Please Contact: Ian Vargeson
Please email: ian.vargeson@north-norfolk.gov.uk
Please Direct Dial on: 01263 516047
26 November 2012
A meeting of the Audit Committee of North Norfolk District Council will be held in the
Committee Room at the Council Offices, Holt Road, Cromer on Tuesday 4 December
2012 at 2.00 pm
Members of the public who wish to ask a question or speak on an agenda item are
requested to arrive at least 15 minutes before the start of the meeting. It will not always be
possible to accommodate requests after that time. This is to allow time for the Committee
Chair to rearrange the order of items on the agenda for the convenience of members of the
public. Further information on the procedure for public speaking can be obtained from
Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk
Sheila Oxtoby
Chief Executive
To: Mr N D Dixon, Mr B Jarvis, Mrs A Moore, Miss B Palmer, Mr R Reynolds and Mr D
Young
All other Members of the Council for information.
Members of the Management Team, appropriate Officers, Press and Public
If you have any special requirements in order to attend this meeting, please let us
know in advance
If you would like any document in large print, audio, Braille, alternative format or in a
different language please contact us
Chief Executive: Sheila Oxtoby
Strategic Directors: Nick Baker and Steve Blatch
Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005
Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org
AGENDA
AGENDA NOTE:
For Item 8 summary reports are attached at Appendix B. Full versions of these documents
are available to Members on request. Please contact Ian Vargeson on 01263 516047
1.
TO RECEIVE APOLOGIES FOR ABSENCE
2.
PUBLIC QUESTIONS
To receive public questions, if any
3.
ITEMS OF URGENT BUSINESS
To determine any items of business which the Chairman decides should be
considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local
Government Act 1972.
4.
DECLARATIONS OF INTEREST
Members are asked at this stage to declare any interests that they may have in any
of the following items on the agenda. The Code of Conduct for Members requires
that declarations include the nature of the interest and whether it is a disclosable
pecuniary interest.
5.
MINUTES
(Page 1)
To approve as correct records, the minutes of the meeting of the Audit Committee
held on 18 September 2012.
6.
AUDIT UPDATE AND ACTION LIST
(Page 9)
To monitor progress on items requiring action from the meeting of 18 September
2012, including progress on implementation of audit recommendations.
A letter from the External Auditors on the level of fees is attached at page 10
7.
ANNUAL AUDIT LETTER
(Page 12)
8.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY, APRIL TO OCTOBER
2012
(Page 18)
(Appendix A – p. 22) (Appendix B – p.24)
9.
THE STATUS OF AGREED AUDIT RECOMMENDATIONS DUE FOR
IMPLEMENTATION BY 30 SEPTEMBER 2011
(Page 36)
(Appendix C –p. 39)
10.
BUSINESS CONTINUITY
An oral update will be provided to Members at the meeting
Cabinet member(s):
All
Contact Officer, telephone number,
and e-mail:
11.
Ward(s) affected:
All
Richard Cook
01263 516269
richard.cook@north-norfolk.gov.uk
REVIEW OF THE PERFORMANCE MANAGEMENT FRAMEWORK
An oral update will be provided to Members at the meeting
Cabinet member(s):
All
Contact Officer, telephone number,
and e-mail:
12.
Ward(s) affected:
All
Helen Thomas
01263 516214
Helen.thomas@north-norfolk.gov.uk
AUDIT COMMITTEE WORK PROGRAMME
(Page 40)
To review the Audit Committee Work Programme
13.
EXCLUSION OF THE PRESS AND PUBLIC
To pass the following resolution, if necessary:
“That under Section 100A(4) of the Local Government Act 1972 the press and public
be excluded from the meeting for the following items of business on the grounds that
they involve the likely disclosure of exempt information as defined in paragraphs 3
and 4 of Part I of Schedule 12A (as amended) to the Act.”
AUDIT COMMITTEE
Minutes of a meeting of the Audit Committee held on 18 September 2012 in the
Committee Room, Council Offices, Holt Road, Cromer at 2.00 pm.
Members Present:
Committee:
Mr N D Dixon (Chairman)
Mr B Jarvis
Mrs A Moore
Mr R Oliver
Mr R Reynolds
Mr D Young
Officers in
Attendance:
The Head of Financial Services, the Procurement Officer, the Deputy
Audit Manager, the Civil Contingencies Manager (for minute 25) and the
Democratic Services Team Leader (MMH).
Also in
Attendance
Julian Rickett, Charlotte Kennedy (PriceWaterhouseCoopers)
14 CHAIRMAN’S ANNOUNCEMENT
The Chairman welcomed Mr R Reynolds to his first meeting of the Audit Committee. He
also introduced Emma Hodds, Deputy Audit Manager and Charlotte Kennedy, Manager,
PriceWaterhouseCoopers.
15 APOLOGIES
None received.
16 SUBSTITUTES
Mr R Reynolds was substituting for Mr S Ward and would be replacing him on the Audit
Committee with effect from 26 September 2012.
17 PUBLIC QUESTIONS
None received.
18 ITEMS OF URGENT BUSINESS
None
19 DECLARATIONS OF INTEREST
None
Audit Committee
1
1
18 September 2012
20 MINUTES
The Minutes of the meeting of the Audit Committee held on 18 June 2012 were approved
as a correct record.
21 AUDIT UPDATE AND ACTION LIST
Members were updated on progress on actions arising from the minutes of the meeting
of 18 June 2012.
a) Training on the Final Accounts had been delivered before the commencement of the
meeting.
b) External Audit fee: this was addressed in the ISA 260 report.
c) Inconsistencies regarding Rights of Access to records, assets, personnel and
premises had been notified to the Monitoring Officer for inclusion in the review of the
Constitution. Mrs A Moore, as a Member of the Constitution Working Party, would
monitor progress.
d) Fraud Risk: the Head of Financial Services was liaising with the Monitoring Officer
regarding work on Counter Fraud activities.
e) Implementation of internal audit recommendations: the full position would be reported
to the Performance and Risk Management Board on 28 September 2012. Deloittes
would be doing follow-up work in October and a report would be brought to the Audit
Committee in December.
f) Monitoring Officer’s report: the information about complaints should include a
summary of what the complaints were about, how they were dealt with and how long
they had been outstanding. The Audit Committee did not require the depth of detail
which was provided to the Standards Committee as this was not within its remit.
22 2011/12 STATEMENT OF ACCOUNTS
The Head of Financial Services notified the Committee of an amendment to the
Statement of Accounts document. This was a disclosure regarding related party
transactions concerning Victory Housing and dated back to the Housing Stock Transfer.
There were no further changes to any of the figures. The reserves were in a healthy
position.
The Audit Committee had received training on the Statement of Accounts prior to the
meeting. During the training a lot of ground had been covered and questions had been
asked. The Chairman asked the Democratic Services Team Leader to read out the
following points that had been raised at the training:
a) International Financial Reporting Standards (IFRS) had been introduced for 2010/11.
The Procurement Officer provided a refresh on IFRS and said that very little had
changed since last year.
b) One of the steers from the Audit Committee in 2011 had been to improve on working
papers, especially in relation to valuations. This year there had been no material
adjustments.
c) The Council had built up a good working relationship with PriceWaterhouseCoopers,
who would be the external auditors for the next 5 years. The Finance team received
a de-brief from PWC after last year’s Statement of Accounts. It had been very helpful.
d) The level of reserves was discussed. The ISA 260 report indicated that the external
auditors were satisfied with the level of reserves held by the Council.
e) Reserves were analysed into “usable” and “unusable”. Robustness of reserves
referred to usable reserves.
f) In response to a question about holding reserves against an eventuality such as
flooding it was explained that it would not be appropriate to hold an earmarked
Audit Committee
2
2
18 September 2012
2011/12 STATEMENT OF ACCOUNTS
(Continued)
reserve for an indefinite period. Provision for flooding or other emergencies would
come from the general reserve, or possibly the Bellwin Scheme.
g) Some of the movements between years on the balance sheet reflected treasury
management decisions made during the year, such as the reduction in long term
investments due to the disposal of Euro bonds. The Council had a good relationship
with the financial advisors, Arlingclose.
h) The level of audit fees would be challenged by the Committee.
i) Exposure to risk: pension investment was the province of Norfolk County Council
Although NNDC knew what was invested they had no control over the investment.
j) The 2011/12 ISA 260 report identified items that needed to be addressed:
1. Data extraction: work would be needed with the auditors to discuss how this
could be improved.
2. Contingent liabilities: it was suggested that the wording should indicate the
level of contingency.
3. Appropriate inclusion of finance leases: consideration was needed as to
whether embedded leases (e.g. refuse vehicles) should be included within the
Prudential indicator report for next year when reporting on the authority’s debt
and the calculation of any Minimum Revenue Provision (MRP).
4. Benefit accrual: this went into the general reserve and was the only figure
which had needed to be changed in the accounts. A new system of Council
Tax support could potentially impact on the reserves if the full savings
envisaged were not achieved.
k) The Audit Committee needed to understand the technical issues, but it was for the
Finance Team to decide how they should be resolved.
l) The Council produced a high level summary of the Statement of Accounts for
publication on the website.
The Chairman summed up by saying that the Committee had gained a good overview of
the Accounts and of the Council’s stewardship over its resources. He invited further
questions and discussion:
a) A breakdown of earmarked reserves could be found in note 6 on pages 40 to 43.
b) It was not the role of External Audit to determine reserve levels, but to consider the
levels in the context of both their responsibilities re financial standing and the overall
use of resources. In both regards there was nothing to draw Members’ attention to.
c) It was important for Members to understand the levels of reserves versus the risks.
The Budget Setting report that was made annually to Full Council included levels of
reserves arrived at as a result of a detailed process.
d) The Committee had drawn assurance from the fact that there were no material
adjustments. The issues from the 2010/11 ISA 260 had been noted. Members had
been assured that they had been addressed and that there was a good working
relationship with the external auditors.
RESOLVED
That having considered and reviewed the Statement of Accounts for 2011/12 the Audit
Committee recommended their approval to Full Council.
23 REPORT TO THOSE CHARGED WITH GOVERNANCE (ISA 260)
The purpose of the ISA 260 was to fulfil the external audit requirement to report to those
charged with governance the significant findings from the audit of the Financial
Statements before giving an opinion on the accounts. It had been agreed that those
charged with governance at North Norfolk District Council were the Audit Committee.
Audit Committee
3
3
18 September 2012
REPORT TO THOSE CHARGED WITH GOVERNANCE (ISA 260)
(Continued)
The audit work during the year had been performed in accordance with the plan
presented to the Committee on 6 March 2012.
There were no significant matters that had been discussed with management during the
course of the work. However a number of less significant matters had been identified:
a) The difficulties encountered in the extraction of the required data set through
Computer Assisted Auditing Techniques (CAATs) to facilitate testing of manual
journal transactions.
b) The appropriateness of inclusion of transactions as Contingent Liabilities.
c) The calculation of the Minimum Revenue Provision and the appropriate inclusion of
finance leases within this calculation and how it is reported to Members.
d) The inclusion of an accrual for over claimed benefit subsidy.
Members discussed extraction of data:
a) Julian Rickett was asked if other authorities using the same computer package as
NNDC had similar problems. Julian Rickett replied that this was something that
needed to be discussed with management. NNDC’s problem was shared by other
authorities. External audit had been able to obtain the necessary information but
better and quicker methods of extracting it were required. CAATs enabled external
audit to look at a whole population in an easy way rather than to take samples.
b) In response to a question about financial implications of improved data extraction the
Head of Financial Services said that the Council already had tools to interrogate the
system. It would be necessary to talk to external audit to see if they would be
compatible. The Council’s system (Business Objects) didn’t extract information from
the basic level. However it would be a question of configuration of the existing
system rather than purchasing new software. The finance team would work with
PWC to find out how this could be done. Any work would be carried out by in-house
ICT support.
c) Mr R Oliver asked if PWC’s CAATs system was commonly used by auditors or if
there was a possibility that more changes would be needed in 5 years time. Julian
Rickett was unable to give a definitive answer but hoped that all auditors would
require the information provided by CAATs.
d) Members decided that exploring the feasibility of using CAATs should be added to
the Action List.
e) Mr D Young asked if using CAATs would lead to a reduction in the audit fee. Julian
Rickett replied that it wouldn’t, because, in setting the fee, the Audit Commission
assumed an efficient audit approach. Any saving would be in officer time.
The report also detailed significant risks and proposed audit approach shown in the
March audit plan, with outcomes. The significant risks were:
a) Fraud and management override of controls.
b) Recognition of income and expenditure.
Other risks were:
a)
b)
c)
d)
Heritage assets.
Valuation and accounting treatment of leases.
Redundancy costs.
Savings plans.
Audit Committee
4
4
18 September 2012
REPORT TO THOSE CHARGED WITH GOVERNANCE (ISA 260)
(Continued)
When the report was written:
a) Testing of exit packages had been completed.
b) The explanatory forward had been reviewed. External audit was satisfied that it was
consistent with the Code and the rest of the accounts.
c) NNDR balances: certification work had been completed on an NNDR claim form.
d) Testing of related parties had been completed. It had been agreed to add Victory
Housing.
e) Testing of Members’ allowances had been completed.
f) Internal review and quality control procedures were ongoing.
g) The review of the final version of the financial statements, approval by the Audit
Committee and receipt of all relevant signed statements and the management
representation letter were matters of process.
Julian Rickett reported to the Committee that there was nothing to draw to their attention
regarding the Valuation of Property.
The following judgments and accounting estimates had been used in the preparation of
the financial statements:
a)
b)
c)
d)
e)
f)
Property, Plant and Equipment – Depreciation and Valuation.
Bad Debt Provision.
Accruals.
Provisions.
Pensions.
Provision for accumulated absences.
Economy, efficiency and effectiveness: the value for money code gave external audit
responsibility to carry out sufficient and relevant work in order to conclude that the
Council had proper arrangements to secure economy, efficiency and effectiveness in the
use of resources. The conclusion was based on 2 criteria:
a) The organisation has proper arrangements for securing financial resilience.
b) The organisation has proper arrangements for challenging how you secure economy,
efficiency and effectiveness.
It was anticipated that an unqualified value for money conclusion would be issued.
Fees update: until the audit work was completed PWC was not in a position to provide
Members with an update on fees for 2011/12. This would be included as part of the
Annual Audit Letter which would be received by the Committee in December, but Julian
Rickett believed it would be within the proposed sum of £118,750. The lower fee
proposed for 2012/13 reflected the fact that commission was no longer taken by the
Audit Commission.
The fees were discussed:
a) The Chairman said that because of the reduced funding from central government and
the subsequent spending cuts in local government, it had been hoped that a
reduction of fees could be achieved. Julian Rickett explained that the Audit
Commission had consulted in depth with local authorities and other interested parties
and had subsequently reduced the fee. PWC could not reduce lower than the Audit
Audit Committee
5
5
18 September 2012
REPORT TO THOSE CHARGED WITH GOVERNANCE (ISA 260)
(Continued)
Commission scale fee which pre-supposed good organisation of background papers
and a straightforward audit.
b) Mr R Oliver asked if goodwill was taken into account. Julian Rickett explained that
PWC asked for information that, in their professional opinion, they needed. The
Audit Commission scale fee was set at a level that enabled a proper audit to be
carried out at the correct level. It was very rare for PWC to reduce fees, especially
as they were already set at a relatively low level. The scale fees were published
nationally and applied to all public authorities.
c) Mr D Young asked about the current status of the Audit Commission. Julian Rickett
explained that the Audit Commission would remain in being for as long as the statute
requiring the appointment of auditors to public bodies remained in current legislation.
The Audit Commission would continue to set a scale fee until at least 2017/18. If
PWC significantly increased their fee they would be accountable to the Audit
Commission.
d) Julian Rickett told the Committee that, although PWC had given consideration, they
couldn’t reduce the fee below a level which was appropriate for a proper audit. He
agreed to produce a statement that, in response to a robust request from the Audit
Committee, the possibility of reducing the fee had been fully explored but a reduction
was not possible.
RESOLVED
To receive the ISA 260 report.
24 PROTOCOL FOR LIAISON BETWEEN INTERNAL AND EXTERNAL AUDITORS
The purpose of the Document was to set out the general approach and principles to be
put in place to facilitate the delivery of a managed audit. This would aid joined-up
working and reduction of duplication of audit work. The document set out:
a) Confirmation of the liaison arrangements between Internal and External Audit.
b) The requirements to be followed in order that PWC could place the desired level of
assurance on the work of internal audit.
c) PWC requirements on sample sizes.
d) A detailed summary of controls and suggested testing that PWC considered key in
proving the internal financial control systems.
The arrangements were subject to regular review by both parties and amendments could
be made subject to mutual agreement. PWC had placed complete reliance in last year’s
internal audit work.
RESOLVED
to note the Protocol.
25 PROGRESS ON INTERNAL AUDIT ACTIVITY, APRIL TO SEPTEMBER 2012
The report examined progress made between April and early September 2012 in relation
to delivery of the Annual Audit Plan for 2012/13. The report detailed the delivery of audit
work and outcomes of work undertaken. Good progress was being made on the plan.
The organisation should be congratulated on achieving adequate assurance levels in
respect of 3 audits completed in the first 5 months of the financial year. The audits were:
Audit Committee
6
6
18 September 2012
PROGRESS ON INTERNAL AUDIT ACTIVITY, APRIL TO SEPTEMBER 2012
(Continued)
a) NN/13/01 Property Services and Coastal Protection.
b) NN/13/02 Strategic Housing and Homelessness.
c) NN/13/03 Corporate Policy, Planning and Performance Management
Management summaries were attached to the report.
Since the previous report to the Committee in March there had been some changes to
the Annual Audit Plan, initiated by Management. The changes were:
a) Expansion of the Property Services Audit which led to the job budget being increased
from 14 to 19 days.
b) Inclusion of an audit to examine data verification and governance arrangements
applying to the Revenues and Benefits Shared services. A budget of 14 days had
been provided and the work would be done in 2 phases. Phase 1 was completed in
July 2012 and it was envisaged that Phase 2 would be carried out in the early part of
2013.
c) At the request of Corporate Leadership Team the job budgets in relation to 2
computer audits had been reduced. The reviews were the Cash Receipting
Application and IT Project Management Arrangements. It had been possible to
commute the job budgets while ensuring that assurances could be provided.
In response to a question from Mr D Young regarding the Strategic Housing and
Homelessness audit, the Deputy Audit Manager explained that debts dating back to
2007 were still being paid off, albeit at a slow rate.
RESOLVED
To note the outcomes of the three audits completed between April and August, together
with recent amendments made to the Annual Audit Plan for 2012/13.
26 BUSINESS CONTINUITY
a) The existing top level plan, last reviewed in 2009, needed review to make it fit for
purpose and reflect changes following the management restructure. The policy
document had been reviewed and signed off by CLT. The old plan had been
updated to improve the structure and format of a number of areas and to update the
information so it is fit for purpose. The draft plan had been peer reviewed by the
Business Continuity Working Group (BCWG) and was now at a final draft stage
waiting final formatting. It would be completed by mid October. Further updates to
improve the format of the plan would be undertaken during its coming review cycle.
The review would be undertaken by the BCWG and the Civil Contingencies Manager
and would form a standing item on the Group’s meeting agenda.
b) The Civil Contingencies Manager had recently completed and passed the Business
Continuity Institute Certificate in Business Continuity Management. This had led to a
review of the requirements placed on teams within the organisation in relation to
business continuity. All teams should produce a Business Impact Assessment (BIA).
This would allow an analysis of the team to be carried out and give a rating to show if
the team delivered a critical service. At present the BCWG have reviewed the old
critical service list from the 2009 plan and from knowledge and experience have
defined the Authorities’ critical services. This would be reviewed once all BIAs had
been produced. At this stage only teams with critical elements would be required to
produce a team Business Continuity plan. In response to a question from the
Audit Committee
7
7
18 September 2012
BUSINESS CONTINUITY
(Continued)
Chairman, the Civil Contingencies Manager said that it was aimed to have all plans
completed by the time the Audit Committee met in December. The Audit Committee
wished to support the Civil Contingencies Manager in bringing the Business
Continuity plans to fruition and asked to receive an update in December.
c) The Civil Contingencies Manager was still working with managers to produce their
plans. He had also put other teams’ Business Continuity plans onto the intranet to
provide a working guide.
d) Business Continuity training would be given to all new employees and the Civil
Contingencies Manager would attend team meetings to help explain the need for
Business Continuity. He would also be working with Corporate Health and Safety to
deliver the new evacuation procedure to the existing wardens in October/November.
e) A feasibility study had been undertaken regarding the use of Fakenham Connect if
the Council Offices were unusable. ICT had already installed disaster recovery
facilities at Fakenham therefore the investment would be minimal. The timescale for
implementation was November/December to coincide with the demolition of the
Annexe. An update would be made to the Committee in December. The feasibility
report would be emailed to Members.
RESOLVED
to receive a further update, including progress on business continuity and the use of
Fakenham Connect for disaster recovery, in December.
27 AUDIT COMMITTEE WORK PROGRAMME
RESOLVED
to note the Work Programme.
The meeting ended at 3.45 pm.
______________________
Chairman
Audit Committee
8
8
18 September 2012
Agenda Item
6
AUDIT COMMITTEE 18 SEPTEMBER 2012 – ACTIONS ARISING FROM THE
MINUTES
1. The Final
Accounts
To identify a date for a half-day session of training in
preparation for the report on the Final Accounts.
Mary Howard
Working lunch arranged for 18 September 2012
2. External Audit
Fees
To discuss further with PWC the level of fees
(Letter attached)
Members
3. Constitution
To flag up inconsistencies regarding Rights of
Access to records, assets, personnel and premises
to the Constitution Working Party.
Members
Notified to Constitution Working Party and
Monitoring Officer and put on file by Democratic
Services for inclusion in next review of the
Constitution.
4. Fraud Risk
The nominated Officer at the authority responsible
for Counter Fraud and Whistleblowing to develop in
consultation with Internal Audit a summary report for
Members on Counter Fraud activities.
Monitoring
Officer
Monitoring Officer to review Counter Fraud and
Whistleblowing Policies, followed by re-launch
through staff and Member briefings.
5. Implementation of
recommendations
To obtain an emailed update on the implementation
of recommendations regarding the following audit
reports:
• NN/11/01 Environmental Services
• NN/11/12 Development and Building Control
• NN/12/03 Waste Management Contract
• Computer Audit
Mary Howard
Updates emailed to Members on 19 July 2012.
6. Monitoring
Officer’s Report
That the Monitoring Officer’s report should include
more in-depth information about complaints.
The Democratic Services Team Leader has
requested the Monitoring Officer to provide this
information in the 2012/13 report.
7. Business
Continuity
To receive an update in September.
8. Annual Report
To provide an update preceding the presentation of
the Annual Governance Statement at Full Council on
25 July 2012
Monitoring
Officer/
Committee
Administrator
Richard Cook
On the agenda.
Completed
9
Cllr Nigel Dixon
The Members of the Audit Committee
North Norfolk District Council
Council Offices
Holt Road
Cromer
Norfolk
NR27 9EN
21 November 2012
Dear Sirs,
Audit Fees
At its meeting on 18 September 2012, the Audit Committee asked that we consider reducing our audit
fees being charged in respect of our 2011/12 audit.
I explained at the meeting that we had given full consideration to the level of our audit fees at the start
of the year and had set our fees in accordance with Audit Commission guidance and had
communicated that to the Council as part of our audit plan. As such, we were not able to reduce our
fees further at this stage. The Chair of the Audit Committee requested that we write a letter to the
Audit Committee, setting out the basis for our fees.
The purpose of this letter is to do that and we have also taken the opportunity to compare the 2011/12
fees against the preceding two years and the expected fee in 2012/13.
Basis of our 2011/12 fees
Fees for local government external audits are set by the Audit Commission in line with its standing
guidance which is available on its website: http://www.audit-commission.gov.uk/audit-regime/auditfees/pages/default.aspx
This standing guidance sets out a ‘scale fee’ for each body. The Audit Commission goes through a
consultation process in setting this fee, which includes local authorities. This scale fee is based on a
number of factors including the amount of expenditure incurred by an authority. Any variations from
the scale fee are challenged by the Audit Commission.
Our fee for 2011/12 was in line with the Audit Commission’s scale fee.
Our fees are based on a number of assumptions which we set out in our audit plan each year:





Officers meeting the timetable of deliverables, which we agree in writing;
Ability to place reliance, as planned, upon the work of internal audit;
Ability to draw comfort from the Council’s management controls;
Ability to place reliance on the work of inspectors and internal audit in respect of our value for
money conclusion;
Ability to access the financial data produced system and the audit trail to support the data
being complete;
PricewaterhouseCoopers LLP, The Atrium, St Georges Street, Norwich NR3 1AG
T: +44 (0) 1603 615244, F: +44 (0) 1603 631060, www.pwc.co.uk
PricewaterhouseCoopers LLP is a limited liability partnership registered in England with registered number OC303525. The registered office of
PricewaterhouseCoopers LLP is 1 Embankment Place, London WC2N 6RH.PricewaterhouseCoopers LLP is authorised and regulated by the Financial Services Authority
for designated investment business.
10



No significant changes being made by the Audit Commission to the value for money criteria on
which our conclusion will be based;
An early draft of the Annual Governance Statement being available for us to review; and
Our value for money conclusion and accounts opinion being unqualified.
In circumstances where these assumptions prove to be unfounded, we would seek to vary our fee. We
did not seek such variations as part of the 2011/12 financial statements audit.
Trend of Audit Fees
The following table sets out the trend in audit fees over the last three years and also for 2012/13
Financial
Statements
Whole of
Government
Accounts
Use of Resources
Grant Certification
Total
2009/10 £
2010/11 £
2011/12 £
2012/13 £
117,900
119,505*note1
118,750
71,250*note 3
63,575
181,475
61,000
180,505
58,290*note2
177,040
36,000*note 3
107,250
*note1: The Audit Commission awarded the Authority a rebate of 6% of the scale fee (£6,495)
towards costs incurred as part of the transition to IFRS.
*note2: Includes an estimated amount for completion of benefits certification work which remains
ongoing.
*note3: This is the scale fee which we will take into account when planning our 2012/13 audit.
I am happy to discuss any of the matters set out above in more detail should you wish.
Yours faithfully
Julian Rickett
PricewaterhouseCoopers LLP
Page 2 of 2
11
Agenda Item 7
Government and Public Sector
North Norfolk District
Council
Annual Audit Letter
2011/12 Audit
October 2012
12
Agenda Item 7
North Norfolk District Council – Annual Audit Letter
Introduction
The purpose of this letter
This letter is a public document which summarises the results of our 2011/12 audit for members of the Authority
and other stakeholders.
We have already reported the detailed findings from our audit work to those charged with governance in the
following reports:


Audit report for the 2011/12 Statement of Accounts, incorporating the value for money conclusion
Report to those charged with Governance (ISA (UK&I) 260)
The matters reported here are the most significant for the Authority.
Scope of work
The Authority is responsible for preparing and publishing its Statement of Accounts, accompanied by the Annual
Governance Statement. It is also responsible for putting in place proper arrangements to secure economy,
efficiency and effectiveness in its use of resources.
Our 2011/12 audit work has been undertaken in accordance with the Audit Plan that we issued in March 2012 and
is conducted in accordance with the Audit Commission’s Code of Audit Practice, International Standards on
Auditing (UK and Ireland) and other guidance issued by the Audit Commission.
We met our responsibilities as follows:
Audit responsibility
Perform an audit of the accounts in accordance
with the Auditing Practice Board’s International
Standards on Auditing (ISAs (UK&I)).
Report to the National Audit Office on the
accuracy of the consolidation pack the Authority
is required to prepare for the Whole of
Government Accounts.
Form a conclusion on the arrangements the
Authority has made for securing economy,
efficiency and effectiveness in its use of
resources.
Consider the completeness of disclosures in the
Authority’s annual governance statement,
identify any inconsistencies with the other
information of which we are aware from our
work and consider whether it complies with
CIPFA / SOLACE guidance.
Consider whether, in the public interest, we
should make a report on any matter coming to
our notice in the course of the audit.
Determine whether any other action should be
taken in relation to our responsibilities under the
Audit Commission Act.
Issue a certificate that we have completed the
Result
We reported our findings to those charged with
governance on 18 September 2012 in our 2011/12
Report to those charged with governance (ISA
(UK&I) 260). On 27 September 2012 we issued
an unqualified audit opinion.
We reported our findings to the National Audit
Office on 3 October 2012.
On 27 September 2012 we issued an unqualified
value for money conclusion.
There were no issues to report in this regard.
There were no issues to report in this regard.
There were no issues to report in this regard.
We issued our completion certificate on 5 October
13
Agenda Item 7
North Norfolk District Council – Annual Audit Letter
Audit responsibility
audit in accordance with the requirements of the
Audit Commission Act 1998 and the Code of
Practice issued by the Audit Commission.
Result
2012.
14
Agenda Item 7
North Norfolk District Council – Annual Audit Letter
Audit Findings
Accounts
We audited the Authority’s Statement of Accounts in line with approved Auditing Standards and issued an
unqualified audit report on 27 September 2012.
We identified a number of matters as part of our audit that were discussed with the Audit Committee at its meeting
on 18 September 2012. We also identified a number of minor control weaknesses that we discussed and agreed with
management which we will follow up as part of our 2012/13 audit. There were no significant issues from our audit
of the accounts to report to you in this context.
Economy, efficiency and effectiveness
Our Use of Resources Code responsibility required us to carry out sufficient and relevant work in order to conclude
on whether the Authority had put in place proper arrangements to secure economy, efficiency and effectiveness in
the use of resources.
Audit Commission guidance specifies the criteria for our value for money conclusion:

The organisation has proper arrangements in place for securing financial resilience; and

The organisation has proper arrangements for challenging how it secures economy, efficiency and
effectiveness.
We determined a local programme of audit work based on our audit risk assessment, informed by these criteria and
our statutory responsibilities.
We issued an unqualified value for money conclusion on 27 September 2012.
Whole of Government Accounts
We undertook our work on the Whole of Government Accounts consolidation pack as prescribed by the Audit
Commission. The audited pack was submitted on 3 October 2012. We found no areas of concern to report as part
of this work.
Grant Claims and Certification
We presented our most recent Annual Certification Report for 2010/11 to those charged with governance in
February 2012. We certified 3 claims worth £54,607,028. In 1 case a qualification letter was required to set out the
issues arising from the certification of the claim. These details were also set out in our Annual Certification Report
for 2010/11. We will issue the Annual Certification Report for 2011/12 in February 2013.
Annual Governance Statement
Local authorities are required to produce an Annual Governance Statement (AGS) that is consistent with guidance
issued by CIPFA/SOLACE. The AGS accompanies the Statement of Accounts.
We reviewed the AGS to consider whether it complied with the CIPFA/SOLACE guidance and whether it might be
misleading or inconsistent with other information known to us from our audit work. We found no areas of concern
to report in this context.
15
Agenda Item 7
16
Agenda Item 7
Code of Audit Practice and Statement of Responsibilities of Auditors and of Audited Bodies
In March 2010 the Audit Commission issued a revised version of the ‘Statement of Responsibilities of Auditors
and of Audited Bodies’. It is available from the Chief Executive of each audited body. The purpose of the
statement is to assist auditors and audited bodies by explaining where the responsibilities of auditors begin
and end and what is to be expected of the audited body in certain areas. Our reports and management letters
are prepared in the context of this Statement. Reports and letters prepared by appointed auditors and
addressed to members or officers are prepared for the sole use of the audited body and no responsibility is
taken by auditors to any member or officer in their individual capacity or to any third party.
Other Matters
In the event that, pursuant to a request which you have received under the Freedom of Information Act 2000
(as the same may be amended or re-enacted from time to time) or any subordinate legislation made
thereunder (collectively, the “Legislation”), you are required to disclose any information contained in this
report, we ask that you notify us promptly and consult with us prior to disclosing such information. You agree
to pay due regard to any representations which we may make in connection with such disclosure and to apply
any relevant exemptions which may exist under the Legislation to such information. If, following consultation
with us, you disclose any such information, please ensure that any disclaimer which we have included or may
subsequently wish to include in the information is reproduced in full in any copies disclosed.
This document has been prepared for the intended recipients only. To the extent permitted by law,
PricewaterhouseCoopers LLP does not accept or assume any liability, responsibility or duty of care for any use
of or reliance on this document by anyone, other than the intended recipient to the extent agreed in the relevant
contract for the matter to which this document relates (if any), or (ii) as expressly agreed by
PricewaterhouseCoopers LLP at its sole discretion in writing in advance.
©2012 PricewaterhouseCoopers LLP. All rights reserved. 'PricewaterhouseCoopers' refers to
PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context
requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate
and independent legal entity.
17
Audit Committee
4 December 2012
Agenda Item No______8______
Progress Report on Internal Audit Activity, September to mid November 2012
Summary:
This report examines progress made between September and
12 November 2012 in relation to delivery of the Annual Audit
Plan for 2012/13, and includes abbreviated management
summaries in respect of the audit reviews which have been
finalised in the course of this period.
Conclusions:
Adequate assurance levels have been awarded to all five audits
completed since the last Internal Audit Progress Report was
prepared and submitted to the Audit Committee on 18
September 2012.
There have additionally been some changes to overall planned
days for the year, in so far as the revised figure of 226 days
reported previously, has now reduced to 214.5 days. This is
primarily due to the fact that the envisaged Phase 2 element of
ad-hoc work requested by management in relation to the new
Revenues and Benefits Shared Services Partnership has had to
be deferred to 2013/14, to permit more time for data merging
action to take place before Internal Audit then scrutinises
processes followed and the integrity of resultant information
produced.
Recommendations:
It is recommended that the Committee notes the outcomes of
the five audits completed between September and mid
November, together with recent amendments made to the
Annual Audit Plan for 2012/13.
Cabinet member(s):
All
All
Wards:
Contact Officer,
telephone
number, and
e-mail:
Sandra King, Head of Internal Audit
01508 533863
scking@s-norfolk.gov.uk
18
Audit Committee
4 December 2012
1.
Background
1.1
The Accounts and Audit Regulations 2011 require that the Council must
undertake an adequate and effective internal audit of its accounting records and
of its system of internal control in accordance with the proper practices in
relation to internal controls. To assist the authority with fulfilling this
responsibility, this Activity Report, the second of its kind to be generated in year,
comments on the results of our work for the period September to 12 November
2012, in relation to the approved Annual Internal Audit Plan for 2012/13, which
was endorsed by the Audit Committee on 6 March 2012. Members will recall
that our first Progress Report for 2012/13 was submitted on 18 September 2012
and contained Management Summaries from 3 completed audit assignments.
2.
Amendments to the Annual Audit Plan
2.1
Since we last reported back on the status of the Annual Audit Plan, and advised
members that additional work requested by management had led to planned
days rising from 212 to 226, there has been a further development whereby
audit days for delivery in year have now been amended to 214.5 days. We had
originally been commissioned to carry out 2 extra pieces of work utilising a
budget of 14 days, hence the Plan increased in size to accommodate this.
Having completed Phase 1 of this work concerning the new Revenues and
Benefits Shared Services Partnership, it has since been agreed with
management that the Phase 2 element should be deferred to early 2013/14.
The delay is required as there have been problems with data merging. Our
review work had intended to analyse the robustness of the processes followed
at this important stage in the development of the Shared Service Partnership
and the accuracy / completeness of merged records but because work is
continuing in this area, we now recognise that any further scrutiny on our part
should be held over until 2013/14. As a result, the residual job budget of 11.5
days will be carried over to the succeeding financial year to fund this work.
2.2
There has also been other rescheduling of work within the current year and the
updated timetable for undertaking 2012/13 audit assignments is noted in
Appendix A to this report.
3.
Delivery of Programmed Audit Work in accordance with the Revised
Annual Audit Plan
3.1
As demonstrated in Appendix A, 111.5 days of programmed work had been
completed at the time of writing this report. This figure equates to 52% of
revised audit planned days earmarked for completion in 2012/13. The status of
individual audits can be summarised thus:
•
Five assignments have been completed and final reports issued (Audit Nos.
NN/13/04 Procurement, NN/13/06 Leisure Complexes etc, NN/13/13 Cash
Receipting application, NN/13/14 Project Management and NN/13/15
Disaster Recovery, Back Up and Server Room Controls).
•
A draft report has been provided in relation to Audit No. NN/13/05
Partnerships and management responses are currently awaited.
•
The audit fieldwork is under way for NN/13/07 Council Tax and National Non
Domestic Rates.
19
Audit Committee
•
4 December 2012
We have circulated the audit brief for NN/13/09 Housing Benefit and Council
Tax Benefit and have scheduled the fieldwork to start on 3 December 2012.
4.
Outcomes of Work Undertaken
4.1
With reference to work completed between September and mid November
2012, as mentioned above, we have been able to finalise five audits during this
period and their respective management summaries are attached at Appendix
B to the report.
4.2
In the case of the Procurement audit (Audit No. NN/13/04), we have been able
to give an adequate assurance level to operational arrangements, which is
consistent with the audit opinion provided the last time this area was examined.
4.3
With reference to the Leisure Complexes, Sports, Arts & Entertainment, Pier
Pavilion audit (Audit No. NN/13/06) we have also been able to award an
adequate assurance level. The positive opinion provided on this occasion,
represents a marked improvement in the system of internal control operating
within this area, as our last audit in June 2009 had culminated in a limited
assurance level being issued.
4.4
In relation to the Cash Receipting Application audit (Audit No. NN/13/13), the
Project Management audit (Audit No. NN/13/14) and the Disaster Recovery,
Back Up and Server Room Controls audit (Audit No. NN/13/15), we have
additionally been able to provide adequate assurance levels for each review. In
the case of Project Management, we last examined arrangements 4 years ago
and at that time were able to confirm adequate controls were being exercised,
thus having revisited provisions in 2012/13, we are pleased to note that
satisfactory arrangements continue to be in place. The other named audits
are the first time that we have assessed the systems operating in these areas
and they have likewise highlighted that sound systems of internal control apply.
4.5
Members should note that an adequate assurance level is a positive assurance.
All audit reports finalised in the 2012/13 financial year to date (the five audits
mentioned here plus the three previously reported), have resulted in positive
assurances being awarded, which emphasises that the systems of internal
control evaluated to date, have been found to be working effectively and
efficiently.
5.
Conclusion
5.1
Good progress has been made with the delivery of the Audit Plan to date;
positive assurances have been awarded and all other work scheduled is on
track as expected.
6.
Recommendation
6.1
That members note the outcomes of the further five completed audits and the
recent amendments made to the Annual Audit Plan for 2012/13.
20
Audit Committee
4 December 2012
Appendices attached to this report:
Appendix A – Review Work delivered in accordance with the Annual Audit Plan for
2012/13 plus Ad-Hoc Work requested by Management
Appendix B – Abbreviated Management Summaries of Completed Audit Assignments
Appendix B (1) NN/13/04 Procurement
Appendix B (2) NN/13/06 Leisure Complexes, Sports, Arts & Entertainment, Pier
Pavilion
Appendix B (3) NN/13/13 Cash Receipting Application
Appendix B (4) NN/13/14 Project Management
Appendix B (5) NN/13/15 Disaster Recovery, Back Up and Server Room Controls
21
Appendix A
Review Work delivered in accordance with the Annual Audit Plan for 2012/13 plus Ad-Hoc Work requested by Management
Audit No.
Frequency of
Audit Coverage
Original Days
Planned
Revised
Days
Planned
Days
Delivered
Scheduling
PLANNED SYSTEMS AUDIT WORK
NN/13/01
Property Services and Coastal Protection
3-yearly
14
19
19
May
NN/13/02
Strategic Housing and Homelessness
2-yearly
15
15
15
July
NN/13/03
3-yearly
10
10
10
July
NN/13/04
Corporate Policy, Planning and
Performance Management
Procurement
3-yearly
12
12
12
August
NN/13/05
Partnerships
3-yearly
7
7
6
NN/13/06
Leisure Complexes, Sports, Arts and
Entertainment, Pier Pavilion
3-yearly
10
10
10
September
October
September
NN/13/07
Council Tax and NNDR
2-yearly
20
20
5
NN/13/08
Payroll, Human Resources, Expenses
2-yearly
19
19
NN/13/09
Housing Benefit CTB
2-yearly
20
20
NN/13/10
Exchequer Services - Creditors etc
2-yearly
15
15
Annually
Annually
10
9
10
9
Annually
8
169
8
174
NN/13/11
NN/13/12
Description of Audit
Work to support the AGS
Corporate Governance and Risk
Management
Systems Audit Follow Up
TOTAL PLANNED SYSTEMS AUDIT WORK
1
4
82
22
Status
Complete
Final Report issued 10 August 2012
Complete
Final Report issued 10 August 2012
Complete
Final Report issued 23 August 2012
Complete
Final Report issued 9 November 2012
Summary Report
Details presented to
Members
Adequate
Audit Committee
18 September 2012
Audit Committee
18 September 2012
Audit Committee
18 September 2012
Audit Committee
4 December 2012
Adequate
Adequate
Adequate
Draft Report issued 12 November 2012
Final Report issued 12 November 2012
Complete
October
November
November
January
November
early
December
Fieldwork under way and due to be
completed 7 December 2012
Audit rescheduled at request of
management
Audit Brief issued and fieldwork due to
commence 3 December 2012
December
January
January
February
Audit rescheduled at request of
management
2 x 6-monthly validation
47%
Assurance
Level
applicable
Adequate
Audit Committee
4 December 2012
Audit No.
Description of Audit
PLANNED COMPUTER AUDIT WORK
NN/13/13
Cash Receipting Application
Frequency of
Audit Coverage
Original Days
Planned
Revised
Days
Planned
Days
Delivered
Scheduling
Ad-hoc request
10
8
8
August
Status
Assurance
Level
applicable
Summary Report
Details presented to
Members
Final Report issued 12 November 2012
Complete
Adequate
Audit Committee
4 December 2012
NN/13/14
Project Management
3-yearly
10
7
7
August
Final Report issued 28 September 2012
Complete
Adequate
Audit Committee
4 December 2012
NN/13/15
Disaster Recovery, Back Up and Server
Room Controls
3-yearly
10
10
10
September
July
Final Report issued 12 September 2012
Complete
Adequate
Audit Committee
4 December 2012
NN/13/16
Cedar Financial Application
3-yearly
9
9
Annually
4
43
4
38
2
27
71%
212
212
109
51%
0
2.5
2.5
Phase 1 - Not
Applicable
Phase 1 - Summary of
Letter contents
to Audit Committee
18 September 2012
Computer Audit Follow Up
TOTAL PLANNED COMPUTER AUDIT WORK
TOTAL PLANNED WORK
EXTRA WORK REQUESTED
NN/13/17
Revenue and Benefits Partnership - Data
Transfer, Governance and Risk
Ad-hoc request
October
Late February
2 x 6-monthly validation
Phase 1 June
Job budget originally 14 days to cover 2
reviews.
Phase 1 - 2.5 days - Letter produced 13
July 2012.
Phase 2 - Phase 2 - 11.5 days - It has
September / subsequently been agreed with
October
management to defer this work to
2013/14 due to problems experienced
with the data merging process. The
work has thus been been rescheduled to
April/May 2013.
TOTAL OF EXTRA WORK UNDERTAKEN
GRAND WORK TOTAL
0
2.5
2.5
100%
212
214.5
111.5
52%
23
Appendix B
Management Summaries in respect of Completed Audit Assignments
Appendix 2(a)
Report No. NN/13/04 – Final Report issued 9 November 2012
Audit Report on Procurement
Audit Opinion
Adequate Assurance given
Rationale supporting award of opinion
The audit work carried out by Internal Audit indicated that:
•
While there is a basically sound system of internal control, there are weaknesses, which
put some of the client’s objectives at risk.
•
There is evidence that the level of non-compliance with some of the control processes
may put some of the client’s objectives at risk.
•
This opinion results from the two medium and three low priority recommendations raised.
•
Although we note there has been an improvement within the control environment since
the previous audit, (NN/10/07, issued November 2009) the weaknesses identified have
resulted in an adequate assurance rating being given here, hence, the travel indicator
remains unchanged.
Summary of Findings
Established Policies, Procedures, Laws and Regulations
Procurement policies and roles and responsibilities of staff in the procurement process are set
down within the Constitution although we found older versions of the Constitution were still
accessible on the website which contained different purchasing thresholds. Guidelines also
contain details relating to positions which were no longer in place within the Council.
A Procurement Strategy is in place which sets down the Council’s objectives, aims and vision in
relation to procurement. The current version expired in April 2012 and is due to be updated by
October 2012, as stated within the policy. The Procurement Strategy is appended by a
Sustainable Procurement Policy.
A Procurement Toolkit, which includes details regarding the use of consultants, is also in place to
aid staff in the procurement process and is available to all staff via the intranet.
The establishment of a Procurement Strategy, Sustainable Procurement Policy and the
Procurement Toolkit are recognised as good controls to have in place.
Resources, Roles and Responsibilities
The Procurement Officer is responsible for supporting the procurement process within the Council
and confirming the completeness of procurement policies. However, subsequent to the
completion of the audit fieldwork, this officer has taken up a new post within the Council; thereby
relinquishing all existing responsibilities, including those for providing procurement advice and
guidance. The Head of Finance has advised that the Council is recruiting a replacement although
is attempting to secure an arrangement with Kings Lynn and West Norfolk Borough Council to
provide support on an ad hoc basis, with terms still to be agreed, until a replacement has been
24
Appendix B
appointed. As an interim measure and to reduce any mitigating risks to the Council, the Head of
Finance will oversee procurement activity until a new Procurement Officer is appointed.
Procurement training is included within the staff induction process. Staff have access to
procurement policies and procedural guidance.
Tender and Quotation Rules
We focused on a sample of five contracts and ten payments through the purchase ledger to
ascertain compliance with contract procedures. We established that in one case an exception
form had not been completed for services procured with only one quotation obtained, however
the ICT Support Officer confirmed that this was due to an investigation having been carried out
the previous year and the results of this being used to identify a sole supplier for the purpose of
expediency. We also found one case where tender documents could not be located with the key
officer involved in the procurement having left the Council. As such, we were unable to confirm
that the requisite quotes had been received and assessed.
The Council has published expenditure of £500 and above although as at 12th September 2012,
the most recent information on the Council’s website was for March 2012. The Government has
since announced the requirement for Council’s to now publish expenditure over £250.
An analysis is not undertaken on a regular basis of the purchase ledger to identify trends such as
recurring purchases or to select a sample in order to check compliance with procurement
procedures.
Ad hoc exercises have been undertaken previously; the last in 2010, to identify collaborative
procurement opportunities with other local authorities and obtaining value for money in large
central contracts. However, these were not used to identify whether the Council was gaining
value for money from its general purchases through compliance with procurement procedures.
Provision is in place for declaring interest in contracts and contracts contain detail in relation to
the Bribery Act 2010.
Budgetary provision is required to be in place to support purchases. This is confirmed through
authorisation of purchases and the budget monitoring process.
Contracts Register
A Contracts Register is in place which lists all contracts, values, their durations and key officers.
The register is updated when contracts are drawn up through the Procurement Officer’s own
involvement within the procuring of contracts and his discussions with the Council’s Solicitor.
The register is password protected with two officers having knowledge of the password and
therefore having the ability to make amendments.
Performance Information
An action point has been included within the Corporate Annual Action Plan for 2012/13 relating to
the use of local businesses in the Council’s procurement. Updates are made through the TEN
system and reported through the mechanisms set down within the Performance Management
Framework.
Risk Management
Two risks have been included within the Corporate Risk Register relating to the Procurement
process. Mitigation plans have been put in place and updates are made through the TEN
system.
25
Appendix B
The following number of recommendations has been raised:
Area of Scope
Adequacy
and
Effectiveness
Assessments
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations
Raised
Established
Policies,
Procedures, Laws
and Regulations
Green
Amber
High
0
Resources, Roles
& Responsibilities
Green
Green
0
0
0
Tender and
Quotation Rules
Green
Amber
0
1
3
Contracts Register
Green
Green
0
0
0
Performance
Information
Green
Green
0
0
0
Risk Management
Green
Green
0
0
0
0
2
3
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit.
Management Responses
Management have accepted the recommendations raised.
26
Medium
1
Low
0
Appendix B
Appendix 2(b)
Report No. NN/13/06 – Final Report issued 12 November 2012
Audit Report on Leisure Complexes, Sports, Arts and Entertainment and Pier Pavilion
Audit Opinion
Adequate Assurance given
Rationale supporting award of opinion
The audit work carried out by Internal Audit indicated that:
•
While there is a basically sound system of internal control, there are weaknesses, which
put some of the client’s objectives at risk.
•
There is evidence that the level of non-compliance with some of the control processes
may put some of the client’s objectives at risk.
•
This opinion results from having raised two medium priority recommendations.
•
Although we note there has been an improvement within the control environment since
the previous audit, (NN/10/01, issued June 2009) the weaknesses identified have
resulted in an adequate assurance rating being given here, hence, the travel indicator
shows an improved position since the last audit.
Summary of Findings
Contract Monitoring
Monitoring arrangements are set down in the contracts with DC Leisure and Openwide, which
cover the key aspects of performance for both service providers.
Monthly meetings are held with both services providers, with performance data reported and
discussed at liaison meetings. Results are set out in writing and action taken where any issues
arise. However, performance data supplied by both DC Leisure and Openwide is not verified by
the Council.
Payments made to DC Leisure and Openwide are authorised by the Leisure and Cultural
Services Manager and are in accordance with contract terms.
A profit share agreement is in place between the Council and Openwide. This arrangement uses
the ‘income’ to repay capital expenditure incurred by Openwide for renovations, although the
arrangements for processing the interest elements of these payments have not been formally
documented.
There has been one formal variation made to the DC Leisure contract and two variations made
the Openwide contract,; all of which are justified and have been approved with supporting
evidence retained.
Performance Information
Performance information is reported through monthly monitoring meetings with the service
providers and through TEN, depending upon the type and frequency of the indicator.
Performance data received from each service provider is not verified by the Council.
Risk Management
Risks are considered at monthly monitoring meetings between the Council and both service
providers.
A risk register is in place for both contracts. Risks are present in relation to the service area
within TEN and are updated on a quarterly basis.
27
Appendix B
The following number of recommendations has been raised:
Area of Scope
Adequacy
and
Effectiveness
Assessments
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations
Raised
Contract Monitoring
Amber
Amber
High
0
Performance
Information
Amber*
Green
0
0
0
Risk Management
Green
Green
0
0
0
0
2
0
Total
*Issue raised in ‘Contract Monitoring’ area
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit.
Management Responses
Management have accepted the recommendation raised.
28
Medium
2
Low
0
Appendix B
Appendix 2(c)
Report No. NN/13/13 – Final Report issued 12 November 2012
Audit Report on Cash Receipting
Audit Opinion
Adequate Assurance given
Rationale supporting award of opinion
The audit work carried out by Internal Audit indicated that:
• While there is a basically sound system of internal control, there are weaknesses, which
put some of the Council’s objectives at risk. Although one medium recommendation has
been raised, a number of controls were found to be in place and operating effectively.
The recommendation has been raised to help strengthen the controls to good/leading
practice and help mitigate against risks where the control was seen to be weak. As there
have been no significant control weaknesses identified within each area of the audit, we
have been able to provide an adequate level of assurance.
• This system has not previously been audited, so there is no comparison possible with
previous findings. Hence no direction of travel indicator can be given.
Summary of Findings
Access Controls
There are adequate access controls in place. Password complexity has been enabled requiring a
minimum password length of seven characters with at least one each of lower case and upper
case and numeric characters; whilst the level of complexity being applied is adequate, it was
identified that there is an element of password complexity controls that has not been enabled
which could provide greater control in this area. Access controls require a user to change their
password at first use and every 90 days thereafter; and the system will prevent access after three
failed access attempts, requiring a system administrator to unlock the account. The system has
an adequate level of segregation of duties.
Data Processing
There are a small number of scheduled tasks that are run periodically as required. The key task
is run overnight and does not allow users into the system the next day unless it has completed
successfully, thus providing a good monitoring control. The others tasks are less critical and are
monitored by receipt of the required output. All jobs are contained within a central monitoring
tool.
Interfaces
There are three key interfaces that import data from the Cooperative and Santander bank
accounts and data from CAPITA regarding the daily online payments activity. The interface jobs
are run daily and were noted as having adequate controls. The audit noted that users were
accessing a separate PC that is used to implement the interface procedures using a username
and password belonging to a former employee. A recommendation to transfer relevant
permissions to current personnel has been raised.
Management Trails
The audit trail facility was found to be enabled and there is a query tool that allows the
interrogation of audit trail data using a variety of criteria, which is considered to be an adequate
mechanism.
Backups
There are a variety of housekeeping jobs configured to run on a monthly basis including a
29
Appendix B
number of database checks for example database size management, archiving old files,
compacting the database and rebuilding the database indexes. On a nightly basis, images of the
database are taken and copied into a backup folder for the enterprise backup solution to backup.
These backups occur to disc and then to tape, which are taken offsite to the fire station and
stored in a secured, fireproof safe.
Support Arrangements & Change Controls
The system is new to the Council, having been implemented in November 2011. Adequate
support was found to be in place in the form of a support agreement and a Service Level
Agreement. Change controls were noted as having been formally documented with early change
control records indicating that the controls are adequate,
The following number of recommendations has been raised:
Area of Scope
Adequacy
and
Effectiveness
Assessments
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations
Raised
Access Controls
Green
Green
High
0
Data Processing
Green
Green
0
0
0
Interfaces
Amber
Amber
0
1
0
Management Trails
Green
Green
0
0
0
Backups
Green
Green
0
0
0
Support
Arrangements &
Changes Controls
Green
Green
0
0
0
0
1
0
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit.
Management Responses
Management have accepted the recommendations raised.
30
Medium
0
Low
0
Appendix B
Appendix 2(d)
Report No. NN/13/14 – Final Report issued 28 September 2012
Audit Report on Project Management
Audit Opinion
Adequate Assurance given
Rationale supporting award of opinion
The audit work carried out by Internal Audit indicated that:
•
While there is a basically sound system of internal control, there are weaknesses, which
put some of the Council’s objectives at risk.
Although four medium priority
recommendations have been raised, a number of controls were found to be in place and
operating effectively. Recommendations have been raised to help strengthen these
controls to a good/leading practice level and help mitigate against risks where the
controls were seen to be weak. As there have been no significant control weaknesses
identified within each area of the audit, we have been able to provide an adequate level
of assurance.
Summary of Findings
Project Organisation
Project organisation was identified as being generally well managed, with evidence of project
sponsor, management and team formally documented. The project was small and therefore
there was no requirement to bring in external resource with the exception of the chosen system
vendor. However, it was found that minutes for any project meetings that were held were not
being formally kept and communicated, although there is evidence to suggest that informal notes
were being taken. A recommendation on this has been raised.
Business Context
Evidence that there has been strategic approval for the project and that key stakeholders have
been involved was identified during the audit, particularly at the start and end of the project.
Additionally, new business processes involved with implementing the new system was found to
have been documented in the form of procedure manuals and training material.
Project Summary
Evidence to suggest that project deliverables and budget have been documented and
communicated was identified, however, ongoing management of project issues and risks were
found to be weak, in that there was no evidence of having reviewed the risk log on a regular basis
or that an Issues log was being maintained. It was identified that, once the test system had been
implemented, a ‘snags’ log was being maintained and used to communicate issues with the
system supplier, but that the log was restricted to issues relating to the testing that was being
conducted rather than also logging the more general project issues that were being encountered.
A recommendation to ensure that logs are created and then monitored on a regular basis has
been raised.
Project Team
The audit noted that the project involved a small team, which had project management
experience available to it as required. However, it was also found that formal roles and
responsibilities had not been defined for the project team, although it is acknowledged that other,
larger projects had formally documented the roles and responsibilities for those project teams.
The small size of this project drove a decision not to formally document formal roles and
31
Appendix B
responsibilities in this case. A recommendation to ensure that formal roles and responsibilities
are drafted for all projects, regardless of their size, has been raised.
Change Management & Control
No formally documented project change management strategy was identified, although it is
acknowledged that the project required no changes to be implemented. However, it is considered
best practice to have a documented change management strategy in place for use should it have
been needed. This would be of benefit to the larger Customer Services programme that has just
started. A recommendation on this has been raised.
The following number of recommendations has been raised:
Area of Scope
Adequacy
and
Effectiveness
Assessments
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations
Raised
Project
Organisation
Amber
Amber
High
0
Business Context
Green
Green
0
0
0
Project Summary
Amber
Amber
0
1
0
Project Team
Amber
Amber
0
1
0
Change
Management &
Control
Amber
Amber
0
1
0
0
4
0
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit.
Management Responses
Management have accepted the recommendations raised.
32
Medium
1
Low
0
Appendix B
Appendix 2(e)
Report No. NN/13/15 – Final Report issued 12 September 2012
Audit Report on Disaster Recovery, Backup and Server Room Controls
Audit Opinion
Adequate Assurance given
Rationale supporting award of opinion
The audit work carried out by Internal Audit indicated that:
•
While there is a basically sound system of internal control, there are weaknesses, which
put some of the Council’s objectives at risk.
•
Although four Medium Priority recommendations have been raised, a number of controls
were found to be in place and operating effectively.
•
Recommendations have been raised to help strengthen these controls to a good/leading
practice and help mitigate against risks where the controls were seen to be weak. As
there have been no significant control weaknesses identified within each area of the
audit, we have been able to provide an adequate level of assurance.
Summary of Findings
Disaster recovery procedures
A Disaster Recovery Plan is in place and is currently being reviewed as part of a wider Business
Continuity review. Evidence in the form of meeting minutes suggest that IT are being involved
with this review through the attendance at the regular Business Continuity Working Group
meetings.
Temporary arrangements
Historically, the Council has had a small DR suite located within the Annex, which is a small
group of modular buildings located to the rear of the main Council building. This has always
presented a proximity risk in that the loss of the main building would also likely mean the loss of
the DR suite. A recent shared service project with a neighbouring Council has allowed ICT
management to work on an alternate DR suite located in Fakenham, approximately 23 miles from
Cromer. Work on this is currently ongoing and a recommendation to ensure a timely completion
has been raised.
DRP test plan
There had been good planning and recordkeeping for DR testing, however, this has fallen into
disuse since late 2010. A recommendation to reinstate this process has been raised.
Backup and recovery
Controls over the backup and recovery processes were found to be in place. The Council has
implemented virtual environments where it can, which has eased the burden of the process,
although it was noted that the original manual backup process is still in place where a virtual
environment is not present.
Server Room performance monitoring
The audit noted adequate monitoring facilities in place that monitor the facility as a whole and key
individual components. Example evidence obtained for the audit also suggests that there are
adequate maintenance arrangements in place. The monitoring facilities include a text messaging
system that complements an email alert mechanism, should the email mechanism fail for any
33
Appendix B
reason. Texts and e-mails are configured to be received by two staff members. This is not
considered to be enough cover and a recommendation to increase this has been raised.
Server Room physical access controls
The audit noted good controls in this area. There are two locked doors using key code and
manual locks. The key codes are changed annually and when an authorised person leaves. The
facility itself is located next to the ICT and Reprographics departments, which means that
unauthorised personnel attempting to gain access to the facility are likely to be detected. Access
is authorised only to IT personnel, which is considered adequate. Both doors have a visitor log
next to them, which were noted as being used. The auditor was required to sign the book before
entry.
Server Room environmental controls
Appropriate environmental controls were found to have been established. There is a recently
installed evaporative cooling system, which is the primary environmental cooling mechanism,
supported by a redundant air conditioning system. The failover mechanism from the evaporative
cooling to air conditioning was demonstrated and found to work as expected. The facility also
has water detection to mitigate the risks posed by an external roof window, which is itself sealed
but which could still leak. The facility also has a built in fire suppressant system, UPS and
adequate insurance cover. As identified under ‘Temporary Arrangements’ above, a new purpose
built alternate DR Suite is being developed in Fakenham and the early implementation of this site
will negate the weaknesses with the current solution located in the Annex building.
Planning and change control arrangements
The Council had an ICT strategy Group that had met regularly until February 2012 when the last
meeting was held. It is acknowledged that the Council has been undergoing a structural review
of its management structure and, as this work is now coming to an end, a recommendation to
have this Group reinstated has been raised. Change control processes were also noted as being
present, recently improved following an update to the formal documentation of the process and its
operation.
System performance monitoring
There are good controls in this respect and discussed in more detail in the “Server room
performance monitoring” section above.
34
Appendix B
The following number of recommendations has been raised:
Area of Scope
Adequacy
and
Effectiveness
Assessments
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations
Raised
Disaster Recovery
Procedures
Green
Green
High
0
Temporary
Arrangements
Amber
Amber
0
1
0
DRP Test Plan
Amber
Amber
0
1
0
Backup & Recovery
Green
Green
0
0
0
Server Room
Performance
Monitoring
Amber
Amber
0
1
0
Server Room
Physical Access
Controls
Green
Green
0
0
0
Amber**
Amber**
0
0
0
Planning & Change
Control
Arrangements
Amber
Amber
0
1
0
Systems
Performance
Monitoring
Green
Green
0
0
0
0
4
0
Server Room
Environmental
Controls
Total
** relates to recommendation under temporary arrangements
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit.
Management Responses
Management have accepted the recommendations raised.
35
Medium
0
Low
0
Audit Committee
4 December 2012
Agenda Item No_____9_______
The Status of Agreed Audit Recommendations due for Implementation between 1
April and 30 September 2012
Summary:
This report provides an overview of progress made concerning
the implementation of audit recommendations during the first 6
months of 2012/13.
Conclusions:
Satisfactory progress is being made in relation to the completion
of agreed Internal Audit recommendations, however our
verification work in this area has also highlighted a number of
instances where no response had been provided by the relevant
responsible officers, so we have not been able to confirm the full
extent of progress made to date to strengthen the Council’s
internal control environment.
Recommendations:
It is recommended that the Committee notes management
action taken, where additional feedback is required and those
areas where further work remains necessary prior to audit
recommendations being fully implemented.
Cabinet member(s):
Ward(s) affected:
All
All
Sandra King, Head of Internal Audit
01508 533863, scking@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
In accordance with agreed internal audit review and reporting cycles, we revisit
the status of audit recommendations on a 6 monthly basis and last presented our
findings in this area to Committee on 18 June 2012. This report therefore
provides an update on the status of audit recommendations following recent
verification work in October 2012, which examined the level of activity concerning
the completion of audit recommendations falling due between 1 April 2012 and
30 September 2012.
1.2.
The process used to monitor the status of recommendations during this period
has remained unchanged from previously noted, i.e. recommendations are input
on the TEN performance system at the time the final audit report is issued, and
managers are then required to provide progress reports as recommendations
approach their agreed implementation date. At the end of the reporting period,
the Deloitte auditors then visit services to confirm there is supporting evidence to
demonstrate the completion of audit recommendations and undertake some
36
Audit Committee
4 December 2012
selective review work to verify that appropriate action has been initiated by
management
2.
Overall Position
2.1.
The number of outstanding recommendations, listed per audit, is identified at
Appendix Cto this report. A summary of the current, and previously reported
positions, is shown in the table below:
Recommendation
status as at:
31 March 2012
30 September 2012
No.
%
M
L
34.9
0
25
6
43.0
1
14.5
0
8
2
13.9
16
50.6
0
12
6
25.0
0
7
6
18.1
0
52
20
M
L
Complete
1
15
13
Partly
implemented
0
11
Outstanding
0
26
Unable to
confirm status
Total due for
implementation
1
52
%
H
H
Due for
implementation
No.
30
83
72
Key:
H – High priority: A fundamental weakness in the system that puts the Council at risk. To be addressed
as a matter of urgency, within a 3-month time frame wherever possible, or, to put in place compensating
controls to mitigate the risk identified until such a time as full implementation of the recommendation can
be achieved.
M – Medium priority: A weakness within the system that leaves the system open to risk. To be resolved
within a 4 - 6 month timescale.
L – Low priority: Desirable improvement to the system. To be introduced within a 7 - 9 month period.
2.2.
Members will note that the summary table above adopts a slightly different format
to that provided previously. This table now contains a fuller breakdown of the
recommendations, identifying them in terms of their high, medium and low priority
ratings.
2.3.
Members attention is also drawn to the following findings made in the course of
our latest round of audit follow up work:
•
We would usually provide additional details to the Committee in respect of
high priority recommendations. However, on this occasion there were no
agreed actions carrying a high priority rating which warranted implementation
during the first 6 months of the year.
37
Audit Committee
4 December 2012
•
As acknowledged in the Table at paragraph 2.1, there has been an increase
in the percentage of completed recommendations, since we last reported the
position at financial year end, whilst the level of activity relating to partly
implemented recommendations has remained consistent going forward.
•
There has additionally been a significant reduction in the percentage of
outstanding recommendations. At the end of 2012/13, we recorded 42
recommendations (i.e. 50.6% of the total) whereas this figure is now 18
recommendations (equating to 25% of the total).
•
However, we have established through our recent review work that there are
7 audits, involving a combined 13 agreed actions, where we have been
unable to confirm the current status of these recommendations, as
management failed to give us details of the latest position reached. This
equates to 18.1% of the recommendations that should have been completed
during the period under examination. Although none of these
recommendations are rated as a high priority, it is still important to be
updated as to what has been happening, to enable the Head of Internal Audit
to monitor the Council’s internal control environment and to gain assurances
that improvements are being made to systems of internal control. Appendix
C to this report indicates the specific audits where this is currently an issue.
•
With reference to the Waste Management Contract audit (Audit No.
NN/12/03) – when we reported to Committee in June 2012, there were 4
medium recommendations outstanding from an overall 7 agreed actions
recorded in the final audit report, which carried a limited assurance and was
issued in October 2011. Our latest analysis of these recommendations has
revealed that one is still outstanding, whilst we have not received any update
from management concerning the remaining 3 items.
3.
Conclusion
3.1
Satisfactory progress is being made in relation to implementing agreed Internal
Audit recommendations, however there are instances where management
responses have not been provided and therefore we are unable to conclude
whether these recommendations have been subject to further action or have
failed to be progressed.
4.
Recommendation
4.1
It is recommended the Committee notes the progress made to implement audit
recommendations, where additional feedback is required and those areas where
further work remains necessary prior to audit recommendations being completed.
Appendices attached to this report:
Appendix C: Summary of Agreed Internal Audit Recommendations as at 30 September
2012
38
Appendix C
Appendix 1 ‐ Summary of Agreed Internal Audit Recommendations as at 30 September 2012
Reference
NN0901
NN0911
NN0912
NN1002
NN1009
NN1016
NN1017
NN1101
NN1102
NN1103
NN1104
NN1107
NN1108
NN1112
NN1203
NN1206
NN1208
NN1209
NN1210
NN1212
NN1213
NN1218
NN1301
NN1302
NN1303
Description
Corporate Governance and Risk Management
Council Tax and NNDR
Housing and Council Tax Benefits
Partnerships
Tourism and Economic Development
Housing and Council Tax Benefits
Sundry Debtors
Environmental Health
Private Sector Housing
Ethical Governance
Conveyancing, Data Protection, FOI, and Gifts and
Hospitality
Council Tax and NNDR
Exchequer Services
Development Management, Building Control and
Land Charges
Waste Management Contract
Car Parking and Markets
Sundry Debtors
Sports Halls/Centres
Corporate Governance
Work to Support the Annual Governance Statement
Parks and Open Spaces
Electoral Registration
Property Services and Coastal Protection
Strategic Housing and Homelessness
Corporate Policy, Planning and Performance
Management
Assurance Level
Adequate
Adequate
Adequate
Limited
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
H
1
1
1
1
1
1
1
1
1
1
CIVICA Revenues and Benefits Application Audit
Network Infrastructure, Security and
Telecommunications
Business Continuity
Content Management
Payroll and HR Application
Remote Access
1
1
1
2
1
1
1
1
1
3
2
1
1
1
1
1
2
1
1
2
1
2
1
2
1
1
0
NN1116
L
Unable to confirm status
H
M
L
4
1
Adequate
Ceder eFinancials Application
Adequate
Document Imaging Application Audit
Adequate
IT Security, Procurement and End User Controls Aud Adequate
Outstanding
M
1
Adequate
Limited
Limited
Limited
Adequate
Adequate
Not applicable
Adequate
Good
Adequate
Adequate
NN0917
NN1021
NN1022
COMPUTER AUDIT TOTALS
Partly Implemented
H
M
L
1
Adequate
Adequate
Adequate
SYSTEMS AUDIT TOTALS
NN1117
NN1214
NN1216
NN1217
NN1220
Completed April - September
2012
H
M
L
13
5
0
3
2
0
1
9
6
0
7
6
1
1
1
Adequate
1
Limited
Limited
Adequate
Adequate
Adequate
1
3
1
7
2
1
0
12
1
0
1
5
0
39
0
3
0
0
0
0
Total
Outstanding
Not yet due to be implemented
H
M
L
Total
1
0
1
0
0
1
1
2
1
1
1
0
1
0
0
1
1
2
1
1
2
0
1
2
0
1
5
4
0
2
4
1
1
2
1
1
0
5
4
0
2
4
2
1
3
2
3
0
1
0
33
0
1
0
0
1
1
1
2
1
0
2
3
38
1
0
0
1
1
1
3
2
0
0
0
8
1
3
2
0
2
2
0
2
0
10
Agenda item 12
AUDIT COMMITTEE WORK PROGRAMME 2012 - 2013
DECEMBER 2012
PWC
Annual Audit Letter
(PWC)
MARCH 2013
JUNE 2013
SEPTEMBER 2013
PWC 2011/12
Annual Governance
report
(ISA260)
Audit Plan (PWC)
Annual Grant
Certification Report
Protocol for liaison
between internal and
external auditors
Internal Audit
Half yearly progress
reports on the
overall performance
of the audit contract
Report on follow-up
work
Quarterly
Summaries of
completed audits
Annual Review of
the Effectiveness of
Internal Audit
Audit Plan
Annual Report and
Opinion
Quarterly
Summaries of
completed audits
Status of agreed
actions
NNDC
Business Continuity
Plan Review
Risk
Monitoring Officer’s
Report
Business Continuity
Review
Local Code of
Corporate
Governance and
Action Plan – update
Annual Governance
Statement 2012/13 –
update
Corporate Risk
Register
Business Continuity
Plan Review
40
Statement of
Accounts (+ informal
training)
North Norfolk District Council
Map of Audit Assurances provided since 2008/09
Annual Opinion Audits
Corporate Governance and
Risk Management
Ethical Governance
Fundamental Financial Systems
Sundry Debtors
Remittances
Accountancy Services
Housing Benefits / Council
Tax Benefit
Council Tax / NNDR
Exchequer Services Creditors etc
Payroll / HR
Budgetary Control
Deputy Chief Executive
Data Quality
Partnerships
(Projects and) Procurement
Property Services
Car Parking and Markets
Car Allowances
Corporate Policy, Planning
Leisure / Environment
Waste Management
Leisure Complexes
Sports Halls/Centres
Parks and Open Spaces
Environmental Health
2008-09
2009-10
2010-11
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
X
Adequate
Adequate
X
X
Adequate
Good
X
X
Good
Incorporated into accountancy
Limited
Limited
Adequate
Adequate
Adequate
Good
Adequate
Limited
Adequate
Limited
Limited
Discontinued as NI's ending
X
Adequate
Adequate
Limited
One-off audit
Deferred to 2012/13
Adequate
Limited
Adequate
Adequate
Adequate
Limited
Adequate
Development Control / Housing
Affordable Housing
Adequate
Communities and Safety
Private Sector Housing
Adequate
Foreshore and coastal
management / Coastal
Change and Pathfinder
Management
Adequate
Economic Development and
Tourism
Strategic Housing and
Homelessness
Planning, Development
Control, Land Charges
Customers / Legal
Concessionary Fares
Elections / Electoral
Registration
Whistleblowing
Legal Services, Data
Protection, Freedom of
Information
Adequate
One-off audit
2012-13
Limited
Adequate
Adequate
Adequate
Adequate
Adequate
2011-12
Good
Limited
Adequate
Good
Adequate
Adequate
Adequate
Adequate
Adequate
Function transferred to County Council
Adequate
Unsatisfactory
Good
One-off audit
Adequate
41
North Norfolk District Council
Map of Audit Assurances provided since 2008/09
IT Audits
General Ledger Application
Project Management
General IT Controls
Cash Receipting (old system)
Cash Receipting (new
system)
Document Imaging
IT Security
Software Licensing
Revenues and Benefits
Application
Network Infrastructure
Business Continuity
Disaster Recovery, Back Up
and Server Room Controls
Data Consistency
Payroll and Personnel
Content Management
Adequate
Adequate
Adequate
X
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Adequate
Limited
Limited
Adequate
Adequate
Adequate
Adequate
42