LB Merton CMT Cover sheet

 

Mid Kent Audit

 

 

Interim Internal Audit Report

 

2015/16

Maidstone Borough Council

 

 


Introduction

1.             Internal audit is an independent and objective assurance and consulting activity designed to add value and improve the Council’s operations. It helps the Council accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes[1].

2.             Statutory authority for Internal Audit is within the Accounts and Audit Regulations 2015, which require at Regulation 5 that:

“[the Council] must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance”.

3.             The currently operating standards are the Public Sector Internal Audit Standards published by HM Government for effect from April 2013 across the UK public sector.

4.             In addition to the public sector standards, an internal audit service must also abide by the sector’s Code of Ethics and International Professional Practices Framework.  These codes, a requirement of all internal audit services across public, private and voluntary sectors, are compiled by the Institute of Internal Auditors.

5.             The Head of Audit Partnership must provide an annual opinion on the overall adequacy and effectiveness of the Council’s framework of control, governance and risk. The opinion takes into consideration:

·         Internal Controls: Including financial and non-financial controls.

·         Corporate governance:  Including effectiveness of measures to counter fraud and corruption, and

·         Risk Management: Principally, the effectiveness of the Council’s risk management framework.

6.             This report provides an update to the Committee across all three areas covered in the opinion and the performance of the Internal Audit service for the first half of the year. In addition, the report provides updates on work conducted by the team, and highlights the impact of our work through assessment of management’s work in implementing agreed audit recommendations.

 


Internal Control

7.        The system of internal control is a process for assuring achievement of the Council’s objectives in operational effectiveness and efficiency, reliable financial reporting and compliance with laws, regulations and policies.  In incorporates both financial and non-financial systems. 

8.        We obtain audit evidence to support the Head of Audit opinion on internal control principally through completing the reviews set out within our agreed audit plan, approved by this Committee’s predecessor body in March 2015.

Audit Plan Progress

Productive Audit Days

9.        In 2015/16 we shifted the main metric of our audit plan away from a fixed number of audit projects and instead towards a total number of productive days per year.  This has considerable advantages in giving us a flexible basis to help keep our plans up to date and appropriately responsive to the Council’s developing risks and priorities.

10.    Up to the end of quarter 2, our progress against the plan in terms of productive days was:

Type of work

Plan Days

Q1/2 Days

Q1/2 %

Forecast Q4

Forecast %

Assurance Projects

316

95

30%

325

103%

Other Work

154

60

39%

150

97%

Total

470

155

33%

475

101%

 

11.    Progress to date reflects that the plan is relatively back loaded (in order to create space in the June-September period for external audit to undertake their work on the Council’s financial statements).  Also, as noted in the service update later in this report, we have during the early part of the year been carrying vacancies including maternity leave that are now covered by the team coming up to full establishment in November 2015.  Consequently we have capacity in place to deliver the expanded workload later in 2015/16 hence the current forecast (which represents budgeted days available to complete work not yet complete).

Audit Review Findings to Date

12.         We have completed to final report stage so far a total of seven audit projects, two of which were completed early enough in the year to have featured in our annual report to this Committee in July 2015.  Our output from those reports – on Corporate Credit Cards and the Council’s Waste Collection Contract – is included in that annual report. 

13.         Concentrating therefore on the five further reports issued in the period from July, we include below an extract from each report.  We are pleased to report that officers have accepted our findings and begun work towards the agreed recommendations.  We will follow up implementation of recommendations as noted below.

14.         In addition to reports that have reached finalisation, we include in appendix II a summary of work in progress with expected reporting timescales.

 

Review Type

Title

Assurance Rating

1

Core Financial System

Business Rates

STRONG

2

Core Financial System

Council Tax

SOUND

3

Corporate Governance

Safeguarding

WEAK

4

Corporate Governance

Members’ Allowances

SOUND

5

Consultancy

Planning Support: Project Gateway Review

[not assurance rated]

Business Rates

15.         We conclude based on our audit work that the Business Rates system demonstrates STRONG controls in both design and operation.

16.         The controls within the Business Rates system are effective in design and operation. The Business Rates process is well controlled and mitigates the risk of fraud and error to an acceptably low level. Management controls exist to check validity and integrity of systems information. Our testing found no areas of concern, or significant areas where the service might reasonably seek to improve.

Council Tax

17.         We conclude based on our audit work that the Council Tax service demonstrates SOUND controls in both design and operation.

18.         The controls within the Council Tax system are generally effective in design and operation. The key controls in operation mitigate the risks of fraud and error to an acceptable level and incorporate elements representing best practice, such as prompt and comprehensive property inspections. We noted a discrepancy between the partner sites on refund authorisation where controls could be efficiently improved by harmonisation. Our sample testing also identified a weakness in write-off procedures that the service must address.


 

Safeguarding

19.         We conclude based on our audit work that there are WEAK controls over the Council’s Safeguarding arrangements.  We have established that the Council is satisfying its statutory obligations for safeguarding, with no immediate concerns to report.  However, further improvements are needed to provide greater resilience to these arrangements and to ensure safeguarding risks are being adequately managed.

20.         The Council is currently undertaking a large amount of work via the Safeguarding Working Party to make improvements to the controls in place over the Council’s safeguarding arrangements. We fully acknowledge and commend the Council for work currently in progress and note that this report describes the position identified in the course of our recent fieldwork.

21.         We have identified a number of areas within the existing safeguarding arrangements where further improvement is needed which currently fall outside of the work being conducted by the Safeguarding Working Group.  The main areas for improvement include;

·         clarifying the Council’s statutory obligation for safeguarding within the Constitution,

·         introducing a Deputy Local Authority Designated Officer to provide resilience;

·         including partnership and casual workers within the training programme;

·         introducing a central database of all safeguarding referrals submitted and providing periodic reports to senior management on the number of referrals submitted.

22.         In addition, we have highlighted that improvements in the procedures for disclosure and barring checks are necessary to ensure that checks are kept up-to-date and in accordance with the DBS policy.

23.         The actions arising from this audit will provide the Head of Housing and Community Services and the Safeguarding Working Group with the necessary support to ensure the Council can be confident of satisfying its statutory safeguarding obligations in the long term.

Members’ Allowances

24.         We conclude based on our audit work that the service has SOUND controls in place to ensure accurate payments of Members’ Allowances in accordance with the Members’ Allowance Scheme. We provide the definitions of our assurance ratings at appendix II.

25.         The Council has in place a comprehensive Members’ Allowance Scheme with a framework of procedures and guidance to ensure fair processing and payment of allowances and expenses. We tested the provision of these payments from request to completion and confirm that allowances and expenses are paid accurately and in accordance with the scheme.

26.         During the review we identified that the published Members’ Allowance Scheme had not been updated to reflect revised allowance rates. The scheme should be reviewed to ensure that it remains up to date and includes more comprehensive details in respect of broadband allowances. We identified one missing payment as a result of our testing, and this has been brought to the attention of officers to rectify.

Planning Support: Project Gateway Review

27.         The [project] Board has proceeded largely on the basis that the option originally put to TWBC cabinet – of a TWBC withdrawal leaving a two-way partnership – would be the most likely outcome. As a result the Board has sought to fully appraise in greater detail this single and most likely option. While other options have been considered at the early stages of the project, they have not received a similar depth of analysis and, in the case of the option 3; have not been considered at all.

28.         No options have been considered that involve TWBC remaining in the partnership as this fell outside of the mandated scope of the project. The Board therefore has largely been an exercise in constructing a business case rather than appraisal of different options as originally mandated.

29.         Within those constraints, though, the Board has operated diligently in seeking to obtain the best evidence it can, including commissioning external advice where a need is identified. Each work stream has provided evidence to inform the Board in its decision to pursue the chosen option.

30.         The inherent lack of clarity in operating ahead of a formal decision  means that some evidence relies upon assumptions and extrapolations which are difficult to pin down with certainty and are subject to wide error bars. This is particularly notable on information regarding human resource and finance considerations and data forwarded by parallel project groups operating in MBC and SBC.

31.         However, we are satisfied that the Board has efficiently documented its processes meaning that those assumptions are, in general, apparent, open to fair challenge and not unreasonable.


 

Follow-up of Internal Audit Recommendations

32.         Our approach to recommendations is that we follow up each issue as it falls due in line with the action plan agreed with management when we finalise our reporting.  We report progress on implementation to Directors each quarter, including noting where we have had reason to revisit an assurance rating (typically when a service has successfully implemented key recommendations) and raising any matters of ongoing concern.

33.         Our most recent round of reports covered recommendations due for implementation on or before 30 September 2015.  We are pleased to note those reports confirm there are no recommendations outstanding for action beyond their agreed implementation date.  This includes a few instances where, after request from the service and having considered the residual risk of delay posed to the Council, we have revised implementation date.

34.         In the table below project titles shown in bold type are those that originally received an assurance rating of weak or poor (or the 2013/14 nearest equivalent assurance level).

Project

Agreed Actions

Falling due by 30/9/15

Actions Completed

Outstanding Actions past due date

Actions Not Yet Due

Project Management

14

14

14

0

0

Museum Collections

13

13

13

0

0

Food Safety (Commercial)

12

11

11

0

1

Safeguarding

12

0

0

0

12

ICT Servicedesk

8

8

8

0

0

PC & Internet Controls

8

7

7

0

1

Data Protection

8

7

7

0

1

Declarations of Interest

7

3

3

0

4

Leisure Centre Contract

6

5

5

0

1

Freedom of Information

5

4

4

0

1

Treasury Management

5

5

5

0

0

Waste Collection Contract

4

1

1

0

3

Property Income

4

4

4

0

0

Housing Options

4

3

3

0

1

General Ledger Feeders

3

3

3

0

0

Communications

3

3

3

0

0

Housing Benefits

2

1

1

0

1

Council Tax

2

0

0

0

2

Members’ Allowances

2

1

1

0

1

Accounts Payable

1

0

0

0

1

Cashless Pay & Display

1

0

0

0

1

TOTAL

124

93

93

0

31

 

 

75%

75%

0%

25%

 

35.         We note considerable progress made by managers in addressing the issues identified by our reports.  With all 93 due recommendations implemented as agreed, the Council is 75% of the way to full implementation – exactly on track for delivery.

36.         Of the 21 audit projects follow up, 7 originally received an assurance rating of weak or poor (or the 2013/14 nearest equivalent assurance level).  We have previously advised Members in our 2014/15 annual report that 5 of these (Freedom of Information, ICT Servicedesk, Museum Collections, Data Protection & Housing Options) had made sufficient progress up to July 2015 for us to revisit the assurance rating as sound (or the 2013/14 nearest equivalent).  Of the projects yet to be similarly reassessed:

Declarations of Interest

37.         Four substantive recommendations remain, relating to the need to agree and implement procedures to effectively manage declarations from Officers.  We have agreed with officers that these will be addressed by 31 December 2015.

Safeguarding

38.         This report was only recently issued, and is discussed in more detail earlier in this report.

Next Steps

39.         We will follow up actions due after 30 September, including those arising as we complete our 2015/16 audit plan, later in the year.  We will provide a final position to Members as part of our Annual Review in June 2016.

 

 

 


Corporate Governance

40.         Corporate governance is the system of rules, practices and processes by which the Council is directed and controlled. 

41.         We obtain audit evidence to support the Head of Audit Opinion through completion of relevant reviews in the audit plan, as well as specific roles on key project and management groups.  We also consider matters brought to our attention by Members or staff through whistleblowing and the Council’s counter fraud and corruption arrangements.

42.         We attend the following corporate groups:

·      Corporate governance group

·      Information governance group

43.         We have also provided, and continue to provide, appropriate project assurance to the following ongoing enterprises within the Council:

·      Accommodation Strategy

·      Safeguarding Development

44.         In October 2015 CIPFA[2] and SOLACE[3] published a draft response to the consultation which had been open over the summer looking to replace the existing Good Governance Framework for Local Government which has been in place since 2006.  This revised guidance, which the Council must follow in compiling its 2016/17 Annual Governance Statement, is based around seven key principles:

·      Behaving with integrity, demonstrating strong commitment to ethical values, and respecting the rule of law

·      Ensuring openness and comprehensive stakeholder engagement

·      Defining outcomes in terms of sustainable economic, social and environmental benefits

·      Determining the interventions necessary to optimise the achievement of the intended outcomes

·      Developing the entity’s capacity, including the capability of its leadership and the individuals within it

·      Managing risks and performance through robust internal control and strong public financial management

·      Implementing good practices in transparency, reporting and audit to deliver effective accountability.

45.         In the new year we will undertake a review considering the Council’s readiness for reporting against these Governance principles.

Counter Fraud & Corruption

46.         We consider fraud and corruption risks in all of our regular audit projects as well as undertaking distinct activities to assess and support the Council’s arrangements.

Investigations

47.         During the first half of 2015/16 there have been no matters raised with us that required investigation. 

Whistle-blowing

48.         The Council’s whistleblowing policy nominates internal audit as one route through which Members and officers can safely raise concerns on inappropriate or even criminal behaviour.  During 2015/16 so far we have received no such declarations.

49.         We were commissioned in September 2015 to undertake a specific review of the Council’s whistleblowing arrangements and have since agreed an audit brief with the Chairman which will examine both compliance with the Public Concern At Work best practice guidance and general awareness within the Council.  We are also pleased to confirm that both Tunbridge Wells and Ashford have agreed to participate in the review which will provide a comparative insight into Maidstone’s arrangements.  We will report our findings to Members in January 2016.

National Fraud Initiative

50.         We have continued as co-ordinator of the Council’s response to the National Fraud Initiative (NFI). NFI is a statutory data matching exercise, and we are required by law to submit various forms of data.  Since March 2015, the NFI exercise has been administered by the Cabinet Office.

51.         The current NFI exercise has been releasing data in tranches since January 2015 and includes the following services:

·         Housing Benefits (1,141 total matches)

·         Creditors (870 total matches)

·         Payroll (11 total matches)

·         Licensing (5 total matches)

·         Insurance Claimants (4 total matches)

52.         One further category (Residents’ Parking) returned no matches for the Council.

53.         The graph below plots progress to date.  Note that at present the matches examined have identified 5 cases of fraud or error valued at £4,374.  Cabinet Office guidance is that all matches should be investigated within the two year cycle of NFI data (so, by January 2017).

54.         In keeping with the enhanced skill base of the audit team, and to ensure greater independence and efficiency in matches, Mid Kent Audit will be taking on direct examination of non-benefits matches (rather than just co-ordination) from January 2016.


 

Mid Kent Audit Counter Fraud Training

55.         Our 2014 Fraud Risk Review indicated that, outside of the dedicated Benefits Fraud Team, the Council was limited in its Counter Fraud expertise.  We have acted to address that need by increasing the skills and training within the audit service, including becoming one of the first audit teams in the country to contain team members possessing CIPFA accredited qualifications at Technician and (exam results permitting) Specialist level.

56.         In 2016 we will be working with the Council and (if Members decisions support its creation) the revised Revenues Fraud Team to enhance the Council’s approach to counter fraud.

Attempted Frauds

57.         During this year we have also been made aware of an attempted fraud at the Council involving the use of a ‘spoofed’ email account purporting to be that of a Council employee and requesting a bank transfer.  Although it is of concern that the would-be fraudster had (apparently) attained some degree of familiarity with Council processes the attempt was unsuccessful as errors in the approach led to the attempt being thwarted by the Council’s existing controls.  Our investigation could not identify the culprit – ‘spoof’ emails are created easily enough and very difficult to trace – we have examined the Council’s controls and investigated to determine whether any similar attempts had been successful and undetected. 

58.         We did not identify any further such attempts which, coupled with successful operation of financial controls, led us to identify this as a low fraud risk.  Consequently, we have provided advice to finance teams on remaining vigilant and have reported the matter to the police but plan no continuing action unless there are further developments.


Risk Management

59.              Risk management is the process of identifying, quantifying and managing the risks that the Council faces in attempting to achieve its objectives.

60.         We obtain audit evidence to support the Head of Audit Opinion through completion of our audit plan plus continuing monitoring of and contribution to the Council’s risk management processes.

61.         In June 2015 the Policy & Resources Committee agreed to adopt a new approach to risk management at the Council.  This paper, which was produced and proposed by Mid Kent Audit, was the culmination of six months enquiry and research with both member and officer workshops investigating the Council’s risk appetite and objectives from risk management.

62.         The approach is currently underway working towards establishing a comprehensive risk register that has three major threads:

Service risks

63.         A significant weakness of the Council’s previous approach was a lack of consistency in evaluating, recording and reporting risks originating from within services.  While more traditional approaches tended to see such matters as purely operational, there are plenty of examples of such issues, if not effectively managed, causing significant disruption to the Council as a whole (the implementation of the shared Planning Support service being one recent example).

64.         To remedy this we have been undertaking risk management workshops with services across the Council, hosting nearly 20 such workshops to provide training on the framework and collect information that will inform the risk register.

Project risks

65.         A separate key source of risk is the Council’s corporate projects.  As required by the Council’s project management framework each project will have compiled and maintained its own risk register and work is currently underway drawing these risks within the overall register.

Corporate risks

66.         Sitting across the service risks are those issues that could impede the Council’s ability to achieve its corporate objectives.  To help identify these risks, the Council has commissioned Grant Thornton to lead a risk workshop with Senior Officers and Members.  The workshop is scheduled for 14 December 2015 and will be reported through risk management reporting.

Next steps

67.         Once the various threads are drawn together we will be in a position to compile and publish the Comprehensive Risk Register.  From this we will extract a summary risk register highlighting the most prominent risks and current measures to address them, along with a report discussing key themes and messages from the broader risk register.  This will be reported to Members at Policy and Resource Committee in late January 2016.

68.         In the longer term, risk management will be incorporated into both the Council’s service planning regime and used to shape and scope our audit plans and how we plan and support individual audit projects.

69.         We in audit will also look, over time, to reintegrate risk management with the Council’s core policy functions so that we can step back to a role principally aimed at evaluating the effectiveness of the approach.  As a short term measure, while we are involved in assisting in developing the approach, we have instituted separate controls within the service to safeguard our independence – something our relatively increased size and diverse base as a shared service allows us to operate.

 

 

 


Mid Kent Audit Service Update

70.         After a period of disruption encompassing the departure of a long serving manager and (temporarily) losing team members to maternity leave, Mid Kent Audit is now fully resourced going into 2016.

71.         This period has also encompassed a restructure, intended to provide greater capacity at all levels of the service but in particular at a management level to increase our ability to respond rapidly to authorities changing risks and priorities and deliver focussed, strategic reviews.  This Committee has already started to make use of that capacity by commissioning a specific piece of work examining whistleblowing arrangements.

72.         We include at appendix III the revised team structure, but key points of development:

·         Deputy Head of Audit Partnership: This role brings advantages in providing an additional senior point of contact to help cover our four authorities and also opens up the possibility of internal independence safeguards that will also us to play a more prominent role in service development where invited to do so (on risk management, for example).  We’re pleased to confirm that Russell Heppleston, well known to this Committee, was promoted into this role in July 2015.

·         Audit Managers: We have reshaped the audit manager role to move it away from principally quality assurance towards more engagement in direct service delivery.  This will include completing additional consultancy work both responding to emerging risks at individual authorities but also taking a broader comparative look across the partnership.  Again, we’re very pleased that these roles have enabled us to identify and grow expertise within the team; the new managers are Frankie Smith (Swale and Tunbridge Wells) and Alison Blake (Maidstone and Ashford) both of whom were previously Senior Auditors.

·         Audit Team Administrator[4]: Since we began collecting detailed timesheet information in July 2014 we have identified a range of administrative tasks undertaken by our auditors that could be undertaken by a team administrator to free up their time to progress audit projects.  Following the restructure we have been able to recruit into this role, and have been joined by Louise Taylor who is based at Maidstone.

73.         We also continue to pursue development within the audit team to ensure we continue to offer a broad and deep range of skills and experience to our partner authorities. Since our last update we have had team members achieve a Professional Diploma in Internal Audit from the Institute of Internal Auditors (IIA), professional qualifications from the Institute of Risk Management and professional counter-fraud qualifications from CIPFA at both Specialist and Technician level.  On these final qualifications, Mid Kent Audit has become one of the first audit services in local government to feature among its team both Specialist and Technician qualified members, which will provide significant assistance as we look to help authorities develop their counter fraud approach.

74.         Also Frankie Smith, one of our new Audit Managers, completed her qualification with the IIA and is now a Chartered Internal Auditor.  This brings to four the number of people within the team who hold CCAB[5] equivalent qualifications.

Quality and Improvement

75.         Members will recall earlier in 2015 when Mid Kent Audit was assessed by the IIA as fully conforming with Public Sector Internal Audit Standards.  However, these Standards are not a fixed point, in fact one of the core requirements is for audit services to seek continuous improvement.

76.         In a formal sense this is driven by guidance recommended by the Internal Audit Standards Advisory Board (IASAB) – a body including Mid Kent Audit’s Head of Audit (Rich Clarke) as the England Local Government representative.  Through that route we are aware that, from April 2016, local authority audit services must also comply with the IIA’s International Professional Practice Framework.  This Framework sets common standards across audit globally in public, private and voluntary sectors.

77.         Although the Framework will not be mandatory until next year, we have undertaken an evaluation of our service and are confident we are already operating in conformance.  We set out below the ten key principles of the Framework alongside a note on their local implementation:

Principle

Commentary

Demonstrates integrity

The IIA Code of Ethics is embedded in our Audit Charter and our Audit Manual.

Demonstrates competence and due professional care

Our Audit Manual and methodology are compliant with Standards and monitored by a managerial review process for all audit projects.

Is objective and free from undue influence

Our independence is safeguarded by our Audit Charter and reaffirmed and reconsidered in planning each individual piece of audit work we undertake.

 

Aligns with the strategies, objectives and risks of the organisation

Our audit planning is informed by the Council’s strategic objectives and we consider individual service objectives and risks in each project.

Is appropriately positioned and adequately resourced

Our Audit Charter sets out our position in the authority and guarantees a right of access to Members.  Members comment on our resourcing each year in approving our audit plans.

Demonstrates quality and continuous improvement

We operate a quality and improvement plan informed by current and upcoming developments in professional standards (such as the IPPF).

Communicates effectively

We have recently reviewed our reporting approach and structure and have received strong feedback on its clarity and relevance to Officers and Members.

Provides risk-based assurance

Our assurance ratings and recommendation priority levels are informed by the Council’s key risks and focus on the continuing risks to the authority posed by the issues we identify in our work.

Is insightful, proactive and future focussed

We have recently expanded managerial capacity to further enhance our ability to offer proactive work, especially on emerging risks across the partnership.

Promotes organisational improvement

We have restructured our management team, in part, to allow us to undertake a greater role in directly supporting organisational improvement where invited to do so.

 

78.         All of the Mid Kent Audit Management Team are grateful for the continuing efforts of the audit team who have worked extremely hard to first meet, then exceed the standards of our profession. These achievements and improvements in service standards would not have been possible without their continued commitment, determination and highest levels of professionalism.

Performance

79.         Aside from the progress against our audit plan we also report against a number of specific performance measures designed to monitor the quality of service we deliver to partner authorities.  The Audit Board (with David Edwards as Maidstone’s representative) considers these measures at each of its quarterly meetings, and they are also consolidated into reports submitted to the MKIP Board (which includes the Council’s Chief Executive and Leader).

80.         Below is an extract of the most recent such performance report.  After a year of data collection to set a baseline, we are operating in 2015/16 to agreed performance targets.  Although the targets are year-end measures, we are pleased to report we are already, in most areas, performing at or near the stretch target level and will be looking to agree further improvement targets for 2016/17 early in the new year.

81.         We have withheld only one measure from publication – cost per audit day – as it is potentially commercially sensitive in the event of the Partnership seeking to sell its services to the market.  We would be happy, however, to discuss with Members separately on request.

82.         Note that all figures are for performance across the Partnership.  Given how closely we work together as one team, as well as the fact we examine services shared across authorities, it is not practical to present authority by authority data. 

Measure

2014/15 Outturn

2015/16 Target

Q2 2015/16

% projects completed within budgeted number of days

47%

60%

57%

% of chargeable days

75%

68%

66%

Full PSIAS conformance

56/56

56/56

56/56

Audit projects completed within agreed deadlines

41%

60%

57%

% draft reports within ten days of fieldwork concluding

56%

70%

65%

Satisfaction with assurance

100%

100%

100%

Final reports presented within 5 days of closing meeting

89%

90%

96%

Respondents satisfied with auditor conduct

100%

100%

100%

Recommendations implemented as agreed

95%

95%

96%

Exam success

100%

75%

100%

Respondents satisfied with auditor skill

100%

100%

100%

 

Acknowledgements:

83.         We would also like to thank Managers, Officers and Members for their continued support, assistance and co-operation as we complete our audit work during the year.

 

 

 

 


Appendix I:         Assurance & Priority level definitions

Assurance Ratings 2015/16

Full Definition

Short Description

Strong – Controls within the service are well designed and operating as intended, exposing the service to no uncontrolled risk.  There will also often be elements of good practice or value for money efficiencies which may be instructive to other authorities.  Reports with this rating will have few, if any, recommendations and those will generally be priority 4.

Service/system is performing well

Sound – Controls within the service are generally well designed and operated but there are some opportunities for improvement, particularly with regard to efficiency or to address less significant uncontrolled operational risks.  Reports with this rating will have some priority 3 and 4 recommendations, and occasionally priority 2 recommendations where they do not speak to core elements of the service.

Service/system is operating effectively

WeakControls within the service have deficiencies in their design and/or operation that leave it exposed to uncontrolled operational risk and/or failure to achieve key service aims.  Reports with this rating will have mainly priority 2 and 3 recommendations which will often describe weaknesses with core elements of the service.

Service/system requires support to consistently operate effectively

Poor – Controls within the service are deficient to the extent that the service is exposed to actual failure or significant risk and these failures and risks are likely to affect the Council as a whole. Reports with this rating will have priority 1 and/or a range of priority 2 recommendations which, taken together, will or are preventing from achieving its core objectives.

Service/system is not operating effectively

 


Recommendation Ratings 2015/16

Priority 1 (Critical) To address a finding which affects (negatively) the risk rating assigned to a Council strategic risk or seriously impairs its ability to achieve a key priority.  Priority 1 recommendations are likely to require immediate remedial action.  Priority 1 recommendations also describe actions the authority must take without delay.

Priority 2 (High) – To address a finding which impacts a strategic risk or key priority, which makes achievement of the Council’s aims more challenging but not necessarily cause severe impediment.  This would also normally be the priority assigned to recommendations that address a finding that the Council is in (actual or potential) breach of a legal responsibility, unless the consequences of non-compliance are severe. Priority 2 recommendations are likely to require remedial action at the next available opportunity, or as soon as is practical.  Priority 2 recommendations also describe actions the authority must take.

Priority 3 (Medium) – To address a finding where the Council is in (actual or potential) breach of its own policy or a less prominent legal responsibility but does not impact directly on a strategic risk or key priority.  There will often be mitigating controls that, at least to some extent, limit impact.  Priority 3 recommendations are likely to require remedial action within six months to a year.  Priority 3 recommendations describe actions the authority should take.

Priority 4 (Low) – To address a finding where the Council is in (actual or potential) breach of its own policy but no legal responsibility and where there is trivial, if any, impact on strategic risks or key priorities.  There will usually be mitigating controls to limit impact.  Priority 4 recommendations are likely to require remedial action within the year.  Priority 4 recommendations generally describe actions the authority could take.

Advisory – We will include in the report notes drawn from our experience across the partner authorities where the service has opportunities to improve.  These will be included for the service to consider and not be subject to formal follow up process.

 

 

 

 

 

 

 

 


Appendix II:        Audit Plan Progress 2015/16, Projects Only (for interim report)

Project Title

Project Type

Planning

Underway

Complete

Rating

Business Rates (MKS)

CFS

 

 

X

STRONG

Council Tax (MKS)

CFS

 

 

X

SOUND

Safeguarding

CGR

 

 

X

WEAK

Members’ Allowances

CGR

 

 

X

SOUND

Planning Support: Gateway (MKS)*

Adv

 

 

X

N/A

Procurement

CFS

 

X

 

 

Grounds Maintenance

SR

 

X

 

 

Whistleblowing Review*

Adv

 

X

 

 

Commercial Projects

SR

 

X

 

 

Corporate Project Management

CGR

 

X

 

 

Licensing

SR

X

 

 

 

Budget Management

CFR

X

 

 

 

Customer Services

SR

X

 

 

 

Business Continuity

CGR

X

 

 

 

Learning & Development (MKS)

SR

X

 

 

 

Good Governance Framework

CGR

X

 

 

 

Payments & Receipts

CFR

 

 

 

 

Section 106

SR

 

 

 

 

Temporary Accommodation

SR

 

 

 

 

Park & Ride

SR

 

 

 

 

Payroll (MKS)

CFR

 

 

 

 

Discretionary Payments (MKS)

SR

 

 

 

 

Asset Management

SR

 

 

 

 

Litter Enforcement

SR

 

 

 

 

Community Safety

SR

 

 

 

 

Networks (MKS)

SR

 

 

 

 

Parking Enforcement (MKS)

SR

 

 

 

 

 

Project Types:                         CFS = Core Finance System
                                    CGR = Corporate Governance Review
                                    SR = Service Review
                                    Adv = Consultancy/Advisory Work

Project Title Key:         (MKS) = Shared Service Project involving Maidstone BC
                                    * = addition to the plan as originally approved in March 2015


 

Appendix III:      Mid Kent Audit Team Structure November 2015

To provide cover for two members of the team currently away on maternity leave we have engaged two contract auditors to deliver specific projects across the partnership.



[1] This is the definition of internal audit included within the Public Sector Internal Audit Standards

[2] The Chartered Institute of Public Finance & Accountancy; the body charged by Government with setting much of the rules around local government accounting and good governance.

[3] The Society of Local Authority Chief Executives; co-commissioned with CIPFA to create and monitor the Good Governance Framework for Local Government.

[4] This role is currently operating on a trial basis.

[5] CCAB is the umbrella term for Chartered qualifications recognised by the Consultative Committee of Accountancy Bodies (CCAB) encompassing the major accounting and audit bodies in the UK.  Such qualifications are the minimum requirement before an individual can hold a Head of Audit role according to the Public Sector Internal Audit Standards.