Appendix A

i

London Borough of Islington

2

Contents

Introduction

Overall summary

Key themes identified

Service Summaries - Reports Issued 1st April 2012 – 31

st December 2012

Appendix 1: Key to Assurance Levels

Appendix 2: Changes to plan

3

Introduction

Purpose of this report This report summarises the work that Internal Audit has undertaken in the period April – December 2012 and provides details on the high risk and priority issues which could impact on the effectiveness of the internal control environment across the Authority.

Overview of the Internal Audit Approach As Internal Audit, our role is to provide an annual assurance statement on the adequacy and effectiveness of the Council’s governance processes, risk management and control environment. Collectively, we refer to all of these activities in this report as “the system of internal control”.

The London Borough of Islington is a large organisation providing a diverse range of services to the public with a number of processes, systems and complexities that underpin service delivery.

We generally undertake individual projects with one of two objectives in mind:

• Assurance Reviews: The majority of projects are geared towards providing assurance to management on the operation of the Authority’s system of internal control.

• Specific Advice reports: Other projects are geared more towards the provision of specific advice and support to management to enhance the efficiency, effectiveness and economy of the services and functions for which they are responsible.

We also undertake:

• Compliance Audit: We assist in the review of financial related regulations that the Council needs to comply with. This includes Schools, audits, continuous auditing and establishment audits (e.g. Care Homes and Day Centres) and

• Proactive Anti-fraud and Forensic Work: investigations into “internal” instances of suspected fraud, proactive anti-fraud work, and other activities, such as data analysis, National Fraud Initiate (NFI) support, and the provision of training and awareness sessions to key groups of staff. The work delivered supplements investigative work undertaken by dedicated housing benefit and blue badge fraud teams.

All audit reports include our recommendations and actions agreed with management that will, if implemented, further enhance the control environment and the operation of the controls in practice. We formally follow up all of our work within 12 months of issuing a final report to monitor the levels of implementation of agreed actions.

Each year we seek to adapt and enhance our approach in order to take account the Council’s risk profile and changes in the system of internal control to ensure that our work remains focused on the areas of high risk and seeks to avoid duplication of effort, where there are other sources of assurance, for example, Audit Commission and Ofsted in operation.

Overview of work done April – December 2012

The original Audit Plan for 2012/13 approved by the Audit committee in March 2012 included a total of 95 planned projects totalling 1,450 audit days. We have continued to communicate closely with senior management to ensure that the audit reviews actually undertaken represent a focus on high risk areas, in the light of new and ongoing developments in the Authority to ensure the most appropriate use of our resources. As at December 2012, the revised number of planned projects to be delivered is 97 of which we have completed 35 with a further 14 projects at fieldwork stage, 10 of which are expected to be at draft report stage by the end of January. This will represent 50% of the plan completed. At Appendix two we have identified the

4

movement in the audit plan since the agreement of the original audit plan.

:

Report Assurance Ratings by Service Area

Service Area Substantial

Assurance

Reasonable

Assurance

Limited

Assurance

No

Assurance

Not

Rated

Total

Corporate Reviews and

Corporate Resources

1 2 2 0 0 5

Fundamental & Financial

Systems and Continuous

Auditing

0 2 0 0 0 2

Environment &

Regeneration

0 3 0 0 0 3

Housing & Adult Social

Services (HASS)

5 7 1 0 0 13

Children’s Services 0 7 0 0 0 7

Information Technology 0 0 1 0 1 2

Antifraud and

Investigations

0 0 1 0 1 2

Total 6 21 5 0 2 34

The above table shows that 27 of the 35 (77%) audits undertaken in the year to date provided an assurance rating opinion of substantial or reasonable, providing a positive message on the levels of assurance as to the adequacy and effectiveness of the internal control environment, while six reports have provided a limited or no assurance rating (18%)

Our findings on the key themes arising from our work to date in 2012/13 are set out below.

5

Key themes identified

Governance

Project Management - We believe there are benefits to be had from a more consistent, robust procedure for programme and project management.

Data Protection – Recent breaches of the Council’s Data Protection Policies have resulted in residents’ and clients’ confidential personal data being exposed to the public:

An audit of the council’s Data Protection Policies and Procedures identified three opportunities for improvement relating to the Council’s safeguards over hard copy documents.

Council-wide policies should be implemented and be made available to all staff detailing how they should work to ensure they meet the requirements of the DPA and agreed practice for processing information requests from external parties (including SARs);

Management should develop a consistent set of safeguards that can be applied across the Council for hard copy documentation. This framework should be applied based on the sensitivity of the data to ensure that controls implemented are commensurate with the risk of data loss. In developing this framework, management needs to ensure that data across the information lifecycle (from creation to destruction) is considered, and

A data protection training plan should be developed, signed off by senior management and communicated to the Directorates. The plan should include a timeframe for the coverage of all council staff handling personal data (including sensitive personal data) and adherence to the plan needs to be monitored. This training program should cover all full-time staff members and temporary staff (agency, contractors, etc.) who handle personal data.

A follow up audit is scheduled for January 2013 to review progress in implementation of the above recommendations.

The findings from this report will be included in our 2012/13 annual report to the June 2013 Audit Committee.

Pre-employment vetting checks

Audits undertaken in services and in corporate reviews have identified a lack of consistency or non-compliance with established council policy and procedures to ensure all required pre-employment checks are completed before council staffare appointed. Contract Management reviews have also highlighted that completion of required checks by contractors are not being adequately monitored.

Risk Management

Liaison with the risk management team continues to ensure unregistered risks picked up in audits are fed back to services for consideration and review.

Fundamental and Key Financial Systems

Each year Internal Audit carries out reviews of the Council’s fundamental financial systems. This process allows the Audit Commission to place reliance on the work performed by Internal Audit. It also allows Islington to limit Audit Commission fees spent on reviewing the authority’s activities.

In 2012/13 we have continued to apply and improve on our Continuous Auditing method for key financial systems. We have streamlined the format and outputs from the Service Assurance process with departments to align with the core areas of activity and key controls reviewed in the Continuous Auditing model. Work is supported by outputs from the Oversight Continuous Transaction Monitoring tool.

This combined with the information provided by management as part of Service assurance meetings allows audit to focus work on high risk areas of concern and to reduce testing where management maintains

6

comprehensive monitoring of key controls.

We reported in our June 2012 Audit Committee annual report that the final year overall opinion rating for the fundamental systems was ‘reasonable assurance and good progress continues to be made to improve controls in areas across systems which needed strengthening in the previous year’s work, such as reconciliation controls.

In the latest 2011/13 phase one review, we raised only two medium priority findings and twelve low risk best practice findings.

Overall it was noted that the control environment has remained stable across the key financial systems during

the period of testing for this work. A summary of the matters arising from the report is included in the Finance

Service summary.

Management’s response to implementing audit recommendations

Progress in implementation of recommendations made in 2011/12 reports has been monitored by completion of follow up audits on all audits completed in that year. This exercise has confirmed that of the twelve follow ups completed to date, in all but case the recommendations raised in the previous report have been substantively or fully implemented and controls improved where appropriate.

In one instance, Weston Rise Tenant Management Organisation, (TMO) only seven of the fourteen recommendations agreed in the 2011/12 audit report had been fully implemented, these were three of the eight high risk issues and four of the six medium risk issues. A further four high risk and one medium risk issues had been partially actioned while one high and one medium risk issues had not been implemented The high risk issue related to drafting a policy regarding payment of staff bonuses and the medium risk issue concerned addressing the lack of details on purchase orders completed.

The assurance rating was therefore only revised to limited from the previous report’s no assurance ratings. Details of the areas covered by the follow ups are included in the service summaries section of this report.

Performance of Internal Audit and Efficiency of the Service

As reported in our 2011/12 annual report to the June 2012 Audit Committee, we are continuing efforts to further improve delivery of the service to customers. The main achievements in 2012/13 to date are as follows:

Working with Camden to deliver a shared audit service. Planned joint audit reviews across both councils are currently in progress aimed at identifying opportunities to develop best practice in service delivery which will benefit both councils;

Key Performance Indicators used to demonstrate the effectiveness of the internal audit function show that internal audit continues to meet CIPFA recommended targets for delivering the audit plan, maintaining staff productivity targets, and following up on implementation of agreed audit recommendations;

The 2013/14 audit plan and audit strategy will embrace recommendations made by the International Auditing Standards Board to ensure that the council’s internal audit team are operating in accordance with the latest recommended professional audit standards.

Audit Quality Surveys received following each completed audit project revealed that the majority of surveys showed good or very good satisfaction with the audit service provided, and

7

Service Summaries – Reports Issued 1st April

2011– 31st March 2012

The tables which follow summarise by service area the key issues arising from reports issued in the period April – December 2012.

Corporate (including Corporate Resources and Integrated Specialist Reviews) This area covers Council activities which are common to all service areas or departments and are cross cutting in nature.

Report Title Assurance Rating Key issues arising

Corporate Procurement and Contract

Management

Limited Clarity of responsibility for the corporate procurement

function;

Independent monitoring of contract management in

services to challenge the effectiveness of service

delivery by contractors;

Contracts had not been notified to the corporate

procurement team. Inconsistency of documentation held

on contract files.

A need for Purchase card user guidance to be updated

to reflect changes made to the system.

Receipts were not always scanned into the purchase

card system and lack of description of transaction details

to support adequate authorisation of transactions, and

System administration issues were noted regarding

review of purchase cards status ,e.g. leavers, inactive

cards and user transaction limits

Health and Safety Policy

Substantial Process to ensure line managers complete Health and

Safety Induction checklists with all new Council

employees

8

Comensura Contract

Limited Timesheets continue to be auto-approved on the

Comensura.net system where they have not been

approved in time by the two listed approvers at the

Council. This finding was raised in a previous audit

report

No preventative controls are mandated within the

Council to ensure that all agency staff have been subject

to appropriate vetting and pre-employment checks

Lack of documentation of actions and decisions

undertaken at quarterly contract meetings and evidence

of review of the rebate calculation

No procedures are in place to identify and follow up

agency staff spend outside of the Comensura contract.

Local Initiatives Fund Grants

Reasonable Evidence of approval on the grant proposals.

Accuracy, completeness or validity of supporting

information submitted for the grant expenditure incurred

Delay in the review of report back forms of three months

or longer.

Evidence to support the achievement of outcomes

stated.

Cashiers’ Operations - follow up Reasonable Adequate action had been taken to implement the

previous report’s recommendations

Other projects in progress at end of December and remainder of 2012/13:

Contact Islington Call Centre

Business Continuity and Disaster Recovery

Community Budget - Family Outreach Service

(Children’s Services and Adult Social Services Joint review)

Joint reviews with Camden:-

Voluntary Sector Partnership Contracts Public Health Care Joint Commissioning Arrangements

Safeguarding Adults

CCTV Review

Follow ups –

Members Code of Conduct and Expenses

HR Processes

9

Environment and Regeneration

Report Title Assurance Rating Key issues arising

Tree Service

Reasonable Monitoring of completed works carried out under the

Arboriculture Works Contract;

Timetabling of the completion of the subsidence claims review;

Availability of Management Information from the claims

provider;

Development of service performance indicators for the

completion of the cyclical maintenance programme;

Written procedures for the operation of the tree

maintenance programme and contract monitoring.

Aquaterra Contract Management

Reasonable Summary register of commitments entered into with

Aquaterra and other partner organisations;

Documentation of performance monitoring;

Regular verification of Aquaterra’s reported financial

results,

Data protection issues regarding use of personal IT

equipment.

North London Waste Authority

Contract

Reasonable Mechanisms are required to provide the Council with assurances over the accuracy of the weighbridge system used to calculate tonnage information provided to the Council.

Other projects in progress at end of December and scheduled for remainder of 2012/13:-

Archway Project

Public Realm Capital Programme

Street Environment – Enterprise Waste Management Contract Management

Private Sector Housing Grants

Income Maximisation Review (Joint review with Camden)

Follow ups –

S 106 and other capital funded projects (extended follow up)

Planning Applications (extended follow up)

Building Control Regulations (extended follow up)

10

Fundamental and Financial Systems Each year Internal Audit carries out reviews of the Council’s fundamental financial systems, to provide the Council with the necessary assurance that key financial controls in the fundamental systems are operating satisfactorily and support a robust internal control environment. This work covers the following systems:

Cash management

Accounts Payable and Abacus Adult Care Payments

Accounts Receivable

Payroll

Pensions

Fixed Assets

Treasury Management

Council Tax

National Non Domestic Rates

Housing Benefit

Parking

For each system being reviewed we look at controls in each category below, where relevant:

Policies and procedures;

Management information;

Budget setting and monitoring;

Reconciliations;

Income processing;

Expenditure processing;

IT systems and controls, and

Risk management.

Report Title Assurance

Rating

Key issues arising

Continuous Auditing of Key Financial

Controls – Phase One

Reasonable

Two of the 20 bank reconciliations tested had reconciling

items which had not been cleared on a timely basis.

IT access had not been removed for one employee who left

the Council in May 2012. For a further four leavers out of the

20 tested, there was insufficient evidence that the final

payroll calculation had been checked.

Pensions Administration

Reasonable

Lack of transparency over the dates used for performance information reporting. Process and procedures notes required updating.

A secondary review is performed in payroll over new

employee and new scheme member details to ensure this is

accurate (this drives pension contribution calculations); we

found cases where this secondary check was not

documented.

11

Other Projects In progress at December and scheduled for remainder of 2012/13:

Corporate Property Portfolio

Buildings and Property Management

Oversight Continuous Auditing Transaction Monitoring

Continuous Auditing of Key Financial Systems Controls – Phase 2

Follow ups

MTFS savings targets

12

Housing and Adult Social Services

Report Title Assurance

Rating

Key issues arising

Outlook Centre

Substantial No issues noted, controls were operating satisfactorily

Orchard Close

Substantial No issues noted, controls were operating satisfactorily

Temporary Accommodation Procurement

Reasonable Nightly rates chargeable agreed under the terms and

conditions of the framework contract were not consistently

applied;

Providers were failing to apply the same three year validity

period to CRB checks as the Council;

Non-compliance with site inspection requirements was

raised in the previous audit review; remedial action

remained outstanding,

Providers of nightly accommodation were not submitting

weekly returns of site visits in accordance with the terms

and conditions of the contract to confirm occupancy levels.

Estate Parking Service

Reasonable Two area housing offices are issuing borough wide

temporary permits to contractors when these should only be

issued by Highbury House.

A borough wide temporary permit had been issued for a

member of staff’s use.

The processes for the issue of permits does not require

independent authorisation and could result in issue of

permits for unauthorised use.

The permits refund budget is considered to be excessive for

the yearly amount paid in refunds.

Housing Stock Control

Substantial One instance was identified where a block of eight units had

been demolished but appeared as void on the IWorld

housing system. These had not been notified as part of the

end of year housing stock self-financing determination .

Examination of deconversions identified three instances

where the number of bedrooms was not consistent with

those recorded by the Overcrowding unit

13

Major Works Contracts – Mechanical and

Engineering

Substantial For one contract, the forecast final cost recorded on the

Capital Programme Database was not updated in line with

the latest Project Status Form (PSF). The PSF shows the

progress and actual and projected costs for each project

There is no standardised way of recording site visits.

Client Affairs Team – Follow up

Not rated

Finalisation of n Reconciliation processes and implementation of these:

management have made significant progress in

understanding and re-designing all reconciliation processes

including the Cedar/ Caspar and Cedar/ Bank reconciliations

referred to in our original report; however these new

procedures are yet to be implemented.

The review of historic reconciling items from past

reconciliations is well underway and should be completed as

soon as possible.

Almost all procedures in operation in the Client Affairs team

have been reviewed and re-written, and these have been

reviewed during the course of our follow up work

The current payments procedures should be updated to

prompt staff to enter details of standing orders or direct

debits on to Caspar.

Work on the closure of the accounts of deceased clients is

yet to commence; the team have focused on implementing

other recommendations and strengthening existing

processes before embarking on the investigation of

deceased client accounts.

Tenant Management Team Monitoring

Reasonable

Monitoring arrangements targeted at safeguarding risks were not in operation. Management had identified safeguarding as a risk area at the time of the audit and have designed a process to ensure TMOs are aware of, and are mitigating, safeguarding risks

A formal policy setting out monitoring arrangements is not in place.

Risk assessments are performed twice a year for each TMO; however the criteria underpinning why criteria are assessed as high/medium/low are not clearly set out and documented.

No single document in use which pulls together all issues identified for each TMO and shows how these are being tracked and resolved, and also the trend in issues over time.

Anti-fraud awareness training to be provided to improve TMOs’ knowledge of what constitutes fraud and what their responsibilities are.

South Locality –follow up Reasonable Adequate action had been taken to implement the previous report’s recommendations

Daylight Centre - follow up Reasonable Adequate action had been taken to implement the previous

report’s recommendations

Gambier House TMO Reasonable Adequate action had been taken to implement the previous

report’s recommendations

14

Redbrick TMO Reasonable Adequate action had been taken to implement the previous

report’s recommendations

Weston Rise TMO Limited Limited progress had been taken to implement the action plan agreed by the TMO’s management following the previous audit.

Other projects in progress at December 2012 and scheduled for remainder of 2012/13:

Miranda Tenant Management Organisation (TMO)

Spa Green TMO

Sea View TMO

Contracts and Procurement – Spot and Block Contracts

Major Works Contract Management – Mechanical and Electrical Contracts

S117 Mental Health Act Arrangements

Follow ups-

North Locality Office

Leaseholder Service Charges

Elthorne Cooperative

Carer Payments

15

Children’s Services These audits include reviews across all areas of the service, covering Schools and service provided by Cambridge Education @ Islington, Early Years Service, Integrated Services for Young People, and Social Care.

Report Title Assurance Rating Key Issues Arising

Drayton Park Primary School – follow up

Reasonable

Adequate action had been taken to implement the

previous report’s recommendations

St. Joseph’s Primary School – follow up

Reasonable

Adequate action had been taken to implement the

previous report’s recommendations

Grafton Primary School - follow up

Reasonable

Adequate action had been taken to implement the

previous report’s recommendations

Caterlink - School Meals Contract

Management (Phase two)

Reasonable

Adequate action had been taken to implement the

previous report’s recommendations

Hungerford Children’s Centre – follow up

Reasonable

Adequate action had been taken to implement the

previous report’s recommendations

New River Green Children’s Centre -

follow up

Reasonable

Adequate action had been taken to implement the

previous report’s recommendations

Food Vouchers – follow up

Reasonable

Adequate action had been taken to implement the

previous report’s recommendations

Other projects in progress at December and scheduled for remainder of 2012/13:-

School Audits:-

• Christ the King Primary

• Copenhagen Primary

• Hanover Primary

• Hargrave Park Primary

• Prior Weston Primary

16

• Richard Cloudesley

• Robert Blair Primary

• Tufnell Park Primary

• The Bridge

• IAMS

Pupil Referral Unit

Schools – Collaborative Procurement

Schools Payroll

Hornsey Rd Children’s Centre

Conewood Children’s Centre

Other audits –

Children’s Partnership – Multi Agency and care contracts

Independent Future Service

School Meals Income

Safer Recruitment

Follow ups-

Factory Children’s Centre

Golden Lane Children’s Centre

Kate Greenaway Children’s centre

Lough Rd Centre

Lumpy Hill Adventure Playground

17

Information Technology These projects relate to reviews of both Corporate IT systems and controls and applications which operate in service areas.

Report Title Assurance Rating Key issues arising

Data Protection Policy

Not rated

Safeguards to secure Data were not operating effectively

in all cases.

Management agreed to improve overall effectiveness by

defining consistent practices across the Council,

providing adequate training to end-users, and

implementing formal compliance monitoring procedures

to ensure safeguards to operating effectively.

Softbox – Carer Payments Application

Security Review

Limited

Softbox users have the ability to create, amend and approve payments to new suppliers. In addition the system administrator can also make payments from the Softbox application.

User Management Procedures - No formal documentation of procedures relating to, or evidence retained, of new user requests are in place. redundant user IDs are present within the system.

Other projects in progress at December and scheduled for remainder of 2012/13:-

N3 Data Audit

My E Account system

I PAY system

Parking – new E Permits system -

Network Access - Starters and Leavers

Electronic Document Management

follow ups-

Business Continuity Planning

Network Performance Monitoring

Software Asset Management

Alignment of IT Projects with Organisational Strategy

E-Commerce Security Review

NNDR Migration

18

Pro-active anti-fraud reviews

Report Title Assurance

Rating

Key issues arising

Contempus – User IDs n/a From our sample of 15 user IDs examined:

Weaknesses were identified in the authorisation and

deactivation of users.

Tenancy Fraud Limited

assurance

Consistency of procedures in place to verify the housing

status of new council property tenants and that these are also

introduced for successions and assignments.

Verification of relationships between previous tenants and

assignees/succeeding tenants, and management approval of

assignments and successions.

Verification of identification of new tenants - consistency and

that adequate documentation is requested and retained.

Other findings were made in relation to obtaining application

forms and forms of authority from new tenants as part of the

assignments and successions application process, and

verification of immigration status.

Other projects in progress at December and scheduled for remainder of 2012/13:- follow ups- Direct Payments Residents Parking Permits and Blue Badges Market Traders Licences Council Tax Discounts Summary of investigation referrals Under the Council’s Financial Regulations and Anti-Fraud policy, all suspicions or allegations of fraud or other financial irregularities should be referred to internal audit for assessment and investigation. The investigative action to be taken by internal audit will be decided and agreed on a case by case basis, and a decision will usually be taken based on the nature of the offence and the potential value. In some cases audit may not lead on an investigation, but will provide support and advice during or following a management investigation. During 2012/13, internal audit have assessed a total of 26 cases. During 2011/12, internal audit assessed a total of 28 cases. These cases are primarily comprised of referrals made by management, allegations by whistle blowers, and issues discovered by audit during pro-active work. A summary of cases by outcome is set out in the table below.

Outcome Volume of cases

No further action by internal audit 11

Control recommendations made 1

Disciplinary action 5

Prosecution (in progress) 1

Investigation/further action on going 8

Total 26

A summary of completed cases (i.e. excluding those where Council action is still ongoing) is provided in the

19

table below.

Case summary Outcome

Alleged financial abuse of vulnerable client Prosecution (in progress)

Subletting of Council property by member of staff

No further action by internal audit (Subject is no longer employed by the Council)

Council Tax – avoidance of arrears and wrongful claiming of single persons discount by member of staff

Disciplinary action (final written warning for gross misconduct)

Alleged theft of £1,000 cash payment for planning fees by Council member of staff

No further action by internal audit (allegations could not be substantiated)

Investigation by Jobcentre Plus into alleged fraudulent claims under the access to work scheme by a Council member of staff

No further action by internal audit (Member of staff is no longer employed by the Council)

Blue badge misuse by a Council member of staff

Disciplinary action (audit awaiting confirmation of outcome)

Street Environment Services – Whistle blowing allegation

No further action by internal audit (allegations could not be substantiated)

Street Environment Services – accruals and payments irregularities

Disciplinary action (Two Council officers received formal warnings)

City and Islington Credit Union – payment and tax irregularities

No further action by internal audit (allegations could not be substantiated)

Salary overpayment Report issued containing control recommendations (overpayment to be recovered)

Sick leave - YE Disciplinary action (audit awaiting confirmation of outcome)

Loss of petty cash from library till (£97) No further action by internal audit (management investigation)

Missing food vouchers (£300) held by Procurement

No further action by internal audit (management investigation)

Spectrum Creative Media Project Management Report - cash loss

No further action by internal audit (management investigation)

Toffee Park Youth Club – cash loss No further action by internal audit (management investigation)

Social worker – financial abuse investigation Agency worker dismissed/ Investigation ongoing

(audit to be advised by management if further information received that would warrant an investigation)

Cheque frauds in schools No further action by internal audit (As in each case the Cooperative Bank has reimbursed the school and the loss reported to the police, counter-fraud continue to keep a log of reported cases for information purposes only.

Employment agency allegation No further action by internal audit (allegations could not be substantiated)

Other activities

National Fraud Initiative (“NFI”) – We have coordinated the Council’s participation in the NFI through uploading the required datasets to the Audit Commission’s website and ensuring that Fair Processing Notices were issued to data subjects where required. Fraud awareness training sessions – We have delivered a total of five interactive fraud awareness training

20

sessions to teams within Adult Social Services and a session to Human Resources. These areas were targeted by agreement with service directors and managers and were attended by a total of 82 Council officers. The sessions were in response to the need to raise the profile of internal audit and counter fraud across the Council and increase compliance with the Financial Regulations in relation to fraud reporting. The key purposes of the workshops included:

raising awareness of fraud risks and their impact;

making staff aware of their personal responsibilities in preventing and detecting fraud; and

ensuring that staff are aware of fraud reporting requirements.

The sessions have generally received positive feedback, and the levels of interaction were generally high. Following the sessions a short management letter was issued to the Head of Service with a recap of the key messages and the fraud risks identified by delegates during the session.

21

Appendix 1: Key to Assurance Levels

Key to Assurance Levels

Level of Assurance

Substantial

Our review did not identify any weaknesses that would impact on the achievement of the key system, function or

process objectives. Therefore we can conclude that key controls have been adequately designed and are operating

effectively to deliver the key objectives of the system, function or process.

As a result, a high level of assurance can be given on the adequacy and operating effectiveness of controls in place

at the time of our audit.

Reasonable

There are some weaknesses in the design and/or operation of controls; however the likely impact of these

weaknesses on the achievement of the key system, function or process objectives is not expected to be significant.

Furthermore, these weaknesses are unlikely to impact upon the achievement of organisational objectives.

As a result, moderate assurance can be given on the adequacy and operating effectiveness of controls in place at

the time of our audit.

Limited

There are weaknesses in the design and / or operation of controls which could have a significant impact on the

achievement of the key system, function or process objectives which may also have a significant impact on the

achievement of organisational objectives.

We are therefore able to give limited assurance on the adequacy and operating effectiveness of controls in place.

No Assurance

There are weaknesses in the design and/or operation of controls which not only have a significant impact on the

achievement of key system, function or process objectives but may put at risk the achievement of organisation

objectives. As a result, no assurance can be given on the adequacy and operating effectiveness of controls in place.

Recommendations

Risk Rating

High

Control weakness that has or is likely to have a significant impact upon the achievement of key system, function or

process objectives.

This weakness may have a significant impact on the achievement of the overall organisational objectives.

Medium

Control weakness that has a low impact on the achievement of the key system, function or process objectives; or

This weakness has exposed the system, function or process to a key risk, however the likelihood of this

risk occurring is low.

Low

Control weakness that does not impact upon the achievement of key system, function or process objectives; however

implementation of the recommendation would improve overall control.

22

Appendix 2: Changes to plan

The following unplanned projects have been added to the audit plan since approval by the Audit Committee in March 2013:

Department Project

Corporate Reviews

Data Protection Policies and Procedures (and follow up )

Corporate Policies and Procedures

Children’s Services

Hornsey Rd Children’s Centre

Conewood Children’s Centre

Cambridge Education@Islington – reintegration

Safer Recruitment

Independent Futures Service

School Meals Income

Finance Pensions Administration

The following projects have been cancelled or days re-allocated to other projects in the audit plan since approval by the Audit Committee:

Department Project

Corporate Reviews Grant claims sign off

Business Continuity

RIPA follow up

Children’s Services Safe Children’s Board

Place Planning

William Tyndale Academy follow up

New North Academy follow up

Caterlink school meals contract follow up

Cambridge Education@Islington Asset Management follow up

Community Budget follow up

Housing and Adult Social Services

Community Equipment Service

Mental Health Carer Payments

Harry Weston TMO follow up

Housing Repairs

Proactive Antifraud reviews Amendments to Supplier Bank Account details