Document 12928115
advertisement
Please Contact: Lydia Hall Please email: lydia.hall@north-norfolk.gov.uk Please Direct Dial on: 01263 516047 28 November 2014 A meeting of the Audit Committee of North Norfolk District Council will be held in the Committee Room at the Council Offices, Holt Road, Cromer on Tuesday 09 December 2014 at 2.00 pm Members of the public who wish to ask a question or speak on an agenda item are requested to arrive at least 15 minutes before the start of the meeting. It will not always be possible to accommodate requests after that time. This is to allow time for the Committee Chair to rearrange the order of items on the agenda for the convenience of members of the public. Further information on the procedure for public speaking can be obtained from Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk Anyone attending this meeting may take photographs, film or audio-record the proceedings and report on the meeting. Anyone wishing to do so must inform the Chairman. If you are a member of the public and you wish to speak on an item on the agenda, please be aware that you may be filmed or photographed. Sheila Oxtoby Chief Executive To: Mr N D Dixon, Mr B Jarvis, Mrs A Moore, Miss B Palmer, Mr R Reynolds and Mr D Young All other Members of the Council for information. Members of the Management Team, appropriate Officers, Press and Public If you have any special requirements in order to attend this meeting, please let us know in advance If you would like any document in large print, audio, Braille, alternative format or in a different language please contact us Chief Executive: Sheila Oxtoby Strategic Directors: Nick Baker and Steve Blatch Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005 Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org AGENDA 1. TO RECEIVE APOLOGIES FOR ABSENCE 2. PUBLIC QUESTIONS To receive public questions, if any 3. ITEMS OF URGENT BUSINESS To determine any items of business which the Chairman decides should be considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local Government Act 1972. 4. DECLARATIONS OF INTEREST Members are asked at this stage to declare any interests that they may have in any of the following items on the agenda. The Code of Conduct for Members requires that declarations include the nature of the interest and whether it is a disclosable pecuniary interest. 5. MINUTES (Page 1) To approve as a correct record, the minutes of the meeting of the Audit Committee held on 16 September 2014. 6. AUDIT UPDATE AND ACTION LIST (Page 9) To monitor progress on items requiring action from the meeting of 16 September 2014, including progress on implementation of audit recommendations. 7. AUDIT COMMITTEE WORK PROGRAMME (Page 10) To review the Audit Committee Work Programme. 8. ANNUAL AUDIT LETTER 2013/14 (Page 11) To receive the Annual Audit Letter for 2013/14. 9. PROGRESS REPORT ON INTERNAL AUDIT RECOMMENDATIONS (Page 19) To receive the Progress Report on Internal Audit Recommendations. 10. FOLLOW UP REPORT ON INTERNAL AUDIT RECOMMENDATIONS (Page 32) To receive the Follow Up Report in Internal Audit Recommendations. 11. AUDIT PROCUREMENT (Page 39) To consider audit procurement. 12. BUSINESS CONTINUITY (Page 42) Incidents and Emergency Planning brief which is to be considered at Overview & Scrutiny Committee before Audit Committee. 13. CORPORATE RISK REGISTER 14. EXCLUSION OF THE PRESS AND PUBLIC (Page 44) To pass the following resolution, if necessary: “That under Section 100A(4) of the Local Government Act 1972 the press and public be excluded from the meeting for the following items of business on the grounds that they involve the likely disclosure of exempt information as defined in of Part I of Schedule 12A (as amended) to the Act.” Agenda item _5 _ AUDIT COMMITTEE Minutes of a meeting of the Audit Committee held on Tuesday 16 September 2014 in the Committee Room, Council Offices, Holt Road, Cromer at 2.00 pm. Members Present: Mr B Jarvis Miss B Palmer (Vice-Chairman - Chairing) Committee: Mr R Reynolds Mr D Young Ms V Gay (substitute for Mr N Dixon) Officers in Attendance: 14. Head of Finance, Chief Accountant, Internal Audit Consortium Manager, Harriet Aldridge and Aphrodite Antoniades (Price Waterhouse Coopers), Regulatory Officer APOLOGIES Mr N Dixon (Chairman), Mrs A Moore 15. PUBLIC QUESTIONS None received. 16. ITEMS OF URGENT BUSINESS None received. 17. DECLARATIONS OF INTEREST None 18. MINUTES The Minutes of the meeting of the Audit Committee held on 17 June 2014 were approved as a correct record and signed by the Chairman, subject to the following amendments: Officers in attendance: amend to read Richard Sadler. Minute 11: substitute „simplistic‟ for „easily understood‟. Mr D Young referred to Minute 9, where concerns were raised that there may be a bug in the tills at Tourist Information Centres. He asked if Wells TIC had been approached. The Head of Finance stated that the concerns had centred more on Cromer TIC but she would make enquiries of Customer Services. Audit Committee 1 15 September 2014 19. AUDIT UPDATE AND ACTION LIST Members were updated on progress on actions arising from the minutes of the meeting of 17 June 2014. Progress on Internal Audit Activity The Head of Finance confirmed that the tills were now working properly. Corporate Risk Register The Head of Finance stated that this matter would be reported to the Audit Committee in December. Mr R Reynolds stated that the Head of Finance and her team had done very well and that everything the Audit Committee had requested had been done. 20. AUDIT COMMITTEE WORK PROGRAMME RESOLVED That the Work Programme be agreed. 21. PWC 2013/14 ANNUAL GOVERNANCE REPORT (ISA260) Harriet Aldridge and Aphrodite Antoniades presented the Annual Governance Report and drew Members‟ attention to the following matters: a) b) c) d) e) f) g) Council Tax Benefit reform was an additional risk which had not been included in the Audit Plan. The new scheme had been tested and no issues were found. Significant audit matters were all reasonable. No issues had been identified with regard to related parties. PWC was not aware of any relationships which impacted on its independence. No areas of concern had been identified in the Annual Governance Statement. An unqualified opinion was anticipated with regard to economy, efficiency and effectiveness on completion of this audit. No issues had been identified with regard to internal controls. At the request of Ms Aldridge, the Committee confirmed that it had no knowledge of any fraud which PWC should be aware of prior to signing the letter of representation. Mr D Young asked why it was recommended that all public conveniences were revalued at the same time when it appeared reasonable to revalue them on a rolling basis. Ms Antoniades explained that CIPFA guidelines required that all assets within a class of assets should be revalued at the same time. However, PWC was satisfied that there was an adequate system of revaluation in place for this class, even though it did not currently comply with CIPFA guidance. The Committee noted the report. 22. PROTOCOL FOR LIAISON BETWEEN INTERNAL AND EXTERNAL AUDITORS Audit Committee 2 15 September 2014 Aphrodite Antoniades introduced the draft Protocol for liaison between internal and external auditors which set out the proposed working relationship between PricewaterhouseCoopers LLP audit team and the Council‟s internal auditors. RESOLVED That the draft Protocol be agreed. 23. ANNUAL REPORT OF THE MONITORING OFFICER 2013/14 The Monitoring Officer presented his Annual Report which summarised the more important matters arising from the Monitoring Officer‟s work for the District Council from 1 April 2013 to 31 March 2014 and commented on other issues. The Monitoring Officer explained that his role was to act as internal whistle-blower on the authority‟s activities, to work with the Chief Executive on governance issues and with the Democratic Services Team on decision making and the Council‟s Constitution. With regard to standards and ethics, he attended meetings of the Standards Committee, assessed complaints and ways of dealing with them. His role included standards and ethics of Parish Councils. The Monitoring Officer reported that the backlog of standards cases had been cleared since the introduction of a new Standards regime in 2012. There had been very few cases in 2013-14, but there had been a slight increase in cases involving Parish Councils. However, there was no evidence of widespread misbehaviour by the Authority or Parishes. He considered that the regime had found its own level and people understood that the duty to behave was a personal one. The Monitoring Officer referred to the aspects of his work which were set out in the report. A new approach was being taken with a „roadshow‟ style standards event for Parish Councils by the Monitoring Officer, Chairman of the Standards Committee and an independent member of the Standards Committee. To date, approximately 15 such events had taken place. Parish Councillors had shown an interest in what the team had to say. The Monitoring Officer considered that the value of these events was in diffusing and preventing problems and complaints. With regard to Ombudsman matters, there was nothing significant in the number or type of cases and no maladministration had been found. Miss B Palmer stated that the roadshow she had attended had been good and all six Parish Councils involved had engaged in it. The Monitoring Officer stated that he had suggested that the Head of Planning attend these meetings. The Monitoring Officer answered Members‟ questions: a) Planning provoked the most complaints. Locally controversial applications often lay behind complaints about behaviour and it was necessary to get to the substance of the complaints. Local Members were often perceived as being for or against planning proposals. Audit Committee 3 15 September 2014 b) Pre-determination was an administrative law concept and not a standards and conduct issue. It had been raised as an issue recently in order to bring it to Members‟ attention. c) Parish and Town Councils were very aware of their role as consultees on planning applications, but could lose sight of the fact that their view was only one factor which was taken into account when determining those applications and were disappointed when their recommendations were not followed. There was a mismatch of expectations on occasions. Mr D Young stated that the Head of Planning had addressed a meeting of a number of parishes. Feedback had been quite positive and the attendees had been grateful that the Head of Planning had explained matters to them. He anticipated that she would attend similar events elsewhere. d) The Constitution Working Party considered major changes to the Constitution and made recommendations to Full Council. There were no major changes in the pipeline. However, issues which may impact on the Constitution, such as changes in legislation, were kept under review and delegations were often scrutinised to ensure they were up to date. The Monitoring Officer confirmed that to the best of his knowledge the version of the Constitution on the website was updated as changes were made. The Committee noted the report. 24. ANNUAL GOVERNANCE STATEMENT 2013/14 The Head of Finance presented the Annual Governance Statement (AGS) 2013/14. The statement provided a robust statement of the culture and values by which the Council was directed and controlled. It was built around the six principles of good governance set out by the Chartered Institute of Public Finance and Accountancy (CIPFA) and the Society of Local Authority Chief Executives (SOLACE). Adoption of the AGS by the Council would allow it to move ahead with its corporate planning process, confident that it could address any issues of governance and risk. The Head of Finance highlighted the following: Bodies and groups had been updated to include those which were currently in place. There was a reduction in the number of completed recommendations; however the overall number of recommendations had reduced. There was one high risk recommendation which had been completed. There were two actions which needed attention. Progress had been reviewed by the Performance & Risk Management Board. Mr Young considered that the frequency of the Management Team meetings should be included in line with the other meetings and board meeting frequency. The Head of Finance confirmed that these were held monthly and the amendment could be made. Mr Young asked what the Council needed to do to achieve an Investors in People silver award, having already achieved bronze. The Internal Audit Consortium Manager stated that there were many criteria and it was up to the Council if it wanted to take the next step. However, it was no disservice to staff to achieve bronze. The Head of Finance stated that there was a human resource issue if the Council wished to proceed further. Audit Committee 4 15 September 2014 RESOLVED That the Annual Governance Statement for 2013/14 be approved for consideration by Full Council when the annual Statement of Accounts for 2013/14 are also presented for approval. 25. 2013/14 STATEMENT OF ACCOUNTS The Chief Accountant presented the Statement of Accounts for 2013/14 for review by the Audit Committee prior to recommendation to Full Council for approval. The outturn position for the year had been reported to Members in June and had been used to inform the production of the statutory annual accounts for 2013/14. The Statement of Accounts for 2013/14 had been produced in accordance with the Code of Practice on Local Authority Accounting. The draft accounts were produced by 30th June and since then have been subject to external audit review. Prior to the meeting the Committee had received training on the Statement of Accounts. The presentation covered the following main points: a) b) c) d) e) f) g) h) i) j) The annual financial cycle, which explained the timeline for the processes which fed into the Annual Statement. An overview of the actions the Committee would be requested to take at this meeting. An explanation of the content of the Final Accounts and the Core Financial Statements. An explanatory foreword to the Accounts provided an easily understandable guide to the most significant matters reported in the accounts. The Core Financial Statements comprised a Movement in Reserves Statement, Comprehensive Income and Expenditure Statement, Balance Sheet and Cash Flow Statement. The Movement in Reserves Statement showed the movement during the year on reserves held by the Council. There were two types of reserve: i) Usable, eg. general and earmarked, which were funds built up to meet future likely or known liabilities. ii) Unusable, eg. the revaluation reserve. The Comprehensive Income and Expenditure Statement showed the “accounting” cost in the year of providing services. This had been prepared in accordance with Generally Accepted Accounting Practice (GAAP). Authorities raised taxation to cover expenditure in accordance with the regulations, which may differ from the accounting cost. The Local Council Tax Support Scheme had been introduced last year and there was no large movement in net cost as the majority of the money paid out was returned to the authority. The Balance Sheet showed the assets and liabilities of the Authority at 31 March. The net assets were matched by “usable” and “unusable” reserves. The Cash Flow Statement showed the changes in cash and cash equivalents (assets that could easily be converted to cash, eg. bonds) of the authority during the year, and how the Authority generated and used cash and cash equivalents. Cash flows were classified as operating activities, investing activities or financing activities. Pensions: IAS19 was the accounting standard for employee benefits. Amendments had been adopted which would result in reclassification of costs/information and a Audit Committee 5 15 September 2014 requirement for more detailed disclosures. It was unlikely that this would have a material effect on the financial statements. Note 22 to the accounts related to Defined Benefit Pension Schemes, in which the Council participated, and gave details of the funding arrangements. The deficit had decreased by £124,000 from March 2013. The deficit on the Local Government Scheme would be made good by increased contributions over the remaining working life of employees as assessed by the scheme actuary. Finance would only be required to cover discretionary benefits when pensions were actually paid. The total contributions expected to be made to the Local Government Pension Scheme by the Authority in the year to 31 March 2014 was £1.3m. Benchmarking figures had been provided by the Norfolk Pension Fund for the first time and compared the authority against 7 other authorities. The results showed that NNDC was 5th in terms of active members of the scheme (27%), 7th for deferred membership (26%) and 3rd in terms of pensioners (47%). The Authority‟s solvency ratio was 66% in 2013 and 67% in 2014, placing it 5th in the benchmarking group. Cash flow was third highest at 161% as a result of also having the 3rd highest number of pensioners. All authorities in the group had more pensioners than contributors and more liabilities than assets. Seven out of the eight paid more in pensions than they received in direct contributions. Mr D Young considered that the authority should be aiming to bring the solvency ratio on the Pension Scheme up to 100% but was struggling to see how it could be done. The Chief Accountant stated that more could be put in. Triennial valuations were carried out which looked at the forecast and recommended future contribution rates for members. Councils had taken a pensions holiday when the schemes were in surplus and had not paid much into the fund at that time. In order to achieve a return investments were being made in cash, equities, properties and funds. Ms V Gay considered that falling interest rates would have had an impact. The Chief Accountant confirmed that this would be the case where cash had been invested. However, cash investments were now lower with an increase in property investment. The Chief Accountant stated that there had been changes to the way elements of the Pension Fund were allocated and it was being tailored to individual authorities, with a weighted average based on the number of pensioners, how long they were likely to draw pension and how many active members would survive to draw a pension. Pensions reporting was a complicated subject. The deficit/surplus was an estimation. k) l) Major movements in the accounts were highlighted. The Annual Governance Report presented by PWC (ISA260) for 2013/14 had raised no significant issues. The Committee discussed the Final Accounts. Mr R Reynolds stated that he had not attended the training but had read through the report and considered that all issues raised at the previous meeting had been covered. Audit Committee 6 15 September 2014 In answer to a question by Mr D Young, the Head of Finance stated that highways and transport services operated at a profit due to the car parking income. RESOLVED That the Statement of Accounts for 2013/14 be recommended to Full Council for approval. 26. PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY, 1 APRIL TO 5 SEPTEMBER 2014 The Internal Audit Consortium Manager presented the report which examined the progress made between 1 April 2014 and 5 September 2014 in relation to delivery of the Annual Audit Plan for 2014/15, and provided a current in-year position. A total of 5 audit assignments had been processed during the period and 30% of the audit plan had been achieved. The Internal Audit Consortium Manager highlighted the following matters: a) b) c) d) e) f) g) The Coast Protection service area was performing adequately. The Development Management service area had received an adequate assurance. Progress was being made and processes were being reviewed. Policy and procedures were also being reviewed but would take longer. The Head of Planning was working towards implementing the recommendation in respect of Section 106 Obligations. Performance Management, Corporate Policy and Business Planning had received a good assurance, with only one low-priority recommendation. Network Infrastructure had received only a limited assurance, but good progress was being made since the last audit. Network Security had received an adequate assurance, with the main recommendation relating to anti-virus. Some improvement was needed in relation to Performance Indicator outcomes. One audit had overran slightly, but others had been on time. Two of the five reports were issued late. Performance had been better than last year but it was hoped that it will improve. Feedback forms had resulted in a good opinion. The Internal Audit Consortium Manager answered Members‟ questions: a) b) c) d) Field work had started on sports halls. Anti-virus, service packs and security updates were expected to have been addressed by the next report. The Head of Finance added that a follow up report would be submitted to the Committee in December. The Chairman requested that an email be sent round regarding high priority issues prior to the next meeting. Development Management audit had overrun. It was a 22 day audit, one of the largest carried out. The Head of Finance added that there had been regular contact between the auditor and the manager. The Head of Finance updated the Committee on progress with internal audit procurement. A detailed report would be submitted to the next meeting. The Committee noted the report. Audit Committee 7 15 September 2014 The meeting closed at 2.57 pm ______________________ Chairman Audit Committee 8 15 September 2014 Agenda Item AUDIT COMMITTEE 16 September 2014 – ACTIONS ARISING FROM THE MINUTES 12. Corporate Risk Register Originally for the September meeting and deferred until December: To return audit committee concerns regarding the risk level of the Local Investment Strategy to the Performance and Risk Management Board to ensure appropriate level of risk has been fully considered. To consider a further action under ‘Shared Services’ regarding looking more deeply at potential proposals for shared services in the authority. 9 Karen Sly Agenda Item 6 AUDIT COMMITTEE WORK PROGRAMME 2014 – 2015 JUNE 2014 PWC SEPTEMBER 2014 PWC 2013/14 Annual Governance report (ISA260) DECEMBER 2014 MARCH 2015 Annual Audit Letter (PWC) Audit Plan (PWC) (with overview) Annual Grant Certification Report Progress Report on Internal Audit Activity Progress Report on Internal Audit Activity Protocol for liaison between internal and external auditors Internal Audit Annual Review of the Effectiveness of Internal Audit Progress Report on Internal Audit Activity Annual Report and Opinion Status of agreed actions Undertake selfassessment NNDC Corporate Risk Register/ risk management framework Business Continuity Plan Review Follow Up Report Strategic and on Internal Audit Annual Audit Recommendations Plans Statement of Accounts (+ informal training) Business Continuity Flood Recovery Review of Pensions liability RIPA Policy (PreAgenda only) Risk Management Framework Monitoring Officer’s Report Corporate Risk Register Local Code of Corporate Governance and Action Plan – update and Annual Governance Statement 2013/14 – update 10 www.pwc.co.uk North Norfolk District Council Annual Audit Letter 2013/14 Government and Public Sector October 2014 11 Contents Code of Audit Practice and Statement of Responsibilities of Auditors and of Audited Bodies Introduction 1 Audit Findings 3 Fees 2 In April 2010 the Audit Commission issued a revised version of the ‘Statement of responsibilities of auditors and of audited bodies’. It is available from the Chief Executive of each audited body. The purpose of the statement is to assist auditors and audited bodies by explaining where the responsibilities of auditors begin and end and what is to be expected of the audited body in certain areas. Our reports and management letters are prepared in the context of this Statement. Reports and letters prepared by appointed auditors and addressed to members or officers are prepared for the sole use of the audited body and no responsibility is taken by auditors to any Member or officer in their individual capacity or to any third party. PwC Contents North Norfolk District Council 12 An audit is not designed to identify all matters that may be relevant to those charged with governance. Accordingly, the audit does not ordinarily identify all such matters. Introduction The purpose of this letter We met our responsibilities as follows: This letter summarises the results of our 2013/14 audit work for members of the Authority. Audit Responsibility Results Perform an audit of the accounts in accordance with the Auditing Practice Board’s International Standards on Auditing (ISAs (UK&I)). We reported our findings to the Audit Committee on 16 September 2014 in our 2013/14 report to those charged with governance (ISA (UK&I) 260). On 23 September 2014 we issued an unqualified audit opinion. Report to the National Audit Office on the accuracy of the consolidation pack the Authority is required to prepare for the Whole of Government Accounts. We reported to the National Audit Office on 23 September 2014 that a detailed review of the consolidation pack was not required as the Authority was below the threshold. Form a conclusion on the arrangements the Authority has made for securing economy, efficiency and effectiveness in its use of resources. On 23 September 2014 we issued an unqualified value for money conclusion. We have already reported the detailed findings from our audit work to the Audit Committee in the following reports: Audit opinion for the 2013/14 financial statements, incorporating conclusion on the proper arrangements to secure economy, efficiency and effectiveness in its use of resources; Report to those charged with Governance (ISA (UK&I) 260); and Annual Certification Report for 2012/13 (to those charged with governance). The matters reported here are the most significant for the Authority Scope of Work The Authority is responsible for preparing and publishing its Statement of Accounts, accompanied by the Annual Governance Statement. It is also responsible for putting in place proper arrangements to secure economy, efficiency and effectiveness in its use of resources. Our 2013/14 audit work has been undertaken in accordance with the Audit Plan that we issued in March 2014 and subsequently updated in June 2014 and is conducted in accordance with the Audit Commission’s Code of Audit Practice, International Standards on Auditing (UK and Ireland) and other guidance issued by the Audit Commission. PwC 1 North Norfolk District Council 13 Audit Responsibility Results Audit Responsibility Results Consider the completeness of disclosures in the Authority’s annual governance statement, identify any inconsistencies with the other information of which we are aware from our work and consider whether it complies with CIPFA / SOLACE guidance. We undertook our work in accordance with our Audit Plan. There were no issues to report in this regard. Issue a certificate that we have completed the audit in accordance with the requirements of the Audit Commission Act 1998 and the Code of Practice issued by the Audit Commission. We issued our certificate on 23 September 2014 on completion of our work. There were no issues to report in this regard. Consider whether, in the public interest, we should make a report on any matter coming to our notice in the course of the audit. We undertook our work in accordance with our Audit Plan. There were no issues to report in this regard. Determine whether any other action should be taken in relation to our responsibilities under the Audit Commission Act. We undertook our work in accordance with our Audit Plan. There were no issues to report in this regard. PwC 2 North Norfolk District Council 14 Audit Findings Accounts Changes to IAS 19: Employee Benefits We audited the Authority’s accounts in line with approved Auditing Standards and issued an unqualified audit opinion on 23 September 2014. We noted significant issues arising from our audit within our Report to Those Charged with Governance (ISA (UK&I) 260). This report was presented to the Audit Committee on 16 September 2014. We wish to draw the following points, included in that report, to your attention in this letter: Pensions liability The most significant estimate in the Statement of Accounts is in the valuation of net pension liabilities for employees in the Norfolk County Council pension fund. Your net pension liability at 31 March 2014 was £31.8 million (2013 - £31.8 million). The 2013 triennial valuation has been finalised and the effect on the accounts is£1,432m. This has been agreed back to the actuaries report without exception. We reviewed the reasonableness of the assumptions underlying the pension liability, and we are comfortable that the assumptions are within an acceptable range. The report from the Pension Fund actuary was reviewed by the PwC specialist team and the assumptions used were compared to the industry averages with no exceptions or major variances noted. We validated the data supplied to the actuary on which to base their calculations. From 2013/14 there have been changes to the accounting for defined benefit schemes and termination benefits. These changes have been reflected in the Authority’s financial statements with the inclusion of additional disclosures. The impact on the authority has been immaterial and no prior year restatement has been required. No exceptions have been noted with the presentation in the Statement of Accounts. Judgments and accounting estimates The following significant judgments or accounting estimates were used in the preparation of the financial statements: Property, plant and equipment – Depreciation and Valuation; Bad Debt Provision; NNDR Provision for Appeals; Accruals Provisions; and Pensions. No issues have been identified in our audit of these areas. Use of Resources We carried out sufficient, relevant work in line with the Audit Commission’s guidance, so that we could conclude on whether you had in place, for 2013/14, proper arrangements to secure economy, efficiency and effectiveness in your use of the Authority’s resources. PwC 3 North Norfolk District Council 15 In line with Audit Commission requirements, our conclusion was based on two criteria: the organisation has proper arrangements in place for securing financial resilience; and the organisation has proper arrangements for challenging how it secures economy, efficiency and effectiveness. To reach our conclusion, we carried out a programme of work that was based on our risk assessment. We issued an unqualified conclusion on the ability of the organisation to secure proper arrangements to secure economy, efficiency and effectiveness in its use of resources. Annual Governance Statement Local authorities are required to produce an Annual Governance Statement (AGS) that is consistent with guidance issued by CIPFA/SOLACE. The AGS accompanies the Statement of Accounts. We reviewed the AGS to determine whether it complied with the CIPFA/SOLACE guidance and whether it might be misleading or inconsistent with other information known to us from our audit work. We found no areas of concern to report in this context. Whole of Government Accounts Certification of Claims and Returns We undertook our work on the Whole of Government Accounts consolidation pack as prescribed by the Audit Commission. The audited pack was submitted to the National Audit Office on 23 September 2014. We found no areas of concern to report in this context. We presented our most recent Annual Certification Report for 2012/13 to those charged with governance in February 2014. We certified two claims, the Housing and Council Tax Benefits Scheme and the National Non Domestic Rates Return, worth £58 million in total. In both cases a qualification letter was required to set out the issues arising from the certification of the claim. These details were also set out in our Annual Certification Report for 2012/13. We will issue the Annual Certification Report for 2013/14 in March 2015. PwC 4 North Norfolk District Council 16 Fees Fees for 2013/14 We reported our fee proposals in our audit plan. An update on this is set out below. Please note that we have requested fee variations from the Audit Commission in relation to additional work we have had to undertake this year, which is in addition to the scope of work covered by the scale fee. We have agreed our fee variation requests with management, however, until approval is received from the Audit Commission, the final fees for 2013/14 remain draft. Statement of Accounts (including whole of government accounts and Value for Money Conclusion) Fee variation (pending Audit Commission approval) 2013/14 forecast outturn 2013/14 fee proposal 2012/13 fee actual 71,250 71,250 74,350 3,216 - -- 29,568* 33,600 36,000 -* - 2,700 6,627 104,034 104,850 119,677 Grant Certification fee: BEN01 Housing and Council Tax Benefit Scheme LA01 National Non Domestic Return Fee variation (extended testing following error identification) TOTAL * Our fee for certification of claims and returns is yet to be finalised for 2013/14 and will be reported to those charged with governance in March 2015 within the 2013/14 Annual Certification Report. PwC 2 North Norfolk District Council 17 In the event that, pursuant to a request which North Norflk District Council has received under the Freedom of Information Act 2000, it is required to disclose any information contained in this report, it will notify PwC promptly and consult with PwC prior to disclosing such report. North Norflk District Council agrees to pay due regard to any representations which PwC may make in connection with such disclosure and North Norflk District Council shall apply any relevant exemptions which may exist under the Act to such report. If, following consultation with PwC, North Norflk District Council discloses this report or any part thereof, it shall ensure that any disclaimer which PwC has included or may subsequently wish to include in the information is reproduced in full in any copies disclosed. This document has been prepared only for North Norflk District Council and solely for the purpose and on the terms agreed through our contract with the Audit Commission. We accept no liability (including for negligence) to anyone else in connection with this document, and it may not be provided to anyone else. © 2014 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to the UK member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. 130610-142627-JA-UK 18 Audit Committee 9 December 2014 Report Title Progress Report on Internal Audit Activity – 6 September to 18 November 2014 Are there background papers? Yes No Exempt Yes No Yes No Reason for Exemption? Decision for Full Council? Contact Officer Emma Hodds, Internal Audit Consortium Manager E-mail address ehodds@s-norfolk.gov.uk Telephone number 01508 533791 Are there Non Electronic Appendices? Yes List of Background Papers (if applicable) 19 No Audit Committee 9 December 2014 Agenda Item No_____________ Progress Report on Internal Audit Activity – 6 September to 18 November 2014 Summary: This report examines the progress made between 6 September 2014 and 18 November 2014 in relation to delivery of the Annual Audit Plan for 2014/15, and provides a current in-year position. Conclusions: A total of 2 audit assignments have been processed during the period covered by this report. Recommendations: It is recommended that the Committee notes the outcome of the audits completed between 6 September and 18 November 2014 where assurance levels have been given and the progress made to date with the annual audit plan. Cabinet member(s): Ward(s) affected: All All Emma Hodds, Internal Audit Consortium Manager 01508 533791, ehodds@s-norfolk.gov.uk Contact Officer, telephone number, and e-mail: 1. Background 1.1. This report reflects progress made with regard to assignments featuring in the approved Annual Internal Audit Plan for 2014/15, which was endorsed by the Audit Committee on 19 March 2014. 2. Overall Position 2.1. The overall position in relation to the progress made against the Internal Audit Plan is within the attached report. 3. Conclusion 3.1 Progress in relation to delivery of the Internal Audit Plan is line with expectations; positive assurances have been awarded in both audit reviews finalised in this period. 4. Recommendation 4.1 It is recommended that members note the outcomes of the completed audits and the progress made to date. 20 Audit Committee 9 December 2014 Appendices attached to this report: Progress Report on Internal Audit Activity 21 NORFOLK INTERNAL AUDIT CONSORTIUM NORTH NORFOLK DISTRICT COUNCIL PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY 2014/15 PERIOD COVERED: - 06/09/2014 TO 18/11/2014 RESPONSIBLE OFFICER EMMA HODDS – INTERNAL AUDIT CONSORTIUM MANAGER (IACM) CONTENTS 1. INTRODUCTION ............................................................................................................. 2 2. SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN ...................................... 2 3. PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK ............................. 2 4. THE OUTCOMES ARISING FROM OUR WORK ........................................................... 2 5. PERFORMANCE INDICATOR OUTCOMES .................................................................. 3 APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK .................. 5 APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES ............................................. 7 Page 1 of 10 22 1. INTRODUCTION 1.1 This report is issued to assist the Authority in discharging its responsibilities in relation to the internal audit activity. 1.2 The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in this context as the Internal Audit Consortium Manager) to report to the Audit Committee on the performance of internal audit relative to its plan, including any significant risk exposures and control issues. The frequency of reporting and the specific content are for the Authority to determine. 1.3 To comply with the above this report includes: Any significant changes to the approved Audit Plan; Progress made in delivering the agreed audits for the year; Any significant outcomes arising from those audits; and Performance Indicator outcomes to date. 2. SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN 2.1 At the meeting on 19 March 2014, the Annual Audit Plan for the year was approved, identifying the specific audits to be delivered. Since then, there have been no significant changes to that plan. 3. PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK 3.1 The current position in completing audits to date within the financial year is shown in Appendix 1 and progress to date is in line with expectations. Details of any specific audit report can be provided on request. 3.2 In summary, 103 days of programmed work has been completed, equating to 47% of the Audit Plan for 2014/15. 4. THE OUTCOMES ARISING FROM OUR WORK 4.1 On completion of each individual audit an assurance level is awarded using the definitions shown in the table below. Good There is a sound system of internal control designed to achieve the client’s objectives. The control processes tested are being consistently applied. Adequate While there is a basically sound system of internal control, there are weaknesses, which put some of the client’s objectives at risk. There is evidence that the level of non-compliance with some of the control processes may put some of the client’s objectives at risk. Limited Weaknesses in the system of internal controls are such as to put the client’s objectives at risk. The level of non-compliance puts the client’s objectives at risk Unsatisfactory Control processes are generally weak leaving the processes/systems open to significant error or abuse. Significant non-compliance with basic control processes leaves the processes/systems open to error or abuse Page 2 of 10 23 4.2 4.3 Recommendations made on completion of audit work are prioritised using the definitions shown in the table below. High A fundamental weakness in the system that puts the Council at risk. To be addressed as a matter of urgency, within a 3 month time frame wherever possible, or, to put in place compensating controls to mitigate the risk identified until such time as full implementation of the recommendation can be achieved. Medium A weakness within the system that leaves the system open to risk. To be resolved within a 4 – 6 month timescale. Low Desirable improvement to the system. To be introduced within a 7 – 9 month period. During the period covered by the report Internal Audit Services have issued 2 final reports (in addition to the 5 previously presented to the Committee) and the Executive Summary of these reports are attached at Appendix 2. In summary the final reports issued conclude the following: Procurement (NN/15/02) The audit scope covered policy, procedure, laws & regulation, resources, roles & responsibilities, tender & quotation rules, purchase ledger analysis and the contracts register. On conclusion of the review an Adequate assurance opinion was awarded, indicating a stable control environment. 2 medium priority recommendations were raised; the first to update the Procurement Strategy and the Toolkit to reflect regulatory changes and practices, thus ensuring that the Council complies with its regulatory responsibilities. The second recommendation is for Senior Management to regularly review the Contracts Register, thus ensuring that contracts are managed and supervised at a senior level. Sports Halls (NN/15/06) The audit scope included review of lease agreements; procedures; income; expenditure; equipment & premises; customer feedback, marketing & promotion; and sports clubs & hubs. An Adequate assurance opinion was awarded on conclusion of the audit, indicating a stable control environment. 3 medium and 2 low priority recommendations were raised, the 3 medium recommendations relate to; the need to keep DBS checks up to date and reviewed every 3 years thus ensuring that staff employed in key risk areas are appropriately employed; reinstating segregation of duty and transparency in the banking process thus ensuring that the risk of misappropriation is minimised; and health and safety training undertaken on commencement of employment thus ensuring that the risk of health and safety breaches is minimised. 4.4 On conclusion of the above work, no high priority recommendations were made during the period covered by this report. 5. PERFORMANCE INDICATOR OUTCOMES Page 3 of 10 24 5.1 The Internal Audit Service is benchmarked against a number of Performance Indicators as part of the Internal Audit Contract with Mazars. Actual performance to date against these targets is outlined below. 5.2 To date seven final reports have been issued and management have accepted all recommendations that have been made by the Contractor. 5.3 Audit briefs should be issued to key clients at least 10 days before the fieldwork is due to start to ensure that they are well informed of the requirements of the audit. 13 audit briefs have been issued to date and performance in this area there has been four instances where audit briefs were issued within a short notice period, however all remaining briefs (9) have been issued well in advance of the audit commencing, thus ensuring that key clients are notified of the requirements of the audit well in advance of the start date. 5.4 Once audits are underway it can be seen that performance in this area is good with six being completed on time, and one only slightly overrunning, the reasons for which were notified to the Audit Management Team. 5.5 Draft reports should be issued to key officers within 10 working days of completion of the audit fieldwork. Seven draft reports have been issued to date, three on time and four were delayed due to the clearance of internal review points. Performance within this area has dipped since the last report to Committee and action is being taken to address this. 5.6 Final reports should then be issued to key officers within 15 working days of issue of the final report. Seven final reports have been issued to date, as reported above. Six of these were issued on time and one was slightly delayed due to a delay in management response. 5.7 On conclusion of all audits a feedback survey is issued to the key client. The survey asks for responses in relation to; audit staff, audit planning, delivery of the audit and audit reporting. On completion an overall score of poor (1) through to excellent (6) is reported. To date six surveys have been completed and an average score of good (5) achieved. 5.7 In conclusion performance is stable, however as mentioned above action is being taken in regard to ensuring that draft reports are issued by the Contractor in a timely manner. Page 4 of 10 25 APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK Audit No. Frequency of Audit Coverage Original Days Planned Revised Days Planned PLANNED SYSTEMS AUDIT WORK NN/1501 Coastal Protection 3-yearly 10 10 10 June NN/1502 Procurement 3-yearly 10 10 10 July NN/1503 Development Management, including applications, enforcement, s106, Community Infrastructure Levy & Land Charges 3-yearly 22 22 22 July NN/1504 2-yearly 10 10 10 July 2-yearly 10 10 9 3-yearly 12 12 12 2-yearly 20 20 2-yearly 19 19 2-yearly Annual 20 8 20 8 2 2-yearly 13 13 1 NN/1512 Performance Management, Corporate Policy and Business Planning, including annual action plans Localism & Communities, including focus on Big Society Fund Grant Scheme Sports halls/leisure centres & Sports Development Local C Tax Support, Housing benefits Payroll & HR, officers'/members' expenses Council Tax and NNDR Corporate Governance and Risk Management Creditors - Ordering, payments, insurance Elections & Electoral Registration 3-yearly 12 12 January NN/1513 Work to Support the AGS Annual 10 10 February Annual 8 184 8 184 NN/1505 NN/1506 NN/1507 NN/1508 NN/1509 NN/1510 NN/1511 Description of Audit Systems Audit Follow Up TOTAL PLANNED SYSTEMS AUDIT WORK Days Scheduling Delivered 6 Status Assurance Level applicable Summary Report Details presented to Members Final Report issued 20 August 2014 Adequate Final Report issued 2 October 2014 Final Report issued 4 September 2014 Adequate Audit Committee, 16 September 2014 Audit Committee, 9 December 2014 Audit Committee, 16 September 2014 Final Report issued 4 September 2014 October Final Report issued 30 October 2014 November Fieldwork underway December Fieldwork underway January January Fieldwork to start 5 January 2015 2 x 6-monthly validation Page 5 of 10 26 Good Audit Committee, 16 September 2014 Adequate Audit Committee, 9 December 2014 October Draft report imminent November Draft brief prepared 82 Adequate 45% PLANNED COMPUTER AUDIT WORK NN/15/14 Network Infrastructure 2-yearly 7 7 7 April Final Report issued 28 May 2014 NN/15/15 Network security 2-yearly 8 8 8 June Final Report issued 13 August 2014 NN/15/16 NN/15/17 Virus protection/Software Firewalls 3-yearly 4-yearly 8 7 8 7 5 1 Annual 4 34 4 34 21 62% 218 218 103 47% 0 0 0 218 218 103 Computer Audit Follow Up TOTAL PLANNED COMPUTER AUDIT WORK TOTAL PLANNED WORK November Fieldwork underway December Fieldwork to start 15 December 2014 2 x 6-monthly validation EXTRA WORK REQUESTED TOTAL OF EXTRA WORK UNDERTAKEN GRAND WORK TOTAL Page 6 of 10 27 47% Limited Adequate Audit Committee, 16 September 2014 Audit Committee, 16 September 2014 APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES Appendix 2(1) Report No. NN/15/02 – Final Report issued 2 October 2014 Audit Report on Procurement Audit Scope The scope of the audit covered the effectiveness and efficiency of controls operating around: Policies, Procedures, Laws and Regulations; Resources, Roles and Responsibilities; Tender and Quotations Rules; Purchase ledger analysis; and Contracts Register. Assurance Opinion Unsatisfactory Assurance Limited Assurance Adequate Assurance Good Assurance Rationale supporting the award of the opinion The systems and processes of internal control are, overall, deemed adequate in managing the risks associated with procurement of goods and services. This opinion is based on having raised two medium priority recommendations. Although there are fewer recommendations, the level of assurance has remained the same since the previous audit undertaken for this area; hence the direction of travel remains unchanged. The medium priority recommendations relate to the need to review and update the Council’s Procurement Strategy and Procurement Toolkit and to regularly present the Contracts Register to the Management Team. Compliance on the use of waivers/exemptions was tested in our review of Coastal Protection (NN/15/01 – final report issued 20th August 2014) with no weaknesses identified. Positive Findings We found that the Council has demonstrated the following areas where sound controls are in place and operating consistently: Procurement requirements, including roles and responsibilities of staff in the procurement process, are set down within the Constitution; The Chief Accountant and Procurement Officer is responsible for supporting the procurement process within the Council; Procurement training is included within the staff induction process. Staff also attend seminars when necessary and one-to-one sessions in respect of the Purchasing/Procurement systems with the Chief Accountant and Procurement Officer; A Contracts Register is in place which lists all contracts, values, their duration and the key officers; and Receipt of tenders and decisions made are clearly documented and comply with Contract Standing Orders and Financial Rules. Page 7 of 10 28 Control weaknesses to be addressed During our work we have identified the following areas where processes in Procurement would benefit from being strengthened, and as a result, two medium priority recommendations have been made: The Procurement Strategy and Toolkit should be reviewed and updated to reflect current regulatory changes and practices, with copies placed on the intranet. Where procurement strategies, policies and procedures do not reflect current practices, there is a risk that inconsistent or incorrect practices might develop, which could lead to breaches in local and EU requirements. The Contracts Register should be monitored and reviewed by senior management. Where the Contracts Register is not regularly presented to senior management, there is a risk that contracts will expire without the knowledge of management, resulting in increased costs to arrange alternative provision. Summary of the adequacy and effectiveness of controls Area of Scope Adequacy and Effectiveness Assessments Policies, Procedures, Laws and Regulations Resources, Roles and Responsibilities Contracts Register Tender and Quotations Rules Adequacy of Controls Effectiveness of Controls Recommendations Raised High Medium Low Green Amber - 1 - Green Green - - - Green Amber - 1 - Green Green - - - 0 2 0 Total High Priority Recommendations No high priority recommendations have been raised as a result of this audit Management Responses Management have accepted the recommendation raised. Page 8 of 10 29 Appendix 2(2) Report No. NN/15/06 – Final Report issued 30 October 2014 Audit Report on Sports halls Audit Scope The scope of the audit covered the effectiveness and efficiency of controls operating around: Lease Agreements; Procedures (including staff Disclosure and Barring Service checks); Income; Expenditure, purchasing and stock control; Equipment and Premises (Including Mobile Gym); Customer Feedback, Marketing and Promotion (Including Sports Clubs and Hubs); and, Sports Clubs and Hubs. Assurance Opinion Unsatisfactory Assurance Limited Assurance Adequate Assurance Good Assurance Rationale supporting the award of the opinion The systems and processes of internal control are, overall, deemed adequate in managing the risks associated with Sports Halls. This opinion is based having raised three medium and two low priority recommendations. The level of assurance has remained the same since the previous audit undertaken for this area; hence the direction of travel remains unchanged. The medium priority recommendations relate to the need to confirm that all staff have been subject to the requisite Disclosure and Barring Service checks, to provide health and safety training sessions to all key members of staff, and to sign off the ‘banking check sheet’ by two senior officers. The assurance opinion also takes in to account one medium priority recommendation from the previous audit, which has still to be fully implemented. This relates to the requirement to review the lease agreements for the dual use facilities at the three high schools, with two (Cromer and Stalham) of the three new lease agreements still to be signed off by the respective School’s Trustees Positive Findings We found that the Council has demonstrated the following areas where sound controls are in place and operating consistently: Responsibilities of staff are defined within job descriptions and procedural guidance exists covering the core duties/ responsibilities undertaken at each centre; Current written procedures are in place covering operational processes at all three sports halls; Segregation of duties exists in the receipt, handling and banking of remittances and in the raising and recovery of sundry debts; Income collected is securely held and regularly banked; The Council has up-to-date insurance cover in place to cover all cash/cheque holdings; Equipment is subject to a monitoring and maintenance programme through weekly inspections; The Council is actively promoting and advertising initiatives to increase participation at the Sports Halls; and Funding for a new project ‘Sports Clubs and Hubs’ commenced in September 2014 and is secured up to September 2017 through Sport England. Page 9 of 10 30 Control weaknesses to be addressed During our work we have identified the following areas where processes in the Sports Halls would benefit from being strengthened, and as a result, three medium priority recommendations have been made: Staff working at the Council’s sports halls/facilities should be subject to an up to date DBS check. Records of such checks should be kept up to date and monitored to allow for checks to be requested upon the three year expiry date. Where key staff are not subject to current DBS checks, there is a risk that staff are employed who have not declared criminal convictions and who may be a risk to the public, resulting in reputational damage to the Council. Banking check sheets should be signed by the Sports and Leisure Services Manager or another designated officer to provide segregation of duties, accuracy and transparency in the banking process. Where banking check sheets are not signed off by two officers there is a risk of misappropriation of income at the point of receipt; and Health and safety training should be undertaken upon commencement of employment of new staff and at least annually thereafter. Where health and safety training is not provided to members of staff there is a risk of health and safety breaches arising, thus exposing the Council to legal action and reputational damage through injury to staff or members of public using the facilities. During our work we identified two areas where we believe that further enhancements could be made. In particular, with regard to producing operational procedures for the Sports Clubs and Hubs following receipt of external funding in September 2014 and in relation to the procurement process followed for the sports halls suppliers, in order to demonstrate how ‘value for money’ can be determined for the procurement of goods and services. Summary of the adequacy and effectiveness of controls Area of Scope Adequacy and Effectiveness Assessments Lease Agreements Procedures Income Expenditure, Purchasing and Stock Control Equipment and Premises Customer Feedback, Marketing and Promotion Mobile Gyms (Sports Clubs and Hubs) Total Adequacy of Controls Effectiveness of Controls Green Green Green Green Amber Amber High - Medium 1 1 Low 1 - Green Amber - - 1 Green Green - - - Green Amber - 1 - Green Green - - - 0 3 2 Recommendations Raised High Priority Recommendations No high priority recommendations have been raised as a result of this audit Management Responses Management have accepted the recommendation raised. Page 10 of 10 31 Audit Committee 9 December 2014 Report Title Follow Up on Internal Audit Recommendations – 1 April to 31 October 2014 Are there background papers? Yes No Exempt Yes No Yes No Reason for Exemption? Decision for Full Council? Contact Officer Emma Hodds, Internal Audit Consortium Manager E-mail address ehodds@s-norfolk.gov.uk Telephone number 01508 533791 Are there Non Electronic Appendices? Yes List of Background Papers (if applicable) 32 No Audit Committee 9 December 2014 Agenda Item No_____________ Follow Up on Internal Audit Recommendations 1 April to 31 October 2014 Summary: This report provides an overview of progress made in implementing agreed audit recommendations due for completion in the first seven months of the financial year. Conclusions: Good progress has been achieved in relation to the completion of agreed Internal Audit recommendations. Recommendations: It is recommended that the Committee notes management action taken to date regarding the delivery of audit recommendations. Cabinet member(s): Ward(s) affected: All All Emma Hodds, Internal Audit Consortium Manager 01508 533791, ehodds@s-norfolk.gov.uk Contact Officer, telephone number, and e-mail: 1. Background 1.1. In accordance with agreed internal audit review and reporting cycles, we revisit the status of audit recommendations on a 6-monthly basis and last presented our findings in this area to the Audit Committee on 17 June 2014 as part of the year end reporting for 2013/14. 1.2. This report now seeks to provide an update on the status of audit recommendations following recent verification work performed during November, which examined the level of activity concerning the delivery of audit recommendations falling due between 1 April and 31 October 2014. 2. Overall Position 2.1. The overall position in relation to the implementation of Internal Audit Recommendations is within the attached report. 3. Conclusion 3.1 Good progress is being made in relation to the completion of agreed Internal Audit recommendations. 33 Audit Committee 9 December 2014 4. Recommendation 4.1 It is recommended that the Committee notes management action taken to date regarding the implementation of audit recommendations. Appendices attached to this report: Follow Up Report on Internal Audit Recommendations 34 NORFOLK INTERNAL AUDIT CONSORTIUM NORTH NORFOLK DISTRICT COUNCIL FOLLOW UP REPORT ON INTERNAL AUDIT RECOMMENDATIONS PERIOD COVERED: - 01/04/2014 TO 31/10/2014 RESPONSIBLE OFFICER EMMA HODDS – INTERNAL AUDIT CONSORTIUM MANAGER (IACM) CONTENTS 1. INTRODUCTION 2 2. STATUS OF AGREED ACTIONS 2 APPENDIX 1 – STATUS OF AGREED ACTIONS 4 Page 1 of 4 35 1. INTRODUCTION 1.1 This report is being issued to assist the Authority in discharging its responsibilities in relation to the internal audit activity. 1.2 The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in this context as the Internal Audit Consortium Manager) to establish a process to monitor and follow up management actions to ensure that they have been effectively implemented or that senior management have accepted the risk of not taking action. The frequency of reporting and the specific content are for the Authority to determine. 1.3 To comply with the above this report includes: The status of agreed actions. 2. STATUS OF AGREED ACTIONS 2.1 As a result of audit recommendations, management agree action to ensure implementation within a specific timeframe and by a responsible officer. The management action subsequently taken is monitored by the Internal Audit Contractor on a regular basis and reported through to this Committee. Verification work is also undertaken for those recommendations that are reported as closed. Appendix 1 to this report shows the details of the progress made to date in relation to the implementation of the agreed recommendations. 2.2 The summary position according to recommendation priority is shown in the table below: Status of Recommendations as at 31 March 2014 (year-end) High Medium Low Total Complete 2 15 6 23 Outstanding 0 12 7 19 Unable to confirm status Total 2 27 13 42 % 55 45 100 Status of Recommendations as at 31 October 2014 High Medium Low Total 3 18 7 28 0 8 2 10 % Complete 74 Outstanding 26 Unable to confirm status Total 3 26 9 38 100 Key: H – High priority: A fundamental weakness in the system that puts the Council at risk. To be addressed as a matter of urgency, within a 3-month time frame wherever possible, or, to put in place compensating controls to mitigate the risk identified until such a time as full implementation of the recommendation can be achieved. M – Medium priority: A weakness within the system that leaves the system open to risk. To be resolved within a 4 - 6 month timescale. L – Low priority: Desirable improvement to the system. To be introduced within a 7 - 9 month period. The tables provide two snapshots – one of the year end position (31 March 2014) and one covering the position as at the end of October 2014. The figures are not cumulative but enable an overview to be maintained as to the nature of progress being made in relation to completing agreed actions at periodic intervals during the financial year. Page 2 of 4 36 2.4 Details of high priority recommendations which remain outstanding would usually be attached to this report; however all of these have been successfully implemented 2.5 The Committee can see that significant progress has been made in respect of the implementation of internal audit recommendations, with 28 (74%) being implemented in the first 7 months of the year, and only 10 currently reported as outstanding. 2.6 In relation to the 10 outstanding recommendations, management have provided full response as to the progress that has been made to date, what further action is required and in most cases a revised deadline date has been provided. Based on the responses there are no issues that need to be brought to the Committee’s attention. 2.7 It is also worth noting that of the recommendations made to date in year, a further 19 recommendations are not yet due for implementation, see Appendix 1 for the audit areas to which these relate. As mentioned although the dates for completion have not yet been reached, until they are actioned, they represent weaknesses in the control environment which leave the authority open to risk. Page 3 of 4 37 APPENDIX 1 – STATUS OF AGREED ACTIONS Reference NN1112 NN1203 NN1209 NN1401 NN1402 NN1404 NN1407 NN1409 NN1410 NN1411 NN1501 NN1502 NN1503 NN1504 NN1506 NN1215 NN1414 NN1415 NN1514 NN1515 Description Development Management, Building Control and Land Charges Waste Management Contract Sports Halls/Centres Environmental Health Private Sector Housing Waste Management Accountancy Services Sundry Debtors Work to Support AGS Remittances Coastal Protection Procurement Development Management Performance Management, Corporate Policy and Business Planning Sports Halls/Centres SYSTEMS AUDIT TOTALS Data Consistency Business Continuity Planning IT Security Procurement and End User Controls Network Infrastructure Anti-Virus Management COMPUTER AUDIT TOTALS Assurance Level Adequate Limited Adequate Adequate Adequate Adequate Good/Adequate Adequate N/A Adequate/Limited Adequate Adequate Adequate Implemented (April '14 - October '14) H M L Outstanding H M L 1 1 1 1 1 1 1 1 2 1 1 2 3 1 Unable to confirm status H M L 1 Adequate Adequate Adequate 2 2 9 1 1 1 1 1 1 3 4 1 9 4 0 1 0 0 9 0 1 1 0 0 0 1 7 2 0 0 0 3 3 0 Page 4 of 4 38 0 Not yet due to be implemented H M L 1 1 1 1 1 2 0 1 1 0 0 0 0 Good Adequate Adequate Adequate Total Outstanding 0 0 0 0 2 2 2 3 7 1 2 5 1 0 1 4 2 6 Total Audit Recommendations to be actioned 1 1 1 1 1 2 0 1 1 0 0 2 4 1 5 21 0 1 0 5 2 8 NORFOLK INTERNAL AUDIT CONSORTIUM NORTH NORFOLK DISTRICT COUNCIL AUDIT PROCUREMENT RESPONSIBLE OFFICER EMMA HODDS – INTERNAL AUDIT CONSORTIUM MANAGER (IACM) CONTENTS 1. INTRODUCTION ....................................................................................................... 2 2. BACKGROUND TO PROCUREMENT PROCESS ................................................... 2 3. THE NEW CONTRACT FROM 1 APRIL 2015 .......................................................... 2 Page 1 of 3 39 1. INTRODUCTION 1.1 The Norfolk Internal Audit Consortium consists of South Norfolk, Breckland, Broadland and North Norfolk District Councils, Gt Yarmouth Borough Council and the Broads Authority. The role of the Head of Internal Audit and the contract management is currently provided by South Norfolk Council via a group agreement. 1.2 The current contract with Mazars Public Sector Internal Audit Services expires on 31 March 2015, and the Consortium has recently been through a OJEU procurement exercise to procure a new contract. 2. BACKGROUND TO PROCUREMENT PROCESS 2.1 South Norfolk Council, as the contracting authority, has managed the Procurement process on behalf of the Consortium. The services being contracted relate to internal audit services to fulfil each member Authority’s statutory responsibilities under the relevant legislation, including the Accounts and Audit Regulations 2011. 2.2 The Procurement was also developed to offer all members of the Consortium two options on service delivery. The first option was a fully outsourced service, with the Head of Internal Audit role undertaken by the Contractor as well as the delivery of the annual Internal Audit work plan, and the contract management element undertaken by the individual Authority. The second option, as currently provided, was for the Head of Internal Audit role and contract management (Interface Services) to be provided by South Norfolk Council, and the delivery of the annual Internal Audit work plan by the successful bidder. Bidders were requested to submit tenders for both options. 2.3 An OJEU tender, utilising the competitive dialogue route, was undertaken due to the value of the work to be contracted. A PIN (Prior Information Notice) was issued and soft market testing took place prior to tender documents being issued and formal tenders being submitted. 2.4 Tenders were evaluated for quality (60%) and price (40%) via the consideration of method statements and bill of quantities respectively. 2.5 Three suppliers submitted final bids and the contract has now been awarded to TIAA Ltd based on the above assessment and their submission of the most economically advantageous tender overall. 2.6 The new contract will commence on 1 April 2015 and is for five years, with an option to extend by two years or one plus one. 2.7 In addition, all current members of the Consortium have decided to stay with the current “Interface Service” approach, with the Head of Internal Audit role and contract management provided by South Norfolk Council. In conjunction with the Legal Team a Partnership Agreement will now be drawn up binding the delivery of this service from South Norfolk Council to the aforementioned authorities. 3. THE NEW CONTRACT FROM 1 APRIL 2015 3.1 Although the new contract is due to start on 1 April 2015, the procurement exercise ensured that a mobilisation period was built into the contract to ensure that key stages and timescales for implementing the Contractual arrangements were confirmed. This includes how resources are to be put in place to commence services from 1 April 2015, and in particular how the time in between the contract award and the operational Commencement Page 2 of 3 40 Date of the Contract will be utilised to prepare for high quality service delivery from day one. The provision of this has been at no cost to the Consortium. 3.2 TIAA Ltd has been operating for over eighteen years and started as the internal audit services for a consortium of housing associations. Over the years the company has grown into being one of the largest specialist internal audit providers in the UK. TIAA is an employee-centred organisation with staff being the majority shareholders. The Board of the company includes a non-executive Chair and non-executive company secretary and they have adopted the public sector principles of governance and accountability. The company has a strong presence in East Anglia with an existing regional office in Ipswich. 3.3 TIAA Ltd has confirmed a timescale for mobilisation between November 2014 and March 2015 to ensure that they are ready to commence delivery on the first day of the contract. The detailed requirements are part of the agreed contract and delivery against these key tasks will be monitored. A key part of this will be a launch presentation at each site for officers to attend and gain an early insight into how Internal Audit will be delivered going forwards. Key improvements in service delivery will include: Risk Based Internal Audit Planning at a strategic level and at individual audit level Audit opinions based on 4 distinct stages (the first 2 being the traditional approach and the last 2 bringing added value) o Strategic Direction – consideration of the extent to which process is directed by proper procedure o Operational Compliance – consideration of the extent to which staff comply with the procedures o Operational Effectiveness – consideration of the extent to which process provides efficient and effective delivery o Reputation Awareness – consideration of the extent to which customer / regulator requirements are met Outcomes reported as a result of audit reviews will include recommendations as required, however an Operational Efficiency Action Plan is also included which sets out matters identified during the audit where there may be opportunity for service enhancements to be made to increase both the operational efficiency and enhance the delivery of value for money services. Audit software that provides an integrated solution for delivering the Internal Audit vision 3.4 A new approach to Internal Audit delivery will be evident from financial year 2015/16. This is starting now with the planning approach being taken by the Internal Audit Consortium Manager being much more risk focused and ensuring an element of the plan concentrates on the key risks and the corporate priorities of the Authority, with the other elements concentrating on service areas and those key systems which feed into the Statement of Accounts. Page 3 of 3 41 Brief for Audit Committee December 2014 Incidents and Emergency Planning There have been five recent incidents that have had an impact on the Authority. Storm St Jude, coastal Flooding at Walcott in October, District wide coastal flooding in December, USAS helicopter crash in January and the Fakenham town centre fire. All of these events involved implementation of Emergency and Business Continuity Plans. The most significant being the tidal surge, last December and a full de-brief report has been complied and this report will go to Overview and Scrutiny Committee. Contained within the report is an action plan for the lessons learnt for the authority during and after the event. Most points required our emergency response plan to be updated and improved with the knowledge gained from this and the other events we experienced. Overall the Emergency Response Plan was proved to be fit for purpose and the new additions will help to deliver an event slicker response to any future incident the authority may face. The new updated version four of the NNDC Emergency Response Plan has now been completed and is awaiting publication. Team BC Plans All team BC plans are in place except Revenue and Benefits. However, this team have got a draft plans in place and the line managers are working on the new version. The new version of a simplified Business Impact Analysis and Business Continuity Team Plans has been rolled out. This will be easier for managers to understand and implement as it removes the duplication from the old versions. The new Business Continuity Working Group has not met but it is anticipated that the first meeting of the new group will take place either before Christmas or early in the New Year. Despite the fact that authority experienced several significant emergency incidents the over the last year, with had little impact of service delivery proves that the current Business Continuity plans in place are robust and fit for purpose. Training It is hoped to get some basic external business continuity training delivered early in the new year this will be delivered to the BCWG and any other interested parties. 42 The CCT team are still helping teams to develop and improve their own BC plans with one to one training sessions. 25 Members of NNDC have agreed to act as Emergency Staff if required during a significant event; they will carry out roles such as Rest Centre Managers, Rest Centre Staff, Emergency Support staff and Loggist. 17 have undergone a basic training course on 26th September. Flood warden training has been delivered for Wells, Stiffkey and Bacton. Disaster Recovery and Work Action Recovery site This project is still on-going but has been delayed due to office moves, reception project, new help desk configuration and the incidents that have occurred. All data is being replicated from the Cromer office to the Fakenham site on a daily basis and if we suffer a total loss of this building it would take a small amount of reconfiguration work to get access to the stored data. Final testing of the DR site is hoped to take place by the end of 2014. The Work Action Recover Site is in place with an initial 10 networked PC’s and associated equipment. During the recent Fakenham fire the building was used to great effect as an evacuation and information centre for the members of the public that were made homeless. The staff that used the site during the incident reported that the ability to use NNDC IT networks made the whole process far easier. The fact that they had the ability to use the small rooms for confidential interviews and the kitchens for refreshments only further enhanced service delivery. 43 Corporate Risk Register November 2014 PRMB - 4 December 2014 Audit Committee 9 December 2014 Summary Register Ref. Current Score Target Score Medium Term Financial Plan 015(CR) 20 12 Karen Sly - Head of Finance Coastal Erosion - (the effects of) 002(CR) 20 12 Rob Goodliffe - Coastal Management Team Leader Transformation Agenda/Business Transformation Work 003(CR) 16 8 Sheila Oxtoby - Chief Executive Property assets (the condition of)/ Asset Management 001(CR) 12 9 Duncan Ellis - Head of Assets & Leisure Council Banking Services Provider 016(CR) 10 15 Karen Sly - Head of Finance Procurement - (lack of value for money) 009(CR) 9 3 Karen Sly - Head of Finance Information - (loss of) 008(CR) 8 4 Sean Kelly - Head of Business Transformation and IT Housing Delivery 010(CR) 6 6 Operational disruption - (significant event) 013(CR) 6 6 Homeworking - security, staff health and safety 019(CR) 6 6 Risk 44 Officer Nicola Turner - Strategic Housing Team Leader Richard Cook - Civil Contingencies Manager, Steve Hems - Head of Environmental Health Sean Kelly - Head of Business Transformation and IT 1 Corporate Risk Register November 2014 PRMB - 4 December 2014 Audit Committee 9 December 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Score (with controls) Impact x Likelihood = Total Medium Term Financial Plan 015(CR) Policy work 5x4=20 1. Uncertainty around the Governments spending reduction programme and the impact on the Council’s funding. The business rates retention system has shifted the risk of business rates fluctuations to the local level, meaning that Local Authority funding will be impacted directly from decline in business and also planned reductions to the revenue support grant and reliance on New Homes Bonus funding influenced by delivery of new homes and reductions in long term empty properties. 2. Failure to produce a balanced budget position and funded future projections in the medium term and to deliver a freezing of Council Tax increases. 3. The Corporate Plan may not be delivered to the identified timescales. The level of service Action (to achieve target score) and progress to date Lobbying Central Government Growth forecasting models to be developed for housing and business rates to inform future financial forecasts and budget. – On Track Medium Term Financial Strategy Delivery of identified and planned savings. Corporate Planning / Service Planning Identification of future savings and efficiencies. Target Score Impact x Likelihood = Total 4x3=12 Corporate Objective / Service Priority Officer Delivering the Vision Karen Sly - Head of Finance Budget Process / Budget Monitoring Regular monitoring system of the impact of the business rates retention and the localised council tax support system Utilisation of the New Homes Bonus grant within the base budget from 2014/15 Review of the Councils reserves following the impact of the storm repair 45 2 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening currently provided could be at risk, unplanned use of reserves which is unsustainable in the longer term. Higher level of savings requirement in future years. Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer 4x3=12 Coast, Countryside and Built Heritage Rob Goodliffe - Coastal Managem ent Team Leader costs and associated funding - Implemented Reporting - New legislation and consultation Implemented Timely agreement of the annual Localised Council Tax Support Scheme Implemented Project Management Plans – Implemented Early update of the Financial Strategy to inform the 2015/16 budget process – Implemented Coastal Erosion - (the effects of) 002(CR) 1. Lack of Government funding to maintain coast defences and / or to support local compensation claims 2. Coastal erosion and blight of coastal settlements through loss of public and private infrastructure and assets. The Council has devoted The Pathfinder Project 5x4=20 Shoreline Management Plan (SMP) Repairs & Maintenance Programme Procurement practices 46 Cromer Sea Defence Works – On Track - £8m scheme being implemented. Has been delayed by the storm of December 2013 which will ultimately impact on the programmes completion being delayed from the original completion date of March 2015 to sometime in the autumn of 2015. First works on the ground started on site 3 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening significant resources to pursuing sustainable answers to coastal management issues. There is a considerable Health and Safety context here which serves to increase the reputational risk for the Council at the same time. Existing Controls Controls that have been implemented since the last review are shown in green 3. Increased coastal erosion through loss of defences presents a reputational risk to the authority in the eyes of local communities and direct loss of Council owned assets / infrastructure which are fundamental to the district's tourism offer and therefore the economic well-being of the district. Loss of confidence in respect of business investment and residential property market; blight of properties in erosion zone; direct loss of tourism assets and infrastructure promenades, beach chalets, cafés, public toilets, car parks etc.; loss of tourism income / employment. Control of coastal management schemes through procurement and regular checking – Implemented Transformation Agenda/Project 003(CR) 1. It is clear that there is a new urgency about change in local PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Health & Safety checking and monitoring Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer Delivering the Vision Sheila Oxtoby Chief Executive November/December 2013. Works are 33% complete on the concrete foundation works to the sea walls. Work has started on refurbishment of the groynes. The programme was delayed by implementing storm damage repairs which were not part of the original contract. This is a 23 year scheme anticipated to complete in 2015. DEFRA funding of capital schemes Coast monitoring Training, learning & policy initiatives Action (to achieve target score) and progress to date Repairs in response to the December 2013 Tidal Surge – On Track - in progress. 4x4=16 Strategies Reporting - New legislation 47 IT transformation work that is currently being undertaken – Some Problems - Workload vs. capacity needs to be assessed and planned and then appropriately monitored. The 2x4=8 4 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening government driven by the current financial pressures and the ambition to ignite community engagement. Previous incremental change is being replaced by a more wholesale restructuring of local government and its place in local service delivery. 2. The risk is that in moving to a new agenda so quickly there is no basic framework within which the new arrangements can be undertaken. 3. Vision and action may not be fully supported by a sound assessment and a solid understanding of policy implications at national and local level. Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total and consultation Maintain technical competence Medium Term Financial Strategy Delivering the Vision Duncan Ellis – Head of Assets and Leisure Individual project teams will include service representation and project timelines will be planned and agreed with due consideration to other scheduled activities within the service and the wider council. Business Transformation Board monitoring projects progress The introduction of a property risk assessment and inspection regime Officer Managing delivery of workstreams as included in the Transformation programme –On Track – Appointment of a Head of Business Transformation to deliver the programme 1. A lack of investment and sound decision-making. Corporate Objective / Service Priority Further discussions/ consideration of options around shared services – On Track Approval of the Business Transformation Programme Work on R & M schedules Target Score Impact x Likelihood = Total resource to deliver any additional activities needs to be clearly identified and its impact on the existing plan assessed prior to a decision to implement that business change. Network development Property assets - (the condition of) - 001(CR) Action (to achieve target score) and progress to date 4x3=12 2. Deteriorating property assets may 48 Work is on-going in relation to the R&M schedules in relation to including all of this detail within the Concerto system. The schedules were used to support the update of the Asset Management Plan and the 3x3=9 5 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening lead to a loss of revenue and possible legal liability. 3. The Council does not achieve value for money from its investment and/or possible legal liabilities either directly or through its leasing arrangements. This scenario is detrimental to the local tourism economy as well as damaging to local communities contributing to a lack of community pride and possible increase in vandalism. The capital tied up in assets cannot be released to support wider Council initiatives and income streams are not maximised. Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Effective team resourcing Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer capital works highlighted within the plan have gone forward as capital bids to be considered by Members as part of the budget setting process for 2015/16. Asset Management Plan Implement asset management software – Implemented – The team is now using the system regularly. Additional technical assistance is being provided to ensure this system is being used to full effect. Rolling asset condition surveys continue to be undertaken to ensure that the R&M schedules remain up to date. Various policies are in place to help manage property risks and risk assessment inspections and review works continue to be developed and improved. Regular routine inspections take place on all of the Council’s car parks for example to review, monitor and help manage a number of risks. Team resourcing continues to be monitored although the recovery works connected with the storm surge have stretched the team this year. Additional resource is being investigated to support with further data input onto the Concerto system which 49 6 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer Delivering the Vision Karen Sly - Head of Finance is extremely time consuming. The Asset Management Plan was updated and agreed earlier this year and contains an improvement plan which is currently being implemented and forms part of the Ten performance monitoring system. As mentioned above additional temporary resource support is being investigated in relation to the Concerto system to ensure this becomes fully populated as quickly as possible. The more information the system holds the more useful it will be. Council Banking Services Provider (Change from “Downgrading of Co-op Bank” 016 (CR) 1. Downgrading of the Co-op bank credit rating and subsequent notification of the withdrawal from providing banking services to Local Authorities has meant that the Council must change provider for Overnight funds kept to a minimum within the Co-op Public Sector Reserve Account (previous limit was £500,000) 5x2=10 Implementation of the project and transition to new bank. Allocation of resources from relevant services, including IT and Finance to achieve the timescales for the banking services t be moved. Alternative banking facility has now been set up. 5x1=5 Regular monitoring of position with Treasury 50 7 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening banking services. Existing Controls Controls that have been implemented since the last review are shown in green 2. Current contract end date is March 2015, withdraw of services or failure to deliver services ahead of this date would leave the Council without and banking service provider. Commencement of joint tender process (with other Norfolk authorities) for banking contract (which expires in March 2015) earlier than would have normally. 3. The Council could not collect its income or make any payments and would be unable to carry on its day to day business in the short term until alternative banking arrangements can be put into place. Depending on the time the security of payments/cash ’in transit’ could be at risk. PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total 1. The current financial climate, recent resourcing issues causing an absence of a focus for this work, together with a reduction in the Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer Delivering the Vision Karen Sly – Head of Finance Advisors. Joint tender process underway with tender document now issued. Tender process for new contract to be completed in accordance with the project timetable. Implemented. Award of contract scheduled for the summer 2014 – Implemented. Procurement - (lack of value for money) - 009(CR) Action (to achieve target score) and progress to date Procurement Strategy 3x3=9 Procurement Framework Joint procurement protocol and opportunities for joint/shared procurement 51 A procurement evaluation Some Problems - An increased awareness of the location and use of the Toolkit (including the Quotation Value Path) has been undertaken including presentations to Management 3x1=3 8 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening available accountancy resources going forward increase the risk of a lack of continuous improvement in this area. 2. Failure to adopt new procurement practices and delivery of efficient and timely procurement processes could mean that the Council will not achieve value for money procuring the goods and services it uses. 3. The Council may not achieve value for money, financial/procedural inefficiencies possible challenge to contracting procedures. Information - (loss of) - 008(CR) 1. Lax security - Information may be lost, mislaid or stolen. Increased use of mobile technology such as I Pads etc. 2. There exists an inherent potential for the loss of organisational information at any security level. ICT is responsible for ensuring electronic data is secure (in conjunction with system owners who Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total with other authorities where possible Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer Delivering the Vision Sean Kelly Head of Business Transform ation and IT groups and on one-to-one basis. More work still to be done regarding analysis of procurement outcomes and the value for money achieved. Advice for external suppliers Procurement responsibility assigned to the Chief Accountant Procurement publication requirements to be reviewed and actioned in accordance with the transparency code. Regular procurement refresh and review of procedures – Implemented Information Management Strategy Action (to achieve target score) and progress to date 4x2=8 Implement data security protocols on mobile devices ICT Security Policy On-going role specific user training relating to information security and data protection – Requires discussion with HR as to how and when to implement this training. Interim generic information to be shared with staff through intranet. 4x1=4 IT Monitoring Data Protection training 52 9 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening control access to their databases), 3. Information may be inappropriately used. Fraud or data corruption may occur. Systems may suffer damage. The Council's reputation may be harmed. Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer 3x2=6 All controls are implemented and risk is currently under control, to be reviewed in six months time. 3x2=6 Housing and Infrastructur e Nicola Turner Housing Team Leader Strategy Code of Connection compliance Regular audits of IT security arrangements. – Implemented Regular 3rd party data protection and integrity testing – Implemented Housing Delivery - 010(CR) Use of capital 1. A combination of lack of developer confidence because of recession / weak financial markets and pressure on public finances meaning reduced availability of grant funding for affordable housing provision. Partnership work with Registered Providers 2. Inability to secure planning permission for provision of affordable housing. Internal planning protocol 3. A challenge over the Council's ability to deliver sufficient affordable homes Housing Strategy discussion document Local Investment Plan Local Development Framework (LDF) policies Increased Focus 53 10 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer (2010) Enhance Housing Association delivery – Implemented - Following the approval of the Local Investment Strategy, Cabinet has provided delegated authority for the issue of the first loans and work is on-going to negotiate the terms and complete the loan. Continuing to work on delivering both affordable housing (and market housing where they provide the subsidy needed for the delivery of the affordable dwellings) in a way which reduces upfront costs to Housing Associations. First phase of schemes identified. Development plan affordable housing provision – Implemented On-going forward development plan need 54 11 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer continuous attention to ensure on-going pipeline of affordable housing schemes- On Track 153 affordable dwellings were completed in 2013/14 which is the highest number delivered in the district by Registered Providers. 74 completions are predicted for 2014/15, although this number is subject to change. Ensuring that there is an on-going pipeline of affordable housing schemes remains a key priority to ensure that affordable housing delivery is sustained in future years. On=going monitoring of financial contributions received and expenditure will be committed in a timely way on affordable 55 12 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer Delivering the Vision Richard Cook Civil Contingen cies Manager, housing. Identified partner to work with Council and Housing Associations to bring forward affordable (and market) housing schemes in a way which reduces upfront costs to Housing Associations - On Track Operational disruption (significant event) - 013(CR) Response & Recovery Planning 1. Both the National and Community Risk Registers have more information regarding the risk of specific events (e.g. Pandemic) occurring. Continuity Planning 3x2=6 Corporate Business Continuity key role training 2. Any Internal or external event that has a significant impact on the ability of the Council to deliver services. Complete critical services' Business Continuity Plans (BCP) – On Track - All Critical services now have carried out Business Impact analyses except Revenues and Benefits which is now at draft stage. All critical services have plans except Revenues and Benefits. The Civil Contingencies Manager will work with the Revenues and Benefits team leaders and managers to finalise plans. 3x2=6 Steve Hems Head of Environm ental Health 3. a) Loss of staff for 'usual' service delivery b) Loss of premises c) Loss of key partners/suppliers d) Loss of infrastructure services 56 13 Corporate Risk Register November 2014 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening A reduction in the ability of the Council to deliver services, possibly at a time of increased demand from the community. Homeworking - security, staff health and safety - 019(CR) 1. All aspects of remote working not covered by corporate policies. There are procedures in place for IT risks. Existing Controls Controls that have been implemented since the last review are shown in green PRMB - 4 December 2014 Audit Committee 9 December 2014 Score (with controls) Impact x Likelihood = Total 2x3=6 IT Monitoring Action (to achieve target score) and progress to date Produce and implement staff policies and procedures for homeworking – Not Started – This work has been added to the HR service plan and has yet to have a deadline set. Target Score Impact x Likelihood = Total 2x3=6 Corporate Objective / Service Priority Officer Delivering the Vision Sean Kelly Head of Business Transform ation and IT 2. Security put at risk. Cost of home working not adequately budgeted for. All managers have a responsibility for their staff working from home. 3. Remote staff unable to access technology needed to do their jobs and for business continuity. Notes: Risk 007(CR) Partnership/s - (potential failure) removed as risk closed by the Head of Finance. Risk 011 (CR) Shared Services Plans – PRMB recommended to remove as not actively pursuing shared services at present. 005 (CR) Organisational Restructuring – PRMB recommended to remove as more service specific. 57 14
