Interim Internal Audit & Assurance Report









November 2021
Maidstone Borough Council

Title: Maidstone Borough Council Logo - Description: Maidstone Borough Council Logo


1.             The Institute of Internal Audit gives the mission of internal audit: to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.

2.             The mission and its associated code of ethics and Standards govern over 200,000 professionals in businesses and organisations around the world.  Within UK Local Government, authority for internal audit stems from the Accounts and Audit Regulations 2015.  The Regulations state services must follow the Public Sector Internal Audit Standards – an adapted and more demanding version of the global standards.  Those Standards set demands for our reporting:

Title: PSIAS Extract: Standard 2060 - Description: 2060 Reporting to Senior Management and the Board. 

The Chief Audit Executive must report periodically to senior management and the board on the internal audit activity's purpose, authority, responsibility and performance relative to its plan and on its conformance with the Code of Ethics and the Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues and other matters that require the attention of senior management and/or the board.

Title: PSIAS Extract - Interpretation - Description: Interpretation:

The frequency and content of reporting are determined collaboratively by the chief audit executive, senior management and the board. The frequency and content of reporting depends on the importance of the information to be communicated and the urgency of the related actions to be taken by senior management and/or the board.

The Chief Audit Executive's reporting and communication to senior management and the board must include information about:
 - The audit charter.
 - Independence of the internal audit activity.
 - The audit plan and progress against the plan.
 - Resource requirements.
 - Results of audit activities.
 - Conformance with the Code of Ethics and the Standards, and action plans to address any significant conformance issues.
 - Management's resposne to risk that, in the chief audit executive's judgement, may be unacceptable to the organisation.

Audit Charter

3.             This Committee approved our Audit Charter in September 2021 and it remains in place through the audit year.


Independence of internal audit

4.             Mid Kent Audit works as a shared service between Ashford, Maidstone, Swale and Tunbridge Wells Borough Councils. A Shared Service Board including representatives from each council supervises our work based on our collaboration agreement.

5.             Within Maidstone BC during 2021/22 we have continued to enjoy complete and unfettered access to officers and records to complete our work.  On no occasion have officers or Members sought or gained undue influence over our scope or findings.

6.             I confirm we have worked with full independence as defined in our Audit Charter and Standard 1100.

Management response to risk

7.             We include the results of our work in the year so far later in this report.  In our work we often raise recommendations for management action.  During the year so far management have agreed to act on all recommendations we have raised.  We report on progress towards implementation in the section titled Agreed Actions Follow Up Results.

8.             There are no risks we have identified in our work that we believe management have unreasonably accepted.

Resource Need

9.             We reported in our plan presented to this Committee in March 2021 an assessment on the resources available to the audit partnership for completing work at the Council.  That review decided:

…we believe we have enough resource to deliver the 2021/22 plan

10.         Since March 2021 we have experienced much change within the audit team. Shortly after Members agreed the plan, both of our most recent successful qualified trainees left for more senior roles elsewhere. While we’re always pleased to support development, their loss left a notable gap in the team that we hoped to fill with recruits over the summer.

11.         For that recruitment exercise, we were successful in having offers of employment accepted for all three audit roles advertised, unfortunately two candidates withdrew during the pre-employment checks having received better offers elsewhere.

12.         The result is the team continues to have vacancies at Auditor, Audit Apprentice and Risk & Governance Officer level. We hope to re-advertise these roles shortly. Until then we are preparing a market tender to seek contractor support in completing 2021/22 audit and assurance plans. We hope to award the contracts before the end of 2021, for work to take place in the New Year.

13.         There has also been significant change within the management team. Russell Heppleston, Deputy Head of Audit, left the partnership after 16 years for a new role with the National Audit Office. To see out the year, Ali Blake of the Mid Kent Audit team has stepped up as Interim Deputy Head of Audit. Ali will focus on leading our risk and governance work, including implementation of JCAD, our new risk management software.

14.         Joining us as interim audit manager, with particular responsibility for Ashford and Swale, is Julie Hetherington. Julie joins us after twelve years as an Audit Manager at London Borough of Lewisham and will be a great asset to the partnership.

15.         Finally, after nearly eight years in the role as Head of Audit Partnership, Rich Clarke will leave for a new role at LB Lewisham in the New Year. Work is already underway to recruit Rich’s successor.

16.         Despite all this change we continue to make good progress through the Audit Plan agreed earlier this year. We continue to believe we have enough resources available to us to deliver the 2021/22 audit plan and provide a robust opinion at year end. However, this will be a matter of judgement for the next Head of Audit Partnership. We will, following guidance issued by CIPFA, report quickly to Senior Management and Members if we have any concerns that forecast will change.

Audit Plan Progress: Closing 2020/21

17.         In July, there were two audit engagements approaching completion that did not finish in time for Committee deadlines. I set out below our summary findings for these remaining engagements. As expected, there were no significant concerns that would alter the opinion or demand separate reporting.


Bailiff Service (September 2021)

18.         Our opinion based on our audit work is the Enforcement Team has SOUND controls in place to manage its risks and support achievement of its objectives.

19.         Mid Kent Enforcement have good controls in place to ensure staffing levels remain appropriate while their case load has fluctuated as a result of the pandemic.  Staff are qualified and adequately trained to undertake their roles.  There are various payment methods available to encourage debt repayment, with automated systems in place where possible to ensure accurate recording.  Recovery notices are issued and payment arrangements are available when appropriate.

·         Finding Summary: 2 x Low priority.

Public Consultations (October 2021)

20.         Our opinion based on our audit work is the Council has SOUND controls in place to manage its risks and support achievement of its objectives in public consultations.

21.         Guidance has been developed for staff to undertake consultations. Equalities and Data Protection impact assessments are carried out where required.  Channels of communication are tailored to each consultation, depending on the subject matter, length, and scope.

22.         A forward plan is in place and allows for adequate planning arrangements, though many requests for consultations do not come via this route, meaning it can be difficult to accommodate all requests. Consultations undergo a scoping exercise during the initial planning phase, using a standardised scoping form, the aims and objectives, target audience/key users, actions, and consultation period to be decided.

23.         Following the end of the consultation period, the Communications team allows for time to analyse the results and start reporting the outcomes with the results published on the website.

·         Finding Summary: 1 x Medium priority, 1 x Low priority.



Audit Plan Progress: Beginning 2021/22

24.         The chart below shows current and expected progress through the engagements described in the 2021/22 Audit Plan:

Other work and overall progress

25.         Our work on overseeing, updating, and reporting on risk has continued during the year in line with the Risk Management Framework.  As well as the routine cycle of work we have now bought and began to build a risk management software package called JCAD.  Implementation of this software will allow us to further settle and develop risk management across the Council.  Audit, Governance & Standards Committee will receive a detailed report on the risk management framework in March 2022.

26.         We have also completed a major investigation into the circumstances surrounding mistaken publication of planning notices on 19 August this year. We reported this investigation result to Members at Swale Borough Council’s Overview & Scrutiny Committee on 21 October.

27.         The table below also summarises (up to mid-October) current days on audit plan progress, with forecast position later in the year.

Plan Area

Plan Days

Actual to mid-Oct-21

Forecast to Apr-22

Risk Based Audits

















28.         We will keep these forecasts and plans under review, especially watching the result of contracting and recruitment plans.

Agreed Actions Follow Up Results

29.         Our approach to agreed actions is that we follow up each as it falls due in line with the plan agreed with management when we finish our reporting.  We report progress on implementation to Corporate Leadership Team each quarter. This includes noting any matters of continuing concern and where we have revisited an assurance rating (typically after addressing key actions). In total, we summarise in the table below the current position on following up agreed actions:



High Priority

Medium Priority

Low Priority

Actions brought into 2021/22





New actions agreed in 2021/22





Total Actions Agreed





Fulfilled by 31 October 2021





Actions cfwd past 31 October 2021





Not Yet Due





Delayed but no extra risk





Delayed with risk exposure






Audit Quality and Improvement

Code of Ethics

30.         This Code applies specifically to internal auditors, though individuals within the team must comply with similar Codes for their own professional bodies. The Standards also direct auditors in the public sector to consider the Committee on Standards in Public Life’s Seven Principles of Public Life (the “Nolan Principles”).

31.         We have included the Code within our Audit Manual and training for some years.  We also have policies and guidance in place on certain specifics, such as managing and reporting conflicts of interest.

32.         We can report to Members we remain in conformance with the Code. 


33.         We achieve these results through the hard work and dedication of our team and the resilience that comes from working a shared service across four authorities.

34.         As a management team in Mid Kent Audit, we wish to send our public thanks to the team for their work through the year so far.

35.         We would also like to thank Managers, Officers and Members for their continued support as we complete our audit work during the year.