Internal Audit Progress Report to January by jolinmilioncherie


									                                                                  Agenda Item No. 5


 To:                         Audit and Accounts Committee

 Date:                       27 January 2011

 From:                       Head of Audit and Risk Management

 Electoral Division(s):      All

 Forward Plan Ref:           N/A                            Key decision: No

 Purpose:                    To report on the main areas of audit coverage for the period 10
                             November to 14 January 2011 and the key control issues

 Key Issues:                 Moderate Assurance on Volunteer Safe Recruitment

                             Three reviews in Environmental Services, including Limited
                             Assurance on the Waste Data Tool SLA Review

 Recommendation:             The Committee is asked to consider this report and identify
                             where further action is required to raise concerns, for example
                             by flagging issues with Cabinet or with Scrutiny.

         Officer contact:                                     Member contact:
Name:    Helen Maneuf                          Name:          Councillor John Reynolds
Post:    Head of Audit and Risk Management     Portfolio:     Cabinet Member for Resources and
Email:    Email:
Tel:     01223 699144                          Tel:           01223 699173


1.1     The role of the Internal Audit Team is to give Members and Managers independent
        assurance on the effectiveness of the controls that are in place to ensure that the
        Council’s objectives are achieved. The work of the team is planned so that the focus is
        upon those areas and risks, which, it is considered, will most impact upon the Council’s
        ability to achieve these objectives.

1.2     Upon completion of an audit an assurance opinion is given on the soundness of controls
        in place. The results of the entire programme of work are then summarised in an annual
        opinion on the effectiveness of internal control within the organisation.

1.3     This progress report summarises the assurance opinions for the audits reported during
        the period 10 November to 14 January 2011. Appendix 2 details the position regarding
        status of reports issued. The finalised reports are available for members of the
        Committee on the Audit pages on Camweb via the following link:
        http://camweb/ocs/gov/audit/internal/internal_audit_reports_database.htm. We issue e-
        mails to all members of the Committee to communicate availability of finalised reports.

1.4     As well as summarising the key matters arising from our reviews, we have included the
        Assurance Summaries from our reports. We have provided these to help the committee
        see how the overall assurance levels are arrived at and flag areas of stronger and weaker
        performance in a clear way. A reminder of what the various levels of assurance indicate
        is given in Appendix 1, and Members will be aware that the Committee now requires
        managers to attend the committee where the overall opinion given is of limited assurance
        or below.



2.2.1   We summarise our work on Safe Recruitment procedures for the recruitment of
        Volunteers who work on the delivery of Council services. This cross cutting review is the
        first full safe recruitment review of volunteers, and builds upon the work started as a result
        of the 2009/10 cross cutting safe recruitment review.

2.2.2   The first of a number of reviews in Environmental Services is summarised in the report,
        and covers our review of Civil Parking Enforcement, a responsibility transferred from the
        City Council to the County Council at the beginning of the financial year.

2.2.3   We also provide an update on our continuous or 'embedded assurance' that we are
        providing in respect of the Cambridgeshire Guided Busway.

2.2.4   This report also contains a summary of IT assurance work on the Waste Data Tool
        Service Level Agreement within Environmental Services.

2.2.5   Finally we provide an update on all fraud and corruption activity.

        Volunteers Safe Recruitment

2.2.1   Following a recommendation within the 2009/10 safe recruitment review on corporate (ie
        non-schools appointments) to undertake a review of volunteering activity and safe
        recruitment procedures surrounding this Internal Audit have reviewed the level of

          compliance with corporate guidelines in a sample of teams which recruit volunteers who
          could have direct access to or information about vulnerable client groups.

 2.2.2    Given current national focus on increasingly using volunteers the Council needs to
          consider its approach to using and recruiting volunteers, and how it best ensures safe
          recruitment and associated risks around the protection of vulnerable client groups, in as
          pragmatic a manner as possible.

 2.2.3    All teams selected for this review demonstrated high levels of commitment to promoting
          volunteering. In some cases procedures had been adopted for managing the voluntary
          workforce; in other cases this was in train. We were encouraged by the wide ranging
          guidance provided to Services on the subject of volunteering by HR Policy and Business

 2.2.4    Our recommendations concerned improving the existing processes, particularly in regard
          to better communication of centrally produced guidance, review of documents in
          circulation, and increasing the acceptance and compliance with guidance produced
          centrally, including monitoring procedures.

 2.2.5    After reviewing guidance and policies whilst we are satisfied with the number of areas
          covered, we have highlighted the need for some additional guidance on areas including
          Criminal Record Bureau Checks, references, and supervision of volunteers once they
          have been recruited.

 2.2.6    We provided an opinion of moderate assurance over the area of safe recruitment of
          volunteers. The opinion reflected the high quality of work performed in many spheres, but
          also acknowledged some areas for improvement in the systems designated to assure the
          suitability of volunteers recruited.

Assurance Summary
                                      No         Limited      Moderate     Substantial      Full
Policies and guidance
Record Keeping


          Civil Parking Enforcement

 2.3.1    The County Council took over responsibility for Civil Parking Enforcement (CPE) from the
          City Council on 1 April 2010. A new contractor was appointed to deliver the contract from
          this date. The contract currently covers both on and off-street CPE within Cambridge.

 2.3.2    Surpluses from on-street ticketing revenue less the cost of CPE are attributable to the
          County Council. Surpluses from off-street ticketing revenue less apportioned CPE costs
          flow to the City Council.

 2.3.3    We provided an opinion of moderate assurance as to the management of the areas
          reviewed. Whilst recognising that Parking Services is a new County Service we
          recommended adoption of County best practice, particularly in the areas of risk and
          revenue management (hence the limited assurance provided in these areas) as soon as
          practically possible.

 2.3.2    We suggest using the Service risk register to recognise and manage three risks relating
          to countywide expansion. These relate to the financial viability of expansion, the
          Service’s capacity to process a significant increase in Penalty Charge Notice volumes
          and the County Council investment required to implement on-street improvements ahead
          of enforcement. We were unable to provide firm assurance over the making of a clear
          financially viable case of countywide enforcement expansion at the time of this review,
          but made a number of recommendations for improvements in financial reporting and
          management information to assist the decision making process for District and County
          Councils alike.

 2.3.4 At the mid-point of 2010-2011, we were unable to determine a clear trend in Service
       budgeted expenditure. We recommended that the cautious approach adopted by the
       Service to managing controllable expenditure should continue until an outturn figure is
       clearer nearer the end of the financial year. Such expenditure can then be released if
       really required without risking a drawing down of reserves in excess of that budgeted for.

 2.3.5 The transfer of CPE responsibility and function is an additional burden to be managed by
       the County Council. From the work we performed we found the key risk of budgetary
       control has been well managed. Other areas of risk, notably contract and revenue
       management, have working systems of control in place that could be further enhanced by
       a focus on formalising and documentation.

Assurance Summary
                                     No         Limited     Moderate     Substantial      Full
Contract Management
Case for expansion to a
Countywide Scheme
Data integration and
Ring fencing of on-street and off-
street parking revenue, costs and
Budgetary Control, financial
management and reporting


        Environmental Services - Guided Busway

2.4.1   Our audit approach in respect of the Cambridgeshire Guided Busway is to seek to
        provide regular updates given the risks associated with this project. Our most recent
        review covered governance, risk management and benefits realisation.

2.4.2 Overall we provided moderate assurance and noted that:

           The Head of Delivery had acted upon the recommendations made in the
            previous report in relation to the project risk register.

           The proposed governance model for operations is appropriate.

           A Benefits Realisation Plan has been drafted and reported to the Delivery

2.4.3   We sought a management response and action plan where we identified findings
        that in our opinion weaken project management assurance:

Finding                                                  Management response
That the additional risks identified in our report       This will be done.
to the Delivery Group should be recorded and             (Head of Delivery Guided Busway)
monitored on the project risk register.

That the amended Inception Agreements                    Discussions are well advanced and this should
should be formally agreed as soon as possible.           be completed shortly.
                                                         (Head of Delivery Guided Busway)
That to improve accountability and allow                 The Benefits Realisation Plan will be updated.
achievement to be measured, the Benefits                 (Head of Delivery Guided Busway)
Realisation Plan should make clear who is
responsible for delivering each benefit and the
timescale for delivery.

        Other Embedded Assurance Work

2.4.5   In addition to our embedded assurance work on the Guided Busway the audit team are
        also undertaking work on an embedded assurance approach on the Streetlighting PFI,
        the committee can expect a summary of this work at the March Audit and Accounts
        Committee. Other Embedded Assurance Reviews that we expect to summarise at the
        March Committee include Building Schools for the Future, Re-Ablement and Making
        Cambridgeshire Count.


        Waste Data Tool

 2.5.1    The Waste Data Tool is a database used to support the financial and performance
          management of the Waste Management Service. Its key functionality is the validation of
          payments based upon the type and weight of waste collected by waste vehicles. The
          system is responsible for the management of millions of pounds of transactions each
          year. It also produces performance indicator information for the Department for
          Environment, Food and Rural Affairs. The system can be accessed by district councils
          (who are responsible for waste collection) and contractors such as Donarbon.

 2.5.2    The Waste Data Tool system software is supplied and supported by an external provider.
          The company were also commissioned to provide a managed service to host and support
          the servers on which the system runs. This audit review concerned the Service Level
          Agreement (SLA) and Contractual arrangements with the company for the hosting and
          support of the service with particular attention being paid to exit arrangements.

 2.5.3    The Waste Data Tool hosting contract and SLA were based upon the standard terms and
          conditions supplied by the provider company. This is not good practice and there is a risk
          that the terms and conditions are designed to protect the interests of the private company
          rather than the County Council. However, the review of the contract and SLA between
          the Waste Management Service and the company has been able to provide assurance
          that, with one fundamental exception, the terms and conditions are fair and do, in the
          main, provide a sound basis for delivering the service.

 2.5.4    Unfortunately, this assurance has been undermined by the company’s decision to sub-
          contract the hosting of the server to a third party using terms and conditions which fall
          well below those stipulated in the SLA with the County. Internal Audit have recommended
          that an alternative hosting arrangement is found as a priority.

 2.5.5    If the original provider had continued to host the Waste Data Tool server themselves, as
          was envisaged when the contract was let, then the level of assurance that could have
          been provided would have been moderate to substantial. However, as the server was
          actually hosted with the third party on terms and conditions that fall well below those
          contained in the SLA with the County it is only possible to provide limited assurance. As
          a result the Committee is invited to consider whether it wishes to invite the relevant
          Director or Portfolio Holder for this area to attend the next Audit and Accounts

 Assurance Summary

                                      No          Limited     Moderate     Substantial       Full
The third party SLA protects the
County’s interests in its system
and data
The third party SLA complies with
the requirements of the SLA with
Continuity of service is protected
The data is securely managed
and only be accessed by those
authorised to do so



        Investigation Activity
2.6.1   The IT Audit Manager continues to support a number of on-going investigations. The
        majority of these are supporting schools and include two separate allegations from
        different secondary schools that teachers have used their school laptops to access
        inappropriate material on the Internet, and a case where a pupil has alleged that a
        teacher made inappropriate comments to her via MSN chat (This case is being co-
        ordinated by the County’s LADO unit).

2.6.2   In all these cases Internal Audit make use of their forensic software to ensure that any
        evidence found will be admissible in court, should a criminal act have been committed.

2.6.3   Internal Audit is also investigating a case where the Head teacher has concerns about
        the financial probity of the primary school’s finance manager.

2.6.4   The County’s Standards Sub Committee requested that allegations into a member’s
        conduct be formally investigated and the Monitoring Officer commissioned Internal Audit
        to undertake the on-going investigation.

2.6.5   We have also investigated concerns raised by an ex-Parish Councillor into the financial
        relationship between an ex-County Council employee and their new Parish Council
        employer on behalf of the Director of Children’s Enhanced and Preventative Services.


2.7.1   The Committee is asked to consider this report and identify where further action is
        required to raise concerns for example by flagging issues with Cabinet or with Scrutiny.

        Source Documents                                   Location

        Internal Audit Plan                                Box Res 1415
                                                           Shire Hall
        Internal Audit Reports                             Castle Hill
                                                           CB3 0AP


Definitions of levels of Audit Assurance

  Level                 Definitions

  1 FULL                There is a sound system of control designed to achieve
    ASSURANCE           the system objectives and manage the risks to achieving
                        those objectives.

  2 SUBSTANTIAL         Whilst there is basically a sound system of control, there
    ASSURANCE           are some minor weaknesses, which put some of the
                        system objectives at risk.

  3 MODERATE            Whilst there is basically a sound system of control, there
    ASSURANCE           are some more significant / serious weaknesses, which
                        may put some of the system objectives at risk.

  4 LIMITED             There are significant weaknesses in key areas in the
    ASSURANCE           systems of control, which put the system objectives at

  5 NO                  Control is generally weak leaving the system open to
    ASSURANCE           significant error or abuse.


Management responses to Internal Audit Reports – September 2010 – November 2010

Service                      Reports   Cleared   Outstanding

                                                 Under 2 Over 2
                                                 months  months

Cross Cutting                1         0         1          0

Corporate Directorates       0         0         0          0

Environment Services         2         2         0          0

Community & Adult Services   0         0         0          0

Children & Young People      0         0         0          0

IT                           1         1         0          0

Total                        4         3         1          0

Source Documents                                     Location

Full audit reports.                                  Box Res 1415
                                                     Shire Hall
                                                     Castle Hill
                                                     CB3 0AP


To top