Document 12928095
advertisement
Please Contact: Lydia Hall Please email: lydia.hall@north-norfolk.gov.uk Please Direct Dial on: 01263 516047 27 November 2015 A meeting of the Audit Committee of North Norfolk District Council will be held in the Committee Room at the Council Offices, Holt Road, Cromer on Tuesday 08 December 2015 at 2.00 pm Members of the public who wish to ask a question or speak on an agenda item are requested to arrive at least 15 minutes before the start of the meeting. It will not always be possible to accommodate requests after that time. This is to allow time for the Committee Chair to rearrange the order of items on the agenda for the convenience of members of the public. Further information on the procedure for public speaking can be obtained from Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk Anyone attending this meeting may take photographs, film or audio-record the proceedings and report on the meeting. Anyone wishing to do so must inform the Chairman. If you are a member of the public and you wish to speak on an item on the agenda, please be aware that you may be filmed or photographed. Sheila Oxtoby Chief Executive To: Mr V FitzPatrick, Mr S Hester, Mr B Jarvis, Mr M Knowles, Mrs A Moore and Mr D Young All other Members of the Council for information. Members of the Management Team, appropriate Officers, Press and Public If you have any special requirements in order to attend this meeting, please let us know in advance If you would like any document in large print, audio, Braille, alternative format or in a different language please contact us Chief Executive: Sheila Oxtoby Strategic Directors: Nick Baker and Steve Blatch Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005 Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org AGENDA 1. TO RECEIVE APOLOGIES FOR ABSENCE 2. PUBLIC QUESTIONS To receive public questions, if any. 3. ITEMS OF URGENT BUSINESS To determine any items of business which the Chairman decides should be considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local Government Act 1972. 4. DECLARATIONS OF INTEREST Members are asked at this stage to declare any interests that they may have in any of the following items on the agenda. The Code of Conduct for Members requires that declarations include the nature of the interest and whether it is a disclosable pecuniary interest. 5. MINUTES (Page 1) To approve as a correct record, the minutes of the meeting of the Audit Committee held on 15 September 2015. 6. AUDIT UPDATE AND ACTION LIST (Page 8) To monitor progress on items requiring action from the meeting of 15 September 2015 including progress on implementation of audit recommendations. 7. AUDIT COMMITTEE WORK PROGRAMME (Page 9) To review the Audit Committee Work Programme. 8. ANNUAL AUDIT LETTER (Page 10) To receive the Annual Audit Letter from the External Auditors. 9. INTERNAL AUDIT PROGRESS REPORT (Page 19) To receive a follow up report on the recommendations made by Internal Audit. 10. INTERNAL AUDIT RECOMMENDATIONS FOLLOW UP REPORT (Page 44) To receive a follow up report on recommendations made by Internal Audit. 11. BUSINESS CONTINUITY To receive an update on Business Continuity. 12. EXCLUSION OF THE PRESS AND PUBLIC (Page 52) To pass the following resolution, if necessary: “That under Section 100A(4) of the Local Government Act 1972 the press and public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in of Part I of Schedule 12A (as amended) to the Act.” Agenda item _5 _ AUDIT COMMITTEE Minutes of a meeting of the Audit Committee held on Tuesday 15 September 2015 in the Committee Room, Council Offices, Holt Road, Cromer at 2.00 pm. Members Present: Committee: Mr V FitzPatrick (Chairman) Mr S Hester Mr M Knowles Mrs A Moore Mr D Young Officers in Attendance: The Head of Finance, the Internal Audit Consortium Manager, the PWC External Auditors (AB & AA), the Monitoring Officer and the Democratic Services officer 13. APOLOGIES None. 14. PUBLIC QUESTIONS None received. 15. ITEMS OF URGENT BUSINESS None 16. DECLARATIONS OF INTEREST Mrs A Moore declared an interest – that her husband received a pension from NNDC. 17. MINUTES The Minutes of the meeting of the Audit Committee held on 16 June 2015 were approved as a correct record and signed by the Chairman. 18. AUDIT UPDATE AND ACTION LIST It was agreed to move the self assessment item to March 2016 and that the medium priority audit recommendations would be in the follow up report in the December meeting. 19. AUDIT COMMITTEE WORK PROGRAMME Audit Committee 1 15 September 2015 The Committee were advised that PWC would be completing the Annual Audit Letter for December 2015 and the certification for the March 2016 meeting. 20. MONITORING OFFICER’S REPORT The Monitoring Officer introduced his report and explained that from 1989, each local authority had a monitoring officer whose focus was on corporate governance, the constitution, standing orders and procedures, and incorporated a whistleblowing role. The Monitoring Officer said that his daily role was to advise on the constitution and on processes and procedures; such as whether something is a Cabinet or Full Council decision, Standards Committee and complaints (for NNDC as well as Parish and Town Councils). He added that there were parish engagement events coming up and that he would be supporting the authority with those. The Monitoring Officer said that his annual report included ombudsman cases and whistleblowing policies. The Chairman thanked the Monitoring Officer for his report. The Monitoring Officer said that unfortunately the statistics in the report on standing order exemptions were old ones. He explained that, for example, time constraints could limit the opportunity to get quotes on the open markets and that he assessed in each case whether it was a reasonable request. The Chairman asked whether this was on the register. The Monitoring Officer confirmed that it was and that an up-to-date version would be circulated. The Head of Finance clarified that the franking machine was not an item of spend in the Capital programme for 2014/15. The Chairman asked whether the duties in section 2.1 were a reactive task rather than a proactive one. The Monitoring Officer said that it was a proactive role but that such reports were few and far between in all authorities. Examples of this would be if a committee had made an unlawful decision or that one didn’t fall within their terms of reference. He added that they were usually sorted out early and in a satisfactory way. The Chairman asked what kinds of cases the 11 ombudsman cases consisted of. The Monitoring Officer said that the Ombudsman investigated maladministration which was summarised as where the authority has not followed their own processes or where an individual has been treated unfairly or that an injustice has been caused. He explained that it was the operational side and that there was not any legal remedy and that it was not about individuals (unlike the standards regime) but the Council as a whole. He added that the Ombudsman took a pragmatic approach and that financial recompense was sometimes awarded. The Monitoring Officer said that the Ombudsman’s jurisdiction did not extend at present to Parish Councils and that an authority can be compelled to make a public report but that this was only in rare cases where the authority did not acknowledge its blame. Audit Committee 2 15 September 2015 21. ANNUAL GOVERNANCE STATEMENT The Head of Finance informed Members that the Annual Governance Statement is updated each year and covers the processes and governance arrangements for how the Council conducts its business. She said that it was refreshed and updated annually at the same time as the Statement of Accounts. The statement refers to activities in the year to support the governance for the Council including the Internal Audit reviews and also includes details of boards and groups along with their objectives. The Head of Finance explained that the AGS process identifies any governance issues that require action and these are included at section 6 of the statement. The actions from 2013/14 have been implemented and the new action arising from the 2014/15 process is in relation to the publications that the Council is required to make in line with the Governments Transparency agenda. The AGS for 2014/15 has been considered by the Performance and Risk Management Board ahead of coming to the Audit Committee today and following consideration by the Audit committee today will go to Full Council next week for approval. The Chairman, referring to section 4.1.10 asked what the format of the Peer Challenge was. The Head of Finance explained that the review took place in December 2014 and that it was not compulsory but that NNDC had chosen to take part. The organisation was visited by other LGA members; a leader, a CEO and senior directors from comparable councils. The focus of the review included economic growth and the Business Transformation Programme and how NNDC were progressing with these and what opportunities could be made. The Head of Finance explained that the review took place over four days and that it was an intensive process where Members, staff and external stakeholders were interviewed. The Head of Finance said that at the end of the process, the peer team presented their findings and recommendations. Their findings of the organisation were very positive, and highlighted areas where the Council could develop its thinking to improve capacity and also taking a more ambitious target around the outcomes on business transformation. It was PROPOSED by Cllr M Knowles and SECONDED by Cllr S Hester that the Audit Committee RECOMMEND the report to Full Council. 22. STATEMENT OF ACCOUNTS The Head of Finance informed the Committee that the statement is produced every year and that a draft version was produced by 30th June on the outturn position that was reported to Cabinet and Scrutiny in June. . She explained that the outturn position as reported to Members in June performance was measured against target and that the accounts were very prescriptive, but lengthy. She added that the deadline for production of the draft and final accounts would be brought forward in the future. The Head of Finance informed Members that there was an underspend of £431,000 which was recommended to be transferred into the invest to save reserve. She said Audit Committee 3 15 September 2015 that page 12 of the report detailed the movement in reserves and that it was split between ‘useable’ and ‘unusable’. She further explained that the useable reserves were cash back reserves of £20.5 at the year end and included earmarked reserves of £12.2 million, general reserve of £2.3 million and capital receipts of £6 million. The unusable reserves were largely accounting/statutory reserves which were £10.6 million. The Head of Finance said that there was detail in note 6 in the accounts and that each of the statements was supported by notes. The Head of Finance drew Members’ attention to page 41 of the report of earmarked reserves and balance. She said that there was a big movement of £3.3m and that it was an allocation to the business rates reserve and the broadband reserve. She explained that the statement showed the council’s position as at 31 March and that it didn’t reflect the forecast use of reserves for financing projects and capital spend over the medium to long term in line with the financial strategy. The Head of Finance said that the useable Capital Receipts reserve (asset disposal) was for capital purposes only and that there were no capital grants that hadn’t been used with £6 m left at the end of the year. The Head of Finance said that the unusable was for accounting mechanisms and entries to show other movements on assets and pension funds. The Head of Finance said that the comprehensive income and expenditure account included the cost of services, capital charges, depreciation charges and how this is financed as well as grant income and taxation. She said that looking at the position year on year, the accounts gave a snapshot of a specific point in time. The Head of Finance said that the balance sheets on pages 14 and 15 showed the net worth of NNDC and that the cash flow statements showed the cash transactions in a year. She said that the collection fund at the end on page 98 showed the billing authority and how the organisation was performing in terms of council tax and business rates collection. She informed Members that the council tax collection fund l showed them to be in a surplus position and that they had collected more than what had been paid out but said that this was not an excessive surplus. The Head of Finance said that the business rates were in a deficit of £1.9m and showed that what was collected was less than what they had said they would pay out. She explained that they had to pay out what they had committed to, but that this was mitigated through the section 31 grant to recompense fr the greater amount of reliefs paid out. The Head of Finance concluded by saying that the report did not show the council’s future spending plans and that this was an ongoing process throughout the year. The Chairman congratulated the Head of Finance and her team for the work they had done in order to produce the report. The Chairman asked whether there would be an increase in the pension liability fund as liabilities was a long term issue. The Head of Finance replied that liability was taken into account in their long term financial planning and that it was factored into the financial process. Mr D Young asked whether the £39m was specific to NNDC employees. The Head of Finance said that it was current and past employees. Audit Committee 4 15 September 2015 Mr S Hester asked whether the lump sum payments in pensions would affect the council. The Head of Finance said that these would be taken into account. Mr Knowles commented that this would affect cashflow rather than liability. The External Auditor (AB) said that the pension fund was audited separately. Mr Young asked about receivables on page 87 of the report and asked about the bad debt provision of 10%. The Head of Finance said that they used a robust process and that it was the age and size of the debt, not just a percentage, and the likelihood of recovering some of these debts. Mr Young asked whether the debts should be written off. The Head of Finance said that certain debts i.e. council tax debts of small amounts might not be economical to chase. She said that they determined a bad debt provision each year and that it was thoroughly looked at but that debt could be written back on. Mr Hester asked whether a debt was passed onto the next of kin. The Head of Finance said that they put charges on properties by enforcement. Mr Young, referring to page 4 of the report, queried the reference to the recycling contract and the loss of £250,000 in profit. The Head of Finance said that it had been based on the previous contract and that the profit shown were from the new contract. She explained that there was concern over contamination ion the recycling and that this was being covered by the service area involved. Mr Young commented that the information from NNDC about recycling was less detailed than the information provided by Norfolk County Council and that this should be looked into. The Chairman, referring to page 2 of the report asked why there was such a large variance with a £3m underspend. The Head of Finance said that this was mainly due to business rates and underspends being allocated to reserves for future commitments. She said that there was also stormworks being completed from the previous year, business rates section 31 grants as well as an underspend and additional income. Mr Hester asked what would happen with the surplus. The Head of Finance said that this was a recommendation by Cabinet that the underspend be allocated to the restructuring/invest to save reserve. The Chairman, referring to page 42 of the report asked about the reserve statements. The Head of Finance said that they had a whistleblowing amount of £10,000 which was now zero and that this had come through the internal audit report and how the Audit Committee 5 15 September 2015 council funded and resourced these types of investigations and that this had been reallocated in 2013/14. The Chairman said that the recharges were £1.2m on page 58 of the report. The Head of Finance said that this was the cost that was budgeted for and that in effect it was a recharge to all of the services that they supported to give a true cost of the departments and all of their overheads. It was PROPOSED by Cllr V FitzPatrick and SECONDED by Cllr S Hester that the Audit Committee RECOMMEND the report to Full Council 23. ANNUAL GOVERNANCE REPORT The External Auditor (AA) introduced the report to Members and said that it was the September issue. She outlined the following: Page 2: Executive Summary – changes since the Audit Plan in March 1) Change in Engagement Leader 2) Increase of a risk – from elevated risk to significant risk Pages 3,4,5: Risks identified in the audit plan Page 8: included main accounting issues identified and related parties. She said that since the Statement of Accounts had been updated there was a change in Appendix 2. Page 30: Annual Governance Statement and value for money conclusion (which was still in progress) The External Auditor (AA) said that they were required to inform the Council of any significant deficiencies and that these were listed on page 14 of the report. Mrs A Moore asked about the issues with Cabbell Park and Cromer on page 27, point 4 and asked whether Members had full access to the information. This was discussed and Members should have all of the information. Mr M Knowles asked about the asset valuation. The External Auditor (AB) said that there was difference in calculation and that the assets were not currently valued. 24. INTERNAL AUDIT PROGRESS REPORT The Internal Audit Consortium Manager introduced the report and drew Members attention to page 178 of the report which explained the terminology used by the newly appointed auditors, in comparison to that previously used. The Internal Audit Consortium Manager referred Members to the table at 2.1 on page 181, which confirmed the IT audits that have subsequently been agreed with management. The 2015/16 March audit plan is currently at 41% completion, highlighting that internal audit plan is on track and where it was anticipated to be. Audit Committee 6 15 September 2015 The Internal Audit Consortium Manager highlighted that there were new staff on the contract but that they had kept people from the previous contract, and that this mix was working well. The Internal Audit Consortium Manager, in referring to the Waste Management audit, confirmed that five recommendations had been raised with management and four had been agreed. The one not agreed was regarding the Openwide contract and a five year extension between NNDC and Places for People. She said that an issue regarding the amount stated and agreed to pay varied and that no further action had been taken. The Internal Audit Consortium Manager said, in reference to waste management, that a generic risk register was in place for Kier and that it needed to be reflective of the contract. She also said that a software itinerary was needed in IT to ensure that unauthorised software wasn’t added. The Internal Audit Consortium Manager informed Members that the new contractors performance was at appendix 3 and that there were no issues in relation to performance. Mrs A Moore commented that she preferred the analysis previously used. The Internal Audit Consortium Manager explained that it was so they could be benchmarked against the other clients of the contractor. Mr D Young asked about the Waste Management audit and wanted to clarify that the Openwide contract was for £377,000 a year and that it was renewed at £277,000 and that the contract had not changed. The Internal Audit Consortium Manger confirmed that NNDC was paying the correct amount but that the contract did not reflect this. It had been referred to legal and no further action had been taken. The Head of Finance said that it would raise concerns in case of a dispute. Mr Young said that he did not agree that no further action should be taken. The Chairman agreed and said that it would be prudent to change it. It was agreed that the Internal Audit Consortium Manager would go back to the Head of Assets and Leisure and have the contract amended. The Chairman commented that it was an unnecessary risk. The Committee ACCEPTED the update. The meeting closed at 3.50pm ______________________ Chairman Audit Committee 7 15 September 2015 Agenda Item 6 AUDIT COMMITTEE 15 SEPTEMBER 2015 – ACTIONS ARISING FROM THE MINUTES 18. Audit Update and Action List Agreed for the medium priority audit recommendations to be reported at December meeting. Emma Hodds 19. Monitoring Officer’s Report The Monitoring Officer would circulate an up-to-date version of statistics for the annual report. David Johnson 8 Agenda Item 7 AUDIT COMMITTEE WORK PROGRAMME 2015 – 2016 JUNE 2015 PWC SEPTEMBER 2015 PWC 2014/15 Annual Governance report (ISA260) Internal Audit Annual Report and Progress Report Opinion and on Internal Audit Review of the Activity Effectiveness of Internal Audit Progress report on Internal Audit Activity Follow up on Internal Audit Recommendations NNDC Corporate Risk Register/ risk management framework Business Continuity Plan Review Business Continuity training update DECEMBER 2015 MARCH 2016 PWC Annual Audit Letter E&Y Audit Plan (with overview) Annual Grant Certification Report from PWC Progress Report on Internal Audit Activity Progress Report on Internal Audit Activity Follow Up Report Strategic and on Internal Audit Annual Audit Recommendations Plans Undertake selfassessment Statement of Accounts Local Code of Corporate Governance and Action Plan Business Continuity Monitoring Officer’s Report 9 Corporate Risk Register (deferred from December) Risk Management Framework Agenda Item 8 www.pwc.co.uk North Norfolk District Council Annual Audit Letter 2014/15 Government and Public Sector October 2015 10 Contents Code of Audit Practice and Statement of Responsibilities of Auditors and of Audited Bodies Introduction 1 Audit Findings 3 Final Fees 6 In April 2010 the Audit Commission issued a revised version of the ‘Statement of responsibilities of auditors and of audited bodies’. It is available from the Chief Executive of each audited body. The purpose of the statement is to assist auditors and audited bodies by explaining where the responsibilities of auditors begin and end and what is to be expected of the audited body in certain areas. Our reports and management letters are prepared in the context of this Statement. Reports and letters prepared by appointed auditors and addressed to members or officers are prepared for the sole use of the audited body and no responsibility is taken by auditors to any Member or officer in their individual capacity or to any third party. PwC Contents North Norfolk District Council 11 An audit is not designed to identify all matters that may be relevant to those charged with governance. Our audit does not ordinarily identify all such matters. Introduction The purpose of this letter This letter summarises the results of our 2014/15 audit work for members of the Authority. We have already reported the detailed findings from our audit work to the Audit Committee in the following reports: Audit opinion for the 2014/15 financial statements, incorporating conclusion on the proper arrangements to secure economy, efficiency and effectiveness in its use of resources; Report to those charged with Governance (ISA (UK&I) 260); and Annual Certification Report (to those charged with governance). The matters reported here are the most significant for the Authority. Scope of Work The Authority is responsible for preparing and publishing its Statement of Accounts, accompanied by the Annual Governance Statement. It is also responsible for putting in place proper arrangements to secure economy, efficiency and effectiveness in its use of resources. Our 2014/15 audit work has been undertaken in accordance with the Audit Plan that we issued in March 2015 and is conducted in accordance with the Audit Commission’s Code of Audit Practice, International Standards on Auditing (UK and Ireland) and other guidance issued by the Audit Commission. We met our responsibilities as follows: Audit Responsibility Results Perform an audit of the accounts in accordance with the Auditing Practice Board’s International Standards on Auditing (ISAs (UK&I)). We reported our findings to the Audit Committee on 15 September 2015 in our 2014/15 report to those charged with governance (ISA (UK&I) 260). On 30 September 2015 we issued an unqualified audit opinion. Report to the National Audit Office on the accuracy of the consolidation pack the Authority is required to prepare for the Whole of Government Accounts. We reported to the National Audit Office on 30 September 2015 that a detailed review of the consolidation pack was not required as the Authority was below the threshold. Form a conclusion on the arrangements the Authority has made for securing economy, efficiency and effectiveness in its use of resources. On 30 September 2015 we issued an unqualified value for money conclusion. PwC 1 North Norfolk District Council 12 Audit Responsibility Results Audit Responsibility Results Consider the completeness of disclosures in the Authority’s annual governance statement, identify any inconsistencies with the other information of which we are aware from our work and consider whether it complies with CIPFA / SOLACE guidance. We undertook our work in accordance with our Audit Plan. There were no issues to report in this regard. Issue a certificate that we have completed the audit in accordance with the requirements of the Audit Commission Act 1998 and the Code of Practice issued by the Audit Commission. We issued our certificate on 30 September 2015 on completion of our work. There were no issues to report in this regard. Consider whether, in the public interest, we should make a report on any matter coming to our notice in the course of the audit. We undertook our work in accordance with our Audit Plan. There were no issues to report in this regard. Determine whether any other action should be taken in relation to our responsibilities under the Audit Commission Act. We undertook our work in accordance with our Audit Plan. There were no issues to report in this regard. PwC 2 North Norfolk District Council 13 Audit Findings Accounts We audited the Authority’s accounts in line with approved Auditing Standards and issued an unqualified audit opinion on 30 September 2015. We noted significant issues arising from our audit within our Report to Those Charged with Governance (ISA (UK&I) 260). This report was presented to the Audit Committee on 15 September 2015 and the final report was issued on 30 September 2015. We wish to draw the following points, included in that report, to your attention in this letter. Related parties In forming an opinion on the financial statements, we are required to evaluate: - whether identified related party relationships and transactions have been appropriately accounted for and disclosed; and whether the effects of the related party relationships and transactions cause the financial statements to be misleading. It was identified during the course of our work that the Authority does not hold a full list of related parties. Per CIPFA code of practice, paragraph 3.9.2.15, “Related party relationships where control exists should be disclosed irrespective of whether there have been transactions between the related parties.” The Authority would therefore need to hold a complete list of related parties in order to meet this requirement. Declaration forms completed by Councillors only require Councillors to disclose interests that they or their close family members have in other organisations where they are aware that these organisations have transacted with the Authority. There is therefore a risk that Councillors omit related parties from their declaration forms because they didn’t know about a transaction and the Authority does not hold a complete list of related parties. Finally, the Authority was unable to obtain declaration forms for two Councillors who did not return to Council following the election. In our work we identified five additional related parties which the Authority had transacted with or provided grants to in the year, and which had not been disclosed in the initial draft accounts. For four of these the Councillor in question was representing the Authority on the Board of another organisation. In one case the Authority was unaware of the individual’s involvement in the organisation. These omissions were raised as adjusted misstatements relating to disclosures and we included recommendations for improvements in our ISA 260 report. Pensions liability The most significant estimate in the Statement of Accounts is in the valuation of net pension liabilities for employees in the Norfolk County Council pension fund. The Authority’s net pension surplus/liability at 31 March 2015 was £39 million (2014 - £32 million). We reviewed the reasonableness of the assumptions underlying the pension liability, and we are comfortable that the assumptions are within an acceptable range. The report from the Pension Fund actuary was reviewed by the PwC pensions team and the assumptions used were compared to PwC 3 North Norfolk District Council 14 the industry averages with no exceptions or major variances noted. We validated the data supplied to the actuary on which to base their calculations and did not identify any issues to report. Valuation of property, plant and equipment The Authority’s property, plant and equipment (PPE) balance is significant – as at 31 March 2015, the Council held PPE assets of £50,211k (2013/14: £47,246k). Our risk assessment within our report to those charged with governance outlined the audit risk associated with this balance and the audit procedures we performed. Overall we are content that the valuation of the Authority’s is materially correct however, our work has identified three issues which have resulted in unadjusted misstatements. Grant income: Pathfinder grant income of £0.13m was recognised in 2014/15 as a gain on disposal of an asset. This was grant income initially received by the Authority from central government, and then passed to Norfolk Community Foundation to distribute based on certain conditions. Norfolk Community Foundation did not meet these conditions and so in 2014/15 the grant was returned to the Authority to distribute. When the grant was returned it was recognised as a gain on disposal of an asset (a credit to operating expenditure) but it is our view that it would be more appropriate to recognise this under grant income. This was reported as an unadjusted misstatement in our ISA 260 report. Asset valuations are a year out of date: The Authority values its assets which are based on market or replacement cost values to 1 April rather than 31 March. In financial year 2014/15, the assets subject to this kind of revaluation were the public conveniences. PwC performed an exercise to revalue the public conveniences from 1 April 2014 to 31 March 2015 and noted a movement in the value. Assets not revalued in year: The Authority revalues its assets on a five year rolling cycle where there has been no significant movements since the previous revaluation which is in line with CIPFA guidance. The Authority did not undertake a formal assessment of whether there had been a significant movement on the asset not subject to a formal valuation in 2014/15. As part of our audit work, we requested that management perform this assessment as valuation indices indicated there may have been a material movement. As a result of this request, the Authority’s internal valuers undertook a desktop revaluation of all significant assets and noted that the asset values had been subject to movement, however this was not material. The combined unadjusted misstatement for these two items is £0.2m. PwC 4 North Norfolk District Council 15 Use of Resources We carried out sufficient, relevant work in line with the Audit Commission’s guidance, so that we could conclude on whether the Authority had in place, for 2014/15, proper arrangements to secure economy, efficiency and effectiveness in your use of the Authority’s resources. In line with Audit Commission requirements, our conclusion was based on two criteria: The Authority’s most recent Medium Term Financial Strategy shows a balanced budget for 2016/17 with a total gap of £1.9m up to 2019/20. The Authority has demonstrated ongoing achievement of savings in the past years. Further its general fund reserves balance held as at 31 March 2015 is £2.3m which covers the funding gap up to 2019/20. This together with our review of its future savings plans has given us comfort over the Authority’s arrangements in its use of resources. that the organisation has proper arrangements in place for securing financial resilience; and We issued an unqualified conclusion on the ability of the organisation to secure proper arrangements to secure economy, efficiency and effectiveness in its use of resources. that the organisation has proper arrangements for challenging how it secures economy, efficiency and effectiveness. Annual Governance Statement To reach our conclusion, we carried out a programme of work that was based on our risk assessment which included: Obtaining and reviewing the Authority’s Medium Term Financial Strategy, including the assumptions utilised in identifying the funding gaps arising; Considering and discussing the emerging savings options as well as the magnitude of unidentified savings with officers, in order to understand the current plans to address the funding gap; Considering the Authority’s historic record in delivering savings; and Considering the monitoring and reporting arrangements, together with governance structures in place in relation to savings and efficiencies. Local authorities are required to produce an Annual Governance Statement (AGS) that is consistent with guidance issued by CIPFA/SOLACE. The AGS accompanies the Statement of Accounts. Whole of Government Accounts We undertook our work on the Whole of Government Accounts consolidation pack as prescribed by the National Audit Office. The audited pack was submitted on 30 September 2015. We found no areas of concern to report in this context. Certification of Claims and Returns We presented our most recent Annual Certification Report for 2013/14 to those charged with governance in January 2015. We certified one claim worth £31.7 million. A qualification letter was required to set out the issues arising from the certification of the claim. We will issue the Annual Certification Report for 2014/15 in January 2016. PwC 5 North Norfolk District Council 16 Final Fees Final Fees for 2014/15 We reported our fee proposals in our audit plan. We are currently in the process of agreeing the fee over and above the scale element with Public Sector Audit Appointments Limited (PSAA) and will report the final position in due course. Our fees charged were therefore: 2014/15 outturn 2014/15 fee proposal 2013/14 final outturn * 72,150 74,466 ** 35,480 35,187 - - - 107,630 109,653 Audit work performed under the Code of Audit Practice - Statement of Accounts - Conclusion on the ability of the organisation to secure proper arrangements for the economy, efficiency and effectiveness in its use of resources - Whole of Government Accounts Certification of Claims and Returns Non Audit Work TOTAL *Note our fee for the audit of the statement of accounts has not been finalised. We are currently in the process of agreeing this with the Authority and PSAA and will report the final position in due course. **Our fee for certification of claims and returns is yet to be finalised for 2014/15 and will be reported to those charged with governance in March 2016 within the 2014/15 Annual Certification Report. PwC 6 North Norfolk District Council 17 In the event that, pursuant to a request which North Norfolk District Council has received under the Freedom of Information Act 2000, it is required to disclose any information contained in this report, it will notify PwC promptly and consult with PwC prior to disclosing such report. North Norfolk District Council agrees to pay due regard to any representations which PwC may make in connection with such disclosure and North Norfolk District Council shall apply any relevant exemptions which may exist under the Act to such report. If, following consultation with PwC, North Norfolk District Council discloses this report or any part thereof, it shall ensure that any disclaimer which PwC has included or may subsequently wish to include in the information is reproduced in full in any copies disclosed. This document has been prepared only for North Norfolk District Council and solely for the purpose and on the terms agreed through our contract with Public Sector Audit Appointments Limited. We accept no liability (including for negligence) to anyone else in connection with this document, and it may not be provided to anyone else. © 2015 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to the UK member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. 130610-142627-JA-UK 18 Audit Committee 8 December 2015 Agenda Item No______9_____ Progress Report on Internal Audit Activity: 4 September to 24 November 2015 Summary: This report examines the progress made between 4 September and 23 November 2015 in relation to delivery of the Annual Internal Audit Plan for 2015/16. Conclusions: Progress in relation to delivery of the Internal Audit Plan is line with expectations with the audit plan now being 72% complete; and positive assurances have been awarded in the five audit reviews finalised in this period. Recommendations: It is recommended that the Committee notes the outcome of the audits completed between 4 September and 24 November 2015 where assurance levels have been given. Cabinet member(s): Ward(s) affected: All All Emma Hodds, Internal Audit Consortium Manager 01508 533791, ehodds@s-norfolk.gov.uk Contact Officer, telephone number, and e-mail: 1. Background 1.1. This report reflects progress made with regard to assignments featuring in the approved Annual Internal Audit Plan for 2015/16 which was endorsed by the Audit Committee on 17 March 2015. 2. Overall Position 2.1. The overall position in relation to the progress made against the Internal Audit Plan is within the attached report. 3. Conclusion 3.1 Progress in relation to delivery of the Internal Audit Plan is line with expectations and positive assurances have been awarded in the five audit reviews finalised in this period. 4. Recommendation 4.1 It is recommended that the Committee notes the outcome of the audits completed between 4 September and 24 November 2015 where assurance levels have been given. 19 Audit Committee 8 December 2015 Appendices attached to this report: Progress Report on Internal Audit Activity 20 Eastern Internal Audit Services North Norfolk District Council Progress Report on Internal Audit Activity Period Covered: 4 September to 24 November 2015 Responsible Officer: Emma Hodds – Internal Audit Consortium Manager (IACM) CONTENTS 1. INTRODUCTION ............................................................................................................. 2 2. SIGNIFICANT CHANGES TO THE APPROVED INTERNAL AUDIT PLAN ................... 2 3. PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK ............................. 2 4. THE OUTCOMES ARISING FROM OUR WORK ........................................................... 2 5. PERFORMANCE MEASURES ....................................................................................... 5 APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK .................. 6 APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES ............................................. 8 APPENDIX 3 – PERFORMANCE MEASURES ................................................................... 9 Page 1 of 23 21 1. INTRODUCTION 1.1 This report is issued to assist the Authority in discharging its responsibilities in relation to the internal audit activity. 1.2 The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in this context as the Internal Audit Consortium Manager) to report to the Audit Committee on the performance of internal audit relative to its plan, including any significant risk exposures and control issues. The frequency of reporting and the specific content are for the Authority to determine. 1.3 To comply with the above this report includes: Any significant changes to the approved Audit Plan; Progress made in delivering the agreed audits for the year; Any significant outcomes arising from those audits; and Performance Indicator outcomes to date. 2. SIGNIFICANT CHANGES TO THE APPROVED INTERNAL AUDIT PLAN 2.1 At the meeting on 15 March 2015, the Annual Internal Audit Plan for the year was approved, identifying the specific audits to be delivered, with the IT audits confirmed at the previous Committee meeting in September. Since then there have been no further changes to the plan. 3. PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK 3.1 The current position in completing audits to date within the financial year is shown in Appendix 1 and progress to date is in line with expectations. Quarter one and two work is now complete, all quarter three work also complete and at draft report stage, with planning for quarter four now underway. 3.2 In summary 122 days of programmed work has been completed, equating to 72% of the (revised) Audit Plan for 2015/16. 4. THE OUTCOMES ARISING FROM OUR WORK 4.1 On completion of each individual audit an assurance level is awarded using the definitions shown in the table below. Substantial Assurance Based upon the issues identified there is a robust series of suitably designed internal controls in place upon which the organisation relies to manage the risks to the continuous and effective achievement of the objectives of the process, and which at the time of our review were being consistently applied. Reasonable Assurance Based upon the issues identified there is a series of internal controls in place, however these could be strengthened to facilitate the organisation’s management of risks to the continuous and effective achievement of the objectives of the process. Improvements are required to enhance the controls to mitigate these risks. Limited Based upon the issues identified the controls in place are insufficient to Page 2 of 23 22 Assurance ensure that the organisation can rely upon them to manage the risks to the continuous and effective achievement of the objectives of the process. Significant improvements are required to improve the adequacy and effectiveness of the controls to mitigate these risks. No Assurance Based upon the issues identified there is a fundamental breakdown or absence of core internal controls such that the organisation cannot rely upon them to manage risk to the continuous and effective achievement of the objectives of the process. Immediate action is required to improve the controls required to mitigate these risks. 4.2 Recommendations made on completion of audit work are prioritised using the definitions shown in the table below. Urgent Fundamental control issue on which action to implement should be taken within 1 month. Important Control issue on which action to implement should be taken within 3 months. Needs Attention Control issue on which action to implement should be taken within 6 months. 4.3 In addition, on completion of audit work “Operational Effectiveness Matters” are proposed, these set out matters identified during the assignment where there may be opportunities for service enhancements to be made to increase both the operational efficiency and enhance the delivery of value for money services. These are for management to consider and are not part of the follow up process. 4.4 During the period covered by the report Internal Audit Services have issued five final reports and the Executive Summary of these reports are attached at Appendix 2, full copies of these reports can be requested by Members from the Internal Audit Consortium Manager. 4.5 As a result of these audits 18 recommendations have been raised; no priority one (urgent) recommendations, 10 priority two (important) recommendations and eight priority three (needs attention) recommendations. All of which have been agreed by management. In addition four Operational Effectiveness Matters have been proposed to management for consideration. 4.6 In summary the final reports issued conclude the following: Corporate Governance and Risk Management This scope of this was to review the governance of the contracts register and the processes in place for risk management. On conclusion a reasonable assurance was awarded with two priority two (important) recommendations and two priority three (needs attention) recommendations agreed with management. The priority two recommendations relate to; regular review of the risk management framework in line with Council policy, this was last reviewed in 2010 and a purchase ledger Page 3 of 23 23 analysis is to be undertaken to compare to the contracts register to ensure that all contracts are accounted for. Housing Strategy The audit covered the systems and controls in place in relation to Housing Strategy and Affordable Housing, with two priority two (important) recommendations agreed with management, and a reasonable assurance provided. The first recommendation was in relation to the Housing Development Officer post only being until December 2015 and the risks associated with this key post however this has since been extended to December 2016. The other recommendation relates to the need for a retrospective agreement between Victory Housing Trust and the Council to reflect the requirement for nomination arrangements to be in place for the provision of affordable housing within the Exception Housing. Homelessness and Housing Options The objective of the audit was to review the systems and controls in place within Homelessness and Housing Options, to help confirm that these are operating adequately, effectively and efficiently. A reasonable assurance was awarded on conclusion of the audit with one priority two (important) recommendation and three priority three (needs attention) , agreed with management. The important recommendation relates to written decision letters when reaching a conclusion on a case; senior officers will now incorporate an additional process when awarding higher banding to check that letter has been sent. This provides the evidence that the Council has performed their duties to homeless applicants in accordance with legislation. Parks, Open Spaces and Woodland Management The audit covered the areas of; income; maintenance and health and safety; and monitoring of events and management plans. The audit concluded with a reasonable assurance and three priority two (important) one priority three (needs attention) recommendations were agreed with management. The important recommendations relate to; reviewing and reminding staff of the procedures to follow for the receipt, secure storage, collection, accounting for and banking of income at the Parks and Woodlands; ensuring that a clear audit trail is in place for income collected, retained, accounted for and banked; and ensuring that suitable arrangements are in place for the management of the float retained at Holt Country Park. Register of Electors This IT audit reviewed; application management & governance; system security; interface & processing controls; change controls; and system resilience & recovery. The audit concluded with a reasonable assurance and four recommendations (two priority two and two priority three) were agreed with management. The important recommendations relate to; ensuring that the system administrator role is adequately reflected in the appropriate job description; and ensuring that only the appropriate staff have administrator access to the Electoral Services IT Application. 4.7 It is pleasing to note that all audits concluded in a positive opinion being awarded, indicating a strong and stable control environment to date, with no issues that would need to be considered at year end and included in the Annual Governance Statement. Page 4 of 23 24 5. PERFORMANCE MEASURES 5.1 The new Internal Audit Services contract includes a suite of key performance measures against which the new contractor will be reviewed on a quarterly basis. There are a total of 13 indicators, over 4 areas. From the first year of the contract records will be maintained for all 13, however performance can only be recorded on 11 of these as base line data is required for the final 2. The performance measures can be seen at Appendix 3. 5.2 There are individual requirements for performance in relation to each measure; however performance will be assessed on an overall basis as follows (for the first year): 9-11 KPIs have met target = Green Status. 5-8 KPIs have met target = Amber Status. 4 or below have met target = Red Status. Where performance is amber or red a Performance Improvement Plan will be developed by the contractor and agreed with the Internal Audit Consortium Manager to ensure that appropriate action is taken. 5.3 The work for quarter one and two has been completed and a report on the performance measures provided to the Internal Audit Consortium Manager, performance is currently at green status with targets having been satisfactorily met for this quarter. 5.4 In addition to these quarterly reports from the Contractors Audit Director, ongoing weekly updates are provided to ensure that delivery of the audit plan for the current financial year is on track. A review of the most recent update indicates that the Internal Audit plan of work at North Norfolk remains on track, and there are no issues that need to be addressed. 5.5 It is worth noting that although some feedback has been received from managers at the end of the audit review, the response rate is quite low. As the audit work is undertaken by a contractor it is important to received feedback to ensure that from a client perspective the audit is undertaken in a professional and timely manner. This will be discussed with Heads of Service at meetings arranged in the New Year. Page 5 of 23 25 APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK Audit Area Audit Ref No. of days Revised Days Status Days Delivered Quarter 1 Leisure, Arts and Pier Pavilion NN1601 10 10 10 Waste Management NN1602 17 17 17 TOTAL Quarter 2 Corporate Governance and Risk Management NN1603 27 27 27 8 8 8 Housing Strategy & Affordable Housing, including Housing Enabling & Empty Properties Homelessness and Housing Options NN1604 10 10 10 NN1605 10 10 10 Parks and Open Spaces & Woodland Management TOTAL Quarter 3 Remittances NN1606 10 10 10 38 38 38 NN1607 12 12 11 Car Parking NN1608 10 10 9 22 22 20 15 16 10 41 15 16 10 41 0 0 0 0 TOTAL Quarter 4 Key Controls and Assurance Accountancy Services Accounts Receivables TOTAL NN1609 NN1610 NN1611 Assurance Level Recommendations Date to Committee Urgent Important Needs Attention Op Final Report issued 17 July Reasonable 2015 Final Report issued 9 July 2015 Reasonable 0 5 3 1 0 2 1 1 Final Report issued 24 November 2015 Final Report issued 30 October 2015 Reasonable 0 2 2 0 Reasonable 0 2 0 1 Final Report issued 3 November 2015 Final Report issued 28 October 2015 Reasonable 0 1 3 1 Reasonable 0 3 1 2 Draft Report issued 20 November 2015 Draft Report issued 17 November 2015 26 15 September 2015 15 September 2015 8 December 2015 8 December 2015 8 December 2015 8 December 2015 Audit Area Audit Ref No. of days Revised Days Status Days Delivered Disaster Recovery Software Licensing NN1612 NN1613 0 0 8 6 7 6 Draft Report imminent Final Report issued 7 August 2015 Register of Electors NN1614 0 8 8 Cash Receipting Application IT audits to be confirmed TOTAL Follow Up Follow Up TOTAL NN1615 NN TBC 0 30 30 8 0 30 7 0 28 Final Report issued 6 November 2015 Draft Report imminent NN NA 12 12 12 12 9 9 170 170 122 TOTAL Percentage of plan completed 72% 27 Assurance Level Recommendations Date to Committee Urgent Important Needs Attention Op Reasonable 0 3 2 1 15 September 2015 Reasonable 0 2 2 0 8 December 2015 0 20 14 7 APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES Assurance Review Corporate Governance and Risk Management Executive Summary OVERALL ASSURANCE ASSESSMENT SCOPE The audit covered a review of the systems and controls in place in relation to Corporate Governance and Risk Management, in particular; Governance of the Contracts Register; and Risk Management. ACTION POINTS Urgent Important Needs Attention Operational 0 2 2 0 28 RATIONALE The systems and processes of internal control are, overall, deemed ‘Reasonable’ in managing the risks associated with Corporate Governance and Risk Management. The assurance opinion has been derived as a result of two ‘important’ and two ‘needs attention’ recommendations being raised upon the conclusion of our work. KEY FINDINGS Positive Findings Governance of the Contracts Register The Council's procurement framework, Contract Standing Orders, Financial Regulations, Procurement Strategy and Procurement procedural guidance are available on the Council’s website and are regularly reviewed. The requirements for maintaining a Contracts Register are clearly defined within the Local Government Transparency Code 2015, which is published on the Council’s website. Controls are in place for ensuring access to the Contracts Register is restricted within the Council’s network. Within the annual Self-Assessment Assurance Statement, Heads of Service are required to disclose whether all contracts held within their service departments, of a value of £5,000 or greater, have been included within the Contracts Register. Risk Management Procedures are in place for ensuring appropriate levels of access to the Council’s TEN performance management system. New and emerging service risks are captured and, where applicable, escalated to the Corporate Risk Register, as and when required. Provision is made within the standing agenda of Cabinet reports for the requirement to discuss/capture the risks of the matters being considered. A procedure is in place to help ensure risks are assigned to key officers who are responsible for monitoring and reducing the impact of these risks. Progress with risk management is reported regularly to senior management and Members of the Council. Issues to be addressed The audit has highlighted the following areas whereby controls would benefit from being strengthened, and as a result of these findings, two important recommendations have been made. Governance of the Contracts Register A purchase ledger analysis has not been undertaken and reconciled to the Contracts Register to identify contracts which may be unaccounted for in the register, as such the Council may not being aware of all its contractual obligations. 29 Risk Management The Council’s Risk Management Framework has not been reviewed and updated, where necessary, in accordance with Council policy. There is a risk that reliance will be placed on outdated procedures leading to inconsistencies in the identification and mitigation of significant risks affecting the The audit has also highlighted the following areas where two ‘needs attention’ recommendations have been made. Governance of the Contracts Register Contingency procedures are not in place in relation to the maintenance of the Contracts Register for periods of staff member absence. The Contracts Register may not be adequately maintained resulting in contracts not being included. Risk Management Resilience measures are in not place in relation to the processes within Risk Management to support key staff unavailability. The processes surrounding Risk Management may not be adequately maintained. Previous audit recommendations The audit reviewed the previous internal audit recommendations, of which one remains outstanding, in particular with regard to the need for management to regularly review the Contracts Register, has yet to be fully implemented, with progress continuing to be monitored through internal audit’s cyclical follow up arrangements. The audit has also highlighted one instance where the risk remains outstanding although has been accepted by management of the Council until appropriate procedures can be put in place, in particular; risk management training has not been provided to Council Members who were elected in May 2015. The Head of Finance stated that this was due to other training areas taking priority. However, plans are in place for members to undertake risk management training by the end of quarter four of the 2015/16 financial year. 30 Assurance Review of Housing Strategy and Affordable Housing Executive Summary OVERALL ASSURANCE ASSESSMENT SCOPE The audit covered a review of the systems and controls in place in relation to Housing Strategy and Affordable Housing, in particular; Housing Strategy; and Affordable Housing. ACTION POINTS Urgent Important Needs Attention Operational 0 2 0 1 31 RATIONALE The systems and processes of internal control are, overall, deemed ‘Reasonable’ in managing the risks associated with Housing Strategy and Affordable Housing. The assurance opinion has been derived as a result of two ‘important’ recommendations being raised upon the conclusion of our work. The audit has also raised one Operational Effectiveness Matter, which sets out matters identified during the assignment where there may be opportunities for service enhancements to be made to increase both the operational efficiency and the delivery of value for money services. KEY FINDINGS Positive Findings It is acknowledged that there are areas where sound control are in place and operating consistently. Housing Strategy The Housing Strategy 2012-2015 addresses the key housing priorities within the Council's Corporate Plan 2012-2015. Procedures are in place for the revision of the Housing Strategy and the Corporate Plan to ensure that the Council’s priorities are accurately reflected. Affordable Housing Strategy, policy and procedures are maintained for the short, medium and long term objectives and processes within Affordable Housing. Controls are in place for ensuring access to the Housing Stock Database and the Locata system is restricted. Guidelines extend to the provision of arrangements for assessing eligibility for affordable housing including shared equity housing. Procedures are in place to accommodate the Council’s forthcoming acquisition of affordable housing under two shared equity schemes throughout 2015 and 2016. These schemes have been subject to approval in accordance with levels of delegated authority. A consolidated record of all affordable housing property within the District is maintained. Procedures are in place for monitoring the activities of Registered Providers in relation to existing affordable housing stock and affordable housing allocation. Progress with the provision of affordable housing is monitored and regularly reported to senior management and members. A procedure is in place to monitor capital expenditure within the Housing Enabling Budget. Arrangements are in place for the agreement, receipt, monitoring and allocation of commuted sums. 32 Issues to be addressed The audit has highlighted the following areas whereby controls would benefit from being strengthened, and as a result of these findings two important recommendations have been made. Housing Strategy The Housing Development Officer post is due to become vacant from December 2015. There are currently no plans to replace this post and there is no service risk to highlight the potential impact this will have in administering the service including maintaining Housing Stock Database. Affordable Housing The Council has been unable to locate documentation for the nomination agreement necessary for affordable housing provisioned within the Felmingham Exception Housing Scheme, this requires retrospective action to ensure that there is assurance on the Council’s position and that of other interested parties, in respect of nomination rights and proceeds of sale through tenants’ ‘Right to Acquire’ is clearly understood. Operational Effectiveness Matters The operational effectiveness matters for management to consider relate to the functionality of the Housing Stock Database, to identify potential improvements which can be made to its functionality and efficiency. 33 Assurance Review of Homelessness and Housing Options Executive Summary SCOPE OVERALL ASSURANCE ASSESSMENT The objective of the audit was to review the systems and controls in place within Homelessness and Housing Options, to help confirm that these are operating adequately, effectively and efficiently. The audit covered: Homelessness and Housing Options ACTION POINTS Urgent Important Needs Attention Operational 0 1 3 1 34 North Norfolk District Council 2015/16 RATIONALE The systems and processes of internal control are, overall, deemed ‘Reasonable’ in managing the risks associated with the Homelessness and Housing Options. The assurance opinion has been derived as a result of one ‘important’ and three ‘need attention’ recommendations being raised upon the conclusion of our work. The audit has also raised one ‘operational effectiveness matter(s)’, which sets out matters identified during the assignment where there may be opportunities for service enhancements to be made to increase both the operational efficiency and enhance the delivery of value for money services. KEY FINDINGS Positive Findings It is acknowledged there are areas where sound controls are in place and operating consistently: Housing Options staff attend relevant training sessions to be kept up to date on new developments in relation to housing options. P1E returns are submitted quarterly to the Department for Communities and Local Government (DCLG). Housing Benefit (HB) claims are immediately submitted for homeless applicants who qualify for HB. Landlords’ invoices are verified for accuracy through comparison with the temporary accommodation moving in memorandum, and these are paid in a timely manner. The Council’s Risk Management Framework is supported by the TEN performance and risk management system and Housing Options Service level risk is monitored quarter. Issues to be addressed The audit has highlighted the following areas whereby controls would benefit from being strengthened, and as a result of these findings one important recommendation has been made. Homelessness Enquires and Investigations Written decision letters were not always produced with copies held on file for all homeless applications processed by the Council. Without decision letters being recorded as issued, applicants may be waiting excessive periods to clarify whether a decision has been made. The audit has also highlighted the following areas where three ‘needs attention’ recommendations have been made. 35 North Norfolk District Council 2015/16 Temporary Accommodation Not all temporary accommodation agreements were signed by applicants, with circumstances explained. This issue was also raised in the August 2012 audit report. Homelessness Enquires and Investigations There is no systematic method for storing supporting evidence obtained during homeless application inquiry process on Locata. This could result evidence being difficult to retrieve if required. Evidence of applicants’ written consent to disclose information and for the Council’s representative to seek verification of points made in an application could not be found on file for some applicants. This could cause delays or prevent applications progression. Operational Effectiveness Matters The operational effectiveness matters, for management to consider relate to considering that applicants’ priority need and intentions are subject to inquiries, in cases where homelessness or threatened homelessness and eligibility are established. 36 North Norfolk District Council 2015/16 Assurance Review of Parks and Open Spaces Executive Summary SCOPE OVERALL ASSURANCE ASSESSMENT The objective of the audit was to review the systems and controls in place within Parks and Open Spaces, to help confirm that these are operating adequately, effectively and efficiently. The audit covered the areas of: Income; Maintenance and Health and Safety; and Monitoring of Events and Management Plans. ACTION POINTS Urgent Important Needs Attention Operational 0 3 1 2 37 RATIONALE The systems and processes of internal control are, overall, deemed ‘Reasonable’ in managing the risks associated with the Parks and Open Spaces Audit. The assurance opinion has been derived as a result of three ‘important’ and one ‘needs attention’ recommendation being raised upon the conclusion of our work. The audit has also raised two ‘operational effectiveness matters’, which set out matters identified during the assignment where there may be opportunities for service enhancements to be made to increase both the operational efficiency and enhance the delivery of value for money services. KEY FINDINGS Positive findings It is acknowledged there are areas where sound controls are in place and operating consistently: Delivery of events and activities run at the Parks and Woodland managed by the Council are monitored, to ensure that annual targets are met and are fit for purpose. An Inspection and maintenance regime is in place to monitor the safety of areas within the Council’s responsibility. Clear lines of responsibility have been defined for the Parks and Woodland managed by the Council. Issues to be addressed The audit has highlighted the following areas whereby controls would benefit from being strengthened, and as a result of these findings three ‘important’ recommendations have been made. Income Written procedures are not in place for the receipt, secure storage, collection and banking of income from the Parks and Woodland managed by the Council. Without such procedures, there is an increased risk that that the Council is not receiving all income due and that this remains undetected. A clear audit trail is not in place within the Council to ensure the appropriate processes are followed in relation to the collection, accounting and banking of income received from the Parks and Woodland managed by the Council. Without a clear audit trail in place, there is an increased risk that money will be unaccounted for or lost as investigations in to its whereabouts cannot be undertaken. Arrangements are not in place for the management of the float retained at the Visitors Centre in Holt Country Park. Without such arrangements in place, there is a risk that services will not be available at the park through a lack of money retained at the park, leading to financial and reputational loss for the Council. The audit has also highlighted the following areas where one ‘needs attention’ recommendation has been made. 38 Monitoring of Events and Management Plans The Management Plans for non-green flag accredited Parks and Woodland managed by the Council are out of date and have not been reviewed since their inception in 2007. Without regular review and monitoring, there is an increased risk that the objectives within these Management Plans are out dated and that poor performance is not identified and resolved. Operational Effectiveness Matters The operational effectiveness matters, for management to consider relate to a risk assessment for all Parks and Woodland managed by the Council to be undertaken on a more frequent basis and a revision to the memorandum agreement between the Council and the FCE for Bacton Woods to reflect the correct period of agreement and arrangements for reporting of activity. 39 Assurance Review of the Xpress Electoral Services Application Executive Summary OVERALL ASSURANCE ASSESSMENT SCOPE The audit looked at the following aspects of the Application: Application Management and Governance; System Security (excluding Access Controls and Password Controls); Interface and Processing Controls; Change Controls; and System Resilience and Recovery. ACTION POINTS Urgent Important Needs Attention Operational 0 2 2 0 40 RATIONALE The systems and processes of internal control are, overall, deemed ‘Reasonable’ in managing the risks associated with the Xpress application. The assurance opinion has been derived as a result of two ‘important’ recommendations and two ‘needs attention’ recommendations being raised upon the conclusion of our work. KEY FINDINGS Positive Findings Application Management and Governance The Electoral Services Manager acts as the system administrator for the application and acts as the “Data Access Officer” with responsibility for ensuring the confidentiality, integrity and availability of the data processed by the application. The Head of Organisational Development is the overall owner of the application. The application is adequately licenced via a Site Licence. There is relevant user training for the application in place. System Security (excluding Access controls and password controls) Master data updates are managed using application releases that effectively upgrade the application with changed master data. Local users have no access to this functionality. Interface and Processing Controls The key interface with the Department for Work and Pensions that is used to confirm resident details is adequately documented within the application and is being managed effectively. System processing jobs comprise database backups and clean up jobs, which are being monitored adequately. System Resilience and Recovery There are adequate onsite and offsite backup processes in place. The Council no longer uses tape for backups, which means that there is no longer a requirement to test the recoverability of tapes, thus demonstrating their continued viability for use as backup media. The Electoral Services Department has a documented service area Business Continuity Plan. In addition, there is an Elections Business Continuity Plan, which takes precedence should an election be being managed. From a disaster recovery perspective, it is possible to restore any of the available backups to an available virtual environment in a short time. 41 Issues to be addressed Application Management and Governance The Electoral Services Manager’s job description does not include adequate reference to the “Xpress System Administration” and “Data Access Officer” roles, including this would ensure formal accountability for these roles. System Security All of the core users in the Electoral Services Department are designated as administrators of the application. Hence, they all have full access to the application, which means that all users currently have permissions that provide access to functions which only the Electoral Services Manager is permitted to use. Interface and Processing Controls The automated email functionality attaches a document but the user cannot check the content of the attachment before it is sent. Due to the nature of the information that the team deal with this could result in Data Protection issues. The Council needs to work with the vendor to understand the feasibility of implementing a feature to allow users to review emails before they are sent is being raised, thus reducing the likelihood of a breach occurring. Change Controls There are currently no change control processes in place for the application at the Council. The application vendor supplies periodic application updates to Electoral Services Management, who update the application themselves with no formal testing within a test environment undertaken. It is considered prudent for Electoral Services Management to investigate the feasibility of implementing change control process as far as the application allows. IT Management are aware of the last two recommendations and these have been raised for completeness and to ensure that the control environment is maintained. 42 APPENDIX 3 – PERFORMANCE MEASURES Area / Indicator Audit Committee / Senior Management 1. Audit Committee Satisfaction – measured annually 2. Chief Finance Officer Satisfaction – measured quarterly Internal Audit Process 3. Each quarters audits completed to draft report within 10 working days of the end of the quarter 4. Quarterly assurance reports to the Contract Manager within 15 working days of the end of each quarter 5. An audit file supporting each review and showing clear evidence of quality control review shall be completed prior to the issue of the draft report ( a sample of these will be subject to quality review by the Contract Manager) 6. Compliance with Public Sector Internal Audit Standards 7. Respond to the Contract Manager within 3 working days where unsatisfactory feedback has been received. Clients 8. Average feedback score received from key clients (auditees) 9. Percentage of recommendations accepted by management Innovations and Capabilities 10. Percentage of qualified (including experienced) staff working on the contract each quarter 11. Number of training hours per member of staff completed per quarter 12. Number of high and medium priority recommendations made per quarter 13. Number of audits which are considered to add value Target Adequate Good 100% 100% 100% Full 100% Adequate 90% 60% 1 day To decrease over the life of the contract (from year 2) To increase over the life of the contact (from year 2) 43 Audit Committee 8 December 2015 Agenda Item No_____10______ Follow Up on Internal Audit Recommendations 1 April to 31 October 2015 Summary: This report provides an overview of progress made in implementing agreed audit recommendations due for completion between 1 April and 31 October 2015. Conclusions: Good progress continues to be achieved in relation to the completion of agreed Internal Audit recommendations. Recommendations: It is recommended that the Committee notes management action taken to date regarding the delivery of audit recommendations. Cabinet member(s): Ward(s) affected: All All Emma Hodds, Internal Audit Consortium Manager 01508 533791, ehodds@s-norfolk.gov.uk Contact Officer, telephone number, and e-mail: 1. Background 1.1. In accordance with agreed internal audit review and reporting cycles, we revisit the status of audit recommendations on a 6-monthly basis and last presented our findings in this area to the Audit Committee in June 2015, in relation to the 2014/15 financial year end reporting. 1.2. This report now seeks to provide an update on the status of audit recommendations following recent verification work performed by the Contractor, which examined the level of activity concerning the delivery of audit recommendations falling due between 1 April and 31 October 2015. 2. Overall Position 2.1. The overall position in relation to the implementation of Internal Audit Recommendations is within the attached report. 3. Conclusion 3.1 Good progress continues to be made in relation to the completion of agreed Internal Audit recommendations, with 18 recommendations implemented over the first half of the 2015/16 financial year, resulting in improvements to the control environment. There are only 12 recommendations outstanding as at 31 October 2015., none of which carry a priority one (urgent) rating. 4. Recommendation 44 Audit Committee 4.1 8 December 2015 It is recommended that the Committee notes management action taken to date regarding the implementation of audit recommendations. Appendices attached to this report: Follow Up Report on Internal Audit Recommendations 45 Eastern Internal Audit Services NORTH NORFOLK DISTRICT COUNCIL Follow Up Report on Internal Audit Recommendations Period Covered: 1 April 2015 to 31 October 2015 Responsible Officer: Emma Hodds – Internal Audit Consortium Manager CONTENTS 1. INTRODUCTION 2 2. STATUS OF AGREED ACTIONS 2 APPENDIX 1 – STATUS OF AGREED INTERNAL AUDIT RECOMMENDATIONS 4 APPENDIX 2 – OUTSTANDING INTERNAL AUDIT RECOMMENDATIONS 5 Page 1 of 6 46 1. INTRODUCTION 1.1 This report is being issued to assist the Authority in discharging its responsibilities in relation to the internal audit activity. 1.2 The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in this context as the Internal Audit Consortium Manager) to establish a process to monitor and follow up management actions to ensure that they have been effectively implemented or that senior management have accepted the risk of not taking action. The frequency of reporting and the specific content are for the Authority to determine. 1.3 To comply with the above this report includes: The status of agreed actions. 2. STATUS OF AGREED ACTIONS 2.1 As a result of audit recommendations, management agree action to ensure implementation within a specific timeframe and by a responsible officer. The management action subsequently taken is monitored by the Internal Audit Contractor on a regular basis and reported through to this Committee. Verification work is also undertaken for those recommendations that are reported as closed. 2.2 Appendix 1 to this report shows the details of the progress made to date in relation to the implementation of the agreed recommendations. This appendix now also reflects the year in which the audit was undertaken to enable the Committee to easily identify old outstanding recommendations. The table also identifies between outstanding recommendations that have previously been reported to this Committee and then those which have become outstanding this time round. 2.3 The summary position according to recommendation priority is shown in the table below, with the previously reported position in the first table and the current position in the second table to enable comparison: Complete Outstanding Unable to confirm status Total Status of Recommendations as at 31 March 2015 P1 P2 P3 Total 0 17 10 27 0 7 3 10 0 24 13 37 Status of Recommendations as at 31 October 2015 P1 P2 P3 Total 0 13 5 18 0 5 7 12 % 73% 27% 100 % Complete 60% Outstanding 40% Unable to confirm status Total 0 18 12 30 100 Key: Priority 1 – Urgent: Fundamental control issue on which action to implement should be taken within 1 month. Priority 2 – Important: Control issue on which action to implement should be taken within 3 months. Priority 3 – Needs Attention: Control issue on which action to implement should be taken within 6 months. Page 2 of 6 47 2.4 Also attached to this report is Appendix 2 which details the five priority two (important) recommendations which are outstanding from all audits, and provides the management response in relation to these. 2.5 The Committee’s attention is drawn to the following three priority two (important) recommendations which have previously been reported as outstanding: Development Management (NN/15/12) This recommendation was raised as a result of an audit in 2010/11 and requires written guidance to be produced detailing the roles and responsibilities for monitoring the key requirements of Section 106 Planning Agreements. Latest management response indicates that a Senior Enforcement Officer has recently been recruited whose role and responsibility includes the monitoring of section 106 Planning agreements. However the Enforcement team is under significant pressure at this time, dealing with a high volume of complaints, investigations and related Court cases and our previous timeline for completion, therefore a revised date of 30 April 2016 is proposed. Waste Management Contract (NN/12/03) The Waste Management audit completed in 2011/12 has one outstanding relating to reviewing the lease arrangements for the bowling greens. One lease remains to be reviewed, however management responses indicates that the new lease won't be required with preparations to be made over return of the asset to NNDC. This will be clearer over the next few weeks and a new date of 18th December 2015 has been provided to update, and potentially close the matte. Development Management (NN/15/03) This audit was finalised in 2014/15 and has one recommendation remaining in relation to reconciling the planning and building control income to the general ledger. Responses indicate that this has proven more difficult than planned and an extension was requested to the end of the financial year to address this adequately. 2.6 It is also worth noting that of the recommendations made to date in year, a further 19 recommendations are not yet due for implementation, none of which carry a priority one (urgent) rating – see Appendix 1 for the audit areas to which these relate. As mentioned although the dates for completion have not yet been reached, until they are actioned, they represent weaknesses in the control environment which leave the authority open to risk. 2.7 It is however encouraging to note that there are only a few very old recommendations outstanding, with adequate management responses being received in relation to all outstanding recommendations. In relation to the control environment it is positive to be able to report that there are no urgent recommendations awaiting action, either from old audits or current audits. Page 3 of 6 48 APPENDIX 1 – STATUS OF AGREED INTERNAL AUDIT RECOMMENDATIONS Completed bt 1 April and 31 October 2015 Previously reported to Committee as outstanding (New) Outstanding Total Outstanding Priority 1 Priority 2 Priority 3 Priority 1 Priority 2 Priority 3 Priority 1 Priority 2 Priority 3 Audit Ref Audit Area 2010/11 Internal Audit Reviews NN1112 Development Management, Building Control and Land Charges Not Yet Due for implementation Priority 1 Priority 2 Priority 3 Assurance Level Adequate 2011/12 Internal Audit Reviews NN1203 Waste Management Contract Limited 2013/14 Internal Audit Reviews NN1401 Environmental Health Adequate NN1402 Private Sector Housing Adequate NN1404 Waste Management Adequate NN1409 Sundry Debtors Adequate 2014/15 Internal Audit Reviews Procurement Adequate NN1502 NN1503 Development Management Adequate NN1504 Performance Management, Good Corporate Policy and Business Planning NN1505 Localism and Communities Adequate NN1511 Exchequer Services Adequate NN1513 AGS N/A NN1515 Network Security Adequate NN1516 Virus and Malware Protection Adequate NN1517 Firewall Administration Adequate 2015/16 Internal Audit Reviews NN1601 Leisure and Pier Pavilion Reasonable NN1602 Waste Management Reasonable NN1604 Affordable Housing Reasonable Homelessness and Housing Reasonable NN1605 Options NN1606 Parks and Open Spaces Reasonable NN1613 Software licencing Reasonable NN1614 Xpress Electoral Services Application Reasonable TOTALS 1 1 1 1 1 1 1 1 1 0 1 0 1 1 1 1 1 1 0 0 1 1 1 1 1 1 3 2 1 1 1 1 1 2 1 0 13 5 0 3 Page 4 of 6 49 3 0 2 4 0 1 1 1 0 1 1 3 0 0 0 2 1 3 0 0 0 12 3 2 2 11 1 2 2 8 0 APPENDIX 2 – OUTSTANDING INTERNAL AUDIT RECOMMENDATIONS Description Recommendation Priority 2 recommendations - Important NN1112 Written guidance detailing the roles and responsibilities Development for monitoring the key requirements of Section 106 Management, Planning Agreements should be produced to ensure Building Control and appropriate action is taken to enforce the conditions Land Charge contained therein.The guidance should be accompanied by a collated record of all Section 106 Planning Agreements, detailing the trigger points and accompanying obligations. This should include key responsibilities and contacts for the obligation and state action to be taken as and when those trigger points are reached. Where trigger points have been reached, action should be taken in a timely manner to enforce those conditions. NN1203 Waste The Council should review the lease arrangements with Management the leaseholders for the two bowling greens. Methods for Contract calculating fees for bowling green leases should be formally documented and agreed with the bowling green lease holders. Calculation of bowling green leases should look to ensure that grounds maintenance costs charged by Kier are recovered in the lease fees. Priority Impl Date Responsible Officer Progress On Implementation Revised Impl Date Planning Legal Manager The Head of Planning has confirmed that they have recruited a Senior Enforcement Officer whose role and responsibility includes the monitoring of section 106 Planning agreements. However the Enforcement team is under significant pressure at this time, dealing with a high volume of complaints, investigations and related Court cases and our previous timeline for completion (end September 2015) appears optimistic in the current circumstances. Our revised timeline for implementation of this recommendation is now April 2016. 30-Apr-16 2 30-Nov-11 2 31-Mar-12 Estates & The only outstanding one is Suffield Park Bowls Club. Valuation Manager This was to have been completed by the end of October 2015. However, recently reports have been received that the Club may shortly be in the process of winding up. Accordingly, the new lease won't be required with preparations to be made over return of the asset to NNDC. This will be clearer over the next few weeks and I suggest that a new date line is given of Friday 18th December to update, to potentially close the matter. 18-Dec-15 NN1503 Monthly reconciliations for planning (and building control) Development Control income to the general ledger should be completed. Reconciliations should be signed and dated by the preparer and the reviewing officer. 2 31-Mar-16 NN1511 Creditors Compliance with HMRC Requirements Self-employed Electronic Ordering, Contractors and Consultants Payments, The Council should check that all individuals paid via the Corporate creditors system provide the requisite evidence of their Purchasing Cards compliance with HMRC requirements with regards and Insurances declaring income tax and National Insurance liabilities. This could be included on the supplier forms used when setting up a new supplier. The form should request their Unique Taxpayer Reference (UTR) to be supplied prior to any payments being made.The Council should also routinely run reports (supplier listings) to identify any potential instances of non-compliance with HMRC requirements. 2 31-Mar-15 Group Accountant As per previous responses some work has ben done to look at how this task may be carried out by Planning or Finance, but due to a lack of resources in both teams this hasn’t progressed at this time. Revised date of end of financial year proposed. 30-Apr-15 Team Leader Previous response - Awaiting outcome of managers Exchequer meeting and subsequent formalisation of the letter to be sent to all consultants/casual workers. Once this has been done, letters will be sent out retrospectively to all current consultants/casual workers where these can be identified. Oct 15 - liaison occurred with Internal Audit as to progression of this recommendation, proposed date due to needing clarification from HMRC. Page 5 of 6 50 30-Nov-15 Description Recommendation NN1601 Leisure, Arts Arrangements be undertaken between the Council and and Pier Pavilion Openwide to identify a resolution to the data reporting issues to enable the Council to verify data provided and monitor key performance aspects as specified within the contract. Priority Impl Date 2 Responsible Progress On Implementation Officer 31-Jul-15 Sports and Leisure The verification of data from Openwide will be completed Services Manager once all the figures are in for 2015/16, and we won't get these until April 2016 Page 6 of 6 51 Revised Impl Date 30-Apr-16 Agenda Item 11 Brief for Audit Committee December 2015 Incidents and Emergency Planning There have been no recent incidents that have had any major impact on the Authority. A live flood warden exercise took place on the 10th October in Bacton and Walcott. The exercise participants included Flood wardens from Bacton and Eccles on Sea, as well as members of HM Coast Guard, Coastwatch and Norfolk Fire and Rescue Service. The operational evacuation and command and control elements of the local flood plans were tested and they were found to be fit for purpose. Some new learning was gained from the exercise de-brief and the NNDC Operational Flood plan has now been update to reflect this. Team BC Plans All team BC plans are in place, the Civil Contingencies team has peer reviewed all the team plans and has a database to ensure that all the plans are reviewed and remain up to date. Despite the fact that authority experienced several significant emergency incidents previously, these had little impact on service delivery. This proves that the current Business Continuity plans in place are robust and fit for purpose. The revised Corporate BC plan has now been completed and published. Training The next meeting of the BCWG will take place on the 3rd December and it is hoped that this group will meet quarterly. The main focus of the group will be to embed business continuity into to the normal day to day activities of the authority, as well as looking, as a group, to enhance the team BC plans that are in place. The CCT team are still helping teams to develop and improve their own BC plans with one to one training sessions. Disaster Recovery and Work Action Recovery site This project is still on-going and is now forming part of the business transformation program. All data is being replicated from the Cromer office to the Fakenham site on a daily basis and if we suffer a total loss of this building, it would take a small amount of 52 reconfiguration work to get access to the stored data. The new plan for the Fakenham DR site is to upgrade the equipment Q1 2015/16 as part of the planned upgrade to the IT facilities. Now that the Department of Work and Pensions has taken over most of the Fakenham connect building, an alternative Work Action Recovery (WAR) Site and procedure had to be put into place. The WAR plan will now include the 10 networked PCs available in the small room towards the rear of the building and if more space is required, arrangements have been put into place for the Authority to use Fakenham Community centre as our alternative recovery site should we be unable to use the main office at Cromer. This plan has been updated and is detailed in the recently published corporate business continuity plan. 53
