Agenda Item No. 5
INTERNAL AUDIT PROGRESS REPORT TO 14 JANUARY 2011
To: Audit and Accounts Committee
Date: 27 January 2011
From: Head of Audit and Risk Management
Electoral Division(s): All
Forward Plan Ref: N/A Key decision: No
Purpose: To report on the main areas of audit coverage for the period 10
November to 14 January 2011 and the key control issues
Key Issues: Moderate Assurance on Volunteer Safe Recruitment
Three reviews in Environmental Services, including Limited
Assurance on the Waste Data Tool SLA Review
Recommendation: The Committee is asked to consider this report and identify
where further action is required to raise concerns, for example
by flagging issues with Cabinet or with Scrutiny.
Officer contact: Member contact:
Name: Helen Maneuf Name: Councillor John Reynolds
Post: Head of Audit and Risk Management Portfolio: Cabinet Member for Resources and
Email: Helen.Maneuf@cambridgeshire.gov.uk Email: John.Reynolds@cambridgeshire.gov.uk
Tel: 01223 699144 Tel: 01223 699173
1.1 The role of the Internal Audit Team is to give Members and Managers independent
assurance on the effectiveness of the controls that are in place to ensure that the
Council’s objectives are achieved. The work of the team is planned so that the focus is
upon those areas and risks, which, it is considered, will most impact upon the Council’s
ability to achieve these objectives.
1.2 Upon completion of an audit an assurance opinion is given on the soundness of controls
in place. The results of the entire programme of work are then summarised in an annual
opinion on the effectiveness of internal control within the organisation.
1.3 This progress report summarises the assurance opinions for the audits reported during
the period 10 November to 14 January 2011. Appendix 2 details the position regarding
status of reports issued. The finalised reports are available for members of the
Committee on the Audit pages on Camweb via the following link:
http://camweb/ocs/gov/audit/internal/internal_audit_reports_database.htm. We issue e-
mails to all members of the Committee to communicate availability of finalised reports.
1.4 As well as summarising the key matters arising from our reviews, we have included the
Assurance Summaries from our reports. We have provided these to help the committee
see how the overall assurance levels are arrived at and flag areas of stronger and weaker
performance in a clear way. A reminder of what the various levels of assurance indicate
is given in Appendix 1, and Members will be aware that the Committee now requires
managers to attend the committee where the overall opinion given is of limited assurance
2. COMMENTARY ON AUDIT COVERAGE
2.1 OVERVIEW OF KEY ISSUES
2.2.1 We summarise our work on Safe Recruitment procedures for the recruitment of
Volunteers who work on the delivery of Council services. This cross cutting review is the
first full safe recruitment review of volunteers, and builds upon the work started as a result
of the 2009/10 cross cutting safe recruitment review.
2.2.2 The first of a number of reviews in Environmental Services is summarised in the report,
and covers our review of Civil Parking Enforcement, a responsibility transferred from the
City Council to the County Council at the beginning of the financial year.
2.2.3 We also provide an update on our continuous or 'embedded assurance' that we are
providing in respect of the Cambridgeshire Guided Busway.
2.2.4 This report also contains a summary of IT assurance work on the Waste Data Tool
Service Level Agreement within Environmental Services.
2.2.5 Finally we provide an update on all fraud and corruption activity.
2.2 CROSS CUTTING REVIEWS
Volunteers Safe Recruitment
2.2.1 Following a recommendation within the 2009/10 safe recruitment review on corporate (ie
non-schools appointments) to undertake a review of volunteering activity and safe
recruitment procedures surrounding this Internal Audit have reviewed the level of
compliance with corporate guidelines in a sample of teams which recruit volunteers who
could have direct access to or information about vulnerable client groups.
2.2.2 Given current national focus on increasingly using volunteers the Council needs to
consider its approach to using and recruiting volunteers, and how it best ensures safe
recruitment and associated risks around the protection of vulnerable client groups, in as
pragmatic a manner as possible.
2.2.3 All teams selected for this review demonstrated high levels of commitment to promoting
volunteering. In some cases procedures had been adopted for managing the voluntary
workforce; in other cases this was in train. We were encouraged by the wide ranging
guidance provided to Services on the subject of volunteering by HR Policy and Business
2.2.4 Our recommendations concerned improving the existing processes, particularly in regard
to better communication of centrally produced guidance, review of documents in
circulation, and increasing the acceptance and compliance with guidance produced
centrally, including monitoring procedures.
2.2.5 After reviewing guidance and policies whilst we are satisfied with the number of areas
covered, we have highlighted the need for some additional guidance on areas including
Criminal Record Bureau Checks, references, and supervision of volunteers once they
have been recruited.
2.2.6 We provided an opinion of moderate assurance over the area of safe recruitment of
volunteers. The opinion reflected the high quality of work performed in many spheres, but
also acknowledged some areas for improvement in the systems designated to assure the
suitability of volunteers recruited.
No Limited Moderate Substantial Full
Policies and guidance
2.3 ENVIRONMENTAL SERVICES
Civil Parking Enforcement
2.3.1 The County Council took over responsibility for Civil Parking Enforcement (CPE) from the
City Council on 1 April 2010. A new contractor was appointed to deliver the contract from
this date. The contract currently covers both on and off-street CPE within Cambridge.
2.3.2 Surpluses from on-street ticketing revenue less the cost of CPE are attributable to the
County Council. Surpluses from off-street ticketing revenue less apportioned CPE costs
flow to the City Council.
2.3.3 We provided an opinion of moderate assurance as to the management of the areas
reviewed. Whilst recognising that Parking Services is a new County Service we
recommended adoption of County best practice, particularly in the areas of risk and
revenue management (hence the limited assurance provided in these areas) as soon as
2.3.2 We suggest using the Service risk register to recognise and manage three risks relating
to countywide expansion. These relate to the financial viability of expansion, the
Service’s capacity to process a significant increase in Penalty Charge Notice volumes
and the County Council investment required to implement on-street improvements ahead
of enforcement. We were unable to provide firm assurance over the making of a clear
financially viable case of countywide enforcement expansion at the time of this review,
but made a number of recommendations for improvements in financial reporting and
management information to assist the decision making process for District and County
2.3.4 At the mid-point of 2010-2011, we were unable to determine a clear trend in Service
budgeted expenditure. We recommended that the cautious approach adopted by the
Service to managing controllable expenditure should continue until an outturn figure is
clearer nearer the end of the financial year. Such expenditure can then be released if
really required without risking a drawing down of reserves in excess of that budgeted for.
2.3.5 The transfer of CPE responsibility and function is an additional burden to be managed by
the County Council. From the work we performed we found the key risk of budgetary
control has been well managed. Other areas of risk, notably contract and revenue
management, have working systems of control in place that could be further enhanced by
a focus on formalising and documentation.
No Limited Moderate Substantial Full
Case for expansion to a
Data integration and
Ring fencing of on-street and off-
street parking revenue, costs and
Budgetary Control, financial
management and reporting
2.4 EMBEDDED ASSURANCE
Environmental Services - Guided Busway
2.4.1 Our audit approach in respect of the Cambridgeshire Guided Busway is to seek to
provide regular updates given the risks associated with this project. Our most recent
review covered governance, risk management and benefits realisation.
2.4.2 Overall we provided moderate assurance and noted that:
The Head of Delivery had acted upon the recommendations made in the
previous report in relation to the project risk register.
The proposed governance model for operations is appropriate.
A Benefits Realisation Plan has been drafted and reported to the Delivery
2.4.3 We sought a management response and action plan where we identified findings
that in our opinion weaken project management assurance:
Finding Management response
That the additional risks identified in our report This will be done.
to the Delivery Group should be recorded and (Head of Delivery Guided Busway)
monitored on the project risk register.
That the amended Inception Agreements Discussions are well advanced and this should
should be formally agreed as soon as possible. be completed shortly.
(Head of Delivery Guided Busway)
That to improve accountability and allow The Benefits Realisation Plan will be updated.
achievement to be measured, the Benefits (Head of Delivery Guided Busway)
Realisation Plan should make clear who is
responsible for delivering each benefit and the
timescale for delivery.
Other Embedded Assurance Work
2.4.5 In addition to our embedded assurance work on the Guided Busway the audit team are
also undertaking work on an embedded assurance approach on the Streetlighting PFI,
the committee can expect a summary of this work at the March Audit and Accounts
Committee. Other Embedded Assurance Reviews that we expect to summarise at the
March Committee include Building Schools for the Future, Re-Ablement and Making
2.5 IT AUDIT WORK
Waste Data Tool
2.5.1 The Waste Data Tool is a database used to support the financial and performance
management of the Waste Management Service. Its key functionality is the validation of
payments based upon the type and weight of waste collected by waste vehicles. The
system is responsible for the management of millions of pounds of transactions each
year. It also produces performance indicator information for the Department for
Environment, Food and Rural Affairs. The system can be accessed by district councils
(who are responsible for waste collection) and contractors such as Donarbon.
2.5.2 The Waste Data Tool system software is supplied and supported by an external provider.
The company were also commissioned to provide a managed service to host and support
the servers on which the system runs. This audit review concerned the Service Level
Agreement (SLA) and Contractual arrangements with the company for the hosting and
support of the service with particular attention being paid to exit arrangements.
2.5.3 The Waste Data Tool hosting contract and SLA were based upon the standard terms and
conditions supplied by the provider company. This is not good practice and there is a risk
that the terms and conditions are designed to protect the interests of the private company
rather than the County Council. However, the review of the contract and SLA between
the Waste Management Service and the company has been able to provide assurance
that, with one fundamental exception, the terms and conditions are fair and do, in the
main, provide a sound basis for delivering the service.
2.5.4 Unfortunately, this assurance has been undermined by the company’s decision to sub-
contract the hosting of the server to a third party using terms and conditions which fall
well below those stipulated in the SLA with the County. Internal Audit have recommended
that an alternative hosting arrangement is found as a priority.
2.5.5 If the original provider had continued to host the Waste Data Tool server themselves, as
was envisaged when the contract was let, then the level of assurance that could have
been provided would have been moderate to substantial. However, as the server was
actually hosted with the third party on terms and conditions that fall well below those
contained in the SLA with the County it is only possible to provide limited assurance. As
a result the Committee is invited to consider whether it wishes to invite the relevant
Director or Portfolio Holder for this area to attend the next Audit and Accounts
No Limited Moderate Substantial Full
The third party SLA protects the
County’s interests in its system
The third party SLA complies with
the requirements of the SLA with
Continuity of service is protected
The data is securely managed
and only be accessed by those
authorised to do so
2.6 FRAUD AND CORRUPTION UPDATE
2.6.1 The IT Audit Manager continues to support a number of on-going investigations. The
majority of these are supporting schools and include two separate allegations from
different secondary schools that teachers have used their school laptops to access
inappropriate material on the Internet, and a case where a pupil has alleged that a
teacher made inappropriate comments to her via MSN chat (This case is being co-
ordinated by the County’s LADO unit).
2.6.2 In all these cases Internal Audit make use of their forensic software to ensure that any
evidence found will be admissible in court, should a criminal act have been committed.
2.6.3 Internal Audit is also investigating a case where the Head teacher has concerns about
the financial probity of the primary school’s finance manager.
2.6.4 The County’s Standards Sub Committee requested that allegations into a member’s
conduct be formally investigated and the Monitoring Officer commissioned Internal Audit
to undertake the on-going investigation.
2.6.5 We have also investigated concerns raised by an ex-Parish Councillor into the financial
relationship between an ex-County Council employee and their new Parish Council
employer on behalf of the Director of Children’s Enhanced and Preventative Services.
2.7.1 The Committee is asked to consider this report and identify where further action is
required to raise concerns for example by flagging issues with Cabinet or with Scrutiny.
Source Documents Location
Internal Audit Plan Box Res 1415
Internal Audit Reports Castle Hill
Definitions of levels of Audit Assurance
1 FULL There is a sound system of control designed to achieve
ASSURANCE the system objectives and manage the risks to achieving
2 SUBSTANTIAL Whilst there is basically a sound system of control, there
ASSURANCE are some minor weaknesses, which put some of the
system objectives at risk.
3 MODERATE Whilst there is basically a sound system of control, there
ASSURANCE are some more significant / serious weaknesses, which
may put some of the system objectives at risk.
4 LIMITED There are significant weaknesses in key areas in the
ASSURANCE systems of control, which put the system objectives at
5 NO Control is generally weak leaving the system open to
ASSURANCE significant error or abuse.
Management responses to Internal Audit Reports – September 2010 – November 2010
Service Reports Cleared Outstanding
Under 2 Over 2
Cross Cutting 1 0 1 0
Corporate Directorates 0 0 0 0
Environment Services 2 2 0 0
Community & Adult Services 0 0 0 0
Children & Young People 0 0 0 0
IT 1 1 0 0
Total 4 3 1 0
Source Documents Location
Full audit reports. Box Res 1415