VIEWS: 14 PAGES: 10 POSTED ON: 5/31/2012
Agenda Item No. 5 INTERNAL AUDIT PROGRESS REPORT TO 14 JANUARY 2011 To: Audit and Accounts Committee Date: 27 January 2011 From: Head of Audit and Risk Management Electoral Division(s): All Forward Plan Ref: N/A Key decision: No Purpose: To report on the main areas of audit coverage for the period 10 November to 14 January 2011 and the key control issues arising. Key Issues: Moderate Assurance on Volunteer Safe Recruitment Three reviews in Environmental Services, including Limited Assurance on the Waste Data Tool SLA Review Recommendation: The Committee is asked to consider this report and identify where further action is required to raise concerns, for example by flagging issues with Cabinet or with Scrutiny. Officer contact: Member contact: Name: Helen Maneuf Name: Councillor John Reynolds Post: Head of Audit and Risk Management Portfolio: Cabinet Member for Resources and Performance Email: Helen.Maneuf@cambridgeshire.gov.uk Email: John.Reynolds@cambridgeshire.gov.uk Tel: 01223 699144 Tel: 01223 699173 1 1. BACKGROUND 1.1 The role of the Internal Audit Team is to give Members and Managers independent assurance on the effectiveness of the controls that are in place to ensure that the Council’s objectives are achieved. The work of the team is planned so that the focus is upon those areas and risks, which, it is considered, will most impact upon the Council’s ability to achieve these objectives. 1.2 Upon completion of an audit an assurance opinion is given on the soundness of controls in place. The results of the entire programme of work are then summarised in an annual opinion on the effectiveness of internal control within the organisation. 1.3 This progress report summarises the assurance opinions for the audits reported during the period 10 November to 14 January 2011. Appendix 2 details the position regarding status of reports issued. The finalised reports are available for members of the Committee on the Audit pages on Camweb via the following link: http://camweb/ocs/gov/audit/internal/internal_audit_reports_database.htm. We issue e- mails to all members of the Committee to communicate availability of finalised reports. 1.4 As well as summarising the key matters arising from our reviews, we have included the Assurance Summaries from our reports. We have provided these to help the committee see how the overall assurance levels are arrived at and flag areas of stronger and weaker performance in a clear way. A reminder of what the various levels of assurance indicate is given in Appendix 1, and Members will be aware that the Committee now requires managers to attend the committee where the overall opinion given is of limited assurance or below. 2. COMMENTARY ON AUDIT COVERAGE 2.1 OVERVIEW OF KEY ISSUES 2.2.1 We summarise our work on Safe Recruitment procedures for the recruitment of Volunteers who work on the delivery of Council services. This cross cutting review is the first full safe recruitment review of volunteers, and builds upon the work started as a result of the 2009/10 cross cutting safe recruitment review. 2.2.2 The first of a number of reviews in Environmental Services is summarised in the report, and covers our review of Civil Parking Enforcement, a responsibility transferred from the City Council to the County Council at the beginning of the financial year. 2.2.3 We also provide an update on our continuous or 'embedded assurance' that we are providing in respect of the Cambridgeshire Guided Busway. 2.2.4 This report also contains a summary of IT assurance work on the Waste Data Tool Service Level Agreement within Environmental Services. 2.2.5 Finally we provide an update on all fraud and corruption activity. 2.2 CROSS CUTTING REVIEWS Volunteers Safe Recruitment 2.2.1 Following a recommendation within the 2009/10 safe recruitment review on corporate (ie non-schools appointments) to undertake a review of volunteering activity and safe recruitment procedures surrounding this Internal Audit have reviewed the level of 2 compliance with corporate guidelines in a sample of teams which recruit volunteers who could have direct access to or information about vulnerable client groups. 2.2.2 Given current national focus on increasingly using volunteers the Council needs to consider its approach to using and recruiting volunteers, and how it best ensures safe recruitment and associated risks around the protection of vulnerable client groups, in as pragmatic a manner as possible. 2.2.3 All teams selected for this review demonstrated high levels of commitment to promoting volunteering. In some cases procedures had been adopted for managing the voluntary workforce; in other cases this was in train. We were encouraged by the wide ranging guidance provided to Services on the subject of volunteering by HR Policy and Business Services. 2.2.4 Our recommendations concerned improving the existing processes, particularly in regard to better communication of centrally produced guidance, review of documents in circulation, and increasing the acceptance and compliance with guidance produced centrally, including monitoring procedures. 2.2.5 After reviewing guidance and policies whilst we are satisfied with the number of areas covered, we have highlighted the need for some additional guidance on areas including Criminal Record Bureau Checks, references, and supervision of volunteers once they have been recruited. 2.2.6 We provided an opinion of moderate assurance over the area of safe recruitment of volunteers. The opinion reflected the high quality of work performed in many spheres, but also acknowledged some areas for improvement in the systems designated to assure the suitability of volunteers recruited. Assurance Summary No Limited Moderate Substantial Full Policies and guidance Compliance Supervision Record Keeping Overall 2.3 ENVIRONMENTAL SERVICES Civil Parking Enforcement 2.3.1 The County Council took over responsibility for Civil Parking Enforcement (CPE) from the City Council on 1 April 2010. A new contractor was appointed to deliver the contract from this date. The contract currently covers both on and off-street CPE within Cambridge. 2.3.2 Surpluses from on-street ticketing revenue less the cost of CPE are attributable to the County Council. Surpluses from off-street ticketing revenue less apportioned CPE costs flow to the City Council. 3 2.3.3 We provided an opinion of moderate assurance as to the management of the areas reviewed. Whilst recognising that Parking Services is a new County Service we recommended adoption of County best practice, particularly in the areas of risk and revenue management (hence the limited assurance provided in these areas) as soon as practically possible. 2.3.2 We suggest using the Service risk register to recognise and manage three risks relating to countywide expansion. These relate to the financial viability of expansion, the Service’s capacity to process a significant increase in Penalty Charge Notice volumes and the County Council investment required to implement on-street improvements ahead of enforcement. We were unable to provide firm assurance over the making of a clear financially viable case of countywide enforcement expansion at the time of this review, but made a number of recommendations for improvements in financial reporting and management information to assist the decision making process for District and County Councils alike. 2.3.4 At the mid-point of 2010-2011, we were unable to determine a clear trend in Service budgeted expenditure. We recommended that the cautious approach adopted by the Service to managing controllable expenditure should continue until an outturn figure is clearer nearer the end of the financial year. Such expenditure can then be released if really required without risking a drawing down of reserves in excess of that budgeted for. 2.3.5 The transfer of CPE responsibility and function is an additional burden to be managed by the County Council. From the work we performed we found the key risk of budgetary control has been well managed. Other areas of risk, notably contract and revenue management, have working systems of control in place that could be further enhanced by a focus on formalising and documentation. Assurance Summary No Limited Moderate Substantial Full Contract Management Case for expansion to a Countywide Scheme Data integration and reconciliation Ring fencing of on-street and off- street parking revenue, costs and overheads Budgetary Control, financial management and reporting Overall 4 2.4 EMBEDDED ASSURANCE Environmental Services - Guided Busway 2.4.1 Our audit approach in respect of the Cambridgeshire Guided Busway is to seek to provide regular updates given the risks associated with this project. Our most recent review covered governance, risk management and benefits realisation. 2.4.2 Overall we provided moderate assurance and noted that: The Head of Delivery had acted upon the recommendations made in the previous report in relation to the project risk register. The proposed governance model for operations is appropriate. A Benefits Realisation Plan has been drafted and reported to the Delivery Group. 2.4.3 We sought a management response and action plan where we identified findings that in our opinion weaken project management assurance: Finding Management response That the additional risks identified in our report This will be done. to the Delivery Group should be recorded and (Head of Delivery Guided Busway) monitored on the project risk register. That the amended Inception Agreements Discussions are well advanced and this should should be formally agreed as soon as possible. be completed shortly. (Head of Delivery Guided Busway) That to improve accountability and allow The Benefits Realisation Plan will be updated. achievement to be measured, the Benefits (Head of Delivery Guided Busway) Realisation Plan should make clear who is responsible for delivering each benefit and the timescale for delivery. Other Embedded Assurance Work 2.4.5 In addition to our embedded assurance work on the Guided Busway the audit team are also undertaking work on an embedded assurance approach on the Streetlighting PFI, the committee can expect a summary of this work at the March Audit and Accounts Committee. Other Embedded Assurance Reviews that we expect to summarise at the March Committee include Building Schools for the Future, Re-Ablement and Making Cambridgeshire Count. 2.5 IT AUDIT WORK Waste Data Tool 5 2.5.1 The Waste Data Tool is a database used to support the financial and performance management of the Waste Management Service. Its key functionality is the validation of payments based upon the type and weight of waste collected by waste vehicles. The system is responsible for the management of millions of pounds of transactions each year. It also produces performance indicator information for the Department for Environment, Food and Rural Affairs. The system can be accessed by district councils (who are responsible for waste collection) and contractors such as Donarbon. 2.5.2 The Waste Data Tool system software is supplied and supported by an external provider. The company were also commissioned to provide a managed service to host and support the servers on which the system runs. This audit review concerned the Service Level Agreement (SLA) and Contractual arrangements with the company for the hosting and support of the service with particular attention being paid to exit arrangements. 2.5.3 The Waste Data Tool hosting contract and SLA were based upon the standard terms and conditions supplied by the provider company. This is not good practice and there is a risk that the terms and conditions are designed to protect the interests of the private company rather than the County Council. However, the review of the contract and SLA between the Waste Management Service and the company has been able to provide assurance that, with one fundamental exception, the terms and conditions are fair and do, in the main, provide a sound basis for delivering the service. 2.5.4 Unfortunately, this assurance has been undermined by the company’s decision to sub- contract the hosting of the server to a third party using terms and conditions which fall well below those stipulated in the SLA with the County. Internal Audit have recommended that an alternative hosting arrangement is found as a priority. 2.5.5 If the original provider had continued to host the Waste Data Tool server themselves, as was envisaged when the contract was let, then the level of assurance that could have been provided would have been moderate to substantial. However, as the server was actually hosted with the third party on terms and conditions that fall well below those contained in the SLA with the County it is only possible to provide limited assurance. As a result the Committee is invited to consider whether it wishes to invite the relevant Director or Portfolio Holder for this area to attend the next Audit and Accounts Committee. Assurance Summary No Limited Moderate Substantial Full The third party SLA protects the County’s interests in its system and data The third party SLA complies with the requirements of the SLA with provider Continuity of service is protected The data is securely managed and only be accessed by those authorised to do so Overall 6 2.6 FRAUD AND CORRUPTION UPDATE Investigation Activity 2.6.1 The IT Audit Manager continues to support a number of on-going investigations. The majority of these are supporting schools and include two separate allegations from different secondary schools that teachers have used their school laptops to access inappropriate material on the Internet, and a case where a pupil has alleged that a teacher made inappropriate comments to her via MSN chat (This case is being co- ordinated by the County’s LADO unit). 2.6.2 In all these cases Internal Audit make use of their forensic software to ensure that any evidence found will be admissible in court, should a criminal act have been committed. 2.6.3 Internal Audit is also investigating a case where the Head teacher has concerns about the financial probity of the primary school’s finance manager. 2.6.4 The County’s Standards Sub Committee requested that allegations into a member’s conduct be formally investigated and the Monitoring Officer commissioned Internal Audit to undertake the on-going investigation. 2.6.5 We have also investigated concerns raised by an ex-Parish Councillor into the financial relationship between an ex-County Council employee and their new Parish Council employer on behalf of the Director of Children’s Enhanced and Preventative Services. 2.7 RECOMMENDATION 2.7.1 The Committee is asked to consider this report and identify where further action is required to raise concerns for example by flagging issues with Cabinet or with Scrutiny. Source Documents Location Internal Audit Plan Box Res 1415 Shire Hall Internal Audit Reports Castle Hill Cambridge CB3 0AP 7 APPENDIX 1 Definitions of levels of Audit Assurance Level Definitions 1 FULL There is a sound system of control designed to achieve ASSURANCE the system objectives and manage the risks to achieving those objectives. 2 SUBSTANTIAL Whilst there is basically a sound system of control, there ASSURANCE are some minor weaknesses, which put some of the system objectives at risk. 3 MODERATE Whilst there is basically a sound system of control, there ASSURANCE are some more significant / serious weaknesses, which may put some of the system objectives at risk. 4 LIMITED There are significant weaknesses in key areas in the ASSURANCE systems of control, which put the system objectives at risk. 5 NO Control is generally weak leaving the system open to ASSURANCE significant error or abuse. 8 APPENDIX 2 Management responses to Internal Audit Reports – September 2010 – November 2010 Service Reports Cleared Outstanding Issued Under 2 Over 2 months months Cross Cutting 1 0 1 0 Corporate Directorates 0 0 0 0 Environment Services 2 2 0 0 Community & Adult Services 0 0 0 0 Children & Young People 0 0 0 0 IT 1 1 0 0 Total 4 3 1 0 Source Documents Location Full audit reports. Box Res 1415 Shire Hall Castle Hill Cambridge CB3 0AP 9 10
"Internal Audit Progress Report to January"