Torfaen County Borough Council - Internal Auditmoderngov.torfaen.gov.uk/documents/s38093/Appendix...

Torfaen County Borough Council - Internal Audit

of 20

INTERNAL AUDIT

FINAL REPORT

Resources

Gwent Archives

Audit Reference: RES-HRP-16006

Audit Scope: Key Controls

Audit Type: Systems Audit

Auditor: Arran Rosser, PIIA

Manager: Michael Corcoran, CMIIA QiCA GradICSA

Distribution List:

Nigel Aurelius

Assistant Chief Executive Resources

Graeme Russell

Head of Human Resources & Pensions

Tony Hopkins

County Archivist

Key Dates:

Date of Field Work: 14 Nov 2016

Date of Draft Report: 14 Nov 2016

Receipt of Responses: 24 Nov 2016

Date of Final Report: 19 Dec 2016


of 20

TABLE OF CONTENTS

1. Executive Summary ..................................................................... 3

2. Audit Scope .................................................................................. 3

3. Audit Objective ............................................................................ 3

4. Approach & Methodology ........................................................... 3

5. Assessment of Control Environment ........................................ 4

6. Audit Opinion ............................................................................... 5

7. Observations & Recommendations ........................................... 7

Appendix 1 ......................................................................................... 11


of 20

1. Executive Summary

1.1. A systems audit of the Council’s Gwent Archives function was undertaken in accordance with

the Operational Internal Audit Plan for 2016 - 17.

2. Audit Scope

2.1. In accordance with the agreed Planning Memorandum document, the work was undertaken to

cover the following sub systems:

Financial Reporting & Budgetary Control

Insurance

Income Collection and Banking

General Security

Reproduction of Documents

Accessions Procedure

Holding Policy Documents

Administration (Accreditation Scheme / Annual Return)

Purchase to Pay

3. Audit Objective

3.1. The objective of the audit is to independently review the system and its controls, financial and

non-financial, in order to determine whether the system and controls provide management with

a satisfactory level of internal control to ensure:

Compliance with statutory requirements and internal policies and procedures;

The achievement of stated objectives;

The safeguarding of assets; and

The completeness and accuracy of records.

4. Approach & Methodology

4.1. The following procedures were adopted to identify and assess risks and controls and thus

enable control improvements to be recommended:

Agreed objective and scope of audit using a Planning Memorandum;

Discussions with key members of staff to ascertain the nature of the systems in operation;

Evaluation of the current systems of internal control through walk-through and other non-

statistical sample testing;

Identification of control weaknesses and potential process improvement opportunities;

Discussions of findings with management by discussion of a draft audit report at an Exit

Meeting; and

Distribution of agreed final report to key officers agreed at the Planning Stage.

4.2. This report is a full report. Areas where control improvements are recommended are detailed

in Section 7. Controls which were assessed as operating as management intended are

detailed in Appendix 1.


of 20

5. Assessment of Control Environment

5.1. No High Priority issues were identified. The table below details the number of:

controls reviewed for each area within the scope of the audit; and

Recommendations made for the controls reviewed.

System No.

Reviewed

High Medium Low Total

Finding / Priority

Financial Reporting & Budgetary

Control 4 - - - -

Insurance 1 - - - -

Income Collection and Banking 4 - 2 - 2

General Security 9 - 1 - 1

Reproduction of Documents 1 - - - -

Accessions Procedure 2 - 1 - 1

Holding Policy Documents 3 - - - -

Administration (Accreditation

Scheme / Annual Return) 13 - 1 - 1

Purchase to Pay 14 - 1 - 1

TOTAL 51 - 6 - 6

5.2. Each recommendation is prioritised and the key is as follows:

High Action considered imperative to ensure the Authority is not exposed to

significant risk.

Medium Action that is considered necessary to avoid exposure to moderate risks.

Low Action that is considered desirable and should result in enhanced control or

efficiency and effectiveness

5.3. The following matters were also observed during the audit and are brought to your attention:

The buildings and contents policy does not specify the TCBC insurance responsibilities

that would arise from a document getting damaged / requiring repair following an

uninsured incident e.g. officer negligence.

No visitor authentication for the search room public access computers on the Blaenau

Gwent infrastructure.

Reviewing of a sample of Search Room users, noted 1 visitor day ticket card that could

not be located and day tickets not supported by identification.


of 20

The Terms of Acquisition contains separate sections on Deposits and Gifts. Reference to

the Archive records being accepted in good faith that the depositor is the owner or legal

custodian of the records deposited is only referenced with regard to Deposits. No check

is made upon deposit to ensure the depositor is someone with the proper authority / title to

transfer them.

Evidence for the Procurement Card payments is being held on site, but nothing is

scanned to the appropriate M:\drive folder as a result of the difficulty of being on the

Blaenau Gwent Network.

6. Audit Opinion

6.1. The audit has established areas in need of management attention with 6 of the 51 key

controls tested (12%) generating a review point and recommendation for management action.

45 Key Controls are therefore operating effectively (88%)

6.2. These control weaknesses should be addressed to deliver improvement in the control

environment, reduce the exposure to risk and provide management with greater assurance on

the adequacy of the system and its processes. All weaknesses have been allocated a priority

and management, in accordance with the stated action plan timescales, should take action.

6.3. As a result of the audit, SUBSTANTIAL assurance can be provided to management in

accordance with the following model:

OPINION LEVEL DESCRIPTION

NIL

0 – 10%

Internal control environment is weak and does not meet minimum expected standards leaving the system / process open to error and / or abuse. There is non-compliance with controls on a significant level and required controls are not present.

LIMITED

11 – 49%

Internal control environment does not meet minimum expected standards and has weaknesses which put the system objectives at risk. There is non-compliance with controls and those operating are not effective or are inadequate.

MODERATE

50 – 69%

Internal control environment does meet minimum expected standards but has weaknesses which put the system objectives at risk. There is some non-compliance with controls and those operating are not effective or are inadequate.

SUBSTANTIAL

70 – 89%

Internal control environment meets minimum expected standards, is basically sound and whilst there is reasonable assurance that the system / process is reliable, weaknesses exist which MAY put SOME of the system objectives at risk. There is some non-compliance with controls but most are adequate and operating satisfactorily.

FULL

90 – 100%

Internal control environment is sound and designed to achieve the system objectives. No evidence of controls being inconsistently applied or operating unsatisfactorily. Absolute assurance that the system / process is reliable.


of 20

6.4. The functional objectives detailed below were assessed and those consider to be ‘at risk’ of

being achieved as a result of the deficiencies in the control environment

Income is received promptly by the organisation

Records and assets are protected against loss / damage and unauthorised access.

Accessions are appropriately recorded in accordance with Guidelines

The Requirements of the Smaller Local Government Bodies Annual Return 2015/16 have

been addressed.

An official order is raised at the time of commitment, with a segregation of duties, which is

authorised in accordance with the schools delegation levels.

VAT receipts / invoices are retained in accordance with current guidelines.


of 20

7. Observations & Recommendations

7.1. Invoicing

Audit Reference: ISS.3 Priority: Medium

Issue:

Basis of sample: 19 invoices raised from April 2016

No payment had been received or reminder issued for 4 invoices over 30 days old. The payments not received by BACS check had yet to be made.

Risk:

Income may not collected in a prompt and timely manner.

Recommendation:

An invoice should be raised promptly following the provision/supply of a service and monitoring should exist on a regular basis to identify those not paid within expected timescales and which require action such as a reminder to effect payment and receipt of the income.

Management Response: Agree to recommendation and will implement immediately

Responsible Party: Admin and Finance Officer

Action Date: 24th November 2016

7.2. Income


Issue:

Whilst all till receipt income is being banked intact, the till receipts do not identify the income source as a result of the way it is being recorded through the till (multiple items are being entered as a total rather than as individual items). It was not possible to confirm income is collected in accordance with the Charging Policy.

Risk:

Lack of management trail and income may not be maximised.

Recommendation:

There should be a system in place that allows identification of what the income was for. (i.e. items are entered into the till individually rather than as a total (i.e. 2 photocopies are entered as 2 x 40p rather than 1 x 80p)

Management Response: Officers have been instructed to enter each payment into the till individually to allow identification of what the payment was for. However it is not being consistently applied. All staff will be reminded of the need to follow procedures and periodic checks will be carried out to ensure consistency.


Action Date: 28th February 2017


of 20

7.3. Access Keys


Issue:

Monitoring of the key fobs in circulation is not possible as the Building Manager periodic reports are not being received. The key safe combination has not been changed since the building was occupied.

Risk:

Unknown and unauthorised individuals may have access to the Archivist.

The key safe combination may become known to individuals who do not need to know it.

Recommendation:

Management should ensure that:

It receives regular information regarding the Archive access key fobs in circulation, questioning any issued without County Archivist approval or to inappropriate officers.

the key safe combination is changed periodically and as a minimum after staffing changes.

Management Response: To be discussed with BG. There is a difficulty at present with the landlord, BG, undergoing changes in the caretaking rota so changing the code would be unwise at this time. Agreed that the code should be changed at set intervals.

Responsible Party: Senior Assistant Archivist

Action Date: 30th June 2017

7.4. Accessions Agreement


Issue:

Basis of sample: 7 recent accessions

No Accessions Agreement in 1 instance as the depositor left the building before it could be completed (21/06/16). An agreement was to be sent to the depositor but this has not occurred.

Risk:

Nothing formally in place between the depositor and the archives.

Recommendation:

All necessary accessions should be supported by a signed agreement, where possible completed at the time of deposit or the next earliest opportunity.

Management Response: This was a one-off which is impossible to prevent – standard procedure is to support all accessions with an signed agreement but this can be emphasised to staff to ensure its application

Responsible Party: County Archivist

Action Date: 24th November 2016


of 20

7.5. Asset Register


Issue:

Archive Service assets are not recorded in a register.

Risk:

No true record of assets and an inability to effectively determine missing / lost assets in the event of fire, theft etc.

Recommendation:

All assets need to be detailed in a register and maintained as complete.

Management Response: Agreed – An asset register will be created for all assets over a determined level.

Responsible Party: County Archivist

Action Date: 31st January 2017

7.6. Commitment


Issue:

Basis of Sample: 10 orders

4 orders not raised at the time of commitment:

ORDER REF DATE

RAISED INVOICE

Arch01131 10/03/16 24/02/16 Arch01124 10/03/16 01/03/16

Arch01110 20/11/15 19/11/15

RFAU002930 26/10/15 23/10/15

Risk:

The budget will not reflect the commitments and thus show a false position possibly leading to an overspend.

Recommendation:

Each order represents a commitment that needs to be reflected in the budget to ensure that it is accurate and prevent an overspend situation.

Consideration should be given to:

increasing the number of officers able to generate Purchase Orders / authorise orders to ensure that there is appropriate cover for individuals leave;

Using the “additional comments” box on the Purchase order to request the Purchase Order reference’s inclusion on the Reisswolf invoices.

Management Response:

Order Arch01131 was raised verbally whilst the Finance and Admin officer was on leave and formally upon the officer’s return. Order Arch01124 relates to a heating bill from BGCBC. Payments were halted whilst queries / problems were addressed. This year has been an exception due to circumstances beyond our control with purchase orders raised when invoiced.

Hopefully in the next financial year a ‘value’ order will be raised for the year. Order Arch01110

relates to confidential waste collection by Reisswolf. Previous Reisswolf orders were raised


of 20

verbally by our IT Manager but the lack of a collection date led to confusion when matching invoices to purchase orders so it was decided to wait until collection to input the date on the purchase order and match it with the correct invoice. I agree with the recommendation in principle and am fully aware of it and endeavour to adhere to it as closely as possible. The examples you quote all have reasoning behind them, whether correctly or incorrectly and are not mere oversights.


Action Date: 31st January 2017


of 20

Appendix 1

The following table details those controls assessed as adequate / operating effectively and which are contributing to the minimisation of risks within the system /

function and the achievement of its objectives.

Procedure Step: Control Objective: Risk: Expected / Actual Control:

Budget 1 To ensure the budget

position is reported,

monitored and

controlled.

Management information may not be received in a timely manner. Irrelevant, inaccurate or not enough information may not be provided to the delegated budget holder. Corrective or preventative action may not be taken.

Monthly budget monitoring reports are received by the delegated budget holder in a timely manner with adequate information to allow him/her to monitor the budget

Budget 2 Virements may not be carried out in accordance with Financial Standing Orders. Incorrect budget monitoring may take place.

Virements / Variations are completed in accordance with the approved revenue virement / variation procedure.

Budget 3 The budget holder may not be aware of their total client debt. Ineffective budget monitoring may take place. Loss of revenue funding may occur for the Authority. Efficient action may not be taken with the outstanding debtor.

The budget holder is aware of outstanding debtors and the bad debts provision. Where applicable the budget holder is provided with a list of outstanding debtors.

Budget 4 Budget pressures may not formally be communicated and dealt with timely.

The budget holder has regular meetings/communication with an assigned finance officer to discuss the revenue budget position. The budget holder is required to formally report to a finance officer on a monthly basis the budget forecast outturn.


of 20


Insurance 1 Buildings and contents are adequately insured.

Without the appropriate insurance in place should an incident occur to the building may not be able to operate.

Assets cannot be replaced should loss, theft or fire damage occur without the appropriate insurance in place.

Insurance may be void should the establishment not comply with the insurance arrangements for the security of assets.

Insurance / risk for buildings is determined and recorded and adequate insurance is in place.

Charging Policy There is adequate documentation in support of income due and monies banked.

Unauthorised/incorrect charges could be made. The facility may not be receiving sufficient income to cover the cost of providing the service.

The facility has a written charging policy in place which is subject to annual approval by the joint committee

Cashing Up / Till

Records

There would not be any proof that the money was collected.

Officers responsible for the collection of income are not being recorded. / It is not possible to identify the till users

Patterns or consistent discrepancies would go unnoticed.

Appropriate administrative / security measures are in place for the cashing up of daily takings / use of any tills. (i.e. 2 person cash up, till user identification, variance identification / investigation etc.)

General Security 1 Records and assets are protected against loss / damage and unauthorised access.

Increased potential for documents to be removed from the facility or damaged.

Appropriate Precautions should be taken to ensure that the integrity of documents are preserved (i.e. no coats and bags in study places, use of pencils, visitors are recorded etc.)

General Security 2 Security and safety of documentation could

be compromised if exterior of the building is

not secure.

The perimeter and all parts of the repository must be secure against unauthorised entry and vandalism.


of 20


General Security 4 Access to the documents is not appropriately controlled

Inappropriate / unapproved access to documents.

External and strongroom doors must be of strong construction and fitted with mortice deadlocks or security locks.

When staff are not on duty the repository and more particularly the strongrooms should be protected by intruder alarms linked to a police station or security agency.

Access to the strongrooms should be restricted to archival staff and other authorised persons accompanied by them.

General Security 5 Damage / destruction of documents Strongrooms, including their doors, walls and ceilings, should offer 4-hour fire resistance. This requirement can only be abated if a full fire risk assessment has been conducted, in consultation with the appropriate fire safety officer or local fire service, and the overall strategy for fire protection offers a corresponding (or greater) degree of assurance.

Smoke detectors, preferably capable of detecting a fire in its incipient phase, with automatic fire alarms linked to the fire station or security agency should be fitted to strongrooms, plant rooms, and adjacent areas and preferably throughout the repository.

General Security 6 Risk to the security of documentation.

The repository must be free-standing or, if in a shared building, be capable of being completely isolated from other activities.

General Security 7 Potential hazards from external sources including neighbouring properties or other parts of a shared building must be carefully assessed and appropriate defensive measures taken. BSI PD 5454 identifies particular hazards against which precautions must be taken.


of 20


General Security 8 Inappropriate use of the internet etc. Access to the IT infrastructure is controlled and monitored

General Security 9 To ensure that the purchasing card is securely retained.

Fraudulent transactions may be processed. The cardholder keeps the purchasing card in a safe place, and takes reasonable steps to prevent it from being lost, stolen or used by anyone else.

Reproduction 1 Documents should be reproduced in accordance with requirements

Breach of Copyright

Facilities for reproduction are not provided

Reproductions of archived materials are provided / carried out in line with appropriate guidance (copyright, fragility of documents etc.)

Accessions 2 Documents are obtained without provenance being established / confirmed

Before accepting records, the archivist in charge should be satisfied that the transferor has proper authority or title to transfer them

Conflict and Duplication Appropriate Policies and Procedures are in place that have been appropriately approved by the Joint committee

Duplicate documentation is retained In acquiring records every effort should be made to avoid conflict and duplication with the collecting policies of other record repositories.

Collecting Policy Details Lack of a approved collection policy could result in inappropriate record collection

The archivist in charge should draw up, and the governing body should approve, a clearly defined statement of collecting policy which indicates the subject areas within which records are sought and acquired, any geographical restrictions affecting the scope of material collected, and the various media for which appropriate storage and access facilities are provided

Storage and

Transportation of Digital

Media

Ensure adherence to appropriate standards

Digital media could be damaged of not correctly stored and transported

Transport and storage of digital storage media should be in accordance with BS 4783 Storage, transportation and maintenance of media for use in data processing and information storage.


of 20


Admin - A - Archive

Service Accreditation -

July 2014

The Requirements of the Archive Accreditation Scheme are being addressed

Lack of direction for the Archive Service The Archive Service is guided by a mission statement that defines its purpose in relation to its collections, and connects the organisations governing document to appropriate archive service policies and plans.

Admin - B - Archive


July 2014

Poor Managerial control of the service

Purposes and Objectives of the service are not being met

The relationship of the Archive Service to its parent body is clear and legally robust. Top management formally recognise and support the purpose of the archive service; lines of authority and decision making responsibilities between the governing body and service managers are transparent and effective.

Admin - C - Archive


July 2014

Lack of long term focus and resilience could increase the potential of the service not being able to cope with future requirements

The Archive Service has effective forward plans and planning processes in place, which demonstrate a good understanding and an appropriate response to the organisational and wider context in which the service operates

Admin - D - Archive


July 2014

Lack of documented responsibilities etc

Formal written terms of occupancy exist for all buildings and premises housing archives and archive services. Arrangements are sufficient to keep the collections physically secure and accessible. Arrangements also allow for effective forward planning, including the future expansion of collections.

Admin - E - Archive


July 2014

Incorrect budget monitoring may take place. Accountability for budgets may not take place. The unapproved expenditure may not be able to be funded.

Insufficient funds are available

The archive service can demonstrate that it is financially stable. Sufficient funds have been identified to enable the archive service to deliver its stated forward plans.


of 20


Admin - F - Archive

Service Accreditation

Unqualified staff

The archive service has a workforce appropriate in experience and numbers to carry out the service’s responsibilities and plans. Employment procedures and volunteering policies are in place to support competent professional performance and ongoing staff development.

Admin - G - Archive


Lack of clear policies could result in inefficient / ineffective practices

The archive service has a co-ordinated approach to collections management / collection development / collection information activity, guided by coherent policies for collections development, information, care and conservation, and access. Policies should cover both analogue and digital materials, where relevant, and be approved by top management, or an appropriate delegated authority.

Admin - H - Archive


The Archive Service has a clear policy on access and engagement, which specifies the way in which access is provided and enhanced for all stakeholders, appropriate to the organisations mission statement and the nature and scale of its collections. The policy should be approved by top management, or an appropriate delegated authority.

Admin - I - Archive


The service is not meeting the needs of the community / stakeholders

The archive service demonstrates a good understanding of the needs and interests of the community it is established to serve. It has plans in place which detail the actions that are being taken to meet stakeholders’ access requirements and to continuously improve service provision, appropriate to the organisation’s mission statement and the nature and scale of its collections.


of 20


Admin - J - Archive


Lack of communication / publicity with its community / stakeholders

The archive service provides access to its holdings. It communicates clear, practical information on how to access services and collections, which responds to the needs and interests of its community and protects the rights of copyright owners and data subjects

Risk Register Risks have not been identified and therefore cannot be mitigated

Risk Register is in place, regularly monitored and reported to the board on risk levels and mitigation strategies.

Salaries Incorrect payments are made Employee Salaries are correct and accurate

Purchase to Pay - Order

Authorisation

Unauthorised purchases may be made.

Accountability for the budget may not take place.

All orders are approved by an authorised officer prior to dispatch.

Purchase to Pay -

Official Invoice

Payments are promptly and accurately processed on receipt of a bona fide creditor invoice and for goods / services received with a segregation of duties in place.

Unauthorised / unofficial payments may be made.

Noncompliance with HMRC Vat regulations may occur which may result in fines being imposed.

Payment may be made for goods/services that have not been ordered or duplicate payments may be made.

Payments are only made when an official VAT invoice, containing all appropriate information, has been received, checked and coded.

Purchase to Pay -

Duplicate Payments

Non stewardship of public funding may occur.

Any duplicate payments made, may not be subsequently identified.

Checks are made to previous expenditure information to prevent the duplicate payment of an invoice.

Purchase to Pay -

Invoice/Order match

Payment may be made for goods / services which were not ordered.

Invoices are checked to copy orders to agree prices and quantities.


of 20


Purchase to Pay - Paid

Promptly

The statutory N.A.W Performance Indicator (NAWPI) may not be met.

Inaccurate performance information may be reported.

Invoices are paid promptly in accordance with legislative timescales.

Purchase to Pay -

Outstanding Orders

Commitments may be reported in budgetary control information which may be used for alternative purposes.

There is a periodic review of outstanding orders.

Procurement Card -

Orders

Orders are only place with secure suppliers, made within transaction limits and merchant categories and available budgets and the transactions are recorded promptly.

Fraudulent transactions may be processed.

Private purchases may be made.

Payment may be made for items that have not been ordered.

Scheme conditions are not complied with.

The Council may not obtain value for money unless the current contracts are used.

Increased potential for duplicate payments.

Purchases are only made for product types which the officer has been authorised to buy.

All purchasing card transactions are made by the individual to whom the purchasing card is issued and personal benefits are not received, i.e., loyalty points.

Orders are only placed with Internet suppliers who provide a secure site with appropriate encryption facility.

The procurement card is not used for any items that can be ordered via FMS 6.

Procurement Card -

Available Budget

Insufficient budget available.

Unauthorised transactions may be made.

Budgetary Control information is inaccurate lending to ineffective budget monitoring.

Non-compliance with the Authority's Standing Orders.

Increased potential for duplicate payments being made.

Goods / services are only ordered when an available budget exists.


of 20


Procurement Card -

Transaction Logs

Payment may be made for goods that have not been ordered or received.

Duplicate payments may be made.

Incomplete management records may be in place for budget monitoring.

The transaction log is completed promptly by the cardholder for all purchases, upon placement of each order. (All relevant details of the transaction should be recorded on the transaction log i.e. date of order; supplier name; goods/ services ordered; value; Vat Amount; Cost Code; Date Goods Received; Date Paid etc).

Procurement Card -

Cardholder

Reconciliation

The Card Holder and Approving Officer will review and approve the transactions, the System Team will complete and review a control account and will pay the bank promptly.

Payment may be made for goods that have not been ordered.

Payment may be made for goods that have not been received.

Duplicate payments may be processed.

Incorrect VAT treatment may result in fines imposed by HMRC.

The Cardholder receives a weekly transaction report to show the;

validity of the transactions;

VAT codes assigned to the transactions; and

ledger codes assigned to the transactions.

Where necessary the cardholder makes changes to the ledger codes and VAT codes.

Once the cardholder is satisfied that the transactions are valid ones (having verified to the supporting order/delivery note/invoice/receipt) and that the ledger code and Vat code is correct, the transaction is marked as reviewed by the cardholder and ready for independent approval by the appropriate nominated Approving Officer.


of 20


Procurement Card -

Approving Officer

Reconciliation

Fraudulent transactions may be processed.

Payment may be made for goods that have not been ordered.

Payment may be made for goods that have not been received.

Duplicate payments may be processed.

The Nominated Approving Officer will receive a weekly e-mail to independently review;

the validity of the transactions;

that all transactions are appropriate, both in terms of value and type of purchase;

the VAT codes assigned to the transactions; and

the ledger codes assigned to the transactions.

Once the Nominated Approving Officer is satisfied that the transactions are valid ones (having verified to the supporting order/delivery note/invoice/receipt) and that the ledger code and Vat code is correct, the transaction is marked as reviewed by the nominated Approving Officer.

Procurement Card -

Control Accounts /

Prompt Payment

Incorrect payments may be made to the bank.

Late payment/ interest charges may be incurred.

Failure to operate within the terms of the card issuer.

The purchasing cards may be cancelled or suspended.

The Authority makes payment in respect of all transactions within 7 days of the request for payment from the bank.

Procurement Card -

VAT Receipts

VAT receipts / invoices

are retained in

accordance with current

guidelines.

VAT may not be able to be reclaimed in accordance with HMRC guidelines.

Incorrect accounting for VAT may result in penalties being imposed by HMRC.

A VAT Receipt / Invoice is retained for the required time.

Torfaen County Borough Council - Internal Auditmoderngov.torfaen.gov.uk/documents/s38093/Appendix...

Documents

Transcript of Torfaen County Borough Council - Internal Auditmoderngov.torfaen.gov.uk/documents/s38093/Appendix...