Please Contact: Lydia Hall
Please email: lydia.hall@north-norfolk.gov.uk
Please Direct Dial on: 01263 516047
06 March 2015
A meeting of the Audit Committee of North Norfolk District Council will be held in the
Committee Room at the Council Offices, Holt Road, Cromer on Tuesday 17 March 2015
at 2.00 pm
Members of the public who wish to ask a question or speak on an agenda item are
requested to arrive at least 15 minutes before the start of the meeting. It will not always be
possible to accommodate requests after that time. This is to allow time for the Committee
Chair to rearrange the order of items on the agenda for the convenience of members of the
public. Further information on the procedure for public speaking can be obtained from
Democratic Services, Tel: 01263 516047, Email: democraticservices@north-norfolk.gov.uk
Anyone attending this meeting may take photographs, film or audio-record the proceedings
and report on the meeting. Anyone wishing to do so must inform the Chairman. If you are a
member of the public and you wish to speak on an item on the agenda, please be aware that
you may be filmed or photographed.
Sheila Oxtoby
Chief Executive
To: Mr N D Dixon, Mr B Jarvis, Mrs A Moore, Miss B Palmer, Mr R Reynolds and Mr D
Young
All other Members of the Council for information.
Members of the Management Team, appropriate Officers, Press and Public
If you have any special requirements in order to attend this meeting, please let us
know in advance
If you would like any document in large print, audio, Braille, alternative format or in a
different language please contact us
Chief Executive: Sheila Oxtoby
Strategic Directors: Nick Baker and Steve Blatch
Tel 01263 513811 Fax 01263 515042 Minicom 01263 516005
Email districtcouncil@north-norfolk.gov.uk Web site northnorfolk.org
AGENDA
1.
TO RECEIVE APOLOGIES FOR ABSENCE
2.
PUBLIC QUESTIONS
To receive public questions, if any
3.
ITEMS OF URGENT BUSINESS
To determine any items of business which the Chairman decides should be
considered as a matter of urgency pursuant to Section 100B(4)(b) of the Local
Government Act 1972.
4.
DECLARATIONS OF INTEREST
Members are asked at this stage to declare any interests that they may have in any
of the following items on the agenda. The Code of Conduct for Members requires
that declarations include the nature of the interest and whether it is a disclosable
pecuniary interest.
5.
MINUTES
(Page 1)
To approve as a correct record, the minutes of the meeting of the Audit Committee
held on 09 December 2014.
6.
AUDIT UPDATE AND ACTION LIST
(Page 7)
To monitor progress on items requiring action from the meeting of 16 September
2014, including progress on implementation of audit recommendations.
7.
AUDIT COMMITTEE WORK PROGRAMME
(Page 8)
To review the Audit Committee Work Programme and look at next year’s programme.
8.
AUDIT PLAN – ANNUAL GRANT CERTIFICATION REPORT
(Page 10)
To receive the Annual Grant Certification Report from External Audit.
9.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY
(Page 22)
To receive the Progress Report on Internal Audit Activity.
10.
STRATEGIC AND ANNUAL AUDIT PLANS
(Page 38)
To receive the Strategic and Annual Audit Plans.
11.
UPDATE ON SPORTS HALLS INTERNAL AUDIT RECOMMENDATIONS
(Page 54)
To receive an update as requested by Members.
12.
FLOOD RECOVERY
(Page 59)
To receive an update on Flood Recovery.
13.
EXCLUSION OF THE PRESS AND PUBLIC
To pass the following resolution, if necessary:
“That under Section 100A(4) of the Local Government Act 1972 the press and public
be excluded from the meeting for the following items of business on the grounds that
they involve the likely disclosure of exempt information as defined in
of Part I
of Schedule 12A (as amended) to the Act.”
Agenda item _5 _
AUDIT COMMITTEE
Minutes of a meeting of the Audit Committee held on Tuesday 9 December 2014 in the
Council Chamber, Council Offices, Holt Road, Cromer at 2.00 pm.
Members Present:
Committee:
Mr N Dixon (Chairman)
Mrs A Moore
Miss B Palmer
Officers in
Attendance:
The Head of Finance, the Internal Audit Consortium Manager, the Head of
Corporate Assets and Leisure, the Regulatory Officer and the Democratic
Services Officer
27.
Mr R Reynolds
Mr D Young
APOLOGIES
Mr B Jarvis.
28.
PUBLIC QUESTIONS
None received.
29.
ITEMS OF URGENT BUSINESS
None received.
30.
DECLARATIONS OF INTEREST
None.
31.
MINUTES
The Minutes of the meeting of the Audit Committee held on 16 September 2014 were
approved as a correct record and signed by the Chairman.
32.
AUDIT UPDATE AND ACTION LIST
Members were updated on progress on actions arising from the minutes of the meeting
of 16 September 2014.
Corporate Risk Register
The Head of Finance stated that the register had been updated as no shared services
were currently planned, this would be reviewed as applicable in the future.
Audit Committee
1
09 December 2014
33.
AUDIT COMMITTEE WORK PROGRAMME
The information regarding the tidal surge and contingencies would go to the Overview
and Scrutiny Committee rather than to Audit.
RESOLVED
That the Work Programme be agreed.
34.
ANNUAL AUDIT LETTER 2013/14
The Head of Finance gave a brief summary of the letter, stating that it was good news
and the results showed there were no issues in the areas tested.
The Head of Finance commented that page 17 of the Annual Audit Letter showed a
summary of fees and that reference was made to a fee variation which had not yet
been confirmed , it was not currently anticipated that there would be a significant
impact to the final fees overall.
Mr D Young asked whether the Audit Commission still had a role in the fees for
External Audit.
The Internal Audit Consortium Manager said that the (External Audit) fees had been
set for the current year but that in the future and following the closure of the Audit
Commission in March 2015, the appointment of the external auditors will be
determined by regional tender processes and the audit committee would have a role
and this would need to be planned for. She added that Price WaterhouseCooper were
completing the 2014/15 accounts and it has been confirmed that Ernst Young would
complete the 2015/16 and 2016/17 accounts audit.
Mr R Reynolds, in reference to a statement made on page 15 of the agenda, asked
what assumptions had been made.
The Head of Finance answered that it was in relation to pension liability and that the
external auditors were content with the figures and that no significant change was
required.
RECEIVED
The Annual Audit Letter 2013/14
35.
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY
The Internal Audit Consortium Manager explained that the progress report was a
regular report and the second one of the year. The report confirmed that 47% of the
audit plan was complete and was on track as more work was in quarters three and
four.
The Internal Audit Consortium Manager added that there were two final reports on
procurement and sports halls. She said audits concerns regarding sports halls
covered three aspects; DBS checks, Segregation of duty and Health & Safety training
all of which had no high priority recommendations.
Audit Committee
2
09 December 2014
The Internal Consortium Manager said that the performance of the contractor was now
assessed through the year rather than at year end and that overall performance was
stable and work was progressing.
Mrs A Moore said that she was surprised that the DBS checks had been assessed as
a medium risk and that eight years ago the same issue had arisen in internal audit.
She said that Human Resources informed managers when the DBS check was due for
renewal. Mrs A Moore said that she believed it to be a higher risk.
The Internal Audit Consortium Manager said that the DBS checks had been assessed
as medium risk because there were processes and controls in place and that there
was a control weakness as opposed to a control failure. She added that all of the
sports halls were up to date with DBS checks. They had reconfirmed the process and
added escalation to ensure that DBS checks are up to date. The Internal Audit
Consortium Manager explained that the Council no longer had the volume of DBS
checks to check themselves and that an umbrella body was now being used which
made it a smoother process. She stated that the issues had been recognised and risks
mitigated.
Mrs A Moore said there were banking issues in 2007 and that health and safety was an
important issue.
The Head of Finance stated that the issues identified in the report were as a result of
the new structure which had not been fully implemented and that it had been amended
and actioned immediately.
The Head of Corporate Assets and Leisure said that the banking issue was from a
template proforma and that additional ‘sign offs’ had been added and an escalation
process put in place. He confirmed that all the new DBS checks had been completed
and that there was a new six monthly report from Human Resources. A new escalation
process had been introduced to the DBS checks which included the Head of
Organisational Development. He added that the new electronic system would help with
the process and that calendar reminders in Outlook provided another check. The Head
of Corporate Assets and Leisure said that the health and safety issues would be picked
up in staff inductions.
The Chairman said that there was a recurrence of issues and that the sports halls were
vulnerable areas where the interface with the public was dynamic and that there were
various risks to be managed.
The Chairman asked if there was any merit in having another report in one or two
meetings time to provide an assurance that the systems in place were proving to be
efficient over time.
The Head of Finance said that the recommendations would be picked up in the June
2015 meeting and that a follow up could be included with specific mention made to the
medium risk measures implemented.
The Internal Audit Consortium Manager said that all three recommendations had
implementation dates of January and that testing with a report could be arranged in
time for the March 2015 meeting.
Mr R Reynolds expressed his concern over the loss of the information if the committee
members changed after May 2015.
Audit Committee
3
09 December 2014
AGREED
That the new implementations were tested and reported back in March 2015.
36.
FOLLOW UP REPORT ON INTERNAL AUDIT RECOMMENDATIONS
The Internal Audit Consortium Manager said that it was a brief, but positive report and
that at 31 October 2014 74% of the recommendations had been verified. She
confirmed that there were ten recommendations outstanding; eight of medium risk and
two that were low risk. She summarised by saying that there was nothing to bring to the
Committee’s attention and that nineteen recommendations had been raised this year.
The Chairman said it was reassuring that there were no high priorities outstanding and
that the next concern would be the medium level risks.
AGREED
That the Committee accepted the report.
37.
AUDIT PROCUREMENT
The Internal Audit Consortium Manager explained that this had been a lengthy
procurement process and that it had concluded. She said that there had been
competitive dialogue with three suppliers over five weeks to incorporate the
consortiums needs and requirements.
The Internal Audit Consortium Manager said that the company had been chosen based
on 60% quality and 40% price and that the contract had been awarded to TIAA Ltd.
The contract was for five years with a two year extension option starting on 1st April
2015. She said that TIAA had been operating for 18 years and took the traditional audit
route as well as looking at operational effectiveness and reputational awareness and
that the committee could expect a different delivery compared to the current provider.
She informed Members that employees at TIAA were major shareholders and that the
company was stable.
The Internal Audit Consortium Manager said that the consortium would continue with
the current arrangement and that a new partnership agreement would be arranged.
The Head of Finance thanked the Internal Audit Consortium Manager for her work.
The Chairman asked whether there was a significant cost difference to the current
provider.
The Internal Audit Consortium Manager said that the day rate had been frozen with the
current supplier three years ago and that TIAA were offering a very competitive day
rate in comparison alongside a high quality service.
AGREED
That the Committee accepted the report.
Audit Committee
4
09 December 2014
38.
BUSINESS CONTINUITY
The Chairman said that it had been a demanding year and that a number of
contingency situations had arisen and that the emergency plans had been to hand.
Mr R Reynolds said that the Audit Committee congratulated those involved and that
having experienced three major incidents in one year, everything was fit for purpose.
Mrs A Moore said that the Revenues and Benefits draft plan needed to become a final
plan.
The Head of Finance said that the Revenues Manager and the Benefits Manager were
working on the plan.
The Chairman said that the committee needed to receive confirmation when the plan
was completed to ensure that it was sufficient to meet needs.
AGREED
That the Committee receive written confirmation that the plans have been finalised and
are in place from the Contingencies Manager.
39.
CORPORATE RISK REGISTER
The Head of Finance explained that the corporate risk register had been discussed in a
meeting the previous week and that there were some amendments as the version had
been updated since the printing of the agenda. It had been reviewed with service
managers and heads of service and four risks had been added:
a)
b)
c)
d)
DBS Checks – significant risk
Potential claims against the Council
Individual Electoral Registration (IER) – changes in software implemented
Flooding grants ‘Repair & Renew’ – 220 applications received (less than half have
received the grant due to demand on contractors, longer nights and weather) with
some grants remaining unpaid by the deadline of 31st March 2015.
To address the concerns regarding the grants a letter had been sent to ministers and
DEFRA on 24th October outlining the impracticalities of the deadline and the delays
caused by the relatively specialist nature of the works and demands on a few
contractors. The threshold for those affected had been extended and promoted which
meant there would be a lot of applications very near to the deadline. The Head of
Finance explained that this posed a reputational and financial risk to the Council if the
claims were not payable because the works had not been completed and therefore not
eligible within the timescales.
Mr R Reynolds said that this brought forward three issues; that people felt ‘entitled’ to
the grant; the fallout would reflect badly on NNDC; and whether there was any way
around the situation.
The Head of Finance said that they were trying to get the deadlines for applications
changed and that discussions were still to be had. She re-iterated that NNDC had
written, and that the Leader had sent a follow-up letter, but that no response had been
received so far.
The Chairman asked whether Full Council would be interested in taking a view.
Audit Committee
5
09 December 2014
Mrs A Moore suggested writing to Norman Lamb MP as the standard approach had
been tried and there was only three months left before the deadline.
Mr D Young suggested contacting similarly affected Councils to put pressure on central
government.
The Head of Finance replied that the same issues had been raised by other councils
and that they were not alone in the problems faced.
Mr D Young commented that the advantage of going to Full Council would be publicity
of the issue.
The Head of Finance suggested following up with the Corporate Director co-ordinating
the correspondence to the government departments and also escalating the issue.
Mr D Young pointed out that in the council services target it should read ‘5’ and not
‘15’.
Mrs A Moore said there were property asset concerns and that there was nothing
about listed buildings such as the North Walsham Town Council building that were
required by law to be maintained as listed buildings and that the Council should be
aware of this.
AGREED
That the Committee accepted the report
The meeting closed at 3.14 pm
______________________
Chairman
Audit Committee
6
09 December 2014
Agenda Item
AUDIT COMMITTEE 16 September 2014 – ACTIONS ARISING
FROM THE MINUTES
35. Progress Report
on Internal Audit
Activity
That the new implementations were tested and
reported back in March 2015.
38. Business
Continuity
That the Committee receive written confirmation that Richard Cook
the plans have been finalised and are in place from
the Contingencies Manager.
7
Emma Hodds
Agenda Item 7
AUDIT COMMITTEE WORK PROGRAMME 2014 – 2015
JUNE 2014
PWC
SEPTEMBER
2014
PWC 2013/14
Annual
Governance
report
(ISA260)
DECEMBER 2014
MARCH 2015
Annual Audit
Letter (PWC)
Audit Plan (PWC)
(with overview)
Annual Grant
Certification
Report
Progress Report
on Internal Audit
Activity
Progress Report
on Internal Audit
Activity
Protocol for
liaison between
internal and
external auditors
Internal Audit
Annual Review
of the
Effectiveness of
Internal Audit
Progress Report
on Internal Audit
Activity
Annual Report
and Opinion
Status of agreed
actions
Undertake selfassessment
NNDC
Corporate Risk
Register/ risk
management
framework
Business
Continuity Plan
Review
Follow Up Report
Strategic and
on Internal Audit
Annual Audit
Recommendations Plans
Statement of
Accounts (+
informal training)
Business
Continuity
Review of
Pensions liability
RIPA Policy (PreAgenda only)
Monitoring
Officer’s Report
Corporate Risk
Register
Local Code of
Corporate
Governance and
Action Plan –
update and
Annual
Governance
Statement
2013/14 – update
8
Flood Recovery
Agenda Item 7
AUDIT COMMITTEE WORK PROGRAMME 2015 – 2016
JUNE 2015
PWC
SEPTEMBER
2015
PWC 2014/15
Annual
Governance
report
(ISA260)
DECEMBER 2015
MARCH 2016
Annual Audit
Letter (PWC)
Audit Plan (PWC)
(with overview)
Annual Grant
Certification
Report
Progress Report
on Internal Audit
Activity
Progress Report
on Internal Audit
Activity
Protocol for
liaison between
internal and
external auditors
Internal Audit
Annual Review
of the
Effectiveness of
Internal Audit
Progress Report
on Internal Audit
Activity
Annual Report
and Opinion
Status of agreed
actions
Internal Audit
training
Undertake selfassessment
NNDC
Corporate Risk
Register/ risk
management
framework
Business
Continuity Plan
Review
Business
Continuity
training update
Follow Up Report
Strategic and
on Internal Audit
Annual Audit
Recommendations Plans
Internal Audit
training
Statement of
Accounts (+
informal training)
Review of pension Business
liability
Continuity
Monitoring
Officer’s Report
Local Code of
Corporate
Governance and
Action Plan –
update and
Annual
Governance
Statement
2014/15 – update
Corporate Risk
Register
9
Risk Management
Framework
www.pwc.co.uk
Annual
Certification
Report 2013/14
North Norfolk
District Council
Government and
Public Sector – Annual
Certification Report to
those charged with
governance.
February 2015
10
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
The Members of the Audit Committee
North Norfolk District Council
Council Offices
Holt Road
Cromer
Norfolk
NR27 9EN
11 February 2015
Annual Certification Report 2013/14
We are pleased to present our Annual Certification Report which provides members of the Audit
Committee with a high level overview of the results of the certification work we have undertaken at
North Norfolk District Council for financial year ended 31 March 2014.
We have also summarised our fees for 2013/14 certification work on page 6.
Results of Certification Work
For the period ended 31 March 2014, we certified your Housing Benefit Subsidy claim which was
worth a net total of £28,746,253. The claim required a qualification letter to set out the matters
arising from the certification findings. We have set out further details within this report.
We identified a number of matters relating to the Authority’s arrangements for the preparation of the
claim during the course of our work, some of which were minor in nature. The most important of
these matters are brought to your attention in this report.
We ask the Audit Committee to consider:
 The adequacy of the proposed management action plan for 2013/14 set out in Appendix A;
and
 The adequacy of progress made by the Authority in implementing the prior year action plan in
Appendix B.
In the future, with the changes to the Audit Commission structure, we anticipate that the Housing
Benefit Subsidy claim will continue to be the only claim at the Authority subject to certification under
the existing regime. All other requests for auditor assurance work for claims and returns will operate
outside of these engagement arrangements.
Yours faithfully,
PricewaterhouseCoopers LLP
PwC
11
Page 2 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
Table of Contents
Introduction
4
Scope of Work
4
Statement of Responsibilities
4
Results of Certification Work
5
Claims certified
5
Certification Fees
6
Matters Arising
7
Appendix A - Management Action Plan: Current year issues (2013/14)
9
Appendix B - Management Action Plan: Prior year issues (2012/13)
10
Glossary
11
PwC
12
Page 3 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
Introduction
Scope of Work
Each year some grant-paying bodies may request certification, by an appropriately qualified auditor, of claims
and financial returns submitted to them by local authorities. Certification arrangements are made by the Audit
Commission under Section 28 of the Audit Commission Act 1998 and are one way for a grant-paying body to
obtain assurance about an authority’s entitlement to grant or subsidy or about information provided within a
return.
Certification work is not an audit but a different type of assurance engagement which reaches a conclusion but
does not express an opinion. This involves applying prescribed tests, as set out within Certification Instructions
(CIs) issued to us by the Audit Commission; these are designed to provide reasonable assurance, for example,
that claims and returns are fairly stated and in accordance with specified terms and conditions. The precise
nature of work will vary according to the claim or return.
Our role is to act as ‘agent’ of the Audit Commission when undertaking certification work. We are required to
carry out work and complete an auditor certificate in accordance with the arrangements and requirements set
by the Audit Commission.
We also consider the results of certification work when performing other Code of Audit Practice work at the
Authority, including our conclusions on the financial statements and value for money.
International Standards on Auditing UK and Ireland (ISAs), the Auditing Practices Board’s Practice Note 10
(Revised) and the Audit Commission’s Code of Audit Practice do not apply to certification work.
Statement of Responsibilities
The Audit Commission publishes a ‘Statement of responsibilities of grant-paying bodies, authorities, the Audit
Commission and appointed auditors in relation to claims and returns’. This is available from the Audit
Commission website. It summarises the Commission's framework for making certification arrangements and
highlights the different responsibilities of grant-paying bodies, authorities, the Audit Commission and
appointed auditors in relation to claims and returns.
PwC
13
Page 4 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
Results of Certification Work
Claims certified
A summary of the claim certified for financial year 1 April 2013 to 31 March 2014 is set out in the table below.
The Audit Commission requires that all matters arising are either amended for (where appropriate), and/ or
reported within a qualification letter.
A qualifiation letter was required to set out matters arising from the certification of the claim. The most
important of these matters are summarised on page 7.
The deadline for authority submission of the claim to the DWP was not met. Submission took place on 1 May
2014, one day after the deadline of 30 April 2014. All deadlines for auditor certification were met.
Fee information for the claims and returns is summarised on page 6.
Summary:
CI
Reference
BEN01
PwC
Scheme Title
Form
Housing Benefit
Subisdy
MPF720A
Original
Value
£28,746,253
14
Final
Value
£28,746,253
Amendment
Qualification
No
Yes
Page 5 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
Certification Fees
The fees for certification of each claim and return are set out below:
Claim/Return
2013/14
Indicative
Fee
2013/14
Variation
2013/14
2012/13
Final Fee
Billed Fee
£
£
£
£
BEN01 Housing
Benefit Subsidy
29,568
5,619
35,187
35,476
BEN01 Council
Tax Benefit
Subsidy
-
-
-
4,838
LA01 National
Non Domestic
Rates
Total
-
-
-
2,700
29,568
5,619
35,187
43,014
Comment
The 2012/13 final fee
included a variation of
£7,014.
Council Tax Benefit moved
to localised Council Tax
Reduction in 2013/14 and
was removed from Audit
Commission arrangements.
This scheme was removed
from Audit Commission
arrangements for 2013/14.
These fees reflect the Council’s current performance and arrangements for certification.
PwC
15
Page 6 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
Matters Arising
The most important matters we identified through our certification work are summarised below; further details
can be found in Appendix A.
BEN01 Housing Benefit Subsidy Claim
Our testing identified a number of errors in relation to the Authority’s compliance with Housing Benefit
regulations. We reported a number of matters to DWP in a qualification letter dated 27 November 2014 where
no amendment could be agreed which would be representative of the whole population, or where the nature of
the matters identified means that it would be more appropriate to make an amendment to the 2014/15 subsidy
claim.
In summary these matters related to:
Ability to run detailed listings
From our conversations with Officers we were advised that, at the time of the certification work, the detailed
listings required for us to be able to reliably quantify the total errors for the failed attributes set out below, could
not be produced from the Authority’s Housing Benefit system, Civica, in its current form.

Cases with earned income;

Cases with self-employed income;

Cases with private pension income;

Cases with tax credit income; and

Cases with LHA rate capped tenancies.
However, we also understand that the Authority has found that an enhanced extract reporting tool can be
purchased which would enable the breakdown of cases by detailed attributes. Management have informed us
that a decision to purchase additional software has recently been taken.
For the purposes of the certification work the Authority manually created the relevant detailed listings, but this
process had some limitations such that the manually created listings, although largely complete, were not
wholly complete.
As a result, while extension testing of samples selected from manually prepared detailed listings was performed,
the findings only related to the specific cases tested and could not be taken as quantification of the total error
for each failed attribute either directly or by extrapolation.
Rent Rebates – Non-HRA

We identified one case where in our initial testing the Authority had applied the rent liability for
2012/13 rather 2013/14. We were able to conclude that the issue was isolated to the Pudding Norton
Caravan Site properties and could only result in an underpayment, with no impact on subsidy. As such
no extension testing was required.
Rent Allowances

PwC
For one case in initial testing, the Authority had incorrectly assessed self-employed income; this had a
nil impact on the benefit awarded. From our extension testing of 40 cases, total overpayments of
£309.53 from four cases, and underpayments of £2,303.77 from nine cases, were identified. In eleven
cases self-employed income had been incorrectly assessed with no impact on the benefit awarded.
16
Page 7 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council

For one case in initial testing, the Authority had applied the Local Housing Allowance rate as the
eligible rent when the claimant’s actual rent should have been used, as this was the lower of the two
figures, resulting in a £2,080.17 overpayment. From our extension testing of 40 cases, a total
underpayment of £290.06 from one case was identified. In one further case eligible rent was set as the
Local Housing Allowance rate, but as the claimant’s landlord was a registered provider of social housing
the actual rent should have been applied, this resulted in a misclassification between two expenditure
cells with no impact on subsidy.

For one case in initial testing, the Authority had applied the incorrect private pension value resulting in
an underpayment of £0.52. From our extension testing of 40 cases, total overpayments of £11.66 from
one case, and underpayments of £100.64 from four cases, were identified.

For one case in initial testing, the Authority had uprated the state retirement and private pensions with
effect from 8 April 2013 rather than the 1 April 2013 per the Housing Benefit Regulations, resulting in
an overpayment £0.65. This was as a result of a known Civica error and affected a further 15 claims,
resulting in a total overpayment of £16.63. Officers have advised that they will correct for these errors
in the 2014/15 subsidy claim.

As a result of errors identified in 2012/13, extension testing of 40 cases was performed on the treatment
of earned income. Total overpayments of £1,855.60 from seven cases, and underpayments of £188.92
from four cases, were identified. In one case earned income was incorrectly treated resulting in a nil
impact on benefit awarded. Officers had corrected for £1,744.16 of the overpayments in the 2014/15
subsidy.

As a result of errors identified in 2012/13, extension testing of 40 cases was performed on the
application of tax credits. Total overpayments of £215.75 from four cases, and underpayments of
£1,228.85 from five cases, were identified.
With the exception of the incorrect application of the Local Housing Allowance rate and the uprating of
state and private pensions from the wrong date similar issues have been identified by us during testing
of prior year claims.
Aside from the testing of private pension income, we are pleased to report that the Authority’s extension testing
was of a good quality. In relation to private pension income, our review of the Authority’s testing identified that
the Authority recorded 24 cases (out of 40) as containing an error whereas our review of the work identified five
with errors. This was due to the Authority assessing cases where the evidence provided by the claimant was over
a year old as containing an error. As set out in the Housing Benefit Regulations, while the onus is on the
claimant to provide up to date information to the Authority, a case would only have contained an error if a
claimant had provided new information before 1 April 2014 and the Authority had failed to action it.
Due to the limitations over producing detailed listings we are unable to reliably estimate the potential loss of
subsidy to the Authority as a result of our findings; however, the total value of the overpayments identified, as a
result of Authority error, is £4,489.99. It should be noted that at the time of this report, we have not had sight
of the final settlement details from DWP.
Prior year recommendations
We have reviewed the progress made by the Authority in implementing the certification action plan that was
agreed in response to our findings in 2012/13; details can be found in Appendix B.
PwC
17
Page 8 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
Appendix A - Management Action
Plan: Current year issues
(2013/14)
BEN01 Housing Benefit Subsidy Claim (deadline 30 November 2014)
Issue
Recommendation
Management
response
Responsibility
(Implementation
date)
The inability to produce complete
detailed listings from the
Authority’s system, Civica, means it
is not possible to reliably estimate
the potential loss of subsidy to the
Authority as a result of the
certification work.
The Authority should consider
whether the purchase of the
enhanced extract reporting tool,
and the ability to reliably
extrapolate errors, would assist
in discussions with the DWP in
agreeing the final settlement
details.
The Authority has
received a quotation for
Civica for the subsidy
income extract and is in
the process of purchasing
this.
Mrs E Codling
(Benefits Manager)
Several manual calculation and
classification errors were identified
during the 2013/14 certification
work, including:
The Authority should review the
training and guidance offered to
assessors in respect of these
areas. In addition,
consideration should be given to
ensuring that the validation
procedures in these areas are
adequate.
In accordance with the
Certification Instructions, and as
a result of the errors identified
in the 2013/14 certification, we
anticipate that we will be
required to perform testing of
cases impacting the 2014/15
claim that include the attributes.
The Authority should therefore
satisfy itself that assessment and
classification impacting the
subsidy in these areas is
accurate.
The errors will be
brought to the attention
of all staff at team
meetings and are
included within meeting
minutes. Claims will
continue to be quality
assurance checked.
Training and guidance
will be reviewed.
Mrs E Codling
(Benefits Manager)

Assessment of selfemployed income;

Application of the Local
Housing Allowance rate;

Application of private
pension income;

Treatment of earned
income;

Application of tax credits.
The number of error types was
broadly consistent with 2012/13.
PwC
18
13 March 2015
February 2015 and
ongoing
Page 9 of 12
Annual Certification Report 2013/14 to those charged with governance – North Norfolk District Council
Appendix B - Management Action
Plan: Prior year issues (2012/13)
BEN01 Housing Benefit Subsidy Claim (deadline 30 November 2013)
Issue
Prior year
Recommendation
2012/13 Management
response
Recommendation
Status 2013/14
Errors in the assessment of claims were
identified including:
The Council should
consider why the
errors identified in
our testing occurred
on a case-by-case
basis and implement
corrective measures
as appropriate. This
may include claim
assessor training,
further guidance
material and
increased level of
review of applicable
case assessments.
Action: It should be noted
that 12/13 was the first year
following the implementation
of the replacement revenues
& benefits system and
workflow.
It was identified that there
was some additional training
that was necessary for staff to
understand some of the new
functionality/application of
the new system. This has now
been delivered in conjunction
with overpayment
classification training. Claims
go through a quality
assurance check and training
issues are identified and
addressed.
The Council request that the
level of error be considered in
light of a total subsidy claim
of £36m.
Owner: Louise Wolsey
(Revenue and Benefits
Manager)
Timescale: Ongoing
Several manual
calculation and
classification errors
were identified during
the 2013/14
certification, as
described in the
‘matters arising’
section. The number
of error types was
consistent year on
year. As errors have
again been identified,
we have raised a
similar
recommendation
focussing on areas for
improvement at
Appendix A.
Action partially
complete.

Expenditure misclassification;

Incorrect application of child
tax credits;

Incorrect application of nondependent deductions; and

Incorrect claimant income
calculations.
PwC
19
Page 10 of 12
Glossary
Audit Commission Definitions for Certification work
Abbreviations used in certification work are:
‘appointed auditor’ is the auditor appointed by the Audit
‘claims’ includes claims for grant or subsidies and for contractual
Commission under section 3 of the Audit Commission Act 1998 to
audit an authority’s accounts who, for the purpose of certifying
claims and returns under section 28 of the Act, acts as an agent of
the Commission. In this capacity, whilst qualified to act as an
independent external auditor, the appointed auditor acts as a
professional accountant undertaking an assurance engagement
governed by the Commission’s certification instruction
arrangements;
payments due under agency agreements, co-financing schemes or
otherwise;
‘assurance engagement’ is an engagement performed by a
‘Commission’ refers to either the Audit Commission or the
professional accountant in which a subject matter that is the
responsibility of another party is evaluated or measured against
identified suitable criteria, with the objective of expressing a
conclusion that provides the intended user with reasonable
assurance about that subject matter;
Grants Team of the Audit Policy and Regulation Directorate of the
Commission which is responsible for making certification
arrangements and for all liaison with grant-paying bodies and
auditors on certification issues;
‘auditor’ is a person carrying out the detailed checking of claims
‘grant-paying bodies’ includes government departments,
and returns on behalf of the appointed auditor, in accordance with
the Commission’s and appointed auditor’s scheme of delegation;
public authorities, directorates and related agencies, requiring
authorities to complete claims and returns;
‘authorities’ means all bodies whose auditors are appointed
‘returns’ are either:
under the Audit Commission Act 1998, which have requested the
certification of claims and returns under section 28(1) of that Act;
-
returns in respect of grant which do not constitute a claim,
for example, statements of expenditure from which the
grant-paying body may determine grant entitlement; or
-
returns other than those in respect of grant, which must or
may be certified by the appointed auditor, or under
arrangements made by the Commission;
‘certification instructions’ (‘CIs’) are written instructions
‘Statement’ is the Statement of responsibilities of grant-paying
from the Commission to appointed auditors on the certification of
claims and returns;
bodies, authorities, the Audit Commission and appointed auditors
in relation to claims and returns, available from www.auditcommission.gov.uk;
‘certify’ means the completion of the certificate on a claim or
‘underlying records’ are the accounts, data and other working
return by the appointed auditor in accordance with arrangements
made by the Commission;
papers supporting entries on a claim or return.
PwC
20
Page 11 of 12
In April 2010 the Audit Commission issued a revised version of the ‘Statement of responsibilities of auditors and of audited bodies’. It is
available from the Chief Executive of each audited body. The purpose of the statement is to assist auditors and audited bodies by explaining
where the responsibilities of auditors begin and end and what is to be expected of the audited body in certain areas. Our reports and
management letters are prepared in the context of this Statement. Reports and letters prepared by appointed auditors and addressed to
members or officers are prepared for the sole use of the audited body and no responsibility is taken by auditors to any Member or officer in
their individual capacity or to any third party.
In the event that, pursuant to a request which North Norfolk District Council has received under the Freedom of Information Act 2000 or
any subordinate legislation made thereunder (collectively, the “Legislation”), North Norfolk District Council is required to disclose any
information contained in this deliverable, it will notify PwC promptly and will consult with PwC prior to disclosing such deliverable. North
Norfolk District Council agrees to pay due regard to any representations which PwC may make in connection with such disclosure and to
apply any relevant exemptions which may exist under the Legislation to such deliverable. If, following consultation with PwC, North
Norfolk District Council discloses any of this deliverable or any part thereof, it shall ensure that any disclaimer which PwC has included or
may subsequently wish to include in the information is reproduced in full in any copies disclosed.
This document has been prepared only for North Norfolk District Council and solely for the purpose and on the terms agreed through our
contract with the Audit Commission. We accept no liability (including for negligence) to anyone else in connection with this document, and
it may not be provided to anyone else.
© 2015 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to PricewaterhouseCoopers LLP (a limited
liability partnership in the United Kingdom), which is a member firm of PricewaterhouseCoopers International Limited, each member firm
of which is a separate legal entity.
PwC
21
Page 12 of 12
Audit Committee
17 March 2015
Agenda Item No_____________
Progress Report on Internal Audit Activity: 19 November 2014 to 5 March 2015
Summary:
This report examines the progress made between19 November
2014 and 5 March 2015 in relation to delivery of the Annual
Internal Audit Plan for 2014/15, and provides a current in-year
position.
Conclusions:
Progress in relation to delivery of the Internal Audit Plan is line
with expectations; positive assurances have been awarded in
the four audit reviews finalised in this period.
Recommendations:
It is recommended that the Committee notes the outcome of the
audits completed between 19 November 2014 and 5 March
2015 where assurance levels have been given and the progress
made to date with the annual audit plan.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
This report reflects progress made with regard to assignments featuring in the
approved Annual Internal Audit Plan for 2014/15, which was endorsed by the
Audit Committee on 19 March 2014.
2.
Overall Position
2.1.
The overall position in relation to the progress made against the Internal Audit
Plan is within the attached report.
3.
Conclusion
3.1
Progress in relation to delivery of the Internal Audit Plan is line with expectations;
positive assurances have been awarded in the four audit reviews finalised in this
period.
4.
Recommendation
22
Audit Committee
4.1
17 March 2015
It is recommended that the Committee notes the outcome of the audits
completed between 19 November 2014 and 5 March 2015 where assurance
levels have been given and the progress made to date with the annual audit plan
.
Appendices attached to this report:
Progress Report on Internal Audit Activity
23
NORFOLK INTERNAL AUDIT CONSORTIUM
NORTH NORFOLK DISTRICT COUNCIL
PROGRESS REPORT ON INTERNAL AUDIT ACTIVITY 2014/15
PERIOD COVERED: - 19 November 2014 to 5 March 2015
Responsible Officers: Emma Hodds – Internal Audit Consortium Manager
CONTENTS
1. INTRODUCTION ............................................................................................................. 2
2. SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN ...................................... 2
3. PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK ............................. 2
4. THE OUTCOMES ARISING FROM OUR WORK ........................................................... 2
5. PERFORMANCE INDICATOR OUTCOMES .................................................................. 4
APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK .................. 6
APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES ............................................. 7
Page 1 of 14
24
1.
INTRODUCTION
1.1
This report is issued to assist the Authority in discharging its responsibilities in relation to the
internal audit activity.
1.2
The Public Sector Internal Audit Standards also require the Chief Audit Executive (known in
this context as the Internal Audit Consortium Manager) to report to the Audit Committee on
the performance of internal audit relative to its plan, including any significant risk exposures
and control issues. The frequency of reporting and the specific content are for the Authority
to determine.
1.3
To comply with the above this report includes:



Any significant changes to the approved Audit Plan;
Progress made in delivering the agreed audits for the year;
Any significant outcomes arising from those audits; and
Performance Indicator outcomes to date.
2.
SIGNIFICANT CHANGES TO THE APPROVED AUDIT PLAN
2.1
At the meeting on 19 March 2014, the Annual Audit Plan for the year was approved,
identifying the specific audits to be delivered. Since then, there has been the following
change made to the approved plan.
Audit description
Nature of the change
NN1510 – Corporate Governance and The audit plans for North Norfolk have been
Risk Management
reviewed due to resourcing issues with the
current Contractor, it was decided that this audit
could be deferred to 2015/16, with the audit due
to take place in quarter 2 in order to minimise the
timing between these important reviews. The
approach was discussed and agreed with the
Head of Finance.
3.
PROGRESS MADE IN DELIVERING THE AGREED AUDIT WORK
3.1
The current position in completing audits to date within the financial year is shown in
Appendix 1 and progress to date is in line with expectations. Details of any specific audit
report can be provided on request.
3.2
In summary, 193 days of (revised) programmed work has been completed, equating to 92%
of the Internal Audit Plan for 2014/15.
4.
THE OUTCOMES ARISING FROM OUR WORK
4.1
On completion of each individual audit an assurance level is awarded using the definitions
shown in the table below.
Good
There is a sound system of internal control designed to achieve the
client’s objectives.
Page 2 of 14
25
The control processes tested are being consistently applied.
4.2
4.3
Adequate
While there is a basically sound system of internal control, there are
weaknesses, which put some of the client’s objectives at risk.
There is evidence that the level of non-compliance with some of the
control processes may put some of the client’s objectives at risk.
Limited
Weaknesses in the system of internal controls are such as to put the
client’s objectives at risk.
The level of non-compliance puts the client’s objectives at risk
Unsatisfactory
Control processes are generally weak leaving the processes/systems
open to significant error or abuse.
Significant non-compliance with basic control processes leaves the
processes/systems open to error or abuse
Recommendations made on completion of audit work are prioritised using the definitions
shown in the table below.
High
A fundamental weakness in the system that puts the Council at risk. To be
addressed as a matter of urgency, within a 3 month time frame wherever possible,
or, to put in place compensating controls to mitigate the risk identified until such time
as full implementation of the recommendation can be achieved.
Medium
A weakness within the system that leaves the system open to risk. To be resolved
within a 4 – 6 month timescale.
Low
Desirable improvement to the system. To be introduced within a 7 – 9 month period.
During the period covered by the report Internal Audit Services have issued four final reports
(in addition to the seven previously presented to the Committee) and the Executive
Summary of these reports are attached at Appendix 2. In summary the final reports issued
conclude the following:

Localism and Communities (NN/15/05)
The audit scope covered; Community Right to Bid, Community Right to Challenge,
and Community Grants – particular focus on the Big Society Fund Grant Scheme. On
conclusion of the review an Adequate assurance opinion was awarded, with one
medium and one low priority recommendations agreed with management.
The medium priority finding recommends that a policy is developed for breaches in
terms and conditions for grants issued by the Council. This will complement the
current monitoring, project proposals and regular dialogue with all applicants, thus
ensuring that should the Council need to pursue action to recover grant payments,
such action is clearly set down.

Local Council Tax Support and Housing Benefits (NN/15/07)
The audit scope included review of; procedures and legislation, receipt of
applications, assessment of applications, payments of Housing Benefits,
overpayments, arrears & Write Offs, backdated claims, discretionary payments, and
appeals. An Adequate assurance opinion was awarded on conclusion of the audit,
Page 3 of 14
26
indicating that the overall level of control has improved since arrangements were
previously audited in 2012/13.
One medium priority recommendation was raised to ensure that appeals are
processed in accordance with DWP and North Norfolk District Council guidelines; this
allows for prompt resolution, in accordance with laid down timescales and provides
the appellant payment of benefit where their appeal is successful.
It is encouraging to note the improvements in this area, particularly at a time when
there have been changes as a result of the Welfare Reform and the introduction of
the Local Council Tax Support Scheme, since the area was last audited.

Council Tax and National Non-Domestic Rates (NN/15/09)
The scope of this audit covered: valuation & billing records, billing, collection of
Income, suspense accounts, reconciliation to the general ledger, refunds & transfers,
discounts, exemptions & reliefs, arrears recovery, write offs and performance
management.
A Good assurance opinion was awarded on conclusion of the audit, indicating an
improvement in the control environment and a system which is designed to achieve
the client’s objectives and ensures that controls are being consistently applied. No
recommendations were raised as a result of the review, and management proactively
addressed in year minor weaknesses.

Virus Protection and Software (NN/15/16)
This IT audit review covered; policies & procedures, anti-virus software (technical
controls), and user controls. An Adequate assurance opinion was awarded on
conclusion of the review, with one medium and two low priority recommendations
agreed with management.
The medium priority finding was that IT Management has granted local admin rights
to all users as certain aspects of service applications require the privilege, despite the
IT Security Policy forbidding activity that this level of access could enable, such as
installing unauthorised software on a CD and other such media onto there computer.
Management have agreed to address this issue to mitigate the associated risks.
4.4
On conclusion of the above work, no high priority recommendations were made during the
period covered by this report, and all assurance opinions were positive.
5.
PERFORMANCE INDICATOR OUTCOMES
5.1
The Internal Audit Service is benchmarked against a number of Performance Indicators as
part of the Internal Audit Contract with Mazars. Actual performance to date against these
targets is outlined below.
5.2
To date eleven final reports have been issued and management have accepted all
recommendations that have been made by the Contractor.
5.3
Audit briefs should be issued to key clients at least 10 days before the fieldwork is due to
start to ensure that they are well informed of the requirements of the audit. All 16 audit briefs
have now been issued, with five instances where audit briefs were issued within a short
notice period, however all remaining briefs (11) have been issued well in advance of the
Page 4 of 14
27
audit commencing, thus ensuring that key clients are notified of the requirements of the audit
well in advance of the start date.
5.4
Once audits are underway it can be seen that performance in this area is good with 11 being
completed on time, and one only slightly overrunning, the reasons for which were notified to
the Audit Management Team.
5.5
Draft reports should be issued to key officers within 10 working days of completion of the
audit fieldwork. 12 draft reports have been issued to date, four on time and the remaining
eight were delayed due to the clearance of internal review points by Mazars and resource
issues for the Internal Audit Consortium Manager.
5.6
Final reports should then be issued to key officers within 15 working days of issue of the final
report. 11 final reports have been issued to date, 10 of these were issued on time and one
was slightly delayed due to a delay in management response.
5.7
On conclusion of all audits a feedback survey is issued to the key client. The survey asks for
responses in relation to; audit staff, audit planning, delivery of the audit and audit reporting.
On completion an overall score of poor (1) through to excellent (6) is reported. To date eight
surveys have been completed and an average score of good (5) achieved.
5.8
In conclusion when performance is reviewed in this level of detail it is variable and simple
issues can result in poor performance, however it is noted that resource issues with the
current contractor have had an adverse impact. . It is also noted that improvement is needed
by the contractor in certain areas and this will continue to be monitored by the Internal Audit
Consortium Manager for the remainder of this financial year. In addition, Committee’s
attention is drawn to the 2015/16 Internal Audit Plans report, elsewhere on the agenda,
which highlights the balanced scorecard approach which will be taken in monitoring the
contractors performance from 1 April 2015. This brings with it a much more practical
approach to performance management and one which will ensure a high quality service is
provided by the contractor.
Page 5 of 14
28
APPENDIX 1 – PROGRESS IN COMPLETING THE AGREED AUDIT WORK
Audit No.
Frequency of
Audit
Coverage
Original Days
Planned
Revised
Days
Planned
Assurance
Level
applicable
Summary Report
Details presented to
Members
PLANNED SYSTEMS AUDIT WORK
NN/1501
Coastal Protection
3-yearly
10
10
10
June
Final Report issued 20 August 2014
Adequate
July
Final Report issued 2 October 2014
Adequate
22
July
Adequate
10
10
July
Final Report issued 4 September
2014
Final Report issued 4 September
2014
Audit Committee
16 September 2014
Audit Committee
9 December 2014
Audit Committee
16 September 2014
Audit Committee
16 September 2014
NN/1502
Procurement
3-yearly
10
10
10
NN/1503
Development Management
3-yearly
22
22
NN/1504
2-yearly
10
2-yearly
NN/1507
Performance Management, Corporate Policy
and Business Planning, including annual
action plans
Localism & Communities, including focus on
Big Society Fund Grant Scheme
Sports halls/leisure centres & Sports
Development
Local C Tax Support, Housing benefits
10
10
10
October Final report issued 11 December 2014
Adequate
3-yearly
12
12
12
October Final Report issued 30 October 2014
Adequate
2-yearly
20
20
20
November Final report issued 27 January 2015
Adequate
NN/1508
Payroll & HR, officers'/members' expenses
2-yearly
19
19
17
NN/1509
Council Tax and NNDR
2-yearly
20
20
20
November Fieldwork underway
February
December Final report issued 27 February 2015
Good
Audit Committee
17 March 2015
NN/1510
Corporate Governance and Risk Management
Annual
8
0
0
NN/1511
NN/1512
NN/1513
Creditors - Ordering, payments, insurance
Elections & Electoral Registration
Work to Support the AGS
2-yearly
3-yearly
Annual
13
12
10
13
12
10
12
11
1
Annual
8
184
8
176
6
161
91%
Limited
Audit Committee
16 September 2014
Audit Committee
16 September 2014
Audit Committee
17 March 2015
NN/1505
NN/1506
Description of Audit
Systems Audit Follow Up
TOTAL PLANNED SYSTEMS AUDIT WORK
Days
Scheduling
Delivered
Status
January Draft report imminent
January Draft report issued 20 February 2015
February Fieldwork underway
2 x 6-monthly validation
2-yearly
7
7
7
April
Final Report issued 28 May 2014
NN/15/15
Network security
2-yearly
8
8
8
June
Final Report issued 13 August 2014
NN/15/16
Virus protection/Software
3-yearly
8
8
8
4-yearly
Annual
7
4
34
7
4
34
6
3
32
218
210
193
Firewalls
Computer Audit Follow Up
TOTAL PLANNED COMPUTER AUDIT WORK
TOTAL PLANNED WORK
Page 6 of 14
29
Audit Committee
17 March 2015
Audit Committee
9 December 2014
Audit Committee
17 March 2015
January
PLANNED COMPUTER AUDIT WORK
NN/15/14 Network Infrastructure
NN/15/17
Good
November Final report issued 16 December 2014
December Draft report imminent
2 x 6-monthly validation
94%
92%
Adequate
Adequate
APPENDIX 2 – AUDIT REPORT EXECUTIVE SUMMARIES
Appendix 2(a)
Report No. NN/15/05 – Final Report issued 11 December 2014
Audit Report on Localism and Communities
Audit Scope
The scope of the audit covered the effectiveness and efficiency of controls operating around:



Community Right to Bid;
Community Right to Challenge; and
Community Grants – Big Society Fund Grant Scheme.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The systems and processes of internal control are, overall, deemed Adequate in managing the risks
associated with Community Right to Bid, Community Right to Challenge and the Big Society Fund Grant
Scheme. This opinion is based on having raised one medium and one low priority recommendations. A
direction of travel indicator has not been stated as this area has not been subject to previous scrutiny by
Deloitte/Mazars.
The one medium priority recommendation relates to the need for the Council to have a policy to reclaim funds
if terms and conditions are breached for grants approved under the Big Society Fund Grant Scheme.
Positive Findings
We found that the Council has demonstrated the following areas where sound controls are in place and
operating consistently:
Community Right to Bid


A register of community assets is in place which is available to the public via the Council's web site.
The main version identifies successful bids received by the Council and an additional version
identifies unsuccessful bids; and
The Council has dedicated staff within the Communities Team assigned to the receipt and processing
of Right to Bid applications with these arrangements reflected in a report presented to Cabinet by the
Communities Project Manager in April 2013, following a transfer of responsibilities at the Council.
Right to Challenge

The Council advertises Right to Challenge on its website in a bid to create awareness among
members of the community, with advice also available on the Council’s website.
Big Society Fund Grant Scheme


The Health and Communities Officer and Administrative Support Officer receive quarterly budget
reports from the Finance Department in order to monitor grant expenditure against budget provision;
and
Grants payments are reconciled to the general ledger monthly and are subject to independent review.
Page 7 of 14
30
Control weaknesses to be addressed
During our work we have identified the following area where we believe that the processes would benefit from
being strengthened, and as a result of these findings, one medium priority recommendation has been made,
in particular:

A detailed policy should be produced and approved that supports the monitoring of grant expenditure
that allows the Council to reclaim grants in situations where the terms and conditions of the grants
have been breached. If the grant is spent in breach of the terms and conditions agreed, there is a risk
that the Council is unable to recover the grant already spent.
During our work we have identified one area where further enhancements could be made, in particular, a
liabilities policy should be put in place to deal with transfer of liabilities as a result of a successful Right to
Challenge.
Summary of the adequacy and effectiveness of controls
Area of
Scope
Adequacy and
Effectiveness
Assessments
Community
Right to Bid
Community
Right to
Challenge
Big Society
Fund Grant
Scheme
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations Raised
High
Medium
Low
Green
Green
0
0
0
Amber
Amber
0
0
1
Amber
Amber
0
1
0
0
1
1
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management have accepted the recommendation raised.
Page 8 of 14
31
Appendix 2(b)
Report No. NN/15/07 – Final Report issued 27 January 2015
Audit Report on Housing Benefits and Council Tax Support
Audit Scope
The scope of the audit covered the following areas of Housing Benefit and Council Tax Support to help
confirm that the control environment is operating effectively and efficiently in relation to:








Procedures and Legislation;
Receipt of Applications;
Assessment of Applications;
Payments of Housing Benefits;
Overpayments, Arrears and Write Offs;
Backdated Claims;
Discretionary Payments; and
Appeals.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The system of internal control is, overall, deemed Adequate in managing the risks associated with Housing
Benefit and Council Tax Support that fall within the scope of this audit. The direction of travel has indicated
that the overall level of control has improved since arrangements were previously audited in 2012/13
(NN/13/09); in particular, with only one medium priority recommendation on this occasion compared to one
high and four medium priority recommendations previously.
The assurance opinion has been derived as a result of the one medium priority recommendation being raised
upon conclusion of our work, in particular the need process appeals in line with Department of Work and
Pensions (DWP) guidance to help ensure that appeals are dealt with within three months.
Positive Findings
It is acknowledged that, with the exception of appeals, sound controls are in place and operating consistently
across all other areas subject to review, in particular:








Up to date policies and procedures are in place reflecting current legislation and which are accessible
to all key members of staff. This includes subscription to Escalla, which provides updates on
legislative changes and training material;
Systems access is restricted to officer’s roles and responsibilities;
Updates, including those from the DWP to parameters, annual uplifts and LHA rates are accurately
and promptly processed;
System based controls provide accurate and valid calculation of benefit payments;
Quality control processes exist to confirm that claims have been processed accurately, with remedial
action taken in light of errors being found;
Segregation of duties exists between the setting up of benefits claimants and authorising of payment;
All payments over the Council’s approved limit are subject to independent review to ensure accuracy
of the payment and exceptional payment reports are reviewed prior to processing to identify unusual /
high value items;
Rejected BACS payments are promptly reviewed and updated in the benefits system;
Page 9 of 14
32






The benefits system is reconciled to the general ledger on a monthly basis and subject to
independent review, as are reconciliations for overpayments, refunds and write-offs;
Recovery of overpayments is regularly monitored;
Overpayments per the benefits system are reconciled to the debtors system;
Segregation of duties in the write-off process exists with independent checks in place;
Backdated applications are processed in line with legislative requirements where good cause is
demonstrated, with supporting documentary evidence retained; and
Discretionary payments are based on applications received with supporting evidence retained.
Control weaknesses to be addressed
During our work we have identified the following area where we believe that the process in Housing Benefit
would benefit from being strengthened, and as a result of this finding, one medium priority recommendation
has been raised:

Appeals should be processed in accordance with DWP and North Norfolk District Council guidelines
and should be monitored more effectively to help confirm that deadlines are adhered to. Where
appeals are not processed in a timely manner, there is a risk that claimant’s who require financial
assistance, will suffer financial hardship, the longer the appeal takes to resolve, should their appeal
be successful. This will also result in reputational damage to the Council.
Summary of the adequacy and effectiveness of controls
Area of Scope
Adequacy and
Effectiveness
Assessments
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations Raised
High
Medium
Low
Green
0
0
0
Green
Green
0
0
0
Green
Green
0
0
0
Green
Green
0
0
0
Green
Green
0
0
Backdated
Claims
Green
Green
0
0
0
Discretionary
Payments
Green
Green
0
0
0
Appeals
Green
Amber
0
1
0
0
1
0
Procedures
and Legislation
Green
Receipt of
Applications
Assessment of
Applications
Payments of
Housing
Benefits
Overpayments,
Arrears and
Write Offs
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management have accepted the recommendation raised.
Page 10 of 14
33
0
Appendix 2(c)
Report No. NN/15/09 – Final Report issued 27 February 2015
Audit Report on Council Tax and National Non-Domestic Rates
Audit Scope
The scope of the audit covered the following areas of Council Tax and NNDR to help confirm that the control
environment is operating effectively and efficiently in relation to:










Valuation and Billing Records;
Billing;
Collection of Income;
Suspense Accounts;
Reconciliation to the General Ledger;
Refunds and Transfers;
Discounts, Exemptions and Reliefs;
Arrears Recovery;
Write Offs; and
Performance Management.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The system of internal control is, overall, deemed Good in managing the risks associated with Council Tax
and NNDR that fall within the scope of this audit. The direction of travel has indicated that the overall level of
control has improved since arrangements were previously audited in 2012/13. The assurance opinion has
been derived as a result of no recommendations being raised. Minor weaknesses were identified, which
management addressed during the year, and have been reported in the summary as noted.
Positive Findings
We found that the Council has demonstrated the following areas where sound controls are in place and
operating consistently:











A timetable is followed to ensure that the processes for annual billing, such as setting parameters, are
completed by March;
A reconciliation of total direct debit on the system and amount due for each band is completed;
The Valuation Office is promptly notified of properties that are on the CT system and not on the
valuation list;
Systems access is strictly controlled and monitored to take account of new starters, role variations
and leavers;
Amendments to accounts made subsequently to annual billing are done so promptly.
Performance information and collection rates are monitored against target rates;
Credit balances are regularly checked and assigned to staff as work items to be investigated.
Suspense accounts are monitored and cleared on a daily basis.
Annual billing runs are reconciled to numbers of dwellings or total rateable value.
Refunds and transfers are authorised in accordance with Council policy and the system is
subsequently updated in a timely manner.
Discounts, exemptions and reliefs are supported by relevant proof and are authorised in line with
Council policy; and
Page 11 of 14
34







Monitoring is undertaken to identify re-occupation of empty dwellings with records updated
accordingly.
Recovery action is fully documented and can be traced through the system; and
Inhibit reports are produced and checked on a weekly basis to review the appropriateness of
suppression of debt recovery action.
Write-offs are supported with documentary evidence demonstrating all reasonable attempts to
recover the debt have been made;
Write-offs are authorised in line with Council policy; and
The Council Tax and NNDR systems are promptly updated following approval of write-off.
The Revenues and Benefits performance information, which includes data such as collection rate
targets, is accurately recorded and reported monthly. As part of this, monthly reports are generated
within the internal performance tool (TEN).
Control weaknesses to be addressed
During our sample testing, we identified one of the weekly reconciliations, in June 2014, between the NNDR
system and the VO notifications had not been subject to independent review. The remainder of the sample
checked had been subject to review, as such this is noted and no recommendation will be raised.
Part of our key controls testing identified that monthly reconciliations between the Council Tax/NNDR systems
and the General Ledger had not been subject to independent review during the period June to August 2014.
In addition, sample quality assurance checks were not undertaken between May and August 2014. These
were due to staff sickness absence. The reconciliations and sample quality checks were reinstated from
September 2014, as such no recommendation will be raised.
Summary of the adequacy and effectiveness of controls
Area of
Scope
Valuation and
Billing Records
Billing
Adequacy and
Effectiveness
Assessments
Collection of
Income
Suspense
Accounts
Reconciliation
to the General
Ledger
Refunds and
Transfers
Discounts,
Exemptions
and Reliefs
Arrears
Recovery
Write Offs
Performance
Management
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations Raised
High
Medium
Low
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Green
Green
-
-
-
Total
No recommendations were rasied with management on conclusion of the audit review.
Page 12 of 14
35
Appendix 2(d)
Report No. NN/15/16 – Final Report issued 16 December 2014
Audit Report on Virus and Spyware Management
Audit Scope
The audit covered the following areas;
 Policies and Procedures.
 Anti-Virus Software – Technical Controls.
 User Controls.
Assurance Opinion
Unsatisfactory
Assurance
Limited Assurance
Adequate Assurance
Good Assurance
Rationale supporting the award of the opinion
The systems and processes of internal control are, overall, deemed adequate in managing the risks
associated with Virus and Malware Protection. This opinion is based on having raised one medium and two
low priority recommendations. The specific scope area has not been subject to review previously by Mazars.
Hence no direction of travel can be given.
Positive Findings
We found that the Council has demonstrated the following points of good practice as identified in this review:








The Council uses Lumension Endpoint Management and Security Suite for patch management and
Sophos Endpoint Security and Control for Anti-Virus/Malware management. Both are recognised
management applications.
All files are scanned “on-access” before users can view them, this includes files imported from
removable media such as USB memory sticks and CDs/DVDs.
Removable devices that are not permitted to be used are prevented from being written to.
Laptops and PCs are subject to the same Anti-Virus/Malware and patch management update
processes.
There are processes in place to monitor Anti-Virus/Malware binary files and patch update statuses.
There are adequate data backup and replication processes in place.
Automated processes are in place to alert IT staff of possible infections, including automated logging
of service desk calls.
The Council’s IT Security policy incorporates statements on Anti-Virus and Malware processes and
the potential for disciplinary action if found to be not compliant with the requirements of the policy. All
staff must accept the policy’s requirements before they can access the network and the policy is also
published on the Council’s intranet.
Control weaknesses to be addressed
During our work we have identified the following area(s) where we believe that the processes / arrangement
within Virus/Malware Protection would benefit from being strengthened, and as a result of these findings a
medium priority recommendation has been made:

The Council should look to remove local administrator rights for users not part of the ICT department.
Enabling local administrator rights increases the risk of users installing unauthorised software.
During our audit we have also raised two low priority recommendations which will provide enhancements to
the current system in relation to Virus/Malware Protection.
Page 13 of 14
36
Summary of the adequacy and effectiveness of controls
Area of
Scope
Adequacy and
Effectiveness
Assessments
Policies
and
Procedures
AV/Spyware
Software
–
Technical
Controls
User Controls
Adequacy
of
Controls
Effectiveness
of Controls
Recommendations Raised
High
Medium
Low
Amber
Amber
0
1
0
Amber
Amber
0
0
2
Green
Green
0
0
0
0
1
2
Total
High Priority Recommendations
No high priority recommendations have been raised as a result of this audit
Management Responses
Management have accepted the recommendation raised.
Page 14 of 14
37
Audit Committee
17 March 2015
Agenda Item No_____________
Strategic and Annual Internal Audit Plans 2015/16
Summary:
This report provides an overview of the stages followed prior to the
formulation of the Strategic Internal Audit Plan for 2015/16 to 2017/18
and the Annual Internal Audit Plan for 2015/16. The Annual Internal
Audit Plan will then serve as the work programme for the Council’s
Internal Audit Services Contractor; TIAA Ltd. It will also provide the
basis for the Annual Audit Opinion on the overall adequacy and
effectiveness of North Norfolk District Council’s framework of
governance, risk management and control.
Conclusions:
The attached report provides the Council with Internal Audit Plans that
will ensure key business risks will be addressed by Internal Audit, thus
ensuring that appropriate controls are in place to mitigate such risks
and also ensure that the appropriate and proportionate level of action
is taken.
Recommendations:
It is recommended that the Committee notes and approves:
a) the minor amendments to the Internal Audit Charter as noted in the
report;
b) the Internal Audit Strategy for 2015/16;
c) the Strategic Internal Audit Plans 2015/16 to 2017/18; and
d) the Annual Internal Audit Plan 2015/16.
AND
That the Committee notes the performance measures for the new
Internal Audit Contractor
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone number,
and e-mail:
1.
Background
1.1
The Council is required by the Accounts and Audit Regulations 2011 to maintain an
adequate and effective system of internal audit of its accounting records and internal
control systems in accordance with proper internal audit practices. Those proper
practices are set out in the Public Sector Internal Audit Standards (PSIAS) which came
into effect in April 2013.
38
Audit Committee
17 March 2015
2.
Overall Position
2.1
The attached report contains;
o an update on the minor amendments made to the Internal Audit Charter;
o the Internal Audit Strategy, which is a strategic high level statement on how the
internal audit service will be delivered and developed in accordance with the
charter and how it links to the organisational objectives and priorities;
o the Strategic Internal Audit Plan, which details the plan of work for the next 3
financial years;
o the Annual Internal Audit Plan, which details the timing and the purpose of each
audit agreed for inclusion in 2015/16; and
o provides the Committee with the performance measures against which the new
contractor will be monitored.
3.
Conclusion
3.1
The attached report provides the Council with Internal Audit Plans that will ensure key
business risks will be addressed by Internal Audit, thus ensuring that appropriate
controls are in place to mitigate such risks and also ensure that the appropriate and
proportionate level of action is taken.
4.
Recommendation
4.1
It is recommended that the Committee notes and approves:
a) the minor amendments to the Internal Audit Charter as noted in the report;
b) the Internal Audit Strategy for 2015/16;
c) the Strategic Internal Audit Plans 2015/16 to 2017/18; and
d) the Annual Internal Audit Plan 2015/16.
AND
That the Committee notes the performance measures for the new Internal Audit
Contractor
Appendices attached to this report:
Strategic and Annual Internal Audit Plans 2015/16
39
NORFOLK INTERNAL AUDIT CONSORTIUM
NORTH NORFOLK DISTRICT COUNCIL
Strategic and Annual Internal Audit Plans 2015/16
Responsible Officer: Emma Hodds – Internal Audit Consortium Manager
CONTENTS
1. INTRODUCTION............................................................................................................ 2
2. AUDIT CHARTER .......................................................................................................... 2
3. INTERNAL AUDIT STRATEGY ..................................................................................... 3
4. STRATEGIC INTERNAL AUDIT PLAN .......................................................................... 3
5. ANNUAL INTERNAL AUDIT PLAN ................................................................................ 4
6. PERFORMANCE MANAGEMENT................................................................................. 4
APPENDIX 1 – INTERNAL AUDIT STRATEGY ................................................................... 5
APPENDIX 2 – STRATEGIC INTERNAL AUDIT PLAN 2015/16 to 2017/18........................ 8
APPENDIX 3 – ANNUAL INTENAL AUDIT PLAN 2015/16 .................................................11
APPENDIX 4 – PERFORMANCE INDICATORS .................................................................14
Page 1 of 14
40
1. INTRODUCTION
1.1
The Council is required by the Accounts and Audit Regulations 2011 to maintain an
adequate and effective system of internal audit of its accounting records and internal control
systems in accordance with proper internal audit practices. Those proper practices are set
out in the Public Sector Internal Audit Standards (PSIAS) which came into effect in April
2013.
1.2
The PSIAS mandate a periodic preparation of a risk-based plan, which must incorporate or
be linked to a strategic high level statement on how the internal audit service will be
delivered and developed in accordance with the charter and how it links to the organisational
objectives and priorities, this is set out in the Internal Audit Strategy.
1.3
Risk is defined as 'the possibility of an event occurring that will have an impact on the
achievement of objectives‟. Risk can have a positive and negative aspect, so as well as
managing things that could have an adverse impact (downside risk) it is also important to
look at potential benefits (upside risk).
1.4
The development of a risk-based plan takes into account the organisation's risk
management framework. The process identifies the assurance (and consulting) assignments
for a specific period, by identifying and prioritising all those areas on which objective
assurance is required. This is then also applied when carrying out individual risk based
assignments to provide assurance on part of the risk management framework, including the
mitigation of individual or groups of risks.
1.5
The following factors are also taken into account when developing the internal audit plan:
 Any declarations of interest so as to avoid conflicts of interest;
 The requirements of the use of specialists e.g. IT auditors;
 Striking the right balance over the range of reviews needing to be delivered, for
example systems and risk based reviews, specific key controls testing, value for
money and added value reviews;
 The relative risk maturity of the Council;
 Allowing contingency time to undertake ad-hoc reviews or fraud investigations as
necessary;
 The time required to carry out the audit planning process effectively as well as
regular reporting to and attendance at the Audit Committee, the development of the
annual report and opinion and the Quality Assurance and Improvement Programme.
1.6
In accordance with best practice the Audit Committee should „review and assess the annual
internal audit work plan‟.
2. AUDIT CHARTER
2.1
The Audit Charter was developed as part of the planning process in 2014/15 and
incorporated the requirements of the PSIAS. There is an obligation under the PSIAS for the
Charter to be periodically reviewed and presented. This Charter will therefore be reviewed
annually by the Internal Audit Consortium Manager to confirm its ongoing validity and
completeness. In addition the Charter will be presented to the Section 151 Officer, senior
management and the Audit Committee every 2 years for review.
2.2
As part of the review in developing the internal audit plan for 2015/16, minor amendments
were made to reflect the new contractor from 20151/6. In addition the current Audit Charter
has been reviewed by the new Contractor to ensure that this reflects the way that the
Page 2 of 14
41
company works. The only change is the introduction of formal exit meetings upon issue of
the draft report, in addition to the debrief meetings that are held towards the end of the
fieldwork. The use of exit meetings ensures that a robust and thorough discussion can be
held on the conclusion of the review and ensures that the action proposed by management
to implement the recommendation(s) ensures that the risks are appropriately mitigated.
2.3
The Audit Charter will be further reviewed and refreshed once the new contract has been in
operation for 6 months, and an updated Audit Charter will be presented to the Committee
with the audit plans for 2016/17.
2.4
As part of the review of the Audit Charter the Code of Ethics are also reviewed by the
Internal Audit Consortium Manager, and it is ensured that the Internal Audit Services
contractor staff, as well as the Internal Audit Consortium Manager adhere to these,
specifically with regard to; integrity, objectivity, confidentiality and competency.
3. INTERNAL AUDIT STRATEGY
3.1
The Strategy (see Appendix 1) sets out how the internal audit service will be delivered and
developed in accordance with the charter and how it links to the organisational objectives
and priorities. The purpose of the Internal Audit Strategy is to confirm:
 Internal Audit objective and outcomes;
 Internal Audit Annual Planning;
 How the annual internal audit opinion will be formed and evidenced;
 How Internal Audit will identify and address local and national issues and risks;
 How the service will be provided; and
 The resources and skills required to deliver the service.
4. STRATEGIC INTERNAL AUDIT PLAN
4.1
The overarching objective of the Strategic Internal Audit Plan (see Appendix 2) is to provide
a comprehensive programme of review work over the next three years, with each year
providing sufficient audit coverage to give annual opinions, which can be used to inform the
organisation‟s Annual Governance Statement.
4.2
As the Internal Audit Strategy suggests the 3-year plan of audits ensures the timing of the
audit reviews are appropriate, and that the audit steer addresses key issues and risks at the
right time. Considerable discussion was held with Heads of Service to ensure that the
balance of audits over the 3 year plan delivered value-added audits at a time when the
outcome from the reviews would provide the most benefit and also ensures that the balance
of audits enables the Annual Opinion to be provided.
4.3
The Corporate Governance and Risk Management audit which was initially planned for
quarter 4 of 2014/15 has been deferred to 2015/16. Unfortunately this decision had to be
made as a result of resourcing issues through the current contract, whilst this is not an ideal
situation the review in 2015/16 will be undertaken in quarter 2 to ensure that the time
between these reviews is minimised.
4.4
The IT audits currently proposed for 2015/16 were as a result of a Computer Audit Needs
Assessment, undertaken by Mazars PSIA Ltd. As highlighted in the Internal Audit Strategy in
order to be more efficient and to ensure that all planning considerations can be taken into
account at the same time, this will now form part of the normal planning process. However
Page 3 of 14
42
the new contract does not start until 1 April 2015; therefore the IT audits currently reflected in
the plan are draft and will be discussed in detail early in April with the Head of Business
Transformation & IT, the IT Manager and the contractors IT Audit Manager (TIAA Ltd) to
ensure that IT audit meets the requirements of the Council. The current audits and timings
are therefore provisional and will be confirmed post these discussions.
5. ANNUAL INTERNAL AUDIT PLAN
5.1
Having developed the Strategic Internal Audit Plan, the Annual Internal Audit Plan is an
extract of this for the forthcoming financial year (see Appendix 3). This details the areas
being reviewed by Internal Audit, the number of days for each review, the quarter during
which the audit will take place and a brief summary / purpose of the review.
5.2
The Annual Audit Plan for 2015//16 totals 170 days, encompassing the following:
 11 service area audit assignments provided by TIAA Ltd;
 IT audits – the number of which are currently drafted as 4, but are subject to review
and will be provided by TIAA Ltd: and
 audit verification work concerning audit recommendations implemented to improve
the Council‟s internal control environment.
5.3
The outcomes of the above work will be periodically reported to the Audit Committee through
the Progress Report on Internal Audit Activity.
6. PERFORMANCE MANAGEMENT
6.1
The new Internal Audit Services contract includes a suite of key performance indicators (see
Appendix 4) against which the new contractor will be reviewed on a quarterly basis. There
are a total of 13 indicators, over 4 areas. From the first year of the contract records will be
maintained for all 13, however performance can only be recorded on 11 of these as base
line data is required for the final 2.
6.2
There are individual requirements for performance in relation to each indicator; however
performance will be assessed on an overall basis as follows (for the first year):
 9-11 KPIs have met target = Green Status.
 5-8 KPIs have met target = Amber Status.
 4 or below have met target = Red Status.
Where performance is amber or red a Performance Improvement Plan will be developed and
agreed with the contractor to ensure that appropriate action is taken.
6.3
Performance in relation to these indicators will be reported to the Committee as part of the
Progress Reports on Internal Audit Activity and the Annual Report and Opinion, ensuring
that Members are kept up to date on a regular basis.
Page 4 of 14
43
APPENDIX 1 – INTERNAL AUDIT STRATEGY
1. Introduction
1.1
The Internal Audit Strategy is a high level statement of how the internal audit service will be
delivered and developed in accordance with the Internal Audit Charter and how it links to the
organisational objectives and priorities. The provision of such a strategy is set out in the
Public Sector Internal Audit Standards (PSIAS).
1.2
The purpose of the strategy is to provide a clear direction for internal audit services and
creates a link between the Charter, the strategic plan and the annual plan. In particular the
strategy confirms:
 Internal Audit objective and outcomes;
 Internal Audit Annual Planning;
 How the annual internal audit opinion will be formed and evidenced;
 How Internal Audit will identify and address local and national issues and risks;
 How the service will be provided; and
 The resources and skills required to deliver the service.
2. Internal Audit objective and outcomes
2.1
Internal audit is an independent, objective assurance and consulting activity designed to add
value and improve the Council‟s operations. It helps the Council accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control and governance processes.
2.2
The outcomes of the internal audit service are detailed in the Internal Audit Charter and can
be summarised as; delivering a risk based audit plan in a professional, independent manner,
to provide the Council with an opinion on the level of assurance it can place upon the
internal control environment, systems of risk management and corporate governance
arrangements, and to make recommendations to improve these provisions, where further
development would be beneficial.
2.3
The reporting of the outcomes from Internal Audit is through direct reports to Senior
Management in respect of the areas reviewed under their remit, in the form of an audit
report. The Audit Committee and Section 151 Officer also receive:
 The Audit Plans report, which is based on a risk assessment of the Council and
forms the next financial years plan of work;
 The Progress Reports which provide summaries of the work achieved throughout
the year and the individual opinions awarded on conclusion of reviews;
 The Follow Up Reports which detail the level of management action taken in respect
of agreed internal audit recommendations; and
 The Annual Report and Opinion on the overall adequacy and effectiveness of the
Council‟s framework of governance, risk management and control.
3. Internal Audit Planning
3.1
In preparing the Internal Audit Plans, both strategic and annual, awareness of local and
national issues and risk is maintained, as explained in section 5.
3.2
An annual audit needs assessment has historically been developed in relation to the service
areas under review as part of the planning process. Seven key risk factors were identified
which were then applied to potential audit areas and their impact on the Council, these are;
materiality (value), materiality (volume), significance, complexity, change, inherent risk and
Page 5 of 14
44
profile. These risk factors were then weighted to produce a risk score, which translates into
very high, high, medium and low, which in turn indicates the frequency of review.
3.3
The above outcomes are reviewed each year to ensure that the initial risk assessment
applied to each area is correct. Also now in addition the previous assurance ratings applied
to the area are also considered in deciding upon the frequency of review, as are current
developments and changes within service areas to ensure that value is added through each
internal audit review.
3.4
Going forwards the IT element of the plans will now be discussed and agreed at the same
time as the overall plans. This was historically completed as a separate review by the
contractor and resulted in additional reporting to the Audit Committee. However in order to
be more efficient and to also ensure that all planning considerations can be taken into
account at the same time, this will now form part of the normal planning process. The new
contract does not start until 1 April 2015; therefore the IT audits currently reflected in the
plan are draft and will be discussed in detail early in April with Senior Management, and the
IT Audit Manager to ensure that IT audit meets the requirements of the Council.
3.5
The outcomes of the awareness of risks and issues, and the risk assessment of the Council
then formulate a Strategic Internal Audit plan, and the resulting Annual Internal Audit Plan.
Initial consultation with the Section 151 Officer took place, followed by individual meetings
with Heads of Services in December and January, during which current and future
developments, changes, risks and areas of concerns were discussed and the plan amended
accordingly to take these into account.
3.6
The resulting draft Strategic and Annual Internal Audit Plans were then shared with the Chief
Executive and Directors and then discussed with and approved by Corporate Management
Team prior to these being brought to the Audit Committee. In addition External Audit are also
provided with early sight of the plans.
4. Internal Audit Annual Opinion
4.1
The annual opinion provides Senior Management and the Audit Committee with an
assessment of the overall adequacy and effectiveness of the Council‟s framework of
governance, risk management and control.
4.2
The opinion is based upon:
 The summary of the internal audit work carried out;
 The follow up of management action taken to ensure implementation of agreed
action as at financial year end;
 Any reliance placed upon third party assurances;
 Any issues that are deemed particularly relevant to the Annual Governance
Statement (AGS);
 The Annual Review of the Effectiveness of Internal Audit, which includes; the level of
compliance with the PSIAS and the results of any quality assurance and
improvement programme, the outcomes of the performance indicators and the
degree of compliance with CIPFA‟s Statement on the Role of the Head of Internal
Audit.
4.3
In order to achieve the above Internal Audit operates within the PSIAS and uses a risk based
approach to audit planning and to each audit assignment undertaken. The control
environment for each audit area reviewed is assessed for its adequacy and effectiveness of
the controls and an assurance rating applied. As mentioned the progress with the plan is
regularly reported to the Audit Committee.
Page 6 of 14
45
5. Local and National Issues and Risks
5.1
The annual audit planning process ensures that new or emerging risks are identified and
considered at a local level. This strategy ensures that the planning process is all
encompassing and reviews the records held by the Council in respect of risks and issue logs
and registers, reports that are taken through the Council Committee meetings, a review of
the audit needs assessment retained by Internal Audit and through extensive discussions
with Senior Management.
5.2
Awareness of national issues is maintained through the contract in place with the external
contractor through regular “horizon scanning” updates being provided, and annually a
particular focus provided on issues to be considered during the planning process.
Membership and subscription to professional bodies such as the Institute of Internal Auditors
and the CIPFA on-line query service, liaison with External Audit, and networking with
colleagues through the Norfolk Chief Internal Auditors Group, all help to ensure
developments are noted and incorporated where appropriate.
6. Provision of the Service
6.1
The Role of the Head of Internal Audit and contract management is provided by South
Norfolk Council (the Internal Audit Consortium Manager) to; Breckland, Broadland, North
Norfolk and South Norfolk District Councils, Great Yarmouth Borough Council and The
Broads Authority. All Authorities are bound by a Partnership Agreement.
6.2
The delivery of the audit plans for each Authority is provided by an external audit contractor,
who reports directly to the Internal Audit Consortium Manager. The current contract is with
TIAA Ltd, and commences on 1 April 2015, for an initial period of 5 years.
7. Resources and Skills
7.1
Through utilising an external audit contractor the risk based audit plan can be developed
without having to take into account the existing resources, as you would with an in-house
team, thus ensuring that audit coverage for the year is appropriate to the Council needs and
not tied to a particular resource.
7.2
That said the external contractor does supply a core team of staff to deliver the audit plan,
and these staff bring with them considerable public sector knowledge and experience. These
core staff can be supplemented with additional staff should the audit plan require it, and in
addition specialists, e.g. computer auditors, contract auditor, fraud specialists, can be drafted
in to assist in completing the plan and focusing on particular areas of specialism.
7.3
All audit professionals are encouraged to continually develop their skills and knowledge
through various training routes; formal courses of study, in-house training, seminars and
webinars. As part of the contract with TIAA Ltd the contractor needs to ensure that each
member of staff completes a day‟s training per quarter.
Page 7 of 14
46
APPENDIX 2 – STRATEGIC INTERNAL AUDIT PLAN 2015/16 to 2017/18
Audit Area
Annual Opinion audits
Corporate Governance and Risk Management
Key Controls and Assurance
Fundamental Financial Systems
Accountancy Services includes control accounts,
banking, bank reconciliation, asset management /
capital expenditure, budgetary control and treasury
management
Accounts Payable (insurance)
Accounts Receivable
Remittances
Council Tax and National Non-Domestic Rates
Local Council Tax Support and Housing Benefits
Payroll and Human Resources includes member and
officer expenses
Service audits
Head of Finance
Procurement
Partnerships
Head of Economic and Community Development
Economic Growth
Coastal Management
Last review &
assurance
Associated
Risk
2015/16
2016/17
2017/18
2012/13
CG - Good
RM - Adequate
High
8
7.5
7.5
Annually - various
High
15
10
15
2013/14
Good (BR Adequate)
High
16
2012/13 - Adequate
Due 2014/15
2013/14 - Adequate
2013/14
Main - Adequate
TIC - Limited
High
2012/13 - Limited
Due 2014/15
2012/13 - Limited
Due 2014/15
2012/13 - Adequate
Due 2014/15
High
20
High
20
High
19
2014/15 - Adequate
2012/13 - Adequate
Medium
Medium
10
2013/14 - Adequate
2014/15 - Adequate
Medium
Medium
Page 8 of 14
47
High
High
15
13
10
12
9
11
10
10
10
Housing Strategy and Affordable Housing, including
housing enabling and empty properties
Private Sector Housing includes DFGs and discretionary
grants
Localism and Communities
Head of Business Transformation and IT
Homelessness and Housing Options
Head of Assets and Leisure
Sports Halls
Leisure and Pier Pavilion
Property Services
Car Parking
Markets
Parks and Open Spaces and Woodland Management
Head of Organisational Development
Media, Communications and Marketing
Elections and Electoral Registration
Performance Management, Corporate Policy and
Business Planning (includes action plans)
Democratic Services includes Member Services and
training
Head of Environmental Health
Waste Management including contract / agreement
monitoring, income collection & monitoring, refuse
collection, street cleansing, recycling, clinical waste,
abandoned vehicles and grounds maintenance
Environmental Health includes emergency planning,
food safety, environmental protection, pest control, dog
warden, licensing and pollution control
Head of Planning
Development Management includes planning
applications, planning enforcement, s106 agreements,
CIL, Land Charges and Building Control
2011/12 - Good
Medium
2013/14 - Adequate
Medium
8
2014/15 - Adequate
High
10
2012/13 - Adequate
Medium
2014/15 - Adequate
2012/13 - Adequate
2012/13 - Adequate
2013/14 - Adequate
2013/14 - Adequate
2011/12 - Adequate
Medium
New area
2011/12 - Good
Due 2014/15
2014/15 - Good
Medium
Medium
Medium
High
Medium
Medium
New area
High
Medium
Low
2013/14 - Adequate
High
2013/14 - Adequate
Medium
2014/15 - Adequate
Medium
Page 9 of 14
48
10
10
12
10
10
12
6
15
10
10
12
8
8
17
17
18
22
Head of Legal
Coastshare
ICT Audits - Head of Business Transformation and IT
Audit to be confirmed
Business Continuity
Software Licensing
Information Governance (DP and FOI)
Register of Electors (Express)
Follow Up of audit recommendations
Systems Audit Recommendations
IT Audit Recommendations
Total number of days
New audit area
Medium
High
High
High
High
5
7
6
10
7
8
4
170
Page 10 of 14
49
30
30
8
4
228.5
8
4
205.5
APPENDIX 3 – ANNUAL INTENAL AUDIT PLAN 2015/16
Audit Area
No. of days Quarter 1 Quarter 2 Quarter 3 Quarter 4 Summary / purpose of audit
Annual Opinion audits
Corporate Governance and Risk Management
8
8
Key Controls and Assurance
15
15
16
16
Annual review required to gain assurance on
the Council's governance and risk
management arrangements.
Annual review of the key controls at the
Council that feed into the Statement of
Accounts and the Annual Governance
Statement.
Fundamental Financial Systems
Accountancy Services includes control
accounts, banking, bank reconciliation, asset
management / capital expenditure, budgetary
control and treasury management
Accounts Receivable
Remittances
Service Area audits
10
12
Head of Economic and Community Development
Housing Strategy and Affordable Housing,
10
including housing enabling and empty properties
Head of Business Transformation and IT
Homelessness and Housing Options
10
12
10
Key financial systems that feeds into the
Statement of Accounts and requires regular
review to confirm the adequacy and
effectiveness of controls in these key areas
10
A new Strategy was approved by Cabinet and
processes are now becoming embedded - a
review early in 2015/16 would be of value to
ensure controls are efficient and effective.
10
Housing Register - Your Choice, Your Home has been in place for a while now and update
reports have been provided to Scrutiny as to
the success of this. This audit will review the
Allocations Policy and ensure that this is
accurately followed by the team. Particular
focus will also be on the processes in place
for the agreements for rent in advance and
damage deposits.
Page 11 of 14
50
Head of Assets and Leisure
Leisure, Arts and Pier Pavilion
10
Car Parking
10
Parks and Open Spaces and Woodland
Management
10
Head of Environmental Health
Waste Management including contract /
agreement monitoring, income collection &
monitoring, refuse collection, street cleansing,
recycling, clinical waste, abandoned vehicles
and grounds maintenance
17
10
10
10
17
Particular focus will be on the arrangements
for monitoring its two key leisure contracts.
More detailed scope for this audit will be
agreed with the Head of Service prior to the
commencement of the audit.
This audit will analyse the internal controls
currently exercised over the Council‟s pay and
display car parks, via shared service
arrangements with Kings Lynn and West
Norfolk Borough.
Previous scopes have included a review of
income, maintenance, health & safety,
monitoring of events and management of
plans. These areas will be discussed for
review with the Head of Service at the time of
the detailed planning.
This is potentially a high risk area, and the
audit will also involve an aspect of contract
management. Specific focus has been
requested on KIER data in relation to trade
waste. The remaining scope will be
determined at the detailed planning stage.
ICT Audits
Business Continuity
7
Software Licensing
6
Information Governance (DP and FOI)
10
Register of Electors (Express)
7
7
6
10
7
Page 12 of 14
51
The IT audits were proposed as a result of a
Computer Audit Needs Assessment. The IT
audit approach will be reviewed early in April
2015 and discussion had to ensure that
coverage is appropriate to the Council.
Follow Up of audit recommendations
Systems Audit Recommendations
IT Audit Recommendations
Total number of days
8
4
170
4
37
4
2
50
36
Page 13 of 14
52
2
47
Follow Up of agreed recommendations to
provide officers and members with an up to
date position on the control environment.
APPENDIX 4 – PERFORMANCE INDICATORS
Area / Indicator
Audit Committee / Senior Management
1. Audit Committee Satisfaction – measured
annually
2. Chief Finance Officer Satisfaction –
measured quarterly
Internal Audit Process
3. Each quarters audits completed to draft
report within 10 working days of the end
of the quarter
4. Quarterly assurance reports to the
Contract Manager within 15 working days
of the end of each quarter
5. An audit file supporting each review and
showing clear evidence of quality control
review shall be completed prior to the
issue of the draft report ( a sample of
these will be subject to quality review by
the Contract Manager)
6. Compliance with Public Sector Internal
Audit Standards
7. Respond to the Contract Manager within
3 working days where unsatisfactory
feedback has been received.
Clients
8. Average feedback score received from
key clients (auditees)
9. Percentage
of
recommendations
accepted by management
Innovations and Capabilities
10. Percentage of qualified (including
experienced) staff working on the
contract each quarter
11. Number of training hours per member of
staff completed per quarter
12. Number of high and medium priority
recommendations made per quarter
13. Number of audits which are considered
to add value
Target
Adequate
Good
100%
100%
100%
Full
100%
Adequate
90%
60%
1 day
To decrease over the life of the contract (from
year 2)
To increase over the life of the contact (from
year 2)
Page 14 of 14
53
Audit Committee
9 December 2014
Agenda Item No_____________
Update on Sports Halls Internal Audit Recommendations
Summary:
This report provides the Audit Committee with an update on the
progress made in relation to the five audit recommendations
raised as a result of the recent Sports Halls internal audit,
following Members concerned raised at the meeting in
December 2014.
Conclusions:
Progress is being made with the Sports Halls recommendations
and it is expected that these will all be implemented by financial
year end.
Recommendations:
It is recommended that the Committee notes the management
action taken to date regarding the implementation of the Sports
Halls audit recommendations.
Cabinet member(s):
Ward(s) affected:
All
All
Emma Hodds, Internal Audit Consortium Manager
01508 533791, ehodds@s-norfolk.gov.uk
Contact Officer, telephone
number, and e-mail:
1.
Background
1.1.
At the Audit Committee meeting on 9 December 2014 Members raised concerns
regarding the recommendations agreed with management on conclusion of the
Sports Halls internal audit review.
1.2.
The Chairman stated that there was a recurrence of issues and that the sports
halls were vulnerable areas where the interface with the public was dynamic and
that there were various risks to be managed.
1.3.
After discussion with the Internal Audit Consortium Manager, Head of Finance
and the Head of Assets and Leisure it was agreed that an update report would be
brought back to this Committee to provide information on the progress made to
date with the five recommendations.
54
Audit Committee
9 December 2014
2.
Overall Position
2.1.
Attached at Appendix 1 to this report are the management updates provided to
Internal Audit on the 20th February 2015 by the Sports and Leisure Services
Manager and the Community Sports Manager. These responses highlight the
current position with the progress made by management as to the
implementation of these five recommendations.
2.2.
The summary position is as follows:

Recommendation 2 – Disclosure and Barring Services (DBS) Checks and
recommendation 3 – the signing off of check banking sheets – has been
completed by management and Internal Audit has signed these off.

Recommendation 5 – Health and Safety Checks – are both work in
progress and will continue to be monitored by Internal Audit.

Recommendation 1 – Operational Procedures for Sports Clubs and Halls
and recommendation 4 – Procurement process for Sports Hall Suppliers –
are both not yet due, with implementation dates of 31 March 2015
originally agreed with management on issue of the report.
3.
Conclusion
3.1
Progress is being made with the Sports Halls recommendations and it is
expected that these will all be implemented by financial year end.
4.
Recommendation
4.1
It is recommended that the Committee notes the management action taken to
date regarding the implementation of the Sports Halls audit recommendations.
Appendices attached to this report:
Appendix 1 – Management Response to date in relation to Sports Halls internal audit
recommendations
55
Audit Committee
9 December 2014
Appendix 1 – Management Response to date in relation to Sports Halls internal audit recommendations
Audit No
NN1506 – Sports
Halls
NN1506 – Sports
Halls
Recommendation
Responsibility
Due Date
Priority/
Revised date
Status
Recommendation 1 – Sports and Leisure
Operational
Services Manager
Procedures for
‘Sports Clubs and
Hubs’
31/03/15
Low
Recommendation 2 – Community Sports
Disclosure and
Manager
Barring Service
(DBS) Checks
31/01/15
Current Status
Feb 2015: Not started as yet
Not yet Due
IA: This will continue to be monitored.
Medium
Complete
Feb 2015: HR will continue to send a
quarterly update to the Community
Sports Manager. Reminders are now
in place for each member of staff in
the Community Sports Manager’s
Outlook calendar to avoid any
oversights. DBS checks are a
standing item on the agenda for the
monthly managers meetings to help
ensure that the status of these is
being considered regularly.
IA: Closed based on management
response and all controls now being in
place.
NN1506 – Sports
Halls
Recommendation 3 – Community Sports
Signing off of Check Manager
Banking Sheets
56
31/01/15
Medium
Completed
Feb 2015: The agreed system for this
is now in place, with the Community
Sports Manager or Sports and Leisure
Services manager checking and
Audit Committee
9 December 2014
signing off the banking carried out by
the site supervisors. Example
attached
IA: evidence obtained
recommendation closed.
NN1506 – Sports
Halls
Recommendation 4 – Community Sports
Procurement process Manager
for Sports Halls
Suppliers
31/03/15
Low
Not Yet Due
Feb 2015: This is not currently in
place and is being prepared ready for
the 31/3/2015. In addition to the
original response we plan to update
our supplier list every six months, and
will always attempt to obtain best
value on any item not on the list by
searching a minimum of three
suppliers (where possible) for the best
price.
IA: This will continue to be monitored
NN1506 – Sports
Halls
Recommendation 5 – Community Sports
Health and Safety
Manager
Checks
31/01/15
Medium
In Progress
Feb 2015: The Community Sports
Manager has briefed all staff
regarding the importance of attending
corporate Health and Safety training.
Health and Safety is already a
standing item on the monthly Sports
Centres management meetings, and
training thereof will be covered under
this item.
The Community Sports Manager will
in the future work closely with the
NNDC Health and Safety team, in
57
Audit Committee
9 December 2014
order to programme training at times
which are most accessible to the
sports centre staff.
IA: This will continue to be monitored
in order to evidence the sports team’s
First Aid Qualifications renewals.
58
Brief for Audit Committee March 2015
Incidents and Emergency Planning
There have been no incidents that have had an impact on the Authority since the last
report in December.
The most significant recent event for the Authority was the tidal surge, in December
2013 and a full de-brief report has been complied and this report went to Overview
and Scrutiny Committee in January 2014. Contained within the report is an action
plan for the lessons learnt for the authority during and after the event. Most points
required our emergency response plan to be updated and improved with the
knowledge gained from this and the other events we experienced. All of these action
points have now been put into place.
Overall the Emergency Response Plan was proved to be fit for purpose and the new
additions will help to deliver an event slicker response to any future incident the
authority may face. The new updated version four of the NNDC Emergency
Response Plan has now been completed and has been published.
Team BC Plans
All team BC plans are in place except Revenue and Benefits. However, this team
have got a draft plans in place and the line managers are working on the new
version, with the Civil Contingency team continually chasing its completion. A date
has now been set for the 23rd March when I will meet with the managers of
Revenues and Benefit team to finalise their Business Continuity Plan.
The new Business Continuity Working Group has an initially meeting and training
session on 19th March 2015.
Despite the fact that authority experienced several significant emergency incidents
the over the previous year, with had little impact of service delivery proves that the
current Business Continuity plans in place are robust and fit for purpose.
Training
The CCT team are still helping teams to develop and improve their own BC plans
with one to one training sessions.
Disaster Recovery and Work Action Recovery site
59
This project is still on-going but has been delayed due to the heavy work load for IT
and the role out of the business transformation program. All data is being replicated
from the Cromer office to the Fakenham site on a daily basis and if we suffer a total
loss of this building it would take a small amount of reconfiguration work to get
access to the stored data. The new plan for the Fakenham DR site is to upgrade the
equipment Q1 2015/16 as part of the planned upgrade to the IT facilities. A test of
the new equipment will be built into the project implementation plan, to be completed
by June 2015.
The Work Action Recover (WAR) Site is in place with an initial 10 networked PC’s
and associated equipment. During the recent Fakenham fire the building was used
to great effect as an evacuation and information centre for the members of the public
that were made homeless. The staff that used the site during the incident reported
that the ability to use NNDC IT networks made the whole process far easier. The
fact that they had the ability to use the small rooms for confidential interviews and
the kitchens for refreshments only further enhanced service delivery. The Civil
Contingencies team will be carrying out a low level test of the WAR facility In March
2015.
60