Internal Audit Report for an Insurance Company by iww21415

VIEWS: 312 PAGES: 44

More Info
									INTERNAL AUDIT – MONITORING REPORT

 REPORT OF:         Internal Audit Manager
 Contact Officer:   Jill Hills, Haines Watts
                    Email: jhills@hwias.co.uk Tel: (01444) 477542
 Wards Affected:    All
 Key Decision       No


1.     PURPOSE OF REPORT

       The purpose of this report is twofold; to update the Committee on progress
       towards the delivery of the 2006-2007 Internal Audit Plan and to report on the
       progress made in implementing previous recommendations.

2.     SUMMARY

2.1    The plan for 2006-2007 provide a mix of coverage on fundamental systems,
       IT systems and service systems within the context of a five-year risk based
       strategic plan.

2.2    This report also describes progress on implementing previous years
       recommendations.

3.     RECOMMENDATIONS

       The Sub Committee is asked to receive the report.


4.     REPORT TO AUDIT SUB COMMITTEE

       2005-2006 BACs Report

4.1    Following the issue of the draft report, further work was requested by the
       Head of Finance relating to the arrangements for the authorisation of BACs
       payments and the possibility of this taking place electronically. The outcome
       of this work has been considered by management and the report has now
       been issued as a final. There were no high priority recommendations.


       Progress against the 2006-2007 Internal Audit plan as at 13th December
       2006

4.2    Since the Audit Committee meeting in September 2006, reviews have been
       completed of Income Collection, Payments, Council Tax and NNDR. Reports
       relating to Council Tax and NNDR are in draft, awaiting management
       comment. However an overview of the current position is included at
       paragraph 4.5. Reviews of Capital Accounting and Housing Benefit are in
       progress. There were no high priority recommendations in relation to Income
       Collection, but 3 relating to our review of Payments. These are detailed in
       Appendix B


                                                                  Audit Sub – Committee –
                                                                          3rd January 2007




                                          -6-
4.3   As the above are classed as Fundamental Systems, we will be undertaking
      additional testing of 3-4 key controls, identified by the Audit Commission in
      February/March 2007, in order that they can rely on our work for their year-
      end purposes.

4.4   We have also undertaken a review of Debt Recovery Procedures as
      requested by the Head of Finance. In the Key Lines of Enquiry (KLOE) on
      Internal Control, the Audit Commission had previously commented that a full
      review of procedures was required. This work was undertaken during
      November and our findings are currently with management for their
      consideration.

4.4   We also attended the November meeting of the Sussex Audit Group where
      common issues, recent guidance/publications and best practice was
      discussed.


      Progress on implementing previous recommendations


4.5   As detailed in 4.2 above, we are in the process of agreeing the draft reports
      resulting from our 2006/07 reviews of Council Tax and NNDR with
      management. However, in order to provide the Committee with details of the
      current status of previously reported recommendations, we have included in
      Appendix B an update reflecting the current position. Some progress was
      reported to the meeting in September 2006 and it was anticipated that the
      work undertaken with the Revenues Team to agree how duties could be
      segregated would reduce the need for management checks to be performed
      to the same degree as in previous years and would also deliver a stronger
      and more reliable framework of control. However, as at the time of writing the
      proposed segregation had not been implemented..

4.6   Given this situation, we would have anticipated that the management checks
      and review, agreed in previous years, would have been reintroduced.
      However, these checks have also been found to have lapsed, with the
      exception of checks performed on refunds which are now operating
      satisfactorily.

4.7   We acknowledge that until the recently appointed Head of Revenues is in
      post at the end of February 2007, the future structure and organisation of the
      Revenues Team is uncertain. However, these weaknesses in control must
      now be addressed as a matter of urgency.

4.8   At the June and September 2006 meetings of the Committee, we reported on
      progress against the implementation of the recommendations made in our
      report on Indoor Business Operations. At that time, the successful
      implementation of a number of the recommendations was being hampered by
      IT related issues. Those recommendations that remained outstanding have
      been revisited and whilst the trialing of certain modules of the Scuba 5 system
      have still to be completed in the new year, good progress continues to be
      made in other areas.




                                                                  Audit Sub – Committee –
                                                                          3rd January 2007

                                         -7-
4.9    A final review of the King’s Vending Machine theft dating back to the summer
       of 1995 was also completed with Internal Audit pleased to report that
       following the recommendation that the Council seek to process an insurance
       claim in relation to the lost revenue, the insurance company has recently paid
       out on this claim to the sum of £9,981.00.

4.10   A review of the status of previous recommendations made and the outcome
       of Internal Audit work is shown at Appendix 2. This includes the current
       status of the outstanding recommendations in relation to Business Continuity
       and Network Infrastructure which as reported to the last meeting have been
       overtaken by the CenSus Partnership arrangements.

4.11   We met with representatives from Internal Audit from Adur and Horsham
       District Councils on 23rd October to discuss a number of issues relating to the
       CenSus Partnership arrangements, including establishing an approach
       whereby it should not be necessary for each team of auditors to undertake
       reviews of the same system within the host authority, but to rely on the
       Internal Audit coverage of that system by the host authority. The ICT
       Partnership Manager was also present and was able to give a useful
       overview to the Group about the current stage of development reached by the
       Partnership.

4.12   In terms of joint working, the view was expressed that it was probably too
       soon to consider this. Even where a system is hosted at a particular
       authority, any coverage by that Internal Audit team will be undertaken to meet
       the audit needs of that authority and not the CenSus Partnership. If however,
       any of the findings were of significance to any of the other authorities these
       would be shared via the Project Board. For example, the Auditors at
       Horsham have recently completed a review of the CenSus arrangements,
       recharges etc which although the review focused on the Horsham perspective
       and not CenSus per say we understand raised a number of recommendations
       that impact on the partnership. Their report is being presented to the Project
       Board and can then be made available to us.

4.13   Horsham’s Principal Auditor is also sitting on the IT security group and has
       agreed to feed back any common issues etc and vice versa.

4.14   We did agree that before any work began on a CenSus IT system, that we
       would contact the host authorities internal auditors to see if there was any
       work in that area that might be useful and that they were willing to share.




                                                                   Audit Sub – Committee –
                                                                           3rd January 2007




                                          -8-
4.15   The group agreed to meet on 25th January 07 to discuss 2007/08 Internal
       Audit plans and whether there was any common ground. The possible need
       for a CenSus IT plan in future was also discussed briefly, but how this could
       be resourced or financed was not known.

Background Papers

       Internal Audit reports in 2004-2005, 2005-2006 and 2006-2007.
       Working papers relating to 2004-2005, 2005-2006 and 2006-2007.




                                                                 Audit Sub – Committee –
                                                                         3rd January 2007




                                         -9-
                                                                                                                                                                    Appendix A
                                                                          Mid Sussex District Council

                                                                           Operational Plan 2006/07

                                                                 Progress Report as at 13th December 2006

Audit Area             Rating   Budget/   Provisional         Fieldwork    Target date    Draft      Management   Target date    Final      High Priority           Comments
                                 days     Timing –            Commenced    for issue of   Report     Responses    for issue of   Report     Findings
                                          week                             Draft          Issued     Received     Final          Issued     Reported to
                                          commencing                                                                                        Audit
                                                                                                                                            Committee
Fundamental
Systems
Council Tax            High       8       20/11/06            20/11/06     05/01/06

NNDR                   High       7       27/11/06            27/11/06     05/01/06
Payroll                High       5       05/02/07
Income                 High       5       09/10/06            09/10/06     10/11/06       10/11/06   10/11/06                    27/11/06   Not             No       high      priority
Collection/Cashiers                                                                                                                         applicable.     recommendations.
Treasury Management    High       5       04/12/06                                                                                                          Deferred      to     after
                                                                                                                                                            Christmas                to
                                                                                                                                                            accommodate ad hoc
                                                                                                                                                            review of Debt Recovery
                                                                                                                                                            procedures requested by
                                                                                                                                                            the Head of Finance.
Creditors (Payments)   High        5      16/10/06            16/10/06     17/11/06       02/11/06   03/11/06                    27/11/06   3/01/07
Debtors                High        5      08/01/07
Benefits               High       15      04/12/06            4/12/06      12/01/07
Capital Accounting +   Medium     10      30/10/06            30/10/06     08/12/06                                                                         Completion delayed by
Asset Management                                                                                                                                            the need to undertake the
                                                                                                                                                            review of Debt Recovery
                                                                                                                                                            Procedures. Will now be
                                                                                                                                                            completed     in    early
                                                                                                                                                            January.
Budgetary Control &    Medium     8       15/01/07
Procurement
Purchasing Cards       Medium     4       10/05/06            10/05/06     31/05/06       02/06/06   19/06/06     16/06/06       19/06/06   Not             No     high      priority
                                                                                                                                            applicable.     recommendations.


                                                                                                                                                             Audit Sub – Committee –
                                                                                                                                                                    3rd January 2007


                                                     - 10 -
                                                                               Mid Sussex District Council

                                                                                    Operational Plan 2006/07

                                                                      Progress Report as at 13th December 2006

Audit Area                 Rating   Budget/    Provisional         Fieldwork        Target date    Draft    Management   Target date    Final    High Priority   Comments
                                     days      Timing –            Commenced        for issue of   Report   Responses    for issue of   Report   Findings
                                               week                                 Draft          Issued   Received     Final          Issued   Reported to
                                               commencing                                                                                        Audit
                                                                                                                                                 Committee
Audit Commission – Top              1 day to   12/03/07                                                                                                          The Audit Commission
up testing.                         be used                                                                                                                      have requested that we
                                    from the   revised to                                                                                                        now complete this work in
                                      above    Feb 07.                                                                                                           mid February rather than
                                    budgets.                                                                                                                     March.

Computer Audit *
CIVICA Financials          Medium     15       Jan 07
Network Infrastructure     High       15       Jan 07
Academy                    High       15       Feb 07

Required by Senior
Management
Governance/Risk            High       10       05/02/07
                                                                               th
ICT Partnership            High       2        Ongoing             Meeting on 17 August with the Audit Commission and representatives from Adur.
                                                                                rd
(CENSUS)                                                           Meeting on 23 October with Graham Crossingham and representatives from Adur and Horsham.
                                                                                              th
                                                                   Next meeting planned for 25 January 07.
Data Protection/           Medium      2       10/07/06            10/07/06        25/07/06     25/07/06   31/07/06      04/08/06      31/07/06  Not
Freedom of Information                                                                                                                           applicable
Concessionary Fares                    7       24/07/06            24/07/06        31/08/06     01/08/06   30/08/06      22/08/06      19/09/06  3/01/07

Follow Ups including;-                25       Ongoing/as
LAPE, Indoor Business                          required.
Operations, Council Tax
and NNDR, Network
Infrastructure,
Resourcelink Payroll, IT
Continuity

Ad hocs & Specials         High       10       As required.


                                                                                                                                                                  Audit Sub – Committee –
                                                                                                                                                                         3rd January 2007

                                                          - 11 -
                                                                         Mid Sussex District Council

                                                                          Operational Plan 2006/07

                                                                Progress Report as at 13th December 2006

Audit Area               Rating   Budget/   Provisional      Fieldwork    Target date    Draft      Management   Target date    Final      High Priority   Comments
                                   days     Timing –         Commenced    for issue of   Report     Responses    for issue of   Report     Findings
                                            week                          Draft          Issued     Received     Final          Issued     Reported to
                                            commencing                                                                                     Audit
                                                                                                                                           Committee
Consultancy/Non Audit
LAPE PIR                            10      12/06/06         12/06/06     31/07/06       17/07/06   25/07/06     26/07/06       26/07/06   13/09/06
Land Charges GIS – Pre              5       Feb/March
IR                                          07



         *      Our ability to plan in these audits have been impacted upon by the CenSus IT Project.

         Draft Report should be issued no more than 20 working days after debrief meeting.
         Management Responses should be received no later than 10 working days after issue of draft report.
         Final Report should be issued no later than 5 working days after Management Responses are received.




                                                                                                                                                            Audit Sub – Committee –
                                                                                                                                                                   3rd January 2007

                                                    - 12 -
                                                                                                                                                                    Appendix B
PAYMENTS – 2006/07

Draft Issued: 2nd November 2006
Final Issued: 27th November 2006

                                         Finding                                                Recommendation               Management Response,              Implementation
                                                                                                                             Responsible Officer and                Dates
                                                                                                                                Current Status.               Original Revised
Setting up of New Creditors and Amendments to Standing Data

During the course of previous Payments audits it was established that officers with full       As             previously
access to the Payments system were able to set up new Creditors or amend data with no          recommended,             it   Training will be required from   31/12/06
prior authorisation and no subsequent management review. It was confirmed that this            should be ensured that        the previous officer who
remains the case.                                                                              details       of        all   completed this task (Assistant
                                                                                               amendments              to    Head of Finance).
In order to strengthen control in this area it was recommended that details of amendments      standing    data      (for
to standing data and the setting up of new Creditors should be independently checked,          example. new creditors,       Principal Exchequer Officer
either via on-line authorisation or through subsequent verification of source documentation.   changes      to      bank
                                                                                               details)   made        are    Current Status
At that time, it was agreed that the Assistant Head of Finance would produce a Business        obtained    from       the
Objects report showing amendments to Creditor standing data and new Creditors set up on                                      At the time of this review the
                                                                                               Payments system on a                                                       31/03/07
the system and pass this to the Exchequer Officer and the Exchequer Assistant for review.                                    auditor was informed that the
                                                                                               regular basis via a
However, responsibility for the Payments function has now transferred to the Principal                                       Payments Officer who had
                                                                                               Business          Objects
Exchequer Officer, who will now need to run these reports.                                                                   been tasked with completing
                                                                                               report.
                                                                                                                             this recommendation was
                                                                                               The              Principal
These reports would then be used to check a sample of amendments or new creditors back                                       currently in hospital and
                                                                                               Exchequer          Officer
to source documentation, such as an invoice, letter or record of a telephone conversation.                                   therefore                  the
                                                                                               should ensure that the
                                                                                                                             recommendation had not
                                                                                               checks undertaken by
This control has operated satisfactorily in the past, however, no Business Objects report                                    been implemented.         The
                                                                                               the Exchequer Officer
showing amendments and new creditors have not been checked during this financial year                                        recommendation       will   be
                                                                                               and the Exchequer
which weakens control considerably as erroneous or inappropriate amendments may not be                                       followed up and reported on
                                                                                               Assistant              are
identified.                                                                                                                  at the March 07 Audit
                                                                                               appropriate and fully
                                                                                                                             Committee meeting.
                                                                                               documented.
The recommendation was included in the 2005/06 Internal Audit report with a target date for
                        st
implementation being 31 December 2006 and therefore was not due to have been
implemented at the time of our 2006/07 audit.        We have therefore restated the
recommendation, so that we can track its progress.

                                                                                                                                                               Audit Sub – Committee –
                                                                                                                                                                      3rd January 2007


                                              - 13 -
PAYMENTS – 2006/07

                                        Finding                                              Recommendation           Management Response,                Implementation
                                                                                                                      Responsible Officer and                  Dates
                                                                                                                         Current Status.                 Original Revised

Reconciliation between the Payments listing and the General Ledger

The auditor requested the reconciliation between the Creditors system and the General       A copy of the monthly     This issue has already been        31/12/06
Ledger for the months of July – September 2006 to ensure that they were properly prepared   reconciliation of the     initiated and a meeting with
and signed and dated by the preparing and reviewing officers. These documents were          creditors system should   an FMS Support Officer was
unavailable and the auditor was informed that no reconciliations had been performed since   be reviewed against the   to be completed on the
the introduction of the FMS Creditors system.                                               information held in the   03/11/06 – this meeting is to
                                                                                            General Ledger. These     include a discussion on the
                                                                                            should be completed by    reconciliations.        It    is
                                                                                            the preparing officer     envisaged that further training
                                                                                            and then independently    would be most likely to
                                                                                            reviewed with both        complete this task.
                                                                                            officers signing and
                                                                                            dating the documents      Principal Exchequer Officer
                                                                                            to confirm the task is
                                                                                            complete.                 Current Status

                                                                                                                                                                     31/03/07
                                                                                                                      At the time of this review the
                                                                                                                      auditor was informed that the
                                                                                                                      Payments Officer who had
                                                                                                                      been tasked with completing
                                                                                                                      this recommendation was
                                                                                                                      currently in hospital and
                                                                                                                      therefore                  the
                                                                                                                      recommendation had not
                                                                                                                      been implemented.         The
                                                                                                                      recommendation       will   be
                                                                                                                      followed up and reported on
                                                                                                                      at the March 07 Audit
                                                                                                                      Committee meeting.


                                                                                                                                                          Audit Sub – Committee –
                                                                                                                                                                 3rd January 2007




                                            - 14 -
PAYMENTS – 2006/07

                                            Finding                                              Recommendation            Management Response,               Implementation
                                                                                                                           Responsible Officer and                 Dates
                                                                                                                              Current Status.                Original Revised

Payment to Creditors Without an Invoice Being Present

At the commencement of this audit, the Exchequer Officer confirmed that a payment would         Payment should not be      A memo is to be issued            31/01/07
only be made to a creditor if an invoice was present. However, during the course of             made unless an original    instructing the sections of the
reviewing a sample of 20 invoices, it was found in two cases that no formal/adequate invoice    and fully detailed and     reasons why an invoice will
was present, just a payment request/voucher. This raises several control issues as follows:     documented invoice is      be returned to the section.
                                                                                                passed      to       the   An initial trail will be
•   The Exchequer section cannot confirm that the correct amount is being paid.                 Exchequer       section.   completed and reviewed. As
                                                                                                Required         details   the team are aware of repeat
                                                                                                include, name, address     offenders to the correct
•   It is not possible to confirm that where VAT has been charged, it has been correctly        and reasons for the        system procedures, then the
    shown on the payment voucher, and confirm that a VAT number is shown on the                 invoice.                   support of the Head of
    invoice.                                                                                                               Finance would be required.
                                                                                                If a payment voucher
•   It is not possible to confirm creditor terms or the date that the invoice was issued.       alone is passed to the     Principal Exchequer Officer
                                                                                                Exchequer section for
•   It is not possible to confirm that the invoice is not a copy or that it looks reasonable.   payment, it should be                                                    31/03/07
                                                                                                sent back to the           Current Status
                                                                                                originating department
•   It is not possible to confirm that the goods or services are as stated on the invoice and
                                                                                                with a request that the
    are correctly coded.                                                                                                   At the time of this review the
                                                                                                invoice is attached.
                                                                                                                           auditor was informed that the
Similar recommendations have been made in previous years.                                                                  Payments Officer who had
                                                                                                                           been tasked with completing
                                                                                                                           this recommendation was
                                                                                                                           currently in hospital and
                                                                                                                           therefore                  the
                                                                                                                           recommendation had not
                                                                                                                           been implemented.         The
                                                                                                                           recommendation       will   be
                                                                                                                           followed up and reported on
                                                                                                                           at the March 07 Audit
                                                                                                                           Committee meeting.

                                                                                                                                                              Audit Sub – Committee –
                                                                                                                                                                     3rd January 2007


                                                 - 15 -
LOCAL AUTHORITY PARKING ENFORCEMENT (LAPE)

Draft Issued:                     17th July 2006
Final Issued:                     26th July 2006

                                            Finding                                Recommendation            Management Response,                  Implementation
                                                                                                             Responsible Officer and                    Dates
                                                                                                                Current Status.                   Original Revised
Parking Charge Notice (PCN) Debt Recovery                                                                    Initial Response
                                                                                  The appointment of a
                                                                                  bailiff company to act     WSCC were formally going to
                                                                                  on behalf of the Council   tender for the ‘bailiffs’ which it
The council is yet to formally appoint a bailiff company to act on it’s behalf.   should      also     be    was estimated will take              30/09/06
                                                                                  considered as a matter     approximately 3          months.
                                                                                  of urgency.                They have suggested using
                                                                                                             our     current        ‘Revenues
                                                                                                             Section’ bailiffs in the interim.

                                                                                                             Parking Services Manager
                                                                                                                                   st
                                                                                                             Position as at 31          August
                                                                                                             2006

                                                                                                             The bailiffs were being
                                                                                                             tendered by WSCC.       The
                                                                                                             Council had a meeting in
                                                                                                             September with CCSES to
                                                                                                             set up a short term contract
                                                                                                             as an interim measure.

                                                                                                             Current Status

                                                                                                             The appointment of CCSES
                                                                                                             was delayed as they were
                                                                                                             part      of        a     BBC
                                                                                                             ‘Whistleblowers’      program.
                                                                                                             However,        after   further
                                                                                                             reviews they were appointed
                                                                                                             as the bailiff for MSDC, HDC
                                                                                                             and WSCC on the 28/11/06.
                                                                                                                                                   Audit Sub – Committee –
                                                                                                                                                          3rd January 2007


                                                 - 16 -
CONCESSIONARY FARES

Draft Issued:           1st August 2006
Final Issued:           19th September 2006

                                         Finding                                                 Recommendation             Management Response,               Implementation
                                                                                                                            Responsible Officer and                 Dates
                                                                                                                               Current Status.                Original Revised
Reconciliation of Invoices and Revenue Received                                                                             Initial Response

The council produce a quarterly report which is sent to the external co-ordinator MCL. From     The        reconciliation   The invoices received vary
this, an invoice is produced and returned to the council via the administrating council, East   should be signed and        slightly from those details       13/12/06
Sussex County Council. This invoice is passed for payment without being independently           dated by the preparing      from the Fare Deal system,
reviewed, although the correct payment request form is used that includes the relevant          officer and passed to       due to the system not being
authorisation signature.                                                                        an appropriate officer      able to calculate ‘part’ years.
                                                                                                for independent review.
A manual MS Excel spreadsheet has been developed since the last Internal Audit report in                                    Adjustments would need to
2004. This details invoices passed for payment and revenue received by the local parish         This recommendation         be entered, to enable the two
councils that sell and issue passes on the councils behalf, which is checked against the        was also made in the        to balance, although it is not
FMS Financial systems information.                                                              2000/01 audit report but    known     whether    this   is
                                                                                                has        not     been     possible with the existing
However, this spreadsheet is completed by the Concessionary Fares Officer who controls all      implemented. The use        software.
areas of the Concessionary Fares and therefore no independent checks are completed.             of the Fare Deal system
                                                                                                to     interrogate   the    A ‘tolerance’ level should be
                                                                                                information held within     given to the system figure
                                                                                                it should be enhanced       when checked against the
                                                                                                with relevant reports       invoice. A print out from the
                                                                                                developed and utilised      Fare Deal system would then
                                                                                                to review the system        be attached to the invoice for
                                                                                                data.                       the Head of Service to check
                                                                                                                            and authorise.
                                                                                                These reports should
                                                                                                be        independently     Head of Community Services.
                                                                                                verified    and     any
                                                                                                highlighted      issues     Current Status
                                                                                                should be amended
                                                                                                and updated on the          The system for quarterly
                                                                                                system as soon as           payments        has     been
                                                                                                possible.                   superseded by a fixed cost
                                                                                                                            agreement. Reconciliation’s
                                                                                                                            are no longer required.
                                                                                                                                                               Audit Sub – Committee –
                                                                                                                                                                      3rd January 2007

                                              - 17 -
MAIN ACCOUNTING

Draft issued:                   April 2006
Final issued :                  June 2006.


                                         Finding                                                Recommendation             Management Response,              Implementation
                                                                                                                           Responsible Officer and                Dates
                                                                                                                              Current Status.               Original Revised
Setting up of New Main Accounting System Codes.

All Principal Accountants and above are able to set up new codes or amend existing codes       In order to maintain an     Agreed.                          30/06/06
in the Main Accounting System. These may be new cost centres or detail codes and may           adequate management                                          and
arise when a new source of income or expenditure is identified. However, as they have full     audit trail, requests for   Group Accountant                 quarterly
access to the Main Accounting System, including the ability to input journals, this does not   new codes should be                                          thereafter
provide for adequate segregation of duties. In addition, there is no evidence of subsequent    made in writing.            Current Status                   .
management review to ensure that all new codes set up are valid and accurate.
                                                                                               A responsible officer       A spreadsheet is being
                                                                                               should undertake a          maintained and updated on a
                                                                                               review of all new codes     quarterly basis. The Team
                                                                                               set        up       and     have developed a business
                                                                                               amendments to codes         objects report which they are
                                                                                               on a monthly basis,         looking to use to reconcile to
                                                                                               ensuring that they are      their spreadsheet in the new
                                                                                               appropriate.        This    year.
                                                                                               review     should    be
                                                                                               evidenced to confirm
                                                                                               that it has taken place
                                                                                               and any action taken
                                                                                               should be noted by the
                                                                                               reviewing officer.




                                                                                                                                                             Audit Sub – Committee –
                                                                                                                                                                    3rd January 2007


                                              - 18 -
INDOOR BUSINESS OPERATIONS

Draft issued:                    December 2005
Final issued :                   February 2006

                                          Finding                                                 Recommendation                Management         Implementation
                                                                                                                           Response, Responsible        Dates
                                                                                                                             Officer and Current Original Revised
                                                                                                                                   Status.
Sales Ledger Management                                                                                                    Initial Response

The Scuba 5 software system does not have a satisfactory sales ledger operating system.          Due to the inability of   To be implemented as part
This is necessary because some customers are invoiced for goods and services received.           the Scuba 5 system to     of the review of the                April 06
                                                                                                 operate an adequate       Powersolve system.
The system currently issues a ‘Payment Advice’ and a ‘Payment Schedule’. The Payment             sales ledger for the      Business Manager Leisure
Advice gives details of VAT charged, and correctly does not show a VAT number which              Leisure        Centres’   Operations
would otherwise indicate that it was a VAT invoice. (This could also be referred to as a pro-    customer accounts, an
                                                                                                                                                   th
forma invoice). The Payment Schedule is the document that the customer is expected to            urgent review should be   Status as at 20              June
use as an invoice but this is inadequate, as it does not provide details of the VAT charged or   undertaken, involving     2006
a VAT number.                                                                                    both centre staff and
                                                                                                 the Finance section to    Not be implemented due to
The revenues posted on the system are not generated as actual revenue until payment is           discuss how such debts    ‘teething’ problems with the
received. If the amount owing includes catering revenue, this is not taken into account in       should be accounted       Financial       Management
the results produced by the stocktaker.                                                          for.                      System (FMS).
                                                                                                                                              st
The outstanding balance as at the end of October 05 was £22,040.24 for the three Leisure         This should involve       Status as at 31          August
                                                      st
Centres and although these invoices date back to the 1 March 2005, this revenue will not         customer       accounts   2006
appear on the Council General Ledger system.                                                     being posted on to the
                                                                                                 General Ledger on a       Implementation had begun                           1/11/06
                                                                                                 regular basis.            but still problematical.

                                                                                                                           Current Status

                                                                                                                           Due to operational issues
                                                                                                                           within the FMS and Leisure                         1/04/07
                                                                                                                           Teams, the implementation
                                                                                                                           of the FMS system has not
                                                                                                                           yet taken place.          The
                                                                                                                           Business      Manager       is
                                                                                                                           continuing to produce a list
                                                                                                                           of all outstanding debts.
                                                                                                                                                                   Audit Sub – Committee –
                                                                                                                                                                          3rd January 2007

                                               - 19 -
INDOOR BUSINESS OPERATIONS

                                       Finding                                              Recommendation             Management         Implementation
                                                                                                                  Response, Responsible        Dates
                                                                                                                    Officer and Current Original Revised
                                                                                                                          Status.
Sales Ledger Management                                                                                           Initial Response

Continued.                                                                                                        Will be implemented as part
                                                                                                                  of the review of the                April 06
If an amount is required to be written off, no formal procedure has been established and   A formal write off     Powersolve system.
agreed by the council.                                                                     procedure should be    Business Manager Leisure
                                                                                           approved by the Head   Operations
                                                                                           of Finance
                                                                                                                                          th
                                                                                                                  Status as at 20              June
                                                                                                                  2006

                                                                                                                  Not implemented.       The                         1/09/06
                                                                                                                  Administration Group are
                                                                                                                  moving towards this. They
                                                                                                                  had their first meeting in
                                                                                                                  May 06.
                                                                                                                                     st
                                                                                                                  Status as at 31          August
                                                                                                                  2006

                                                                                                                  A write off procedure has
                                                                                                                  been developed. However,
                                                                                                                  it is not acceptable to
                                                                                                                  Internal Audit in its current
                                                                                                                  format. It has not been
                                                                                                                  formally approved by the
                                                                                                                  Head of Finance.

                                                                                                                  Current Status

                                                                                                                  As part of a wider Debtors
                                                                                                                  review    it   has   been
                                                                                                                  proposed that a generic
                                                                                                                  campus       ‘write    off’
                                                                                                                  procedure is considered to
                                                                                                                  ensure consistency.
                                                                                                                                                          Audit Sub – Committee –
                                                                                                                                                                 3rd January 2007
                                            - 20 -
INDOOR BUSINESS OPERATIONS

                                         Finding                                                Recommendation                  Management         Implementation
                                                                                                                           Response, Responsible        Dates
                                                                                                                             Officer and Current Original Revised
                                                                                                                                   Status.
Membership Card Controls                                                                                                   Initial Response

The Auditor ascertained the procedures in relation to the control of membership Cards and it   Management        should    Adding         photos      to
was agreed that a member of the public could mis-use a Card to gain access to the centre       complete a full review      membership details, will            01/04/06
and use the facilities for no charge.                                                          of the controls for the     reduce the misuse of cards
                                                                                               membership         cards.   significantly.      Business
The design of the cards and the current method of use for the Scuba 5 system does not          This should include a       Manager               Leisure
allow for checking of identity by a photo image and nor does it allow a ‘swipe card’ entry     full set of procedures to   Operations
system to be used to gain access to the facilities. The membership number is manually          be implemented and
                                                                                                                                                   th
entered in to the Scuba 5 system with no further checks being completed to confirm that the    review of the way the       Status as at 20              June
cardholder is the person detailed on the system. Furthermore, the cards are held in the        centres use the Scuba       2006
reception area and able to be freely distributed by the Reception staff. This means that       5 system.
there is no control on the number of cards issued and no record of to whom the cards have                                  Superseeded     by   the                          03/07/06
been issued... In addition, it was noted that the cards are not pre-numbered which makes                                   introduction of the new
                                                                                                                                                  rd
control over them extremely difficult.                                                                                     membership scheme on 3
                                                                                                                           July 2006. The new cards
                                                                                                                           have a photo and are
                                                                                                                           ‘swipe’ cards.
                                                                                                                                              st
                                                                                                                           Status as at 31          August
                                                                                                                           2006

                                                                                                                           The     new    membership
                                                                                                                           scheme        was     been
                                                                                                                           introduced, however the
                                                                                                                           issue of the new cards was
                                                                                                                           been delayed due to IT
                                                                                                                           issues.

                                                                                                                           Current Status

                                                                                                                           The introduction of the new
                                                                                                                           style cards has commenced
                                                                                                                           although some of the ‘old’
                                                                                                                           cards will be in place for up
                                                                                                                           to a year.
                                                                                                                                                                  Audit Sub – Committee –
                                                                                                                                                                         3rd January 2007
                                              - 21 -
INDOOR BUSINESS OPERATIONS

                                        Finding                                                 Recommendation               Management         Implementation
                                                                                                                        Response, Responsible        Dates
                                                                                                                          Officer and Current Original Revised
                                                                                                                                Status.
Payments to Casual Employees                                                                                            Initial Response

The auditor completed a check of payments made to casual employees and it was found         A full review of the        Already an admin role at
that each of the three Leisure Centres had a different way of processing and collating      procedures             in   Dolphin. To be introduced           01/02/06      01/10/06
information, prior to it being to Oaklands for processing.                                  completing the monthly      at The Triangle in January
                                                                                            payroll    should     be    06. Will continue to be an
The system at Triangle was of particular concern as, when attempting to balance the hours   undertaken urgently. It     Assistant Manager function
worked to payment details notified to Oaklands, variances, both under and over payments,    is suggested that the       at Kings.
were identified. It was noted that this centre has Recreational Officers processing the     task      be      either
                                                                                                                                                th
information, whereas both the Kings and Dolphin usually have dedicated administrators to    segregated and given        Status as at 20              June
collate and process the information.                                                        to an ‘administrator’ to    2006
                                                                                            complete and/or the
                                                                                            task be completed on a      Not implemented.       The
                                                                                            weekly basis.               Administration Group are
                                                                                                                        moving towards this. They
                                                                                                                        had their first meeting in
                                                                                                                        May 06.
                                                                                                                                           st
                                                                                                                        Status as at 31          August
                                                                                                                        2006

                                                                                                                        The Administration group
                                                                                                                        has met on two occasions
                                                                                                                        (May and July).

                                                                                            .                           Current Status

                                                                                                                        Payroll administration will
                                                                                                                        become centralised within
                                                                                                                        the next couple of months.
                                                                                                                        The new arrangements will
                                                                                                                        be reviewed as part of the
                                                                                                                        Payroll Audit in February
                                                                                                                        2007.

                                                                                                                                                               Audit Sub – Committee –
                                                                                                                                                                      3rd January 2007


                                            - 22 -
INDOOR BUSINESS OPERATIONS

                                         Finding                                                Recommendation                  Management         Implementation
                                                                                                                           Response, Responsible        Dates
                                                                                                                             Officer and Current Original Revised
                                                                                                                                   Status.
Review of Gift / Free Vouchers                                                                                             Initial Response

The Kings Leisure Centre holds a batch of £5 gift vouchers that have not apparently been       Due to the lack of          All complimentary vouchers
used for several months. Indeed, this would be confirmed by the use of the old Kings logo      control, all ‘free of       to     become    controlled         01/04/06
on the front of them. When asked if they were still accepted it was accepted that they would   charge’ vouchers with a     stationery.        General
be. However, it was noted that vouchers were not logged or numbered to assist in               monetary       value   in   Manager             Leisure
maintaining an Audit trial.                                                                    operation across the        Operations
                                                                                               three Leisure Centres
                                                                                                                                                   th
Each of the Leisure Centres operate and distribute free passes and these cards are             should be reviewed and      Status as at 20              June
normally used when a customer has a complaint and are a way of compensation. The               either     logged    and    2006
number of various passes in operation in one of the sites totalled eight (from child swim to   tracked or discontinued.                                                      01/09/06
family swim to Aerobics). However, controls are not adequate due to the lack of formal         The use of ‘Free            Not implemented due to the
records to show who has received the pass and the reasons for its use.                         Passes’      should   be    review of the branding of
                                                                                               reviewed and should         the Leisure Centres.
The format and presentation of these varied from basic to laminated and it was noted that      include which passes
                                                                                                                                              st
none of them contained a log number to assist in tracking their usage.                         are to be available, how    Status as at 31          August
                                                                                               they     are    produced    2006
                                                                                               (individual or generic
                                                                                               for all three sites) and    The re-branding of the
                                                                                               procedures and how          Leisure Centre’s continues.
                                                                                               and when they are to        Vouchers are to become
                                                                                               be used. In addition,       ‘controlled stationery’ until
                                                                                               they should be pre-         the re-marketing exercise is
                                                                                               numbered             and    complete. This was not in
                                                                                               therefore have an audit     place in all Centres at the
                                                                                               trail.   A spreadsheet      time of the auditors follow
                                                                                               should be developed         up meeting.
                                                                                               and used by all centres.
                                                                                                                           Current Status

                                                                                                                           Vouchers are now being
                                                                                                                           controlled and the process
                                                                                                                           of changing over to the new
                                                                                                                           corporate branding will
                                                                                                                           begin once existing stocks
                                                                                                                           are depleted.
                                                                                                                                                                  Audit Sub – Committee –
                                                                                                                                                                         3rd January 2007
                                              - 23 -
INDOOR BUSINESS OPERATIONS

                                         Finding                                                Recommendation                   Management         Implementation
                                                                                                                            Response, Responsible        Dates
                                                                                                                              Officer and Current Original Revised
                                                                                                                                    Status.
Cancellation Policy                                                                                                         Initial Response

The terms and conditions of the Kite Card state that cancellations that occur on the ‘day of   A           Management       In implementing Scuba 5,            01/02/06
play’ will incur a charge. However, when examining the ‘arrears’ section of the Scuba 5        decision should be           the chasing of arrears was
system, many cancellation charges are still outstanding, which relate back to April 2005       made as to whether the       overlooked.           Those
when the system was upgraded from Scuba to Scuba 5. The ‘booking arrears report’ stated        Leisure Centres will         outstanding     prior    to
that in total the three Leisure Centres had in excess of £3,000 outstanding although this      realise the outstanding      September will be removed.
figure is not reported on or shown on the General Ledger. In addition, there are currently     value       within     the   Letters are in place and
no instructions for the Leisure Centres on how to treat or pursue such outstanding amounts     ‘arrears’ section of the     weekly    runs    will   be
of money. This has resulted in the Leisure Centres not pursuing such debts                     Scuba       5      system    introduced.       Business
                                                                                               (majority              are   Manager             Leisure
                                                                                               cancellation charges).       Operations
                                                                                               If it is deemed that they
                                                                                                                                                    th
                                                                                               will not, then these         Status as at 20              June
                                                                                               amounts should be            2006
                                                                                               removed       from     the
                                                                                               Scuba 5 system with          Not implemented.     The
                                                                                               correct authorisation.       Administration Group are
                                                                                                                            moving towards this. First                        01/10/06
                                                                                               Once the system has          meeting in May 06.
                                                                                               been cleansed, then a
                                                                                                                                               st
                                                                                               procedure should be          Status as at 31          August
                                                                                               introduced upon to           2006
                                                                                               ensure       that     all
                                                                                               cancellation     charges     Will be resolved once the
                                                                                               are captured                 ‘write off’ procedures have
                                                                                                                            been agreed.

                                                                                                                            Current Status

                                                                                                                            New terms and conditions
                                                                                                                            have been introduced and
                                                                                                                            will operate in conjunction
                                                                                                                            with the write off policy,
                                                                                                                            once formally agreed by the
                                                                                                                            Head of Finance.
                                                                                                                                                                     Audit Sub – Committee –
                                                                                                                                                                            3rd January 2007
                                              - 24 -
INDOOR BUSINESS OPERATIONS

                                          Finding                                                  Recommendation                Management         Implementation
                                                                                                                            Response, Responsible        Dates
                                                                                                                              Officer and Current Original Revised
                                                                                                                                    Status.
Stocktaker Agreement Review                                                                                                 Initial Response

The Auditor requested a copy of stocktaker agreement. However, this was not available             As a minimum, a           Agreed.
and the auditor was informed that there is no formal contract/service agreement with the          service level agreement
beverage stocktaker. This situation could lead to confusion as the amount of hours worked,        should be put in to       Written specification to be         01/02/06
the type of work to be undertaken and the output is not clearly set out. For example, it is not   place at the earliest     produced and agreed with
clear whether he completes 10 checks on prices on the tariff, against the till and his own        opportunity. This will    the stocktaker. Catering
results sheet, although he does appear to be completing regular monthly stock checks.             help both parties to be   Operations Manager.
                                                                                                  aware        of     the
                                                                                                                                             th
                                                                                                  expectations from each    Status as at 20 June 06
                                                                                                  visit completed by the                                                      01/09/06
                                                                                                  stocktaker                Not implemented.      A
                                                                                                                            revised target date was
                                                                                                                            agreed.
                                                                                                                                                  st
                                                                                                                            Status as at 31            August
                                                                                                                            2006

                                                                                                                            Draft   Service     Level
                                                                                                                            Agreement was available
                                                                                                                            but had not been formally
                                                                                                                            implemented.

                                                                                                                            Current Status

                                                                                                                            The SLA was agreed in
                                                                                                                            September.




                                                                                                                                                                     Audit Sub – Committee –
                                                                                                                                                                            3rd January 2007



                                               - 25 -
INDOOR BUSINESS OPERATIONS

                                          Finding                                                  Recommendation                  Management         Implementation
                                                                                                                              Response, Responsible        Dates
                                                                                                                                Officer and Current Original Revised
                                                                                                                                      Status.
Management and Contracting of Vending and Gaming Machines                                                                     Initial Response

There are several vending machines, Infant rides and gaming machines situated at the              All vending machines        To be incorporated into          01/02/06
leisure centres. However, details of usage of the machine to monitor and/or track                 should have the facility    month end procedures and
consumption levels and revenue streams are not evident.                                           to track consumption of     variance reports produced
                                                                                                  the goods for sale for      by management.
The Auditor attempted to review all vending machine contracts. However several different          stocktaking   purposes
suppliers are being used and many did not have formal contracts in place.                         and to assist in the        To be reviewed when
                                                                                                  control of the revenue      current leases expire.
During the course of discussions with relevant officers, it was established that although it is   being entered in to the     Catering         Operations
a requirement for two officers to collect vending machine takings, this is not always adhered     Scuba 5 system. It is       Manager.
to.                                                                                               recommended that all
                                                                                                                                               th
                                                                                                  machines that do not        Status as at 20 June 06
                                                                                                  meet this criteria are
                                                                                                  replaced. Furthermore,      Partially implemented. New                     01/08/06
                                                                                                  a variance report of the    contract     in    place   for
                                                                                                  items brought to the        confectionary         vending
                                                                                                  those sold and the          machines which include a
                                                                                                  revenue      generated      counter enabling stock
                                                                                                  should be produced.         useage to be monitored.
                                                                                                                              Drinks vending machines
                                                                                                  A full review of all        were still to be reviewed.
                                                                                                  contracts/lease
                                                                                                                                               st
                                                                                                  agreements should be        Status as at 31 August
                                                                                                  completed          with     2006
                                                                                                  contracts put in place.
                                                                                                  A    copy    of  these      Implemented except         for
                                                                                                  contracts should be         non-food machines.
                                                                                                  forwarded to the Legal
                                                                                                  section.                    Current Status

                                                                                                  In     addition,     two    Due to other commitments,
                                                                                                  members       of    staff   the review of the gaming
                                                                                                  should    empty       the   machines and children’s fun
                                                                                                  machines at all times.      rides   is   still to    be
                                                                                                                              completed.
                                                                                                                                                                  Audit Sub – Committee –
                                                                                                                                                                         3rd January 2007
                                               - 26 -
INDOOR BUSINESS OPERATIONS

                                         Finding                                               Recommendation                  Management         Implementation
                                                                                                                          Response, Responsible        Dates
                                                                                                                            Officer and Current Original Revised
                                                                                                                                  Status.
Food and Beverage Supplier and Invoice Controls                                                                           Initial Response.                  01/02/06

The auditor was informed that food invoices were randomly checked to confirm that prices      Checks made upon the        To be incorporated into role
charged are in agreement with charges set by the supplier. However, pricelists used for       accuracy of supplier        of           administrators
these checks were not available for all goods received and when the Auditor completed a       invoices should be          processing        invoices.
random check from one supplier, three out of five prices were incorrect, resulting in the     increased to ensure         Catering        Operations
Council being over charged.                                                                   that the prices charged     Manager.
                                                                                              are correct.      It is
                                                                                                                                                 th
It was noted that although the Leisure Centres may choose their own suppliers, the Catering   suggested           that    Status as at 20             June
Operations Manager is working with the three Leisure Centres to implement a policy of         management       ensure     2006
using the same supplier for the same goods in all leisure centres.                            that these tests are
                                                                                              done on a weekly            Not      been implemented.
                                                                                              basis.                      The     Administration Group
                                                                                                                          are     moving towards this.
                                                                                              The consistency in the      First   meeting held in May
                                                                                              use of the same             06.                                              01/10/06
                                                                                              supplier for a particular
                                                                                                                                            st
                                                                                              line of goods should be     Status as at 31         August
                                                                                              enforced      with   the    2006
                                                                                              support                of
                                                                                              management. This will       A 2 year contract with one
                                                                                              assist in the purchasing    distributor to supply all the
                                                                                              of the best quality         Leisure Centres is now in
                                                                                              goods, best price and       place.         A    checking
                                                                                              the same level of           methodology for invoices is
                                                                                              product value for the       being developed.
                                                                                              customer.
                                                                                                                          Current Status

                                                                                                                          Checks completed by the
                                                                                                                          Leisure Catering Managers
                                                                                                                          with    the     Operations
                                                                                                                          Catering Manager also
                                                                                                                          completing random checks.

                                                                                                                                                                  Audit Sub – Committee –
                                                                                                                                                                         3rd January 2007

                                             - 27 -
INDOOR BUSINESS OPERATIONS

                                         Finding                                                 Recommendation                  Management         Implementation
                                                                                                                            Response, Responsible        Dates
                                                                                                                              Officer and Current Original Revised
                                                                                                                                    Status.
Inconsistency in Till Systems                                                                                               Initial Response                    Jan 06

The tills in use by the three Leisure Centres vary by model in operation and there is           Due to the lack of          Trial of Scuba 5 for catering
inconsistency in the keys which may or may not be used, for example; one Leisure Centre         capability in the till      planned for January 06.
uses a 20% discount and ‘Mis Vend’ button.                                                      operations (for example     The current tills do not
                                                                                                limited ability to track    permit this but Scuba 5 can.
All tills have a ‘no sale’ button. This is where the till may be opened without a sale having   and record individual       Catering          Operations
taken place, but no management review is undertaken to ensure that this facility was used       staff usage), the tills     Manager.
appropriately. This facility can be easily used to enter a genuine sale through the till, but   should be reviewed.
                                                                                                                                                    th
without the money actually being received. A further no sale entry at a later stage can then    The             Catering    Status as at 20              June
provide the opportunity for the member of staff to extract money from the till without          Operations      Manager     2006
suspicion.                                                                                      should    confirm    the
                                                                                                procedures and the          Not implemented. The trial
It was noted that one of the tills at the Dolphin centre does not generate a VAT receipt        buttons to be activated     of the system at the Dolphin                     01/09/06
although a receipt in basic format is given to every customer.                                  for each site.              did not transpire.
                                                                                                                                               st
                                                                                                Management         should   Status as at 31          August
                                                                                                complete          random    2006
                                                                                                reviews of the use of
                                                                                                the ‘no sale’ button.       The trail of the Scuba 5 has
                                                                                                                            still to be completed. The
                                                                                                                            review of ‘no sales’ and a
                                                                                                                            detailed VAT receipt is not
                                                                                                                            apparent in all centre’s.

                                                                                                                            Current Status

                                                                                                                            Reviews        are        now                    31/03/07
                                                                                                                            completed on ‘no sales’ and
                                                                                                                            the VAT number will be
                                                                                                                            introduced with the Scuba 5
                                                                                                                            till module. The trail is now
                                                                                                                            due to take place before the
                                                                                                                            end of the financial year.
                                                                                                                                                                    Audit Sub – Committee –
                                                                                                                                                                           3rd January 2007



                                              - 28 -
INDOOR BUSINESS OPERATIONS

                                          Finding                                                  Recommendation                 Management         Implementation
                                                                                                                             Response, Responsible        Dates
                                                                                                                               Officer and Current Original Revised
                                                                                                                                     Status.
Stocktaker Performance Review                                                                                                Initial Response

As reported earlier, the Stocktaker does not a service level agreement in place. However,         The performance of the     This will be introduced once        None
basic checks would be expected to be completed by the provider of this service at each visit.     Stocktaker should be       the contract has been               specified.
When the Auditor reviewed the work of the stocktaker, several areas of concern were               regularly monitored and    formulised and agreed.
highlighted that would suggest that certain key tests are not undertaken. Those areas             reviewed to assist the     Catering           Operations
identified included; the stocktaker calculating a result on a different Baileys Measure to that   Council    is    gaining   Manager
actually used at the centre, out of date stock found at ALL the three Leisure Centres,            accurate results in its
                                                                                                                                                     th
establishing whether tariffs were signed and dated, establishing whether optic measures           Catering division.         Status as at 20              June
showed a Government Stamp (GS) and not identifying variances in the tariff price against                                     2006
the till price and the price used in his report. Kalibar was found to be price listed at £1.20,
the till actually charged £1.60 and he used price of £1.50 in his report.                                                    Not implemented.                                  01/09/06
                                                                                                                                                st
                                                                                                                             Status as at 31          August
                                                                                                                             2006

                                                                                                                             An     updated      Financial
                                                                                                                             Instruction has been issued
                                                                                                                             since the last review.
                                                                                                                             However, until the SLA has
                                                                                                                             been formally issued, the
                                                                                                                             monitoring       of      the
                                                                                                                             stocktakers     performance
                                                                                                                             can not be completed.

                                                                                                                             Current Status

                                                                                                                             The SLA was agreed on the
                                                                                                                              th
                                                                                                                             6 September 2006 and is
                                                                                                                             discussed as part of the
                                                                                                                             monthly           Catering
                                                                                                                             Operational team meetings.
                                                                                                                                                                      Audit Sub – Committee –
                                                                                                                                                                             3rd January 2007




                                               - 29 -
COUNCIL TAX & NNDR

Draft Issued:                   September 2005
Final Report Issued:            November 2005

                 Finding                                Recommendation             Management Response, Responsible Officer and Current                    Implementation
                                                                                                        Status.                                                 Dates
                                                                                                                                                         Original Revised
Amendments of Council Tax Entries on the                                           Initial Response
Property Database.
                                               Management checks should be         The Revenues Manager is working on these and has completed
                                                                                                  st
It is important that an appropriate official   completed each month and            checks up to 31 September 2005. These will be undertaken on a         Nov 05
approves all amendments to the property        details of these checks should      regular basis. Revenues Manager.
database in respect of Council Tax, with all   be fully recorded.
                                                                                                    st
supporting      documentary       evidence                                         Status as at 31 August 2006
maintained on file as all members of the       The record maintained of these
Revenues Section have the ability to make      checks should also provide          As the end of February 2006, we reported that these checks were
amendments to the property database.           evidence      that     the  total   now up to date, but that the situation would be kept under review.
                                               percentage reviewed was in
Where it is not operationally possible,        line with that agreed with          Further review in June 2006 has confirmed that these checks are
management should review amendments            Internal Audit, that is 5%.         now approximately 3 months behind.
retrospectively, on a sample basis.
                                               This   recommendation     was       A restructuring had taken place resulting in responsibility for
Following last year’s and previous year’s      made in the 2002-03 and 2004-       amendments to the property database being transferred to the newly
Council Tax reviews it was recommended         2005    audit   reports   with      formed Technical Team. This had improved the level of internal
and agreed that the Revenues Manager           implementation dates agreed.        control within the system and thus reduced the risk to which the
complete tests on the amendments to the                                            Council is exposed. Checks would be introduced by the Technical
database. However, at the time of the                                              Team leader of the amendments made by their Team. This would
audit, these reviews had lapsed.                                                   remove the need for the Revenues Manager to undertake a 5%
                                                                                   check of amendments. If this is not possible then it will remain
                                                                                   necessary for the Revenues Manager to undertake a sample check.

                                                                                   Current Status

                                                                                   We were advised that segregation of duties has not been maintained
                                                                                   under the new structure due to resource issues. Management
                                                                                   checks have also lapsed, the last recorded checks being undertaken
                                                                                   on 31/12/05 for Property Database Amendments and 5/04/06 for
                                                                                   Account Amendments.

                                                                                   Other solutions to this situation are being explored with managers.

                                                                                                                                                             Audit Sub – Committee –
                                                                                                                                                                    3rd January 2007
                                               - 30 -
COUNCIL TAX & NNDR

                Finding                               Recommendation           Management Response, Responsible Officer and Current                         Implementation
                                                                                                    Status.                                                      Dates
                                                                                                                                                          Original Revised
Arrangements to Pay                                                            Initial Response

Several reports are used to control and      The Revenues Manager should       The Operational Revenues and Benefits Manager would prefer that            Nov 05        To be
authenticate the changes made on the         reinstate regular management      the Revenues Manager undertakes a check of 150 arrangements                             confirmed.
property database, including arrangements    checks       in   respect    of   per month, rather than 5%. Revenues Manager.
to pay. However, checks on the reports       arrangements to pay and in
are not considered to be adequate            addition, maintain evidence of    Audit Comment - This is acceptable provided that the minimum
sufficient and rigorous enough. Internal     which accounts have been          number of checks undertaken exceeds 5%.
Audit obtained a report showing all          examined and confirm that they
                                                                                               st
arrangements in place at the time of the     represent at least 5% of the      Status as at 31 August 2006
audit and it was found that a number of      total number of (non instalment
these had not been the subject of a formal   statutory) arrangements at the    As the end of February 2006, we reported that these checks were
review for a number of weeks or had          time of review.                   now up to date, but that the situation would be kept under review.
unreasonable final payment dates.
                                             This   recommendation     was     Further review in June 2006 has confirmed that this check has not
In addition, management checks which had     made in the 2002-2003 and         been completed since the beginning of March 2006.
been agreed in line with Internal Audit      2004-2005 audit reports with
Recommendations had also lapsed.             implementation dates agreed.      A restructuring had resulted in the introduction of a Telephone Team
                                                                               and a Processing Team. Any request for an arrangement to pay
                                                                               received over the telephone is now recorded on a newly introduced
                                                                               “Arrangement Request” form. This is then forwarded to the
                                                                               Processing Team who make the necessary entries on the system.
                                                                               Therefore a segregation of duties and review has been introduced.
                                                                               We have suggested that the form should be amended to include a
                                                                               section for the inputter to enter their name/initials to confirm review.

                                                                               Whilst this represents an improvement in control, not all requests for
                                                                               an arrangement to pay are received over the telephone, a taxpayer
                                                                               may write or email the Council with their request and in these
                                                                               instances a form would not be completed and no independent
                                                                               review of the arrangement would take place.


                                                                                                                                                              Audit Sub – Committee –
                                                                                                                                                                     3rd January 2007




                                             - 31 -
COUNCIL TAX & NNDR

               Finding                    Recommendation   Management Response, Responsible Officer and Current                     Implementation
                                                                                Status.                                                  Dates
                                                                                                                                  Original Revised
                                                           The Revenues Court Officer undertakes checks on all arrangements
Arrangements to Pay continued.                             to pay where the case has reached an official enforcement/recovery
                                                           stage. It is thought that this is likely to exceed the 5% check
                                                           currently required. However, in order for us to be able to relax the
                                                           requirement for these checks to continue the Revenues Court
                                                           Officer would need to stop entering arrangements to pay onto the
                                                           system herself and this has been discussed with Management for
                                                           their consideration. In order to evidence the performance of these
                                                           checks, the Court Officer will need to place a comment on the
                                                           Academy system for each case reviewed.            In addition, any
                                                           arrangements to pay that did not reach an enforcement/recovery
                                                           stage would not be covered by the above checks. This method of
                                                           checking has been introduced, however, the court officer is
                                                           continuing to enter her own arrangements to pay, with no checks
                                                           being undertaken on her work.

                                                           Current Status

                                                           Council Tax arrangements to pay are now being reviewed by the
                                                           Court Officer.

                                                           In relation to NNDR, checks on arrangements to pay are not                          31/01/07
                                                           considered to be sufficiently robust, with a number of arrangements
                                                           not being reviewed for a number of weeks or had unreasonable final
                                                           payment dates. For example one arrangement examined was for a
                                                           debtor to pay £30 per month and was set up in 1997, with not
                                                           evidence of a formal review since then.

                                                           In addition management checks have also lapsed, the last recorded
                                                           date of these checks being undertaken is 16/12/05. We understand
                                                           that the Revenues Manager temporarily suspended these checks dir
                                                           to the review into “LABGI”, however these checks will be reinstated
                                                           in the new year.



                                                                                                                                      Audit Sub – Committee –
                                                                                                                                             3rd January 2007


                                 - 32 -
COUNCIL TAX


                 Finding                                 Recommendation              Management Response, Responsible Officer and Current                   Implementation
                                                                                                          Status.                                                Dates
                                                                                                                                                          Original Revised
Review of Accounts where Recovery                                                    Initial Response
Action is Suppressed.
                                                                                     Agreed.
During the course of this audit, it was
established that all staff are authorised to    The Revenues Manager should          The Revenues Manager confirmed that this check had once again        Nov 05
suppress an account, i.e. suspend               ensure that the weekly checks        lapsed but had now been brought up to date.
recovery action, and it is the responsibility   in respect of suppressed
of individual officers to ensure that the       accounts are completed in a          The Operational Revenues and Benefits Manager suggested that 50
suppression is, and remains, appropriate.       timely manner and evidence of        accounts be checked each week, as opposed to 5%.
                                                the checks should be retained
Consequently, it is important for a formal      on file. This will help ensure all   Audit Comment - This is acceptable provided that the minimum
regular review to ensure that all               available revenue is captured.       number of checks undertaken exceeds 5%.
suppressions are appropriate and valid.
                                                                                                    st
However, it was determined that the             This   recommendation     was        Status as at 31 August 2006
Revenues Manager does not currently             made in the 2002-2003 and
undertake any review of suppressed              2004-2005 audit reports with         As at February 2006, we reported that checks were due to be
accounts.                                       implementation dates agreed.         reinstated week commencing 2/1/06 as at the time of our follow up,
                                                                                     the weekly checks were not being carried out.

                                                                                     Subsequent discussions with Management in June 2006 has
                                                                                     identified that these checks have not been undertaken since
                                                                                     November 2005 and were not therefore reinstated according to the
                                                                                     above timescale.




                                                                                                                                                              Audit Sub – Committee –
                                                                                                                                                                     3rd January 2007




                                                - 33 -
COUNCIL TAX


             Finding                         Recommendation   Management Response, Responsible Officer and Current                      Implementation
                                                                                   Status.                                                   Dates
                                                                                                                                      Original Revised
Review of Accounts where Recovery                             Some improvements occurred as of the beginning of April 2006
Action is Suppressed.                                         when the Revenues Recovery Team Leader has been completing
                                                              checks in this area using a report generated from the system.
Continued                                                     Further discussion confirmed that this report will only pick up past,
                                                              current and those for the forthcoming week. It does not pick up any
                                                              suppressed accounts that are entered further than a week forward.
                                                              We have provided Management with details of the additional
                                                              information this report would need to include for the checks
                                                              performed by the Revenues Recovery Team Leader to be effective.
                                                              If this can be produced, this would negate the need for further
                                                              checks. The Operational Revenues and Benefits Manager has
                                                              confirmed that this will be raised with Academy however, this had
                                                              not yet happened due to resource constraints.

                                                              We were not able to discuss the current position with suppressed
                                                              accounts due to annual leave commitments of the key contact.
                                                              However, as at 29/08/06 there were 1947 suppressed accounts on
                                                              the system.

                                                              Current Status

                                                              Checks are now satisfactory.

                                                                                                                                          Audit Sub – Committee –
                                                                                                                                                 3rd January 2007




                                    - 34 -
COUNCIL TAX


               Finding                              Recommendation             Management Response, Responsible Officer and Current                     Implementation
                                                                                                    Status.                                                  Dates
                                                                                                                                                        Original Revised
Management Review of Void Accounts.                                          Initial Response

It is important to ensure that all void    The Revenues Manager should       It is agreed that a target will be set that ensures properties that have
accounts are regularly reviewed by         reinstate regular management      been void for greater than one month will be reviewed on at least a 6
                                           checks       in    respect   of   monthly basis. This will be evidenced in the notes section of Academy.
management to confirm that properties
                                           arrangements to pay and in        Revenues Manager.
recorded as voids are inspected            addition, maintain evidence of
regularly, or contacted by letter or       which accounts have been          Prior Status
telephone where appropriate, and that      examined and confirm that they
necessary and timely action is taken. It   represent at least 5% of the      As at February 2006, we reported that work had commenced to bring                       March
was agreed at the time of the last audit   total number of (non instalment   these checks up to date but remained incomplete. The revised schedule                   2006
that the Revenues Manager would            statutory) arrangements at the    for implementation was mid March 2006.
undertake      regular    management       time of the review.
reviews to confirm that void properties                                      Further review in June 2006 confirmed that there has been a change in
were being appropriately controlled,       This   recommendation     was     the way void accounts are reviewed as a result of the reorganisation of
                                           made in the 2002-2003 and         the Revenues Team. A member of the Technical Team who is not
however, this review has lapsed.
                                           2004-2005 audit reports with      involved in inputting void property details onto the system not
                                           implementation dated agreed.      undertakes checks on void properties. However, at the moment she
                                                                             does not evidence those checks to enable us to confirm the number or
                                                                             location of properties reviewed.

                                                                             We discussed with Management that provided suitable evidence to
                                                                             substantiate the level of check performed with the Technical Team is
                                                                             maintained, and provided that this represents the 5% requirement,
                                                                             additional checks by the Revenues Manager would no longer be
                                                                             required. Compliance would be checked as part of our 2006-07 audit.

                                                                             Current Status

                                                                             At the time of our 2006-2007 review (November 2006) there were 1036
                                                                             void properties of which some dated back to 1997.



                                                                                                                                                         Audit Sub – Committee –
                                                                                                                                                                3rd January 2007

                                           - 35 -
COUNCIL TAX

             Finding                          Recommendation     Management Response, Responsible Officer and Current                            Implementation
                                                                                      Status.                                                         Dates
                                                                                                                                                Original Revised
Management Review of Void Accounts                             Management Comment

Continued.                                                                                                 th
                                                               Managers have commented that as at 9 December 2006, there were
                                                               885 void accounts, of which 437 are linked to structurally incomplete and
                                                               unbanded properties; there is no further action that needs to be taken
                                                               until these properties are completed.

                                                               The relevant remaining 448 active void accounts are under review and                          28/02/07
                                                               liability has been determined, or steps are in place to identify liability (by
                                                               visiting, making phone contact or issuing a further void enquiry form) in
                                                                                                                        st
                                                               respect of all those with a void start date of prior to 1 January 2006. All
                                                                                                                           st
                                                               remaining accounts (i.e. those with a start date since 1 January 2006)
                                                                                       th
                                                               will be reviewed by 28 February 2007, subject to the resources being
                                                               made available.

                                                               On an ongoing basis, the Revenues Systems Administration and
                                                               Revenues Assistant is identifying (from Academy Report ct6410b) all
                                                               those void properties where void enquiry forms have not been returned
                                                               and passing all relevant information to the processing staff for billing or
                                                               inspection as considered appropriate. The limited visiting resources at
                                                               this time hinders the completion of this task.
                                                                                                                                                 Audit Sub – Committee –
                                                                                                                                                        3rd January 2007




                                     - 36 -
COUNCIL TAX


                 Finding                               Recommendation              Management Response, Responsible Officer and Current                    Implementation
                                                                                                        Status.                                                 Dates
                                                                                                                                                          Original Revised
Management Review of Discounts and                                               Initial Response
Exemptions.                                                                                                                                               Immediate
                                                                                 Agreed. Revenues Manager.
During the course of this audit, it was       The Revenues Manager should
established that all staff in the Revenues    ensure that his weekly checks      Prior Status
Section are authorised to grant discounts     in connection with the discounts
and exemptions.                               and exemptions given on            As at February 2006, we reported that checks were now up to date, but
                                              Council Tax accounts are           that the situation would be kept under review.
Consequently it is important for formal and   completed in a timely manner
                                              and evidence of the checks         In light of the reorganisation of the Revenues Section, both the                      31/08/06
regular management review to be in place
in order to ensure that all discounts and     should be made available for       Telephone and Processing Teams are currently able to complete entries
exemptions are appropriate and valid.         inspection. This will ensure all   on the system. However, it is the intention that just the Processing
However, it was determined that the           available revenue is captured      Team will complete this task in future. This would reduce the risk to
Revenues Manager does not currently           and no unauthorised discounts      which the Council is exposed as the number of staff able to action
undertake a review of this nature.            are given.                         discounts or exemptions is reduced.

                                                                                 A second change in procedure has been introduced whereby a member
                                                                                 of the Technical Team who has no involvement in data entry, now
                                                                                 checks the discounts and exemptions granted. However, currently she
                                                                                 does not evidence those checks. We have discussed with Management
                                                                                 that provided suitable evidence to substantiate the level of check
                                                                                 performed by the Technical Team is maintained additional checks by the
                                                                                 Revenues Manager would no longer be required. Compliance will be
                                                                                 checked as part of our 2006-2007 audit.

                                                                                 Current Status

                                                                                 The majority of staff in the Revenues Section are still able grant
                                                                                 discounts and exemptions. Reviews of discounts and exemptions                         To be
                                                                                 should take place between 6-12 months from the date awarded.                          confirmed
                                                                                 However, only “student” discounts are currently receiving some form of
                                                                                 review. We were advised that the other accounts have not been
                                                                                 completed due to a lack of resources. Some of these accounts have not
                                                                                 received a formal review since being entered onto the Academy system
                                                                                 in 1995.
                                                                                                                                                           Audit Sub – Committee –
                                                                                                                                                                  3rd January 2007


                                              - 37 -
COUNCIL TAX

                 Finding                                   Recommendation               Management Response, Responsible Officer and Current                       Implementation
                                                                                                             Status.                                                    Dates
                                                                                                                                                                  Original Revised
Review of Bad Debts                                                                   Initial Response

Bad debts have not been reviewed and              The    following should       be    Agreed. But will need clear guidelines on the potential £20 write off       31/03/06
passed to the Head of Finance for approval        implemented as soon           as    authorisation. Revenues Manager.
to write off for a number of months.              possible:
                                                                                      Prior Status
It is important to ensure that once an •            All debts over £5k require a
account       has    been     identified  as        full review.                      At the beginning of March 2006, some progress had been made, but the
unrecoverable, it is passed for write off.                                            task remained incomplete.
This     will    prevent   additional    and •      The Auditors suggest a
unnecessary work being undertaken to                provision for the individual      Further review in June 2006 confirmed that a list of write off’s had been
recover the debt and will help to ensure            debts over £5k be £68k            approved by the Head of Finance. However, the task of actioning these
that the true value of recoverable debts is         (from a total debt of £126k)      on the system had been delegated to the Revenues Recovery Team
reflected on the Council Tax system.                                                  Leader, who had taken on responsibility for a number of additional tasks
                                              •     The individual debts between      in recent months. As a result they had not been actioned.
A report showing all outstanding debts was          £3-£5k and totalling £293k                                                                                                 31/03/07
requested by the Revenues Manager from              should be reviewed in the         We discussed with the Revenues and Benefits Manager the need to:-
Capita in July 2005 for his review as part of       next three months; and
the implementation of outstanding audit                                               Process those write offs that have been authorised but are awaiting
recommendations. However, at the time of •          The current credit balances       actioning as soon as possible.
the audit, there was no evidence that this          totalling £342k should be         Request an up to date aged debtors report to confirm the current
had been reviewed by the Revenues                   reviewed in the next 6            balances outstanding.
Manager.                                            months.                           Set a target for review and where appropriate write off of a manageable
                                                                                      number of outstanding amounts each month.
                                                  In addition, it is suggested that
                                                  the Revenues Manager be             Current Status
                                                  given “temporary” authorisation
                                                  to write off amounts below £20      The majority of debts coded for write off have been authorised and
                                                  in value.      Currently a large    actioned on the system.
                                                  amount of credits and debits
                                                  are within this range.              An updated report of outstanding debts was reviewed (some 5,000
                                                                                      pages). From scanning the first 500 pages the following observations
                                                                                      were apparent; credit and debit balances exist dating back to 1993.
                                                                                      Credits vary from £0.01 to £2,043.41 and debit balances vary from £0.01
                                                                                      to £8,072.41. We were informed that this issue has not been tackled
                                                                                      due to resource issues.
                                                                                                                                                                   Audit Sub – Committee –
                                                                                                                                                                          3rd January 2007


                                                  - 38 -
NNDR


                 Finding                                Recommendation            Management Response, Responsible Officer and Current                      Implementation
                                                                                                       Status.                                                   Dates
                                                                                                                                                          Original Revised
Management     Review     of   Reliefs   and
Discounts                                                                         Initial Response

During the course of this audit, it was        The Revenues Manager should        Agreed.   Revenues Manager.                                             Immediate
established that all staff are able to         ensure that his weekly checks
authorise grant reliefs.                       in connection with the reliefs     Prior Status
                                               given on NNDR accounts are
Consequently it is important for a formal,     completed in a timely manner       At the time of our review in February 2006, we were able to confirm
regular review to be in place in order to      and evidence of the checks         that a sample check was being undertaken for all types of
ensure that all reliefs are appropriate and    should be made available for       transactions including exemptions, reliefs and discounts.
valid. However, it was determined that the     inspection. This will ensure all
Revenues Manager does not currently            available revenue is captured      Since that time the re-organisation of the Revenues Team has
undertake any review of relief accounts.       and no unauthorised discounts      meant that responsibility for these checks had transferred to a
                                               are given.                         member of the Technical Team and thus there was no need for the
Internal audit attempted to complete                                              Revenues Manager to perform additional checks. However, checks
several checks to ensure all reliefs granted                                      performed by the Technical Team were not being evidenced. We
had a full audit trail. However, it was                                           were therefore unable to confirm compliance with this control at that
evident that back up documentary                                                  time. The need for suitable evidence to be maintained was
evidence was not always available and the                                         discussed with management and compliance would be monitored as
files appeared to have unrelated and out of                                       part of our 2006-2007 audit.
date documents within their records.
                                                                                  Current Status

                                                                                  Segregation of duties has not been maintained due to resource
                                                                                  pressures and therefore we would have anticipated that
                                                                                  management checks by the Revenues Manager would have been
                                                                                  re-instated. However, the last recorded date of checking is recorded
                                                                                  as 31/12/05 for property amendments and 5/04/06 for account
                                                                                  amendments.

                                                                                  Management have confirmed that a quality checking process is to be
                                                                                  put in place which will be addressed as part of the future CenSus
                                                                                  organisation.
                                                                                                                                                              Audit Sub – Committee –
                                                                                                                                                                     3rd January 2007


                                               - 39 -
NNDR


                 Finding                                Recommendation             Management Response, Responsible Officer and Current                       Implementation
                                                                                                        Status.                                                    Dates
                                                                                                                                                            Original Revised
Bad Debt Management                                                                Initial Response

During the course of this audit it was         To assist in the reduction of the   Agreed. But will need clear guidelines on the potential £20 write off    31/03/06
established that bad debts have not been       current total of bad debts, the     authorisation. This will be the responsibility of the Assessment
formally reviewed by the Revenues              following action should also be     Team Leader. Revenues Manager.
Manager or passed to the Head of Finance       implemented.
for approval to write off for a number of                                          Prior Status
months.                                        All debts over £15,000 require a
                                               full review.                        In March 2006, we reported that work had commenced to bring this
It is important to ensure that once an                                             area up to date.
account      has    been    identified    as   The individual “Exors” and
unrecoverable it is passed for write off.      “Void” debts need to be             Further review in June 2006 identified that little or no progress had
This    will    prevent   additional    and    reviewed.                           been made due to resource pressures. We therefore discussed with
unnecessary work being undertaken in the                                           the Revenues and Benefits Manager the need to:-
recovery process and will ensure that the      Debts of between £5,000 and
true value of recoverable debts is reflected   £15,000 and totalling £450,000      Request an up to date aged debtors report to confirm the
on the Academy system.                         should be reviewed in the next      outstanding balances.
                                               three months; and
                                                                                   Set a target for review and where appropriate write off a
                                               The current credit balances         manageable number of outstanding amounts each month.
                                               totalling £348,000 should be
                                               reviewed within the next 6          Current Status
                                               months. To make best use of
                                               resources, it is suggested that     Bad debts have not been formally reviewed by the Revenues
                                               debts under £20 should not be       Manager/Processing Team Leader or passed to the Head of
                                               subject to a full analysis. A       Finance for approval to write off for a number of months.
                                               simple spreadsheet can be
                                               provided as evidence of a           We have suggested that with the approval of the Head of Finance, it
                                               check     by    the  Revenues       is suggested that all debts under £100 should not be subject to a full
                                               Manager and then written off        analysis. These should be checked by the Revenues Manager and
                                               the Academy system.                 then written off by the Operations Manager Revenues and Benefits.
                                                                                   All other debts should be authorised in the usual way.

                                                                                   We understand that a new “corporate” write off policy is currently                    1/06/07
                                                                                   being developed and revise Revenues procedures will evolve from
                                                                                   this process.
                                                                                                                                                                Audit Sub – Committee –
                                                                                                                                                                       3rd January 2007
                                               - 40 -
NNDR

                 Finding                               Recommendation            Management Response, Responsible Officer and Current                      Implementation
                                                                                                      Status.                                                   Dates
                                                                                                                                                         Original Revised
Provision for Bad Debts                                                          Initial Response

The Council is required to record a           The current provision for pre-     Agreed. This will need to be done by the accounts section.              31/03/06
provision in accordance with FRS12, in its    1995       debts       totalling   Revenues Manager.
annual accounts in relation to bad debts.     £521,820.73      should       be
The current balance for pre-1995 debts        removed from the Council’s         Prior Status
totals £521,820.73.      This should be       accounts as soon as possible.
removed from the Council’s accounts as                                           As at March 2006, work had commenced to bring this area up to
already advised by the Audit Commission.                                         date, but the task remained incomplete.

Internal Audit was informed that one of the                                      Current Status
reasons for this provision to be kept was
due to the Valuation Office still advising                                       We confirmed that debits totalling £1.4 million and credits totalling
adjustments to business premises prior to                                        £940k were written off and processed into the 2005/06 accounts.
1995. It is Internal Audit’s understanding
that the Valuation Office has now closed                                         The approval for write off from the Head of Finance stated that the
the accounts for any alterations to pre-                                         individual write offs were within his authority as each debt was less
1995 premises.                                                                   than £10k. However, upon examination it became evident that a
                                                                                 small proportion of the write offs exceeded £10k and therefore
                                                                                 required member approval for write off. This should be sought
                                                                                 retrospectively.



                                                                                                                                                              Audit Sub – Committee –
                                                                                                                                                                     3rd January 2007




                                              - 41 -
NETWORK INFRASTRUCTURE

Initial Audit:                           May 2003
Follow Up Report Issued:                 November 2004

             Recommendation                                      Management Response, Responsible Officer and Current Status.                               Implementation
                                                                                                                                                                 Dates
                                                                                                                                                           Original Revised
                                                    Initial Management Response                                                                            30/11/04
1. A policy should be formulated with regard to
the protection of configuration facilities on the   Agreed. Revenues Manager.
switchers, routers and firewalls.
                                                                     th
                                                    Status as at 20 June 06

                                                    At the March 2006 Audit Committee we reported that the CenSus IT Partnership with Horsham and
                                                    Adur was in the process of addressing the need to produce centralised IT policies and that this was
                                                    being dealt with by the Technical Group – Security Team.

                                                    It had been anticipated that at the time of the July 2005 Audit Committee that the above would be
                                                    completed by the end of December 2005. However, the extent of the work being undertaken by the
                                                    Partnership led to this timescale being revised to the end of March 2006.
                                                                                                                           th
                                                    The current position is that Graham Crossingham was appointed on 15 March 2006 to the role of
                                                                                                                                                      th
                                                    CenSus IT Operations Manager. Subsequently a draft strategy document was produced on the 25
                                                    May 2006 detailing all of the tasks to be completed including the policies covered by this
                                                    recommendation, which has been allocated to the Security Teams. The CenSus IT Operations
                                                    Manager has confirmed that he is in the early phase of pulling together a strategy document for the
                                                    CenSus network which covers additional aspects of the network such as switchers, routers and
                                                    firewalls. He anticipates that the policies should be finalised by the end of August 2006. We
                                                    understand that the implementation of the entire strategy may cover well cover an 18 month                          31/08/06
                                                    implementation timescale.
                                                                      st
                                                    Status as at 31 August 2006 - An update had been requested from the CenSus IT Operations
                                                    Manager, but had not been received.

                                                    Current Status                                                                                                      31/05/07

                                                    Policies will be developed in line with the Policy to be developed by the CenSus Security Group. The
                                                    Group met for the first time during October to agree Terms of Reference and way forward for the
                                                    Group.

                                                                                                                                                            Audit Sub – Committee –
                                                                                                                                                                   3rd January 2007
                                               - 42 -
RESOURCELINK PAYROLL

Initial Audit: September 2004


            Recommendation                                    Management Response, Responsible Officer and Current Status.                                Implementation
                                                                                                                                                               Dates
                                                                                                                                                         Original Revised
                                                                  th
                                                 Status as at 20 June 06                                                                                 31/10/04
2. A request should be made to Northgate
Information Solutions to improve the routine     At the Audit Committee in March 2006 we reported that the implementation of this recommendation
that is currently used to transfer the payment   now involved a discussion with Adur DC as sharers of the server and Bottomline Technologies as
file.                                            providers of the BACSTEL-IP software and it was anticipated that this would now be completed by the
                                                 end April 2006.

                                                 We have been advised that there has been no change in the current situation. The matter of automatic
                                                 encryption of files was under discussion with the former Head of ICT Services, but with his departure
                                                 and the implementation of FMS have resulted in this being put on hold.

                                                                  st
                                                 Status as at 31 August 2006

                                                 The project was to be taken forward shortly.

                                                 Current Status

                                                 The Northgate system is scheduled to be upgraded during the first week of February 2007. The                         28/02/07
                                                 upgraded software has been completely re-written and should have a more secure and efficient
                                                 transfer mechanism for the payment data file.




                                                                                                                                                          Audit Sub – Committee –
                                                                                                                                                                 3rd January 2007




                                            - 43 -
IT CONTINUITY

Intial Audit:    November 2004

              Recommendation                                      Management Response, Responsible Officer and Current Status.                                    Implementation
                                                                                                                                                                       Dates
                                                                                                                                                                 Original Revised
                                                     Howard Knowelden, Systems Support Officer                                                                   28/02/06
1.      ICT Management should formally notify
                                                                     th
the Corporate Safety and Emergency Planning          Status as at 20 June 06 -In light of the server crash experienced by the Council in June 2006, ICT
Advisor of the recovery capability that they         are in the process of establishing the reasons for the crash and what measures need to be put in place
could provide in the event of a disaster             to prevent the same, or similar situations arising in future. The Head of ICT is in the process of
befalling the Council premises. This should          preparing a paper outlining a range of options and the associated costs of putting disaster recovery
state the disaster scenarios in which the            mechanisms in place depending on the degree of risk/cost that management consider to be
required recovery times for priority systems         acceptable.
could be met. In terms of a disaster event, this
                                                                     st
is currently likely to involve only those            Status as at 31 August 2006
situations whereby the Oaklands server room
is unaffected.                                       £50k expenditure was approved to improve the response time from the hardware manufacturer (HP),
                                                     increase the resilience of the storage system and shorten the recovery time. There has also been a
Once notified, each Business Recovery sub            report from HP commissioned by MSDC which highlighted several possible causes and sets out
team should be requested to review and               recommendations to mitigate these. The work has been undertaken to address the recommendations
update their continuity plan to reflect the actual   in the HP report and the enhanced support agreements are now in place with HP. The work to
ICT continuity provision.                            increase the resilience of the storage is ongoing and we are in the last stages of migrating the data to
                                                                                                                                                            th
                                                     the higher-resilient storage. The work to speed up the recovery time is due to commence w/c 18
                                                     September with an expected go live date of early October.

                                                     The way forward for CenSus to provide Disaster Recovery (DR) is for those shared CenSus services
                                                     (e.g. Revenues and Bens) and for each Local Authority (LA) to move ahead with their own (but
                                                     compatible) DR plans. Work has been done to look at the possibility of using a company such as Sun
                                                     Guard either for CenSus, jointly or for a single LA. Martlets Hall does not have the infrastructure to
                                                     support any relocation.
                                                                                                                                                                  Audit Sub – Committee –
                                                                                                                                                                         3rd January 2007




                                                - 44 -
IT CONTINUITY

              Recommendation                                      Management Response, Responsible Officer and Current Status.                                      Implementation
                                                                                                                                                                         Dates
                                                                                                                                                                   Original Revised
1. Continued.                                        Current Status (applicable to all IT Continuity Recommendations)

                                                     The IT hardware storage solution identified from the proposal to increase the resilience of network                        30/04/07
                                                     storage and shorten recovery from failure time has been implemented.

                                                     The solution has since suffered a hardware failure that resulted in 3 days of unplanned downtime that
                                                     was contractually quoted by the supplier Hewlett Packard (HP) to be no more than 6 hours. The
                                                     configuration of the solution did however mean that users did not lose any data as opposed to the
                                                     previous solution that resulted in a week worth of data being lost.

                                                     ICT are working with HP to improve recovery times to that stated in the Service Level Agreement
                                                     provided by HP. This has involved a lot of system reconfiguration and testing work to progress this
                                                     matter.


                                                     Howard Knowelden, Systems Support Officer                                                                     28/02/06
2. Relocation arrangements should be defined
                                                                      th
for each priority service. In the short term, this   Status as at 20 June 2006
should make the assumption that the main
server room at Oaklands remains unaffected.          In light of the server crash experienced by the Council in June 2006, ICT are in the process of
Priority services will therefore be connecting to    establishing the reasons for the crash and what measures need to be put in place to prevent the same,
their networked business applications via wide       or similar situations arising in future. The Head of ICT is in the process of preparing a paper outlining a
area links at their alternative location. The        range of options and the associated costs of putting disaster recovery mechanisms in place, depending
relocation arrangements for each priority            on the degree of risk/cost that management consider to be acceptable.
service should specify the site plus the
nominated room or rooms at that site. This           We will therefore revisit this recommendation in the context of the outcome of this exercise.
should also make the assumption that a
disaster will prevent each priority service from     Current Status
being able to access their existing workspace
at the same time.                                    As per management response for recommendation 1.

                                                                                                                                                                                30/04/07
                                                                                                                                                                    Audit Sub – Committee –
                                                                                                                                                                           3rd January 2007




                                                - 45 -
IT CONTINUITY



              Recommendation                                      Management Response, Responsible Officer and Current Status.                                 Implementation
                                                                                                                                                                    Dates
                                                                                                                                                              Original Revised
                                                     Howard Knowelden, Systems Support Officer                                                                28/02/06
3. The apparent conflict in recovery times
                                                                      th
between the Business Recovery Plan and the           Status as at 20 June 2006
lower-level ICT Continuity plan should be
addressed. This should ensure that the latter        We understand that the Business Recovery Plan has been amended to reflect the recovery times
is revised to reflect the likely recovery time for   stated in the ICT Continuity Plan. However, in light of the server crash experienced by the Council in
priority systems in the event of staff relocation    June 2006, ICT are in the process of establishing the reasons for the crash and what measures need to
being required.                                      be put in place to prevent the same, or similar situations arising in future. This will also include a
                                                     reassessment of whether the business critical systems are currently in the correct priority order and
                                                     that the timescales stated are acceptable/realistic. The Head of ICT is in the process of preparing a
                                                     paper outlining a range of options and the associated cost of putting disaster recovery mechanisms in
                                                     place, depending on the degree of risk/cost that management consider to be acceptable.

                                                     We will therefore revisit this recommendation in the context of the outcome of this exercise.

                                                     Current Status

                                                     As per management response for recommendation 1.

                                                                                                                                                                           30/04/07




                                                                                                                                                               Audit Sub – Committee –
                                                                                                                                                                      3rd January 2007




                                                - 46 -
IT CONTINUITY



             Recommendation                                    Management Response, Responsible Officer and Current Status.                                      Implementation
                                                                                                                                                                      Dates
                                                                                                                                                                Original Revised
                                                  Howard Knowelden, Systems Support Officer                                                                     28/02/06     30/04/07
4. The ICT Continuity Plan has not yet been
                                                                   th
updated to reflect the actual capability of the   Status as at 20 June 2006
Information Technology Recovery Team to
establish an emergency computer network at        In light of the server crash experienced by the Council in June 2006, ICT are in the process of
Martlets Hall.                                    establishing the reasons for the crash and what measures need to be put in place to prevent the same,
                                                  or similar situations arising in future. The Head of ICT is in the process of preparing a paper outlining a
In line with Recommendation 1 above, ICT          range of options and the associated cost of putting disaster recovery mechanisms in place, depending
Management should subsequently notify the         on the degree of risk/cost that management consider to be acceptable.
Corporate Safety and Emergency Planning
Adviser of the recovery capability that they      We will therefore revisit this recommendation in the context of the outcome of this exercise.
could provide in the event of a disaster
befalling the Oaklands server room.               Current Status

                                                  As per management response for recommendation 1.




                                                                                                                                                                 Audit Sub – Committee –
                                                                                                                                                                        3rd January 2007




                                             - 47 -
GROUPWISE EMAIL

Initial Audit          November 2004
            Recommendation                                    Management Response, Responsible Officer and Current Status.                                     Implementation
                                                                                                                                                                    Dates
                                                                                                                                                              Original Revised
                                                                 th
                                                Status as at 20 June 2006                                                                                      End of       End of
1. Access to the eDirectory “Admin” account                                                                                                                   Dec 2004     Oct 2006
should be restricted to those with primary      At the Audit Committee in March 2006 we reported that a review of the current provision of eDirectory
                                                                                                                                                                              th
responsibility for eDirectory administration.   administration rights had been undertaken following the transfer of two staff members from ICT to                          30 April
This should be implemented via a change to      Finance. The anticipated completion date at that time was the end of April 2006.                                             2007
the account password.
                                                Work had continued towards the completion of this exercise, however the initial work to amend the
                                                administration access rights resulted in other complications with access, resulting in some of the
                                                administration rights being reinstated. The ICT Team are now awaiting the release of the new
                                                groupwise server software at the end of June 2006. This should enable them to make the necessary
                                                amendments without causing problems in other areas.,

                                                Current Status

                                                Partly Implemented
                                                The eDirectory “admin” account password was changed in October 2006 however this resulted in a
                                                systems failure and the password had to be reset to maintain network service availability.

                                                The ICT department since experienced systems failure that has halted and investigation and resolution
                                                to allow the recommendation to be implemented.

                                                This will not be revisited now until after the Council Tax billing period has been completed as the Council
                                                cannot afford any systems downtime during this critical business period.

                                                Howard Knowelden, Systems Support Officer
                                                Implemented                                                                                                    End of       End of
2. A review of the current provision of full                                                                                                                  Dec 2004     Oct 2006
administration access to eDirectory should be   A review of full administrator rights for access to the eDirectory has been performed. Rights were
undertaken                                      revoked to certain individuals however this has been reversed since as the need for this level of system
                                                access was identified and authorised by management.

                                                This review process will now be performed on a periodic basis to ensure access remains appropriate.

                                                Howard Knowelden, Systems Support Officer
                                                                                                                                                               Audit Sub – Committee –
                                                                                                                                                                      3rd January 2007


                                            - 48 -
GROUPWISE EMAIL

            Recommendation                                    Management Response, Responsible Officer and Current Status.                                  Implementation
                                                                                                                                                                 Dates
                                                                                                                                                           Original Revised

3. Enquiries should be made as to the            Status as at 20th June 2006
availability of an add-on utility to permit an                                                                                                             End        of   End Dec
enforced change of GroupWise password. If                                                                                                                  June 2005        2006
                                                 A single sign on solution is now in place for approximately 40 of the 240 PC’s in operation within the    (Introduce
available, the facilities concerned should be    Authority. Further implementation has been hindered by resource restrictions and the need to focus on     a     single
installed and used to enforce a change of        other areas of activity such as the implementation of the new Finance system (FMS) and more recently      sign     on
password every 45 days.                          the network disruption. The IT solution to this problem is now being put in place as the replacement PC   authenticat
                                                 programme rolls forward. It is not envisaged that this exercise will now be completed until the end of    ion      via
                                                 December 2006.                                                                                            LDAP,
                                                                                                                                                           Nsure or
                                                                                                                                                           and
                                                 Current Status
                                                                                                                                                           alternative
                                                                                                                                                           solution.)
                                                 Partially Implemented

                                                 The requirement to enforce Groupwise logon passwords has been identified as part of the phased
                                                 upgrade to the latest version of Groupwise email for the Council.
                                                                                                                                                                           End June
                                                 Phase 2 of the upgrade will allow the functionality to integrate password control of mailboxes with a                       2007
                                                 user’s network logon password. This will act as a ‘single sign on’ mechanism removing the need for
                                                 duplicate passwords.

                                                 Due to system failures and subsequent delays for rollout of ‘single sign on’ to desktop PCs, phase 2 of
                                                 the upgrade has been delayed and will not now be implemented until after the Council Tax collection
                                                 period has ended.

                                                 Howard Knowleden, Systems Support Officer.

                                                                                                                                                             Audit Sub – Committee –
                                                                                                                                                                    3rd January 2007




                                             - 49 -

								
To top