |
|
Recruitment (Draft) |
F&R |
Partial Assurance:
|
Audit Title |
Department |
|
Debtors |
F&R |
|
Direct Payments (Follow-up) |
HASC |
|
IT Access Management |
F&R |
|
Home Care (Follow-up) |
HASC |
|
Housing Management System implementation (Draft) |
HNC |
|
Housing Repairs Service |
HNC |
|
Working Time Directive (Follow-up) |
F&R |
Minimal Assurance:
|
Audit Title |
Department |
|
Housing Temporary Accommodation (Follow-up) – (Draft) |
HNC |
Grant Claims
|
Audit Title |
Department |
|
Covid 19 Bus Services Support Grant |
EEC |
|
Emergency Active Travel Grant |
EEC |
|
EU Grant - Sustainable Housing Initiatives in Excluded Neighbourhoods (SHINE) |
HNC |
|
EU Grant – Solarise |
HNC |
|
EU Grant- Providing Access to Childcare and Employment (PACE) |
FCL |
|
EU Grant - Shaping Climate change Adaptive PlacEs (SCAPE) |
EEC |
|
EU Interreg Grant - BioCultural Heritage Tourism project |
EEC |
|
Home to School Transport (COVID 19) Grant (3 Claims) |
FCL |
|
Transport Capital Grants (2 Claims) |
EEC |
Other Audit Activity Undertaken During 2020/21
|
Department |
|
|
Covid 19 System Changes |
F&R |
|
Data Analytics - Creditors |
F&R |
|
Data Analytics – Purchasing Cards |
F&R |
|
DFE Laptop Scheme |
FCL |
|
Public Conveniences – Contract Management Issues |
HNC |
|
Housing Repairs – Subcontractor Issue (Draft) |
HNC |
|
Middle Street Primary School |
FCL |
|
Payroll Control Issue |
F&R |
Audit Opinions and Definitions
|
Opinion |
Definition |
|
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
|
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
|
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |
Appendix D
Internal Audit work completed in Quarter 4 2020/2021
Budgetary Management – Substantial Assurance
Budget management processes are key to ensuring that the Council has effective mechanisms to align financial resources to corporate priorities and to allow the early identification of actual and potential overspends.
The City Council’s gross budget for 2020/21 was £780m.
Budget forecasting during 2020/21 has been extremely challenging, with many uncertainties over income budgets (due to numerous lockdowns and restrictions). The was further complicated by the various Covid-19 grants due to the Council coming onstream at different times of the year (some with very little notice), along with unbudgeted expenses such as for PPE, food banks, and sheltering rough sleepers. Initial estimates at the start of the year were a forecast of around £35million deficit.
The aim of this audit was to provide assurance that controls are in place to meet the following objectives:
· A properly evidenced and accurate budget is set and approved in accordance within the required timeframes;
· Budget monitoring reports to senior managers and Members are accurate, consistent and timely;
· There is an effective budget monitoring process embedded throughout the organisation;
· Where adverse budget reporting is identified, concerns are escalated and remedial action is taken to enable budgets to be met;
· Savings are being delivered in accordance with the plan for that financial year.
The audit concluded substantial assurance and found that key decision dates in relation to the preparation of the budget and reporting to Members (via Policy & Resources Committee) were maintained during 2020/21. Our testing confirmed that the approved budget was correctly loaded into Civica (general ledger).
The Targeted Budget Management process (TBM) continues to work well and budget holders are supported by their Finance Officers to record and report variances via a Sharepoint site.
TBM reports to Policy & Resources Committee have been clear in reporting our current financial position, and in setting out various scenarios to guide Members in their decision making. Significant variances are reported through to P&R reports, along with the supporting narrative, to enable Members clear oversight and provide evidence for any consequential decisions on that service.
Our testing on high value virements showed that all the required evidence and approvals had been obtained.
Three actions for improving controls were agreed , although two were low priority. These were:
· To improve the detailed narrative to support the communication of savings table in P&R reports;
· Improvements to the process to ensure that the general ledger accurately reflects current budget holders and Finance Officers;
· Updating budget management guidance on the Council’s intranet.
Business Rates – Reasonable Assurance
Business Rates processes have been significantly impacted by Covid 19 and the decision of central government not to charge any rates on a large number of properties during 2020/21.
As at September 2020 (the date our audit work was carried out), the collection fund was forecast to be in deficit by £7.184m at the year-end. This was based on the estimated impact of Covid 19 on reduced collection of business rates income and potential business failures, equating to 5% of the original net rates payable and increased empty property relief. The Council’s 49% share of the deficit is £3.520m.
Our audit concluded reasonable assurance, with fully documented processes is in place to ensure the business rates system complies with legislation. A robust and documented series of checks and reconciliations remained in place to ensure the 2020/21 annual billing process was accurate and that business rates bills contained all mandatory information.
Whilst weekly amendments were still being sent to the Valuation Office Agency (VOA), COVID-19 has impacted on this process, causing a significant backlog of amendments to the Council's rateable values.
At the time of audit, inspectors had not been allowed to enter premises since March and have only recently been able to carry out walk and drive-by inspections.
Monitoring of arears has remained in place but enforcement action has not taken place in most instances because of Covid 19.
Some key information, in the form of a property forecast spreadsheet, was not being updated and provided to the Revenue Accountant to assist with revenue forecasting at key dates during the financial year.
Due to resourcing issues, management had not been sampling data input by staff to verify accuracy and entitlement to any relief applied to an account in the financial year and not all types of write offs were being scheduled on a regular basis during.
Areas for improvement were identified, as follows, all of which have been agreed with management:
· an updated property forecast spreadsheet has been provided to Finance to improve budget forecasting;
· the control over the authorisation of high value refunds to be reinforced;
· the reintroduction of inspections to monitoring void and zero-rated properties on a regular basis;
· the reintroduction of quality assurance testing where reliefs are applied to accounts;
· reintroduce normal debt recovery and enforcement visits as soon as circumstances allow.
Care System Replacement Project – Eclipse – Reasonable Assurance
The CareFirst system has been used to support services provided to social work clients (both children and adults) since 1999. It is a critical system and is used by over 1,100 Council staff. The system supports the day to day case management of social work processes and the financial transactions associated with this work.
Following evaluation of a range of options, a decision was made in 2018 to replace CareFirst with OLM’s new system, Eclipse.
A previous internal audit report was issued in July 2018 which covered the early stages of the project, including the business need, stakeholder engagement, governance and assurance, and resources and planning.
The purpose of this latest audit was to provide assurance that controls are in place to meet the following objectives:
· Effective quality and cost controls are in place;
· Risk management is appropriately addressed;
· Reporting and communication during the programme is well managed;
· Detailed implementation and change management plans are in place;
· Delivery of the Eclipse Digital Project is on track, with expected outcomes clearly defined.
The audit found that there is regular monitoring of expenditure against the budget, and the budget has been subject to periodic review. At the time of writing, the Eclipse programme is forecast to be delivered within budget.
Detailed implementation, testing and training plans were prepared, and there is an effective system in place (JIRA) for managing errors, issues, and enhancements. This is monitored daily by the Programme Manager. An effective change management process has also been set up.
Risk logs have been created for each of the various project strands. Risks are raised in highlight reports and are discussed in Board meetings. However, a programme-wide review of the risk logs has not taken place, and our audit has found that some of the logs are incomplete.
As at the time of our review, it was noted that although the system was scheduled to go live on the 12th April 2021, this had been delayed, with a revised anticipated go live date later in the summer of 2021. There are various reasons for these delays including issues with the procurement, legal matters, and the impact of Covid 19.
We also noted that a significant proportion of the Programme Board meetings scheduled to take place monthly during 2020 had either been cancelled or had taken place without the Senior Responsible Officer being present, reducing effective oversight and governance.
While the main focus of this audit was on the replacement of the core case management system, our review was expanded to consider risks relating to the Digital Project (formerly Sustainable Social Care), which had become part of a wider Eclipse Programme in 2019. It has subsequently been decided by senior management that the Digital projects will be removed from the Eclipse programme and transferred to the respective HASC and FCL modernisation programmes, all of which will be the subject of separate audits in the future. It should be noted however, that we found that the original business case and the Project Initiation Document (PID) were both lacking a detailed timetable for the implementation of the various Digital projects.
Actions have been agreed with management to address all of the issues arising from this work.
Creditors – Reasonable Assurance
This was the annual key financial systems audit of the Creditors/ Accounts Payable systems at the Council. For 2020/21, our work was supplemented by a Creditors Data Analytics exercise that was undertaken and reported earlier in the financial year.
During the period 1 April 2020 to 30 November 2020, there were 282,000 creditor transactions totalling £336 million.
Overall, our audit found that most key controls were in place and operating as expected. This included that:
· The controls over the processing, approval and payment of invoices;
· Payment runs are subject to review and testing to ensure that payments made are accurate and correct and any errors are adequately rectified;
· BACS payments are reconciled against the relevant creditor reports prior to release and are subject to appropriate authorisation;
· There is a clear process in place for the creation and authorisation of new creditors with appropriate separation of duties within the process;
· Reconciliation between the Creditor’s systems and the General Ledger is undertaken effectively.
Whilst this was the case, a number of areas for improvement were also identified and agreed with the service. These were to:
· Increase the percentage of purchase orders raised in advance in advance of orders being placed;
· Monitor and ensure that low value orders are not split to circumvent officer authorisation limits;
· Introduce a control to ensure that the correct authorisation limits are always uploaded to the system;
· Continue to apply and document security checks to ensure that any changes to customer bank accounts protect the council from the risk of fraud.
Cyber Security during Covid – Reasonable Assurance
Cyber-attacks on the Council’s IT systems and devices are a threat to the security of the Council’s data and could have a significant adverse impact on service delivery. Cyber security refers to the measures in place to combat these threats, and is defined as the protection of information systems, the data on them, and the services they provide, from unauthorised access, harm or misuse.
During the Covid-19 pandemic, the majority of Council employees have been working remotely, a change which was, through necessity, introduced quickly. For this reason, the Council is even more reliant on its IT network infrastructure.
This audit sought to evaluate whether suitable controls in relation to cyber security have remained in place, taking into account this new way of working, and to ensure new controls are introduced where there are new or emerging risks as a result. Arrangements for protecting Council information systems, data and services, and the approach to responding to identified incidents were also considered, primarily via structured interviews with key staff within Information Security.
We do not intend to share the specific details of our findings here, as this information may be used to increase the risks of a successful cyber-attack, however, based upon testing we have undertaken, we are able to provide assurance that there have been no significant changes in cyber security arrangements due to remote working and other factors associated with the Council’s response to the Covid-19 pandemic. Having said this, it was noted that some previously identified control weaknesses in relation to cyber security remained in place, presenting a level of ongoing risk.
Overall, the audit provided Reasonable Assurance with two medium risk findings being identified. Appropriate actions to mitigate the risks associated with these findings have been agreed with management.
Hospital Discharge Arrangements – Reasonable Assurance
This audit of hospital discharge arrangements was included on our original 2020/21 audit plan with the report finalised in March 2021.
The discharge of patients from hospital to home or a supported care facility is a key process in terms of both the health and wellbeing of the patient and the costs of future care provision for that individual. A ‘delayed transfer of care’ (DTOC) can occur when a patient is ready to leave hospital but is still occupying a bed. Hospital discharges of patients transferring from NHS care to Council funded social care placements are monitored by both the NHS and the Council, as both parties have a shared objective to minimise delayed transfers.
These arrangements were significantly impacted by Covid 19 with the publication of local DTOC figures by NHS England paused from February 2020. This measurement has previously been one of the Council’s key performance indicators. The rate of DTOC for BHCC, attributable to social care transfers between April 2019 and February 2020, rose to 6.07 against a target of 4.7 days per 100,000 and was an increase on the 4.7 days per 100,000 in 2018/19. The 4.7 day figure was significantly higher than the national average of 3.1 days in 2018/19.
The purpose of our audit was to provide assurance that controls are in place to meet the following objectives:
· Governance and accountability arrangements are clearly documented and communicated between organisations for discharge planning;
· There is capacity in the system to meet the demand and commissioning arrangements maximise the opportunity for efficient and effective placements to be made;
· Effective performance monitoring is in place. This ensures that shortfalls in the process can be captured to improve the patient experience, remedy immediate problems and manage the budget impact.
The audit concluded reasonable assurance. It found that the hospital discharge process is complicated but is well documented and effectively managed via agreed pathways. There is regular communication and agreement between the various organisations involved in hospital discharge. Overall success in preventing delays in discharge and ensuring patients are on the right pathway is dependent on the partnership arrangements and further integration is planned between health and social care services.
The service has responded quickly to changes in the discharge process from central government to manage hospital beds during the Covid- 19 pandemic.
There were two of areas of improvement identified during our review:
· The first related to delays to the care assessment reviews that should take place between 4-6 weeks of a patient being discharged. For many patients their need for support and additional care will decrease as they leave hospital and begin to recover. Delays to these assessments have a financial impact on the Council as we may be paying for services that are no longer required;
· The second relates to a shortage of intermediate care beds or ‘step down beds’, particularly for those with complex needs. These act as a transition between hospital and primary care and provide bed- based care, rehabilitation and reablement services. This has already been recognised by the CCG and Council and during the Covid 19 pandemic there has been an increase some capacity in this area, with a new pilot process being tested.
Management have confirmed that actions to address both of these issues are now in place.
Finally, it should be noted that during this audit review we were unable to speak to all relevant officers regarding the impact of COVID 19 on hospital discharges, given that Council teams were still dealing with increased demand on services as a result of the pandemic. This limited the scope of our review and particularly coverage of controls relating to commissioning arrangements. These will be considered as part of any future review.
IT Asset Management during Covid – Reasonable Assurance
Since the outbreak of COVID-19 and the UK being subject to lockdown measures, the need for officers to be able to work remotely has increased significantly for many organisations, including local councils, to enable them to continue to provide services to residents.
This has placed significant demand on councils to provide IT assets to its staff to enable them to work remotely. In many cases, these staff were previously office based, so IT departments have had to respond by providing mobile devices (laptops and mobiles) to a significant number of individuals, along with other peripheral items such as monitors and mice, to support Display Screen Equipment (DSE) requirements. Some departments made their own arrangements for procuring devices, which are not supported by corporate IT&D, or central records held. Examples include PayAsYouGo phones and laptops to enable Citrix connectivity, these assets were excluded from the specific scope of this audit. This audit sought to evaluate whether suitable controls in relation to IT Asset Management have remained in place, taking into account this new way of working and to ensure new controls were introduced where there are new or emerging risks.
From our testing, we were able to provide an opinion of Reasonable Assurance, for the following reasons:
· Most of the existing controls that support effective management of IT assets, remain in place and continue to operate as usual, further, there were no specific central emergency procurements made for monitors, laptops or mobiles.
· Storage of all IT&D equipment has not changed since the pandemic and remains in a secure area, with limited access to specific staff.
Opportunities to improve the control environment were identified as follows:
· We found that there is no single central asset register held that covers laptops, mobile phones and monitors. Each of these is the responsibility of a separate team and records are held in a variety of places and mediums. In one instance, the spreadsheet record had become corrupted.
· Communication from HR/line managers on when staff leave requires improvement, and the culture of keeping equipment to hand over to the new/replacement staff member needs addressing. Also without good communication between these teams, HR and operational services, it increases the risk that equipment may not be returned causing additional costs to be incurred
Debtors –Partial Assurance
For the period 1/4/20 to 21/1/21 a total of 78,174 invoices and credit notes had been processed in 2020/21, generating a net amount owed to the Council of £65.2m.
The purpose of this audit was to provide assurance that controls are in place to meet the following objectives:
· All income generating activities are identified and accurately raised to customers;
· A customer account maintenance process is in place and operating effectively;
· Collection and debt recovery are managed efficiently and effectively;
· Write-offs are processed accurately and correctly authorised;
· Payments are received and recorded against the correct debtor account in a timely manner;
· Reconciliations between the debtors system and the general ledger are undertaken on a regular basis;
· Debt recovery performance is monitored and reported.
Overall, our audit concluded partial assurance, with a number of key areas for improvement being identified, including:
· In our previous audit report (2019/20) an action was agreed that an Aged Debtor Report would be produced and communicated to all relevant services and recovery routes would be agreed with each service to improve debt collection. Court action would also be reintroduced on a trial basis. However, due to the impact of Covid 19 these actions have been delayed;
· There is still a need to improve the accuracy of debtor invoices raised along other improvements being required to the associated processes, including enhanced guidance notes and procedures;
· Sample testing identified that refund authorisation processes are not always consistently applied;
· There has been an increasing backlog of e-mails from customers during the pandemic;
· System changes have meant that the number of items in debtors suspense has increased and therefore requiring action to ensure all accounts are up to date;
· Improvements are required to the system for managing and collecting salary overpayments.
A detailed action plan has been put together by the Business Operations Service to address these findings and implement the actions agreed in the audit report. Details of this plan were previously reported to the Audit & Standards Committee in March 2021.
IT Access Management – Partial Assurance
Since the outbreak of the COVID-19 pandemic and the UK being subject to lockdown measures, the need for officers to be able to work remotely has increased significantly for many organisations, including local councils, to enable them to continue to provide services to residents.
This has placed significant demand on councils to provide IT assets to their staff to enable them to work remotely. In many cases, these staff were previously office based, so IT departments have had to respond by providing mobile devices (laptops and mobiles) to a significant number of individuals, along with other peripheral items such as monitors and mice, to support Display Screen Equipment (DSE) requirements.
This audit sought to evaluate whether suitable controls in relation to IT Asset Management have remained in place, taking into account these new ways of working and to ensure new controls were introduced where there are new or emerging risks.
From our testing, we were able to provide an opinion of Reasonable Assurance, for the following reasons:
· Most of the existing controls that support effective management of IT assets, remain in place and continue to operate as usual. Further, there were no specific central emergency procurements made for monitors, laptops or mobiles;
· Storage of all IT&D equipment has not changed since the pandemic and remains in a secure area, with limited access to specific staff.
Some opportunities to improve the control environment were however, also identified, including:
· The need for a single central asset register that covers laptops, mobile phones and monitors. Each of these is the responsibility of a separate team and records are currently held in a variety of places and mediums;
· Improving communication from HR/line managers on when staff leave, along with arrangements for keeping equipment to hand over to the new/replacement staff member;
· Ensuring that post pandemic, general monitoring of assets is improved, including ensuring that all laptops deployed since March 2020 are fully uploaded into the asset management register (Cherwell).
Actions were agreed with management in response to the findings identified during the audit.
Emergency Active Travel Grant
The Council has received a number of Covid 19 related grants from the DfE to support active travel arrangements within the City during the pandemic. Some (but not all) of this funding required certification by the Chief Internal Auditor and the Chief Executive.
The Covid-19 Emergency Active Travel Fund Capital Grant for £663,657 was certified in accordance with the grant conditions.
Public Conveniences – Contract Management Issues
This was an unplanned audit report which follow-up on two previous allegations that were received by the Council in relation to the public convenience cleaning contract.
The allegations received detailed a number of concerns relating to the delivery of the service, including anti-social behaviour of members of the public, health and safety and the resourcing of the contract.
The purpose of this review was to obtain assurance that the allegations made had been reviewed and investigated by the service and whether they was any evidence of areas of outstanding risk. This was intended to be a short piece of unplanned work but given the number of outstanding issues these were brought together into a single audit report.
Our review found that contract meeting minutes demonstrate that shortfalls in service delivery were being discussed with the contractor and actions agreed. However, there is also evidence that issues are not always promptly resolved and further follow-up is required.
Following the issue of the report, the Assistant Director City Environment has confirmed that the service will:
· follow-up up on all outstanding issues through the next contract management meeting;
· develop an extended programme of spot checks across our sites, in addition to joint visits with the service provider.
Home to School Transport (COVID 19) Grant (3 Claims)
During 2020/21, the Council received funding from the Department for Education to boost transport capacity for dedicated school and college services as part of Covid 19 support to councils. This funding was designed to enable councils to provide additional transport capacity for journeys to school and college, whilst social distancing measures are in place on public transport.
The first three tranches of this grant required checking and certification by the Chief Internal Auditor and the Chief Executive in accordance with the terms of the grants.
The amounts certificated were:
· Tranche 1 - £158,312
· Tranche 2 - £290,318
· Tranche 3 - £144,649
No issues were identified and all three grants were duly certified.
Housing Repairs – Subcontractor Issue
An unplanned audit was carried out on the use of subcontractors by the inhouse Housing Repairs Service following the referral of a number of issues from the Council’s Procurement Team. These issues mainly related to compliance with a contract waiver agreed in April 2020, which allowed the direct award of work worth £5.8 million. Part of this waiver was to allow a number of subcontractors to be used who were appointed by the previous main contractor, Mears.
Our findings confirmed the initial concerns of the Procurement Team. Specifically:
· By February 2021, five of the 21 contractors on the list had exceeded their “Projected Spend (per annum)” as detailed in the waiver. Two of these had been exceeded by a significant amount and that the proportion of work awarded to one contractor was significantly more than planned in the “project spend”;
· That those contractors named in the contract waiver were not subject to a financial assessment before works were commenced in April 2020. Instead, the Council appears to have relied on historical approval processes, including any certification requirements (insurances and health and safety certification);
· Further investigation identified shortfalls with the insurances/ insurance documentation for some of the contractors.
The direct award of contracts using a waiver process reduces the Council’s opportunity to demonstrate transparency and value for money over the use of these contractors. In addition, it highlighted the need to implement appropriate officer declaration of interest processes in the service.
Our report also noted that the service has reported a voids backlog of 214 properties (as at 2021). Whilst this is much higher than usual, it is understood that the underlying causes of this increase are associated with the impact of Covid 19, the shortage of sub-contractors and industrial relations issues that have impacted on the service’s ability to recruit additional staff.
Actions have been agreed to address the shortfalls above and these will be tracked by Internal Audit alongside the other actions agreed in respect of the Housing Repairs Service and systems.