Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Appendix A
i
London Borough of Islington
2
Contents
Introduction
Overall summary
Key themes identified
Service Summaries - Reports Issued 1st April 2012 – 31
st December 2012
Appendix 1: Key to Assurance Levels
Appendix 2: Changes to plan
3
Introduction
Purpose of this report This report summarises the work that Internal Audit has undertaken in the period April – December 2012 and provides details on the high risk and priority issues which could impact on the effectiveness of the internal control environment across the Authority.
Overview of the Internal Audit Approach As Internal Audit, our role is to provide an annual assurance statement on the adequacy and effectiveness of the Council’s governance processes, risk management and control environment. Collectively, we refer to all of these activities in this report as “the system of internal control”.
The London Borough of Islington is a large organisation providing a diverse range of services to the public with a number of processes, systems and complexities that underpin service delivery.
We generally undertake individual projects with one of two objectives in mind:
• Assurance Reviews: The majority of projects are geared towards providing assurance to management on the operation of the Authority’s system of internal control.
• Specific Advice reports: Other projects are geared more towards the provision of specific advice and support to management to enhance the efficiency, effectiveness and economy of the services and functions for which they are responsible.
We also undertake:
• Compliance Audit: We assist in the review of financial related regulations that the Council needs to comply with. This includes Schools, audits, continuous auditing and establishment audits (e.g. Care Homes and Day Centres) and
• Proactive Anti-fraud and Forensic Work: investigations into “internal” instances of suspected fraud, proactive anti-fraud work, and other activities, such as data analysis, National Fraud Initiate (NFI) support, and the provision of training and awareness sessions to key groups of staff. The work delivered supplements investigative work undertaken by dedicated housing benefit and blue badge fraud teams.
All audit reports include our recommendations and actions agreed with management that will, if implemented, further enhance the control environment and the operation of the controls in practice. We formally follow up all of our work within 12 months of issuing a final report to monitor the levels of implementation of agreed actions.
Each year we seek to adapt and enhance our approach in order to take account the Council’s risk profile and changes in the system of internal control to ensure that our work remains focused on the areas of high risk and seeks to avoid duplication of effort, where there are other sources of assurance, for example, Audit Commission and Ofsted in operation.
Overview of work done April – December 2012
The original Audit Plan for 2012/13 approved by the Audit committee in March 2012 included a total of 95 planned projects totalling 1,450 audit days. We have continued to communicate closely with senior management to ensure that the audit reviews actually undertaken represent a focus on high risk areas, in the light of new and ongoing developments in the Authority to ensure the most appropriate use of our resources. As at December 2012, the revised number of planned projects to be delivered is 97 of which we have completed 35 with a further 14 projects at fieldwork stage, 10 of which are expected to be at draft report stage by the end of January. This will represent 50% of the plan completed. At Appendix two we have identified the
4
movement in the audit plan since the agreement of the original audit plan.
:
Report Assurance Ratings by Service Area
Service Area Substantial
Assurance
Reasonable
Assurance
Limited
Assurance
No
Assurance
Not
Rated
Total
Corporate Reviews and
Corporate Resources
1 2 2 0 0 5
Fundamental & Financial
Systems and Continuous
Auditing
0 2 0 0 0 2
Environment &
Regeneration
0 3 0 0 0 3
Housing & Adult Social
Services (HASS)
5 7 1 0 0 13
Children’s Services 0 7 0 0 0 7
Information Technology 0 0 1 0 1 2
Antifraud and
Investigations
0 0 1 0 1 2
Total 6 21 5 0 2 34
The above table shows that 27 of the 35 (77%) audits undertaken in the year to date provided an assurance rating opinion of substantial or reasonable, providing a positive message on the levels of assurance as to the adequacy and effectiveness of the internal control environment, while six reports have provided a limited or no assurance rating (18%)
Our findings on the key themes arising from our work to date in 2012/13 are set out below.
5
Key themes identified
Governance
Project Management - We believe there are benefits to be had from a more consistent, robust procedure for programme and project management.
Data Protection – Recent breaches of the Council’s Data Protection Policies have resulted in residents’ and clients’ confidential personal data being exposed to the public:
An audit of the council’s Data Protection Policies and Procedures identified three opportunities for improvement relating to the Council’s safeguards over hard copy documents.
Council-wide policies should be implemented and be made available to all staff detailing how they should work to ensure they meet the requirements of the DPA and agreed practice for processing information requests from external parties (including SARs);
Management should develop a consistent set of safeguards that can be applied across the Council for hard copy documentation. This framework should be applied based on the sensitivity of the data to ensure that controls implemented are commensurate with the risk of data loss. In developing this framework, management needs to ensure that data across the information lifecycle (from creation to destruction) is considered, and
A data protection training plan should be developed, signed off by senior management and communicated to the Directorates. The plan should include a timeframe for the coverage of all council staff handling personal data (including sensitive personal data) and adherence to the plan needs to be monitored. This training program should cover all full-time staff members and temporary staff (agency, contractors, etc.) who handle personal data.
A follow up audit is scheduled for January 2013 to review progress in implementation of the above recommendations.
The findings from this report will be included in our 2012/13 annual report to the June 2013 Audit Committee.
Pre-employment vetting checks
Audits undertaken in services and in corporate reviews have identified a lack of consistency or non-compliance with established council policy and procedures to ensure all required pre-employment checks are completed before council staffare appointed. Contract Management reviews have also highlighted that completion of required checks by contractors are not being adequately monitored.
Risk Management
Liaison with the risk management team continues to ensure unregistered risks picked up in audits are fed back to services for consideration and review.
Fundamental and Key Financial Systems
Each year Internal Audit carries out reviews of the Council’s fundamental financial systems. This process allows the Audit Commission to place reliance on the work performed by Internal Audit. It also allows Islington to limit Audit Commission fees spent on reviewing the authority’s activities.
In 2012/13 we have continued to apply and improve on our Continuous Auditing method for key financial systems. We have streamlined the format and outputs from the Service Assurance process with departments to align with the core areas of activity and key controls reviewed in the Continuous Auditing model. Work is supported by outputs from the Oversight Continuous Transaction Monitoring tool.
This combined with the information provided by management as part of Service assurance meetings allows audit to focus work on high risk areas of concern and to reduce testing where management maintains
6
comprehensive monitoring of key controls.
We reported in our June 2012 Audit Committee annual report that the final year overall opinion rating for the fundamental systems was ‘reasonable assurance and good progress continues to be made to improve controls in areas across systems which needed strengthening in the previous year’s work, such as reconciliation controls.
In the latest 2011/13 phase one review, we raised only two medium priority findings and twelve low risk best practice findings.
Overall it was noted that the control environment has remained stable across the key financial systems during
the period of testing for this work. A summary of the matters arising from the report is included in the Finance
Service summary.
Management’s response to implementing audit recommendations
Progress in implementation of recommendations made in 2011/12 reports has been monitored by completion of follow up audits on all audits completed in that year. This exercise has confirmed that of the twelve follow ups completed to date, in all but case the recommendations raised in the previous report have been substantively or fully implemented and controls improved where appropriate.
In one instance, Weston Rise Tenant Management Organisation, (TMO) only seven of the fourteen recommendations agreed in the 2011/12 audit report had been fully implemented, these were three of the eight high risk issues and four of the six medium risk issues. A further four high risk and one medium risk issues had been partially actioned while one high and one medium risk issues had not been implemented The high risk issue related to drafting a policy regarding payment of staff bonuses and the medium risk issue concerned addressing the lack of details on purchase orders completed.
The assurance rating was therefore only revised to limited from the previous report’s no assurance ratings. Details of the areas covered by the follow ups are included in the service summaries section of this report.
Performance of Internal Audit and Efficiency of the Service
As reported in our 2011/12 annual report to the June 2012 Audit Committee, we are continuing efforts to further improve delivery of the service to customers. The main achievements in 2012/13 to date are as follows:
Working with Camden to deliver a shared audit service. Planned joint audit reviews across both councils are currently in progress aimed at identifying opportunities to develop best practice in service delivery which will benefit both councils;
Key Performance Indicators used to demonstrate the effectiveness of the internal audit function show that internal audit continues to meet CIPFA recommended targets for delivering the audit plan, maintaining staff productivity targets, and following up on implementation of agreed audit recommendations;
The 2013/14 audit plan and audit strategy will embrace recommendations made by the International Auditing Standards Board to ensure that the council’s internal audit team are operating in accordance with the latest recommended professional audit standards.
Audit Quality Surveys received following each completed audit project revealed that the majority of surveys showed good or very good satisfaction with the audit service provided, and
7
Service Summaries – Reports Issued 1st April
2011– 31st March 2012
The tables which follow summarise by service area the key issues arising from reports issued in the period April – December 2012.
Corporate (including Corporate Resources and Integrated Specialist Reviews) This area covers Council activities which are common to all service areas or departments and are cross cutting in nature.
Report Title Assurance Rating Key issues arising
Corporate Procurement and Contract
Management
Limited Clarity of responsibility for the corporate procurement
function;
Independent monitoring of contract management in
services to challenge the effectiveness of service
delivery by contractors;
Contracts had not been notified to the corporate
procurement team. Inconsistency of documentation held
on contract files.
A need for Purchase card user guidance to be updated
to reflect changes made to the system.
Receipts were not always scanned into the purchase
card system and lack of description of transaction details
to support adequate authorisation of transactions, and
System administration issues were noted regarding
review of purchase cards status ,e.g. leavers, inactive
cards and user transaction limits
Health and Safety Policy
Substantial Process to ensure line managers complete Health and
Safety Induction checklists with all new Council
employees
8
Comensura Contract
Limited Timesheets continue to be auto-approved on the
Comensura.net system where they have not been
approved in time by the two listed approvers at the
Council. This finding was raised in a previous audit
report
No preventative controls are mandated within the
Council to ensure that all agency staff have been subject
to appropriate vetting and pre-employment checks
Lack of documentation of actions and decisions
undertaken at quarterly contract meetings and evidence
of review of the rebate calculation
No procedures are in place to identify and follow up
agency staff spend outside of the Comensura contract.
Local Initiatives Fund Grants
Reasonable Evidence of approval on the grant proposals.
Accuracy, completeness or validity of supporting
information submitted for the grant expenditure incurred
Delay in the review of report back forms of three months
or longer.
Evidence to support the achievement of outcomes
stated.
Cashiers’ Operations - follow up Reasonable Adequate action had been taken to implement the
previous report’s recommendations
Other projects in progress at end of December and remainder of 2012/13:
Contact Islington Call Centre
Business Continuity and Disaster Recovery
Community Budget - Family Outreach Service
(Children’s Services and Adult Social Services Joint review)
Joint reviews with Camden:-
Voluntary Sector Partnership Contracts Public Health Care Joint Commissioning Arrangements
Safeguarding Adults
CCTV Review
Follow ups –
Members Code of Conduct and Expenses
HR Processes
9
Environment and Regeneration
Report Title Assurance Rating Key issues arising
Tree Service
Reasonable Monitoring of completed works carried out under the
Arboriculture Works Contract;
Timetabling of the completion of the subsidence claims review;
Availability of Management Information from the claims
provider;
Development of service performance indicators for the
completion of the cyclical maintenance programme;
Written procedures for the operation of the tree
maintenance programme and contract monitoring.
Aquaterra Contract Management
Reasonable Summary register of commitments entered into with
Aquaterra and other partner organisations;
Documentation of performance monitoring;
Regular verification of Aquaterra’s reported financial
results,
Data protection issues regarding use of personal IT
equipment.
North London Waste Authority
Contract
Reasonable Mechanisms are required to provide the Council with assurances over the accuracy of the weighbridge system used to calculate tonnage information provided to the Council.
Other projects in progress at end of December and scheduled for remainder of 2012/13:-
Archway Project
Public Realm Capital Programme
Street Environment – Enterprise Waste Management Contract Management
Private Sector Housing Grants
Income Maximisation Review (Joint review with Camden)
Follow ups –
S 106 and other capital funded projects (extended follow up)
Planning Applications (extended follow up)
Building Control Regulations (extended follow up)
10
Fundamental and Financial Systems Each year Internal Audit carries out reviews of the Council’s fundamental financial systems, to provide the Council with the necessary assurance that key financial controls in the fundamental systems are operating satisfactorily and support a robust internal control environment. This work covers the following systems:
Cash management
Accounts Payable and Abacus Adult Care Payments
Accounts Receivable
Payroll
Pensions
Fixed Assets
Treasury Management
Council Tax
National Non Domestic Rates
Housing Benefit
Parking
For each system being reviewed we look at controls in each category below, where relevant:
Policies and procedures;
Management information;
Budget setting and monitoring;
Reconciliations;
Income processing;
Expenditure processing;
IT systems and controls, and
Risk management.
Report Title Assurance
Rating
Key issues arising
Continuous Auditing of Key Financial
Controls – Phase One
Reasonable
Two of the 20 bank reconciliations tested had reconciling
items which had not been cleared on a timely basis.
IT access had not been removed for one employee who left
the Council in May 2012. For a further four leavers out of the
20 tested, there was insufficient evidence that the final
payroll calculation had been checked.
Pensions Administration
Reasonable
Lack of transparency over the dates used for performance information reporting. Process and procedures notes required updating.
A secondary review is performed in payroll over new
employee and new scheme member details to ensure this is
accurate (this drives pension contribution calculations); we
found cases where this secondary check was not
documented.
11
Other Projects In progress at December and scheduled for remainder of 2012/13:
Corporate Property Portfolio
Buildings and Property Management
Oversight Continuous Auditing Transaction Monitoring
Continuous Auditing of Key Financial Systems Controls – Phase 2
Follow ups
MTFS savings targets
12
Housing and Adult Social Services
Report Title Assurance
Rating
Key issues arising
Outlook Centre
Substantial No issues noted, controls were operating satisfactorily
Orchard Close
Substantial No issues noted, controls were operating satisfactorily
Temporary Accommodation Procurement
Reasonable Nightly rates chargeable agreed under the terms and
conditions of the framework contract were not consistently
applied;
Providers were failing to apply the same three year validity
period to CRB checks as the Council;
Non-compliance with site inspection requirements was
raised in the previous audit review; remedial action
remained outstanding,
Providers of nightly accommodation were not submitting
weekly returns of site visits in accordance with the terms
and conditions of the contract to confirm occupancy levels.
Estate Parking Service
Reasonable Two area housing offices are issuing borough wide
temporary permits to contractors when these should only be
issued by Highbury House.
A borough wide temporary permit had been issued for a
member of staff’s use.
The processes for the issue of permits does not require
independent authorisation and could result in issue of
permits for unauthorised use.
The permits refund budget is considered to be excessive for
the yearly amount paid in refunds.
Housing Stock Control
Substantial One instance was identified where a block of eight units had
been demolished but appeared as void on the IWorld
housing system. These had not been notified as part of the
end of year housing stock self-financing determination .
Examination of deconversions identified three instances
where the number of bedrooms was not consistent with
those recorded by the Overcrowding unit
13
Major Works Contracts – Mechanical and
Engineering
Substantial For one contract, the forecast final cost recorded on the
Capital Programme Database was not updated in line with
the latest Project Status Form (PSF). The PSF shows the
progress and actual and projected costs for each project
There is no standardised way of recording site visits.
Client Affairs Team – Follow up
Not rated
Finalisation of n Reconciliation processes and implementation of these:
management have made significant progress in
understanding and re-designing all reconciliation processes
including the Cedar/ Caspar and Cedar/ Bank reconciliations
referred to in our original report; however these new
procedures are yet to be implemented.
The review of historic reconciling items from past
reconciliations is well underway and should be completed as
soon as possible.
Almost all procedures in operation in the Client Affairs team
have been reviewed and re-written, and these have been
reviewed during the course of our follow up work
The current payments procedures should be updated to
prompt staff to enter details of standing orders or direct
debits on to Caspar.
Work on the closure of the accounts of deceased clients is
yet to commence; the team have focused on implementing
other recommendations and strengthening existing
processes before embarking on the investigation of
deceased client accounts.
Tenant Management Team Monitoring
Reasonable
Monitoring arrangements targeted at safeguarding risks were not in operation. Management had identified safeguarding as a risk area at the time of the audit and have designed a process to ensure TMOs are aware of, and are mitigating, safeguarding risks
A formal policy setting out monitoring arrangements is not in place.
Risk assessments are performed twice a year for each TMO; however the criteria underpinning why criteria are assessed as high/medium/low are not clearly set out and documented.
No single document in use which pulls together all issues identified for each TMO and shows how these are being tracked and resolved, and also the trend in issues over time.
Anti-fraud awareness training to be provided to improve TMOs’ knowledge of what constitutes fraud and what their responsibilities are.
South Locality –follow up Reasonable Adequate action had been taken to implement the previous report’s recommendations
Daylight Centre - follow up Reasonable Adequate action had been taken to implement the previous
report’s recommendations
Gambier House TMO Reasonable Adequate action had been taken to implement the previous
report’s recommendations
14
Redbrick TMO Reasonable Adequate action had been taken to implement the previous
report’s recommendations
Weston Rise TMO Limited Limited progress had been taken to implement the action plan agreed by the TMO’s management following the previous audit.
Other projects in progress at December 2012 and scheduled for remainder of 2012/13:
Miranda Tenant Management Organisation (TMO)
Spa Green TMO
Sea View TMO
Contracts and Procurement – Spot and Block Contracts
Major Works Contract Management – Mechanical and Electrical Contracts
S117 Mental Health Act Arrangements
Follow ups-
North Locality Office
Leaseholder Service Charges
Elthorne Cooperative
Carer Payments
15
Children’s Services These audits include reviews across all areas of the service, covering Schools and service provided by Cambridge Education @ Islington, Early Years Service, Integrated Services for Young People, and Social Care.
Report Title Assurance Rating Key Issues Arising
Drayton Park Primary School – follow up
Reasonable
Adequate action had been taken to implement the
previous report’s recommendations
St. Joseph’s Primary School – follow up
Reasonable
Adequate action had been taken to implement the
previous report’s recommendations
Grafton Primary School - follow up
Reasonable
Adequate action had been taken to implement the
previous report’s recommendations
Caterlink - School Meals Contract
Management (Phase two)
Reasonable
Adequate action had been taken to implement the
previous report’s recommendations
Hungerford Children’s Centre – follow up
Reasonable
Adequate action had been taken to implement the
previous report’s recommendations
New River Green Children’s Centre -
follow up
Reasonable
Adequate action had been taken to implement the
previous report’s recommendations
Food Vouchers – follow up
Reasonable
Adequate action had been taken to implement the
previous report’s recommendations
Other projects in progress at December and scheduled for remainder of 2012/13:-
School Audits:-
• Christ the King Primary
• Copenhagen Primary
• Hanover Primary
• Hargrave Park Primary
• Prior Weston Primary
16
• Richard Cloudesley
• Robert Blair Primary
• Tufnell Park Primary
• The Bridge
• IAMS
Pupil Referral Unit
Schools – Collaborative Procurement
Schools Payroll
Hornsey Rd Children’s Centre
Conewood Children’s Centre
Other audits –
Children’s Partnership – Multi Agency and care contracts
Independent Future Service
School Meals Income
Safer Recruitment
Follow ups-
Factory Children’s Centre
Golden Lane Children’s Centre
Kate Greenaway Children’s centre
Lough Rd Centre
Lumpy Hill Adventure Playground
17
Information Technology These projects relate to reviews of both Corporate IT systems and controls and applications which operate in service areas.
Report Title Assurance Rating Key issues arising
Data Protection Policy
Not rated
Safeguards to secure Data were not operating effectively
in all cases.
Management agreed to improve overall effectiveness by
defining consistent practices across the Council,
providing adequate training to end-users, and
implementing formal compliance monitoring procedures
to ensure safeguards to operating effectively.
Softbox – Carer Payments Application
Security Review
Limited
Softbox users have the ability to create, amend and approve payments to new suppliers. In addition the system administrator can also make payments from the Softbox application.
User Management Procedures - No formal documentation of procedures relating to, or evidence retained, of new user requests are in place. redundant user IDs are present within the system.
Other projects in progress at December and scheduled for remainder of 2012/13:-
N3 Data Audit
My E Account system
I PAY system
Parking – new E Permits system -
Network Access - Starters and Leavers
Electronic Document Management
follow ups-
Business Continuity Planning
Network Performance Monitoring
Software Asset Management
Alignment of IT Projects with Organisational Strategy
E-Commerce Security Review
NNDR Migration
18
Pro-active anti-fraud reviews
Report Title Assurance
Rating
Key issues arising
Contempus – User IDs n/a From our sample of 15 user IDs examined:
Weaknesses were identified in the authorisation and
deactivation of users.
Tenancy Fraud Limited
assurance
Consistency of procedures in place to verify the housing
status of new council property tenants and that these are also
introduced for successions and assignments.
Verification of relationships between previous tenants and
assignees/succeeding tenants, and management approval of
assignments and successions.
Verification of identification of new tenants - consistency and
that adequate documentation is requested and retained.
Other findings were made in relation to obtaining application
forms and forms of authority from new tenants as part of the
assignments and successions application process, and
verification of immigration status.
Other projects in progress at December and scheduled for remainder of 2012/13:- follow ups- Direct Payments Residents Parking Permits and Blue Badges Market Traders Licences Council Tax Discounts Summary of investigation referrals Under the Council’s Financial Regulations and Anti-Fraud policy, all suspicions or allegations of fraud or other financial irregularities should be referred to internal audit for assessment and investigation. The investigative action to be taken by internal audit will be decided and agreed on a case by case basis, and a decision will usually be taken based on the nature of the offence and the potential value. In some cases audit may not lead on an investigation, but will provide support and advice during or following a management investigation. During 2012/13, internal audit have assessed a total of 26 cases. During 2011/12, internal audit assessed a total of 28 cases. These cases are primarily comprised of referrals made by management, allegations by whistle blowers, and issues discovered by audit during pro-active work. A summary of cases by outcome is set out in the table below.
Outcome Volume of cases
No further action by internal audit 11
Control recommendations made 1
Disciplinary action 5
Prosecution (in progress) 1
Investigation/further action on going 8
Total 26
A summary of completed cases (i.e. excluding those where Council action is still ongoing) is provided in the
19
table below.
Case summary Outcome
Alleged financial abuse of vulnerable client Prosecution (in progress)
Subletting of Council property by member of staff
No further action by internal audit (Subject is no longer employed by the Council)
Council Tax – avoidance of arrears and wrongful claiming of single persons discount by member of staff
Disciplinary action (final written warning for gross misconduct)
Alleged theft of £1,000 cash payment for planning fees by Council member of staff
No further action by internal audit (allegations could not be substantiated)
Investigation by Jobcentre Plus into alleged fraudulent claims under the access to work scheme by a Council member of staff
No further action by internal audit (Member of staff is no longer employed by the Council)
Blue badge misuse by a Council member of staff
Disciplinary action (audit awaiting confirmation of outcome)
Street Environment Services – Whistle blowing allegation
No further action by internal audit (allegations could not be substantiated)
Street Environment Services – accruals and payments irregularities
Disciplinary action (Two Council officers received formal warnings)
City and Islington Credit Union – payment and tax irregularities
No further action by internal audit (allegations could not be substantiated)
Salary overpayment Report issued containing control recommendations (overpayment to be recovered)
Sick leave - YE Disciplinary action (audit awaiting confirmation of outcome)
Loss of petty cash from library till (£97) No further action by internal audit (management investigation)
Missing food vouchers (£300) held by Procurement
No further action by internal audit (management investigation)
Spectrum Creative Media Project Management Report - cash loss
No further action by internal audit (management investigation)
Toffee Park Youth Club – cash loss No further action by internal audit (management investigation)
Social worker – financial abuse investigation Agency worker dismissed/ Investigation ongoing
(audit to be advised by management if further information received that would warrant an investigation)
Cheque frauds in schools No further action by internal audit (As in each case the Cooperative Bank has reimbursed the school and the loss reported to the police, counter-fraud continue to keep a log of reported cases for information purposes only.
Employment agency allegation No further action by internal audit (allegations could not be substantiated)
Other activities
National Fraud Initiative (“NFI”) – We have coordinated the Council’s participation in the NFI through uploading the required datasets to the Audit Commission’s website and ensuring that Fair Processing Notices were issued to data subjects where required. Fraud awareness training sessions – We have delivered a total of five interactive fraud awareness training
20
sessions to teams within Adult Social Services and a session to Human Resources. These areas were targeted by agreement with service directors and managers and were attended by a total of 82 Council officers. The sessions were in response to the need to raise the profile of internal audit and counter fraud across the Council and increase compliance with the Financial Regulations in relation to fraud reporting. The key purposes of the workshops included:
raising awareness of fraud risks and their impact;
making staff aware of their personal responsibilities in preventing and detecting fraud; and
ensuring that staff are aware of fraud reporting requirements.
The sessions have generally received positive feedback, and the levels of interaction were generally high. Following the sessions a short management letter was issued to the Head of Service with a recap of the key messages and the fraud risks identified by delegates during the session.
21
Appendix 1: Key to Assurance Levels
Key to Assurance Levels
Level of Assurance
Substantial
Our review did not identify any weaknesses that would impact on the achievement of the key system, function or
process objectives. Therefore we can conclude that key controls have been adequately designed and are operating
effectively to deliver the key objectives of the system, function or process.
As a result, a high level of assurance can be given on the adequacy and operating effectiveness of controls in place
at the time of our audit.
Reasonable
There are some weaknesses in the design and/or operation of controls; however the likely impact of these
weaknesses on the achievement of the key system, function or process objectives is not expected to be significant.
Furthermore, these weaknesses are unlikely to impact upon the achievement of organisational objectives.
As a result, moderate assurance can be given on the adequacy and operating effectiveness of controls in place at
the time of our audit.
Limited
There are weaknesses in the design and / or operation of controls which could have a significant impact on the
achievement of the key system, function or process objectives which may also have a significant impact on the
achievement of organisational objectives.
We are therefore able to give limited assurance on the adequacy and operating effectiveness of controls in place.
No Assurance
There are weaknesses in the design and/or operation of controls which not only have a significant impact on the
achievement of key system, function or process objectives but may put at risk the achievement of organisation
objectives. As a result, no assurance can be given on the adequacy and operating effectiveness of controls in place.
Recommendations
Risk Rating
High
Control weakness that has or is likely to have a significant impact upon the achievement of key system, function or
process objectives.
This weakness may have a significant impact on the achievement of the overall organisational objectives.
Medium
Control weakness that has a low impact on the achievement of the key system, function or process objectives; or
This weakness has exposed the system, function or process to a key risk, however the likelihood of this
risk occurring is low.
Low
Control weakness that does not impact upon the achievement of key system, function or process objectives; however
implementation of the recommendation would improve overall control.
22
Appendix 2: Changes to plan
The following unplanned projects have been added to the audit plan since approval by the Audit Committee in March 2013:
Department Project
Corporate Reviews
Data Protection Policies and Procedures (and follow up )
Corporate Policies and Procedures
Children’s Services
Hornsey Rd Children’s Centre
Conewood Children’s Centre
Cambridge Education@Islington – reintegration
Safer Recruitment
Independent Futures Service
School Meals Income
Finance Pensions Administration
The following projects have been cancelled or days re-allocated to other projects in the audit plan since approval by the Audit Committee:
Department Project
Corporate Reviews Grant claims sign off
Business Continuity
RIPA follow up
Children’s Services Safe Children’s Board
Place Planning
William Tyndale Academy follow up
New North Academy follow up
Caterlink school meals contract follow up
Cambridge Education@Islington Asset Management follow up
Community Budget follow up
Housing and Adult Social Services
Community Equipment Service
Mental Health Carer Payments
Harry Weston TMO follow up
Housing Repairs
Proactive Antifraud reviews Amendments to Supplier Bank Account details