QUARTERLY INTERNAL AUDIT UPDATE REPORT FROM THE HEAD OF THE EAST KENT AUDIT PARTNERSHIP

 

1.0       INTRODUCTION AND BACKGROUND

 

1.1       This report provides Members with an update of the work completed by the East Kent Audit Partnership since the last Governance and Audit Committee meeting, together with details of the performance of the EKAP to the 30th September 2018.

 

2.0       SUMMARY OF REPORTS

 

             Service / Topic

Assurance level

No. of Recs.

2.1

Food Safety  

Substantial

C

H

M

L

0

0

0

0

2.2

Housing Allocations                            

Substantial

C

H

M

L

0

0

3

0

2.3

EKHR Apprenticeships

Substantial/ Reasonable

C

H

M

L

0

3

4

1

2.4

EKS ICT Procurement & Disposal

Reasonable

C

H

M

L

0

0

7

0

2.5

EKS Housing Benefit Discretionary Housing Payments

Reasonable

C

H

M

L

0

1

3

0

2.6

EKS Public Sector Network Compliance

Not Applicable

C

H

M

L

0

4

1

0

2.7

Compliance with General Data Protection Regulations

Limited

C

H

M

L

3

9

6

3

2.8

Asset Management 

Limited

C

H

M

L

0

6

3

0

 

2.1    Food Safety – Substantial Assurance:

 

2.1.1    Audit Scope

           

To provide assurance on the adequacy and effectiveness of the procedures and controls established to reduce the incidence of food poisoning within the district through effective registration and inspection of all food businesses, investigation of food complaints, enforcement of the Food Safety and Hygiene Regulations (England) 2013 and associated legislation, provision of food hygiene training, and offering advice and guidance.

 

2.1.2      Summary of Findings

The Council has a statutory duty to provide an effective food safety service which meets the requirements of the Food Standards Agency (FSA). Functions are carried out by authorised officers within the Public Protection Team under the provision of the Food Safety Act 1990 and the Food Safety & Hygiene (England) Regulations 2013.

 

The Council is currently responsible for registering all food businesses, and new businesses are identified locally by street auditing, social media and the Council’s licensing department.  However, in March 2019, the Food Standards Agency plans to introduce a centralised system for registering new businesses as part of its transformation model, Regulating Our Future (ROF); it is not yet known how this will work in practice and the system is currently being tested and debated. The number of establishments within the district as at April 2018 and categorised by risk rating (where A is the highest risk and F is the lowest risk), can be seen below:

 

Risk Rating

 Number of premises

A

2

B

5

C

                 152

D

763

E

430

F

0

       Not categorised

7

              TOTAL

1359

 

            The primary findings giving rise to the Substantial Assurance opinion in this area are as follows:

 

·         The Council follows the food law code of practice and is governed by the Food Standards Agency (FSA); it has a procedure manual and service plan which are both reviewed bi-annually and were being reviewed at the time of this audit;

·         An inspection programme is generated automatically based on previous inspection dates entered into the M3 system;

·         Inspection reports, enforcement action and supporting evidence had been satisfactorily recorded and documented in M3 for all cases within the testing sample; and

·         The Council appropriately resolved all complaints within the testing sample.

 

2.2  Housing Allocations – Substantial Assurance:

 

2.2.1    Audit Scope

 

To provide assurance on the adequacy and effectiveness of the procedures and controls established to ensure that housing property is allocated efficiently and effectively to qualifying tenants in accordance with Council policy and procedures and offers choice to prospective tenants through the allocations process in accordance with prevailing legislation.

 

2.2.2      Summary of Findings

 

The Council operates within the provisions of the Housing Act 1996 – Part VI (as amended) and takes into account the Government’s statutory guidance on social housing allocations for local authorities in England.  The Council must also fulfil its duty to the homeless under Section 184 of the Housing Act 1996 Part VII.

 

·           Thanet District Council is owner and landlord of 3,034 properties as at 1 April 2018 (a slight net reduction of 13 properties since 2013)

·           In 2017/18, 132 households were allocated a property (this number was 282 in 2012/13)

·           The number of households on the Housing Register at 1 October 2018 was 2612

·           The number of households placed in temporary accommodation has been steadily increasing, from 44 at 31 March 2015 to 179 at 30 September 2017, consequently this has increased costs significantly. 

 

            The primary findings giving rise to the Substantial Assurance opinion in this area are as follows:

 

·         The Council has an Allocations Policy and Tenancy Strategy, both of which incorporate Localism (Act 2011) and both of which have recently been reviewed as per the five year term.

·         All housing applications within the testing sample had been appropriately assessed and banded.

·         All households within the testing sample had been allocated a property according to priority and suitability e.g. medical needs.

·         Of the tenancy agreements that were viewed, all matched the tenant’s details, the tenancy term allocated and, all had been signed by the tenant.

·         The Council compares its performance and shares its experiences with the Kent wide housing partnership.

 

            Scope for improvement was however identified in the following areas:

 

·         It would be beneficial to introduce credit checks at the allocation stage to ensure the applicant is fully entitled to the property.

·         It would be beneficial to explore membership to the National Anti-Fraud Network (NAFN) to provide low cost credit checks and assistance with housing fraud investigations.

·         Try to agree a data sharing agreement with the DWP to allow access to their system for assessment and allocation purposes.

 

2.3       EKHR Apprenticeships – Substantial/Reasonable Assurance

 

2.3.1    Audit Scope

 

To ensure that the processes and procedures established by EKHR and the partner councils are sufficient to provide the level of control required to be in place regarding apprenticeships and training for partner councils. Especially concerning the administration of the apprenticeship levy that is required to be paid by the partner councils.

 

2.3.2      Summary of Findings

 

            Since May 2017 all three Councils plus East Kent Housing have had to pay 0.5% of their monthly gross wage bill towards a new HMRC administered Apprenticeship Levy each month. The scheme has been introduced by the Government in an attempt to increase the number of apprenticeships in England by 3 million by 2020. HMRC collects the levy from large organisations, adds some government funding and then distributes the funds back to all organisations based on a formula which is made available to use solely on specific types of apprenticeship training. If the funds are not used within two years then the Government claws it back. As a consequence each Council has put in place an Apprenticeship Strategy or Apprenticeship Plan outlining what each Council intends to do in order to utilise the funds and meet Government targets. The Government have set a target of 2.3% of each Council’s workforce to be apprentices by 2020. Performance figures have to be submitted to HMRC annually.

           

            Dover District Council

            Dover’s apprenticeship target set in 2017 was to employ 18 apprentices by March 2020 in order to meet the 2.3% target set by the Government. As at August 2018 the Council had employed seven apprentices and was in the process of securing another eight in September 2018. The Council is therefore on target to meet the 2.3% target. The Council has contributed £42,285 towards the levy since May 2017 and has an apprenticeship levy balance of £39,874 available to utilise (at July 2018).

 

            Canterbury City Council

            Due to the size of the authority Canterbury’s apprenticeship target set in 2017 was to employ 32 apprentices by March 2020 in order to meet the 2.3% target set by the Government. As at August 2018 the Council had employed one apprentice but was planning to enrol 12 existing staff members on ILM training from September 2018. If the Council achieves this, the Council will be 11 apprentices short of its apprenticeship target by the end of this financial year; however the transfer of the Marlowe to Trust will reduce the apprenticeship target. The Council has contributed £70,960 towards the levy since May 2017 and has an apprenticeship levy balance of £76,376 available to utilise (at July 2018).

           

            Thanet District Council

            Thanet’s apprenticeship target was not specified in its Apprenticeship Strategy. EKHR have calculated that Thanet will need to have appointed approximately 38 apprentices by March 2020 in order to meet the 2.3% target set by the Government. However, the number of apprentices the Council need to appoint has reduced this year due to the TUPE transfer of staff from EK Services over to Civica. As at August 2018 the Council had employed one apprentice but was planning to enrol five new apprentices in September based on a combination of appointing new apprenticeships and setting up eligible training for existing staff members. The Council therefore will need to appoint a further 32 apprentices by March 2020. The Council has contributed £90,262 towards the levy since May 2017 and has an apprenticeship levy balance of £97,383 available to utilise (at July 2018).

           

            Management can place Substantial Assurance on the controls operating with EKHR and at Dover District Council and Reasonable Assurance on the controls in place at Canterbury City Council and Thanet District Council.

 

            The primary findings giving rise to the Substantial and Reasonable Assurance opinions in this area are as follows:

·         The governance arrangements put in place at Dover District Council to encourage and drive the uptake of apprenticeships are at a high enough level to ensure successful and sustainable outcomes;

·         The EKHR Apprenticeships Policy and the roles and responsibilities contained within the policy are well documented;

·         Payroll processes and manual checks undertaken within EKHR and by each of the councils are ensuring apprenticeship levy payments made monthly to HMRC are accurate, well documented and authorised; and

·         All apprenticeships in place were supported by sufficient and secure documentation and the contractual arrangements in place were sufficient.

 

            Scope for improvement was however identified in the following areas:

·         Thanet District Council and Canterbury City Council need to re-visit their strategies and governance arrangements in place to ensure progress is sufficient to meet the Government apprenticeship target and to ensure Heads of Service (and EK Services) are actively encouraged to adopt more apprentices;

·         There is a high probability that from May 2019 Canterbury and Thanet councils will not meet their apprenticeship targets that the Government will start to claw back significant levy funds each month currently available to each Council;

·         All of the councils should report back quarterly at CMT level on the number of apprenticeships in place against the target and report to CMT on the funds available in the levy in order to ensure apprenticeships are being monitored.

 

2.4       EKS ICT Procurement & Disposal – Reasonable Assurance

 

2.4.1    Audit Scope

 

            To ensure that the procedures and internal controls established by EK Services are sufficient to provide an effective, efficient, secure and economical ICT service to the three partner authorities of Canterbury CC, Dover DC and Thanet DC. An important aspect of this being to ensure that the controls over the administration of the procurement and the disposal of ICT equipment are robust.

 

2.4.2      Summary of Findings

 

            EKS delivers ICT Services to the three partner Councils.  Under this collaborative agreement EKS are tasked with obtaining quotes for procuring, supplying and installing ICT and telephone equipment and software whilst maintaining value for money and complying with Financial Procedure Rules and Contract Standing Orders.

            EKS are also responsible for disposing of redundant equipment in a manner consistent with all statutory requirements such as data protection and waste disposal regulation; and certifying the removal or destruction of data from such equipment.

           

            Sanitisation is the process of treating data held on storage media to reduce the likelihood of retrieval and reconstruction to an acceptable level.  Some forms of sanitisation will allow you to re-use the media, while others are destructive in nature and render the media unusable. 

 

            There are a number of circumstances in which an organisation would want to sanitise storage media, for re-use, repair or disposal and destruction.  In these cases the media, and therefore the authorities’ data, may be outside its normal operating environment and is therefore subject to greater risk from a different set of users and from third parties.

 

            The primary findings giving rise to the Reasonable Assurance opinion in this area are as follows:

 

·         Roles and responsibilities for the procurement and disposal of ICT equipment are set out in the service level agreements.

·         Clear instructions have been given to staff purchasing ICT equipment on behalf of the partner Councils.

·         Procurement processes in place manage compliance with Contract Standing Orders.

·         Hard drives are being appropriately wiped; although there is a backlog that requires sanitisation and these are being held securely.

 

Scope for improvement was however identified in the following areas:

·         The asset management trail for ICT equipment has been protracted which has resulted in inconsistencies in asset management records as it was separated across two systems.  Now that the asset register has been transferred to the current service desk system on which is also the purchasing module these inconsistencies should be addressed.

·         All new assets purchased should be traceable from purchase through to asset registration and disposal, and the queries regarding new assets raised as part of this review should be resolved.

·         Controls over removable media should be reviewed to ensure it takes into account new requirements under the GDPR.

 

2.5     EKS Housing Benefit Discretionary Housing Payments  – Reasonable Assurance

 

2.5.1    Audit Scope

 

To provide assurance on the adequacy and effectiveness of the procedures and controls established to provide additional financial assistance to claimants who are already receiving Housing Benefit, and who are experiencing particular financial hardship with regard to paying the shortfall of housing rent by the evaluation of, and then approval or rejection of applications.

 

2.5.2    Summary of Findings

                       

            Discretionary Housing Payments (DHPs) are temporary top-up payments to assist people who have additional housing costs which are not being met by Housing Benefit or Universal Credit (UC) housing cost entitlement.  The DHP fund is a limited amount determined and provided each year by Central Government (DWP). 

 

            The budget is closely monitored on a weekly basis by Civica as the councils may wish to fund any shortfall or take alternative action.  Legislation limits this additional funding to 2.5 x the central government budget. DDC does not generally allocate any extra funds, unless very slightly overspent TDC has also part funded the scheme in 2017/18.  None of the councils have earmarked funds for DHP in 2018/19; however TDC has recently taken control of a large part (£275k) of the budget to target homelessness reduction and prevention.

 

            The Civica benefits team currently has a target time of 20 working days to process a DHP claim; a new target time of 14 working days has been proposed in a revised DHP policy which is currently being discussed with the client authorities. Actual time taken is recorded on a spreadsheet and may be used in personal performance appraisals; however there is no requirement to report this performance to the client.

 

            The primary findings giving rise to the Reasonable Assurance opinion in this area are as follows:

 

·         Discretionary Housing Payments are made in accordance with the joint councils’ policy and government guidance.

·         The policy is reviewed annually and publicised on all council websites, except Canterbury.

·         The same DHP application forms are available on all council websites.

·         The budget is closely monitored on a weekly basis by Civica.

·         Fifteen DHP applications were reviewed from 2017/18 and in the majority of cases; the reason and basis for the decision could be followed.

·         Information about appeals is stored securely within the customer’s record on CivicaW2/CivcaOR.

 

            Scope for improvement was however identified in the following areas:

 

·         More detailed information about the basis of the award decision and calculation method should be provided to the customer and saved in one place e.g. CivicaW2.

·         Introducing a guide to ‘expected household expenses’ may offer more consistency when assessing DHP awards.

·         Councils and Civica should ensure there is an agreed and published document retention schedule for services provided by Civica on behalf of the councils.

 

 2.6      EKS Public Sector Network Compliance – An assurance is not applicable for this work

 

2.6.1    Audit Scope

 

            This review is to provide options regarding the risks and costs associated with complying with the PSN requirements for June 2018.

 

2.6.2    Summary of Findings

           

            The Public Services Network (PSN) is a secure private Wide-Area Network (WAN) which enables secure interactions between connected Local Authorities and organisations that sit on the pan-government secure network infrastructure. Government requirements are designed to defend against common threats such as opportunistic hackers and abuses of business processes, while remaining proportionate and aligned with wider business goals.

 

            Canterbury City Council, Dover and Thanet District Councils are local authorities that have to connect to the PSN so that they can receive benefits data from the DWP, GCSX email, DVLA information, Justice information and Police data for various business units. 

 

            Scope for improvement was identified in the following areas:

 

·           Patch management of third party software is the biggest issue that needs to be addressed to enable the authorities to be PSN compliant.

·           EK Services, who are responsible for delivering ICT services to the authorities, need to engage at a senior level to ensure that the councils are aware of the patch management risks and issues and the priority within the day to day services that they need to be given.

·           The service level agreements do not currently reflect the relevant priority of patch management work sufficiently. This also raises a new risk since the relationship with Civica has been established.

 

2.7  Compliance with General Data Protection Regulations – Limited Assurance:

 

2.7.1    Audit Scope

 

To provide assurance on the adequacy and effectiveness of the procedures and controls established to ensure that:

·         The Council is compliant with the Data Protection Act 2018 and the General Data Protection Regulation.

·         Where the Council is non-compliant the Council is working to ensure it is compliant as soon as possible.

 

2.7.2    Summary of Findings

 

      The new General Data Protection Regulation (GDPR) came in to effect on 25th May        2018. The General Data Protection Regulation (GDPR) (EU) 2016/679 is    a regulation in EU law on data protection and privacy for all individuals within           the European Union (EU) and the European Economic Area (EEA). The GDPR aims       primarily to give control to citizens and residents over their personal data and to     simplify the regulatory environment. It is widely acknowledged that the majority or risk             lays with people and processes.

 

      The UK Institute of Internal Auditors (IIA) named GDPR as one of the highest risks           facing organisations in 2017. As a result, this audit has focused on providing   assurance on compliance.

 

            Management can place Limited Assurance that the Council is compliant with GDPR         and the Data Protection Act 2018.

 

            The primary findings giving rise to the Limited Assurance opinion in this area are as follows:

 

·         The Council is still in the process of putting together an Information Asset Register which is an essential tool used to identify and assess risk to personal data currently held within each service area. The register is one of the key building blocks to GDPR compliance and should have been completed by the Winter of 2017;

·         The Council has not published all departmental Privacy Notices which are designed to communicate to customers (amongst others) who their personal data has been shared with in compliance with 93 (1) of the Data Protection Act 2018;

·         The Council will remain non-compliant with Article 61 of the Data Protection Act 2018 and GDPR until a record of all data processing activities is completed.

·         Various data sharing risks have been identified and need to be addressed particularly in relation to contractors and third parties;

·         The Data Protection Policy needs to provide a little more clarity over Roles and Responsibilities to ensure there are no gaps in responsibility or accountability;

·         There is a need for all Heads of Service to organise the completion of all five GDPR focused training modules on e-learning for themselves and their staff to ensure compliance with Section 71(2) of the Data Protection Act 2018; and

·         The ability of the Council to deal with Subject Access Requests from members of the public in an effective, co-ordinated and organised manner will be severely affected until some of the issues contained within this report are addressed.

 

            Effective control was however evidenced in the following areas:

 

·         No instances of mishandling personal information was identified or witnessed;

·         Management are using some useful tools to raise the awareness of GDPR, albeit that some of these could be improved;

·         Management are currently working through a GDPR implementation plan which is focusing on high priority issues which almost matches the risks identified within this audit report;

·         The Data Protection Policy and subsequent processes and procedures were well documented although some of these were missing on the intranet;

·         The Data Protection Impact Assessment Procedure and Forms were well documented and communicated; and

·         Data Protection is being monitored at a strategic level within the organisation inline with the Risk Management Framework.

 

2.8     Asset Management – Limited Assurance

 

2.8.1    Audit Scope

                                                        

To provide assurance on the adequacy and effectiveness of the procedures and controls established to ensure that:

·         The Council has a corporate approach to asset management of the corporate portfolio

·         That property and land owned by the Council is evaluated so that it only retains assets that best support the Council’s overall aims and objectives.

·         That adequate focus and support is being given corporately to reduce the corporate asset portfolio down to a size that can be adequately maintained by the maintenance budget set in the MTFS. This is a Corporate Risk.

·         That there are adequate processes for consultation with the Service before new services/additional resources are required.

·         That asset management initiatives to improve service delivery are identified.

 

2.8.2    Summary of Findings

 

            The Council has a large corporate property portfolio comprising of 727 assets as at 2017 (excluding HRA).  These assets are given within the Strategic Asset Management Plan as follows:

 

 

The Estates Team is responsible for the landlord and tenant role for the Council estate, including optimising value; this may be a balance between satisfying communities and maximising income. Over recent years a lot of expertise has been lost from the team.  As such some of the work has been contracted out and interim staff bought in, this can be appropriate for specialist areas of work but there are issues of resilience.

 

The information requested from the Port and Harbours was not forthcoming, not only for this review process but is also not being adequately provided to the estates team charged with managing the assets. Therefore opinion on the way these assets are being managed; reconciled; insured; income generated; leases etc. cannot be given.  This is very concerning as according to the figures given within the Strategic Asset Management Plan these represent nearly 18% of the total assets owned and is the top ranked asset and may therefore benefit from a separate review.

 

With a permanent Head of Service now in post the direction of travel and focus this brings to the team is positive for the future. It will take time to bring the asset portfolio up to date, to bring solid working practices back into the team and to maintain a confident level of expertise.

 

            The primary findings giving rise to the Limited Assurance opinion in this area are as follows;

 

·         There are insufficient resources within the team to ensure that RCIS local authority asset management best practice is undertaken fully, although the strategic principles are adopted;

·         The existing property register is maintained via the computerised system ‘Estateman’ however this system will soon be obsolete, no timescales were given for the transfer process to Google docs.

·         The original copy of the lease agreements are held be the legal team.  It would have been expected that these be scanned and held electronically within Estateman, from the samples tested this could not be evidenced. 

·         There was evidence – within the sample examined – of non-enforcement of lease terms and conditions.

·         The disposal process needs to be reviewed and updated, the HOS confirmed this is underway and due to be presented to Cabinet early 2019;

·         Reconciliation processes in place between various asset registers being maintained need to be strengthened; testing could not reconcile all assets and not all registers were provided during the audit;

·         Staff training opportunities need to be recognised in order to maintain CPD within the team;

·         There is currently one officer trained to undertake valuations and this officer will be leaving the Council shortly and therefore management have advised that this function has been outsourced.

·         Recruitment difficulties have meant that in-house staff are being supplemented with qualified interim staff and external consultants.

·         The outsourcing of work to external consultants may however have been procured without the appropriate CPR’s being administered – management could not provide evidence of CSO compliance in this regard;

·         The property and asset insurance schedules need to be reviewed to ensure that the valuations and insurances charged are correct;

·         The insurance figures are calculated and uplifted annually and the method for this should be reviewed for accuracy.

·         Clarity is required on the treatment of the market rent of assets being held at and managed for the Ports and Harbours needs to be sought.  A decision needs to be made on whether the Port and Harbour have delegated authority to negotiate their own rents.

 

            Effective control was however evidenced in the following areas:

 

·         Budgets are being effectively managed, monitored and reported on;

·         Workloads are being effectively managed and monitored to ensure that the leases, licences and rent renewals are up to date;

·         Risks, priorities and performance indicators have been recognised and documented via the Strategic Asset Management Plan and Service Plan.

 

3.0.      FOLLOW UP OF AUDIT REPORT ACTION PLANS:

 

3.1       As part of the period’s work, four follow up reviews have been completed of those areas previously reported upon to ensure that the recommendations made have been implemented, and the internal control weaknesses leading to those recommendations have been mitigated.  Those completed during the period under review are shown in the following table.

 

Service/ Topic

Original Assurance level

Revised Assurance level

Original Number of Recs

No of Recs. Not yet implemented

a)

Homelessness

Substantial

Substantial

C

H

M

L

0

0

5

3

C

H

M

L

0

0

1

0

b)

East Kent Housing – Safeguarding Children & Vulnerable Groups

Reasonable/Limited

Reasonable

C

H

M

L

0

4

0

0

C

H

M

L

0

0

0

0

c)

East Kent Housing – Complaints Monitoring

Reasonable

Reasonable

C

H

M

L

0

2

2

3

C

H

M

L

0

0

1

0

d)

Anti-Fraud & Corruption

Reasonable

Reasonable

C

H

M

L

0

1

3

6

C

H

M

L

0

1

1

4

 

3.2       The only high risk recommendation still in progress at the time of follow-up (Anti-Fraud and Corruption) is being addressed by a separately commissioned review of Anti-Fraud Mapping which will be reported to a future meeting of this committee.

 

4.0       WORK-IN-PROGRESS:

 

4.1       During the period under review, work has also been undertaken on the following topics, which will be reported to this Committee at future meetings: Cash Collection, Income & Bank Rec, Business Continuity and Emergency Planning, Car Parking, Dog Warden, Street Scene Enforcement, and VAT

 

5.0       CHANGES TO THE AGREED AUDIT PLAN:

 

5.1       The 2018-19 internal audit plan was agreed by Members at the meeting of this Committee on 6th March 2018.

 

5.2       The Head of the Audit Partnership meets on a quarterly basis with the Section 151 Officer or their nominated representative to discuss any amendments to the plan. Members of the Committee will be advised of any significant changes through these regular update reports. Minor amendments have been made to the plan during the course of the year as some high profile projects or high-risk areas have been requested to be prioritised at the expense of putting back or deferring to a future year some lower risk planned reviews. The detailed position regarding when resources have been applied and or changed are shown as Appendix 3.

 

6.0          FRAUD AND CORRUPTION:

 

There are no known instances of fraud or corruption being investigated by the EKAP to bring to Members attention at the present time.

 

7.0       UNPLANNED WORK:

 

All responsive assurance / unplanned work is summarised in the table contained at Appendix 3.

 

8.0       INTERNAL AUDIT PERFORMANCE

 

8.1       For the six-month period to 30th September 2018, 143.88 chargeable days were delivered against the revised target of 323.36 days which equates to 44.5% plan completion.

 

8.2       The financial performance of the EKAP is on target at the present time.

 

8.3       As part of its commitment to continuous improvement and following discussions with the s.151 Officer Client Group, the EKAP has established a range of performance indicators which it records and measures.

 

8.4       The EKAP audit maintains an electronic client satisfaction questionnaire which is used across the partnership.  The satisfaction questionnaires are sent out at the conclusion of each audit to receive feedback on the quality of the service.

 

Attachments

           

            Appendix 1   Summary of Critical and High priority recommendations not implemented at the time of follow-up.

            Appendix 2   Summary of services with Limited / No Assurances.

            Appendix 3   Progress to 30th June 2018 against the agreed 2018-19 Audit Plan.

           Appendix 4   Balanced Scorecard to 30th September 2018.

            Appendix 5   Definition of Audit Assurance Statements & Recommendation Priorities 

          


SUMMARY OF CRITICAL & HIGH PRIORITY RECOMMENDATIONS NOT IMPLEMENTED AT THE TIME OF FOLLOW-UP – APPENDIX 1

Original Recommendation

Agreed Management Action , Responsibility and Target Date

Manager’s Comment on Progress Towards Implementation.

None this Quarter


SERVICES GIVEN LIMITED / NO ASSURANCE LEVELS STILL TO BE REVIEWED – APPENDIX 2

Service

Reported to Committee

Level of Assurance

Follow-up Action Due

Compliance with General Data Protection Regulations

December 2018

Limited

Work-in-Progress

Asset Management 

December 2018

Limited

Spring 2019

 


PROGRESS TO DATE AGAINST THE AGREED 2018-19 AUDIT PLAN – APPENDIX 3

 

THANET DISTRICT COUNCIL:

 

Area

Original Planned Days

 

Revised Budgeted Days

 

Actual  days to

 30-09-2018

Status and Assurance Level

FINANCIAL SYSTEMS:

Car Parking & Enforcement

10

10

0.28

Work-in-progress

VAT

10

10

2.85

Work-in-progress

RESIDUAL HOUSING SERVICES:

Housing Allocations

10

10

4.71

Finalised - Substantial

HRA Business Plan

10

10

0

Quarter 4

GOVERNANCE RELATED:

Anti-Fraud & Corruption Assurance Mapping

10

10

2.16

Work-in-progress

Complaints Monitoring

10

10

2.82

Work-in-progress

Corporate Advice/CMT

2

2

.10

Work-in-progress throughout 2018-19

s.151 Officer Meetings and Support

9

9

7.79

Work-in-progress throughout 2018-19

Governance & Audit Committee Meetings and Report Preparation

12

12

6.99

Work-in-progress throughout 2018-19

2019-20 Audit Plan and Preparation Meetings

9

9

0.89

Quarter 4

SERVICE LEVEL:

Thanet Lottery

10

10

0

Quarter 4

Safeguarding Children & Vulnerable Groups

10

10

0

Quarter 4

Community Safety

10

10

4.17

Work-in-progress

CCTV

10

10

0

Quarter 4

Dog Warden & Environmental Crime Enforcement

10

10

0.31

Work-in-progress

Electoral Registration & Election Management

10

10

8.94

Finalised

Food Safety

10

10

9.72

Finalised - Substantial

Pest Control

7

7

0

Quarter 4

Business Continuity & Emergency Planning

10

10

0.34

Work-in-progress

Equality & Diversity

10

10

0.18

Work-in-Progress

Events Management

10

10

0

Quarter 3

Grounds Maintenance

15

15

0

Quarter 4

Licensing

10

10

6.88

Work-in-Progress

Museums

10

10

0.23

Postponed

East Kent Opportunities

10

10

7.58

Work-in-Progress

Street Cleansing

10

10

0.18

Quarter 3

Employee Health, Safety & Welfare

10

10

0

Quarter 4

OTHER :

Liaison With External Auditors

1

1

0

Work-in-progress throughout 2018-19

Follow-up Reviews

15

15

5.86

Work-in-progress throughout 2018-19

FINALISATION OF 2017-18 AUDITS:

Days under delivered in 2017-18

0

38.36

0

Allocated

Service Contract Management

5

5

0.95

Finalised - Reasonable

Compliance with GDPR

13.49

Finalised - Limited

Creditors & CIS

9.79

Finalised - Substantial

Cash Collection, Income & Bank Reconciliation

14.78

Finalised – Substantial/Limited

Performance Management

12.53

Work-in-Progress

Asset Management

16.67

Finalised - Limited

Your Leisure

 

 

0.54

Postponed

Inward Investment

 

 

0.22

Postponed

RESPONSIVE WORK:

Duplicate Payments

0

0

1.15

Finalised

SHL Accounts Inspection

0

0

0.78

Finalised

TOTAL

285

323.36

143.88

44.5% as at 30-09-2018

 

EAST KENT HOUSING LIMITED:

 

Review

Original Planned Days

Revised Planned Days

Actual days to

  30-09-2018

Status and Assurance Level

Planned Work:

CMT/Audit Sub Ctte/EA Liaison

4

4

2.22

Work-in-progress throughout 2018-19

Follow-up Reviews

4

4

4.71

Work-in-progress throughout 2018-19

Repairs & Maintenance

30

30

0.27

Draft Brief issued

Void Property Management

20

20

Health & Safety

20

20

0

Quarter 4

Contract Monitoring

17

17

26.5

Finalised - Limited

Performance Management

15

15

2.05

Draft Brief issued

Welfare Reform

10

10

0.18

Quarter 2

Resident Involvement

10

10

0.18

Quarter 3

Service Level Agreements

10

10

0

Quarter 4

Finalisation of 2017-18 Audits:

Days under delivered in 2017-18

0

10.94

0

Allocated

Complaints Management

0

0

0.36

Finalised - Reasonable

GDPR & Information Management

0

0

4.14

Finalised - Reasonable

Leasehold Services

0

0

1.15

Finalised - Reasonable

Tenancy & RTB Fraud Prevention

0

0

14.05

Work-in-Progress

Property Services Action Plan

0

0

8.14

Finalised - Reasonable

Responsive Work:

Contract Management – supplementary work

0

0

4.74

Finalised

Single System Planned Maintenance Module

0

0

0.18

Finalised

Total

140

150.94

68.87

45.63% at 30-09-2018

 

EKS, EKHR & CIVICA:

 

Review

Original Planned Days

Revised Planned Days

Actual days to   30-09-2018

Status and Assurance Level

EKS & Civica Reviews:

Housing Benefit Assessment

15

15

0.18

Quarter 3

Housing Benefit Testing

15

15

7.20

Work-in-Progress

Housing Benefits – DHPs

15

15

16.14

Finalised - Reasonable

Debtor Accounts

20

20

0.34

Quarter 3

ICT – Network Security

15

10

0.32

Quarter 4

ICT – PSN Review

0

5

16.11

Finalised – N/A

ICT – PCI-DSS Compliance

15

15

0

Quarter 4

KPIs

5

5

0.10

Quarter 4

EKHR Reviews:

Payroll

15

15

0

Quarter 4

Apprenticeships

15

15

15.53

Finalised - Reasonable

Absence Management

15

15

.19

Quarter 3

Other;

Corporate/Committee

8

8

3.85

Work-in-progress throughout 2018-19

Follow up

7

7

4.18

Work-in-progress throughout 2018-19

Days under delivered in 2017-18

0

47.79

0

Allocated

Finalisation of 2017/18 Audits:

Housing Benefit Testing

0

6.82

Finalised – N/A

Payroll

4.96

Finalised - Substantial

Employee Allowances & Expenses

1.28

Finalised - Reasonable

ICT Procurement & Disposal

14.92

Finalised – Reasonable

Council Tax Reduction Scheme

9.92

Finalised - Substantial

Total

160

207.79

102.03

49% at 30/09/2018

 

 

 


INTERNAL PROCESSES PERSPECTIVE:

 

 

 

 

Chargeable as % of available days

 

 

Chargeable days as % of planned days

CCC

DDC

F&HDC
TDC
EKS
EKH

 

Overall

 

Follow up/ Progress Reviews;

 

·         Issued

·         Not yet due

·         Now due for Follow Up

 

  

Compliance with the Public Sector Internal Audit Standards (PSIAS)

(see Annual Report for more details)

2018-19 Actual

 

Quarter 2

 

87%

 

 

 

48%

47%

41%

44%

49%

46%

 

45%

 

 

 

30

20

30

 

 

 

Partial

Target

 

 

 

 

80%

 

 

 

50%

50%

50%

50%

50%

50%

 

50%

 

 

 

-

-

-

 

 

 

Full

 

 

FINANCIAL PERSPECTIVE:

 

 

Reported Annually

 

·      Cost per Audit Day

 

·      Direct Costs

 

·      + Indirect Costs (Recharges from Host)

 

·      - ‘Unplanned Income’

 

·      = Net EKAP cost (all Partners)

 

·      Saving Target (10% of 2016-17)

2018-19

 Actual

 

 

 

£

 

£

 

£

 

£

 

£

 

£34,620

Original

 Budget

 

 

 

£300.38

 

£385,970

 

£10,530

 

Zero

 

£396,500

 

10%

 

CUSTOMER PERSPECTIVE:

 

 

 

 

Number of Satisfaction Questionnaires Issued;

 

Number of completed questionnaires received back;

 

 

 

 

Percentage of Customers who felt that;

 

·         Interviews were conducted in a professional manner

·         The audit report was ‘Good’ or better

·         That the audit was worthwhile.

 

 

 

 

 

 

2018-19 Actual

 

Quarter 2

 

26

 

 

8

 

 

=  31%

 

 

 

 

100%

 

100%

 

100%

 

 

 

 

 

 

Target

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

100%

 

100%

 

100%

 

 

INNOVATION & LEARNING PERSPECTIVE:

 

Quarter 2

 

 

Percentage of staff qualified to relevant technician level

 

Percentage of staff holding a relevant higher level qualification

 

Percentage of staff studying for a relevant professional qualification

 

Number of days technical training per FTE

 

Percentage of staff meeting formal CPD requirements (post qualification)

 

 

                                                            

 

 

2018-19 Actual

 

 

 

 

76%

 

 

37%

 

 

14%

 

 

1.03

 

 

37%

 

 

 

 

Target

 

 

 

 

 

75%

 

 

38%

 

 

N/A

 

 

3.5

 

 

38%

 

 

 


 

Definition of Audit Assurance Statements & Recommendation Priorities

 

Assurance Statements:

 

Substantial Assurance - From the testing completed during this review a sound system of control is currently being managed and achieved.  All of the necessary, key controls of the system are in place.  Any errors found were minor and not indicative of system faults. These may however result in a negligible level of risk to the achievement of the system objectives.

 

Reasonable Assurance - From the testing completed during this review most of the necessary controls of the system in place are managed and achieved.  There is evidence of non-compliance with some of the key controls resulting in a marginal level of risk to the achievement of the system objectives. Scope for improvement has been identified, strengthening existing controls or recommending new controls.

 

Limited Assurance - From the testing completed during this review some of the necessary controls of the system are in place, managed and achieved.  There is evidence of significant errors or non-compliance with many key controls not operating as intended resulting in a risk to the achievement of the system objectives. Scope for improvement has been identified, improving existing controls or recommending new controls.

 

No Assurance - From the testing completed during this review a substantial number of the necessary key controls of the system have been identified as absent or weak.  There is evidence of substantial errors or non-compliance with many key controls leaving the system open to fundamental error or abuse.   The requirement for urgent improvement has been identified, to improve existing controls or new controls should be introduced to reduce the critical risk.

 

Priority of Recommendations Definitions:

 

Critical – A finding which significantly impacts upon a corporate risk or seriously impairs the organisation’s ability to achieve a corporate priority.  Critical recommendations also relate to non-compliance with significant pieces of legislation which the organisation is required to adhere to and which could result in a financial penalty or prosecution. Such recommendations are likely to require immediate remedial action and are actions the Council must take without delay.

 

High – A finding which significantly impacts upon the operational service objective of the area under review. This would also normally be the priority assigned to recommendations relating to the (actual or potential) breach of a less prominent legal responsibility or significant internal policies; unless the consequences of non-compliance are severe. High priority recommendations are likely to require remedial action at the next available opportunity or as soon as is practical and are recommendations that the Council must take.

 

Medium – A finding where the Council is in (actual or potential) breach of - or where there is a weakness within - its own policies, procedures or internal control measures, but which does not directly impact upon a strategic risk, key priority, or the operational service objective of the area under review.  Medium priority recommendations are likely to require remedial action within three to six months and are actions which the Council should take.

 

Low – A finding where there is little if any risk to the Council or the recommendation is of a business efficiency nature and is therefore advisory in nature.  Low priority recommendations are suggested for implementation within six to nine months and generally describe actions the Council could take.