Post on 29-Jun-2020
AUDIT & GOVERNANCE COMMITTEE 14 April 2015 AUDIT MONITORING REPORT: January – March 2015
1
LEAD OFFICER: Angela George, Agenda Item 8 Acting S.151 Officer AUTHOR: Peter Usher, Audit Manager 1.0 INTERNAL AUDIT WORK COMPLETED IN PERIOD (JANUARY – MARCH 2015) 1.1 This report summarises progress on internal audit work in the latest period.
Final risk-based audit reports
1.2 Six final reports for 2014/15 have been agreed and summaries are attached at Appendix A.
Full copies of these reports are available to Members of the Committee.
Assurance levels were as follows:
Sundry debtors – Substantial (see Appendix A – 1)
Payroll – Substantial (see Appendix A – 2)
Parks Service, including Crematorium - Reasonable (see Appendix A – 3)
IT Strategy – Substantial (see Appendix A – 4)
Leisure – NCL contract management – Reasonable (see Appendix A – 5)
Partnership governance – Reasonable (See Appendix A – 6)
1.3 Progress against individual audits in the 2014/15 plan is set out in the table below. This is shown
against the original planned schedule. The plan comprises 17 risk-based audits (R) and 3 cyclical
audits (C) of fundamental systems. There is also provision for follow up work on 2 audits
completed in 2013/14 where the assurance level was less than reasonable – these are Housing
Options and Petty Cash.
Qtr 1 (Apr – June) Status
R1 Freedom of Information Act compliance
Final report issued September 2014.
R2 Change management Final report issued January 2015.
R3 Refuse Collection Final report issued 6 October 2014.
R4 Parks & Open Spaces
Final report issued March 2015.
R5
External funding Final report issued 11 September 2014.
Qtr 2 (July – Sept)
R6 Customer Services/Access Strategy Final report issued 27 November 2014.
R7
Contract management – RBSS
Audit & Governance Committee approved cancellation of this audit given changes to Revenues and Benefits Shared Service. The 20 days allocated budget will be taken as a saving in 2014/15.
AUDIT & GOVERNANCE COMMITTEE 14 April 2015 AUDIT MONITORING REPORT: January – March 2015
2
R8 Information Security / Records
management
Audit & Governance Committee approved this review to be undertaken in April 2015. Scoping meeting has been held and Client Notification issued in March 2015.
R9 IT Strategy support to service plan -
Final report issued March 2015.
R10
Communications
The Council appointed a new Communications Manager in January 2015 and the audit scope was agreed with her in March. Audit work is ongoing.
R11
NCL contract management
Draft report issued 10 December 2014. Closeout meeting held January 2015. Final report issued April 2015
R12 Performance management
Draft report issued and closeout meeting held 18 March Report still to be finalised
Qtr 3 or 4 (Oct – Mar 2015)
R13
Beacon - New operating arrangements
Work in progress Draft report was due by 31 March 2015 but delayed following staff sickness in Internal Audit.
R14
Accommodation strategy
Scoping meeting held and Client Notification issued Dec 2014. Work in progress Draft report now due by 30 April 2015.
R15 Cemeteries & Crematorium
Combined audit with Parks Service – see R4 above.
R16 Partnership governance
Final report issued March 2015.
R17 NCL Pool extension
Final report issued October 2014. Substantial assurance
C1 Payroll
Final report issued March 2015
C2 Sundry debtors
Final report issued March 2015
C3
Benefits
This audit is being done jointly to cover Copeland and Carlisle. Draft report was due 31 March 2015 but will be delayed until end of April.
1.4 There were 20 reports in the original plan. The Committee approved the cancellation of 1 audit
and the merger of 2 other audits into a single review. The revised plan therefore comprises 18
AUDIT & GOVERNANCE COMMITTEE 14 April 2015 AUDIT MONITORING REPORT: January – March 2015
3
audits. Of these, 12 have been finalized, 1 has been issued in draft and 5 are still work in
progress. These are:
Information Security / Records management;
Communications
The Beacon
Accommodation strategy
Benefits (being done jointly with Carlisle City Council)
National Fraud Initiative
1.5 Data for the National Fraud Initiative was uploaded to the NFI 2014 website in October and
matches were made available for investigation at the end of January 2015. Progress has been
made on investigating matches although Internal Audit has only recently been advised of the
contact to be set up to investigate benefit matches.
1.6 Data matching in order to identify Single Person Discount (SPD) fraud is now being undertaken
annually. Relevant information (council tax and electoral roll) was uploaded to the NFI Flexible
Matching Service website in December 2014 and the SPD match reports are being investigated
by the Revenues Section.
2.0 INTERNAL AUDIT PERFORMANCE AGAINST AUDIT PLAN 2.1 Internal Audit performance measures are set out at Appendix B. 3.0 CONCLUSION AND RECOMMENDATION 3.1 The Committee is asked to note progress against the audit plan and that final reports
for remaining 2014/15 planned audits should be reported to the next Committee along with the Internal Audit annual report.
List of Appendices: Appendix A – Summaries of final reports agreed in period Appendix B – Performance measures Consultees: Corporate Leadership Team
Appendix A 1 Sundry Debtors
Cumbria Shared Internal Audit Service: Internal Audit Report Page 1
1
1. Background
1.1. This report summarises the findings from the audit of Sundry Debtors. This was a planned audit assignment which was undertaken in accordance
with the 2014/15 Audit Plan.
1.2. Sundry Debtors is one of the key systems to be covered in the Audit Plan on a cyclical basis. The audit review of the Sundry Debtor system
incorporated an evaluation of management controls to prevent and detect fraud and to provide assurance on the arrangements for governance,
risk management and internal control.
2. Assurance Opinion
2.1. Each audit review is given an assurance opinion and these are intended to assist Members and Officers in their assessment of the overall level of
control and potential impact of any identified system weaknesses. There are 4 levels of assurance opinion which may be applied. The definition
for each level is explained in Appendix A.
2.2. From the areas examined and tested as part of this audit review, we consider the current controls operating within Sundry Debtors provide
Substantial assurance.
Note: as audit work is restricted by the areas identified in the Audit Scope and is primarily sample based, full coverage of the system and
complete assurance cannot be given to an audit area.
3. Summary of Recommendations, Audit Findings and Report Distribution
3.1. There is one audit recommendation arising from this audit review and these can be summarised as follows:
No. of recommendations
Control Objective High Medium Advisory
1. Management - achievement of the organisation’s strategic objectives achieved - - -
2. Regulatory - compliance with laws, regulations, policies, procedures and contracts - - -
COPELAND BOROUGH COUNCIL | Audit of Sundry Debtors
Cumbria Shared Internal Audit Service: Internal Audit Report Page 2
2
Comment from the Interim Financial Services Manager and S151 Officer
I agree with the recommendation made.
3. Information - reliability and integrity of financial and operational information - - -
4. Security - safeguarding of assets - - -
5. Value - effectiveness and efficiency of operations and programmes (see section 5.1) - - 1
6. Other considerations from previous audits
- Implementation of previous recommendations/impact of outstanding recommendations.
- - -
Total Number of Recommendations - - 1
Management Action Plan COPELAND BOROUGH COUNCIL | Audit of Sundry Debtors
Cumbria Shared Internal Audit Service: Internal Audit Report Page 3
3
4. Matters Arising / Agreed Action Plan
4.1. Value - effectiveness and efficiency of operations and programmes.
● Advisory issue
Audit finding Management response
(a) Departmental Procedures
Internal Audit testing found that departmental procedures are not in place to ensure debtor invoices
are raised for the services provided by the department. Also there are no independent checks
carried out within the department to ensure customers are billed for each service provided. The
debtor clerks rely on the TOTAL Sundry Debtor procedures re the system aspects of raising
invoices, etc.
Some of the departments tested stated they have minimal involvement with issuing debtors
invoices but for others it is a case of limited resources meaning independent checks are unable to
be carried out. There is a potential risk that customers are not billed for services provided and so
possible income streams are missed.
Although establishing independent checks may not be practical due to limited resources, budget
holders with significant income streams from debtor invoices should review their departmental
processes to ensure the risk of invoices not being issued for services provided is minimised.
Budget monitoring is unlikely to identify individual missing invoices unless these were high value.
Agreed management action:
Work on this needs to be proportionate given
limited resources. Budget holders will be requested
to review and document their departmental
processes as part of the year end annual internal
control assurance process.
Recommendation 1:
Budget holders with significant income streams from debtor invoices should review their
departmental processes to ensure that all debtor invoices are raised for the appropriate services
provided by their department. It may be appropriate to document local procedure for raising
invoices and checks in place to ensure all services/goods provided are invoiced.
COPELAND BOROUGH COUNCIL | Audit of Sundry Debtors
Cumbria Shared Internal Audit Service: Internal Audit Report Page 4
4
Risk exposure if not addressed:
Debtors invoices are not raised after service has been delivered;
Debtor accounts are not raised in a timely manner causing possible disputes or difficulties
tracing the debtor;
Recurring invoices are not raised on the system correctly as periodic invoices and so the total
debt balance is not collected.
Responsible manager for implementing:
Interim Financial Services Manager and S151
Officer
Date to be implemented:
31/05/15
Appendix A 2 Payroll
Cumbria Shared Internal Audit Service: Internal Audit Report Page 1
1
1. Background
1.1. This report summarises the findings from the audit of Payroll of Copeland Borough Council. This was a planned audit assignment which was
undertaken in accordance with the 2014/15 Audit Plan.
1.2. The payroll is a key process located within the Chief Executive department of Copeland Borough Council and pays the salaries of 230 employees.
Payroll is important to the organisation because it is a key statutory function with the key objective ‘to deliver an efficient payroll service’.
2. Assurance Opinion
2.1. Each audit review is given an assurance opinion and these are intended to assist Members and Officers in their assessment of the overall level of
control and potential impact of any identified system weaknesses. There are 4 levels of assurance opinion which may be applied. The definition
for each level is explained in Appendix A.
2.2. From the areas examined and tested as part of this audit review, we consider the current controls operating within Payroll provide Substantial
assurance.
Copeland Borough Council | Audit of Payroll
Cumbria Shared Internal Audit Service: Internal Audit Report Page 2
2
3. Summary of Recommendations, Audit Findings and Report Distribution
3.1. There is 1 audit recommendation arising from this audit review and this can be summarised as follows:
Comment from the Head of People Resources
Congratulate the payroll team on achievement of substantial assurance. Accept the recommendation in the report and will work with the payroll team
to deliver the required actions – Zoe Pluckrose, Head of People Resource.
No. of recommendations
Control Objective High Medium Advisory
1. Management - achievement of the organisation’s strategic objectives achieved - - -
2. Regulatory - compliance with laws, regulations, policies, procedures and contracts - - -
3. Information - reliability and integrity of financial and operational information - - -
4. Security - safeguarding of assets - - 1
5. Value - effectiveness and efficiency of operations and programmes - - -
Total Number of Recommendations - - 1
Copeland Borough Council | Audit of Payroll
Cumbria Shared Internal Audit Service: Internal Audit Report Page 3
3
4. Matters Arising / Agreed Action Plan
4.1. Security - safeguarding of assets.
● Advisory issue
Audit finding Management response
(a) Business Continuity requires updating:
There is a Business Continuity Plan (BCP) in place for the Human Resources Department
(including payroll) but this does not address how the service would be delivered in the absence of
key staff.
Agreed management action:
To amend the business continuity report for payroll
to ensure that there is a plan in place if the risks
highlighted do occur.
Recommendation 1:
Management should ensure the BCP is updated to include more detailed contingency plans in the
event of staff absence.
Risk exposure if not addressed:
Unable to provide ‘business as usual’ in the event of staff absence;
Staff not paid leading to compensatory claims eg: bank charges;
Adverse publicity.
Responsible manager for implementing:
Alison Walton/ Zoe Pluckrose
Date to be implemented:
05/2015
Appendix A 3 Parks & Open Spaces including Crematorium
Cumbria Shared Internal Audit Service: Internal Audit Report Page 1
1
1. Background
1.1. This report summarises the findings from the audit of Parks & Open Spaces which incorporated Crematoria. This was a planned audit assignment
which was undertaken in accordance with the 2014/15 Audit Plan.
1.2. This audit is linked to Copeland Council’s Corporate Plan 2013-15 mission statement to provide “An effective Council that works with partners and
communities to arrange services for residents in Copeland” and the priority to deliver efficient and effective statutory services.
2. Assurance Opinion
2.1. Each audit review is given an assurance opinion and these are intended to assist Members and Officers in their assessment of the overall level of
control and potential impact of any identified system weaknesses. There are 4 levels of assurance opinion which may be applied. The definition
for each level is explained in Appendix A.
2.2. From the areas examined and tested as part of this audit review, we consider the current controls operating within Parks & Open Spaces
including Crematoria provide Reasonable assurance.
Note: as audit work is restricted by the areas identified in the Audit Scope and is primarily sample based, full coverage of the system and
complete assurance cannot be given to an audit area.
COPELAND BOROUGH COUNCIL | Audit of Parks & Open Spaces incorporating Crematoria
Cumbria Shared Internal Audit Service: Internal Audit Report Page 2
2
3. Summary of Recommendations, Audit Findings and Report Distribution
3.1. There are 9 audit recommendations arising from this audit review and these can be summarised as follows:
Comment from the Head of Copeland Services
Recommendations agreed as written other than those relating to the Book of Remembrance from previous audits, which are no longer relevant and
should be closed or recorded as complete on Covalent.
No. of recommendations
Control Objective High Medium Advisory
1. Management - achievement of the organisation’s strategic objectives achieved (see section 5.1.) - 2 2
2. Regulatory - compliance with laws, regulations, policies, procedures and contracts (see section 5.2.) - 2 -
3. Information – reliability and integrity of financial and operational information (see section 5.3) - 3 -
4. Value - effectiveness and efficiency of operations and programmes - - -
5. Security - safeguarding of assets - - -
6. Other considerations from previous audits (see section 5.4)
- Implementation of previous recommendations/impact of outstanding recommendations.
- - -
Total Number of Recommendations 0 7 2
Cumbria Shared Internal Audit Service: Internal Audit Report Page 3
3
4. Matters Arising / Agreed Action Plan
4.1. Management - achievement of the organisation’s strategic objectives.
● Advisory issue
Audit finding Management response
(a) Recording Information
The Parks Department records information for External Contracts, Maintenance Plans, Inspections,
Outside Works etc. There are adequate spreadsheets available to record information; however, in
general these are not used to best effect. Staff use hard copy books and paper documents. This is
not in line with new working differently processes which will require more agile ways of working
using the most efficient methods.
Agreed management action:
Details from work sheets, inspection records etc to
be input onto electronic copies of spreadsheets on
a regular basis so that this information is readily
available for analysing and reporting relevant
information.
To brief Parks Supervisor on process of updating
spreadsheets regularly Recommendation 1:
Training should be given on the most efficient method of recording, analysing and reporting
information.
Risk exposure if not addressed:
All relevant records and accounts are not updated
Loss of key information
Duplication of work, not efficient use of resources
Responsible manager for implementing:
Parks Manager
Date to be implemented:
June 2015
● Advisory issue
Audit finding Management response
(b) Risk management
Risk assessments are held by the Parks Supervisor on the CBC network, most are from 2003 –
2011 and require updating. This process has begun and once completed will be signed off by the
Corporate Health & Safety Advisor. Operatives will receive a copy of each risk assessment and will
be fully briefed on it.
Agreed management action:
Currently reviewing all risk assessments, some of
the older risk assessments that are on s.drive are
no longer relevant and will be deleted.
Hard copies of risk assessments to be kept in a file
Cumbria Shared Internal Audit Service: Internal Audit Report Page 4
4
Recommendation 2:
Risk Assessments should be completed, regularly reviewed and made available on a shared drive
so that they are accessible to the appropriate Officers, e.g. Corporate Health & Safety Advisor.
in the Supervisors office so that they are readily
available to all staff.
Corporate H&S Advisor to be given access to
shared drive.
Risk exposure if not addressed:
No business Continuity if the Parks Supervisor is away from work.
Responsible manager for implementing:
Parks Manager
Date to be implemented:
September 2015
● Medium priority
Audit finding Management response
(c) Policies and Procedures
There are no current documented procedures for the administration of Parks Services meaning
Staff are unable to carry out their duties efficiently and effectively.
Agreed management action:
Parks Supervisor to develop written processes and
procedures to reflect current practices for the
administration of the operations, with input from
Lead Operatives and Neighbourhoods Officers Recommendation 3:
Procedures need to be introduced to reflect current practices and should incorporate Financial
Regulations and Contract Procedure Rules. Once updated, the procedures should be circulated to
the appropriate staff.
Risk exposure if not addressed:
The correct procedures are unknown to staff;
Processes may not be in accordance with current procedures and Financial Regulations and
Contract Procedure Rules.
Responsible manager for implementing:
Parks Manager
Date to be implemented:
September 2015
Cumbria Shared Internal Audit Service: Internal Audit Report Page 5
5
● Medium priority
Audit finding Management response
(d) Business Continuity for Crematoria Services
For Crematoria Services, The Council currently has a draft emergency plan agreement with
Carlisle City Council. In the event of cremations not being undertaken at either site the other would
make provision to carry out cremations. This agreement needs to be formalised, so that all parties
understand and comply with stated terms.
Agreed management action:
Currently have a business continuity plan in place
that enables us to use outside organisations for
cremator technicians if we had no technicians due
to mass sickness etc,
Working to formalise burden sharing agreement
with Carlisle City Council to cover emergency
cremations if needed
Recommendation 4:
The draft agreement with Carlisle City Council for emergency Crematoria services needs to be
formalised.
Risk exposure if not addressed:
Adverse publicity
Increased complaints from members of the public
Service delivery breakdown
Responsible manager for implementing:
Parks Manager
Date to be implemented:
July 2015
Cumbria Shared Internal Audit Service: Internal Audit Report Page 6
6
5.2 Regularity - compliance with laws, regulations, policies, procedures and contracts
● Medium priority
Audit finding Management response
(a) Inspection Programme
Inspections (walk abouts) are carried out by Team Leaders at Copeland sites including the
Crematorium and Moresby Parks Depot. There is a calendar of dates when these need to be done,
however officers are not recording the inspections effectively, so any issues arising are not
effectively recorded, acted upon or followed up.
Agreed management action:
Inspection Records are currently stored on a single
service access drive (current corporate limitations
prevents wider access to these records). The need
for centralisation of records is agreed and accepted
and will be incorporated into the working differently
agile working arrangements as a priority area.
The corporate H&S work plan identifies a risk
based inspection programme for the health and
safety officer to monitor team based inspections.
Arrangements will be upgraded to ensure copies
are being copied to the Parks Manager and H&S
Advisor.
In support of the corporate action plan corporate
safety will maintain an overview of this both at
Moresby and the Copeland Centre recognising that
all managers have a responsibility to monitor health
and safety.
Recommendation 5:
All inspections should be documented; actions highlighted, addressed and signed off when
complete. All copies of inspections should be made available to the Corporate Health & Safety
Advisor and the Parks Manager.
Risk exposure if not addressed:
Health & Safety risks to staff and the public
Adverse publicity if something goes wrong
Insurance claims against the Council
Responsible manager for implementing:
Environmental Health Manager
Date to be implemented:
End June 2015
Cumbria Shared Internal Audit Service: Internal Audit Report Page 7
7
● Medium priority
Audit finding Management response
(b) Health & Safety Risk Register
Copeland does not currently have a Corporate Health & Safety Risk Register. The Council as a corporate body has overarching responsibility for the health and safety and welfare of employees and those who are affected by the Council’s activities.
A Corporate Health & Safety Risk Register would help management to:
understand the nature of the risks the organisation faces;
be aware of the extent of those risks;
identify the level of risk that they are willing to accept;
recognize its ability to control and reduce risk.
Agreed management action:
The wider benefits of a H&S risk register to support
the corporate risk register are acknowledged.
Information from individual departments risk
assessments will be reviewed and relevant risks
identified for a corporate H&S risk register.
A reviewed H&S strategy with supporting H&S
policy is being presented to executive as part of the
final years report on H&S and the corporate H&S
risk register will be included in this strategy.
This recommendation is council wide and the
timescale for completion reflects this. Recommendation 6:
The Council should compile a register of the main health and safety risks which are under its
control. The register should list the main sources of harm to staff, public and Council buildings and
summarise the steps which should be taken to manage the risks.
Risk exposure if not addressed:
Health & Safety risks to staff and the public
Adverse publicity if something goes wrong
Insurance claims against the Council
Responsible manager for implementing:
Environmental Health Manager
Date to be implemented:
Strategy to be approved by members by 1 June
2015
Review of risk assessments by end Sept 2015
Risk register compiled by end Dec 2015
Cumbria Shared Internal Audit Service: Internal Audit Report Page 8
8
5.3 Information - reliability and integrity of financial and operational information.
● Medium priority
Audit finding Management response
(a) Information Management
The Parks Department has a Local Asset Register which mainly records items of low value. The
register is held electronically on the Council’s network using a spreadsheet. There is the facility on
the spreadsheet to record when individual items were checked to ensure they are still held by the
Council, and also space to record when they are written off. After discussions it was ascertained
that regular checks are not carried out and that write offs are recorded in a separate hard copy
book but then not transferred to the spreadsheet.
The spreadsheet records “estimated costs to renew” but does not record the actual purchase price of any of the items listed. Financial Regulations state “To ensure that an asset register is maintained in accordance with good practice. All assets with either a purchase price (if known) or an appropriate replacement value of over £100 should be included. Highly desirable portable assets with a lower value may also be included.”
Agreed management action:
Asset register spreadsheet now updated to include
column for stock check and by whom, random
stock checks to be carried out on 6 monthly basis
by Officer nominated by Parks Manager.
Purchase prices now being input onto spreadsheet
Recommendation 7:
Regular checks should be carried out to ensure all equipment is accounted for and where
necessary write offs should be recorded on the spreadsheet. Any discrepancies should be
investigated and reported where appropriate.
Recommendation 8:
To aid with any request for information on the value of assets held or any potential insurance claim
purchase costs should be recorded on the Local Asset Register.
Risk exposure if not addressed:
All relevant records and accounts are not updated
Loss of key information
Duplication of work, not efficient use of resources
Responsible manager for implementing:
Parks Manager
Date to be implemented:
May 2015
Cumbria Shared Internal Audit Service: Internal Audit Report Page 9
9
● Medium priority
Audit finding Management response
(b) Contract Management
A Summary Total Labour Rate spreadsheet, used by the Parks department for the calculation of the annual quotations does not reflect the current employers National Insurance and Superannuation rates in the calculation of an hourly labour rate. Contract management arrangements should ensure that costs are fully covered and external work is not an additional cost to the council. Finance has recently updated the spreadsheet with the correct costs, so 2015/16 quotations will be correct; however, previous quotations have been inaccurate but the amounts are not material.
Agreed management action:
Spreadsheet reviewed and updated on an annual
basis, labour rates are reviewed and updated by
finance department.
If there is any pay increases mid-way through the
year the labour rate needs to be amended
accordingly
Recommendation 9:
The Parks Department Labour rates should be independently reviewed annually and when there
are any changes to pay scales so that the costings are as accurate and as up to date as possible.
Risk exposure if not addressed:
Unnecessary financial costs to the Council
Budget position is compromised
Inaccurate information/advice given to customers
Responsible manager for implementing:
Parks Manager
Date to be implemented:
December 2015
5.4 Outstanding Actions from Previous Audit Review
5.4.1 There were 4 actions agreed as part of the previous reviews of Parks and Crematorium. The Acting Head of Copeland Services confirmed during
the audit that these had either been implemented or were no longer relevant (in the case of the Book of Remembrance) and these will be updated
on Covalent.
Appendix A4 ICT Strategy
Cumbria Shared Internal Audit Service: Internal Audit Report Page 1
1
1. Background
1.1. An Internal Audit review of the development and implementation of the Council’s ICT Strategy was originally agreed as part of the 2013/14
internal audit plan but this was carried forward to the 2014/15 audit plan at management’s request pending completion of the Strategy. The
rescheduled audit was planned for completion by the end of September 2014. At the planning meeting with the Interim Director of Resources and
Strategic Commissioning in August 2014 Internal Audit was informed that no ICT Strategy had yet been drafted so it was agreed to change the
scope of the audit to provide assurance over the arrangements in place to develop the Strategy. This report summarises the findings from this
review.
1.2. The review is important to the Council because IT plays a major role in the efficient and effective delivery of Council services. It will provide
assurance that the Council’s governance arrangements over the development of the ICT Strategy are effective and that the Strategy supports the
Corporate Plan.
1.3. There has been some slippage to the initial timetable for reporting the draft strategy to the Corporate Leadership Team (CLT) for approval, to
enable the ICT Strategy to be better aligned to the Customer Services Strategy. This delay has affected the scope of the audit review (see 2.2
Audit Scope and Limitations).
2. Assurance Opinion
2.1. Each audit review is given an assurance opinion and these are intended to assist Members and Officers in their assessment of the overall level of
control and potential impact of any identified system weaknesses. There are 4 levels of assurance opinion which may be applied. The definition
for each level is explained in Appendix A.
2.2. From the areas examined as part of this audit review, we consider the current controls operating for the development of the ICT Strategy provide
SUBSTANTIAL assurance.
Note: as audit work is restricted by the areas identified in the Audit Scope and is primarily sample based, full coverage of the system and
complete assurance cannot be given to an audit area.
Copeland Borough Council | Audit of ICT Strategy
Cumbria Shared Internal Audit Service: Internal Audit Report Page 2
2
3. Summary of Recommendations, Audit Findings and Report Distribution
3.1. There is one audit recommendation arising from this audit review and this can be summarised as follows:
Comment from the Interim Director of Resources and Strategic Commissioning
This has been a very useful piece of work and linking to the Customer Services Strategy is critical. It would be helpful to revisit the ICT Strategy once it
has been implemented and is up and running.
No. of recommendations
Control Objective High Medium Advisory
1. Management - achievement of the organisation’s strategic objectives achieved - - -
2. Regulatory - compliance with laws, regulations, policies, procedures and contracts (see section 5.1) - - 1
3. Information - reliability and integrity of financial and operational information - - -
4. Security - safeguarding of assets - - -
5. Value - effectiveness and efficiency of operations and programmes - - -
Total Number of Recommendations - - 1
Cumbria Shared Internal Audit Service: Internal Audit Report Page 3
3
4. Matters Arising / Agreed Action Plan
4.1. Regulatory - compliance with laws, regulations, policies, procedures and contracts.
● Advisory issue
Audit finding Management response
(a) Reporting arrangements
Internal Audit was informed that regular verbal updates are provided to the Customer Theme Board
and ICT Strategy is noted in meeting agendas. This is not strictly in accordance with the
documented governance arrangements for managing projects (the project management
framework) and even though there is a control in place this is not evidenced so the Council cannot
demonstrate this is happening.
Specifically, the Project Management Framework states that “Project Managers are required to
provide Highlight Reports … to timescales agreed to the appropriate Delivering Differently Theme
Boards with a copy to the Programme Manager” and “As soon as a project is predicted to not
deliver in line with the tolerance boundaries agreed in the PID / Brief the Project Manager is
required to complete an Exception Report … and provide it to the SRO of the appropriate
Delivering Differently Theme Board who in turn will raise this with the Delivering Differently Board.”
There has been some slippage to the initial timetable for reporting the draft strategy to the CLT for
approval, to enable the ICT Strategy to be better aligned to the Customer Services Strategy.
However, there have not been any Highlight or Exception reports made to the Delivering Differently
Customer Theme Board as all updates have been made verbally.
Agreed management action:
This point is accepted. We will ensure Highlight
reports are completed for the Business Theme
Board going forward.
Recommendation 1:
Consideration should be given to providing exception and/or highlight reports to the relevant Board
in line with the Project Management Framework.
Risk exposure if not addressed:
No supporting evidence is available to show that the members of the Delivering Differently
Responsible manager for implementing:
Interim Director of Resources and Strategic
Cumbria Shared Internal Audit Service: Internal Audit Report Page 4
4
Theme Boards have been made fully aware of any issues or problems in the implementation of
the projects for which they hold responsibility;
Verbal updates do not allow absentee members of the Delivering Differently Theme Boards to
be made aware of any issues or problems.
Commissioning
Date to be implemented:
30/04/15
Appendix A 5 Leisure contract management
Cumbria Shared Internal Audit Service: Internal Audit Report Page 1
1
1. Background
1.1. This report summarises the findings from the audit of Leisure, Contract Management. This was a planned audit assignment which was undertaken
in accordance with the 2014/15 Audit Plan.
1.2. This audit is linked to Copeland Council’s Corporate Plan 2013-15 mission statement to provide “An effective Council that works with partners and
communities to arrange services for residents in Copeland” and the priority to be an effective public service partner so we can get the best deal
for Copeland.
1.3. The Council’s contract with North Country Leisure (NCL) provides a key service to residents of Copeland. This audit is to ensure that the contract
is effectively managed and that service standards are met and value for money obtained.
2. Assurance Opinion
2.1. From the areas examined and tested as part of this audit review, we consider the current controls operating within Leisure – Contract
Management provide REASONABLE assurance. All issues identified related to Property matters rather than the management of the leisure
contract.
Note: as audit work is restricted by the areas identified in the Audit Scope and is primarily sample based, full coverage of the system and
complete assurance cannot be given to an audit area.
Copeland Borough Council | Audit of Leisure, Contract Management
Cumbria Shared Internal Audit Service: Internal Audit Report Page 2
2
3. Summary of Recommendations, Audit Findings and Report Distribution
3.1. There are 4 audit recommendations arising from this audit review and these can be summarised as follows:
Comment from the Head of Customer & Community Services
The audit recognises the strong partnership working which underpins the contract management from a service delivery and planning perspective and
for good asset management. The Council is receiving regular reports and following its range of relevant regulations and procedures to ensure effective
contract management. The highlighted issues also relate to the lack of capacity within our property services team during the past year which has now
been rectified. Reassurances provided that additional capacity would be in place within this team by April 2014 were not met until much later in the
year. The actions identified will be delivered quickly and effectively with more capacity now available. Those issues relevant to the Council’s
performance management framework will be picked up across the Council following the separate internal audit appropriately as this is not directly a
result of the NCL contract management activity.
No. of recommendations
Control Objective High Medium Advisory
1. Management - achievement of the organisation’s strategic objectives achieved (see section 5.1.) - 2 -
2. Value - effectiveness and efficiency of operations and programmes (see section 5.2) 1 1 -
Total Number of Recommendations 1 3 -
Management Action Plan Copeland Borough Council | Audit of Leisure, Contract Management
Cumbria Shared Internal Audit Service: Internal Audit Report Page 3
3
4. Matters Arising / Agreed Action Plan
4.1. Management - achievement of the organisation’s strategic objectives.
● Medium priority
Audit finding Management response
(a) Property Services Service Plan 2014/15 is out of date
The Service Plan makes reference to the management of the Risk Pot budget. Discussions with
the Property Programme Manager established that the Risk Pot has not been used since 2013 and
so this was not relevant to the Service Plan for 2014/15.
Agreed management action:
The Property Services Service Plan 2014/15 has
now been revised to remove out of date references
to the Risk Pot budget.
Recommendation 1:
The Property Services Service Plan 2014/15 should be revised to ensure all information within it is
current for the year, ensuring the most recent version is uploaded to the Council’s Covalent system.
Risk exposure if not addressed:
Inaccurate information detailed on service objectives.
Responsible manager for implementing:
Property Programme Manager
Date to be implemented:
Now implemented
● Medium priority
Audit finding Management response
(b) Understanding of Variations to the original Leisure Contract
During the course of the audit it became apparent from discussions with the Property Programme
Manager that the new terms of the Contract had not yet been fully interpreted as a Clause relating
to maintenance responsibilities which had been deleted and replaced in the Variation to the
Contract, was given as a current example during discussions.
This example related to Schedule 8, Part A, Paragraph 6 under 6.1.1 to 6.7, in particular 6.3 of the
original contract “In respect of Copeland Pool and Whitehaven Sports Centre, (unless specifically
Agreed management action:
The Property Programme Manager to liaise with
Legal Services to ensure that the latest version of
the contract is used and that terms and conditions
are understood.
Copeland Borough Council | Audit of Leisure, Contract Management
Cumbria Shared Internal Audit Service: Internal Audit Report Page 4
4
identified in the Condition Survey as the responsibility of NCL) NCL shall not be responsible for the
replacement (as opposed to maintenance and repair) of individual items of electrical and
mechanical installation that have a replacement cost in excess of £5000 excluding VAT.”
The Variation deletes Paragraph 6 entirely and replaces with new obligations in paragraphs 1 to 5,
in particular 6.1.1 “The works specifically identified in the Condition Survey either as ‘NCL costs’ or
‘CBC costs’ shall be the responsibility of the Council PROVIDED THAT if the actual cost of those
repairs marked ‘NCL costs’ exceeds the following amounts in any one year then NCL shall pay to
the Council the excess 2013/14 £87,364, 2014/15 £89,769, 2015/16 £30,862, 2016/17 £14,400,
2017/18 £67,847, 2018/19 £0”
The Property Programme Manager explained that the risk of misinterpreting the contract was
minimal as if he was in any doubt over specific points he would discuss this with the Legal Services
Manager.
Recommendation 2:
The Property Services Department should ensure that staff referencing the Leisure Contract,
including the Planned Maintenance Programme, are aware of current terms of the Contract and
those which have been deleted/replaced.
Risk exposure if not addressed:
Reference to inaccurate/out of date information;
Non-compliance with the Contract Terms and Conditions;
Council may undertake and pay for maintenance which is not their responsibility;
Disputes between the Council and NCL.
Responsible manager for implementing:
Property Programme Manager
Date to be implemented:
Immediate effect
Copeland Borough Council | Audit of Leisure, Contract Management
Cumbria Shared Internal Audit Service: Internal Audit Report Page 5
5
4.2. Value - effectiveness and efficiency of operations and programmes.
● High priority
Audit finding Management response
(a) Incorrect version of Council’s Contract Procedure Rules being used by Property
Services Department
The current version of the Council’s Contract Procedure Rules was approved by Council on 14th
June 2012. This is available on the Council’s Intranet. However, during the audit, it was
established that the Property Services Department was using an older version (described as Issue
4 12 June 2012). It has been confirmed by the Legal Services Manager that Issue 4 has been
superseded by the version approved by the Council on 14th June 2012 which includes a number of
changes. The Property Services Department is now aware of the more recent guidance.
Agreed management action:
1) The Head of Customer & Community
Services will raise this at CLT as part of the
Council’s risk management overview to
ensure that a process is put in place to
distribute updates to key corporate
procedures. This will ensure that
departments refer to the correct version of
any guidance documents.
2) The Council’s procurement arrangements
are being reviewed as part of the Delivering
Differently Programme. Changes to
contract standing orders will be included as
part of the governance review.
Recommendation 3:
Management should ensure that all council departments are made aware of and apply the current
approved versions of Council Policies.
Risk exposure if not addressed:
Staff wrongly apply out of date versions of the Council’s policies and procedures;
Inaccurate information/advice given to other members of staff.
Responsible manager for implementing:
1) Head of Customer & Community
Services
2) Interim Director of Corporate Resources
Date to be implemented:
1) March 2015 and
2) June 2015
Copeland Borough Council | Audit of Leisure, Contract Management
Cumbria Shared Internal Audit Service: Internal Audit Report Page 6
6
● Medium priority
Audit finding Management response
(b) Documentation completed to procure Term Contractors not available
During the course of the audit it was not possible to examine the Supplier Selection Form which
should have been signed by the Head of Corporate Resources as part of the tendering process for
the procurement of the Term Contractors as this was not available.
Agreed management action:
The Head of Customer & Community Services will
raise this with the Interim Director of Resources of
Strategic Commissioning to ensure that a process
is put in place to retain all key procurement
documentation in a central location (possibly Legal
Services). This will be picked up as part of action 2
in Medium Priority (a) above.
Recommendation 4:
All documentation should be kept securely to ensure it is readily available for transparency and to
ensure a complete process has been followed and an audit trail exists.
Risk exposure if not addressed:
No audit trail exists;
There is no formal authorisation on file.
Responsible manager for implementing:
Head of Customer & Community Services
Date to be implemented:
March 2015
Appendix A 6 – Partnership Arrangements
Cumbria Shared Internal Audit Service: Internal Audit Report Page 1
1
1. Background
1.1. Partnership governance was a planned assignment within the 2014/15 Audit Plan and this report summarises the findings of the follow up review
of the Partnership Arrangements 2013/14 Audit Action Plan.
1.2. Partnerships can be an effective way for the Council to achieve its objectives but they give rise to new and different risks which need to be
recognised, evaluated and effectively managed. Partnership working is seen as a key component of the Council’s operating model going forward.
1.3. Partnership Arrangements were originally included in the 2012/13 Audit Plan but the audit review was deferred to give the Council time to develop
its system for identifying, reviewing and managing key partnership arrangements and so the audit review was included in the Audit Plan for
2013/14 and the review took place during January and February 2014.
1.4. The audit focused on the Council’s most important partnerships (strategic partnerships) and assessed the controls in place to ensure that these
partnership arrangements assisted the Council in achieving its objectives whilst providing value for money and not increasing risks to the Council.
1.5. A partial assurance was allocated as a result of that audit because the Financial Regulations and Financial Procedure Rules state that a key
control for partnerships is the Council’s Framework for Partnership Working; however Internal Audit were unable to obtain a copy of the
Framework to review. The supporting documentation for the Partnership register, the Partnership Significance Assessment Scoreboard
assessments, contained various data quality issues and did not have any documented supporting evidence to explain the scores given to the
various risks. Also 4/10 of the sampled partnerships Terms of Reference / Partnership Agreements were not held centrally for reference and so
governance arrangements for those partnerships could not be clarified. The audit identified 7 recommendations to strengthen the control
environment.
1.6. This follow up review is to assess the implementation of these recommendations.
2. Assurance Opinion
2.1. From the areas examined and tested as part of this follow up review, we consider the implementation of the Partnership Arrangements 2013/14
Audit Action Plan now provides a Reasonable assurance.
Note: as audit work has been limited to a follow up review of the implementation of Partnership Arrangements 2013/14 Audit Action Plan full
coverage of the system and complete assurance cannot be given to an audit area.
COPELAND BOROUGH COUNCIL | Partnership Arrangements 2013/14 Audit - Follow Up
Cumbria Shared Internal Audit Service: Internal Audit Report Page 2
2
2.2. Progress Made: The following areas of progress were identified during the course of the review:
A centralised register of Operational Partnerships has been compiled to provide a fuller picture of the Council’s current partnership
arrangements;
The Partnership Significance Assessment Scoreboards have been reviewed and the correct scores have been recorded in the Partnership
register;
Supporting reasoning for the impact scoring has been incorporated into the template and now allows for an independent assessment of the
scoring to be undertaken;
The Assessed By and Independent Assessor signatures are now recorded to verify that the impact scoring has been undertaken by the most
appropriate Officer and that the scoring has been independently verified as accurate;
The Partnerships Assessment register spreadsheet has been reviewed to ensure that the data is accurate and current; and
The Partnerships Assessment register spreadsheet has also been developed to include Operational and Cumbria Chief Executives Group
Partnerships.
2.3. Work Still Required: Improvements in the following areas remain outstanding and these are included in the Action Plan:
The Framework for Partnership Working is currently not available on the Council’s intranet; and
Terms of Reference / Partnership Agreements outstanding for 3 strategic partnerships.
Comment from the Head of Customer and Community Services
The Council has revised its annual partnership assessment tools and activity this past year in line with the audit recommendations last year.
Both the Council and our partners and the partnerships we are engaged in review and change their governance, strategy and operation to
suit the continuously changing environment. The 3 outstanding terms of reference will continue to be followed up to ensure copies are held
centrally. The partnership framework was originally agreed by Executive in 2007 and has been updated in the past year and a half.
Unfortunately the capacity to finish this activity into a final version has not been completed only due to lack of capacity. This will now be
prioritised in the first quarter of 2015/16 so the outstanding audit recommendation can be signed off by 30 June 2015.
Management Action Plan COPELAND BOROUGH COUNCIL | Partnership Arrangements 2013/14 Audit - Follow Up
Cumbria Shared Internal Audit Service: Internal Audit Report Page 3
3
3. Previous Recommendations and Agreed Action Plan
3.1. Partnership Arrangements 2013/14 Audit Action Plan – outstanding recommendations only
● Medium priority
Previous Audit finding Management response
Recommendation 2:
The Framework for Partnership Working should be made available on the Council’s intranet for use
by Managers.
Agreed management action:
To put the Framework for Partnership Working on
the Council’s intranet.
Risk exposure if not addressed:
There will be no guidance available to Managers on the governance and control arrangements
which should be considered when entering into Partnerships.
Responsible manager for implementing:
Head of Customer and Community Services
Date to be implemented:
30 June 2014
Current status:
Head of Customer and Community Services stated that the Framework for Partnership Working had been revised; however, the document was still not
available on the Council’s intranet (as at 02/03/15). A hard copy of the framework has not been provided to Internal Audit.
Conclusion:
Internal Audit has only received verbal confirmation that the framework has been updated as no
hard copy has been provided. The framework is also not currently available on the Intranet for
managers to use.
Further action required?
Yes – the framework is not currently available
on the Intranet and so the recommendation
remains outstanding.
Cumbria Shared Internal Audit Service: Internal Audit Report Page 4
4
● Medium priority
Previous Audit finding Management response
Recommendation 7:
Terms of Reference / Partnership Agreements for all the strategic partnerships should be held
centrally for reference.
Agreed management action:
1. A task will be given to obtain signed copies of
all the partnership documents which have been
through the Council’s Executive for approval.
2. Copies shall be obtained for those partnerships
for which we do not currently hold terms of
reference centrally. These will be held centrally
electronically and in a paper file.
Risk exposure if not addressed:
The Council will not be able to fully assess its commitment to external partners.
Responsible manager for implementing:
Head of Customer and Community Services
Date to be implemented:
30 June 2014
Current status:
The Policy and Scrutiny Officer led on a project to review partnerships and compiled the Terms of Reference / Partnership Agreements for each of the
Strategic Partnerships into a central register.
Internal Audit has confirmed that TOR, etc. are held on file except for 4/29 – North Country Leisure Board (contract in place but no details held on file),
Copeland Housing Partnership, Cumbria LEP and Cumbria Tourism Partnership (32 Partnerships detailed on the register - 3 partnerships are new to the
register as of January 2015 and so TOR’s are being developed for these partnerships. These are Cumbria Resilience Forum, Public Health Alliance and
Nuclear New Build LA Group).
Conclusion:
Terms of Reference / Partnership Agreements for the majority of strategic partnerships are now held centrally
for reference; however, remain outstanding for 3 partnerships.
Further action required?
Yes – Terms of Reference /
Partnership Agreements remain
outstanding for 3 partnerships.
APPENDIX B AUDIT & GOVERNANCE COMMITTEE 14 April 2015
INTERNAL AUDIT PERFORMANCE MEASURES (Q4 2014/15)
KPI Measure of Assessment Target Actual performance data
Output Measures
Planned audits completed
To enable an annual opinion to be provided on the overall systems of risk management, governance and internal control.
% of planned audit reviews (or approved amendments to the plan) completed in respect of the financial year.
95% (annual per shared service agreement, 95% target reflects need for audit plans to be dynamic and respond to emerging risks).
This indicator will be monitored and reported quarterly to ensure the plan is on track to be delivered.
12 out of 18 reports in the revised plan have been finalised.
The remaining reviews are work in progress at 31 March but will be finalised in time for annual report on 2014/15.
In addition, 2 follow up reports have been completed in 2014/15.
Cumulative planned days to end Q4 – 460 Actual days – 430 (this does not include 20 days completing 13/14 work in 14/15)
480 days in revised 14/15 plan following agreement to not undertake contract management audit of RBSS.
Estimate that approximately 50 audit days will need to be in Q1 of 15/16 to enable completion of 2014/15 plan.
Audit scopes agreed % of audit scopes agreed with management and issued before commencement of the audit fieldwork
100%
Reported quarterly
Actual – 100%
APPENDIX B AUDIT & GOVERNANCE COMMITTEE 14 April 2015
INTERNAL AUDIT PERFORMANCE MEASURES (Q4 2014/15)
KPI Measure of Assessment Target Actual performance data
Draft reports issued by agreed deadline
% of draft internal audit reports issued by the agreed deadline or formally approved revised deadline agreed by Audit Manager and client.
80% (target is a reflection that this is a new way of working and deadlines may be impacted by several factors including client availability)
Reported quarterly
Actual -100%
Timeliness of final reports
% of final internal audit reports issued for senior manager comments within 5 working days of management response or closeout.
90% (target recognises that there may on occasion be delays in finalising reports, eg where further work is required to resolve matters identified at closeout meeting)
Reported quarterly
Actual – 100%
Recommendations agreed
% of recommendations accepted by management
95% quarterly (target reflects that it is management’s responsibility to assess their risks and take final decision on whether risk may be accepted)
Actual – 100%
Follow up % of high priority audit recommendations implemented by target date
100% Quarterly Overdue actions are now included in a separate report from S 151 Officer.
Assignment completion
% individual reviews completed to required standard within target days or prior approved extension by Audit Manager
75% (target reflects that this is a new way of working for the audit service and systems for monitoring time spent on assignments may need to be further developed)
Actual – 100%
Time for individual audits has been adjusted either up or down to reflect work required and time to agree reports.
APPENDIX B AUDIT & GOVERNANCE COMMITTEE 14 April 2015
INTERNAL AUDIT PERFORMANCE MEASURES (Q4 2014/15)
KPI Measure of Assessment Target Actual performance data
Quality Assurance checks completed
% QA checks completed 100%.
Reported quarterly
Actual – 100%.
Customer Measures
Post audit customer satisfaction survey feedback
% of customer satisfaction surveys scoring the service as ‘good’
80% (target reflects the need for internal audit to strive to deliver a customer focused service, but that due to the nature of internal audit roles and responsibilities, may not always elicit positive feedback)
Reported quarterly
This will be reported in annual report once sufficient feedback forms have been returned.
People Measures
Efficiency % chargeable time 80% (target takes account of non-chargeable activities such as staff holidays, service development projects and team meetings.
Reported quarterly
Actual YTD – 79%
This percentage is for all staff across IA Shared Service.