TO: GOVERNANCE AND AUDIT COMMITTEE
DATE: 23rdh June 2021
INTERNAL AUDIT ANNUAL ASSURANCE REPORT 2020/21
(Head of Audit and Risk Management)
1. PURPOSE OF REPORT
1.1 Under the Public Sector Internal Audit Standards, the Head of Audit is required to deliver an annual internal audit opinion. This is timed to inform review of the Annual Governance Statement (AGS).
2. RECOMMENDATION
2.1 The Governance and Audit Committee note the Head of Audit and Risk Management’s Annual Report setting out the Head of Internal Audit’s Opinion for 2020/21.
3. REASONS FOR RECOMMENDATION
3.1 To support assurances set out in the Annual Governance Statement and ensure compliance with the Public Sector Internal Audit Standards.
4. ALTERNATIVE OPTIONS CONSIDERED
4.1 The Committee could choose not to receive the Head of Audit and Risk Management’s Annual Report setting out the Head of Internal Audit’s Opinion but would then not be aware of the relevant assurances from Internal Audit supporting the Annual Governance Statement and would not be complying with the Public Sector Internal Audit Standards.
5. SUPPORTING INFORMATION
5.1 The Council is required under the Accounts and Audit (Amendment)(England) Regulations to “undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control”.
5.2 The Public Sector Internal Audit Standards applicable to local government require the Head of Internal Audit to provide a written report to those charged with governance timed to support the Annual Governance Statement. This report should include an overall opinion on the adequacy of the control environment, a summary of the work that supports the opinion and a statement on conformance with the Public Sector Internal Audit Standards (PSIAS).
5.3 The attached report sets out the Head of Internal Audit’s Opinion for 2020/21 summarising the results and conclusions of Internal Audit’s work for 2020/21 and a statement on compliance with PSIAS. No system of control can provide absolute assurance against material misstatement or loss, nor can Internal Audit give that assurance. This opinion can, therefore, only provide reasonable and not absolute assurance based on the work undertaken and areas audited.
6. ADVICE FROM STATUTORY OFFICERS
6.1 Director of Finance
There are no financial implications arising from this
report. The work of
Internal Audit is
key to providing assurance about the effectiveness of
the
Council’s
internal control environment.
6.2 Borough Solicitor
The report has helped inform the contents of the Annual Governance Statement prepared by the Borough Solicitor which is included as a separate item on the agenda
6.3 Equalities Impact Assessment
Not applicable.
6.4 Strategic Risk Management Issues
The Head of Internal Audit’s Annual Report provides her opinion on the control environment in place at the Council. Internal control is based upon an ongoing process designed to identify and prioritise risks and to evaluate the likelihood of those risks being realised and the impact should they arise. The system of internal control is designed to manage risk to a reasonable level rather than to eliminate risk of failure altogether.
7 CONSULTATION
7.1 Not applicable.
Contact for further information
Sally Hendrick – 01344 352092
Sally.hendrick@bracknell-forest.gov.uk
Doc. Ref
Accounts and Audit Regulations
Public Sector Internal Audit Standards
Sally Hendrick
Head of Audit and Risk Management
Sally.hendrick@bracknell-forest.gov.uk
01344 352092
The Council is required under the Accounts and Audit (Amendment) (England) Regulations to “undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control.”
The Public Sector Internal Audit Standards require the Head of Internal Audit to provide a written report to those charged with governance timed to support the Annual Governance Statement.
The Head of Internal Audit’s annual report
· Includes an opinion on the overall adequacy and effectiveness of the organisation’s control environment.
· Discloses any qualifications to that opinion together with the reasons for that qualification.
· Presents a summary of the audit work from which the opinion is derived, including reliance placed on work by other assurance bodies.
· Draws attention to any issues the Head of Internal Audit judges particularly relevant to the preparation of the Annual Governance Statement.
· Compares the work actually undertaken with the work that was planned and summarises the performance of the internal audit function against its performance measures and targets; and
· Comments on compliance with Public Sector Internal Audit Standards and communicates the results of the internal audit quality assurance programme.
The system of internal control is designed to manage risk to a reasonable level rather than to eliminate risk of failure altogether. No system of control can provide absolute assurance against material misstatement or loss, nor can Internal Audit give that assurance. This statement and opinion can, therefore, only provide reasonable and not absolute assurance. Internal control is based upon an ongoing process designed to identify and prioritise risks and to evaluate the likelihood of those risks being realised and the impact should they arise.
HEAD OF AUDIT AND RISK MANAGEMENT’S OPINION
Based on internal audit work undertaken, the Head of Audit and Risk management is able to conclude there are adequate arrangements in place at the Council for risk management and corporate governance.
The Head of Audit and Risk Management gave limited assurance on the control environment in 2018/19 and also in 2019/20 when it was acknowledged that the direction of travel was positive and if this was sustained, a more favourable opinion was anticipated for 2020/21. Since then additional progress has been made but inevitably due to the impact of COVID 19 the speed of improvement has slowed over the last 12 months. The Head of Audit and Risk Management is now able to give partial assurance on the internal control environment for 2020/21 acknowledging improvement made but with further action needed to secure an adequate control environment.
The Head of Audit and Risk Management’s Audit Opinion however must exclude schools as there is insufficient assurance available to be able to offer reasonable assurance. This limitation of scope has arisen because Internal Audit were unable to carry out audit work due to pressures in schools arising from COVID and difficulties for schools of having external parties on site. To avoid similar limitations in future the Head of Audit and Risk Management has piloted remote auditing at one school which has been largely successful although it has confirmed that some on site time cannot be avoided. We are currently re-scheduling the school audits that have been deferred from 2020/21.
|
|
%
CONFORMANCE WITH PUBLIC SECTOR INTERNAL AUDIT STANDARDS (PSIAS) |
Based on the independent external assessment undertaken in March 2016 and update of the internal assessment in May 2021 as set out in Section 6.1, the Head of Audit and Risk Management can confirm that Bracknell Forest internal audit conforms with PSIAS requirements. The Head of Audit and Risk Management can confirm organisational independence of internal audit activity and absence of impairment to objectivity or independence during 2020/21.
|
SUMMARY OF 2020/21 AUDIT OUTCOMES
2020/2120 ASSURANCE LEVELS |
NUMBER OF AUDITS |
|
2020/2120 ASSURANCE LEVELS |
NUMBER OF AUDITS |
Good |
4 |
|
Good |
6 |
Adequate |
15 |
|
Adequate |
28 |
Partial |
10 |
|
Partial |
9 |
Inadequate |
0 |
|
Inadequate |
1 |
No assurance |
0 |
|
No assurance |
0 |
Total for Audits with an Opinion |
29 |
|
Total for Audits with an Opinion |
44 |
Memos and reports with Major Recommendation and no Opinion |
4 |
|
Memos and reports with Major Recommendation and no Opinion |
6 |
Other Follow Up Memos/ Reports with no Opinion |
3 |
|
Other Follow Up Memos/ Reports with no Opinion |
9 |
Total Audits |
36 |
|
Total Audits |
59 |
Grant Certifications |
7 |
|
Grant Certifications |
4 |
Overall Total |
43 |
|
Overall Total |
63 |
As noted in 4.2, at the time of writing this report a further four 2020/21 were still in progress approaching completion and one report had been received for client-side review. The original planned number of reviews included in the Annual Internal Audit Plan for 2020/21 approved by the Governance and Audit Committee was 54 audits and 4 grant certifications.
DEFINITIONS FOR ASSURANCE OPINION LEVELS AND RECOMMENDATION PRIORITIES
Since 1st April 2019 we have been categorising our audit opinions according to our assessment of the controls in place and the level of compliance with these controls as follows:
|
Good - There is a sound system of internal control designed to achieve the objectives of the system/process and manage the risks to the achievement of objectives and this is being complied with. Recommendations will only be of low priority. |
|
Adequate - there is basically a sound system of control but there are some areas of minor weakness and/or some areas of non- compliance which put the system/process objectives at risk. Recommendations will only be low or moderate in priority. |
|
Partial - there are areas of weakness and/or non- compliance with control which put the system/process objectives at risk and undermine the system’s overall integrity. Recommendations may include major recommendations but could only include critical priority recommendations if mitigated by significant strengths elsewhere. |
|
Inadequate - controls are weak across a number areas of the control environment and/or not complied with putting the system/process objectives at significant risk. Recommendations will include major and/or critical recommendations |
|
None - There is no control framework in place and management is inadequate leaving the system open to risk of significant error or fraud. |
We now categorise our recommendations according to their level of priority as set out below:
|
Critical - Critical and urgent in that failure to address the risk could lead to factors such as significant financial loss, significant fraud, serious safeguarding breach, critical loss of service, critical information loss, failure of major projects, intense political or media scrutiny. Remedial action must be taken immediately. |
|
Major - failure to address issues identified by the audit could have significant impact such as high financial loss, safeguarding breach, significant disruption to services, major information loss, significant reputational damage or adverse scrutiny by external agencies. Remedial action to be taken urgently. |
|
Moderate - failure to address issues identified by the audit could lead to moderate risk factors materialising such as medium financial loss, fraud, short term disruption to non-core activities, scrutiny by internal committees, limited reputational damage from unfavourable media coverage. Prompt specific remedial should be taken. |
|
Low - failure to address issues identified by the audit could lead to low level risks materialising such as minor errors in system operations or processes, minor delays without impact on service or small financial loss. Remedial action is required. |
We formerly categorised our audit opinion according to the following:
|
Significant - there is a sound system of internal controls to meet the system objectives and manage risks and testing performed indicates that controls tested are consistently complied with |
|
Satisfactory - there is basically a sound system of internal controls to manage risk although there are some minor weaknesses in controls and/or there is evidence that the level of non-compliance may put some minor systems objectives at risk |
|
Limited - there are some weaknesses in the adequacy of the internal control system and management of risks which put the systems objectives at risk and/or the level of compliance or non-compliance puts some of the systems objectives at risk. |
|
No assurance - control is weak and management of risks is inadequate leaving the system open to significant error or abuse and/or there is significant non-compliance with basic controls. |
We previously categorised our recommendations according to their level of priority as per the following.
|
Priority 1- Fundamental weakness in the design of controls or consistent non-compliance with controls that puts the achievement of systems objectives at risk. |
|
Priority 2 - Weakness in the design of controls or inconsistency in compliance with controls puts the achievement of systems objectives at risk. |
|
Priority 3- Recommended best practice to improve overall control. |
4.1 Corporate Management Team Action to Address Significant Control Weaknesses
The Corporate Management Team is playing a key role in improving the Council’s control environment. The Director: Finance made presentations to the Senior Leadership Group and Managers’ Forum meetings to ensure the findings of the Head of Audit’s Annual Report were widely understood and being acted upon.
A number of specific actions were also agreed to address identified areas of internal control weakness and bolster the resilience of Internal Audit arrangements including:
· Regular monitoring of internal audit reports with critical and major recommendations at directorate management team meetings.
· Regular inclusion of Internal Audit progress updates on Departmental Management Team meeting agendas
· A working group to review actions already taken and identify other approaches that could help address continuing weaknesses in the area of expenses and purchase cards which subsequently led to adequate audit opinions when these were re-audited in 2020/21, and.
· Agreement to develop an in-house Internal Audit team to reduce dependence on contractors. Two senior auditors have now been appointed and will be joining the council in the summer.
4.2 Delivery of the Internal Audit Plan 2020/21
The resources available for internal audit are finite and not all areas can be covered every year. Therefore, internal audit resources are allocated using a risk-based approach. The Internal Audit Plan for 2020/21 was considered and approved by the Governance and Audit Committee on 25th March 2020. The delivery of the individual audits in the Internal Audit Plan for 2020/21 was undertaken by Wokingham Borough Council’s Internal Audit teams under an agreement under S113 of the Local Government Act 1972, TIAA Ltd who carried out all IT and the core financial systems audits and a temporary senior auditor who joined the Council in July 2020.
Some alterations were made to the original plan during the year in response to information gained during the year including audits arising from COVID such certification of COVID grants and some audits were deferred to 2021/22 due to COVID. These are clearly shown in Appendix 1.
At the time of writing this report, 30 audits were finalised, 7 grant reviews were completed/certified, 6 audit reports were issued in draft, one report was in draft for client-side for review and 4 were work in progress.
4.3 Significant Control Weaknesses
In forming her annual opinion, the Head of Audit and Risk Management is required to comment on the adequacy of the internal control environment, which includes consideration of risk or governance issues and control weaknesses identified. The table below summarises the findings on the audits where significant issues were found during 2020/21:
|
2020/21 AUDITS IDENTIFYING SIGNIFICANT ISSUES |
RATING |
COUNCIL WIDE |
||
· Debt Management |
Debt management was also Partial and Limited assurance in 2019/20 and 2018/19 respectively. The latest audit identified that the level of debt had increased. Service areas are still largely responsible for pursuing debts and the pressure on service areas due to COVID reduced their capacity for debt management during 2020/21. This, together with central capacity for credit control to support service areas reducing due to restructure and difficulties with recruiting for a new credit control officer, has resulted in slippage against the progress made in 2019/20. Limited steps have been taken to implement the key management actions agreed in the last audit report around raising the profile of and engagement with credit control and improving the transparency of debt reporting.
|
PARTIAL |
· Management of Essential Car User Allowances and Mileage |
A major recommendation was raised to review policy and arrangements for essential car users post COVID. |
PARTIAL |
DELIVERY |
||
· Public Protection Partnership |
One major recommendation was raised concerning controls in the Licencing service. Audit has been advised that this will be addressed as part of a review of the PPP service in 2021/22 together with the introduction of a single system across all participating authorities. In the short term random spot checks will be carried out.
|
PARTIAL |
· Management of Commercial Properties
|
A major recommendation was raised on accuracy of billing of rents for the non-investment properties. Property have met with Finance to agree the process moving forward. In addition, Property are introducing quarterly checks to confirm that changes to rents have been accurately updated on the financial accounting system.
|
PARTIAL |
· Reactive Maintenance |
Two major recommendations were raised on the accuracy of performance information provided by the contractor and the need to review the performance targets. The Property team are in discussion with the contractor and the Procurement team to identify an appropriate solution.
|
PARTIAL |
· Cyber |
Three major recommendations were raised and ICT have advised that arrangements have now been put in place to implement the agreed management actions.
|
PARTIAL |
FINANCE |
|
|
· Agresso IT System Follow Up
|
Two major recommendations were raised relating to the absence of a Data Protection Impact Assessment (DPIA) and the need to review the support agreement once the system is moved to the Cloud. Progress has since been made to draft the DPIA and migration to the Cloud is progressing.
|
FOLLOW UP HENCE NO OPINION BUT MAJOR RECOMMENDATIONS RAISED |
· Creditors
|
Two major recommendations have been raised. The first is in respect of the level of transactions with supporting purchase orders which has declined and is now significantly below target. The second was to ensure compliance with controls over changes to key supplier details.
|
PARTIAL |
· Business Rates
· Council Tax and council tax |
Five major recommendations were raised relating to the lack of documented policy and procedures for Busines Rates, absence of segregation of duties between the administration and operation of the Northgate system used and reiteration of previous recommendations on approval of write offs, approval of refunds and inspection of empty properties.. Three major recommendations were raised relating to the lack of documented policy and procedures for Council Tax, absence of segregation of duties between the administration and operation of the Northgate system used and reiteration of the previous recommendation on approval of write offs.
The above two audits of services provided in Revenues were carried out remotely during the Covid-19 pandemic during a time of significant disruption to the Revenues service as a result of the loss of a key member of staff, sickness within the team and the requirement to issue Covid related business grants at pace. As a result of these pressures, some tightening in controls that had been addressed since the previous audit had lapsed and hence recommendations have now been reiterated.
|
BOTH PARTIAL
|
PEOPLE |
||
· Domiciliary Care Follow up |
The audit established that there is still no means under the current Framework to provide assurance to management on the hours delivered. This facility was removed with the introduction of the current Framework, however, with the re-letting of the contract in 2021, there is the opportunity to reintroduce robust requirements and practices that will provide management with the ability to effectively monitor that the hours paid are those delivered.
|
FOLLOW UP HENCE NO OPINION BUT MAJOR RECOMMENDATION STILL OUTSTANDING |
· Breakthrough |
One major recommendation was relating to administration and stages being missed from the Customer Journey, with key objectives of the service inconsistently applied.
|
PARTIAL |
In addition, Internal Audit raised major recommendations without an opinion in respect of two gap analysis reviews carried out on the following areas:
· Data Maturity. Effective governance and management of ‘Data’ can create significant and valuable information for use by organisations and a review was requested by senior managers to help identify areas for focus moving forward; and
· The IT system for the Emergency Duty Service where gap analysis was undertaken to identify lessons to be learned for the new system which is being implemented.
4.4 Follow up of Previous Limited Assurance Opinions
The Internal Audit procedure is for areas with major or critical recommendations to be re-audited in the following year. The table below provides an update on the audit position on these audits. The impact of COVID has limited progress in some cases as well as delaying some re-audits:
AUDITS WHERE SIGNIFICANT ISSUES HAVE BEEN IDENTIFIED IN PREVIOUS YEARS |
CURRENT AUDIT POSITION |
COUNCIL WIDE |
|
· Officers Expenses |
Re-audited in quarter 2 and adequate assurance was concluded. |
· Debt Management
|
Re-audited in quarter 4 and a partial assurance was concluded. See 4.3. |
· Purchase Cards
|
Re-audited in quarter 2 and adequate assurance was concluded. |
PEOPLE |
|
· Forestcare (Follow Up Memo. 2019/20 Also limited in 2017/18) |
Forestcare will be re-audited in quarter 2 of 2021/22. An update on the debt management recommendations in the last memo was obtained to inform the debt management audit. This established that there are continuing issues with processing of terminations and pursuing debt and that a long term sustainable solution has yet to be put in place.
|
· Adult Social Care Pathway (Qtr 4 2017/18 Audit)
|
An update was obtained from management on actions to address the significant weakness and it was concluded that progress had been made but further action is needed to address the key issue found at the 2018/19 audit. See 4.3.
|
· Loans for Housing Rents and Deposits
|
An update was obtained from management which indicates that due to COVID there is an outstanding major recommendation to review the debt to identify those debts that are recoverable and pursue these.
|
· Adults Residential Care
|
This was followed up in quarter 4 and the audit concluded that good progress had been made on the three priority 1 recommendations raised in 2018/19 albeit with a small amount of work to ensure these were fully implemented.
|
· Public Health
|
An update was obtained from management on actions to address the significant weakness. It was concluded that limited progress had been made to address the key issue found at the 2018/19 audit around utilising unspent reserves as these had not been utilised during 2020/21 due to additional central government funding received during the pandemic.
|
· Domiciliary Care
|
This was followed up in quarter 4. Action has been taken to address one of the priority 1 recommendations in 2018/19 raised in. One priority 1 recommendation from 2018/19 is outstanding and hence a major recommendation has been raised. See 4.3
|
· Disabled Facilities Grants |
This area is due to be re-audited in quarter 3 of 2021/22.
|
DELIVERY |
|
· Car Parks |
An audit of car parks under the new contract was undertaken in quarter 3 and an adequate assurance opinion was given.
|
· Cyber Security (Also Limited Assurance in 2017/18) |
Cyber security was re-audited in quarter 3 and a partial assurance opinion was given. See 4.3
|
· ICT Continuity Management |
An update was obtained from management on actions to address the significant weaknesses. This identified that the critical recommendation had been implemented and the major recommendations are still in progress
|
FINANCE |
|
· Business Rates (Also Limited Assurance in 2017/18)
|
An audit was undertaken in quarter 3 and a partial assurance opinion was given. See 4.3. |
· Council Tax (Also Limited Assurance in 2017/18)
|
An audit was undertaken in quarter 3 and a partial assurance opinion was given. See 4.3. |
PLACE, PLANNING AND REGENERATION/FINANCE |
|
· Ringway Street Lighting
|
An update was obtained from management on actions to address the weaknesses found in 2019/20 and we have been addressed that these have all been addressed. This area is due to be re-audited in quarter 3 of 2021/22.
|
SCHOOL GOVERNING BODIES |
|
· School A (Limited Assurance in 2017/18 and Partial Assurance in 2018/19)
|
We have been unable to proceed with this audit due to the restrictions on working and access arising from COVID-19 but the school has advised that they have implemented the recommendations.
|
· School B (Partial assurance in 2019/20) |
We have been unable to proceed with this audit due to the restrictions on working and access arising from COVID-19 but the school has advised that they have implemented the recommendations. |
· School C ((Partial assurance in 2019/20) |
We have been unable to proceed with this audit due to the restrictions on working and access arising from COVID-19.
|
· School D (Partial assurance in 2019/20) |
We have been unable to proceed with this audit due to the restrictions on working and access arising from COVID-19.
|
· School E (Partial assurance in 2018/19) |
We have been unable to proceed with this audit due to the restrictions on working and access arising from COVID-19.
|
4.5 Follow up of Audit Recommendations
A follow up exercise was carried out in May 2021 on audits where an adequate opinion had been issued in 2019/20 and 2020/21 as well as follow up of some areas with major recommendations where an audit could not be undertaken due to COVID 19. This was based on management feedback on the status of recommendations and the outcome is set out in Appendix 2. This identified that for 2019/20 audits, 87 out of 135 (69%) of recommendations had been implemented. For 2020/21 audits, the May update established that 11 out of 14 (79%) had been implemented.
5.1 Compliance with Public Sector Internal Audit Standards
The Public Sector Internal Audit Standards (PSIAS) came into effect on 1 April 2013. These standards provide a consistent framework for all internal audit services in the public sector across the UK. There is a requirement in the Standards for the Head of Audit and Risk Management to report on conformance with the PSIAS in her annual report based on the outcome of internal and external assessment of compliance. PSIAS Standard 1312 states that “External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organisation…”
The external assessment of Bracknell Forest Council’s internal audit services was carried out in March 2016 when the conclusion was that internal audit at Bracknell Forest Council generally conforms with the Public Sector Internal Audit Standards with a high level of compliance. The next external assessment is now overdue as this should have been completed in March 2021. Major changes are being made to the delivery model for internal audit with the historic model of outsourcing delivery of individual audits being replaced by the creation of an in-house team from July 2021. Any external assessment completed in 2020/21 would already be out of date and would have had to be repeated once the new arrangements adding significant additional cost. Therefore, the external assessment has been deferred and will now be undertaken in the last quarter of 2021/22 once the new delivery model has bedded in.
In lieu of this, an internal assessment was carried out by the by the Head of Audit and Risk Management in May 2021 which confirmed the Council’s continuing compliance with PSIAS during 2020/21.
5.2 Summary of Internal Audit Performance
|
Client Questionnaires |
Draft Report Produced within 15 Days of Exit meeting |
|
|
Received |
Satisfactory |
|
2020/21 |
9 |
89% |
60% |
2019/20 |
24 |
92% |
39% |
5.3 Feedback from Client Quality Questionnaires
From the limited number of client questionnaires returned for 2020/21, the level of satisfaction was generally positive with only one auditee saying their audits was not satisfactory. In one case the auditees gave an unsatisfactory assessment due to significant delays during the audit. This has been raised with the contractor who is investigating this with the auditor who will not be working on any further Bracknell Forest audits.
5.4 Performance Against Key Indicator
In accordance with Public Sector Internal audit Standards the Head of Audit and Risk Management is required to consider the outcome of the external inspections and assessments to inform the development and ongoing review of the Internal Audit Plan for the current and future years and assess if there are any issues relating to the control environment which need to be taken into account in drawing up the annual Head of Internal Audit Opinion. The findings of the various assessments considered when finalising the Head of Internal Audit Opinion for 2020/21 are as follows:
· Information Commissioner Consensual Inspection May 2020. Concluded reasonable assurance as set out in Section 8.
· School Financial Value Standard. The schools financial value standard (SFVS) is a mandatory requirement for local authority (LA) maintained schools in managing their finances and to give assurance that they have secure financial management in place. Schools are required to complete the checklist every year and arrange for this to be signed by the Chair of Governors. The COVID 19 lockdown presented a significant challenge to schools however, Education Finance were able to confirm that all schools have now submitted this.
· External Auditors’ Annual Audit Letter 2019/20. The Annual Audit Letter from the external auditors would generally inform the annual Head of internal Audit Opinion. However, at the time of writing this report, EY have still to produce their Letter for 2019/20 due to delays in the audit of the Berkshire Pension Fund account by Deloitte.
The Strategic Risk Register was reviewed four times by the Strategic Risk Management Group (SRMG) and the Corporate Management Team and three times by the Governance and Audit Committee in 2020/21. Deep dives on individual risks now take place at the Governance and Audit Committee and to date these have been completed on the cyber, business continuity, finance, staffing risks, adult social care supply risks and Covid risks.
In addition to frequent and at some points daily risk management monitoring of COVID-19 by the Corporate Management Team, an overarching risk was developed to highlight the issues arising from COVID-19 and the actions being taken to respond and mitigate this. This was regularly reviewed, updated by the Corporate Management Team and incorporated into Strategic Risk Register. In addition, a separate exercise was undertaken to identify Brexit risks.
There is a process for recording and monitoring significant operational risks through directorate risk registers that are reviewed on a quarterly basis and these are used to inform the Strategic Risk Register. During quarter 4, the newly formed Chief Executive’s Office developed their risk register. Project managers are also required to maintain separate risk registers for all major projects and programmes.
During 2019/20, a review of the Council’s business continuity arrangements was undertaken by external consultants as part of a wider review of arrangements across the authorities in the shared service for Emergency Planning hosted by West Berkshire Council. Following this, Business continuity leads were identified across the Council and a programme of actions for improvements were identified which are currently being implemented. This has been significantly delayed during 2020/21 as resources have been diverted due to COVID-19. The programme of updating business continuity plans has resumed and is progressing.
During 2020/21, the Annual Governance Statement was produced by Legal Services and an action plan to address governance weaknesses was developed.
A consensual inspection by the Information Commissioner took place at the end of May 2020 providing a valuable independent view of the Council’s arrangements. Audits are conducted following the Information Commissioner’s data protection audit methodology. The key elements of such inspections are review of selected policies and procedures, interviews with selected staff and an inspection of selected records. The conclusion of the inspection was that the Information Commissioner was able to give a reasonable level of assurance that processes and procedures are in place and are delivering data protection compliance for governance and accountability, information security and Freedom of Information arrangements. The inspection identified some scope for improvement in existing arrangements to reduce the risk of non-compliance with data protection legislation and an action plan was
A number of internal audit reviews carried out under the 2020/21 Audit Plan included elements of governance such as officers’ expenses, data maturity gap analysis and security camera controls.
9.1 National Fraud Initiative (NFI)
The NFI is a biennial data matching exercise first introduced in 1996 and conducted by the Cabinet Office to assist in the prevention and detection of fraud and error in public bodies. The last main submission was in 2019 with matches returned in 2020 and the outcome of the exercise reported in the Head of Audit and Risk Management’s Annual Report for 2019/20. During 2020/21 the Council was required to submit data for matching on Small Business Grant Fund, Retail, Hospitality and Leisure Grant Fund and the Local Authority Discretionary Fund. Matches for investigation are yet to be released to us.
9.2 Benefits Investigations
On 1st December 2014, the Council's Benefit Fraud Investigation Officers transferred to the Single Fraud Investigation Service (SFIS) within the Department for Work and Pensions (DWP) as part of the national government programme of centralising the investigation of welfare benefit fraud. The Welfare Service passes cases of overpayments in excess of £3k and cases where fraud is suspected to SFIS for investigation. Members of the public are directed to contact the DWP directly where fraud is suspected and so SFIS refers further fraud information requests where fraud has been reported from another source. During the period 1 April 2020 to 31 March 2021 there were 19 referrals to SFIS however in response to the Covid-19 crisis and redeployment of their staff, the DWP suspended all Compliance and Investigation activity. Although Compliance activity has since resumed from January 2021, we have not been notified of any outcomes relating to these cases. During the financial year 2019/20, 59 cases were referred, and the Welfare Service have been notified of 1 administrative penalty by SFIS.
From 1st April 2014, if a claimant is notified that they have been overpaid Housing Benefit by £250 or more, which must have occurred wholly after 1st October 2012, Bracknell Forest Borough Council has been able to impose a set Civil Penalty of £50. The £50 Civil Penalty applies if benefit is overpaid because the claimant negligently gave incorrect information and didn’t take reasonable steps to correct their mistake or failed to tell the Council about a change or failed to give them information without a reasonable excuse. Between 1 April 2020 and 31 March 2021, the service has not applied any Civil Penalties or Council Tax Penalties.
Since January 2018 the DWP no longer issue mandatory referrals for Real Time Information (RTI) system for Housing Benefit to detect undeclared income. This has been replaced by the Verify Earnings and Pensions (VEP) Alerts service which provides local authorities with the capability to prevent fraud and error arising through real time identification of changes in income. The service provides Alerts to users to prompt them to access the service when there is a change in the claimants or partner’s employment or pension. The DWP commenced the roll out to Local Authorities from May 2018 with Bracknell Forest Council using the service from October 2018. Between 1 April 2020 and 31 March 2021, 544 changes of circumstances to Housing Benefit were recorded as actioned due to VEP of which approximately 51.7% resulted in a decrease to Housing Benefit, and approximately 33.6% resulted in an increase to Housing Benefit.
9.3 Housing wait list
During 2020/21, a business case was agreed to pilot additional funding for counter fraud investigation. The implementation of this was delayed due to COVID which placed limitations on fraud investigation. However, some of this funding has been used to carry out a proactive review of the housing waiting list by Oxford City Council Fraud Team to identify fraudulent applications. Matches have now been received and will now be investigated by Housing and Welfare with some support from Oxford’s team.
9.4 Potential Irregularities
During 2020/21 a number of potential irregularities were detected. In the autumn the Council was the target of a bank mandate fraud. Steps were taken to seek recovery from the bank and review procedures to tighten controls.
In addition, a small number of bogus payments were made under the Government’s Track and Trace Scheme. Action was subsequently taken to seek recovery from the individuals concerned and a report was made to Action Fraud.
9.5 Counter Fraud Policies
The Anti Money Laundering Policy was updated in quarter 4 and approved by the Governance and Audit Committee in March 2021.
APPENDIX 1
2019/20 AUDITS
* Draft report produced within 15 working days of exit meeting to discuss audit findings
AUDIT |
Start Date |
Date of Draft Report |
*Key Indicator Met |
Assurance Level |
Recommendation Priority |
Status |
||||||
|
|
|
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
Fostering |
2/3/20 |
23/6/20 |
Yes |
|
P |
|
|
|
|
2 |
1 |
Finalised |
2020/21 AUDITS
1.GOVERNANCE
AUDIT |
Start Date |
Date of Draft Report |
Key Indicator Met* |
Assurance Level |
Recommendation Priority |
Status |
||||||
|
|
|
|
Good |
Adequate |
Partial |
inadequate |
Critical |
Major |
Moderate |
Low |
|
Officer Expenses (Ltd 2018/19 and 2019/20) |
13/7/20 |
17/9/20 |
Yes |
|
P |
|
|
|
|
4 |
2 |
Finalised |
Safeguarding governance arrangements |
|
|
|
|
|
|
|
|
|
|
|
Audit cancelled |
Security camera controls including assignment of responsibility and consistency of and compliance with specification requirements |
21/2/21 |
|
|
|
|
|
|
|
|
|
|
Work in progress |
Business Continuity |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 2021/22 |
Grant Assurance Reviews (additional work) Business Rates Grants-Covid 19 –Small business and retail, hospitality and leisure Additional audit |
June 2020 |
10/7/20 |
N/A |
N/A assurance memo with no opinion given |
|
|
2 |
6 |
Finalised |
|||
Business Rates Grants-Covid 19 –Discretionary grants Additional audit |
September 2020 |
23/3/21 |
N/A |
N/A assurance memo on grant with no opinion given |
|
1 |
3 |
|
Finalised |
|||
Grant Certifications Bus Service Operator |
24/9/20 |
24/9/20 |
N/A |
N/A grant certification |
|
|
|
|
Certified |
|||
Integrated Transport Block Allocation |
7/9/20 |
24/9/20 |
N/A |
N/A grant certification |
|
|
|
|
Certified |
|||
Troubled Families- September submission |
21/9/20 |
25/9/20 |
N/A |
N/A assurance memo with no opinion given |
|
|
|
|
Certified |
|||
Troubled Families- March 2021 submission Additional audit |
23/3/21 |
25/3/21 |
N/A |
N/A assurance memo with no opinion given |
|
|
|
|
Certified |
|||
Track and Trace Grants Additional audit |
|
|
|
|
|
|
|
|
Quarter 2 of 2021/22t |
|||
Home to School Transport COVID support grant Additional audit |
24/3/21 |
24/3/21 |
N/A |
N/A assurance memo with no opinion given |
|
|
|
|
Certified |
|||
Emergency Active fund Additional audit |
|
|
|
|
|
|
|
|
Quarter 2 of 2021/22t |
|||
Travel demand Management Additional audit |
|
|
|
|
|
|
|
|
Quarter 2 of 2021/22 |
2. COUNCIL WIDE
AUDIT |
Start Date |
Date of Draft Report |
Key Indicator Met* |
Assurance Level |
Recommendation Priority |
Status |
||||||
|
|
|
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
Income targets/projects/digital analysis/assessment of statutory responsibilities supporting the budget setting process |
|
|
|
|
|
|
|
|
|
|
|
Audit cancelled |
Purchase Cards (Ltd 2018/19 and 2019/20) |
13/7/20 |
|
No |
|
P |
|
|
|
|
2 |
|
Finalised |
Debt management |
12/4/21 |
8/6/21 |
Yes |
|
|
P |
|
|
3 |
4 |
|
Draft issued |
Management of Mileage and Essential Car User |
15/8/20 |
28/9/20 |
Yes |
|
|
P |
|
|
1 |
3 |
1 |
Finalised |
Additional staff payments advisory review – honorariums, retention payments, market premiums, pay protections |
|
|
|
|
|
|
|
|
|
|
|
Audit cancelled |
3. CORE FINANCIAL SYSTEMS
AUDIT |
Start Date |
Date of Draft Report |
Key Indicator Met* |
Assurance Level |
Recommendation Priority |
Status |
||||||
|
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
||
Main Accounting and Reconciliations |
21/9/20 |
24/10/20 |
Yes |
P |
P |
|
|
|
|
2 |
1 |
Finalised |
Cash Management |
|
|
|
|
|
|
|
|
|
|
|
Cancelled |
Council Tax |
14/10/20 |
1/3/21 |
No |
|
|
P |
|
|
3 |
4 |
|
Draft issued |
Business Rates |
14/10/20 |
1/3/21 |
No |
|
|
P |
|
|
5 |
5 |
1 |
Draft issued |
Creditors |
12/4/21 |
8/6/21 |
No |
|
|
P |
|
|
2 |
3 |
2 |
Draft issued |
Housing Benefit and Council Tax Reduction |
16/11/20 |
14/4/21 |
No |
P |
|
|
|
|
|
|
1 |
Finalised |
4. IT AUDIT
Start Date |
Date of Draft Report |
Key Indicator Me* |
Assurance Level |
|
|
|
|
Status |
||||
|
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
||
Cyber liability |
17/11/21 |
4/2/21 |
Yes |
|
|
P |
|
|
3 |
4 |
1 |
Finalised |
Data Maturity Assessment |
1/9/20 |
17/11/20 |
Yes |
N/A- No opinion given. Assessment based on review of maturity across key data governance criteria |
Finalised |
|||||||
Digital Strategy and ICT Strategic Planning |
1/11/20 |
18/1/21 |
Yes |
P |
|
|
|
|
|
|
7 |
Finalised |
Emergency Duty Service System including telephony advisory review |
24/11/20 |
4/2/21 |
Yes |
N/A– no opinion given. Gap analysis on current system to inform the implementation of the new system me |
|
5 |
3 |
|
Finalised |
|||
One System- Education |
7/12/20 |
2/3/21 |
Yes |
|
P |
|
|
|
|
7 |
3 |
Finalised |
Uniform System |
25/6/20 |
4/8/20 |
Yes |
P |
|
|
|
|
|
|
1 |
Finalised |
Forestcare IT systems including telephony |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 2021/22 |
Agresso (Follow up- partial assurance 2019/20) |
28/8/20 |
21/12/20 |
No |
N/A- follow up audit with no assurance opinion |
|
2 |
2 |
|
Finalised |
5. PLACE, PLANNING, AND REGENERATION
AUDIT |
Start Date |
Date of Draft Report |
Key Indicator met |
Assurance Level |
Recommendation priority |
Status |
||||||
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
|||
Spending processes and controls in parks and countryside- advisory review |
|
|
|
|
|
|
|
|
|
|
|
Audit cancelled |
SANG – general compliance audit |
24/8/20 |
6/11/20 |
Yes |
|
P |
|
|
|
|
4 |
1 |
Finalised |
SANG- advisory audit |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 21/22 |
S106 – Use of the monies in compliance with development in the relevant geographic area |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 21/22 |
ORGANISATIONAL DEVELOPMENT, TRANSFORMATION AND HUMAN RESOURCES
AUDIT |
Start Date |
Date of Draft Report |
Key Indicator met* |
Assurance Level |
Recommendation Priority |
Status |
||||||
|
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
||
Staffing Establishment |
7/12/20 |
1/4/20 |
No |
|
P |
|
|
|
|
3 |
|
Finalised |
7. DELIVERY
AUDIT |
Start Date |
Date of Draft Report |
Key Indicator met* |
Assurance level |
Recommendation Priority |
Status |
||||||
|
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
||
Health and Safety |
1/9/20 |
23/4/21 |
No |
|
P |
|
|
|
|
5 |
|
Finalised |
Management of Commercial Property |
28/7/20 |
15/12/20 |
Yes |
|
|
P |
|
|
1 |
4 |
|
Finalised |
Reactive Maintenance Contracts |
17/11/20 |
8/2/21 |
Yes |
|
|
P |
|
|
2 |
1 |
|
Finalised |
Cemetery and Crematorium |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 21/22 |
Public Protection Partnership |
1/9/20 |
19/2/21 |
No |
|
|
P |
|
|
1 |
6 |
3 |
Finalised |
Car Parks |
1/10/20 |
18/1/21 |
No |
|
P |
|
|
|
|
2 |
2 |
Finalised |
COVID Support for Everyone Active – Additional Audit |
|
|
|
|
|
|
|
|
|
|
|
Work in progress |
8. PEOPLE
|
Start Date |
Date of Draft Report |
Key Indicator Met* |
Assurance levels |
Recommendation Priority |
Status |
||||||
|
|
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
|
||
Transport in CTPLD- advisory review |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 2021/22 |
Equipment Spend |
1/9/20 |
31/1/21 |
Yes |
N/A – advisory review with no opinion |
|
|
3 |
|
Finalised |
|||
Direct payments- approval of plans and changes, identifying and following up potential frauds- advisory piece |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 2021/22 |
Continuing Health Care |
17/3/21 |
|
|
|
|
|
|
|
|
|
|
Work in progress |
Breakthrough |
15/6/20 |
25/8/20 |
Yes |
|
|
P |
|
|
1 |
3 |
3 |
Finalised |
Transition from children to adult social care |
|
|
|
|
|
|
|
|
|
|
|
Cancelled |
Foster Panel Processes- advisory audit |
October 2020 |
December 2020 |
Yes |
N/A- advisory audit with memo and no audit assurance opinion |
|
|
|
1 |
Finalised |
|||
Foster Panels- compliance audit |
12/4/21 |
|
|
|
|
|
|
|
|
|
|
Work in progress |
Parenting assessments under FSM |
11/1/21 |
|
No |
|
|
|
|
|
|
|
|
Report drafted for Client-side review |
Strategy Meetings |
19/4/21 |
25/3/21 |
Yes |
|
P |
|
|
|
|
1 |
5 |
Draft issued |
Deferred payments |
4/8/20 |
3/10/20 |
Yes |
|
P |
|
|
|
|
4 |
1 |
Finalised |
Domiciliary care follow up |
10/8/20 |
8/4/21 |
No |
N/A- follow up audit with no assurance opinion |
|
1 |
2 |
|
Finalised |
|||
Adult residential care follow up |
10/8/20 |
30/3/21 |
No |
N/A- follow up audit with no assurance opinion |
|
|
5 |
|
Finalised |
|||
Access to Services- Children’s Placements |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 2021/22 |
DAAT- inspection outcome implementation of actions coming out of the inspection |
4/8/20 |
28/8/20 |
Yes |
|
P |
|
|
|
|
1 |
1 |
Finalised |
Glenfield- mental health supported living |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 2021/22 |
Emergency Duty Service |
24/11/20 |
5/3/21 |
No |
|
P |
|
|
|
|
3 |
|
Finalised |
Housing Management |
15/12/20 |
1/3/21 |
Yes |
|
P |
|
|
|
|
3 |
1 |
Finalised |
Housing and welfare fraud touchpoints |
|
|
|
|
|
|
|
|
|
|
|
Audit cancelled |
Disabled Facilities Grants- revised to compliance audit to be carried out following external review by consultant |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 2021/22 |
COVID support for Social Care Providers- Additional audit |
1/2/21
|
19/3/21 |
Yes |
P |
|
|
|
|
|
|
1 |
Finalised |
9. SCHOOLS
AUDIT
|
Start Date |
Date of Draft Report |
Key Indicator Met |
Good |
Adequate |
Partial |
Inadequate |
Critical |
Major |
Moderate |
Low |
Status |
|
|
|
|
|
|
|
|
|
|
|
|
|
REMOTE AUDITING BEING PILOT AT ONE SCHOOL |
22/2/21 |
26/5/21 |
No |
|
P |
|
|
|
|
4 |
3 |
Draft issued |
FOUR FOLLOW UP AUDITS FOR SCHOOLS WITH PARTIAL OPINION IN 19/20 |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 21/22 |
TWO RE-AUDITS FOR SCHOOLS WITH PARTIAL OPINION IN 18/19 |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 21/22 |
SIX SCHOOL AUDITS FOR SCHOOLS DUE ON ROTATION |
|
|
|
|
|
|
|
|
|
|
|
Deferred to 21/22 |
APPENDIX 2
FOLLOW UP OF AUDITS WITH A SATISFACTORY/ADEQUATE OPINION
AUDIT |
Critical |
Major |
Mod |
Low |
Outcome |
COUNCIL WIDE Absence Management –joint audit (Ltd 2018/19) |
0 |
0 |
8 |
0 |
3 medium recommendations implemented, 5 medium recommendations in progress (recs 1,2,3,7,8) |
Procurement (Adequate) |
0 |
1 |
5 |
1 |
All recommendations implemented. |
Revenue Budgeting/Transformation savings |
0 |
0 |
3 |
1 |
1 implemented (rec 2 - low), 1 no further action to be taken (rec 1 – medium 2), 2 still in progress (recs 3,4 – both medium) |
PLACE PLANNING AND REGENERATION Ringway contract – street lighting (Partial) |
0 |
1 |
1 |
1 |
All recommendations implemented. |
Public transport |
0 |
0 |
5 |
2 |
2 moderate and I low recommendations still ongoing – new Bus Strategy drafted following transformation review but on hold until effects of the Coronavirus pandemic on future bus use clearer. Also need to take into account new Government produced national bus strategy - Bus Back Better |
DELIVERY Libraries including use of volunteers –joint audit |
0 |
0 |
5 |
0 |
All recommendations implemented. |
The Look Out |
0 |
0 |
3 |
1 |
All recommendations implemented. |
Electoral Registration |
0 |
0 |
0 |
4 |
All recommendations implemented. |
Registrars |
0 |
0 |
0 |
2 |
All recommendations implemented. |
PLACE PLANNING AND REGENERATION Waste Collection- management of Suez |
0 |
0 |
0 |
2 |
All recommendations implemented. |
Enterprise Programme (365 Project) Review |
0 |
0 |
0 |
4 |
Two of the recommendations have been implemented. One is ongoing and one has not yet been implemented.
|
Remote Access VPN Solution |
0 |
0 |
2 |
4 |
All recommendations implemented. |
ICT Continuity Management |
1 |
8 |
6 |
0 |
Critical recommendation 13 implemented. Major recommendations 1, 6, 14 not yet implemented Recommendation 12 (moderate) no further action to be taken and recommendation 7 implemented.
Remaining recommendations are ongoing. |
PEOPLE Hospital Discharge and Reablement |
0 |
0 |
4 |
2 |
Three moderate and one low priority recommendations implemented and the rest are ongoing
|
Blue Badges |
0 |
0 |
1 |
0 |
Not yet implemented |
Deprivation of Liberties |
0 |
0 |
3 |
1 |
All recommendations implemented |
Social Care Pathway (Ltd 2017/18) |
0 |
1 |
4 |
0 |
Update received on the major recommendation Parts a and b of rec 5 implemented. Part c, on overdue reviews “not achieved”. |
Direct payments Follow up (Ltd 2018/19) |
0 |
0 |
2 |
1 |
All recommendations implemented |
Fostering Reviews |
0 |
0 |
5 |
1 |
All recommendations implemented |
CSC Residential Contracts |
0 |
0 |
2 |
1 |
All recommendations implemented |
FSM Strategy Meetings |
0 |
0 |
3 |
1 |
2 implemented, 1 partially implemented, 1 not yet implemented |
Housing Rents and Deposits Re-Audit joint audit (Ltd 2018/19) |
0 |
1 |
5 |
0 |
Recommendations 1,2,5,6 implemented. Recommendations 3 and 4 ongoing. |
Nursery places |
0 |
0 |
2 |
1 |
Low priority implemented and two moderate recommendations are ongoing
|
Public Health Follow Up (Ltd 18/19) |
0 |
0 |
0 |
0 |
Priority 1 finding ongoing. Two priority 2 recommendations implemented. |
SEN |
0 |
0 |
2 |
0 |
All recommendations implemented. |
SCHOOLS School A (follow up -Ltd 2017/18 and 2018/19) |
0 |
3 |
5 |
0 |
All recommendations implemented. |
School C (due 2018/19 but deferred) |
0 |
2 |
8 |
1 |
All recommendations implemented. |
School D |
0 |
0 |
1 |
1 |
All recommendations implemented. |
TOTAL |
1 |
17 |
85 |
32 |
|
2020/21 AUDITS
AUDIT |
Critical |
Major |
Mod |
Low |
Outcome |
SANG |
0 |
0 |
4 |
1 |
3 implemented, 2 moderate recommendations partially implemented |
Deferred payments |
0 |
0 |
4 |
1 |
4 implemented, and 1 moderate recommendation ongoing |
DAAT |
0 |
0 |
1 |
1 |
All implemented |
Purchase cards |
0 |
0 |
2 |
0 |
All implemented |
TOTAL |
0 |
0 |
11 |
3 |
|