To consider the attached report.
Contact Officer: Kate Mulhearn (01296) 585724
Members received a progress report on activity undertaken against the 2018/19 Assurance Plan that had been approved by the Committee in June 2018. The following matters were highlighted:-
Final Reports issued since the previous Committee Meeting
The following reviews had been completed since the last Committee meeting:-
· Connected Knowledge – Benefits Realisation (Risk Rating: n/a) – the review had used a sample of 3 completed Connected Knowledge projects to assess the approach the Council was taking to identify, measure and report on the benefits and lessons learnt. The report highlighted a number of areas of good practice and, for the projects sampled, the majority of service users had stated that the projects had delivered improvements on the previous arrangements. However, the review had concluded that, at this stage of the programme, it was hard to form a definitive view on the benefits realised to date, with further improvements needed on the clarity with which anticipated benefits were stated and subsequently reported.
The review had also found that arrangements to close down projects needed to be further formalised, using a two stage approach. Members commented on the need in particular to be mindful of the decision of Council to ensure a proper assessment of the benefits of projects against the aspirations of the new unitary authority.
· General Ledger Reconciliations and Management Information (Medium Risk) – the review had identified one high risk, one medium risk and 2 low risk findings. The purpose of the review had been to assess the control design and operating effectiveness with regard to AVDC’s management of its general ledger, particularly in terms of how it interfaced with other systems and the processes for reconciliation. The findings had been summarised as follows:-
· there had been a lack of automated integration between some Council systems and the general ledger and some key reconciliations (including Licensing, Environmental Health (RegServe) and Commercial Property) had not taken place to confirm the accuracy and completeness of data held. This lack of integration had created inefficiencies in some of the Council’s billing processes. (High)
· reconciliations in the Waste service, including Garden Waste and Trade Waste had not been undertaken. (Medium)
· other areas for improvement in reconciliation processes had been identified including Bulky Waste, Domestic Waste, Land Charges, Planning and Markets. (Low)
· procedures relating to the completion of reconciliations between AVDC’s various financial systems had not been sufficiently detailed. This included not having a documented reconciliation approval form to record all reconciliations that had not taken place. (Low)
· the Quarterly Finance Digest had not always been reported for formal scrutiny on a timely basis. (Advisory). It was commented that the Financial Digest should be circulated as soon as it had been finalised with a request for Members to raise any issues directly with officers for subsequent report to this Committee if necessary.
A number of areas of good practice had been noted during the review and these had been reflected in the overall “Medium” risk classification for the report.
· Debt Management (Low Risk) – the review had identified one medium risk and 3 low risk findings. The purpose of the review had been to assess the control design and operating effectiveness with regard to the Council’s debt management processes. The review had found that significant work had been undertaken to improve the management and recovery of debt. However, it had been identified that further improvements could be made in the following areas:-
· Credit notes had been raised and approved by the same member of staff with a lack of segregation of duties, increasing the risk of inappropriate credit notes being issued. (Medium)
· Actioning of debt write-offs, where necessary, was not consistently carried out on a timely basis. (Low)
· There was insufficient evidence of due diligence procedures carried out for new customers provided with credit by the Council, with insufficient procedures in place to review the appropriateness of existing credit terms provided to current customers. (Low)
· There had been no documentation to evidence that the review of customer account changes had been completed and action taken, where necessary. (Low)
The scope of the audit had also covered the review of processes to ensure the accurate and complete billing for Council services. Issues had been identified in this area as a result of the lack of integration, automated interface and reconciliation between service systems and the general ledger. This had been picked up and highlighted in the General Ledger Reconciliations and Management Information internal audit report. The overall “Low” rating for the Debt management review related to debt management and recovery procedures only.
The full review reports were attached as Appendix 3 to the Committee report.
Summary of changes to the 2018/19 Internal Audit Plan
Members were informed that it was important for the plan to be flexible to respond to emerging or changing risks. The following changes had been made to the 2018/19 plan since its approval in June 2018:-
· Payroll – the original plan had included a post-implementation review of the new Payroll/HR system (XCD). As the XCD project had been cancelled and existing processes kept in place, the audit days would be reallocated to other reviews. Previous audits of the current payroll system had assessed it as low risk.
· Tech One – it was intended to review system integration and data transfer controls to ensure that the data held in Tech One was complete and accurate. An IT project was underway to look at Council wide data transfers (Uniflow). System integration aspects had been picked up in work on reconciliations as part of the General Ledger review and audit days allocated.
· Waste and Recycling – Contracts – the original plan had included for a review of the contracts for Street Cleansing / Horticulture and Recycling. Street scene services were being brought back in-house when the current contract concluded in January 2020. A new contract for recyclates had been agreed last year. For both contracts, management procedures were in place and they were not considered a high risk for internal audit review. The audit days would be reallocated to allow for more in-depth reviews of Commercial Waste and Parking Services.
· Section 106 Agreements – an audit had been scoped to assess processes and controls over the allocation, financial management and monitoring of Section 106 funds. Work had been undertaken during December and January by BDO but unfortunately they had been unable to complete the review and issue a final report. The status of the review would be further assessed as part of the 2019/20 internal audit plan of work.
Implementation of Agreed Audit Actions
The implementation of actions and recommendations raised by internal audit reviews were monitored to ensure that the control weaknesses identified had been satisfactorily addressed. Actions arising from low risk audit findings were followed up by management and reviewed, but not validated, by internal audit.
A detailed listing of all internal audit actions, together with a status update was included at Appendix 4. In total, 58 actions had been followed up for the July 2019 Committee – that included an update on all actions due for completion by May 2019 or earlier. 30 out of the 58 actions had been completed or had been closed.
Aylesbury Vale Broadband Review
The Committee was informed that the results of the independent review undertaken by BDO LLP, into the governance arrangements over the Council’s investment in Aylesbury Vale Broadband (AVB) had been reported to the Audit Committee in June 2018. Recommendation 17 of the BDO report had concluded that, ”If the Council’s wider Members are to have greater oversight of the Council’s commercial ventures, then the confidentiality requirements of ‘yellow pages’ must be respected.”
The Council had requested for the Lead Legal and Monitoring Officer to carry out an investigation into the unauthorised disclosure of confidential in relation to AVB and the results of that investigation were attached as Appendix 5 to the Committee report. Members asked that in future alleged breaches of the Code of Conduct in relation to the release of confidential information should be actioned as soon as they had been identified. It was confirmed that this would be discussed with the Lead Legal and Monitoring Officer.
Members sought further information on the following:-
· It was affirmed that if the training in relation to safeguarding was not delivered in a timely fashion the relevant Cabinet Member and Assistant Director should be invited to attend a meeting of this Committee to give an update on proposed actions.
· In relation to safeguarding training for taxi drivers, concern was expressed that a number of drivers had not yet been through the training programme. The Chairman would raise this issue with the Chairman of the Licensing Committee.
(1) That the progress report be noted.
(2) That (subject to the caveat referred to above) the details and results of the investigation by the Lead Legal and Monitoring Officer into the breach of confidentiality (stemming from recommendation 17 of the Aylesbury Vale Broadband Review by BDO LLP) be noted.