Annual Internal Audit Report and Opinion 2020/21
July 2021
Maidstone Borough Council
Introduction
1. The IIA gives the mission of internal audit: to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.
2. The mission and its associated code of ethics and Standards govern over 200,000 professionals in businesses and organisations around the world. Within UK Local Government, authority for internal audit stems from the Accounts and Audit Regulations 2015. The Regulations state services must follow the Public Sector Internal Audit Standards – an adapted and more demanding version of the global standards. Those Standards set demands for our annual reporting:
Independence of internal audit
3. Mid Kent Audit works as a shared service between Ashford, Maidstone, Swale and Tunbridge Wells Borough Councils. A Shared Service Board including representatives from each council supervises our work based on our collaboration agreement.
4. Within Maidstone BC during 2020/21 we have continued to enjoy complete and unfettered access to officers and records to complete our work. On no occasion have officers or Members sought or gained undue influence over our scope or findings.
5. I confirm we have worked with full independence as set out in our Audit Charter and Standard 1100.
The Impact of Covid-19
6. We presented our 2020/21 Audit & Assurance Plan to Members on 16 March 2020 based on a then-current view of the risks faced by the authority. After then the risk landscape changed substantially. We also needed to reflect our reduced capacity given the extended overhang of 2019/20 plan completion arising from staff redeployment. In total that redeployment supporting all four partner authorities came to almost 350 auditor days, helping support community hubs and manage grants to local businesses.
7. We presented a changed 2020/21 audit plan to Members on 14 September 2020. We have used that new plan to describe results in this report.
Head of Internal Audit Opinion
Scope and time period
8. I provide this opinion to Maidstone Borough Council (the Council) to include in its Annual Governance Statement, as published alongside its financial statements for the year ended 31 March 2021.
Scope limits
9. The role of internal audit need not cover only assurance and may extend towards consultancy, advice and strategic support. We have agreed with the Committee the overall scope of our work in our Internal Audit Charter and the specific scope of our work this year in our approved 2020/21 Audit & Assurance Plan.
10. However our audit plan cannot address all risks across the Council and represents our best use of inevitably limited capacity. In approving the plan, the Committee recognised this limit. Beyond this general disclaimer, I have no specific limits of our scope to report to the Committee.
Consideration of work completed and reliance on others
11. I have drawn my opinion from the work completed during the year. I first set out the work in the plan approved by Members on 16 March 2020 and later developed it in line with emerging risks and priorities. I particularly ask that Members note the adjustments set out above following on from the Covid-19 pandemic. I set out the most significant of these adjustments in a revised plan on 14 September 2020.
12. In completing my work I have placed no specific reliance on external sources.
Information supporting the opinion
13. The rest of this report summarises the work completed in delivering the internal audit plan through 2020/21.
14. My opinion draws on the work carried out by Mid Kent Audit during the year on the effectiveness of managing those risks identified by the Council and covered by the audit programme or associated assurance. Not all risks fall within our work programme. For risks not directly examined I am satisfied an assurance approach exists to provide reasonable assurance on effective management.
Risk and control
15. The Council is responsible for ensuring it undertakes its business within the law and proper practices. The Council must also ensure it safeguards and properly accounts for its resources, using them economically, efficiently and effectively. The Council also has a duty under the Local Government Act 1999 to seek continuous improvement in exercising its roles.
16. The Council has described key parts of its internal control and risk management within the Local Code of Governance and Risk Management Framework.
17. Organisations design internal controls to manage to an acceptable level rather than remove the risk of failing to achieve objectives. So, internal controls can only provide reasonable and not complete assurance of effectiveness. Designing internal controls is a continuing exercise designed to identify and set priorities around the risks to the Council achieving its objectives. The work of designing internal controls also evaluates the likelihood of those risks coming about and managing the impact should they do so.
18. In completing our work we have considered the control environment and objectives in place at the Council.
Conformance with standards
19. Mid Kent Audit has conducted its work following the Standards and good practice as represented in our internal quality assurance. This includes working to an agreed audit manual with satisfactory supervision and review.
20. During 2020/21, as the Standards demand, we undertook an external quality assessment. After a competitive procurement we commissioned an external assessor from the Chartered Institute of Public Finance and Accountancy (CIPFA) to report on our conformance with the Standards and the overall quality of the service.
21. The assessor decided that Mid Kent Audit works in full conformance with the Standards. We include the full report as an appendix and summarise its findings later in this report.
22. We also describe later in this report our efforts towards continuing improvement and the results of our Quality and Improvement work.
Overall conclusion
Internal Control
23. I am satisfied that during the year ended 31 March 2021 the Council managed its internal controls to offer sound assurance on control effectiveness.
Governance
24. I am satisfied that Council’s corporate governance arrangements for the year ended 31 March 2021 comply in all material respects with guidance on proper practices[1].
Risk Management
25. I am satisfied the risk management arrangements at the Council for the year ended 31 March 2021 are effective and provide sound assurance.
Other Matters
26. I have no other matters to report as part of my opinion.
Rich Clarke CMIIA
CPFA ACFS
Head of Audit Partnership
July 2021
Internal Control
27. Internal control is how the Council ensures achievement of its objectives with effectiveness and efficiency; achieving reliable financial reporting and compliance with laws, regulations and policies. It covers financial and non-financial controls.
28. We gain audit evidence to support the Head of Audit opinion on internal control principally through completing the reviews set out within our agreed audit plan.
Maidstone Audit Plan Work 2020/21
29. This Committee approved our 2020/21 Audit & Assurance Plan on 16 March 2020 and then a revised plan on 14 September 2020. The plan set out an intended number of days devoted to each of various tasks. We began work on the plan during September 2020 and continued working through to July 2021.
30. The table below shows progress in total number of days delivered against the original plan, and the revisions we made to account for staff redeployment.
Category |
2020/21 Original Plan |
2020/21 Changed Plan |
2020/21 Outturn |
2020/21 Risk Based Audit |
285 |
218 |
215 |
Non-Project Assurance Work |
135 |
112 |
65 |
Unallocated Contingency |
100 |
80 |
93 |
Total |
520 |
410 |
373 |
Concluding 2020/21 work |
0 |
0 |
67 |
31. Our final delivery was 373 audit days. This represents, accounting for revisions and changes to approach and risk, roughly 91% completion of the plan.
32. In our September changed plan we detailed 25 audit potential engagements, 11 High and 14 Medium priority. Our aim was to complete all the High priority engagements and 3 of the Medium priority engagements. We have completed 9 High Priority and 4 Medium priority engagements.
33. Considering the broader assurance sources described in this report, I am satisfied this provides enough evidence to support a robust year end opinion.
34. We detail the specifics, and results, of this progress further in this report.
Results of Audit Work
35. The tables below summarise audit engagement findings up to the date of this report. Where there are material matters finished before the committee meeting we will provide a verbal update. (* = Shared service involving the Council).
Completed Assurance Engagements
|
Title |
Priority-Rated Agreed Actions |
Report Issue |
Rating |
Notes |
2019/20 Assurance Engagements Completed After 1 April 2020 |
|||||
|
Council Tax Billing* |
1 x Low |
Apr-20 |
STRONG |
Summarised to Members in our last Annual Report July 2020 |
|
Health & Safety |
3 x High, 4 x Med, 10 x Low |
May-20 |
WEAK |
|
|
Discretionary Housing Payments* |
2 x Low |
May-20 |
SOUND |
|
|
ICT Technical Support* |
4 x Low |
Jul-20 |
N/A |
|
|
Social Media |
2 x Med, 4 x Low |
Jul-20 |
SOUND |
|
|
Treasury Management |
None |
Jul-20 |
N/A |
|
|
Universal Credit* |
None |
Jul-20 |
N/A |
|
|
Customer Services |
1 x Med, 1 x Low |
Jul-20 |
N/A |
|
|
Planning Discharge Conditions |
3 x Med |
Jul-20 |
N/A |
Summarised to Members in our interim Report January 2021 |
|
Waste Crime Team |
1 x High, 4 x Low |
Jul-20 |
N/A |
|
|
Noise Nuisance |
1 x High |
Jul-20 |
N/A |
|
|
Members’ Allowances |
2 x Low |
Nov-20 |
N/A |
|
High Priority 2020/21 Engagements (as set out in September Plan). Aimed to complete 100% of engagements (11/11). |
|||||
I |
Section 106 & Developer Contributions |
1 x High, 4 x Med |
May-21 |
SOUND |
|
II |
Homelessness Duties |
2 x Med, 2 x Low |
Jun-21 |
SOUND |
|
III |
Community Hub Support |
None |
Jun-21 |
N/A |
|
IV |
Development Management |
3 x Med, 3 x Low |
Jul-21 |
SOUND |
|
|
Remote IT Access |
CURRENTLY ISSUED IN DRAFT |
Final expected July/August 2021 |
||
|
Project Management Governance |
CURRENTLY ISSUED IN DRAFT |
Final expected July/August 2021 |
||
|
Public Consultations |
CURRENTLY ISSUED IN DRAFT |
Final expected July/August 2021 |
||
|
Bailiff Service |
CURRENTLY ISSUED IN DRAFT |
Final expected July/August 2021 |
||
|
Air Quality |
CURRENTLY ISSUED IN DRAFT |
Final expected July/August 2021 |
||
|
Capital Project Management |
Cancelled to make way for MHCLG review of capital project at Innovation Centre |
|||
|
Climate Change Action Plan |
Postponed to 21/22 following delays in finalising action plan. |
|||
Medium Priority 2020/21 Engagements (as set out in September Plan). Aim to complete 20% of engagements (3/14). |
|||||
V |
Accounts Receivable |
1 x Low |
Apr-21 |
SOUND |
|
VI |
Homeless Outtreach |
None |
Jun-21 |
SOUND |
|
VII |
IT Asset Management |
4 x Med, 3 x Low |
Jul-21 |
SOUND |
|
|
Residential Property Management |
Proposed medium priority projects not taken forward in 2020/21 in favour of those presenting higher risk. |
|||
|
Grounds Maintenance |
||||
|
Garden Waste |
||||
|
Electoral Registration |
||||
|
Property Acquisition & Disposal |
||||
|
Property Management |
||||
|
Subsidiary Company Governance |
||||
|
Commissioning |
||||
|
Local Plan Project Governance |
||||
|
Pay & Display |
||||
|
Housing Benefit Overpayments |
I: Section 106 & Developer Contributions (May 2021)
36. We found a settled approach for overseeing the Council’s Section 106 agreements. This includes using tailored software to record the agreements and track progress against milestones. We also found, bar one specific instance, a sound approach for releasing unspent funding back to developers.
37. However, our testing found some significant discrepancies in recorded information. This could lead the service to hold incomplete or inaccurate details on the agreements. We have recommended the service undertake a regular reconciliation with information held by others, such as the legal service, alongside general improvements in cross-service liaison.
II: Homelessness Duties (June 2021)
38. We believe the Council has appropriate arrangements in place to ensure compliance with its duties under the Homelessness Reduction Act 2017 throughout the life cycle of a case.
39. There is an efficient triage process in place, covering both self-referrals and agency referrals. Our testing found the Council is complying with HRA requirements across the process, for example with regards to duty assessments, Personal Housing Plans and reviews. There is a sound authorisation process to place applicants into temporary accommodation and we found the service regularly monitor staff workload.
40. However, we have identified several minor opportunities to strengthen controls. Case reviews and case audits are currently ad hoc, but the service could benefit from these processes being more frequent.
III: Community Hub Support (June 2021)
41. The task handed to authorities was new and urgent. There was no ‘standard operating procedure’. However the various approaches authorities adopted shared certain similar characteristics; “convergences” where a similar idea became adopted universally. On the other hand we also draw out the “divergences”; where authorities took different approaches to similar challenges. We do not in this report give any view on which approach was most effective. Each authority adapted to its circumstances in the face of unprecedented challenge. Instead this report highlights some of those approaches to supplement developing emergency planning arrangements.
Overall Summary Table: The Convergences and Divergences on Community Hub Approaches
Type |
Understanding need |
Communicating with vulnerable communities |
Managing delivery |
Project reflection |
Convergences |
- Offering support beyond minimum CEV - Teams for triage, distribution & social isolation
|
- Dedicated phone - Website forms - Out of hours service - Links to community organisations |
- Using existing emergency planning approaches - Redeploying staff from closed facilities - Single nominated lead officer - Signposting to voluntary organisations - Following standard admin & finance rules with dedicated accounts coding - Shared folders and filing - Role descriptions & procedure notes |
- Project reflection report - Used to inform similar future events - Adapted emergency planning response |
Divergences
|
- Using own data to identify vulnerable residents (ABC/SBC) - Using commercial and mapping data to identify support need (ABC) |
- Letter to residents (SBC/TWBC) - Linking to residents-led Facebook groups (TWBC) - Dedicated “help@” inbox (ABC) - Social isolation focused website (TWBC) |
- Creating risk register (SBC) - Dedicated inboxes for teams (SBC/MBC/TWBC) - Live data collection and stats analysis (MBC) - Online training for volunteers (SBC) - Using MS Teams extensively to co-ordinate and retain documentation (ABC) - Risk assessed local groups to establish best partners to deliver services (ABC) |
|
IV: Development Management (July 2021)
42. In 2018 the Council introduced a Scheme of Delegation, which sets out the approval process for officer decisions. Part of the scheme allows some officers to approve their own decisions. Although this approach improves efficiency, it also increases the risk to the Council of officers making inappropriate decisions. There is no evidence that the Council has fully considered this specific risk, though others have been considered. We examined the controls in place to mitigate this risk and found there are controls in place to ensure officers were fully trained and there was a fully documented rationale for all decisions. Our testing also established decisions were made and approved in accordance with the Scheme.
43. However, there is not a robust process for officers to declare interests which may affect their impartiality when making planning decisions. The service relies on applicants declaring relationships to anyone employed by the Council; the corporate declaration of interests process, which is not designed for this purpose; and the code of conduct to mitigate against this risk.
V: Accounts Receivable (April 2021)
44. We are satisfied that the service are generally controlling their risks for accounts receivable. However, our testing identified the procedure notes need updating, and the aged debt reports sent to Budget Managers and Heads of Service didn't include all debts related to their service.
45. We found the process to raise invoices is sound, and the debt write off procedure works well.
VI: Homeless Outreach (June 2021)
46. The Personal Budgets policy complies with the Council's Financial Procedure Rules and uses the corporate credit card and accounts payable processes to make purchases. Our testing showed purchases under the policy are made in order to aid those being supported by the Homeless Outreach Service. There are clear records demonstrating the purpose of the purchase as well as evidence of the expenditure which is retained and reconciled back to financial records. All purchases over £200 were also clearly authorised by an appropriate officer in line with the Policy.
VII: IT Asset Management (July 2021)
47. Mid Kent ICT runs an Asset Management System (Snow) which automatically updates when users login. The system provides a good level of oversight on the location and ownership of council IT assets. However, the system has a weakness to address arising when assets are out of use for 30 days or more and so do not have their status updated automatically. While general level of encryption is increasing as new machines come into use, a narrow majority (56%) remain unencrypted, but protected by password controls.
48. We also found a lack of documentation and record-keeping, some processes having fallen out of use over the past two years. In particular there is no consistent ‘check-in and check-out’ documentation. The service cannot say with certainty users have accepted assets or returned them on departure.
49. We found good controls around buying IT assets. However, the service must ensure it complies with rules for high value assets. The service must also improve its documentation around asset disposal.
Following Up Actions
50. Our approach to agreed actions is that we follow up each quarter, examining those that fell due in the previous three months. We take due dates from the action plan agreed with management when we finish our reporting. We report progress on implementation to Corporate Leadership Team each quarter. Our report includes matters of continuing concern and where we have revisited an assurance rating (typically after action to address key findings).
51. We summarise the current position below. The chart shows low priority actions (at the left of each bar) in green, medium priority in amber (in the middle) and high priority in red (at the right of the bars).
52. During the year we reviewed 79 separate agreed actions. During the year officers acted promptly to complete agreed actions, with the result that very few actions have carried forward into the current year.
53. Overall we are content with officers’ progress on acting to address findings we raise in our reviews.
Corporate Governance
54. Corporate governance is the rules, practices and processes that direct and control the Council.
55. We gain audit evidence to support the Head of Audit Opinion through completion of relevant reviews in the audit plan, as well as specific roles on key project and management groups. We also consider matters brought to our attention by Members or staff through whistleblowing and the Council’s counter fraud and corruption arrangements.
Counter Fraud & Corruption
56. We consider counter fraud and corruption risks in all of our audit engagements when considering the effectiveness of control. We also undertake distinct work to assess and support the Council’s arrangements.
Whistleblowing, money laundering and investigations
57. The Council’s whistleblowing policy names internal audit as one route for Members and officers to safely raise concerns on inappropriate or even criminal behaviour.
58. We had one matter raised with us as a whistleblowing issue by a member of staff. After investigating the matter and reviewing evidence provided we could not substantiate the allegations made. We reported our findings back to the whistleblower and provided a summary of findings to the Council. We have had no other matters raised with us for investigation as whistleblowing complaints.
59. We have also had no matters raised with us noting concerns that may suggest a breach of money laundering regulations.
Investigations
60. We have had two matters of note raised with us for investigation during the year. Each matter was raised at first by members of the public. The first matter we investigated directly. We found no evidence to substantiate inappropriate conduct by Council employees. However, we did offer advice to the relevant service for strengthening controls around system access and document handling.
61. The second matter we did not have capacity to investigate within the team and so helped co-ordinate with the relevant service to commission an outside investigation by Kent County Council’s counter fraud team. That investigation is ongoing and we expect its conclusion imminently.
National Fraud Initiative
62. We continue to coordinate the Council’s response to the National Fraud Initiative (NFI). NFI is a statutory data matching project and we must send in various forms of data to the Cabinet Office who manage the exercise.
63. During 2020/21 we successfully co-ordinated the Council’s compilation and upload of data to the Cabinet Office. Earlier this year the Cabinet Office released the 2020/21 matches, which we will begin examining this autumn.
Risk Management
64. We reported separately to Members earlier this year on risk management work during 2020/21.
Other Audit and Advice Work
65. We also continue to undertake a broad range of special and scheduled consultancy and advice work for the Council. Examples include our attendance as part of the Wider Leadership Team. We have also completed specific reviews looking at individual parts of the Council’s control environment at the request of officers.
66. Remote meetings and the Covid pandemic have put on hold our series of Member briefings. We are hoping to restart these briefings during 2021/2 and are keen to hear from Members on any areas of interest which may form future sessions.
67. We remain engaged and flexible in seeking to meet the assurance needs of the Council. We are happy to discuss opportunities large and small where the Council can usefully employ the experience and expertise of the audit team.
Audit Quality & Improvement
Standards and ethical compliance
68. Government sets out the professional standards we must work to in the Public Sector Internal Audit Standards (the “Standards”). These Standards are a strengthened version of the Institute of Internal Audit’s global internal audit standards, which apply across public, private and voluntary sectors in more than 170 countries around the world.
69. The Standards include a specific demand for reporting to Senior Management and Audit Committee on our conformance with the Code of Ethics as well as the Standards themselves. We have included the Code within our Audit Manual and training for some years. We can report to Members we remain in conformance with the Code.
External Quality Assessment & Quality Assurance Plan
70. In September 2020 we reported to Members our second successive fully conforming conclusion in an External Quality Assessment. The Assessment included a few recommendations for us to consider and we updated Members on their progress. The table below summarises our progress on the remaining actions:
Recommendation |
Current Position |
Enhance declaration of interest forms for audit staff |
New form rolled out as part of annual planning and completed by all staff in March 2021. Complete |
Renew collaboration agreement |
See following section. In progress |
71. In our 2021/22 Audit & Assurance Plan reported to Members we described our Quality Assurance Plan. This Plan aims to ensure we uphold high quality in a changing profession by setting out our methods for periodic and spot-check reviews of our methods and approaches. Recent progress against that Plan includes:
· Ethics: We overhauled our approach to collecting and monitoring information on declarations of interest within the audit team.
· Client Liaison: We have set up a group within the audit service to examine the information we share with clients to support engagements. We expect that improved approach to begin in 2022/23.
· Review Process: We undertook a review within the audit team on perspectives of how we review work to guarantee quality and drive professional development. This review resulted in a number of tweaks to our reviews beginning in 2021/22.
· Assurance Ratings & Finding Priorities: After having kept the same ratings since 2014/15 we completed a substantial review project looking at other approaches across the world. We also consulted client officers and brought forward proposals internally in the Spring. We will trial these changes in select engagements aiming to settle proposals to begin in 2022/23.
· Sample and item testing: We have just begun a project looking at how we undertake sample testing during audit engagements. This project will aim to ensure we make use of a full range of testing methods, including data analytics, to improve the efficiency and effectiveness of our assurance. We aim to complete this project before the end of 2021 and potentially roll out new testing methods during 2022.
72. Alongside these specific reviews we also continue our routine liaison with the audit profession to identify and bring forward best practice. To that end we are deepening links with major professional bodies (IIA and CIPFA) as well as groups such as the Local Authority Chief Auditors’ Network (LACAN).
Collaboration Agreement
73. Our EQA identified the need to update the audit shared service collaboration agreement. This agreement, which forms the legal basis of the partnership’s work, expired in March 2019. However all four authorities have continued to follow its terms in expectation that a new agreement will follow.
74. We have completed a first round of consultation with all four authority partners. This has given a broad steer to what will feature in a fresh agreement:
· A continuing agreement, rather than having a specific expiry date. This will include terms for periodic review as well as setting out terms for authorities to join or leave the partnership.
· An agreement that covers the full scope of Mid Kent Audit’s work. Currently the agreement only specifies audit services. A future agreement will recognise and govern our broader risk management, counter fraud and governance work.
· A fresh financial settlement. The existing agreement set division between the partners at 2014 levels with no means of adjustment. A fresh agreement will provide a method for calculating split between authorities and contain terms for changing over time.
· Clarified governance arrangements. The new agreement will make clear how Partnership’s work is supervised and overseen involving all four (current) partner authorities.
· Scope for authorities to tailor their service. The new agreement will keep direction to a minimum. Thus recognising the role of Senior Management and Audit Committee Members in deciding a level and nature of internal audit provision that meets their governance needs.
75. The next steps are to translate these terms into a legal document for agreement among the partners. We hope to have the new collaboration agreement in place to begin 1 April 2022.
Training and Qualifications
76. We continue to offer strong support to the audit team in continuing development and upholding professional competence. In 2020/21 this involved providing individual training budgets and supporting people to follow avenues for development suitable for their career position and ambitions.
77. A key but far from sole part of this approach is supporting professional qualifications. During 2020/21 we supported several of the team through professional studies and remain pleased with their progress and success. We would like to highlight:
· Jen Warrillow: Achieved the full Chartered qualification from the Institute of Internal Audit. She is now eligible to apply for full Chartered status and use the professional suffix CMIIA.
· Cath Byford & Katie Bucklow: Our two apprentices continue making good progress through their professional qualifications. They are studying through Birmingham City University and each received a distinction pass on their latest University exams. As well, Cath (who began her apprenticeship six months before Katie) has recently completed the full Certified Internal Auditor qualification, becoming entitled to use the professional suffix CIA.
78. One feature of being a small and developing team is that sometimes opportunities for advancement will not arise coincidentally when individuals are ready for their next step. During the last few months we’ve lost three further members of the audit team to promotions elsewhere. We wish them well and hope that seeing the ‘Mid Kent Audit’ family spreads across the profession will strengthen our reputation.
79. However, they leave a significant gap behind with five of our twelve posts now being vacant. We will shortly embark on a major recruitment exercise to fill the vacancies. We are grateful for the continuing support of partner authorities in recognising the value of an effective internal audit service.
80. Finally, Members will recall in the Spring we had the honour of being shortlisted by the Institute of Internal Audit’s “Audit & Risk Awards 2021” as ‘Best Public Sector Audit Team’. Unfortunately we were not successful on the night, and congratulate Scottish Enterprise who took home the awards. You can see the full list of winners on the IIA’s website at this link.
81. However, simply being shortlisted is a notable honour, picked by the IIA from more than 50 services put forward. This is especially so as being the smallest and only district council team recognised. Unfortunately the acceptance speech will have to remain in the drafts folder, but maybe next year?
Acknowledgements
82. We achieve these results through the hard work and dedication of our team and the resilience that comes from working a shared service across four authorities.
83. As a management team in Mid Kent Audit, we wish to send our public thanks to the team for their work through the year so far.
84. We would also like to thank Managers, Officers and Members for their continued support as we complete our audit work during the year.
Annex 1: Assurance & Priority level definitions
Assurance Ratings 2020/21 (Unchanged from 2014/15)
Full Definition |
Short Description |
Strong – Controls within the service are well designed and operating as intended, exposing the service to no uncontrolled risk. There will also often be elements of good practice or value for money efficiencies which may be instructive to other authorities. Reports with this rating will have few, if any; recommendations and those will generally be priority 4. |
Service/system is performing well |
Sound – Controls within the service are generally well designed and operated but there are some opportunities for improvement, particularly with regard to efficiency or to address less significant uncontrolled operational risks. Reports with this rating will have some priority 3 and 4 recommendations, and occasionally priority 2 recommendations where they do not speak to core elements of the service. |
Service/system is operating effectively |
Weak – Controls within the service have deficiencies in their design and/or operation that leave it exposed to uncontrolled operational risk and/or failure to achieve key service aims. Reports with this rating will have mainly priority 2 and 3 recommendations which will often describe weaknesses with core elements of the service. |
Service/system requires support to consistently operate effectively |
Poor – Controls within the service are deficient to the extent that the service is exposed to actual failure or significant risk and these failures and risks are likely to affect the Council as a whole. Reports with this rating will have priority 1 and/or a range of priority 2 recommendations which, taken together, will or are preventing from achieving its core objectives. |
Service/system is not operating effectively |
Note for reports issued during the COVID-19 Emergency
During this period we have temporarily moved away from giving a single word assurance rating back to a narrative conclusion balancing the strengths and weaknesses of controls in a service. The aim is to streamline discussion at the point of closing a review and allow the discussion to move swiftly on to implementing the agreed actions. |
Recommendation Ratings 2020/21 (unchanged from 2014/15)
Priority 1 (Critical) – To address a finding which affects (negatively) the risk rating assigned to a Council strategic risk or seriously impairs its ability to achieve a key priority. Priority 1 recommendations are likely to require immediate remedial action. Priority 1 recommendations also describe actions the authority must take without delay.
Priority 2 (High) – To address a finding which impacts a strategic risk or key priority, which makes achievement of the Council’s aims more challenging but not necessarily cause severe impediment. This would also normally be the priority assigned to recommendations that address a finding that the Council is in (actual or potential) breach of a legal responsibility, unless the consequences of non-compliance are severe. Priority 2 recommendations are likely to require remedial action at the next available opportunity, or as soon as is practical. Priority 2 recommendations also describe actions the authority must take.
Priority 3 (Medium) – To address a finding where the Council is in (actual or potential) breach of its own policy or a less prominent legal responsibility but does not impact directly on a strategic risk or key priority. There will often be mitigating controls that, at least to some extent, limit impact. Priority 3 recommendations are likely to require remedial action within six months to a year. Priority 3 recommendations describe actions the authority should take.
Priority 4 (Low) – To address a finding where the Council is in (actual or potential) breach of its own policy but no legal responsibility and where there is trivial, if any, impact on strategic risks or key priorities. There will usually be mitigating controls to limit impact. Priority 4 recommendations are likely to require remedial action within the year. Priority 4 recommendations generally describe actions the authority could take.
Advisory – We will include in the report notes drawn from our experience across the partner authorities where the service has opportunities to improve. These will be included for the service to consider and not be subject to formal follow up process.
[1] “Proper practices” are defined by CIPFA/SOLACE and set out in Delivering Good Governance in Local Government Framework (2016).