Internal Audit & Assurance Plan 2020/21
Maidstone Borough Council
Introduction
1. Our mission as an Internal Audit service is to enhance and protect organisational value. We achieve this by bringing a systematic and disciplined approach to evaluate and improve effectiveness of risk management, control and governance. We work within statutory rules drawn from the Accounts and Audit Regulations 2015 and the Public Sector Internal Audit Standards (the “Standards”).
2. In 2015 the Institute of Internal Audit (IIA) assessed us as working in full conformance with the Standards. We have kept full conformance since then, including through the major update to the Standards in 2017. The Chartered Institute of Public Finance and Accounting (CIPFA) won the contract to conduct the External Quality Assessment due in 2020. That work is underway. We will report findings to Members of this Committee at its next meeting in the summer.
3. To protect the independence and objectivity of our service, we work to an Audit Charter. The Charter sets out the local context for audit, including granting right of access to systems, records and personnel. At this Council, the Audit, Governance and Standards Committee approved the Charter in September 2019.
4. The Standards set out demands for compiling and presenting a document to describe planned work for the year ahead. Specifically, our plan must set out:
· Internal audit’s evaluation of and response to the risks facing the organisation.
· How we consult with senior management and others.
· How we have considered whether we have suitable resources to address the risks we identify.
· How we will effectively use those resources to complete the plan.
5. Our plan includes assurance and other work, such as consultancy engagements. We can accept advisory work where it is the best way to support the Council. The Audit Charter sets out how we consider such engagements, including how we safeguard our independence.
6.
We must also clarify that our audit plan cannot address all risks across
the Council and represents our best use of the resources we have available. In
approving the plan, the Committee recognises this limit. To that end, we
constantly keep the plan under review to be live to risks issues as they emerge.
Risk Assessments
7. The Standards direct us to begin our audit planning with a risk assessment. This assessment must consider internal and external risks, including those relevant to the sector or global risk issues. Our plan for 2020/21 represents our views now, but we will continue to reflect and consider our response as risks and priorities change across the year. We will report a specific update to Members midway through the year. We may also consult the Committee (or its Chair) on significant changes.
Global and Sector Risks
8. In considering global and sector risks we draw on various sources. These include updates provided by relevant professional bodies, such as the IIA and CIPFA. We also consult colleagues in local government audit both direct through groups such as London and Kent Audit Groups and through review of other published audit plans in the South East.
9. These sources give us insight into the key issues facing local government and how other audit teams and business leaders are responding to future risk issues. To show our thinking on these wider risks we’ve highlighted below some of the issues discussed by the IIA in Risk in Focus 2020:
Corporate Risk Review
10. The Council maintains a corporate risk register. These key risk issues cover matters that threaten the Council’s overall objectives, either because of their severity or the breadth of impact across several services. This Committee received an annual risk update in January 2020, which included details of each corporate risks and the overall effectiveness of the risk management process.
11. Some of the corporate risk issues identified include financial restrictions, housing, retail and leisure. In addition to recognising the significant impact that can result from failures relating to IT security, major projects and contracts. We have therefore considered these risks specifically when undertaking our audit planning assessments.
Audit Risk Review and Consultation
12. Beyond keeping an awareness of Sector and local risk issues, we conduct our own assessment. We consider all possible audit entities across the Council (the “audit universe”) on one specific risk:
What is the risk we offer a mistaken opinion because we don’t understand the service?
13. As with a typical risk assessment there are two main parts to consider (impact and likelihood). The first: how important is the service to the Council’s overall objectives, the controls and how errors might impact our opinion. Here we consider:
Finance Risk: The value of funds flowing through the service. High value and high-volume services (such as Council Tax) represent a higher risk than low value services with regular and predictable costs and income. |
|
Priority Risk: The strategic importance of the service in delivering Council priorities. For example, Regeneration and Climate Change will be higher risk owing to the direct link with the Council’s objectives. |
|
Support Service Risk: The extent interdependencies between Council departments. For example, many services rely on effective ICT. |
14. The second part is the likelihood we might hold (or gain) a mistaken view of the service. Here we consider:
Oversight Risk: Considering where other agencies regulate or inspect the service. For example, Mid Kent Legal Services receive regular inspections from the Law Society to keep Lexcel accreditation and so have relatively low risk. |
|
Change Risk: Considering the extent of change the service faces or has recently experienced. This might be voluntary (a restructure, for example) or imposed (like new legislation). |
|
Audit Knowledge: What do we know about the service? This considers not just our last formal review, but any other information we have gathered from, for example, following up agreed actions. We also consider the currency of our knowledge, with an aim to conduct a full review in each service at least every five years if possible. |
|
Fraud Risk: The susceptibility of the service to fraud loss. High volume services that deal directly with the public and handle cash, for example licensing and parking, are higher risk. |
15. The results of these various risk assessments provide a provisional audit plan. We then take this provisional plan out to consultation. We meet Managers, Heads of Service and Corporate Leadership Team (which includes the Directors and Chief Executive) to get their perspective on our assessment and give us updates on their areas of responsibility.
16.
We set out the full audit universe and audit history in Appendix I.
Resources
17. Having gained a perspective on the key issues for audit attention in the coming year we then consider the quantity and quality of our resources.
18. The Audit Partnership has 11.6 full time equivalent officers. To calculate the available resources for the year, we take the total available days and subtract various categories of non-working and non-audit time. Our planning estimate for 2020/21 shows 1,810 days across the partnership for the year available for inclusion in audit plans.
19. We then divide the total number of days between the 4 partnership authorities based on the proportions set out in our collaboration agreement. Maidstone contributes approximately 29%, which rounds to audit days of 520.
20. The actual number of days allocated are set out below:
Audit Projects |
255 days |
Members Support |
25 days |
Consultancy |
100 days |
Risk & Governance |
45 days |
Follow-up |
30 days |
Counter Fraud |
30 days |
Audit Planning |
35 days |
|
|
21. Audit Standards require us to assess whether the resources available – in both quantity and quality – can fulfil our responsibilities. In that assessment we must consider:
· Whether we had enough resource to complete our prior year plan.
· How the size and complexity of the organisation has changed.
· How the organisation’s risk appetite and profile have changed.
· How the organisation’s control environment has changed, including how it has responded to our audit findings.
· Whether there have been significant changes to professional standards.
22. Based on this assessment, we believe we have a sufficient quantity of resources to deliver the 2020/21 audit plan.
23. We must also consider the skills, expertise and experience of our team. We hold a variety of qualifications that help to ensure that we provide a high-quality service. These include CIPFA, Certified and Chartered Internal Auditors, a Chartered Accountant, a Certified Risk Manager and Accredited Counter Fraud Specialists. In addition, we are also supporting 2 apprentices through level 7 audit qualifications (equivalent to full Chartered status). This gives us a wealth of relevant technical expertise to undertake the various specialist areas identified on our audit plan.
24. We also have access to sources of specialist expertise through framework agreements with audit firms, which includes access to subject matter experts. While this access is less than in previous years (with Maidstone choosing to use some of these days to provide savings) access to specialist resources is still available.
25. Based on the above, we believe we also have skills and expertise to deliver the 2020/21 audit plan.
Proposed Audit & Assurance Work 2020/21
26. Members will be familiar with the assurance ratings that we issue upon concluding our work (see Appendix II for the definitions and different levels). However, we recognise circumstances where our work aims principally at supporting work in progress or providing advice where an assurance rating would not be suitable.
27. This recognition of the wider assurance that we provide means that our audit plan also includes the governance, risk and other advisory roles we fulfil.
Audit & Assurance Plan 2020/21
28. Below we set out our audit engagements for the year ahead, along with an indicative objective for each review. We will agree the detailed objectives with the service as part of planning each review. Based on our risk assessment and consultations with management we have allocated a priority level to each of the audit projects:
HIGH PRIORITY: We will aim to deliver 100% of these projects during the year
MEDIUM PRIORITY: We aim to deliver more than 50% of these projects during the year
Project Title |
Priority Rating |
Proposed objective of the review ("Obtain assurance on the effectiveness of controls seeking to…") |
Section 106 Agreements |
High |
- collect, monitor and release funds under Section 106 Agreements |
Development Management |
High |
- ensure that decisions are made in accordance with scheme of delegations and planning application files that they are quality assured appropriately |
Project Management Governance |
High |
- ensure appropriate governance processes are in place for internal transformation projects |
Capital Project Management |
High |
- manage the innovation centre project - learn lessons from past capital projects |
Public Consultations |
High |
- to seek and obtain views on Council proposals |
Homelessness Duties |
High |
- manage homelessness in line with the Homelessness Reduction Act duties |
Climate Change |
High |
- take action in light of the declared climate change emergency |
Bailiff Service[1] |
High |
- administer enforcement cases in line with regulation |
IT Back-Up1 |
High |
- back-up the Councils' data |
Environmental Enforcement - Air Quality1 |
High |
- response to Climate Change crisis and to verify progress against agreed actions |
Homeless Outreach |
Medium |
- securely manage and administer the outreach budgets and allowances |
Residential property management |
Medium |
- ensure that residential properties are safe and comply with relevant safety legislation |
Accounts Receivable |
Medium |
- collect, record and monitor income owed to the Council through the accounts receivable process |
Grounds maintenance |
Medium |
- ensure the Council's green spaces are maintained |
Garden waste |
Medium |
- provide garden waste collections to residents paying for the service |
Electoral Registration |
Medium |
- enrol eligible individuals on the electoral register |
Property Acquisition & Disposal |
Medium |
- ensure effective purchasing and selling of properties in line with Council policy |
Property management |
Medium |
- ensure that commercial properties are safe and comply
with relevant safety legislation |
Subsidiary Company Governance |
Medium |
- governance arrangements over the subsidiary company |
Commissioning |
Medium |
- effectively commission council services |
Local Plan Project Governance Review |
Medium |
- monitor and report milestones, risks and project information |
Community Infrastructure Levy |
Medium |
- collect, monitor and release funds under the Community Infrastructure Levy scheme |
IT Asset Management[2] |
Medium |
- manage and control IT assets |
Pay & Display[3] |
Medium |
- ensure pay & display parking is managed in line
with regulations and policy |
Traffic Regulation Orders3 |
Medium |
- ensure traffic regulation orders are implemented in line with Traffic Regulation Act 1984 |
Planning Admin3 |
Medium |
- validate planning applications |
Housing Benefit Overpayments[4] |
Medium |
- collect, record & monitor housing benefit overpayments |
29. Total days allocated to assurance projects: 255 days
30. The table below outlines key workstreams that we intend to undertake as part of the wider risk, governance and counter fraud support for the Council:
Proposed Assurance Non-Project Work 2020/21 |
165 days |
Risk & Governance · Review and Implementation of risk software · Regular monitoring and reporting to Senior Officers and Members · Training, briefings and advise to Officers and Members |
|
Counter Fraud · General Policy and Advice, including Whistleblowing and Anti-Corruption · Continued development of the Council Fraud Risk Assessment to identify possible proactive counter fraud work · Incident specific advice, support and reactive investigation · Training, briefings and advice to Officers and Members |
|
Member Support · Attendance and preparation for Audit, Governance & Standards Committee and other Members’ meetings (including Chairman’s briefings). · Developing and presenting Member briefings on governance issues. |
|
Agreed Actions Follow Up · Ensuring officers carry out actions as agreed. · Reporting progress towards implementation to Senior Officers and Members. |
|
Audit Planning · Continued horizon scanning and review of audit plan risk assessments to ensure emerging risk issues are identified |
31. In addition to planned work, our plan must have flexibility to provide reactive or ad-hoc support. We have a pool of days available for the Council to draw on in such circumstances. Work allocated to these days includes:
Proposed consultancy 2020/21 |
100 days |
Consultancy · Attendance and contribution to officer groups, for instance information management group, wider leadership team and corporate governance group · Providing ad-hoc advice, guidance and support to officers and management · Completing housing benefit workbooks and testing for the External Auditors · These days will also assist when we are required to expand to audit scopes to cover concerns or interests identified during an audit, effectively allow days to be used as contingency |
Delivering the Audit & Assurance Plan
32. We work in full conformance with the Public Sector Internal Audit Standards. The illustration below shows the process we follow for ‘typical’ audit engagements.
Overseeing Delivery
33. Throughout our work we undertake internal quality assessments and review. This includes specific management sign-off and checks on individual engagements in progress as well as periodic ‘cold review’ assessments. Through the latter process, we reflect on work completed to identify and take forward any learning to help us improve.
34. We also report progress on delivering the plan to this Committee part-way through the year. Internally, we monitor and report each month on various performance indicators detailing our progress. These updates are reported to the Shared Services Board (with Mark Green – Director of Finance & Business Improvement - as Maidstone’s representative).
Quality & Improvement Plan
35. Although in 2015 the IIA assessed us as fully conforming to the Standards, we have continued to challenge and update how we work. Through our internal assessments we have kept our full conformance with the Standards alongside being able to work more efficiently resulting in an increase in productive days by nearly 20% since 2015. This has all been without additional investment and only inflationary budget increases, meaning the ‘cost per audit plan day’ has fallen by almost 15% in real terms over the past 5 years.
36. We have been using Pentana Audit Management Software for nearly 2 years. As a service we have been paperless for over a decade, but Pentana has enabled us to deliver greater quality, consistency and efficiency in how we work. This is also visible during audit planning as we can manage and organise our risk assessments within a fully automated and flexible database of our entire audit universe.
37. For the year ahead our priority will be to address any matters arising from our EQA. Beyond those objectives our aim is to safeguard and standardise how we assess and improve our service in a full five-year plan looking ahead to our next external assessment in 2025. We will provide further details of this plan to Members alongside the EQA results in July.
External Quality Assessment
38. Public Sector Internal Audit Standard 1312 demands we undergo an external assessment at least every five years. The IIA undertook our last assessment, in spring 2015, that reported Mid Kent Audit as fully conforming to the Standards. Members will already be aware that earlier in the year we commissioned CIPFA to conduct the EQA 2020 for the Audit Partnership.
39. That review is taking place across February and March 2020 and we are grateful to those Members who have contributed either by meeting our assessor or completing a survey. We expect the final report in late March and will report to Members alongside an action plan in July.
Appendix I: Audit Universe
The “Audit Universe” is our running record of all services at the Council we might examine. The list below shows Maidstone specific entities on our current audit universe, followed by a record of audit audit history:
Service Area |
Auditable Areas |
MBC Bereavement Services |
Cemeteries & Crematoria |
MBC Building Control |
Building Control Income |
MBC Commissioning & Contracts |
Contract Management |
MBC Communications |
Marketing |
MBC Community Safety |
Safeguarding |
MBC Customer Services |
Customer Services |
MBC Democratic Services |
Democracy |
MBC Development Control |
Pre-Application Planning |
MBC Digital & Transformation |
Project Management |
MBC Environmental Enforcement |
Environmental Enforcement |
MBC Estate Management |
Health & Safety |
MBC Grounds Maintenance |
Grounds Maintenance |
MBC Housing |
Homelessness |
MBC Project Management |
Project Management |
MBC Public Health |
Public Health |
MBC Finance |
Budget Setting |
MBC Leisure |
Tourism Support |
MBC Museums |
Museum |
MBC Policy & Governance |
Information Management |
MBC Regeneration & Economy |
Economic Development |
MBC Residential Property |
Health & Safety |
MBC Resilience |
Business Continuity |
MBC Spatial & Strategic Planning |
Strategic Planning |
MBC Subsidiary Companies |
Subsidiary Company Governance |
MBC Waste Collection |
Waste Collection |
Non-MKS Shared Services |
Environmental Health |
Mid Kent HR |
Absence Management |
Mid Kent Audit |
Risk Management |
Mid Kent Revenues & Benefits |
Council Tax |
Mid Kent ICT |
IT Asset Management |
Mid Kent Legal Services |
Declarations of Interest |
Mid Kent Planning |
Planning Administration |
Appendix I: Audit History
Service Area |
Audit Project |
Audit Year |
Audit Rating |
MBC Communications |
MBC10(14/15) - Communications & Social Media |
2014/15 |
Sound |
MBC Democratic Services |
MBC11(14/15) - Members' Allowances |
2014/15 |
Sound |
MBC Finance |
MBC23(14/15) - Corporate Credit Cards |
2014/15 |
Sound |
MBC Finance |
MBC08(14/15) - Business Rates Retention Scheme (Risk) |
2014/15 |
Strong |
MBC Finance |
MBC09(14/15) - VAT Management |
2014/15 |
Sound |
MBC Finance |
MBC17(14/15) - Bank Reconciliation |
2014/15 |
Sound |
MBC Finance |
MBC28(14/15) - Accounts Payable (Creditors) |
2014/15 |
Sound |
MBC Leisure |
MBC07(14/15) - Leisure Centre Contract |
2014/15 |
Sound |
MBC Policy & Governance |
MBC15(14/15) - Data Protection |
2014/15 |
Weak |
MBC Resilience |
MBC02(14/15) - Emergency Planning |
2014/15 |
Weak |
MBC Waste Collection |
MBC12(14/15) - Waste Collection Contract |
2014/15 |
Sound |
Mid Kent HR |
MBC20(14/15) - Members' & Officers' Declarations of Interest |
2014/15 |
Weak |
Mid Kent ICT |
MBC06(14/15) - Computer Use Policy |
2014/15 |
Sound |
Mid Kent Legal Services |
MBC20(14/15) - Members' & Officers' Declarations of Interest |
2014/15 |
Weak |
Mid Kent HR |
MBC14(14/15) - Payroll |
2014/15 |
Strong |
Shared Revenues & Benefits |
MBC22(14/15) - Business Rates (Systems audit) |
2014/15 |
Strong |
MBC Commissioning & Contracts |
MBC/CF03(15/16) - Procurement |
2015/16 |
Sound |
MBC Community Safety |
MBC/CG05(15/16) - Safeguarding |
2015/16 |
Weak |
MBC Community Safety |
MBC/SR01(15/16) - Community Safety |
2015/16 |
Sound |
MBC Democratic Services |
MBC/CG04(15/16) - Members' Allowances |
2015/16 |
Sound |
MBC Development Control |
MBC/SR07(15/16) - Section 106 |
2015/16 |
Weak |
MBC Environmental Enforcement |
MBC/SR03(15/16) - Litter Enforcement |
2015/16 |
Sound |
MBC Finance |
MBC/CF01(15/16) - Budget Setting |
2015/16 |
Sound |
MBC Finance |
MBC/CF02(15/16) - Accounts Receivable (Systems Audit) |
2015/16 |
Sound |
MBC Grounds Maintenance |
MBC/SR10(15/16) - Grounds Maintenance |
2015/16 |
Sound |
MBC Housing |
MBC/SR04(15/16) - Temporary Accommodation |
2015/16 |
Sound |
MBC Leisure |
MBC/CF04(15/16) - Mote Park & Cobtree Café |
2015/16 |
Weak |
MBC Policy & Governance |
MBC/SR08(15/16) - Service Improvement |
2015/16 |
Strong |
MBC Resilience |
MBC/CG01(15/16) - Business Continuity |
2015/16 |
Weak |
MBC Waste Collection |
MBC/SR11(15/16) - MBC Garage |
2015/16 |
Sound |
Non-MKS Shared Services |
MBC/SR05(15/16) - Licensing |
2015/16 |
Sound |
Mid Kent HR |
MKS/SR01(15/16) - Learning & Development |
2015/16 |
Sound |
Mid Kent ICT |
MKS/SR02(15/16) - ICT Network Controls |
2015/16 |
Strong |
Mid Kent HR |
MKS/CF01(15/16) - Payroll |
2015/16 |
Strong |
Shared Revenues & Benefits |
MKS/CF02(15/16) - Business Rates |
2015/16 |
Strong |
Shared Revenues & Benefits |
MKS/CF03(15/16) - Council Tax |
2015/16 |
Sound |
MBC Bereavement Services |
MBC-OR03(16-17) - Crematorium |
2016/17 |
Sound |
MBC Democratic Services |
MBC-OR05(16-17) - Elections |
2016/17 |
Sound |
MBC Estate Management |
MBC-OR06(16-17) - Facilities Management |
2016/17 |
Sound |
MBC Estate Management |
MBC-OR13(16-17) - Health & Safety |
2016/17 |
Weak |
MBC Finance |
MBC-CF01(16-17) - Accounts Payable |
2016/17 |
Sound |
MBC Finance |
MBC-CF02(16-17) - General Ledger: Journals & Feeder Systems |
2016/17 |
Sound |
MBC Finance |
MBC-CF03(16-17) - Treasury Management |
2016/17 |
Sound |
MBC Grounds Maintenance |
MBC-OR09(16-17) - Public Conveniences |
2016/17 |
Sound |
MBC Leisure |
MBC-OR07(16-17) - Hazlitt |
2016/17 |
Weak |
MBC Policy & Governance |
MBC-CG04(16-17) - Performance Management |
2016/17 |
Weak |
MBC Policy & Governance |
MBC-CG03(16-17) - Freedom of Information |
2016/17 |
Sound |
MBC Public Health |
MBC-OR10(16-17) - Public Health |
2016/17 |
Sound |
Non-MKS Shared Services |
MKS-OR04(16-17) - Residents' Parking |
2016/17 |
Sound |
Non-MKS Shared Services |
MBC-OR12(16/17) - Park & Ride |
2016/17 |
Weak |
Mid Kent ICT |
MKS-CG01(16-17) - ICT Controls & Access |
2016/17 |
Sound |
Mid Kent HR |
MKS-CF01(16-17) - Payroll |
2016/17 |
Strong |
Shared Revenues & Benefits |
MKS-CF02(16-17) - Housing Benefits |
2016/17 |
Sound |
Shared Revenues & Benefits |
MKS-OR05(16-17) - Discretionary Housing Payments |
2016/17 |
Sound |
MBC Commissioning & Contracts |
MBC-OR05(17-18) - Contract Management |
2017/18 |
Weak |
MBC Commissioning & Contracts |
MBC-CF02(17-18) - Procurement |
2017/18 |
Weak |
MBC Communications |
MBC-OR10(17-18) - Promotion & Marketing |
2017/18 |
Sound |
MBC Community Safety |
MBC-OR01(17-18) - Animal Welfare Control |
2017/18 |
Weak |
MBC Democratic Services |
MBC-OR09(17-18) - Member Training & Induction |
2017/18 |
Sound |
MBC Finance |
MBC-OR08(17-18) - Insurance |
2017/18 |
Sound |
MBC Finance |
MBC-CF01(17-18) - Accounts Receivable |
2017/18 |
Weak |
MBC Grounds Maintenance |
MBC-OR11(17-18) - Street Scene |
2017/18 |
Sound |
MBC Housing |
MBC-OR06(17-18) - Home Assistance Grants |
2017/18 |
Sound |
MBC Housing |
MBC-OR07(17-18) - Homelessness |
2017/18 |
Sound |
MBC Policy & Governance |
MBC-CG01(17-18) - Complaints |
2017/18 |
Sound |
MBC Regeneration & Economy |
MBC-OR03(17-18) - Business Terrace |
2017/18 |
Sound |
MBC Resilience |
MBC-CG03(17-18) - Emergency Planning |
2017/18 |
Sound |
MBC Subsidiary Companies |
MBC-OR12(17-18) - Subsidiary Company Governance |
2017/18 |
N/A |
Non-MKS Shared Services |
MKS-OR02(17-18) - Food Safety |
2017/18 |
Sound |
Non-MKS Shared Services |
MKS-OR06(17-18) - Parking Income |
2017/18 |
Sound |
Shared Revenues & Benefits |
MKS-OR01(17-18) - Debt Recovery Service |
2017/18 |
Strong |
Mid Kent HR |
MKS-OR03(17-18) - HR Policy Compliance |
2017/18 |
Sound |
Mid Kent ICT |
MKS-CG04(17-18) - IT Disaster Recovery |
2017/18 |
Sound |
Mid Kent Legal Services |
MKS-OR05(17-18) - Legal Services |
2017/18 |
Sound |
Mid Kent HR |
MKS-CF01(17-18) - Payroll |
2017/18 |
Sound |
Director of Mid Kent Services |
MKS-OR04(17-18) - Land Charges |
2017/18 |
Weak |
Shared Revenues & Benefits |
MKS-CF02(17-18) - Business Rates |
2017/18 |
Strong |
MBC Building Control |
M19-AR04 - Building Control |
2018/19 |
Sound |
MBC Commissioning & Contracts |
X19-IV03 - Procurement Fraud Risk Review |
2018/19 |
N/A |
MBC Development Control |
M19-AR12 - Planning Enforcement |
2018/19 |
Weak |
MBC Digital & Transformation |
M19-AR15 - Transformation |
2018/19 |
Sound |
MBC Finance |
M19-AR03 - Budgetary Control |
2018/19 |
Sound |
MBC Finance |
M19-AR01 - Accounts Payable |
2018/19 |
Sound |
MBC Housing |
M19-AR09 - Housing Allocations |
2018/19 |
Sound |
MBC Museums |
M19-AR11 - Museum Income Collection |
2018/19 |
Sound |
MBC Policy & Governance |
X19-AR04 - General Data Protection Regulations |
2018/19 |
N/A |
MBC Regeneration & Economy |
M19-AR10 - Markets |
2018/19 |
Sound |
MBC Spatial & Strategic Planning |
M19-CN01 - Local Plan Project Review |
2018/19 |
N/A |
MBC Waste Collection |
M19-AR06 - Commercial Waste |
2018/19 |
Sound |
Non-MKS Shared Services |
X19-AR07 - Licensing Administration |
2018/19 |
Sound |
Shared Revenues & Benefits |
X19-AR10 - Revs & Bens Compliance Team |
2018/19 |
Sound |
Mid Kent HR |
X19-AR01 - Absence Management |
2018/19 |
Sound |
Mid Kent ICT |
X19-AR03 - Cyber Security |
2018/19 |
Sound |
Mid Kent Legal Services |
M19-AR07 - Declarations of Interest |
2018/19 |
Weak |
Mid Kent HR |
X19-IV02 - Payroll Fraud Risk Review |
2018/19 |
N/A |
Shared Revenues & Benefits |
X19-AR02 - Council Tax Reduction Scheme |
2018/19 |
Sound |
MBC Communications |
M20-AR06 - Social Media |
2019/20 |
Sound |
MBC Estate Management |
M20-AR03 - Health & Safety |
2019/20 |
Weak |
MBC Finance |
X20-CON02 - Financial Resilience Index |
2019/20 |
N/A |
MBC Finance |
M20-AR05 - Corporate Credit Cards |
2019/20 |
Sound |
MBC Leisure |
M20-AR04 - Parks |
2019/20 |
Sound |
Non-MKS Shared Services |
X20-AR02 - Civil Parking Enforcement |
2019/20 |
Sound |
Mid Kent HR |
X20-AR05 - Recruitment |
2019/20 |
Sound |
Appendix II: Assurance Ratings
Assurance Ratings 2020/21 (unchanged since 2014/15)
Full Definition |
Short Description |
Strong – Controls within the service are well designed and operating as intended, exposing the service to no uncontrolled risk. There will also often be elements of good practice or value for money efficiencies which may be instructive to other authorities. Reports with this rating will have few, if any, recommendations and those will generally be priority 4. |
Service/system is performing well |
Sound – Controls within the service are generally well designed and operated but there are some opportunities for improvement, particularly with regard to efficiency or to address less significant uncontrolled operational risks. Reports with this rating will have some priority 3 and 4 recommendations, and occasionally priority 2 recommendations where they do not speak to core elements of the service. |
Service/system is operating effectively |
Weak – Controls within the service have deficiencies in their design and/or operation that leave it exposed to uncontrolled operational risk and/or failure to achieve key service aims. Reports with this rating will have mainly priority 2 and 3 recommendations which will often describe weaknesses with core elements of the service. |
Service/system requires support to consistently operate effectively |
Poor – Controls within the service are deficient to the extent that the service is exposed to actual failure or significant risk and these failures and risks are likely to affect the Council as a whole. Reports with this rating will have priority 1 and/or a range of priority 2 recommendations which, taken together, will or are preventing from achieving its core objectives. |
Service/system is not operating effectively |
Recommendation Ratings 2019/20 (unchanged since 2014/15)
Priority 1 (Critical) – To address a finding which affects (negatively) the risk rating assigned to a Council strategic risk or seriously impairs its ability to achieve a key priority. Priority 1 recommendations are likely to require immediate remedial action. Priority 1 recommendations also describe actions the authority must take without delay.
Priority 2 (High) – To address a finding which impacts a strategic risk or key priority, which makes achievement of the Council’s aims more challenging but not necessarily cause severe impediment. This would also normally be the priority assigned to recommendations that address a finding that the Council is in (actual or potential) breach of a legal responsibility, unless the consequences of non-compliance are severe. Priority 2 recommendations are likely to require remedial action at the next available opportunity, or as soon as is practical. Priority 2 recommendations also describe actions the authority must take.
Priority 3 (Medium) – To address a finding where the Council is in (actual or potential) breach of its own policy or a less prominent legal responsibility but does not impact directly on a strategic risk or key priority. There will often be mitigating controls that, at least to some extent, limit impact. Priority 3 recommendations are likely to require remedial action within six months to a year. Priority 3 recommendations describe actions the authority should take.
Priority 4 (Low) – To address a finding where the Council is in (actual or potential) breach of its own policy but no legal responsibility and where there is trivial, if any, impact on strategic risks or key priorities. There will usually be mitigating controls to limit impact. Priority 4 recommendations are likely to require remedial action within the year. Priority 4 recommendations generally describe actions the authority could take.
Advisory – We will include in the report notes drawn from our experience across the partner authorities where the service has opportunities to improve. These will be included for the service to consider and not be subject to formal follow up process.