London Borough of Lambeth - Lambeth Council Annual Re… · Counter Fraud – a summary of the counter fraud work carried out in 2016/17 by the Internal Audit and Counter Fraud Service,

Appendix 1

London Borough of Lambeth Internal Audit and Counter Fraud Annual Report 2016-2017

Contents

INTRODUCTION .................................................................................................................................. 1

1. EXECUTIVE SUMMARY ............................................................................................................. 2

2. HEAD OF INTERNAL AUDIT’S ANNUAL OPINION ................................................................... 3

3. SUMMARY OF INTERNAL AUDIT FINDINGS............................................................................ 6

ANNEX 1: DETAILED ANALYSIS INTERNAL AUDIT REVIEWS 2016/17 ........................................ 19

ANNEX 2: REPORT CLASSIFICATIONS .......................................................................................... 24

ANNEX 3: PUBLIC SECTOR INTERNAL AUDIT STANDARDS – ANNUAL OPINION CATEGORIES 26

ANNEX 4: LIMITATIONS AND RESPONSIBILITIES ......................................................................... 27

1

Purpose of this report This report summarises the work that the Internal Audit and Counter Fraud Service has undertaken during the financial

year 2016/17 and the key themes - strengths and weaknesses - that we have identified across Lambeth Borough Council

(the Council).

The report contains the overall assessment of the Council’s control environment in the form of the Head of Internal Audit’s

Annual Opinion for 2016/17. It also highlights how responsive management are at implementing recommendations that

have been made as a result of our work and the successful outcomes achieved by the Council’s fraud investigation

teams.

Report structure We have set out the results of the work performed by the Internal Audit and Counter Fraud Service as follows:

Internal Audit – a summary of Internal Audit work carried out in 2016/17, including key themes identified, an analysis

of report ratings and priority of recommendations and service summaries showing an overview of audit work done in

each department and key findings.

Counter Fraud – a summary of the counter fraud work carried out in 2016/17 by the Internal Audit and Counter

Fraud Service, along with the Insurance and Parking investigation teams, including key outcomes for the Council.

In this report, we have drawn on the findings and assessments included in all of the reports issued, including those that,

at this time, remain in draft. It should, therefore, be noted that the comments made in respect of any draft reports are still

subject to management response.

Introduction

2

Overview of work performed

Internal Audit

This report outlines the internal audit work we have carried out for the year ended 31 March 2017.

The Public Sector Internal Audit Standards (PSIAS) require the Head of Internal Audit to provide an annual opinion,

based upon and limited to the work performed, on the overall adequacy and effectiveness of the organisation’s framework

of governance, risk management and control (i.e. the organisation’s system of internal control). This is achieved through a

risk-based plan of work, agreed with management and approved by the Audit Committee, which should provide a

reasonable level of assurance, subject to the inherent limitations described below and set out in Annex 4. The opinion

does not imply that Internal Audit has reviewed all risks relating to the organisation.

The Council’s Corporate Committee agreed the internal audit plan for 2016/17 on 14 April 2016. We have worked with

senior management throughout the year to ensure that the audit reviews actually undertaken continue to represent a

focus on high risk areas, in the light of new and ongoing developments, both internally and externally, impacting on the

Council. As a result of the regular and ongoing dialogue with management, some changes were agreed to the Plan

during the year, with changes being reported to Corporate Committee through the year. Some projects have been added

to or removed from the Plan, others have been consolidated or split into separate elements, and the timing of a number of

others has been changed to accommodate new items. The changes to the plan are summarised in the table below.

Original

plan

Reviews

deferred to

2017/18

Reviews

no longer

required

Additions

to the plan

Total

Systems covered by the Continuous

Auditing and Monitoring programme

15 - - - 15

Schools audits/themed reviews 21 - (1) 2 22

Risk-based audits/grant claims 57 (11) (3) 5 48

Total 93 (11) (4) 7 85

For 2016/17, 100% of the reviews covered in the Annual Internal Audit Plan have been completed (excluding those that

have been cancelled or deferred), with good practice being that 90% of an audit plan should be delivered. 11 reviews

have been deferred to 2017/18 as it is more appropriate to perform fieldwork in the next financial year and 3 reviews have

been cancelled or merged with another audit because we can either rely on another source of assurance or the area is no

longer a significant risk. Of the reviews completed, a final report has been issued for 63% of the reviews, with the

remaining being closed out with management at draft report stage.

Counter Fraud The Counter Fraud work programme for 2016/17 focused on the provision of a value for money service and working to

challenging targets for successful outcomes. The Counter Fraud Team focused on the following areas:

Recovering Council properties which have been fraudulently obtained or sublet in partnership with Housing

Management and registered social housing providers managing properties within the borough;

Working with registered social housing providers managing properties within the borough to investigate and recover

sublet properties;

Investigating allegations of fraud from internal sources and allegations made under the whistleblowing provisions;

Coordinating the Council’s participation in and delivery of the National Fraud Initiative 2016;

Embedding a dedicated Counter Fraud officer in the multi-disciplinary No Recourse to Public Funds (NRPF) team

and working in partnership with four other boroughs in tackling NRPF fraud and ineligibility

Identifying and working on cases which will lead to Proceeds of Crime Act and civil recovery of assets obtained

through fraud; and,

Reviewing and updating the Council’s Counter Fraud policies for approval by Corporate Committee and raise

awareness of the policies and role of staff/managers in preventing and reporting fraud.

1. Executive Summary

3

2. Head of Internal Audit’s Annual Opinion I am satisfied that sufficient internal audit work has been undertaken to allow an opinion to be given over the adequacy

and effectiveness of governance, risk management and control. In giving this opinion, it should be noted that assurance

can never be absolute and represents an assessment of risks to be addressed. The most that the internal audit service

can provide is reasonable assurance that there are no major weaknesses in the system of internal control.

Opinion

My annual opinion for 2016/17 is as follows:

Generally satisfactory with some improvements required

Governance, risk management and control in relation to business critical areas is generally satisfactory. However,

there are some areas of weakness and non-compliance in the framework of governance, risk management and control

which potentially put the achievement of objectives at risk.

Some improvements are required in those areas to enhance the adequacy and effectiveness of the framework of

governance, risk management and control. Please see my Summary of Findings in Section 3 which summarises the

nature of our findings and key themes emerging from our work which underpin this opinion.

Basis of opinion

An explanation of the types of opinion which can be issued is summarised at Annex 3.

My opinion is based on:

• All audits undertaken during the year.

• Any follow up action taken in respect of audits from previous periods.

• Any significant recommendations not accepted by management and the resulting risks.

• The effects of any significant changes in the organisation’s objectives or systems.

• Any reliance that is being placed upon third party assurances, such as those from Ofsted, and control weaknesses

identified through external audit procedures.

• Any limitations which may have been placed on the scope or resources of internal audit.

The commentary below provides the context for our opinion and together with the opinion should be read in its entirety.

Commentary

I have reached this conclusion because:

Medium risk rated weaknesses identified in individual assignments are not significant in aggregate to the system of internal control;

High risk rated weaknesses identified in individual assignments are isolated to specific systems or processes; and

None of the individual assignment reports have an overall classification of no assurance.

Other sources of assurance, including those in respect of Children’s services provide evidence of improvement and positive direction of travel.

Please see Section 3 below which summarises the nature of our findings and key themes emerging from our work which

underpin this opinion.

4

Contract Management

Ensuring value through commissioned services is fundamental to the Council achieving its strategic priorities due to the service delivery models in place and the dependencies on external providers. We tested a sample of key contracts and identified that there is a lack of consistent strategic performance monitoring. The root cause of this is that the Council have not yet defined their corporate approach to contact management; instead, contract management is devolved to individual departments. Without a corporate approach, it is not clear where ultimate responsibility for contract management sits, or the minimum level of contract management expected for different types of contract. The Council are planning to address this as part of the organisational redesign,

However, despite this, we do recognise that there are several areas of good contract management practice being adopted across the Council, for example:

Procurement and Finance have performed an exercise to review the retendering and renegotiation of contracts to identify further savings (in addition to those already identified in the Savings Programme);

The Council has commissioned an independent third party to assure key controls as part of its ongoing monitoring of the Council’s waste and recycling contract;

The Council has audited a number of its repairs and maintenance contracts to confirm the completeness, accuracy and validity of disallowable and allowable expenditure; and,

We continue to recommend to management that formalising their corporate contract management approach through the organisational redesign will help to further strengthen the control environment in this area by establishing and sharing good practice and giving sufficient appropriate senior management oversight of key contracts.

Children’s Services

Following inspection in February 2015, Ofsted judged Lambeth’s children’s social care services and its safeguarding

children board to be “inadequate”. This was a key factor that contributed to the opinion given in 2014/15 and

2015/16. Over the last 24 months, Lambeth has implemented a comprehensive service improvement plan to address the

weaknesses identified by the Ofsted inspection. While much more needs to be done to establish and secure safe and

effective services and to secure a positive inspection outcome in 2017/18, it is clear, from the external reviews

undertaken, that good progress is being made to embed improvement and that the pace of progress has been

accelerated. Improvements have been identified and recognised by external parties, such as Ofsted, and the

implementation of the improvement plan is ongoing.

We note that 3 of 7 limited assurance reports issued this year were within Children’s services (Foster Carers, Looked

After Children and Special Educational Needs). However, in writing my opinion I am comfortable that the high risk

weaknesses in these assignments are isolated to these specific systems and processes and are not pervasive to the

entire control environment; each of these areas fall outside of the areas reviewed by Ofsted and as such, were identified

by internal audit and management, on the basis of risk, as processes and functions requiring additional assurance to drive

improvement as part of the overall improvement measures to the service.

Continuous Auditing and Monitoring

This is a key indicator of the strength of the control environment. Although there has been a decrease in the number of operating effectiveness issues since our last period of testing, there are still a number of control design improvements that have not been implemented, as such, the core control environment appears to be largely consistent with the previous year. This performance might be expected given that the Council is still in a period of organisational change and this transition exerts pressure on the control environment through changes in personnel, operating models and lines of reporting. However, the longstanding control environment recommendations suggest that these should be implemented as a priority and monitored closely to ensure the core control environment does not deteriorate. Recurrent themes over the last two years are:

Oracle system functionality, system embedment and compatibility with other systems (e.g. Northgate reconciliations)

Lack of audit trail - Audit trail in particular to demonstrate review and authorisation in a timely manner and appropriate segregation of duties.

Reconciliations - There continue to be issues concerning supporting documentation, lack of authorisation and timeliness of preparation.

No and Limited Assurance Audit Reports

We have issued 0 No Assurance (formerly Critical Risk) reports and 7 Limited Assurance (formerly High Risk) reports. This represents an improvement from the prior year where we issued 5 Critical Risk and 9 High Risk reports. The

5

proportion of No and Limited Assurance reports has reduced from 61% in 2015/16 to 15% in 2016/17. In addition, 5 schools audits were classified with Limited Assurance, compared with 2 Critical and 4 High Risk audits in 2015/16.

Housing Management Health and Safety

There have been regular reports to Corporate Committee since we issued a Critical Risk review of Health and Safety in

Housing Management at the end of 2015/16, as was covered in the previous annual report. Members will recall that the

Director of Housing Services set up a review group to progress all of the actions arising from the audit to completion.

Housing Services have reviewed and updated all health and safety procedures and policies, which will be reviewed on an

annual basis. The fortnightly health and safety review meeting, providing governance and oversight for health and safety

and chaired by the Director of Housing will continue for the foreseeable future.

Regarding Fire Risk Assessments (FRA), in February 2017, following a thorough cross referencing of data sets, we

established an accurate baseline of structures which required a FRA. This, as was reported to Corporate Committee,

created a new backlog of cases and we put in place a 12 week recovery programme. The Director of Housing Services

has confirmed, following a recent presentation to Members on this matter, that the Fire Risk Assessment recovery project

has now been completed and that all structures have been inspected apart from 172 properties (which are mostly low risk

street properties) where access has not been achieved despite numerous visits being conducted and notices of access

being provided to the occupiers. To ensure that these inspections are also concluded, action has been taken to service

notice which will lead to entry by changing locks where notices are not complied with.

Implementation of recommendations

Timely implementation of recommendations is an indicator of the strength of an organisation’s control environment. The Implementation Review process requires Critical and Very High rated findings be follow-up. Progress is reported Corporate Committee and as at 31/03/17; Critical or High Risk findings were identified in 50 reports (including 25 schools) this equated to 105 recommendations (39 in schools), all of which were follow-up by Internal Audit. 100 of the 105 recommendations had fallen due and the progress of recommendations can be summarised as followed: 18 fully implemented, 28 partially implemented, 2 not implemented, 12 are considered no longer relevant or superseded and 40 awaiting response as work is in progress.

Good practice

My opinion also considers good practice identified. For example, good practice was identified within project and

programme management and contract management.

6

3. Summary of Internal Audit findings We performed an assurance mapping exercise to inform the audit planning process in 2016/17. Assurance mapping

entailed considering the inherent risk of activities or services delivered by the Council as well as the current strength of

the control environment and any third party assurances. This exercise is used to identify areas where the audit need is

greatest and is used to prioritise the use of audit resources.

During the year we have continued to focus on ensuring appropriate coverage of core systems and systems identified as

higher risk from the assurance mapping exercise, along with a range of reviews to provide assurance over key

programmes and projects across the Council.

The table below outlines the report classifications for the risk-based audits undertaken in 2016/17, excluding schools

audits and systems covered by the Continuous Auditing and Monitoring programme, which are shown separately in this

report. This table shows that the proportion of No and Limited Assurance Critical and High Risk reports has reduced from

61% in 2015/16 to 42% in 2016/17, and there has been 0 No Assurance reports compared to 5 Critical Risk in 2015/16.

This is an encouraging development when taking into account that the Internal Audit Plan is compiled through a risk-

based assessment undertaken through the assurance mapping exercise.

Number of Reviews (excluding Schools and Continuous Audit)

Report classification 2016/17 2015/16 2014/15 2013/14

Substantial / Low Risk 1 5% - - 3 10% 4 11%

Reasonable / Medium Risk 10 53% 9 39% 15 48% 17 45%

Limited / High Risk 8 42% 10 43% 10 32% 16 42%

No / Critical Risk 0 0% 4 18% 3 10% 1 3%

Subtotal 19 23 31 38

Programme/Project Assurance

Diagnostic Scores

- - 7 9

Grant Claims certified 3 6 7 6

No Risk Rating and Advisory 13 7 13 12

Projects in progress 8 5 1 1

Total 43 42 59 66

Priority of recommendations

At the time of writing we have made a total of 78 audit recommendations in our reports (both draft and finalised),

excluding schools (2015/16: 167 recommendations), of which 23% were classified as Critical or High risk (2015/16: 27%).

Detail of the report ratings and priority of recommendations for each audit can be found at Annex 1.

Continuous Auditing and Monitoring (CAM)

CAM is the process of ongoing testing of key controls to assess whether they are operating effectively, and to flag areas and report transactions that appear to circumvent control parameters. CAM uses a combination of manual testing and data mining tools to extract data from the Council’s IT systems, using predetermined parameters to check that controls are operating as designed. 2016/17 was the seventh year in which we have applied continuous auditing and monitoring. The programme now covers the following 15 systems:

1. Payroll

2. Accounts payable

3. Accounts receivable

9. Council Tax

10. National Non-Domestic Rates

11. Housing Rents

7

4. Cash

5. Parking

6. Temporary Accommodation

7. Housing Benefits

8. Section 20 Leaseholders

12. Housing Repairs

13. Mosaic (Framework Financials)

14. Pensions Administration

15. Matrix/Agency workers

CAM results are one of the key measures/indicators of the strength of the control environment. Although there has been a decrease in the number of operating effectiveness issues since our last period of testing, there are still a number of control design improvements that have not been implemented, as such, the core control environment appears to be largely consistent with the previous year. This performance might be expected given that the Council is still in a period of organisational change and this transition exerts pressure on the control environment through changes in personnel, operating models and lines of reporting. However, the longstanding control environment recommendations suggest that these should be implemented as a priority and monitored closely to ensure the core control environment does not deteriorate. Recurrent themes over the last two years are:

- Oracle system functionality, system embedment and compatibility with other systems (e.g. Northgate reconciliations) - Lack of audit trail - Audit trail in particular to demonstrate review and authorisation in a timely manner and

appropriate segregation of duties.

- Reconciliations - There continue to be issues concerning supporting documentation, lack of authorisation and timeliness of preparation.

The table on the following page shows the key systems that have been audited during 2016/17, the overall classification of those systems and a comparison to the overall classification in 2015/16.

System Overall

classification 2016/17

Overall classification

2015/16 Direction of travel

Payroll Red Amber

Accounts payable Amber Amber

Accounts receivable Green Amber

Cash Green Amber

Parking Amber Green

Temporary accommodation Amber Red

Housing benefits Amber Green

Housing rents Green Amber

Housing repairs Red Red

Council Tax Green Amber

Non-Domestic Rates Green Amber

Mosaic (Framework Financials) Red Amber

Pension Administration Amber Amber

Section 20 Red Red

Matrix (Temporary staff) Amber Amber

Key: Deteriorated Improved No Change

8

No and limited assurance reports

The opinion also considers the number of no and limited assurance reports we have raised and their overall impact on the

control environment. As part of the internal audit process we work with management to determine agreed actions to

alleviate the control weaknesses identified. We did not raise any no assurance reports this year; a summary of the key

issues arising from limited assurance reports has been presented below:

Report Key issues affecting the Opinion

Contract Management (Limited )

There were two consistent themes which were identified that affect the management of all Council contracts: the corporate approach to contract management; and the use of KPIs:

The Council have not defined their corporate approach to contact management. Contract management has been devolved to individual departments and the strength of contract management varies by individual and the practices deployed within each area. It is not clear where ultimate responsibility for contract management sits or the minimum level of contract management required for different types of contract. There is a lack of strategic performance monitoring of important and high profile contracts. This should be remedied through a joined-up, corporate approach to contract management, which would allow senior management oversight of the performance of strategically chosen contracts.

Contract performance was not being managed for one of the contracts and another was running over budget without an understanding for how Council costs would be recovered. This is symptomatic of the issues that we have found with the design of KPIs, and their alignment to contract terms and Council objectives; the systematic review of supplier performance; and the application of deductions.

Deprivation of Liberty Safeguards (DoLS)

(Limited )

We found that 94% of DoLS assessments have breached their statutory timeframes for completion, 76% had breached the timeframes by over 45 days and 58% of cases still required assessment at the date of the audit. There is, therefore, a large backlog of cases to assess and approve. Management are aware of this issue, however, does not appear to have the resource in place to manage the large increase in DoLS applications following the revised threshold for deprivation of liberty.

As was noted above, we found there is a large backlog of assessments to complete. We found that 22% of the assessments completed since March 2016 had already passed their statutory timeframes for re-assessment. Management do not have appropriate controls in place to monitor and manage the cases as they come up for renewal. This includes issues in the controls around reporting from managing authorities to identify cases that require renewal. As above, management appears to lack the resource required to manage the volume of re-assessments required.

We found that there is no agreed protocol for handing over disputed and judicial deprivation of liberty within the Council. In addition, there is a lack of robust controls in place to monitor and manage the progress of these cases.

Foster Carers

(Limited )

The four foster carers recruited into the Fostering Service during the period tested did

not contain sufficient evidence to demonstrate that the whole process had been

completed. Multiple exceptions were noted at all 4 stages of the recruitment process.

This should be rectified and spot checks implemented across recruited foster carers to

ensure all appropriate documentation is in place, prior to approval by Senior

Management.

The Mosaic system has recently been implemented across Children’s Services.

Therefore, it was requested that testing be undertaken over Mosaic payments from

across Children’s Services, not just those relating to Foster Carers. Issues were noted

with Mosaic payments from across Children’s Services – this included:

o 8/25 payments could not be agreed to supporting information on the care plan

on Mosaic;

9

o 10/25 payments did not identify the approver on Mosaic, prior to payment;

o 2/25, payments to independent fostering agencies (“IFA’s”) could not be agreed

to rates set; and,

o 2/20 one-off payments had no supporting evidence or justification for the

payment made.

Looked After Children

(Limited )

There is a lack of formalised procedures to ensure there is a consistent approach across

teams when dealing with children returning home. We did not obtain any supporting

documentation for 3/6 cases sampled of children returning home. Roles and

responsibilities should be clarified to ensure that there is appropriate review and

reporting over these children.

Special Educational Needs (SEN)

(Limited )

There was a lack of evidence available to corroborate that the Council had checked

supplier performance. There are no agreed performance expectations with SEN

providers to ensure that the quality of provision is assured.

Car Parking (Permits) Parking Services

(Limited )

Documents in support of applications are not retained on the permit management system and no independent checks are undertaken on applications processed.

System reporting has not been developed and currently does not support management of operational activities relating to permit applications nor the monitoring and oversight aspect. No alternative process for monitoring and review was presented.

Records are maintained for stock held from periodic stock checks. However, the permit management system does not preload stock reference numbers, and the reference numbers recorded for permits and vouchers issued on the system cannot be matched to the stock serial numbers. This, along with incomplete historical stock and voided stock records, does not allow for a full stock reconciliation to be undertaken.

Car Parking (Permits) Business and Customer Services

(Limited )

No independent checks are undertaken on permits and vouchers issued. The risk exposure is compounded by the process which does not require applicants to complete an application form for permits issued over the counter at the Customer Centre, and documents in support of applications are not retained on the permit management system.

There is a lack of stock management records to support adequate control over permit and voucher stock movement.

There is a lack of stock management records to aid monitoring and reconciliation.

Schools audits

During 2016/17 we undertook 22 school audits. Our work involved carrying out targeted internal audit testing to assess the adequacy and effectiveness of financial management and other risk assessed sub-processes within each school visited. Our review was based on CIPFA guidance regarding schools audits, and aligns to the areas covered by the Schools Financial Value Standard. The following is an extract from the 2016/17 Schools Summary Report:

OVERALL REPORT CLASSIFICATION

The following trend table provides an overview of the direction of travel for a 3-year period:

Number of Reports

Report classification

2016/17 2015/16 2014/15

No Assurance - - 4 16% 2 10%

Limited 5 23% 4 16% 4 18%

Reasonable 2 9% 6 24% 8 36%

Substantial 15 68% 11 44% 8 36%

Total 22 25 22

10

Although there were 5 instances of limited assurance compared with 4 in previous years, there were zero instances of no assurance compared with 4 in the previous year. More significantly, there were 15 (68%) instances of substantial assurance compared with only 11 (44%) in the previous year.

RECOMMENDATION CLASSIFICATION

Number of recommendations per risk rating

Recommendation Rating

2016/17 2015/16 2014/15

Critical - - - - 1 0.5%

High 5 4% 17 8.5% 14 10%

Medium 40 31% 82 41% 53 37.5%

Low 85 65% 101 50.5% 72 51%

Total 130 200 140

A further 16 advisory recommendations were made and no exceptions were identified in 162 of 308 (22 schools ‘x’ 14 sub-processes) sub-process instances.

Of specific significance, there was a 20% drop in the number of recommendations proposed. Furthermore, only 5 (4%) high risk recommendations were proposed compared to 17 (8.5%) in the previous year and 40 (31%) medium risk recommendations proposed compared to 82 (41%) in the previous year.

The overall classification of data demonstrates that many schools appear to have developed and maintained good systems of internal control and governance arrangements.

Implementation of internal audit recommendations

Timely implementation of recommendations is an indicator of the strength of an organisations control environment. A

programme of implementation reviews was carried out in 2016/17 to assess the implementation of Critical and High

priority audit recommendations. The table below shows the number of recommendations reviewed by the in-house audit

team and the percentage of those which are evidenced as being implemented/partially implemented or not implemented,

by level of risk.

REF DESCRIPTION (CRITICAL &/OR HIGH RISK RECOMMENDATIONS ONLY)

Corp

ora

te

Resourc

es

Neig

hbourh

oods

& G

row

th

Child

ren’s

Adults &

Health

Schools

Total

1. Number of Reports – with critical or high recommendations identified 11 9 1 4 25 50

2. Number of Recommendations 28 23 5 10 39 105

3. Number of Recommendations - Target Date reached (due for follow up) 24 22 5 10 39 100

4. Number of Recommendations - Followed-up by Internal Audit 24 22 5 10 39 100

Outcomes

a. Fully Implemented – appropriate evidence submitted 3 2 - 4 9 18

b. Partially Implemented – evidence provided that action is implemented in part 7 4 - 5 12 28

c. Not Implemented – No response received (see E&EP) - - 1 1 2

d. Not Implemented – Evidence not available - - - - - 0

e. Risk Accepted – Senior management have agreed to accept ownership and

tolerate the risk.

- - - - - 0

f. No Longer Relevant – Systems/controls have been superseded or followed up

in next audit review

8 1 - - 3 12

11

REF DESCRIPTION (CRITICAL &/OR HIGH RISK RECOMMENDATIONS ONLY)

Corp

ora

te

Resourc

es

Neig

hbourh

oods

& G

row

th

Child

ren’s

Adults &

Health

Schools

Total

g. Awaiting response (Work in Progress or meeting scheduled) 6 15 5 - 14 40

NB: 12 recommendations were confirmed as No Longer Relevant (as confirmed by management to the HIA) and 40 recommendations were in progress where Internal Audit were awaiting the submission of evidence. The prompt production of evidence and engagement is an area which will be developed by Internal Audit in 2017/18.

Good Practice

The following areas of good practice have also been considered in forming our Opinion:

Assurance from other sources

As noted above, we embed the three lines of defence into all of our Internal Audit work, as part of this we have

performed an Assurance Mapping exercise so that we can seek to place reliance on other forms of assurance where

possible: this ensures we focus our resources on areas which have most exposure to give the Council an efficient

and effective audit plan.

In compiling this Annual Report, I have taken account of other sources of assurance in arriving at my overall opinion

for 2016/17. These sources include, but are not limited to:

- the draft Annual Governance Statement compiled by the Risk Manager with assistance from officers across

the Council and in consultation with senior management;

- reports by officers to Corporate Committee and other member groups on matters including pensions and

treasury management, risk management, human resources, health and safety and complaints;

- reports issued by external regulators such as Ofsted;

- integrated performance management that combines management information including performance,

finance, risk, stakeholder feedback;

- reports by other external bodies regarding the Council’s system of internal control such as the ISA260 report

issued by External Audit

- the report from the Office of the Surveillance Commissioner on the recent inspection undertaken regarding

the Council’s arrangements for use of directed surveillance and use of covert human intelligence sources.

The Council has introduced new governance arrangements to ensure that all projects and programmes are identified within the one, sustainable portfolio and enable a more consistent, corporate approach to managing projects. The Project Management office uses a defined control and assurance framework for projects and programmes within the portfolio that is supported by methodologies to support key processes such as performance management and benefits realisation and our previous audit work has identified that this is largely aligned with industry best practice. We also understand the Council is taking steps to develop a corporate approach to contract management which should be implemented as part of the organisational redesign programme.

While the Council recognises that it needs to develop a corporate approach to contract management we have identified that the Council has commissioned an independent third party to provide independent assurance over the accuracy, completeness and validity of supplier performance data for the Council’s Veolia contract and to validate allowable and disallowable expenditure on a sample of its housing repairs and maintenance contracts. Independently assured supplier spend will help provide transparency and be key to ensuring that the Council is getting everything it is paying for, paying for things it needs and not paying more than it should for services.

The Council retained its Public Services Network (PSN) accreditation which evaluated IT infrastructure security arrangements.

12

During 2016/17 I took into account of the following external assurance reports and work in forming the overall Opinion.

Ofsted – Children’s Services

As identified elsewhere in the report, further external reviews have been conducted by DfE and Ofsted in 2016/17.

These have identified that while much more needs to be done to establish and secure safe and effective services

and to secure a positive inspection outcome in 2017/18, good progress is being made to embed improvement and

that the pace of progress has been accelerated.

LGA Peer Review

The Corporate Peer Challenge undertaken in October 2016 identified a number of areas of strength including:

The Council is a well-led organisation, with respected member and officer leadership. Senior members and officers alike have a strong understanding of Lambeth the place and the communities living, working and visiting the borough. Lambeth has a sound reputation for its commitment and approach to equalities and community cohesion.

The council has worked hard to deliver improvement in Children’s Services following an ‘Inadequate’ rating from Ofsted in 2015, and many council services are delivered well, with general resident satisfaction with the council high, and increasing year on year.

The council benefits from skilled and committed cabinet members who have an effective handle on their individual portfolio briefs, and councillors across the authority are rooted in their communities and are supportive of the council’s improvement agenda.

Overall there are good member/officer working relationships with clear demarcations around roles and responsibilities. Staff at all levels are committed to Lambeth, both as an organisation and as a place.

There is clear culture of partnership working and collaboration and integration of services with external partners. While partners recognise that the council is on a journey of improvement, Lambeth has earned respect from a wide range of its partners for the progress it has made.

The Council has recently agreed its high-level strategies, with a new Borough Plan for 2016-2021, a 3-year financial plan, and an organisational redesign strategy now in place.

The Council has worked hard to develop a three year financial plan, with robust financial planning.

The review also made recommendations to assist the Council in making further improvements:

A need for the senior management team – who are a capable set of individual leaders – to develop into a stronger team, able to take the corporate overview of the organisation and to be greater than the sum of its parts. The organisation would benefit from the senior management team empowering the management below them to take on more responsibility, speed up decision-making, avoid small issues being escalated up the organisation unnecessarily, and free up capacity at the very senior tiers.

A need to ensure that corporate grip is strengthened further, through effective performance management and clear accountability for delivery – not through creating more processes and plans. It is essential that senior management set out a strong message about expectations and clarity about where accountability sits, and then take action in instances of non-compliance or non-performance.

Delivering the organisational redesign is an urgent priority, with the new structure needing to be in place as soon as possible. Once the structure is confirmed, progress can be made to embed culture, values and behaviours for the organisation moving forward.

Overall, the review found that the Council had seen a step change in improvement over recent years and

particularly in the last 18 months, and was now well-placed to increase the pace and set out a clear delivery plan to

move the organisation on.

External Audit

At the time of reporting the opinion for 2015/16 the 2014/15 accounts had not been finalised. These accounts have

now been signed off by the former external auditor and the current external auditor signed off the 2015/16

accounts, giving an unqualified opinion on the accounts. However, they did issue a qualified value for money

opinion for 2015/16. They recognized that progress had been made since 2014/15 but cited the fact that the VFM

conclusion for 2014/15 had only been finalized in September 2016, weeks before they concluded the 2015/16

opinion. The most recent external audit of grant claims has been successfully completed.

13

Information Governance

The Council has secured its accreditation under the Code of Connection for the Public Sector Network. The

Council continues to comply with the Payment Card Industry Data Security Standards.

Conformance with standards

As Head of Internal Audit I can confirm that the Internal Audit Service, which comprises the In House Internal Audit team

and our external provider, PwC, has carried out an assessment to ensure that the Internal Audit Service is effective when

compared against the standards set by the Chartered Institute of Public Finance and Accountancy. I undertake periodic

reviews of the quality of internal audit work completed and also review all draft and final reports issued. In delivering the

Internal Audit Service, in planning, conducting and reporting on reviews and in compiling this Annual Report, we have

done this in conformance with the requirements of the PSIAS, published by the Institute of Internal Auditors, which came

into effect on 1 April 2013 and the subsequent Local Government Application Note in respect of PSIAS published by

CIPFA.. Under pan-London arrangements agreed in 2013, a peer review of the Council’s Internal Audit service against

the PSIAS was conducted in March 2015 by the London Borough of Hackney. The review found that Internal Audit ‘fully

conforms’ to the PSIAS in 12 of the 17 areas assessed, with minor improvements being suggested in the remaining five

areas which were assessed as ‘generally conforms’. The overall assessment concluded that the Internal Audit service

‘generally conforms’ to the PSIAS, with no areas of non-conformance being identified. We subsequently report that all

appropriate actions had been implemented. As reported to the Committee in December 2016 the Internal Audit Service

continues to comply with all the PSIAS requirements.

Counter Fraud Activity

The Council continues to invest appropriate resources into the prevention and detection of fraud and in pursuing those

committing fraud against to Council to recover money and assets lost through fraud and profits made by fraudsters

through their unlawful activities.

The Counter Fraud Team that deals with local taxation, housing and internal fraud, along with the teams investigating

parking and insurance fraud, have had a successful year and have once again demonstrated the value that they bring to

Lambeth. The teams identified overpayments and savings of £4,138,447, and have secured £201,000 in awards from

court costs, compensation and Proceeds of Crime Act activity.

In addition to the financial savings detailed above, 51 individuals were prosecuted, 5 local authority cautions were

secured and 73 social housing properties were recovered. The deterrent effect of this activity should not be

underestimated.

Successes and Outcomes

The following table contains details of successful outcomes by the Counter Fraud Team, along with the work undertaken by the Insurance Investigator and the Parking Investigations Team:

Housing Fraud

Recommendations for Recovery 71

Properties Recovered 73

Estimated saving from Recoveries £1,314,000

Prosecutions Secured 2

RTB discounts prevented 8

Value of RTB discounts prevented £828,000

Council Tax Fraud (excludes HB/DWP activity reported separately)

Prosecutions 3

Sanctions (cautions and administrative penalties) 5

14

Value of fraudulent overpayments identified £17,447

Internal Fraud (Note: some cases have more than one outcome; such as

dismissal and prosecution)

Investigation reports issued 34

Dismissals/contract terminations (includes two dismissals

from reports submitted during 2015-16) 17

Resignations accepted after investigation 4

Written warnings issued 3

Management action (includes one management action

from a report submitted during 2015-16) 3

No further action 5

Advisory/proactive reviews 2

Investigations pending outcome 5

Prosecutions (includes one prosecution from a report

submitted during 2015-16) 10

Insurance Fraud

Fraudulent insurance claims prevented 30

Value of fraudulent claims prevented £615,000

Parking Fraud

Blue Badges recovered 77

Estimated annual saving £539,000

Successful prosecutions 37

Cautions issued 0

NRPF

Fraudulent claims prevented 55

Value of fraudulent claims prevented 825,000

The estimated saving from property recoveries is based on the Audit Commission estimate of £18,000 for each property recovered as a result of tenancy fraud. The NRPF saving is an estimate of £15,000 per case prevented or ended based on average rent and subsistence costs.

The Counter Fraud Team has had a relatively successful year, given that two of its most experienced officers left

Lambeth in July and October 2016. This followed the sudden death of an officer in February 2016 and another

experienced officer retiring in late 2015. The combined impact of these staffing issues reduced the resource available to

the team by about 20% during 2016-17 due mainly to the time taken to recruit suitable replacements.

During 2016-17 the team recovered 73 social housing tenancies, made recommendations to recover 71 properties,

prevented right to buy discounts of £828,000 and completed 31 internal investigations.

Housing Fraud

IACF has completed 187 housing investigations during 2016-17, of which 39% resulted in the recovery of properties that

had been subject to tenancy fraud.

To achieve these results IACF has reviewed all reactive investigations in addition to conducting a number of proactive

exercises aimed at identifying tenancy fraud. The case below was concluded in November 2016 after a lengthy

investigation that commenced in 2014:

15

Case study

A Lambeth tenant, formerly of Elmore House, Loughborough Estate has been prosecuted by Lambeth for tenancy fraud offences.

The individual had been a tenant at Elmore House since 1992. Information came to light in 2014 from an investigation into another tenancy fraud matter that our tenant may be resident Harrow and not at their Lambeth tenancy. Information suggested they had been living in Harrow since 2003. IACF collated significant evidence supporting the allegation that our tenant was resident in Harrow; this included evidence from their GP, the school attended by their child attended and HMRC.

When interviewed under caution the tenant admitted that they had been resident in Harrow since 2006 and had allowed someone else to reside in their tenanted property. The tenancy was recovered in February 2015.

The tenant pleaded guilty to three Fraud Act offences on 12 October 2016 at Camberwell Green Magistrates Court. The offences related to making a fraudulent representation on a residence check form, fraudulently claiming single persons discount and a failure to inform Lambeth that they no longer resided at our property The District Judge took the decision that offences exceeded sentencing powers of the Magistrates Court and referred the case to Inner London Crown Court for sentencing.

On 2 November 2016 the former tenant was sentenced to 2 years in custody suspended for 20 months. IACF is currently in the process of recovering the profit made by the former tenant through subletting.

In addition to conducting tenancy investigations where there is a suspicion of subletting, IACF also carries out a number of investigations where the application for succession raises concern.

During the last financial year IACF has prevented four fraudulent succession applications and is currently investigating a further six cases.

Case study

After the death of a Lambeth tenant a request for succession was received from his son. The son claimed to have lived with his father since 2009, and as such, would meet the qualifying criteria for succession; being resident at the address in question for a minimum of 12 months prior to the tenant’s death.

The case was referred to IACF when Housing has concerns about the validity of the succession.

IACF commenced an investigation and identified details relating to the prospective successor including his medical records, records from the college he attended and credit records that all placed him at a different address prior to the death of his father.

He was interviewed under caution and eventually admitted that he had not lived with his father. He agreed to withdraw his succession application and returned the keys to Lambeth. He accepted a local authority caution.

Right to Buy

IACF has reviewed 212 right to buy cases in the past year. A vast majority of these are cleared with no suspicion of fraud, but a small minority do require further investigation. In the past year 8 right to buy discounts with a value in excess of £828,000 have been prevented. Of these, 6 cases resulted in the recovery of the tenancy. The following case resulted in criminal prosecution:

Case study

Edith Chiwuzie of Ward Point, SE11 was investigated by the Counter Fraud Team after checks carried out indicated that she was not resident at her tenanted property. The checks were carried out as part of the right to buy application review by the Counter Fraud Team. Investigations were carried out and it was established that she appeared not to reside at the property, but was resident at a property in Croydon owned by her husband. In addition, it was found that her right to buy application was false as she had not been resident at the time the application was made. On completion of the IACF investigation, the right to buy application was rejected and the property was recovered when she returned the keys to Lambeth.

As it was deemed that there was sufficient evidence to implement legal proceedings, the case was referred to Legal Services. On 12 August 2016 she pleaded guilty to charges of making a false representation in relation to her RTB failing to disclose her non-occupation of her tenanted property. Chiwuzie was committed for sentencing to the Crown Court.

16

On October 7 at Inner London Crown Court she was sentenced to 21 months imprisonment, suspended for 18 months. The Judge also imposed an unpaid work requirement of 120 hours, a victim surcharge of £120, and a contribution of £2,500 towards prosecution costs to be paid within twelve months.

In sentencing, the Judge noted that Mrs Chiwuzie had not been in occupation of the flat for at least five years. In those years, the Council could have housed someone else in the flat and that meant a financial loss to the council. He noted that she also made two claims for the Right To Buy, neither of which progressed successfully.

Council Tax Fraud

As reported previously DWP now has responsibility for all housing benefit investigations and has done since February 2014. Lambeth retained some cases that were with our Legal Team when the transfer to DWP took place, but these cases have now all been dealt with.

Lambeth has retained responsibility for the investigation of council tax fraud. During the past year IACF has carried out a number of investigations related to council tax fraud. The following case resulted in criminal prosecution:

Case study

Annette Wilkinson of Saltoun Road, Brixton appeared in court on 7 April 2017 after surrendering to a warrant on 10 March 2017. She had previously failed to attend court 12 months earlier.

She was investigated by IACF after it became apparent from information that came from the National Fraud Initiative that she had failed to declare that other adults were living in her property whilst claiming single person discount against her council tax bill.

She was interviewed under caution in March 2016 when it was confirmed that there had been other adults in her property for the period from September 2009 to March 2014 and that this had not been declared to Lambeth. During this period she received single persons discount in excess of £1,200 to which she was not entitled.

On 7 April 2017 she pleaded guilty to four charges under the Fraud Act. She was ordered to pay costs of £100 and a victim surcharge of £85. She was given a six month community order with a requirement to carry out 80 hours of unpaid work.

Housing Benefit Fraud

Lambeth has had no involvement in the investigation of housing benefit fraud since February 2014 when this was taken over nationally by the Single Fraud Investigation Service, part of the Department for Work and Pensions. The local DWP Fraud Manager has provided the following information relating to outcomes from their investigations into housing benefit investigations in Lambeth: Investigations conducted by local DWP investigators in respect of Lambeth housing benefit claims have led to a total of 26 sanctions being applied in 2016/17 to cases where benefit fraud was proven. The sanctions confirmed were made up of 23 Administrative Penalties and 3 successful prosecutions.

Publicity

All prosecutions deemed suitable are given appropriate publicity via the Communications Team. In addition, IACF has a message each year on Council Tax bills promoting the Service and asking for residents to make referrals where fraud is suspected. IACF also regularly promotes the work done in combatting fraud in residents’ newsletters and other publications. The Team had one case published in the 2016-17 ‘Protecting the English Public Purse’ report.

Internal Fraud

The Internal Fraud Team has had a successful year having secured 15 dismissals/contract terminations and 9 criminal prosecutions. This has far exceeded results from previous years and reflects the good work of officers. One investigation that the team has been looking into revolves around large numbers of counterfeit parking permits being discovered in use in Lambeth. To date this has resulted in a number of prosecutions and dismissals. Further information will be provided once all enquiries have been completed.

In addition to dealing with internal fraud matters the Team also deals with Proceeds of Crime Act cases; one case that has been recently concluded is detailed below:

17

Case study

Ibironke Adeyemi was prosecuted in December 2015 after being found guilty of benefit fraud offences. She claimed housing benefit for a property that she owned, and also failed to declare ownership of another property, in the process obtaining £96,000 in housing benefit payments to which she was not entitled. On 21 December 2015 she was sentenced to 30 months in custody.

After conviction IACF commenced proceedings under the Proceeds of Crime Act. In October 2016 the case finally came to court where an order was made in the sum of £475,632.07. This is to be paid within 3 months and there is a default term in custody of 4 years if she fails to make payment, or to demonstrate that she is attempting to make payment (by putting a property on the market).

This is an excellent result and will see the benefit overpayment being paid in full in addition to a sum of £137,000 being paid to Lambeth. She was also ordered to pay Lambeth costs of £11,411.

Tackling Gang Violence

Due to resource issues within Community Safety the secondment of the officer from IACF as previously reported has come to an end. The officer worked with the Team for more than three years but as funding from the Mayor’s Office had reduced over the period a decision was taken for financial reasons not to continue with the secondment.

On a more positive note the placement of the officer developed a strong relationship between the two teams and also good links with the Met. Police Trident teams. An officer from IACF regularly attends meetings with the relevant teams to gather relevant intelligence and to provide support as required.

No Recourse to Public Funds (NRPF)

An officer from IACF has been seconded to the NRPF Team for the past two years. His work with the team has been invaluable in preventing and detecting claims to NRPF funding where there is no entitlement. In the past year he has assisted in preventing 55 claims for support, with an estimated saving to Lambeth of £825,000, this being the estimated annual cost to Lambeth if the cases had been put into payment. The following case study demonstrates the excellent work carried out by the officer alongside his colleagues from the NRPF Team:

Case study

A family approached the NRPF Team seeking housing and subsistence on the grounds that they were about to be made homeless and had no financial means of support. Following an initial screening interview and completion of a consent form the investigation officer carried out credit searches and found that the applicant had several bank accounts. The applicant was asked to provide statements for all accounts for the preceding 12 months When these were provided an examination of the statements revealed that there were unexplained transfers to and from other accounts which had not been declared. The applicant was asked to provide copies of the statements that he had previously failed to provide. When they were provided they revealed that the applicant had sufficient funds to support the family and that they were not destitute. The claim for support was rejected.

Whistleblowing Referrals

During 2016 IACF received eight whistleblowing allegations of which two have been resolved. The resolved cases were related to the same issue and resulted in the dismissal of an officer. Criminal proceedings are being considered in respect of this case. A further 12 cases were closed during 2016 with the following outcomes:

One case resulted in the resignation of an officer. Criminal proceedings are being progressed in respect of this

matter.

One case was closed with fraud proven but there was insufficient evidence to take legal action

Two cases resulted in management action being taken

Eight cases were closed with no further action due to insufficient evidence

There are currently eight active whistleblowing investigations, two having been received in May 2017. These are being investigated and the outcomes will be reported in due course.

18

Seconded Police Officer

Lambeth has utilised the services of a seconded police officer since 2006. The current officer has been working within the Internal Audit and Counter Fraud Service since January 2011. Unfortunately, the officer will be retiring at the end of July 2017 and the Metropolitan Police have confirmed that he will not be replaced as the scheme has been discontinued. Over the past 12 months the officer has led on or assisted in the conclusion of cases which have resulted in fraud, savings and recoverable assets in excess of £500,000 being identified and recovery action planned or in progress, including assisting on two cases where Proceeds of Crime and compensation orders have been secured and the successful prosecution of a social worker who stole over £22,000, with most of the money already recovered. The police officer has also been involved in investigations which have led or are likely to lead to the recovery of at least 10 Council housing properties (estimated annual saving of £180,000, based on previous Audit Commission assessment) and preventing 1 Right to Buy application where money laundering concerns had been raised.

Insurance Fraud

The Lambeth Insurance Team continues to prevent fraud by identifying fraudulent claims. During 2016-17 they prevented 30 claims from being paid out at an average value of more than £20,000. This is a 36% increase in the number of fraudulent claims identified compared with the previous year and a fourfold increase in savings identified compared with 2015-16.

Parking Fraud

IACF has assisted Parking Services during 2016-17 in the investigation of parking offences. This has involved taking on parking investigations through to prosecution where applicable. A total of 77 blue badges have been recovered during 2016-17 and 37 offenders prosecuted. One such case is detailed below:

Case study

On 05 April 2017 at Camberwell Green Magistrates Court Mr Moises Santos pleaded guilty to an offence under the Fraud Act 2006, possession of an article used in fraud, namely a stolen Residents Parking Permit, and received a Community Order of 12 Months with 60 Hours unpaid work.

The offence was identified when a civil enforcement officer issued a penalty charge notice when he identified an issue with the permit. Santos was interviewed under caution by Lambeth officers and admitted that he purchased the stolen permit for £150 from someone in a pub.

Santos did not reside in the area but has a business on Acre Lane and used the permit to park near his business address. He was not entitled to a residents parking permit, but could have purchased a business parking permit for £600.

Santos had initially pleaded not guilty as he claimed to believe that the permit was genuine, but changed his plea prior to trial. On conviction he was ordered to pay a victim surcharge of £60.00, costs of £1000.00 and compensation of £600.00.

19

Annex 1: Detailed analysis internal audit reviews 2016/17 Deteriorated Improved No Change

Project Progress Report

classification

Direction of Travel Recommendations

C H M L Advisory

CROSS CUTTING

Budgetary Control and Savings Final Reasonable Improved - 1 2 1 -

Contract Management Final Limited No change - 1 2 3 -

Global Data Protection Regulations (GDPR) – Readiness

Assessment

Final Advisory N/A - Advisory - - - - -

Programme Management – Estate Regeneration Final Reasonable N/A – no previous review performed - - 4 - -

Contract Management – Summary oversight Draft Advisory N/A - Advisory - - - - -

Knowledge Transfer/Handover Arrangements Final Limited N/A – no previous review performed - 3 - - -

Asset Management – Commercial Properties (follow up) Draft TBC TBC - - - - -

Corporate Estate – Transfer of Use (follow up) Draft TBC TBC - - - -

Programme Management – Brixton Central N/A - Deferred to 17/18 - - - - -

Risk Management N/A - Deferred to 17/18 - - - - -

Complaints N/A - Deferred to 17/18 - - - - -

CORE PROCESS REVIEWS

Health and Safety – ongoing assurance work Final Advisory N/A - Advisory - - - - -

Children’s Improvement Programme – ongoing assurance

work

Final Advisory N/A - Advisory - - - - -

Commercial Waste/Trade Waste/Recycling Final Advisory N/A - Advisory - - - - -

Performance Management – Data Quality (Children’s) Final Reasonable N/A – no previous review performed - - 4 - -

Housing Allocations Final Reasonable N/A – no previous review performed - - 2 1 -

Safeguarding Children Final Reasonable N/A – no previous review performed - - 3 - -

Deprivation of Liberty Safeguards (DoLS) Final Limited N/A – no previous review performed - 3 1 1 -

Electoral Services Final Reasonable N/A – no previous review performed - - 4 1 1

20


classification


C H M L Advisory

Car Parking (Permits) Parking Services Final Limited N/A – no previous review performed - 3 1 - 2

Car Parking (Permits) Business and Customer Services Final Limited N/A – no previous review performed - 3 2 - 2

Service Charge Analysis (review added) Final Advisory N/A – Advisory (Agreed Upon Procedures

Management Letter)

- - - - -

Housing Capital Projects Draft Reasonable N/A – no previous review performed - - 1 1 -

Foster Carers Final Limited N/A – no previous review performed - 2 3 2 -

Looked After Children (LAC) Draft Limited N/A – no previous review performed - 1 2 1 -

Special Educational Needs (SEN) Draft Limited N/A – no previous review performed - 1 4 3 -

Multi Agency Working and Information Sharing N/A - Deferred to 17/18 (already commenced) - - - - -

Integration Project (Adult Social Care) Draft TBC TBC – awaiting confirmation from CCG Internal

Audit provider

- - - - -

Eligibility to Work N/A - Deferred to 17/18 (already commenced) - - - - -

Trading Standards and Licensing N/A - Deferred to 17/18 (already commenced) - - - - -

Home Care Support N/A - Merged with Contract Management - - - - -

Commissioning N/A - Merged with Contract Management - - - - -

London Permit Scheme N/A - Deferred to 17/18 - - - - -

Play Activities and Youth Centres N/A - Deferred to 17/18 - - - - -

Cyclical Planned Maintenance Programme N/A - Deferred to 17/18 - - - - -

Community Safety N/A - Deferred to 17/18 - - - - -

Out of Hours Cancelled - - - - -

KEY FINANCIAL SYSTEMS

Continuous

auditing &

monitoring

programme

Payroll Two reports

for the year:

Period 1

(Mar-Aug

2016 and

Period 2

(Sep 2016-

Feb 2017) –

final reports

issued

Red 13 control design Improvements were made during

the year. Accounts payable Amber

Accounts receivable Green

Cash Green

Parking Amber

Temporary accommodation Amber

Housing benefits Amber

Housing rents Green

Housing repairs Red

21


classification


C H M L Advisory

Council Tax Green

Non-Domestic Rates Green

Mosaic (Framework Financials) Red

Pension Administration Amber

Section 20 Red

Matrix (Temporary staff) Amber

IT AUDITS

Cyber Security In progress Substantial N/A – no previous review performed - - - - -

IT Health Check N/A - Deferred to 17/18 - - - - -

Data Centre Final Reasonable N/A – no previous review performed - - 3 - -

Software Asset Management / Licensing N/A - Deferred to 17/18 - - - - -

IT Applications N/A - Deferred to 17/18 (already commenced) - - - - -

Oracle N/A - Deferred to 17/18 - - - - -

ICT Governance N/A - Deferred to 17/18 - - - - -

SCHOOLS

Hitherfield Primary School Final Substantial - - 1 4 1

Wyvil Primary School Final Substantial - - 1 4 1

St. Bede's RC School Final Substantial - - 1 2 1

St. Bernadette Catholic Junior School Final Substantial - - - 8 -

Archbishop Sumner CE Primary School Final Reasonable - - 2 9 1

Henry Cavendish Primary School Final Substantial - - - 4 1

Lark Hall Primary School Final Reasonable - - 3 7 -

LF Loughborough Primary School Final Limited - 1 5 4 -

LF Iqra Primary School Final Limited - 1 6 4 1

LF Kings Avenue Primary School Final Limited - 1 5 3 -

LF Jubilee Primary School Final Limited - 1 2 6 -

Jessop Primary School Final Substantial - - 2 4 1

22


classification


C H M L Advisory

Stockwell Primary School Final Substantial - - 2 4 1

Streatham Wells Primary School Final Substantial - - 2 5 -

St. Andrew's Catholic Primary School - Streatham Final Substantial - - - 3 1

Christ Church Primary SW9 Final Limited - 1 3 2 -

St. Leonard's CE Primary School Final Substantial - - - - 1

Telferscot Primary School Final Substantial - - - 2 2

Reay Primary School Final Substantial - - - 1 1

Woodmansterne Primary School Final Substantial - - 2 4 1

Ashmole Primary School Final Substantial - - - 2 -

La Retraite RC Girls' School - Secondary Final Substantial - - 1 4 -

Bonneville Primary (Additional review) Final Reasonable - 1 1 2 -|

SFVS DSG CFO Assurance Statement Final Advisory N/A - Advisory - - - - -

School Summary Review 2015/16 Final Advisory N/A - Advisory - - - - -

School Summary Review 2016/17 (Additional report) Final Advisory N/A - Advisory - - - - -

Dedicated Schools Grant Chief Finance Officer's Statement 2015-16 Final Advisory N/A - Advisory - - - - -

Kingswood Primary N/A - Deferred to 17/18 - - - - -

GRANT CLAIMS

Troubled Families Funding Period 1 Final N/a Grant claim certified – no issues - - - - -



COMPLIANCE REVIEWS

Corporate health reviews Final Advisory N/A - Advisory - - - - -

Implementation monitoring Final N/A - ongoing N/A - ongoing - - - - -

Risk Management in Schools (Additional review) Final Advisory N/A - Advisory - - - - -

TMO – Wellington Mills (Additional review) Final Reasonable No change - - 3 1 -

23


classification


C H M L Advisory

TMO – Cottingham Close (Additional review) Final Reasonable No change - - 5 - -

ADVISORY REVIEWS

Controls optimisation Final N/A - ongoing N/A - ongoing - - - - -

Veolia/Waste Management Contract Final Advisory N/A - Advisory - - - - -

Mosaic Working Group Final N/A - ongoing N/A - ongoing - - - - -

Other Assurance/Ad hoc advisory Final N/A - ongoing N/A - ongoing - - - - -

TOTAL (all recommendations) 0 24 84 103 19

TOTAL (schools only) 0 6 39 88 14

Total (excluding schools) 0 18 45 15 5

24

Annex 2: Report classifications

For each review undertaken (excluding schools) the overall report classification is determined using a points-based

system which is set out below. This approach allocates points for individual audit findings based on the risk rating of

those findings as follows:

Findings Rating Points

Critical 40 points per finding

High 10 points per finding

Medium 3 points per finding

Low 1 point per finding

The total number of points for the findings identified determines the overall report classification. Since 01/04/2016 we

have adopted new report classifications, consistent with other local authorities who deliver their internal audit through a co

source provision under the Cross Council Assurance Framework (CCAS). These are summarised below (including

previous assurance levels to allow comparison).

Report

classification

201617

Report Classification

2011/12 – 2015/16 Points

Equivalent Assurance

Level up to 2011/12

Substantial

Low risk

6 points or less High Assurance

Reasonable

Medium risk

7– 15 points Moderate Assurance

Limited

High risk

16– 39 points Limited Assurance

No

Critical risk

40 points and over No Assurance

Notes

Substantial – this rating is possible with 1 medium recommendation but not 2

Reasonable – this rating is possible with 1 high recommendation but not 2

Limited – this rating is possible with 3 high recommendations but not 4. It is not possible to get Limited Assurance if

you have any critical recommendations (automatically No Assurance)

The table on the following page is also included in all audit reports to assist management in understanding the level and

nature of each risk associated with the findings in the report.

25

Key to Individual Finding Ratings

Finding Rating Assessment rationale

Critical

Life threatening or multiple serious injuries or prolonged work place stress. Severe impact on

morale & service performance. Mass strike actions etc.

Critical impact on the reputation or brand of the organisation which could threaten its future

viability. Intense political and media scrutiny i.e. front-page headlines, TV. Possible criminal, or

high profile, civil action against the Council, members or officers.

Cessation of core activities, Strategies not consistent with government’s agenda, trends show

service is degraded. Failure of major Projects – elected Members & Senior Directors are

required to intervene.

Major financial loss – Significant, material increase on project budget/cost. Statutory

intervention triggered. Impact the whole Council; Critical breach in laws and regulations that

could result in material fines or consequences.

Immediate action required.

High

Serious injuries or stressful experience requiring medical many workdays lost. Major impact on

morale & performance of staff.

Significant impact on the reputation or brand of the organisation; Scrutiny required by external

agencies, inspectorates, regulators etc. Unfavourable external media coverage. Noticeable

impact on public opinion.

Significant disruption of core activities. Key targets missed, some services compromised.

Management action required to overcome medium – term difficulties.

High financial loss - Significant increase on project budget/cost. Service budgets exceeded. Significant breach in laws and regulations resulting in significant fines and consequences.

Action required promptly or as soon as is practicable.

Medium

Injuries or stress level requiring some medical treatment, potentially some workdays lost. Some

impact on morale & performance of staff.

Moderate impact on the reputation or brand of the organisation; Scrutiny required by internal

committees or internal audit to prevent escalation. Probable limited unfavourable media

coverage.

Significant short-term disruption of non-core activities. Standing Orders occasionally not

complied with, or services do not fully meet needs. Service action will be required.

Medium financial loss - Small increase on project budget/cost. Handled within the team. Moderate breach in laws and regulations resulting in fines and consequences.

Low

Minor injuries or stress with no workdays lost or minimal medical treatment. No impact on staff

morale.

Minor impact on the reputation of the organisation.

Minor errors in systems/operations or processes requiring action or minor delay without impact

on overall schedule. Handled within normal day to day routines.

Minimal financial loss – Minimal effect on project budget/cost.

Advisory

An observation that would help to improve the system or process being reviewed or align it to

good practice seen elsewhere. Does not require a formal management response.

26

Annex 3: Public Sector Internal Audit Standards – annual opinion categories

Type of opinion When to use this type of opinion

Satisfactory A limited number of medium risk rated weaknesses may have been identified, but generally only low risk rated weaknesses have been found in individual assignments; and

None of the individual assignment reports have an overall report classification of either limited or no assurance.

Generally satisfactory with some improvements required

Medium risk rated weaknesses identified in individual assignments that are not significant in aggregate to the system of internal control; and/or

High risk rated weaknesses identified in individual assignments that are isolated to specific systems or processes; and

None of the individual assignment reports have an overall classification of no assurance.

Major improvement required

Medium risk rated weaknesses identified in individual assignments that are significant in aggregate but discrete parts of the system of internal control remain unaffected; and/or

High risk rated weaknesses identified in individual assignments that are significant in aggregate but discrete parts of the system of internal control remain unaffected; and/or

Critical risk rated weaknesses identified in individual assignments that are not pervasive to the system of internal control; and

A minority of the individual assignment reports may have an overall report classification of either limited or no assurance.

Unsatisfactory High risk rated weaknesses identified in individual assignments that in aggregate are pervasive to the system of internal control; and/or

Critical risk rated weaknesses identified in individual assignments that are pervasive to the system of internal control; and/or

More than a minority of the individual assignment reports have an overall report classification of either limited or no assurance.

Disclaimer opinion An opinion cannot be issued because insufficient internal audit work has been

completed. This may be due to either:

Restrictions in the audit programme agreed with the Audit Committee, which meant

that our planned work would not allow us to gather sufficient evidence to conclude on

the adequacy and effectiveness of governance, risk management and control; or

We were unable to complete enough reviews and gather sufficient information to

conclude on the adequacy and effectiveness of arrangements for governance, risk

management and control.

27

Annex 4: Limitations and responsibilities

Limitations inherent to the internal auditor’s work

Our work has been performed subject to the limitations outlined below.

Opinion

The opinion is based solely on the work undertaken as part of the agreed internal audit plan. There might be weaknesses

in the system of internal control that we are not aware of because they did not form part of our programme of work, were

excluded from the scope of individual internal audit assignments or were not brought to our attention. As a consequence

management and the Audit Committee should be aware that our opinion may have differed if our programme of work or

scope for individual reviews was extended or other relevant matters were brought to our attention.

Internal control

Internal control systems, no matter how well designed and operated, are affected by inherent limitations. These include

the possibility of poor judgment in decision-making, human error, control processes being deliberately circumvented

by employees and others, management overriding controls and the occurrence of unforeseeable circumstances.

Future periods

Our assessment of controls relating to the Council is for the period 01/04/2016 to 31/03/2017. Historic evaluation of

effectiveness may not be relevant to future periods due to the risk that:

• The design of controls may become inadequate because of changes in operating environment, law, regulation or

other; or

• The degree of compliance with policies and procedures may deteriorate.

Responsibilities of management and the internal auditors

It is management’s responsibility to develop and maintain sound systems of risk management, internal control and

governance and for the prevention and detection of irregularities and fraud. Internal audit work should not be seen as a

substitute for management’s responsibilities for the design and operation of these systems.

We endeavour to plan our work so that we have a reasonable expectation of detecting significant control weaknesses

and, if detected, we shall carry out additional work directed towards identification of consequent fraud or other

irregularities. However, internal audit procedures alone, even when carried out with due professional care, do not

guarantee that fraud will be detected, and our examinations as internal auditors should not be relied upon to disclose all

fraud, defalcations or other irregularities which may exist.