Internal Audit Annual Report 2021/22

Internal Audit Annual Report and Annual Statement of Assurance 2021/22

Report by: BDO

Published: June 2022

 

Contents

1. Summary of 2021/22 Work
2. Review of 2021/22 Work
3. Summary of Findings
4. Added Value
5. Key Themes
6. Background to Annual Opinion
7. Key Performance Indicators
8. Appendix 1: Opinion and Recommendation Significance

 

1. Summary of 2021/22 Work

Internal Audit 2021/22

This report details the work undertaken by internal audit for Rushcliffe Borough Council and provides an overview of the effectiveness of the controls in place for the full year. The following reports have been issued for this financial year:

• Contract Management and Procurement
• Corporate Governance
• Health and Safety
• Business Continuity
• Housing Benefits
• Main Financial Systems
• Planning and S106
• Homelessness and Temporary Accommodation
• General Data Protection Regulation (GDPR)

We have detailed the opinions of each report and key findings on pages four to eight. Our internal audit work for the 12-month period from 1 April 2021 to 31 March 2022 was carried out in accordance with the internal audit plan approved by management and the Governance and Scrutiny Committee. The plan was based upon discussions held with management and was constructed in such a way as to gain a level of assurance on the main financial and management systems reviewed. There were no restrictions placed upon the scope of our audit and our work complied with Public Sector Internal Audit Standards.

Head of Internal Audit Opinion

The role of internal audit is to provide an opinion to the Board, through the Audit Committee (AC), on the adequacy and effectiveness of the internal control system to ensure the achievement of the organisation’s objectives in the areas reviewed. The annual report from internal audit provides an overall opinion on the adequacy and effectiveness of the organisation’s risk management, control and governance processes, within the scope of work undertaken by our firm as outsourced providers of the internal audit service. It also summarises the activities of internal audit for the period.

Overall, we are able to provide Substantial Assurance that the risk and control arrangements at the Council should deliver the objectives and risk management aims of the organisation in the areas under review. There is only a small risk of failure or non-compliance. This is our highest level of assurance. In forming our view we have taken into account that:

• In the current year all audits provided either substantial or moderate assurance in the design of controls (Substantial: 5, Moderate: 4). In the current year all audits provided either substantial or moderate assurance in the operational effectiveness of controls (Substantial: 4, Moderate: 5). We did not issue any limited assurance reports this year.
• Some areas of weakness have been identified through our reviews, including opportunities for improvement in the performance against KPIs in relation to planning, as well as the need to ensure training compliance is improved for Officers with regards to asbestos and legionella and for those Members who sit on the Planning and Licensing committees. Additionally, where thresholds have been set for the sign off of contracts, this should be adhered to. Overall, however these weaknesses did not have an over-bearing impact on the general control environment.
• During 2021/22 the Council have implemented the majority of audit recommendations. At the time of writing, of the 23 that have become due this year:
  • 20 have been implemented
  • Three are no longer applicable and have been moved to a low and will therefore not be followed up
  • Overall, this demonstrates good progress and an effective escalation process.
• The projected revenue outturn position as at December 2021 and reported to Cabinet in March 2022 for the year 21/22 is a net service expenditure of £12.327m, and funding of £11.754m. Overall, the expected revenue budget efficiency position for the year is £0.054m inclusive of reserves commitments. Our discussion with External Audit noted that whilst the accounts are still in draft, they do not anticipate any financial position concerns.
• Overall, while there remain some gaps and risks, our work has concluded that the Council is able to maintain robust controls, particularly given the ongoing impact of Covid on operations and workforce during the year. Good practice was identified in areas such as the review of the Homelessness and Temporary Accommodation as well as Treasury Management, reviewed as part of this year’s Main Financial System review.

2. Review of 2021/22 Work

Report Issued: Contract Management & Procurement

Recommended Actions and Significance:

• High - 0
• Medium - 3
• Low - 1

Overall Report Conclusion:

• Design - Moderate
• Operational Effectiveness - Moderate

Summary of Key Findings / Recommendations

The achievement of many aspects of Rushcliffe Borough Council’s purpose and vision relies on effective procurement and contract management, alongside the management of relationships with key partners. Local authorities are required to demonstrate sound financial administration supporting protection of the public purse, and work to rules governing how the Council will conduct procurement and ensure fair and transparent competition in the award of contracts.

The purpose of the audit was to provide assurance over key governance processes for procurement and contract management at the Council. This review will include selecting a sample of significant contracts and ensuring they were appropriately procured and managed.

We noted some good practices in relation to the Council’s reviewing of key performance monitoring and found that from sample testing of 5 high value contracts in all 5 cases the agreed KPIs were reported as per contract terms and where the supplier was not performing, there was an appropriate escalation processes with adequate resulting action in place.

However, it was identified that there was no formalised process for the regular review of aggregated spend for low value works to establish if a formal procurement process should be completed, following sample testing of ten contracts we found that in four instances that the Council’s Contract and Procurement Process had not been followed and finally, following sample testing of ten high value contracts, we found that two contracts had not been signed by officers who have sufficient authority to do so.

This has led us to conclude a moderate assurance over both the design and operational effectiveness of controls.

Report Issued: Corporate Governance

Recommended Actions and Significance:

• High - 0
• Medium - 2
• Low - 6

Overall Report Conclusion:

• Design - Moderate
• Operational Effectiveness - Moderate

Summary of Key Findings / Recommendations

Effective corporate governance should equip the Council with a mechanism for ensuring that the focus of activities supports the achievement of its strategic aims. Good corporate governance extends from policy setting through to control objectives and is based on the people, ethos and culture established within the organisation. Governance processes can be more narrowly defined as comprising committee structures, schemes of delegation, higher level strategies, policies and processes.

The purpose of this audit was to review the Council’s corporate governance arrangements to ensure they comply with best practice and help deliver the outcomes required by the District. In our audit, we identified the following key findings: 

• Ongoing confirmation of interests - Councillors – At the time of our review, 8 Councillors had not updated their declaration of interests in the last 12 months. It is recognised that this may have been affected by not having meetings in person due to COVID-19, where declarations of interest forms would have been completed on paper 
• Councillor engagement in training – Engagement from Councillors with the training programme provided by the Council needs improvement, especially with the Regulatory committees where:
  • 18% of the Planning Committee had not completed Planning Training since election in 2019
  • 20% of the Licensing Committee had not completed Licensing Training since election in 2019.

Overall, we found that fundamental governance structures and processes were in place. However, we identified two in particular areas that require attention – both of which the Council were already aware of. These relate to the finding that 8 Councillors have not completed their declaration of interest in the prior 12 months and instances of non-compliance for training completion for Regulatory committees.

We have reported two medium and six low priority findings. Therefore, we have assessed the systems in place are of moderate design and moderate operational effectiveness.

Report Issued: Health and Safety

Recommended Actions and Significance:

• High - 0
• Medium - 2
• Low - 1

Overall Report Conclusion:

• Design - Moderate
• Operational Effectiveness - Moderate

Summary of Key Findings / Recommendations

The Council has a legal duty to put in place suitable arrangements to manage health and safety risks. According to the Health and Safety Executive (HSE), managing health and safety should be part of the everyday process of running an organisation and an integral part of workplace behaviours and attitudes. For HSE, the core elements to effectively manage health and safety are: strong leadership and management, a trained and skilled workforce, and an environment where people are trusted and involved.

The purpose of this review is to assess the Council’s arrangements for ensuring the health and safety of staff and visitors and how assurances on the effectiveness of these arrangements are reported to the Council. Our review noted that there are number of good areas of practice at the Council regarding health and safety. These areas include the reviewing of health and safety policies, the defining of roles and responsibilities in the management framework and the clear reporting groups for health and safety.

However, areas for improvement were identified during the review. These findings relate to the training rates for Display Screen Equipment, asbestos and legionella and the need for refresher training for the latter two. Further, there is a need for more frequent monitoring of actions identified in risk assessments and a more consistent process of review in Pentana which has led us to moderate assurance able to be provided over both the design and operational effectiveness of controls in place regarding the management of health and safety within the Council.

Report Issued: Business Continuity

Recommended Actions and Significance:

• High - 0
• Medium - 1
• Low - 1

Overall Report Conclusion:

• Design - Substantial
• Operational Effectiveness - Moderate

Summary of Key Findings / Recommendations

Any disruption to the availability of the Council’s systems could result in the Council being unable to provide its critical services. In order to mitigate this risk, the Council have an overall Business Continuity Plan (the Plan) in place, supported by a number of business impact assessments (BIA) for areas that have identified as critical service functions. There is also a complimentary IT Business Continuity Plan which includes processes relating to disaster recovery.

The purpose of this audit was to assess the design and operational effectiveness of the Council’s business continuity and disaster recovery controls and to highlight any areas where the controls might be improved.

Overall, the Council has controls in place that are designed to ensure that there is adequate control over business continuity and disaster recovery. This includes detailed Council wide and IT specific business continuity plans, which clearly identify responsible persons with clear roles and responsibilities at directorate and business level.

The Council have a template Business Impact Assessment for those areas which have been identified as critical service functions. However, further progress needs to be made in ensuring these are appropriately and accurately completed.

Much of the Council’s business continuity work is continuous. Despite this, it is important for there to be a frequent review and reflection process through regular testing of the Plan.

Therefore, the overall rating is a substantial opinion on the design of the system, and a moderate opinion on the effectiveness of the system.

Report Issued: Housing Benefits

Recommended Actions and Significance:

• High - 0
• Medium - 0
• Low - 0

Overall Report Conclusion:

• Design - Substantial
• Operational Effectiveness - Substantial

Summary of Key Findings / Recommendations

Rushcliffe Borough Council (the Council) is responsible for administering housing benefit and council tax reduction in the Borough. Housing benefits are intended to help meet housing costs for rented accommodation and council tax and are available to people on a low income or no income. Housing benefits are means tested based on a claimant’s income and capital.

The Council use the Capita system to process new claims and changes in circumstances, and the Northgate system for document management.

The purpose of the audit is to provide assurance over the adequacy and effectiveness of the key processes and controls in place over the processing and payment of housing benefit claims and checking that housing benefit claims are cancelled in a timely manner where individuals have been set up by the Department for Work and Pensions (DWP) to receive universal credit payment.

We noted no key findings from this review. The Council has policies and procedure notes in place to guide the administration of Housing Benefits. There are a wide range of procedure notes available, from outlining the processes for rent increases, to universal credit termination. The Capita system is used to record all information related to claim processing and the Northgate system to support document storage and workflow management.

Through our testing we can provide substantial assurance that the controls that the Council has in place and follows in administering housing benefits is sound. The Council has sufficient controls in place around the procedures for processing new housing benefit claims, making amendments to existing claims, monitoring performance, minimising duplication and overpayments of housing benefits and performing write-offs.

By following the BDO sampling methodology, we selected a sample of records from the overall population for our analysis. Hence, we are unable to provide absolute assurance that the remaining population is also free of errors. Therefore, on the basis that no errors were identified in the audit sample, substantial assurance is provided on both the design and the operational effectiveness of controls around the administration of housing benefits at the Council.

Report Issued: Main Financial Systems

Recommended Actions and Significance:

• High - 0
• Medium - 0
• Low - 1

Overall Report Conclusion:

• Design - Substantial
• Operational Effectiveness - Substantial

Summary of Key Findings / Recommendations

The purpose of this review was to provide assurance over the design and effectiveness of the controls in place around council tax and NNDR, treasury management and payroll as well as to highlight any areas where the controls could be improved. We also performed a follow up of the recommendations raised in the 20/21 Budgetary Management audit to ensure these have been implemented.

We raised one medium priority finding that there were two instances where the One Revenues user declaration form identified friends, relatives, partners or acquaintances that live in the Council’s jurisdiction, but these individuals had not been blocked on the users’ account.

The Council have a Substantial control design for the management of its main financial systems. This review focused on the administration of revenues received through council tax and NNDR which were robust. Users were admitted to the Capita One Revenues system with appropriate authorisations based on their job role and leavers were deactivated from the system. Accurate bills were generated and issued to occupiers in a timely manner and nationally reported figures show that the Council have performed well compared to other local authorities in collecting council tax and NNDR.

There were adequate arrangements in place for approving refunds, with refunds over £5k requiring the approval of the Director of Finance & Corporate Services. Our sample test identified compliance with these approval levels. Furthermore, the Council’s Treasury Management Strategy was outlined clearly and publicly available on its website. Treasury deals were completed with approved counterparties, within limits and with the approval of the Financial Services Officer.

Although the payroll function is outsourced to Gedling Borough Council, the Council reconcile the payroll authorisations spreadsheet to the payroll control account each month to ensure accurate payments are made.

Overall, there was a Substantial control effectiveness and consistent compliance with controls.

Report Issued: Planning and S106

Recommended Actions and Significance:

• High - 0
• Medium - 3
• Low - 0

Overall Report Conclusion:

• Design - Moderate
• Operational Effectiveness - Moderate

Summary of Key Findings / Recommendations

The purpose of this audit was to review and assess the effectiveness of controls in place regarding planning and review the management of Section 106 funds.

Between 1 April 2020 and 31 July 2021, the Council decided on 1,196 planning applications. Planning permission was granted in 93% of these cases. The Town and Country Planning (General Permitted Development) (Amendment) (England) Order 2015 requires minor applications to be decided on within eight weeks of an application being validated and major applications to be decided on within 13 weeks. The Government have a planning guarantee that all applications, where an extension of time has not been agreed, will be decided on within 26 weeks from validation. The Council use the Uniform system to manage planning applications and Idox to retain all documentation relating to applications.

We raised three medium findings: 

• The KPI reports identified that the Council were failing to meet its target of 85% of householder applications completed within statutory time limits. This appeared to be due to vacancies in the team and a focus on processing major applications.
• Developers failed to notify the Council when S106 Agreement triggers had been met which led to delays in contributions being collected and the Council is not enforcing penalties for this, as it wants to maintain good relationships with developers. There was also one instance, now corrected, where a developer had been overcharged due to the incorrect indexation being applied.
• 10/15 planning applications we tested were not processed within the statutory time limits and where extension of time agreements were made, in 8 cases these were agreed after the statutory time limit had elapsed.

Overall, the Council's management of planning and S106 Agreements was adequate but with improvements required in some areas. This led us to conclude that the control design and effectiveness was Moderate.

Report Issued: Homelessness and Temporary Accommodation

Recommended Actions and Significance:

• High - 0
• Medium - 0
• Low - 3

Overall Report Conclusion:

• Design - Substantial
• Operational Effectiveness - Substantial

Summary of Key Findings / Recommendations

The Housing Act 1996, Homelessness Act 2002, and the Localism Act 2002 place statutory duties on local housing authorities relating to homelessness. This has been extended more recently by the Homelessness Reduction Act 2017 which requires the authorities to undertake prevention work with people threatened with homelessness in 56 days, increasing from 28 days. As such Rushcliffe Borough Council (the Council) is required to ensure that advice and assistance is provided (free of charge) to individuals who are homeless or threatened with homelessness. Where the authority is satisfied that an applicant is eligible for assistance, unintentionally homeless and falls within a specified priority need group, local authorities have a ‘main homelessness duty’ to ensure that suitable accommodation is available for the applicant.

We found:

• Actions identified in the Joint Strategy are not SMART and targeted, however, we understand that the Council are already taking a considerable number of actions towards the delivery of the actions, particularly around engagement with landlord forums to increase the availability of private rented accommodation.
• Key performance indicators (KPIs) around time spent in temporary accommodation, numbers of homelessness cases prevented, etc. were collected on Pentana but were not presented to the Neighbourhood Management Clinic and the Corporate Overview Group. Reporting of these KPIs to both groups would add value and context to performance.
• There was one instance out of seven in our sample test of out-of-district temporary accommodation placements where a S208 letter could not be located on HomeSearch or Information@Work.

Overall, the Council have substantial controls for the management of homelessness and temporary accommodation. The Council have taken a co-operative approach with other neighbouring local housing authorities through its Joint Strategy with Broxtowe Borough Council and Gedling Borough Council, and its interaction with other East Midlands authorities via the Housing Sub-Group.

Report Issued: General Data Protection Regulation (GDPR)

Recommended Actions and Significance:

• High - 0
• Medium - 1
• Low - 1

Overall Report Conclusion:

• Design - Substantial
• Operational Effectiveness - Substantial

Summary of Key Findings / Recommendations

The management and use of information has become more important as both expectations of information governance and the service expected by customers are getting more demanding. Using and managing information appropriately has a significant part to play in the delivery of meeting these expectations. In order to share information internally, with its Partners, with third parties and with the public, the Council needs to comply with the regulations governing the release of information, including the General Data Protection Regulation (the GDPR) 2018 and the Freedom of Information Act (the FOIA). Members of the public have the right to request information about any data that the Council holds about them and this must be provided within a defined timeframe as dictated by the GDPR.

We have raised one medium and one low priority recommendation to improve the Council’s GDPR compliance controls. Overall, the Council has a robust internal control environment, derived primarily from defined roles and responsibilities and the completion of appropriate training by members of staff.

However, gaps were identified in the Council’s Information Asset Register and the GDPR compliance training. We therefore conclude substantial assurance over both the design of the Partnership’s GDPR compliance controls and their operational effectiveness.

3. Summary of Findings

Recommendations

2019/20 (RSM)

• High - 0
• Medium - 4
• Low - 29

2020/21

• High - 0
• Medium - 12
• Low - 14

2021/22

• High - 0
• Medium - 12
• Low - 14

Control Design

2019/20 (RSM)

• Limited - 0
• Moderate - 3
• Substantial - 12

2020/21

• Limited - 0
• Moderate - 3
• Substantial - 5

2021/22

• Limited - 0
• Moderate - 4
• Substantial - 5

Overall Effectiveness

2019/20 (RSM)

• Limited - 0
• Moderate - 3
• Substantial - 12

2020/21

• Limited - 0
• Moderate - 4
• Substantial - 4

2021/22

• Limited - 0
• Moderate - 5
• Substantial - 4

4. Added Value

Use of Specialists

We undertook one IT review this year (GDPR) and deployed an IT specialist to undertake the work. Further, the annual Fraud Report was delivered by our Fraud specialist.

Responsiveness

We ensured we were responsive to the Council's needs and, following scoping for an audit originally planned, we adjusted the audit plan to accommodate a separate audit (Health and Safety) which was felt to be of more relevance.

Benchmarking and Best Practice

Benchmarking was completed in a number of our reviews, including Planning and s106 as well as Homelessness and Temporary Accomodation. Further, we shared evidence of best practice in the Corporate Governance review.

Innovation

As noted above, we utillised our audit days to ensure areas of highest risk were covered. Additionally, we undertook data analytics where possible including in Main Financial Systems and Housing Benefit reviews.

5. Key Themes

People

The Council welcomed internal audit and provided us with strong levels of time and support during our reviews. However, training for Officers and Members could be improved as noted in Health and Safety and Corporate Goverance respectively.

Systems & Processes

We identified that the systems and processes were largely operating effectviely. However, we noted that there are areas for improvement, eg planning applications response times and ensuring Members declarations of interest are regularly updated.

Policies & Procedures

Overall, policies and procedures were in place and were subject to approval throughout service areas within the Council. Adherence was positive in most cases, however, we contract sign-offs did not follow the approved scheme of delegation.

Governance & Follow Up

Governance processes were largely robust with formal reporting lines established. However, it was identified there was scope to improve monitoring and reporting of KPIs as part of the Planning and Homelessess and Temporary Accomodation audits.

6. Background to Annual Opinion

Introduction

Our role as internal auditors to Rushcliffe Borough Council is to provide an opinion to the Board, through the Governance Scrutiny Committee on the adequacy and effectiveness of the internal control system to ensure the achievement of the organisation’s objectives in the areas reviewed. Our approach, as set out in the firm’s Internal Audit Manual, is to help the organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Our internal audit work for the 12-month period from 1 April 2021 to 31 March 2022 was carried out in accordance with the internal audit plan approved by management and the Governance Scrutiny Committee, adjusted during the year for any emerging risk issues. The plan was based upon discussions held with management and was constructed in such a way as to gain a level of assurance on the main financial and management systems reviewed. There were no restrictions placed upon the scope of our audit and our work complied with Public Sector Internal Audit Standards.

The annual report from internal audit provides an overall opinion on the adequacy and effectiveness of the organisation’s risk management, control and governance processes, within the scope of work undertaken by our firm as outsourced providers of the internal audit service. It also summarises the activities of internal audit for the period.

Scope and Approach

Audit Approach

We have reviewed the control policies and procedures employed by Rushcliffe Borough Council to manage risks in business areas identified by management set out in the 2021-22 Internal Audit Annual Plan approved by the Governance Scrutiny Committee. This report is made solely in relation to those business areas and risks reviewed in the year and does not relate to any of the other operations of the organisation. Our approach complies with best professional practice, in particular, Public Sector Internal Audit Standards, the Chartered Institute of Internal Auditors’ Position Statement on Risk Based Internal Auditing.

We discharge our role, as detailed within the audit planning documents agreed with Rushcliffe Borough Council’s management for each review, by:

• Considering the risks that have been identified by management as being associated with the processes under review
• Reviewing the written policies and procedures and holding discussions with management to identify process controls
• Evaluating the risk management activities and controls established by management to address the risks it is seeking to manage
• Performing walkthrough tests to determine whether the expected risk management activities and controls are in place
• Performing compliance tests (where appropriate) to determine that the risk management activities and controls have operated as expected during the period.

The opinion provided on page 4 of this report is based on historical information and the projection of any information or conclusions contained in our opinion to any future periods is subject to the risk that changes may alter its validity.

Reporting Mechanisms and Practices

Our initial draft reports are sent to the key officer responsible for the area under review in order to gather management responses. In every instance there is an opportunity to discuss the draft report in detail. Therefore, any issues or concerns can be discussed with management before finalisation of the reports.

Our method of operating with the Governance Scrutiny Committee is to agree reports with management and then present and discuss the matters arising at the Governance Scrutiny Committee meetings.

Management actions on our recommendations

Management was engaged with the internal audit process and provided time to us during the fieldwork phases of our reviews, providing audit evidence promptly and allowing the reviews to proceed in a timely manner, including opportunities to discuss findings and recommendations prior to the issue of draft internal audit reports. Management responses to draft reports were mostly within our requested time frame, however, there were some instances where the turnaround of draft reports was slow.

Recommendations follow-up

Implementation of recommendations is a key determinant of our annual opinion. If recommendations are not implemented in a timely manner, then weaknesses in control and governance frameworks will remain in place. Furthermore, an unwillingness or inability to implement recommendations reflects poorly on management’s commitment to the maintenance of a robust control environment.

During 2021/22 the Council have implemented the majority of audit recommendations. At the time of writing, of the 23 that have become due this year:

• 18 have been implemented o
• Two became overdue and provided revised implementation dates o
• Three are no longer applicable and have been moved to a low and will therefore not be followed up.

It should be noted that a further nine recommendations are due to be followed up prior to June’s Governance Scrutiny Committee.

Overall, this demonstrates good progress and an effective escalation process.

Relationship with external audit

All our final reports are available to the external auditors through the Governance Scrutiny Committee papers and are available on request. Our files are also available to external audit should they wish to review working papers to place reliance on the work of internal audit.

Report by BDO LLP to Rushcliffe Borough Council

As the internal auditors of Rushcliffe Borough Council, we are required to provide the Audit Committee, and the Director with an opinion on the adequacy and effectiveness of risk management, governance and internal control processes, as well as arrangements to promote value for money.

In giving our opinion it should be noted that assurance can never be absolute. The internal audit service provides Rushcliffe Borough Council with Moderate Assurance that there are no major weaknesses in the internal control system for the areas reviewed in 2021-22. Therefore, the statement of assurance is not a guarantee that all aspects of the internal control system are adequate and effective. The statement of assurance should confirm that, based on the evidence of the audits conducted, there are no signs of material weaknesses in the framework of control.

In assessing the level of assurance to be given, we have taken into account:

• All internal audits undertaken by BDO LLP during 2021-22.
• Any follow-up action taken in respect of audits from previous periods for these audit areas.
• Whether any significant recommendations have not been accepted by management and the consequent risks.
• The effects of any significant changes in the organisation’s objectives or systems.
• Matters arising from previous internal audit reports to Rushcliffe Borough Council.
• Any limitations which may have been placed on the scope of internal audit – no restrictions were placed on our work.

7. Key Performance Indicators

Quality Assurance - Quality of Work

KPI

We received good feedback on our work from Officers with an average score of 4.2/5 from the five satisfaction survey responses we obtained. Further all respondents either Agreed or Strongly Agreed that the final reports were clear and concise, the recommendations were constructive and practical and that our work added value.

BDO also passed their external quality assessment undertaken by the Institute of Internal Auditors in the last 12 months confirming our arrangements ‘generally conform’ (the highest standard) to Public Sector Internal Audit Standards (PSIAS).

RAG Rating - Green

 

Quality Assurance - Responsiveness of the service

KPI

We have responded to deadlines and targets well with the plan completed by the earliest Governance Scrutiny Committee following the 31 March. An audit was pushed back to later in the year as result of new policies being written (Contract Management and Procurement) to ensure the Council obtained the most benefit. Further, one audit was removed and replaced at the request of the Council due to a procurement being underway.

RAG Rating - Green

 

Quality Assurance - Completion of audit plan

KPI

We have completed out Internal Audit Programme for 2020-21.

RAG Rating - Green

 

Quality Assurance - Follow-up of recommendations

KPI

We escalate all non - responses and recommendations with several revised due dates to the Council’s Corporate Services Manager (if required). However, there have been no instances where we have had to escalate for responses as auditees have been receptive in responding to both legacy and BDO recommendations.

RAG Rating - Green

 

8. Appendix 1: Opinion and Recommendation Significance

Annual Opinion Definition

Substantial- Fully meets expectations (Green)

• Our audit work provides assurance that the arrangements should deliver the objectives and risk management aims of the organisation in the areas under review. There is only a small risk of failure or non-compliance.

Moderate - Significantly meets expectations (Amber)

• Our audit work provides assurance that the arrangements should deliver the objectives and risk management aims of the organisation in the areas under review. There is only a some risk of failure or non-compliance.

Limited - Partly meets expectations (Red)

• Our audit work provides assurance that the arrangements should deliver the objectives and risk management aims of the organisation in the areas under review. There is a significant risk of failure or non-compliance.

No - Does not meet expectations (Dark Red)

• Our audit work provides assurance that the arrangements should deliver the objectives and risk management aims of the organisation in the areas under review. There is an almost certain risk of failure or non-compliance.

 

Report Opinion Significance Definition

Level of Assurance = Substantial (Green)

Design Opinion: Appropriate procedures and controls in place to mitigate the key risks.

Findings: There is a sound system of internal control designed to achieve system objectives.

Effectiveness Opinion: No, or only minor, exceptions found in testing of the procedures and controls.

Findings: The controls that are in place are being consistently applied.

 

Level of Assurance = Moderate (Amber)

Design Opinion: In the main, there are appropriate procedures and controls in place to mitigate the key risks reviewed, albeit with some that are not fully effective.

Findings: Generally, a sound system of internal control designed to achieve system objectives with some exceptions.

Effectiveness Opinion: A small number of exceptions found in testing of the procedures and controls.

Findings: Evidence of noncompliance with some controls that may put some of the system objectives at risk.

 

Level of Assurance = Limited (Red)

Design Opinion: A number of significant gaps identified in the procedures and controls in key areas. Where practical, efforts should be made to address in-year.

Findings: System of internal controls is weakened with system objectives at risk of not being achieved.

Effectiveness Opinion: A number of reoccurring exceptions found in testing of the procedures and controls. Where practical, efforts should be made to address in-year.

Findings: Non-compliance with key procedures and controls places the system objectives at risk.

 

Level of Assurance = No (Dark Red)

Design Opinion: For all risk areas there are significant gaps in the procedures and controls. Failure to address in-year affects the quality of the organisation’s overall internal control framework.

Findings: Poor system of internal control.

Effectiveness Due to absence of effective controls and procedures, no reliance can be placed on their operation. Failure to address in-year affects the quality of the organisation’s overall internal control framework.

Findings: Non-compliance and/or compliance with inadequate controls.

 

Recommendation Significance Definition

High (Red)

A weakness where there is substantial risk of loss, fraud, impropriety, poor value for money, or failure to achieve organisational objectives. Such risk could lead to an adverse impact on the business. Remedial action must be taken urgently.

Medium (Amber)

A weakness in control which, although not fundamental, relates to shortcomings which expose individual business systems to a less immediate level of threatening risk or poor value for money. Such a risk could impact on operational objectives and should be of concern to senior management and requires prompt specific action.

Low (Green)

Areas that individually have no significant impact, but where management would benefit from improved controls and/or have the opportunity to achieve greater effectiveness and/or efficiency.