Agenda item
Internal Audit Progress Report
This report provides an update on progress against the internal audit plan for the period 1 April 2014 to 31 October 2014. The report also provides a summary of counter fraud work for 2014/15.
Minutes:
The Chair advised that on considering the internal audit progress report at its previous meeting, the committee had agreed to review the IT Contracts audit in greater detail. This audit had focussed on the operation of IT systems that had been procured and managed by individual council departments. The audit had examined a sample group of three different IT systems, Tribal, iCasework and OpenGalaxy, and had resulted in a limited assurance. Conrad Hall (Chief Finance Officer) welcomed the committee’s focus on the audit and advised that it had exposed a series of issues regarding departmental management of IT contracts. Issues had been found across each of the three systems examined and it was therefore considered likely that similar problems would be encountered in further examples of across the organisation.
Peter Balham (Head of Technical Services) drew members’ attention to the IT Contracts audit report circulated to the committee and summarised the key issues identified. He advised that it was not uncommon for complex organisations to require specific IT systems to support the work of different departments; however, it was important that processes were in place to ensure that the council’s IT infrastructure met organisational needs, complied with legal requirements and was not open to vulnerabilities. Referring to the six recommendations set out in the report and the corresponding action plan, Peter Balham explained that work was already underway to ensure that the IT Contracts register maintained by ITU included details of those contracts managed directly by individual departments, thereby allowing appropriate challenge to be applied by ITU, reducing the risk of service overlap and providing heightened corporate oversight. The recommendations also addressed issues of compliance with the Council’s procurement policy and procedures, low level data security vulnerabilities and a need for improved performance monitoring of the systems.
Philip Mears (Complaints Services Manager, Assistant Chief Executive’s Department) was present to discuss the outcome of the audit in respect of the iCasework system. He advised that versions of iCasework had been used by the council since 2000; it was used to manage corporate complaints, and more recently Freedom of Information requests and members’ case work. The contracts had previously been managed by ITU until 2012 at which time the system had become hosted by the supplier. Due to the long relationship with iCasework and the relatively small annual maintenance costs, it had become established practice to renew the contract annually. Philip Mears advised that he was in agreement with the recommendations of the report which would require more robust approach to the management of the contract.
In the subsequent discussion members queried how the implementation of the new version of iCasework had been managed, how long it had taken to integrate the old and new versions of the system and sought details of the training and cost implications of this process. A member advised that on speaking with the Senior Regulatory Service Manager regarding use of the iCasework system for managing licensing applications, worrying feedback had been received regarding difficulties with the system and a lack of support from the provider for system developments. In view of this information, the importance of reviewing the business case to ensure that the contract continued to meet the needs of the organisation, prior to annual contract renewal was emphasised. The committee sought further details of the consequences of the data security issues identified by the audit and emphasised the importance of considering any safeguarding implications.
In response to members’ questions, Philip Mears explained that there had been no data integration between the new and old version of iCasework as it had been recognised that the data in the old system had been corrupt. Extensive training had been delivered by staff members over a period of approximately two months and there had therefore been no external cost implications. Peter Balham advised that the system used by the Licensing Team was a very old version of iCasework and utilised a functionality that was no longer supported by the provider. ITU was currently working with the team to identify an appropriate alternative. The committee was assured that the vulnerabilities identified by the audit were considered to be of a low level risk and could be remedied by data encryption. Peter Balham emphasised the quality of the council’s IT infrastructure and advised that stringent testing regarding vulnerabilities was carried out on an annual basis. Work had already begun on the implementation of the audit recommendations and it was intended that the updated contracts register would be in place by March 2015.
Simon Lane (Head of Internal Audit and Investigation) then provided an update to the committee on the progress against the internal audit plan for the period 1 April 2014 to 31 October 2014. Members were informed that of a total 1,200 audit days, 640 days had been delivered thus far. There were 80 projects on the current plan, 29 of which had been completed to draft or final stage. Of these 29 projects, 21 had an audit opinion associated with them, 15 of which were substantial and 6 limited. The level of limited assurance opinions had been 43 per cent for the previous year and it currently stood at 29 per cent. Though this reduction was good, the figure remained too high and it was hoped that this could be reduced still further to 25 per cent. Members’ attention was drawn to the list of audit reports issued since the last meeting of the committee, set out in appendix to the report. He explained that there had been no limited assurances issued since the last meeting. A summary was provided of the non-assurance work conducted and it was highlighted that 8 Priority 1 recommendations were raised as a result of work on the certification of grant claims for the Trouble Families Grant. Details of these recommendations would be available to members at the next meeting of the committee.
In concluding his presentation of the internal audit progress report, Simon Lane referred members to the summary of fraud activity for the year to date. He advised that 8 cases of internal fraud or irregularities had been investigated thus far and there were a further 20 cases currently open, with investigations taking on average 15.1 weeks to complete. Members were reminded that the responsibility for the investigation of Housing Benefit fraud had transferred from the council to the Department for Work and Pensions (DWP) on 1 October 2014 and therefore all outstanding cases had been recorded as closed.
During Members’ discussion, a view was put that the audit plan should include investigation of the pay arrangements for senior staff members, including the Chief Executive, and of the recent employment tribunal findings of racial discrimination. Addressing these issues, Conrad Hall emphasised that there were a limited number of days allocated to audit and follow up activity as detailed in the audit plan and it was important therefore that the resource was properly targeted. He clarified that the Chief Executive was on the council’s payroll and explained that it was not considered appropriate for the council’s initial response to the allegations of racial discrimination to include an Audit investigation. Councillor Pavey reminded the committee that he was conducting a HR review in his capacity as Lead Member for XXX, the outcome of which would be reported to the Scrutiny Committee. The Chair confirmed that the audit plan for 2015/16 would be submitted to a future meeting of the committee for consideration, along with the risk register which would inform any work planning activity.
A member noted that the incidents of internal fraud appeared to be on track to exceed the figure for the previous year and queried the reasons for this. Members sought details of the risks associated with the transfer of Housing Benefit Fraud investigation to the DWP and queried whether this had achieved any savings for the council. A further query was raised regarding the performance of property recovery compared to other London boroughs.
Responding to members’ queries, Simon Lane advised that it was expected that the internal fraud figures for the current and previous year would be broadly similar. The risks associated with the transfer of responsibility for Housing Benefit fraud included the loss of information arising from the investigation which could often lead to uncovering other fraudulent activity. It was anticipated that the council’s subsidy claim could be affected as the council would lose the discretion to raise overpayments. The customer was also exposed to a risk of being investigated by two different organisations. These issues and many more had been raised with the government during consultation. Addressing the resource implications of the transfer, Simon Lane explained that 4 members of staff had transferred out of the organisation which equated to a saving of approximately £200k; however, a sum in excess of this figure would be deducted from the council’s admin claim. A small amount of money had been dedicated to funding a position to liaise with the DWP and provide information required for their investigations.
The Chair thanked the officers for their contribution to the meeting and commended the officers of the Audit and Investigation team for the internal audit progress report. The Chair then drew the committee’s attention to those audit projects which had received limited assurance and following discussion, it was agreed that the committee would explore in greater detail the No Recourse to Public Funds (Adolescent Prevention Service) audit.
RESOLVED:
That the progress made in achieving the 2014/15 Internal Audit Plan; the review of fraud and the limited assurance reports as set out in appendix 1 to the report be noted.
Supporting documents:
- internal_audit_progress_report_2014-15, item 5. PDF 339 KB
- internal_audit_appendix 1, item 5. PDF 250 KB