AUDIT & GOVERNANCE COMMITTEE 14 April 2015 AUDIT ... · AUDIT & GOVERNANCE COMMITTEE 14 April 2015...

AUDIT & GOVERNANCE COMMITTEE 14 April 2015 AUDIT MONITORING REPORT: January – March 2015

1

LEAD OFFICER: Angela George, Agenda Item 8 Acting S.151 Officer AUTHOR: Peter Usher, Audit Manager 1.0 INTERNAL AUDIT WORK COMPLETED IN PERIOD (JANUARY – MARCH 2015) 1.1 This report summarises progress on internal audit work in the latest period.

Final risk-based audit reports

1.2 Six final reports for 2014/15 have been agreed and summaries are attached at Appendix A.

Full copies of these reports are available to Members of the Committee.

Assurance levels were as follows:

Sundry debtors – Substantial (see Appendix A – 1)

Payroll – Substantial (see Appendix A – 2)

Parks Service, including Crematorium - Reasonable (see Appendix A – 3)

IT Strategy – Substantial (see Appendix A – 4)

Leisure – NCL contract management – Reasonable (see Appendix A – 5)

Partnership governance – Reasonable (See Appendix A – 6)

1.3 Progress against individual audits in the 2014/15 plan is set out in the table below. This is shown

against the original planned schedule. The plan comprises 17 risk-based audits (R) and 3 cyclical

audits (C) of fundamental systems. There is also provision for follow up work on 2 audits

completed in 2013/14 where the assurance level was less than reasonable – these are Housing

Options and Petty Cash.

Qtr 1 (Apr – June) Status

R1 Freedom of Information Act compliance

Final report issued September 2014.

R2 Change management Final report issued January 2015.

R3 Refuse Collection Final report issued 6 October 2014.

R4 Parks & Open Spaces

Final report issued March 2015.

R5

External funding Final report issued 11 September 2014.

Qtr 2 (July – Sept)

R6 Customer Services/Access Strategy Final report issued 27 November 2014.

R7

Contract management – RBSS

Audit & Governance Committee approved cancellation of this audit given changes to Revenues and Benefits Shared Service. The 20 days allocated budget will be taken as a saving in 2014/15.


2

R8 Information Security / Records

management

Audit & Governance Committee approved this review to be undertaken in April 2015. Scoping meeting has been held and Client Notification issued in March 2015.

R9 IT Strategy support to service plan -


R10

Communications

The Council appointed a new Communications Manager in January 2015 and the audit scope was agreed with her in March. Audit work is ongoing.

R11

NCL contract management

Draft report issued 10 December 2014. Closeout meeting held January 2015. Final report issued April 2015

R12 Performance management

Draft report issued and closeout meeting held 18 March Report still to be finalised

Qtr 3 or 4 (Oct – Mar 2015)

R13

Beacon - New operating arrangements

Work in progress Draft report was due by 31 March 2015 but delayed following staff sickness in Internal Audit.

R14

Accommodation strategy

Scoping meeting held and Client Notification issued Dec 2014. Work in progress Draft report now due by 30 April 2015.

R15 Cemeteries & Crematorium

Combined audit with Parks Service – see R4 above.

R16 Partnership governance


R17 NCL Pool extension

Final report issued October 2014. Substantial assurance

C1 Payroll

Final report issued March 2015

C2 Sundry debtors

Final report issued March 2015

C3

Benefits

This audit is being done jointly to cover Copeland and Carlisle. Draft report was due 31 March 2015 but will be delayed until end of April.

1.4 There were 20 reports in the original plan. The Committee approved the cancellation of 1 audit

and the merger of 2 other audits into a single review. The revised plan therefore comprises 18


3

audits. Of these, 12 have been finalized, 1 has been issued in draft and 5 are still work in

progress. These are:

Information Security / Records management;

Communications

The Beacon

Accommodation strategy

Benefits (being done jointly with Carlisle City Council)

National Fraud Initiative

1.5 Data for the National Fraud Initiative was uploaded to the NFI 2014 website in October and

matches were made available for investigation at the end of January 2015. Progress has been

made on investigating matches although Internal Audit has only recently been advised of the

contact to be set up to investigate benefit matches.

1.6 Data matching in order to identify Single Person Discount (SPD) fraud is now being undertaken

annually. Relevant information (council tax and electoral roll) was uploaded to the NFI Flexible

Matching Service website in December 2014 and the SPD match reports are being investigated

by the Revenues Section.

2.0 INTERNAL AUDIT PERFORMANCE AGAINST AUDIT PLAN 2.1 Internal Audit performance measures are set out at Appendix B. 3.0 CONCLUSION AND RECOMMENDATION 3.1 The Committee is asked to note progress against the audit plan and that final reports

for remaining 2014/15 planned audits should be reported to the next Committee along with the Internal Audit annual report.

List of Appendices: Appendix A – Summaries of final reports agreed in period Appendix B – Performance measures Consultees: Corporate Leadership Team

Appendix A 1 Sundry Debtors

Cumbria Shared Internal Audit Service: Internal Audit Report Page 1

1

1. Background

1.1. This report summarises the findings from the audit of Sundry Debtors. This was a planned audit assignment which was undertaken in accordance

with the 2014/15 Audit Plan.

1.2. Sundry Debtors is one of the key systems to be covered in the Audit Plan on a cyclical basis. The audit review of the Sundry Debtor system

incorporated an evaluation of management controls to prevent and detect fraud and to provide assurance on the arrangements for governance,

risk management and internal control.

2. Assurance Opinion

2.1. Each audit review is given an assurance opinion and these are intended to assist Members and Officers in their assessment of the overall level of

control and potential impact of any identified system weaknesses. There are 4 levels of assurance opinion which may be applied. The definition

for each level is explained in Appendix A.

2.2. From the areas examined and tested as part of this audit review, we consider the current controls operating within Sundry Debtors provide

Substantial assurance.

Note: as audit work is restricted by the areas identified in the Audit Scope and is primarily sample based, full coverage of the system and

complete assurance cannot be given to an audit area.

3. Summary of Recommendations, Audit Findings and Report Distribution

3.1. There is one audit recommendation arising from this audit review and these can be summarised as follows:

No. of recommendations

Control Objective High Medium Advisory

1. Management - achievement of the organisation’s strategic objectives achieved - - -

2. Regulatory - compliance with laws, regulations, policies, procedures and contracts - - -

COPELAND BOROUGH COUNCIL | Audit of Sundry Debtors


2

Comment from the Interim Financial Services Manager and S151 Officer

I agree with the recommendation made.

3. Information - reliability and integrity of financial and operational information - - -

4. Security - safeguarding of assets - - -

5. Value - effectiveness and efficiency of operations and programmes (see section 5.1) - - 1

6. Other considerations from previous audits

- Implementation of previous recommendations/impact of outstanding recommendations.

- - -

Total Number of Recommendations - - 1

Management Action Plan COPELAND BOROUGH COUNCIL | Audit of Sundry Debtors


3

4. Matters Arising / Agreed Action Plan

4.1. Value - effectiveness and efficiency of operations and programmes.

● Advisory issue

Audit finding Management response

(a) Departmental Procedures

Internal Audit testing found that departmental procedures are not in place to ensure debtor invoices

are raised for the services provided by the department. Also there are no independent checks

carried out within the department to ensure customers are billed for each service provided. The

debtor clerks rely on the TOTAL Sundry Debtor procedures re the system aspects of raising

invoices, etc.

Some of the departments tested stated they have minimal involvement with issuing debtors

invoices but for others it is a case of limited resources meaning independent checks are unable to

be carried out. There is a potential risk that customers are not billed for services provided and so

possible income streams are missed.

Although establishing independent checks may not be practical due to limited resources, budget

holders with significant income streams from debtor invoices should review their departmental

processes to ensure the risk of invoices not being issued for services provided is minimised.

Budget monitoring is unlikely to identify individual missing invoices unless these were high value.

Agreed management action:

Work on this needs to be proportionate given

limited resources. Budget holders will be requested

to review and document their departmental

processes as part of the year end annual internal

control assurance process.

Recommendation 1:

Budget holders with significant income streams from debtor invoices should review their

departmental processes to ensure that all debtor invoices are raised for the appropriate services

provided by their department. It may be appropriate to document local procedure for raising

invoices and checks in place to ensure all services/goods provided are invoiced.

COPELAND BOROUGH COUNCIL | Audit of Sundry Debtors


4

Risk exposure if not addressed:

Debtors invoices are not raised after service has been delivered;

Debtor accounts are not raised in a timely manner causing possible disputes or difficulties

tracing the debtor;

Recurring invoices are not raised on the system correctly as periodic invoices and so the total

debt balance is not collected.

Responsible manager for implementing:

Interim Financial Services Manager and S151

Officer

Date to be implemented:

31/05/15

Appendix A 2 Payroll


1

1. Background

1.1. This report summarises the findings from the audit of Payroll of Copeland Borough Council. This was a planned audit assignment which was

undertaken in accordance with the 2014/15 Audit Plan.

1.2. The payroll is a key process located within the Chief Executive department of Copeland Borough Council and pays the salaries of 230 employees.

Payroll is important to the organisation because it is a key statutory function with the key objective ‘to deliver an efficient payroll service’.





2.2. From the areas examined and tested as part of this audit review, we consider the current controls operating within Payroll provide Substantial

assurance.

Copeland Borough Council | Audit of Payroll


2


3.1. There is 1 audit recommendation arising from this audit review and this can be summarised as follows:

Comment from the Head of People Resources

Congratulate the payroll team on achievement of substantial assurance. Accept the recommendation in the report and will work with the payroll team

to deliver the required actions – Zoe Pluckrose, Head of People Resource.




2. Regulatory - compliance with laws, regulations, policies, procedures and contracts - - -


4. Security - safeguarding of assets - - 1

5. Value - effectiveness and efficiency of operations and programmes - - -


Copeland Borough Council | Audit of Payroll


3


4.1. Security - safeguarding of assets.

● Advisory issue


(a) Business Continuity requires updating:

There is a Business Continuity Plan (BCP) in place for the Human Resources Department

(including payroll) but this does not address how the service would be delivered in the absence of

key staff.


To amend the business continuity report for payroll

to ensure that there is a plan in place if the risks

highlighted do occur.

Recommendation 1:

Management should ensure the BCP is updated to include more detailed contingency plans in the

event of staff absence.


Unable to provide ‘business as usual’ in the event of staff absence;

Staff not paid leading to compensatory claims eg: bank charges;

Adverse publicity.


Alison Walton/ Zoe Pluckrose


05/2015

Appendix A 3 Parks & Open Spaces including Crematorium


1

1. Background

1.1. This report summarises the findings from the audit of Parks & Open Spaces which incorporated Crematoria. This was a planned audit assignment

which was undertaken in accordance with the 2014/15 Audit Plan.

1.2. This audit is linked to Copeland Council’s Corporate Plan 2013-15 mission statement to provide “An effective Council that works with partners and

communities to arrange services for residents in Copeland” and the priority to deliver efficient and effective statutory services.





2.2. From the areas examined and tested as part of this audit review, we consider the current controls operating within Parks & Open Spaces

including Crematoria provide Reasonable assurance.



COPELAND BOROUGH COUNCIL | Audit of Parks & Open Spaces incorporating Crematoria


2


3.1. There are 9 audit recommendations arising from this audit review and these can be summarised as follows:

Comment from the Head of Copeland Services

Recommendations agreed as written other than those relating to the Book of Remembrance from previous audits, which are no longer relevant and

should be closed or recorded as complete on Covalent.



1. Management - achievement of the organisation’s strategic objectives achieved (see section 5.1.) - 2 2

2. Regulatory - compliance with laws, regulations, policies, procedures and contracts (see section 5.2.) - 2 -

3. Information – reliability and integrity of financial and operational information (see section 5.3) - 3 -



6. Other considerations from previous audits (see section 5.4)

- Implementation of previous recommendations/impact of outstanding recommendations.

- - -

Total Number of Recommendations 0 7 2


3


4.1. Management - achievement of the organisation’s strategic objectives.

● Advisory issue


(a) Recording Information

The Parks Department records information for External Contracts, Maintenance Plans, Inspections,

Outside Works etc. There are adequate spreadsheets available to record information; however, in

general these are not used to best effect. Staff use hard copy books and paper documents. This is

not in line with new working differently processes which will require more agile ways of working

using the most efficient methods.


Details from work sheets, inspection records etc to

be input onto electronic copies of spreadsheets on

a regular basis so that this information is readily

available for analysing and reporting relevant

information.

To brief Parks Supervisor on process of updating

spreadsheets regularly Recommendation 1:

Training should be given on the most efficient method of recording, analysing and reporting

information.


All relevant records and accounts are not updated

Loss of key information

Duplication of work, not efficient use of resources


Parks Manager


June 2015

● Advisory issue


(b) Risk management

Risk assessments are held by the Parks Supervisor on the CBC network, most are from 2003 –

2011 and require updating. This process has begun and once completed will be signed off by the

Corporate Health & Safety Advisor. Operatives will receive a copy of each risk assessment and will

be fully briefed on it.


Currently reviewing all risk assessments, some of

the older risk assessments that are on s.drive are

no longer relevant and will be deleted.

Hard copies of risk assessments to be kept in a file


4

Recommendation 2:

Risk Assessments should be completed, regularly reviewed and made available on a shared drive

so that they are accessible to the appropriate Officers, e.g. Corporate Health & Safety Advisor.

in the Supervisors office so that they are readily

available to all staff.

Corporate H&S Advisor to be given access to

shared drive.


No business Continuity if the Parks Supervisor is away from work.


Parks Manager


September 2015

● Medium priority


(c) Policies and Procedures

There are no current documented procedures for the administration of Parks Services meaning

Staff are unable to carry out their duties efficiently and effectively.


Parks Supervisor to develop written processes and

procedures to reflect current practices for the

administration of the operations, with input from

Lead Operatives and Neighbourhoods Officers Recommendation 3:

Procedures need to be introduced to reflect current practices and should incorporate Financial

Regulations and Contract Procedure Rules. Once updated, the procedures should be circulated to

the appropriate staff.


The correct procedures are unknown to staff;

Processes may not be in accordance with current procedures and Financial Regulations and

Contract Procedure Rules.


Parks Manager


September 2015


5

● Medium priority


(d) Business Continuity for Crematoria Services

For Crematoria Services, The Council currently has a draft emergency plan agreement with

Carlisle City Council. In the event of cremations not being undertaken at either site the other would

make provision to carry out cremations. This agreement needs to be formalised, so that all parties

understand and comply with stated terms.


Currently have a business continuity plan in place

that enables us to use outside organisations for

cremator technicians if we had no technicians due

to mass sickness etc,

Working to formalise burden sharing agreement

with Carlisle City Council to cover emergency

cremations if needed

Recommendation 4:

The draft agreement with Carlisle City Council for emergency Crematoria services needs to be

formalised.


Adverse publicity

Increased complaints from members of the public

Service delivery breakdown


Parks Manager


July 2015


6

5.2 Regularity - compliance with laws, regulations, policies, procedures and contracts

● Medium priority


(a) Inspection Programme

Inspections (walk abouts) are carried out by Team Leaders at Copeland sites including the

Crematorium and Moresby Parks Depot. There is a calendar of dates when these need to be done,

however officers are not recording the inspections effectively, so any issues arising are not

effectively recorded, acted upon or followed up.


Inspection Records are currently stored on a single

service access drive (current corporate limitations

prevents wider access to these records). The need

for centralisation of records is agreed and accepted

and will be incorporated into the working differently

agile working arrangements as a priority area.

The corporate H&S work plan identifies a risk

based inspection programme for the health and

safety officer to monitor team based inspections.

Arrangements will be upgraded to ensure copies

are being copied to the Parks Manager and H&S

Advisor.

In support of the corporate action plan corporate

safety will maintain an overview of this both at

Moresby and the Copeland Centre recognising that

all managers have a responsibility to monitor health

and safety.

Recommendation 5:

All inspections should be documented; actions highlighted, addressed and signed off when

complete. All copies of inspections should be made available to the Corporate Health & Safety

Advisor and the Parks Manager.


Health & Safety risks to staff and the public

Adverse publicity if something goes wrong

Insurance claims against the Council


Environmental Health Manager


End June 2015


7

● Medium priority


(b) Health & Safety Risk Register

Copeland does not currently have a Corporate Health & Safety Risk Register. The Council as a corporate body has overarching responsibility for the health and safety and welfare of employees and those who are affected by the Council’s activities.

A Corporate Health & Safety Risk Register would help management to:

understand the nature of the risks the organisation faces;

be aware of the extent of those risks;

identify the level of risk that they are willing to accept;

recognize its ability to control and reduce risk.


The wider benefits of a H&S risk register to support

the corporate risk register are acknowledged.

Information from individual departments risk

assessments will be reviewed and relevant risks

identified for a corporate H&S risk register.

A reviewed H&S strategy with supporting H&S

policy is being presented to executive as part of the

final years report on H&S and the corporate H&S

risk register will be included in this strategy.

This recommendation is council wide and the

timescale for completion reflects this. Recommendation 6:

The Council should compile a register of the main health and safety risks which are under its

control. The register should list the main sources of harm to staff, public and Council buildings and

summarise the steps which should be taken to manage the risks.


Health & Safety risks to staff and the public

Adverse publicity if something goes wrong

Insurance claims against the Council


Environmental Health Manager


Strategy to be approved by members by 1 June

2015

Review of risk assessments by end Sept 2015

Risk register compiled by end Dec 2015


8

5.3 Information - reliability and integrity of financial and operational information.

● Medium priority


(a) Information Management

The Parks Department has a Local Asset Register which mainly records items of low value. The

register is held electronically on the Council’s network using a spreadsheet. There is the facility on

the spreadsheet to record when individual items were checked to ensure they are still held by the

Council, and also space to record when they are written off. After discussions it was ascertained

that regular checks are not carried out and that write offs are recorded in a separate hard copy

book but then not transferred to the spreadsheet.

The spreadsheet records “estimated costs to renew” but does not record the actual purchase price of any of the items listed. Financial Regulations state “To ensure that an asset register is maintained in accordance with good practice. All assets with either a purchase price (if known) or an appropriate replacement value of over £100 should be included. Highly desirable portable assets with a lower value may also be included.”


Asset register spreadsheet now updated to include

column for stock check and by whom, random

stock checks to be carried out on 6 monthly basis

by Officer nominated by Parks Manager.

Purchase prices now being input onto spreadsheet

Recommendation 7:

Regular checks should be carried out to ensure all equipment is accounted for and where

necessary write offs should be recorded on the spreadsheet. Any discrepancies should be

investigated and reported where appropriate.

Recommendation 8:

To aid with any request for information on the value of assets held or any potential insurance claim

purchase costs should be recorded on the Local Asset Register.


All relevant records and accounts are not updated

Loss of key information

Duplication of work, not efficient use of resources


Parks Manager


May 2015


9

● Medium priority


(b) Contract Management

A Summary Total Labour Rate spreadsheet, used by the Parks department for the calculation of the annual quotations does not reflect the current employers National Insurance and Superannuation rates in the calculation of an hourly labour rate. Contract management arrangements should ensure that costs are fully covered and external work is not an additional cost to the council. Finance has recently updated the spreadsheet with the correct costs, so 2015/16 quotations will be correct; however, previous quotations have been inaccurate but the amounts are not material.


Spreadsheet reviewed and updated on an annual

basis, labour rates are reviewed and updated by

finance department.

If there is any pay increases mid-way through the

year the labour rate needs to be amended

accordingly

Recommendation 9:

The Parks Department Labour rates should be independently reviewed annually and when there

are any changes to pay scales so that the costings are as accurate and as up to date as possible.


Unnecessary financial costs to the Council

Budget position is compromised

Inaccurate information/advice given to customers


Parks Manager


December 2015

5.4 Outstanding Actions from Previous Audit Review

5.4.1 There were 4 actions agreed as part of the previous reviews of Parks and Crematorium. The Acting Head of Copeland Services confirmed during

the audit that these had either been implemented or were no longer relevant (in the case of the Book of Remembrance) and these will be updated

on Covalent.

Appendix A4 ICT Strategy


1

1. Background

1.1. An Internal Audit review of the development and implementation of the Council’s ICT Strategy was originally agreed as part of the 2013/14

internal audit plan but this was carried forward to the 2014/15 audit plan at management’s request pending completion of the Strategy. The

rescheduled audit was planned for completion by the end of September 2014. At the planning meeting with the Interim Director of Resources and

Strategic Commissioning in August 2014 Internal Audit was informed that no ICT Strategy had yet been drafted so it was agreed to change the

scope of the audit to provide assurance over the arrangements in place to develop the Strategy. This report summarises the findings from this

review.

1.2. The review is important to the Council because IT plays a major role in the efficient and effective delivery of Council services. It will provide

assurance that the Council’s governance arrangements over the development of the ICT Strategy are effective and that the Strategy supports the

Corporate Plan.

1.3. There has been some slippage to the initial timetable for reporting the draft strategy to the Corporate Leadership Team (CLT) for approval, to

enable the ICT Strategy to be better aligned to the Customer Services Strategy. This delay has affected the scope of the audit review (see 2.2

Audit Scope and Limitations).





2.2. From the areas examined as part of this audit review, we consider the current controls operating for the development of the ICT Strategy provide

SUBSTANTIAL assurance.



Copeland Borough Council | Audit of ICT Strategy


2


3.1. There is one audit recommendation arising from this audit review and this can be summarised as follows:

Comment from the Interim Director of Resources and Strategic Commissioning

This has been a very useful piece of work and linking to the Customer Services Strategy is critical. It would be helpful to revisit the ICT Strategy once it

has been implemented and is up and running.




2. Regulatory - compliance with laws, regulations, policies, procedures and contracts (see section 5.1) - - 1






3


4.1. Regulatory - compliance with laws, regulations, policies, procedures and contracts.

● Advisory issue


(a) Reporting arrangements

Internal Audit was informed that regular verbal updates are provided to the Customer Theme Board

and ICT Strategy is noted in meeting agendas. This is not strictly in accordance with the

documented governance arrangements for managing projects (the project management

framework) and even though there is a control in place this is not evidenced so the Council cannot

demonstrate this is happening.

Specifically, the Project Management Framework states that “Project Managers are required to

provide Highlight Reports … to timescales agreed to the appropriate Delivering Differently Theme

Boards with a copy to the Programme Manager” and “As soon as a project is predicted to not

deliver in line with the tolerance boundaries agreed in the PID / Brief the Project Manager is

required to complete an Exception Report … and provide it to the SRO of the appropriate

Delivering Differently Theme Board who in turn will raise this with the Delivering Differently Board.”

There has been some slippage to the initial timetable for reporting the draft strategy to the CLT for

approval, to enable the ICT Strategy to be better aligned to the Customer Services Strategy.

However, there have not been any Highlight or Exception reports made to the Delivering Differently

Customer Theme Board as all updates have been made verbally.


This point is accepted. We will ensure Highlight

reports are completed for the Business Theme

Board going forward.

Recommendation 1:

Consideration should be given to providing exception and/or highlight reports to the relevant Board

in line with the Project Management Framework.


No supporting evidence is available to show that the members of the Delivering Differently


Interim Director of Resources and Strategic


4

Theme Boards have been made fully aware of any issues or problems in the implementation of

the projects for which they hold responsibility;

Verbal updates do not allow absentee members of the Delivering Differently Theme Boards to

be made aware of any issues or problems.

Commissioning


30/04/15

Appendix A 5 Leisure contract management


1

1. Background

1.1. This report summarises the findings from the audit of Leisure, Contract Management. This was a planned audit assignment which was undertaken

in accordance with the 2014/15 Audit Plan.

1.2. This audit is linked to Copeland Council’s Corporate Plan 2013-15 mission statement to provide “An effective Council that works with partners and

communities to arrange services for residents in Copeland” and the priority to be an effective public service partner so we can get the best deal

for Copeland.

1.3. The Council’s contract with North Country Leisure (NCL) provides a key service to residents of Copeland. This audit is to ensure that the contract

is effectively managed and that service standards are met and value for money obtained.


2.1. From the areas examined and tested as part of this audit review, we consider the current controls operating within Leisure – Contract

Management provide REASONABLE assurance. All issues identified related to Property matters rather than the management of the leisure

contract.



Copeland Borough Council | Audit of Leisure, Contract Management


2


3.1. There are 4 audit recommendations arising from this audit review and these can be summarised as follows:

Comment from the Head of Customer & Community Services

The audit recognises the strong partnership working which underpins the contract management from a service delivery and planning perspective and

for good asset management. The Council is receiving regular reports and following its range of relevant regulations and procedures to ensure effective

contract management. The highlighted issues also relate to the lack of capacity within our property services team during the past year which has now

been rectified. Reassurances provided that additional capacity would be in place within this team by April 2014 were not met until much later in the

year. The actions identified will be delivered quickly and effectively with more capacity now available. Those issues relevant to the Council’s

performance management framework will be picked up across the Council following the separate internal audit appropriately as this is not directly a

result of the NCL contract management activity.



1. Management - achievement of the organisation’s strategic objectives achieved (see section 5.1.) - 2 -

2. Value - effectiveness and efficiency of operations and programmes (see section 5.2) 1 1 -

Total Number of Recommendations 1 3 -

Management Action Plan Copeland Borough Council | Audit of Leisure, Contract Management


3


4.1. Management - achievement of the organisation’s strategic objectives.

● Medium priority


(a) Property Services Service Plan 2014/15 is out of date

The Service Plan makes reference to the management of the Risk Pot budget. Discussions with

the Property Programme Manager established that the Risk Pot has not been used since 2013 and

so this was not relevant to the Service Plan for 2014/15.


The Property Services Service Plan 2014/15 has

now been revised to remove out of date references

to the Risk Pot budget.

Recommendation 1:

The Property Services Service Plan 2014/15 should be revised to ensure all information within it is

current for the year, ensuring the most recent version is uploaded to the Council’s Covalent system.


Inaccurate information detailed on service objectives.


Property Programme Manager


Now implemented

● Medium priority


(b) Understanding of Variations to the original Leisure Contract

During the course of the audit it became apparent from discussions with the Property Programme

Manager that the new terms of the Contract had not yet been fully interpreted as a Clause relating

to maintenance responsibilities which had been deleted and replaced in the Variation to the

Contract, was given as a current example during discussions.

This example related to Schedule 8, Part A, Paragraph 6 under 6.1.1 to 6.7, in particular 6.3 of the

original contract “In respect of Copeland Pool and Whitehaven Sports Centre, (unless specifically


The Property Programme Manager to liaise with

Legal Services to ensure that the latest version of

the contract is used and that terms and conditions

are understood.



4

identified in the Condition Survey as the responsibility of NCL) NCL shall not be responsible for the

replacement (as opposed to maintenance and repair) of individual items of electrical and

mechanical installation that have a replacement cost in excess of £5000 excluding VAT.”

The Variation deletes Paragraph 6 entirely and replaces with new obligations in paragraphs 1 to 5,

in particular 6.1.1 “The works specifically identified in the Condition Survey either as ‘NCL costs’ or

‘CBC costs’ shall be the responsibility of the Council PROVIDED THAT if the actual cost of those

repairs marked ‘NCL costs’ exceeds the following amounts in any one year then NCL shall pay to

the Council the excess 2013/14 £87,364, 2014/15 £89,769, 2015/16 £30,862, 2016/17 £14,400,

2017/18 £67,847, 2018/19 £0”

The Property Programme Manager explained that the risk of misinterpreting the contract was

minimal as if he was in any doubt over specific points he would discuss this with the Legal Services

Manager.

Recommendation 2:

The Property Services Department should ensure that staff referencing the Leisure Contract,

including the Planned Maintenance Programme, are aware of current terms of the Contract and

those which have been deleted/replaced.


Reference to inaccurate/out of date information;

Non-compliance with the Contract Terms and Conditions;

Council may undertake and pay for maintenance which is not their responsibility;

Disputes between the Council and NCL.


Property Programme Manager


Immediate effect



5

4.2. Value - effectiveness and efficiency of operations and programmes.

● High priority


(a) Incorrect version of Council’s Contract Procedure Rules being used by Property

Services Department

The current version of the Council’s Contract Procedure Rules was approved by Council on 14th

June 2012. This is available on the Council’s Intranet. However, during the audit, it was

established that the Property Services Department was using an older version (described as Issue

4 12 June 2012). It has been confirmed by the Legal Services Manager that Issue 4 has been

superseded by the version approved by the Council on 14th June 2012 which includes a number of

changes. The Property Services Department is now aware of the more recent guidance.


1) The Head of Customer & Community

Services will raise this at CLT as part of the

Council’s risk management overview to

ensure that a process is put in place to

distribute updates to key corporate

procedures. This will ensure that

departments refer to the correct version of

any guidance documents.

2) The Council’s procurement arrangements

are being reviewed as part of the Delivering

Differently Programme. Changes to

contract standing orders will be included as

part of the governance review.

Recommendation 3:

Management should ensure that all council departments are made aware of and apply the current

approved versions of Council Policies.


Staff wrongly apply out of date versions of the Council’s policies and procedures;

Inaccurate information/advice given to other members of staff.


1) Head of Customer & Community

Services

2) Interim Director of Corporate Resources


1) March 2015 and

2) June 2015



6

● Medium priority


(b) Documentation completed to procure Term Contractors not available

During the course of the audit it was not possible to examine the Supplier Selection Form which

should have been signed by the Head of Corporate Resources as part of the tendering process for

the procurement of the Term Contractors as this was not available.


The Head of Customer & Community Services will

raise this with the Interim Director of Resources of

Strategic Commissioning to ensure that a process

is put in place to retain all key procurement

documentation in a central location (possibly Legal

Services). This will be picked up as part of action 2

in Medium Priority (a) above.

Recommendation 4:

All documentation should be kept securely to ensure it is readily available for transparency and to

ensure a complete process has been followed and an audit trail exists.


No audit trail exists;

There is no formal authorisation on file.


Head of Customer & Community Services


March 2015

Appendix A 6 – Partnership Arrangements


1

1. Background

1.1. Partnership governance was a planned assignment within the 2014/15 Audit Plan and this report summarises the findings of the follow up review

of the Partnership Arrangements 2013/14 Audit Action Plan.

1.2. Partnerships can be an effective way for the Council to achieve its objectives but they give rise to new and different risks which need to be

recognised, evaluated and effectively managed. Partnership working is seen as a key component of the Council’s operating model going forward.

1.3. Partnership Arrangements were originally included in the 2012/13 Audit Plan but the audit review was deferred to give the Council time to develop

its system for identifying, reviewing and managing key partnership arrangements and so the audit review was included in the Audit Plan for

2013/14 and the review took place during January and February 2014.

1.4. The audit focused on the Council’s most important partnerships (strategic partnerships) and assessed the controls in place to ensure that these

partnership arrangements assisted the Council in achieving its objectives whilst providing value for money and not increasing risks to the Council.

1.5. A partial assurance was allocated as a result of that audit because the Financial Regulations and Financial Procedure Rules state that a key

control for partnerships is the Council’s Framework for Partnership Working; however Internal Audit were unable to obtain a copy of the

Framework to review. The supporting documentation for the Partnership register, the Partnership Significance Assessment Scoreboard

assessments, contained various data quality issues and did not have any documented supporting evidence to explain the scores given to the

various risks. Also 4/10 of the sampled partnerships Terms of Reference / Partnership Agreements were not held centrally for reference and so

governance arrangements for those partnerships could not be clarified. The audit identified 7 recommendations to strengthen the control

environment.

1.6. This follow up review is to assess the implementation of these recommendations.


2.1. From the areas examined and tested as part of this follow up review, we consider the implementation of the Partnership Arrangements 2013/14

Audit Action Plan now provides a Reasonable assurance.

Note: as audit work has been limited to a follow up review of the implementation of Partnership Arrangements 2013/14 Audit Action Plan full

coverage of the system and complete assurance cannot be given to an audit area.

COPELAND BOROUGH COUNCIL | Partnership Arrangements 2013/14 Audit - Follow Up


2

2.2. Progress Made: The following areas of progress were identified during the course of the review:

A centralised register of Operational Partnerships has been compiled to provide a fuller picture of the Council’s current partnership

arrangements;

The Partnership Significance Assessment Scoreboards have been reviewed and the correct scores have been recorded in the Partnership

register;

Supporting reasoning for the impact scoring has been incorporated into the template and now allows for an independent assessment of the

scoring to be undertaken;

The Assessed By and Independent Assessor signatures are now recorded to verify that the impact scoring has been undertaken by the most

appropriate Officer and that the scoring has been independently verified as accurate;

The Partnerships Assessment register spreadsheet has been reviewed to ensure that the data is accurate and current; and

The Partnerships Assessment register spreadsheet has also been developed to include Operational and Cumbria Chief Executives Group

Partnerships.

2.3. Work Still Required: Improvements in the following areas remain outstanding and these are included in the Action Plan:

The Framework for Partnership Working is currently not available on the Council’s intranet; and

Terms of Reference / Partnership Agreements outstanding for 3 strategic partnerships.

Comment from the Head of Customer and Community Services

The Council has revised its annual partnership assessment tools and activity this past year in line with the audit recommendations last year.

Both the Council and our partners and the partnerships we are engaged in review and change their governance, strategy and operation to

suit the continuously changing environment. The 3 outstanding terms of reference will continue to be followed up to ensure copies are held

centrally. The partnership framework was originally agreed by Executive in 2007 and has been updated in the past year and a half.

Unfortunately the capacity to finish this activity into a final version has not been completed only due to lack of capacity. This will now be

prioritised in the first quarter of 2015/16 so the outstanding audit recommendation can be signed off by 30 June 2015.

Management Action Plan COPELAND BOROUGH COUNCIL | Partnership Arrangements 2013/14 Audit - Follow Up


3

3. Previous Recommendations and Agreed Action Plan

3.1. Partnership Arrangements 2013/14 Audit Action Plan – outstanding recommendations only

● Medium priority

Previous Audit finding Management response

Recommendation 2:

The Framework for Partnership Working should be made available on the Council’s intranet for use

by Managers.


To put the Framework for Partnership Working on

the Council’s intranet.


There will be no guidance available to Managers on the governance and control arrangements

which should be considered when entering into Partnerships.


Head of Customer and Community Services


30 June 2014

Current status:

Head of Customer and Community Services stated that the Framework for Partnership Working had been revised; however, the document was still not

available on the Council’s intranet (as at 02/03/15). A hard copy of the framework has not been provided to Internal Audit.

Conclusion:

Internal Audit has only received verbal confirmation that the framework has been updated as no

hard copy has been provided. The framework is also not currently available on the Intranet for

managers to use.

Further action required?

Yes – the framework is not currently available

on the Intranet and so the recommendation

remains outstanding.


4

● Medium priority

Previous Audit finding Management response

Recommendation 7:

Terms of Reference / Partnership Agreements for all the strategic partnerships should be held

centrally for reference.


1. A task will be given to obtain signed copies of

all the partnership documents which have been

through the Council’s Executive for approval.

2. Copies shall be obtained for those partnerships

for which we do not currently hold terms of

reference centrally. These will be held centrally

electronically and in a paper file.


The Council will not be able to fully assess its commitment to external partners.


Head of Customer and Community Services


30 June 2014

Current status:

The Policy and Scrutiny Officer led on a project to review partnerships and compiled the Terms of Reference / Partnership Agreements for each of the

Strategic Partnerships into a central register.

Internal Audit has confirmed that TOR, etc. are held on file except for 4/29 – North Country Leisure Board (contract in place but no details held on file),

Copeland Housing Partnership, Cumbria LEP and Cumbria Tourism Partnership (32 Partnerships detailed on the register - 3 partnerships are new to the

register as of January 2015 and so TOR’s are being developed for these partnerships. These are Cumbria Resilience Forum, Public Health Alliance and

Nuclear New Build LA Group).

Conclusion:

Terms of Reference / Partnership Agreements for the majority of strategic partnerships are now held centrally

for reference; however, remain outstanding for 3 partnerships.

Further action required?

Yes – Terms of Reference /

Partnership Agreements remain

outstanding for 3 partnerships.

APPENDIX B AUDIT & GOVERNANCE COMMITTEE 14 April 2015

INTERNAL AUDIT PERFORMANCE MEASURES (Q4 2014/15)

KPI Measure of Assessment Target Actual performance data

Output Measures

Planned audits completed

To enable an annual opinion to be provided on the overall systems of risk management, governance and internal control.

% of planned audit reviews (or approved amendments to the plan) completed in respect of the financial year.

95% (annual per shared service agreement, 95% target reflects need for audit plans to be dynamic and respond to emerging risks).

This indicator will be monitored and reported quarterly to ensure the plan is on track to be delivered.

12 out of 18 reports in the revised plan have been finalised.

The remaining reviews are work in progress at 31 March but will be finalised in time for annual report on 2014/15.

In addition, 2 follow up reports have been completed in 2014/15.

Cumulative planned days to end Q4 – 460 Actual days – 430 (this does not include 20 days completing 13/14 work in 14/15)

480 days in revised 14/15 plan following agreement to not undertake contract management audit of RBSS.

Estimate that approximately 50 audit days will need to be in Q1 of 15/16 to enable completion of 2014/15 plan.

Audit scopes agreed % of audit scopes agreed with management and issued before commencement of the audit fieldwork

100%

Reported quarterly

Actual – 100%




Draft reports issued by agreed deadline

% of draft internal audit reports issued by the agreed deadline or formally approved revised deadline agreed by Audit Manager and client.

80% (target is a reflection that this is a new way of working and deadlines may be impacted by several factors including client availability)

Reported quarterly

Actual -100%

Timeliness of final reports

% of final internal audit reports issued for senior manager comments within 5 working days of management response or closeout.

90% (target recognises that there may on occasion be delays in finalising reports, eg where further work is required to resolve matters identified at closeout meeting)

Reported quarterly

Actual – 100%

Recommendations agreed

% of recommendations accepted by management

95% quarterly (target reflects that it is management’s responsibility to assess their risks and take final decision on whether risk may be accepted)

Actual – 100%

Follow up % of high priority audit recommendations implemented by target date

100% Quarterly Overdue actions are now included in a separate report from S 151 Officer.

Assignment completion

% individual reviews completed to required standard within target days or prior approved extension by Audit Manager

75% (target reflects that this is a new way of working for the audit service and systems for monitoring time spent on assignments may need to be further developed)

Actual – 100%

Time for individual audits has been adjusted either up or down to reflect work required and time to agree reports.




Quality Assurance checks completed

% QA checks completed 100%.

Reported quarterly

Actual – 100%.

Customer Measures

Post audit customer satisfaction survey feedback

% of customer satisfaction surveys scoring the service as ‘good’

80% (target reflects the need for internal audit to strive to deliver a customer focused service, but that due to the nature of internal audit roles and responsibilities, may not always elicit positive feedback)

Reported quarterly

This will be reported in annual report once sufficient feedback forms have been returned.

People Measures

Efficiency % chargeable time 80% (target takes account of non-chargeable activities such as staff holidays, service development projects and team meetings.

Reported quarterly

Actual YTD – 79%

This percentage is for all staff across IA Shared Service.

AUDIT & GOVERNANCE COMMITTEE 14 April 2015 AUDIT ... · AUDIT & GOVERNANCE COMMITTEE 14 April 2015...

Documents

Transcript of AUDIT & GOVERNANCE COMMITTEE 14 April 2015 AUDIT ... · AUDIT & GOVERNANCE COMMITTEE 14 April 2015...