TO: GOVERNANCE AND AUDIT COMMITTEE
DATE: 22 JUNE 2022
INTERNAL AUDIT ANNUAL ASSURANCE REPORT 2021/22
(Head of Audit and Risk Management)
1. PURPOSE OF REPORT
1.1 Under the Public Sector Internal Audit Standards, the Head of Audit is required to deliver an annual internal audit opinion. This is timed to inform review of the Annual Governance Statement (AGS).
2. RECOMMENDATION
2.1 The Governance and Audit Committee note the Head of Audit and Risk Management’s Annual Report setting out the Head of Internal Audit’s Opinion for 2021/22.
2.2 The Governance and Audit Committee note the conclusion of the independent external assessment that the Internal Audit service is fully compliant with Public Sector Internal Audit Standards.
3. REASONS FOR RECOMMENDATION
3.1 To support assurances set out in the Annual Governance Statement and ensure compliance with the Public Sector Internal Audit Standards.
4. ALTERNATIVE OPTIONS CONSIDERED
4.1 The Committee could choose not to receive the Head of Audit and Risk Management’s Annual Report setting out the Head of Internal Audit’s Opinion but would then not be aware of the relevant assurances from Internal Audit supporting the Annual Governance Statement and would not be complying with the Public Sector Internal Audit Standards.
5. SUPPORTING INFORMATION
5.1 The Council is required under the Accounts and Audit (Amendment)(England) Regulations to “undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control”.
5.2 The Public Sector Internal Audit Standards applicable to local government require the Head of Internal Audit to provide a written report to those charged with governance timed to support the Annual Governance Statement. This report should include an overall opinion on the adequacy of the control environment, a summary of the work that supports the opinion and a statement on conformance with the Public Sector Internal Audit Standards (PSIAS).
5.3 The attached report sets out the Head of Internal Audit’s Opinion for 2021/22 summarising the results and conclusions of Internal Audit’s work for 2021/22 and a statement on compliance with PSIAS. No system of control can provide absolute assurance against material misstatement or loss, nor can Internal Audit give that assurance. This opinion can, therefore, only provide reasonable and not absolute assurance based on the work undertaken and areas audited.
5.4 In addition, a formal independent external assessment of compliance with mandatory Public Sector Internal Audit Standards has been completed as set out in appendix 3 which has concluded we are fully compliant.
6. ADVICE FROM STATUTORY OFFICERS
6.1 Director of Finance
There are no financial implications arising from this
report. The work of
Internal Audit is
key to providing assurance about the effectiveness of
the
Council’s
internal control environment.
6.2 Borough Solicitor
The report has helped inform the contents of the Annual Governance Statement prepared by the Borough Solicitor which is included as a separate item on the agenda
6.3 Equalities Impact Assessment
Not applicable.
6.4 Strategic Risk Management Issues
The Head of Internal Audit’s Annual Report provides her opinion on the control environment in place at the Council. Internal control is based upon an ongoing process designed to identify and prioritise risks and to evaluate the likelihood of those risks being realised and the impact should they arise. The system of internal control is designed to manage risk to a reasonable level rather than to eliminate risk of failure altogether.
7 CONSULTATION
7.1 Not applicable.
Contact for further information
Sally Hendrick – 01344 352092
Sally.hendrick@bracknell-forest.gov.uk
Doc. Ref
Accounts and Audit Regulations
Public Sector Internal Audit Standards
Sally Hendrick
Head of Audit and Risk Management
Sally.hendrick@bracknell-forest.gov.uk
01344 352092
The Council is required under the Accounts and Audit (Amendment) (England) Regulations to “undertake an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control.”
The Public Sector Internal Audit Standards require the Head of Internal Audit to provide a written report to those charged with governance timed to support the Annual Governance Statement.
The Head of Internal Audit’s annual report
· Includes an opinion on the overall adequacy and effectiveness of the organisation’s control environment.
· Discloses any qualifications to that opinion together with the reasons for that qualification.
· Presents a summary of the audit work from which the opinion is derived, including reliance placed on work by other assurance bodies.
· Draws attention to any issues the Head of Internal Audit judges particularly relevant to the preparation of the Annual Governance Statement.
· Compares the work actually undertaken with the work that was planned and summarises the performance of the internal audit function against its performance measures and targets; and
· Comments on compliance with Public Sector Internal Audit Standards and communicates the results of the internal audit quality assurance programme.
The system of internal control is designed to manage risk to a reasonable level rather than to eliminate risk of failure altogether. No system of control can provide absolute assurance against material misstatement or loss, nor can Internal Audit give that assurance. This statement and opinion can, therefore, only provide reasonable and not absolute assurance. Internal control is based upon an ongoing process designed to identify and prioritise risks and to evaluate the likelihood of those risks being realised and the impact should they arise.
|
HEAD OF AUDIT AND RISK MANAGEMENT’S OPINION
Based on internal audit work undertaken, the Head of Audit and Risk management is able to conclude there are adequate arrangements in place at the Council for risk management and corporate governance.
The Head of Audit and Risk Management gave limited assurance on the control environment in 2018/19 and 2019/20. The positive direction of travel was recognised in 2020/21 when a partial assurance opinion was given. This has been sustained over the last year and the Head of Audit and Risk Management is able to give a further partial assurance opinion on the internal control environment for 2021/22. Further action is needed to secure an adequate control environment and in particular to ensure moving forward that agreed management actions to address weaknesses are implemented to reduce the number of repeat adverse opinions on individual audits.
|
|
%
|
CONFORMANCE WITH PUBLIC SECTOR INTERNAL AUDIT STANDARDS (PSIAS) |
|
Based on the independent external assessment undertaken in March 2022 as set out in Section 5.1, the Head of Audit and Risk Management can confirm that Bracknell Forest internal audit fully conforms with PSIAS requirements. The Head of Audit and Risk Management can confirm organisational independence of internal audit activity and absence of impairment to objectivity or independence during 2021/22.
|
SUMMARY OF 2021/22 AUDIT OUTCOMES
|
2021/22 ASSURANCE LEVELS |
NUMBER OF AUDITS |
|
2020/21 ASSURANCE LEVELS |
NUMBER OF AUDITS |
|
Good |
2 |
|
Good |
4 |
|
Adequate |
17 |
|
Adequate |
15 |
|
Partial |
11 |
|
Partial |
10 |
|
Inadequate |
3 |
|
Inadequate |
0 |
|
No assurance |
0 |
|
No assurance |
0 |
|
Total for Audits with an Opinion |
33 |
|
Total for Audits with an Opinion |
29 |
|
Memos and reports with Major Recommendation and no Opinion |
8 |
|
Memos and reports with Major Recommendation and no Opinion |
4 |
|
Other Follow Up Memos/ Reports with no Opinion |
7 |
|
Other Follow Up Memos/ Reports with no Opinion |
3 |
|
Total Audits |
48 |
|
Total Audits |
36 |
|
Grant Certifications |
5 |
|
Grant Certifications |
7 |
|
Overall Total |
53 |
|
Overall Total |
43 |
As noted in 4.2, at the time of writing this report one audit 2021/22 was still in progress approaching completion and two reports had been received for client-side review.
DEFINITIONS FOR ASSURANCE OPINION LEVELS AND RECOMMENDATION PRIORITIES
Since 1st April 2019 we have been categorising our audit opinions according to our assessment of the controls in place and the level of compliance with these controls as follows:
|
|
Good - There is a sound system of internal control designed to achieve the objectives of the system/process and manage the risks to the achievement of objectives and this is being complied with. Recommendations will only be of low priority. |
|
|
Adequate - there is basically a sound system of control but there are some areas of minor weakness and/or some areas of non- compliance which put the system/process objectives at risk. Recommendations will only be low or moderate in priority. |
|
|
Partial - there are areas of weakness and/or non- compliance with control which put the system/process objectives at risk and undermine the system’s overall integrity. Recommendations may include major recommendations but could only include critical priority recommendations if mitigated by significant strengths elsewhere. |
|
|
Inadequate - controls are weak across a number areas of the control environment and/or not complied with putting the system/process objectives at significant risk. Recommendations will include major and/or critical recommendations |
|
|
None - There is no control framework in place and management is inadequate leaving the system open to risk of significant error or fraud. |
We now categorise our recommendations according to their level of priority as set out below:
|
|
Critical - Critical and urgent in that failure to address the risk could lead to factors such as significant financial loss, significant fraud, serious safeguarding breach, critical loss of service, critical information loss, failure of major projects, intense political or media scrutiny. Remedial action must be taken immediately. |
|
|
Major - failure to address issues identified by the audit could have significant impact such as high financial loss, safeguarding breach, significant disruption to services, major information loss, significant reputational damage or adverse scrutiny by external agencies. Remedial action to be taken urgently. |
|
|
Moderate - failure to address issues identified by the audit could lead to moderate risk factors materialising such as medium financial loss, fraud, short term disruption to non-core activities, scrutiny by internal committees, limited reputational damage from unfavourable media coverage. Prompt specific remedial should be taken. |
|
|
Low - failure to address issues identified by the audit could lead to low level risks materialising such as minor errors in system operations or processes, minor delays without impact on service or small financial loss. Remedial action is required. |
4.1 Corporate Management Team Action to Address Significant Control Weaknesses
The Corporate Management Team and Departmental Management Teams (DMTs) are playing a key role in improving the Council’s control environment. There is now regular monitoring of the Annual Internal Audit Plan and of internal audit reports with critical and major recommendations at DMTs. A recommendation tracker is currently being developed with the assistance of ICT to provide clearer management information on the status of actions to address significant weaknesses coming out of the audits.
4.2 Delivery of the Internal Audit Plan 2021/22
The resources available for internal audit are finite and not all areas can be covered every year. Therefore, internal audit resources are allocated using a risk-based approach. The Internal Audit Plan for 2021/22 was considered and approved by the Governance and Audit Committee on 24th March 2021. The delivery of the individual audits in the Internal Audit Plan for 2021/22 was primarily delivered by the new in-house Internal Audit team, around one third of the audits were undertaken by Wokingham Borough Council’s Internal Audit teams under an agreement under S113 of the Local Government Act 1972 and TIAA Ltd carried out all IT audits. There have been difficulties in recruiting permanent staff and hence the in-house team has been bolstered by the use of temporary senior auditors over the past 12 months.
Some alterations were made to the original plan during the year in response to information gained during the year including audits arising from COVID such certification of COVID grants and some audits were deferred to 2022/23 due to COVID and resource pressures. These are clearly shown in Appendix 1.
At the time of writing this report, 38 audits were finalised, 5 grants were certified, 10 audit reports were issued in draft, two reports were in draft for client-side review and 3 were work in progress.
4.3 Significant Control Weaknesses
In forming her annual opinion, the Head of Audit and Risk Management is required to comment on the adequacy of the internal control environment, which includes consideration of risk or governance issues and control weaknesses identified. The table below summarises the findings on the audits where significant issues were found during 2021/22:
|
|
2021/22 AUDITS IDENTIFYING SIGNIFICANT ISSUES |
RATING |
|
COUNCIL WIDE |
||
|
· Debt Management |
Three observations were made on major areas of weakness as progress to address areas of concern during 2021/22 was minimal. The areas of weakness drawn out in the memo for this year are management reporting of debts and write offs, referral of outstanding debts to Legal and debt write- off delegations.
|
ADVISORY MEMO WITH NO AUDIT OPINION BUT MAJOR RECOMMENDATIONS RAISED |
|
DELIVERY |
||
|
· Green Homes Grants |
This audit was requested by the Executive Director: Delivery as it was a significant expenditure stream that had been transferred from another Directorate and there had been gaps at manager level during the period that the grants were being given which could potentially have increased risk. The audit established that there were weaknesses in controls. Eight major recommendations were raised on resourcing, the promotion of the scheme, procurement processes, lack of independence in the assessment process, weaknesses in the process for agreeing quotes with contractors, weak control over payments for works, GDPR weaknesses and concerns around records maintained and reporting on grant spend.
|
ASSURANCE OPINION: INADEQUATE |
|
· Security camera controls |
Three major recommendations were raised relating to gaps in the CCTV policy and non compliance that should be addressed, ensuring that there is adequate signage at camera locations and setting rules and developing procedures for access and sharing of data.
|
ASSURANCE OPINION: PARTIAL |
|
· Cyber Security Follow Up |
The major recommendation (originally from the 2019/20 audit and re-raised in the 2020/21 audit) in relation to the formal documentation of the VoIP Disaster Recovery procedure has been re-raised in the current audit. We also raised a new major recommendation relating to Council smartphones in use which are unable to support the Council’s chosen anti-malware software.
|
FOLLOW UP REVIEW WITH NO AUDIT OPINION BUT MAJOR RECOMMENDATIONS RAISED |
|
· E+ Card
|
Two major recommendations were raised relating to the absence of both a Data Protection Impact Assessment and data flow mapping for the interface systems.
|
ASSURANCE OPINION: PARTIAL |
|
GOVERNANCE |
||
|
· Complaints Process |
Four major recommendations were raised in respect of resourcing complex complaints; completeness of records, monitoring of complaints and actions for improvement and corporate reporting.
|
ASSURANCE OPINION: PARTIAL |
|
PEOPLE |
||
|
· Parenting Assessments (20/21 Audit) |
The audit was requested by the Assistant Director: Children’s Social Care to establish if there was any validity in concerns that she had that procedures may not be being consistently applied. Three major recommendations were raised relating to non-compliance with key steps in the processes, the lack of performance & quality checks and the gaps in knowledge within the service.
|
ASSURANCE OPINION: INADEQUATE |
|
· Larchwood |
Three major recommendations were raised on pre-employment checks for agency workers, expenditure controls and imprest reconciliations.
|
ASSURANCE OPINION: PARTIAL |
|
· Permanency Planning |
Permanency Planning processes assess the most effective and viable options for a permanency plan for a child or young person. This was an advisory review requested by the Assistant Director: Children’s Social Care to establish if there was any validity in concerns that she had that these processes may not be being consistently applied. Two major observations were raised by Internal Audit in relation to meetings records and management information on compliance with statutory timeframes for meetings.
|
ADVISORY REVIEW WITH NO AUDIT OPINION BUT MAJOR RECOMMENDATIONS RAISED |
|
· Services to Schools |
Five major recommendations have been raised. These relate to costing of services and overheads to ensure accurate recharging and assess viability, systems integration procedures and resourcing of systems support and systems finance administration support.
|
ASSURANCE OPINION: PARTIAL |
|
· Supervision in Adult Social Care and Mental Health |
This was an advisory review requested by the management team. Two major observations were raised supervision monitoring records and monitoring of actions identified from supervision meetings.
|
ADVISORY REVIEW WITH NO AUDIT OPINION BUT MAJOR RECOMMENDATIONS RAISED |
|
· Heath and Social Care ICT Care Systems Integration |
An overall opinion of partial assurance was given based on the project management and implementation of the children’s social care phase due to overall concerns that there are key risks that the Compliance Matrix has not been re-designed specifically for children’s social care and there has been a lack of engagement to secure buy-in from stakeholders and end users which may impact on take-up and success of the system once it goes live. We have raised four major recommendations, relating to:
|
ASSURANCE OPINION: PARTIAL |
|
RESOURCES |
||
|
· Supplier payments |
Major observations were made in respect of the creation of new suppliers, the audit trail for transactions and the need to increase the use of purchase orders. |
ADVISORY MEMO WITH NO AUDIT OPINION BUT MAJOR RECOMMENDATION RAISED |
|
· Agresso IT system Follow Up |
A major recommendation has been raised as a data protection impact assessment was not completed when the system was migrated to the Cloud |
FOLLOW UP REVIEW WITH NO AUDIT OPINION BUT MAJOR RECOMMENDATION RAISED |
|
· Joint audit of Council Tax and Business Rates |
We raised three major recommendations in relation to refunds, empty property inspections and reconciliation of the suspense account. |
ASSURANCE OPINION: PARTIAL |
|
· Covid Restart Grants |
Three major observations were raised in respect to the lack of segregation of controls in the claims process and absence of spot checks and checks to national counter fraud system. |
ADVISORY REVIEW WITH NO AUDIT OPINION BUT MAJOR OBSERVATIONS RAISED |
|
· Covid Restriction Grants |
Three major observations were raised in respect to the lack of segregation of controls in the claims process and absence of spot checks and checks to national counter fraud system.
|
ADVISORY REVIEW WITH NO AUDIT OPINION BUT MAJOR OBSERVATIONS RAISED |
|
PLACE PLANNING AND REGENERATION |
||
|
· Tree Services |
We raised two major recommendations relating to the completion and monitoring of the tree inspection programme and the completion of due diligence checks on contractors / consultants.
|
ASSURANCE OPINION: PARTIAL |
In addition, some major recommendations have been raised at a number of audits such as climate change, early years free nursery entitlements and reconciliations which though considered significant for management did not prevent us from concluding that overall controls were adequate. These are noted in Appendix 1.
|
SCHOOL AUDITS FOR GOVERNING BODIES WHERE HIGH PRIORITY ISSUES HAVE BEEN IDENTIFIED SINCE THE LAST UPDATE IN THE INTERNAL AUDIT INTERIM REPORT IN JANUARY 2022 |
||
|
· SCHOOL D |
We raised two critical recommendations as a consequence of the audit. The first critical recommendation related to the completion of DBS checks for governors. A further critical recommendation was raised relating to the audit of the School Fund. No audit of the Fund had been completed since 2018/19 and the records were incomplete. This was holding up the preparation of accounts and audit for 2020/21.
We also raised six major recommendations. These major recommendations related to there being no Register of Certifying Officers for Capital and Revenue Expenditure in place at the School and weaknesses in budget monitoring, pre-employment checks and the bank reconciliation process. The final major recommendation raised is common to all school audits and did not impact on the opinion in relation to medium term budget setting arrangements forecasting a deficit position. |
ASSURANCE OPINION: INADEQUATE |
|
· SCHOOL B |
We raised two major recommendations. The first related to the absence of detail in the format of the audit of the school’s private funds and the audit arrangements for the private funds being inadequate for the high number of transactions going through and the high balances on the funds. We also raised one major recommendation in relation to medium term budget setting arrangements. This is common to all school audits and did not impact on the opinion in relation to medium term budget setting arrangements forecasting a deficit position.
|
ASSURANCE OPINION: PARTIAL |
|
· SCHOOL E |
We raised five major recommendations, three of which related to budget related risks. We noted that regular budget monitoring reports had not been produced in the absence of a bursar. Major recommendations have also been raised in relation to non-pay expenditure (raising and authorisation of orders, obtaining goods received notes, authorisation of invoices, BFC Finance and Legal review of lease agreements), the School collecting the large values of income for wraparound care and the nursery in cash or in cheques and the audit of the private fund for 2019-20 where the accounts had been prepared but the audit had not been carried out. A major recommendation was also raised in relation to medium term budget forecasts predicting a deficit which is common to all schools and did not impact on the opinion. |
ASSURANCE OPINION: PARTIAL |
|
· SCHOOL H |
We raised three major recommendations. A major recommendation was raised in relation to non-pay expenditure as orders and invoices processed are not being authorised. A further major recommendation was raised with regards to the cleaning contract to the value of approximately £100k over three years as there is no signed contract in place for this arrangement which was let in 2020. A major recommendation was also raised in relation to medium term budget forecasts predicting a deficit which is common to all schools and did not impact on the opinion. |
ASSURANCE OPINION: PARTIAL |
A major recommendation was raised at all school audits undertaken to date in respect to medium term budget forecasts predicting deficits over the next 3 years. Whilst this has not resulted in itself in a partial or inadequate opinion this is something governing bodies should continue to monitor.
4.4 Follow up of Previous Limited Assurance Opinions
The Internal Audit procedure is for areas with major or critical recommendations to be re-audited in the following year. The table below provides a summary of the latest position. The impact of COVID has limited progress in some cases as well as delaying some re-audits:
|
AUDITS WHERE SIGNIFICANT ISSUES HAVE BEEN IDENTIFIED IN PREVIOUS YEARS |
CURRENT AUDIT POSITION |
|
COUNCIL WIDE |
|
|
· Debt Management
|
This was re-audited in quarter 4 and the major issues previously identified were outstanding See 4.3. |
|
· Management of Essential Car User Allowances and Mileage |
This was followed up with management. Actions generally implemented but one major recommendation is ongoing in respect of review of essential car users. |
|
PEOPLE |
|
|
· Forestcare |
Forestcare was re-audited in quarter 4 of 2021/22 and an adequate assurance opinion was given.
|
|
· Adult Social Care Pathway
|
Management information obtained has indicated that the actions around annual reviews are still in progress.
|
|
· Loans for Housing Rents and Deposits
|
This was followed up as part of the debt management audit and it was found that the major recommendation to review the debt to identify those debts that are recoverable and pursue these is still ongoing.
|
|
· Breakthrough |
A follow up audit was carried out in quarter 4 and it was found that actions to address the major recommendation around recording of the outline of the journey for people who are referred to the service had progressed but were still in progress.
|
|
· Domiciliary Care
|
One major recommendation from 2018/19 is in progress. New framework contracts have been put in place which should address this by providing access to providers electronic monitoring systems to verify that services charged for have been delivered This will be followed up in the latter half of 2022/23.
|
|
· Disabled Facilities Grants |
This area is currently being re-audited in quarter 1 of 2022/23.
|
|
DELIVERY |
|
|
· Cyber Security |
Cyber security was followed up in quarter 4 and 2 major recommendations have been raised. See 4.3
|
|
· Public Protection Partnership |
The follow up audit has been deferred at management request to quarter 3 of 22/23 as some of the actions are dependent on first implementing a new system and this was delayed. |
|
· Reactive Maintenance |
This was followed up in quarter 2 and the recommendations raised have been addressed. |
|
· Management of Commercial Properties
|
Follow up work is currently ongoing. |
|
· ICT Continuity Management |
The business continuity test in March 2022 identified that work is still ongoing to address a number of the major recommendations in the original report such as the identification of critical IT systems.
|
|
RESOURCES |
|
|
· Creditors (SupplierPpayments) |
Creditor payments (supplier payments) were re-audited in quarter 4 and areas of major weakness were found. See 4.3. |
|
· Business Rates (Also Limited Assurance in 2017/18, 2019/20
|
A joint audit of Council Tax and Business Rates was undertaken in quarters 3 and 4 and a partial assurance opinion was given. See 4.3. |
|
· Council Tax (Also Limited Assurance in 2017/18)
|
|
|
· Agresso IT System |
A follow up audit was undertaken in quarter 3 and a major recommendation was raised again. See 4.3. |
|
PLACE, PLANNING AND REGENERATION/FINANCE |
|
|
· Ringway Street Lighting
|
An update was obtained from management on actions to address the weaknesses found in 2019/20 and we were advised that these have all been addressed. This area is due to for formal re-audit in be re-audited in quarter 3 of 2021/22.
|
|
· Public Health
|
The audit was deferred to quarter 1 of 22/23 to allow time to identify a programme for utilising unspent reserves.
|
|
SCHOOL GOVERNING BODIES |
|
|
· School I (Limited Assurance in 2017/18 and Partial Assurance in 2018/19)
|
The re-audit has been delayed and is now dure to be carried out in at the end of quarter 1 of 2022/23.
|
|
· School F (Partial assurance in 2018/19) |
The school was re-audited in quarter 3 and an adequate opinion was given. |
|
· School K (Partial assurance in 2019/20) |
This is currently being followed up with the school.
|
|
· School G (Partial assurance in 2019/20) |
Follow up currently ongoing.
|
4.5 Follow up of Audit Recommendations
A follow up exercise was carried out in April 2022 on audits where an adequate opinion had been issued in 2020/21 as well as follow up of some areas with major recommendations. The results are shown in Appendix 2 This was based on management feedback on the status of recommendations and the outcome is set out in Appendix 2. This identified that out of 56 recommendations followed up, 41 (73%) had been implemented.
5.1 Compliance with Public Sector Internal Audit Standards
The Public Sector Internal Audit Standards (PSIAS) came into effect on 1 April 2013. These standards provide a consistent framework for all internal audit services in the public sector across the UK. There is a requirement in the Standards for the Head of Audit and Risk Management to report on conformance with the PSIAS in her annual report based on the outcome of internal and external assessment of compliance. PSIAS Standard 1312 states that “External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organisation…”
In March 2022 an external assessment of Bracknell Forest Council’s internal audit services was carried out by CIPFA and the conclusion is that the service is fully compliant with Public Sector internal audit standards. The full report is attached at Appendix 3. Only 1 recommendation was raised for the Head of Audit and Risk Management to meet privately with the Chair of the Governance and Audit Committee on a regular basis. Two advisory points were also raised on use of data analytics and exploring alternative options such as apprenticeships and interns for resourcing internal audit given the national shortages of skilled and qualified auditor. Actions to address these matters are summarised below:
|
Agreed Action |
Action Responsibility |
Deadline |
|
The Head of Audit and Risk Management will arrange private meetings with the Chair of the Governance and Audit Committee to coincide with the scheduled Committee meetings |
Head of Audit and Risk Management |
July 2022 |
|
2. Make greater use of data analytical techniques (Advisory) |
||
|
Agreed Action |
Action Responsibility |
Deadline |
|
We are due to recruit replacement staff and will undertake further training once they are in post and look to apply this in practice. |
Head of Audit and Risk Management |
March 2023 |
|
3. Consider employing trainee or apprentice auditors (Advisory) |
||
|
Agreed Action |
Action Responsibility |
Deadline |
|
Now that one of the senior auditor posts has become vacant, we have taken the decision to take on an apprentice and are working with Learning and Development to recruit an apprentice to start in September 2022. |
Head of Audit and Risk Management |
September 2022 |
5.2 Summary of Internal Audit Performance
|
|
Client Questionnaires |
Draft Report Produced within 15 Days of Exit meeting |
|
|
|
Received |
Satisfactory |
|
|
2020/21 |
19 |
90% |
68% |
|
2019/20 |
9 |
89% |
60% |
5.3 Feedback from Client Quality Questionnaires
From the limited number of client questionnaires returned for 2021/22, the level of satisfaction was generally positive with only two auditees saying their audits was not satisfactory. In both cases the auditees gave an unsatisfactory assessment due to significant delays during the audit and the number of issues requiring clarification at the exit meeting. These points have been discussed with the auditor.
5.4 Performance Against Key Indicator
Our key indicator is delivery of draft reports within 15 days of the exit meeting. Continuing resource pressures during 2021/22 have limited progress but as shown in the table in 5.2, there has been some improvement in delivery against the key target
In accordance with Public Sector Internal Audit Standards the Head of Audit and Risk Management is required to consider the outcome of the external inspections and assessments to inform the development and ongoing review of the Internal Audit Plan for the current and future years and assess if there are any issues relating to the control environment which need to be taken into account in drawing up the annual Head of Internal Audit Opinion. The findings of the various assessments considered when finalising the Head of Internal Audit Opinion for 2021/22 are as follows:
· Information Commissioner Follow Up June 2021. Concluded meaningful progress had been made to mitigate the risk of non-compliance with GDPR.
· Ofsted and the Care Quality Commission (CQC), joint inspection February 2022 of the effectiveness of the area in implementing the special educational needs and/or disabilities (SEND) reforms as set out in the Children and Families Act 2014 identified significant areas for improvement.
· School Financial Value Standard. The schools financial value standard (SFVS) is a mandatory requirement for local authority (LA) maintained schools in managing their finances and to give assurance that they have secure financial management in place. Schools are required to complete the checklist every year and arrange for this to be signed by the Chair of Governors. Education Finance were able to confirm that all schools have now submitted this.
· External Auditors’ Annual Audit Letter 2020/21. The Annual Audit Letter from the external auditors would generally inform the annual Head of internal Audit Opinion. However, at the time of writing this report, EY have still to produce their final conclusions for 2020/21.
The Strategic Risk Register was reviewed four times by the Strategic Risk Management Group (SRMG) and twice by the Corporate Management Team and the Governance and Audit Committee in 2021/22.
In addition to frequent and at some points daily risk management monitoring of COVID-19 by the Corporate Management Team, an overarching risk was developed to highlight the issues arising from COVID-19 and the actions being taken to respond and mitigate this. This was regularly reviewed, updated by the Corporate Management Team and incorporated into Strategic Risk Register. A further risk register has been developed in response to the Ukraine crisis which also be monitored by Corporate Management Team.
There is a process for recording and monitoring significant operational risks through directorate risk registers that are reviewed on a quarterly basis and these are used to inform the Strategic Risk Register. Project managers are also required to maintain separate risk registers for all major projects and programmes.
During 2021/22, the programme of updating the Council’s business continuity arrangements was progressed by the shared service for Emergency Planning hosted by West Berkshire Council. Following this, a test exercise was undertaken in March 2022 and action are being taken forward to address lessons learned from this exercise.
During 2021/22, the Annual Governance Statement was produced by Legal Services and an action plan was developed.
The Information Commissioner carried out a consensual inspection at the end of May 2020 providing a valuable independent view of the Council’s arrangements following the Information Commissioner’s data protection audit methodology. This identified some scope for improvement in existing arrangements to reduce the risk of non-compliance with data protection legislation and an action plan. The Information Commissioner subsequently undertook a follow up exercise in June 2021. The Commissioner was satisfied that the Council is taking an appropriate approach to improve data protection arrangements and is not intending to carry out any further follow up.
A number of internal audit reviews carried out under the 2021/22 Audit Plan included elements of governance such as the complaints process and school audits.
9.1 Benefits Investigations
On 1st December 2014, the Council's Benefit Fraud Investigation Officers transferred to the Single Fraud Investigation Service (SFIS) within the Department for Work and Pensions (DWP) as part of the national government programme of centralising the investigation of welfare benefit fraud. The Welfare Service passes cases of overpayments in excess of £3k and cases where fraud is suspected to SFIS for investigation. Members of the public are directed to contact the DWP directly where fraud is suspected and so SFIS refers further fraud information requests where fraud has been reported from another source. During the period 1 April 2021 to 31 March 2022 there were 28 referrals to SFIS. We have received outcomes for 10 of these cases however these have not resulted in administration penalties or prosecutions. During the financial year 2020/21 19 cases were referred however In response to the Covid-19 crisis and redeployment of their staff, the DWP suspended all Compliance and Investigation activity from March 2020. Although Compliance activity has since resumed from January 2021, we have only been notified of 1 outcome relating to these cases which has not resulted in administration penalty or prosecution.
From 1st April 2014, if a claimant is notified that they have been overpaid Housing Benefit by £250 or more, which must have occurred wholly after 1st October 2012, Bracknell Forest Borough Council has been able to impose a set Civil Penalty of £50. The £50 Civil Penalty applies if benefit is overpaid because the claimant negligently gave incorrect information and didn’t take reasonable steps to correct their mistake or failed to tell the Council about a change or failed to give them information without a reasonable excuse. Between 1 April 2021 and 31 March 2022, the service has not applied any Civil Penalties however we have applied 3 Council Tax Penalties.
Since January 2018 the DWP no longer issue mandatory referrals for Real Time Information (RTI) system for Housing Benefit to detect undeclared income. This has been replaced by the Verify Earnings and Pensions (VEP) Alerts service which provides local authorities with the capability to prevent fraud and error arising through real time identification of changes in income. The service provides Alerts to users to prompt them to access the service when there is a change in the claimants or partner’s employment or pension. The DWP commenced the roll out to Local Authorities from May 2018 with Bracknell Forest Council using the service from October 2018. Between 1 April 2021 and 31 March 2022, 437 changes of circumstances to Housing Benefit were recorded as actioned due to VEP of which approximately 59.0% resulted in a decrease to Housing Benefit, and approximately 24.5% resulted in an increase to Housing Benefit.
9.2 Housing wait list
A proactive review of the housing waiting list including data matching was undertaken by Oxford City Council Fraud Team during 2021/22. The data matching exercise highlighted and prioritised a number of matches for further investigation. As a result, two cases were closed on the housing waiting list where the Oxford Team identified the individuals had mortgages, seven cases where investigations confirmed data matches indications that individuals were not living at the address they had given, three cases were closed where individuals were claiming Council Tax Support at a different address and 6 cases were closed where an individual with another name was claiming Council Tax Support at the address given, in three of these cases the applicant on the housing waiting list had died.
In addition, for 81 cases identified as claiming that they were living with individuals who were claiming Council Tax Single Person Discount, the Oxford team wrote to these individuals requesting further information. Following this exercise, Single Person Discount was removed for three cases and there were also adjustments to their Council Tax Support.
Investigations of the lower priority matches by the Housing and Welfare Teams are ongoing.
9.3 Potential Irregularities
In the summer of 2021 the Council was the target of a bank mandate fraud. The monies were recovered after steps were taken to seek recovery from the bank. More robust control procedures are now in place which have already stopped a number of attempted bank mandate frauds.
In addition, a small number of bogus payments were made under the Government’s Track and Trace Scheme. Action was subsequently taken to seek recovery from the individuals concerned and a report was made to Action Fraud.