AUDIT COMMITTEE - - Charnwood COMMITTEE – 20TH February 2018 Report of the Head of Strategic Support Part A ITEM 10 INTERNAL AUDIT PROGRESS REPORT Purpose of Report The report summarises

AUDIT COMMITTEE – 20TH February 2018

Report of the Head of Strategic Support

Part A

ITEM 10 INTERNAL AUDIT PROGRESS REPORT Purpose of Report The report summarises the status of the 2017-18 Audit Plan and also outlines the key findings from final audit reports and follow-up work completed since the previous progress report considered by the Audit Committee at the meeting held on 28th November 2017. Recommendation The Committee notes the report. Reason To ensure the Committee is kept informed of progress against the approved Internal Audit plan.

Policy Justification and Previous Decisions The Accounts and Audit Regulations 2015 state (Regulation 5 (1)) that the relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance. Implementation Timetable including Future Decisions Reports will continue to be submitted to the Committee on a quarterly basis. Report Implications The following implications have been identified for this report. Financial Implications None Risk Management There are no specific risks associated with this decision. Background Papers: None. Officers to contact: Adrian Ward, 01509 634573 [email protected] Shirley Lomas. 01509 634806 [email protected]

1

mailto:[email protected]

mailto:[email protected]

Part B 1. Progress against the 2017/18 Audit Plan Appendix A summarises progress against the 2017/18 Audit Plan as at 2nd February 2018. General audit work: Progress continues to be made with planned work and a number of audits are either in progress nearing completion or have been completed. With regard to the Business Continuity audit, the scope of which was to review the outcomes of a business continuity test of the data link with Leicester City Council, following discussion with the Strategic Director of Corporate Services and the IT Service Delivery Manager it was confirmed that the business continuity test would now not be taking place until Summer 2018. It is therefore proposed that the audit be deferred to 2018-19 and be included in the IT Audit Plan. All remaining planned work is scheduled to be completed by 31st March 2018. ICT Audit: Work has commenced on the Change Management audit, both IT audits are scheduled to be completed by the 31st March 2018. Following a procurement exercise, the Central Midlands Audit Partnership (CMAP) have been awarded the work to identify and document the Council’s technical IT risks and produce an IT Risk Register. This work will be completed by the 31st March 2018 and will inform the IT Audit Plan for 2018-19 onwards. 2. Final Audit Reports Issued The following final audit reports have been issued since the last update report to the Committee. Further detail in respect of these audits is attached in Appendix B, including a background section, the executive summary, and the agreed action plan listing recommendations made and the management responses.

Audit Field Work Completed

Draft Report Issued

Final Report Issued

Current Level of

Assurance

Previous Audit

Level of Assurance

Corporate Significance

S106 Agreements 2017/18

Oct 2017 Dec 2017 Dec 2017

Substantial Moderate High

Members Allowances 2017/18

Nov 2017 Dec 2017 Dec 2017

Substantial Substantial Medium

Elections 2017/18

Dec 2017 Jan 2017 Feb 2018

Moderate N/A Medium

Non-Domestic Rates 2017/18

Jan 2018 Jan 2018 Feb 2018

Moderate Substantial High

2

4. ICT Audit There have no final audit reports issued since the last update report to the Committee. 5. Environmental Services Audit Update It was previously reported to the Committee that there was a potential overpayment of £300,000 to the contractor, although at the Committee meeting the Head of Cleansing & Open Services had indicated that, following additional work being undertaken since the production of the Committee report, this was likely to be significantly less. Since the previous Committee meeting further work has been undertaken by both the service and Internal Audit to reconcile the payments due to the contractor under the terms of the contract to the value of the actual payments made. The final figure now signed off by the Head of Cleansing & Open Spaces has been calculated as a net underpayment of c£76,000 over the lifetime of the contract. This includes the monthly contractual payments for 2017/18 as calculated at the beginning of the financial year. Internal Audit are satisfied that this figure is reasonable based on the methodology used and verification of significant sums included in the calculation. The Head of Cleansing & Open Spaces will be in attendance at the Committee meeting to provide further clarification. 6. Follow Up of Recommendations The table below summarizes the follow-up status of recommendations which were due to be implemented during the period October 2017 to January 2018. One high, seven medium and four low priority recommendations have not been implemented by the agreed action dates. Further details are available at Appendix C. In respect of the recommendations relating to the Payment Card Industry Data Security Standard (PCI DSS) audit, when following up the recommendations due for implementation in October 2017 the Head of Customer Experience informed Internal Audit that a project to review PCI DSS requirements and to ensure compliance is to commence in the New Year. The recommendations arising from the audit will be addressed through the project and revised dates for the implementation of the recommendations will be agreed.

Priority Level

Implemented Not Implemented

No Further Action

October 2017 - January 2018

High

2 1 0

Medium

8 7 0

Low

29 4 0

Percentages 76.5% 24.5% 0%

3

6. Special Investigations There have been no special investigations undertaken during the reporting period. 7. Performance Indicators for Internal Audit The following summary outlines the results against the local performance indicators for Internal Audit for 2017/18.

Indicator Target Result Notes

Percentage of clients that rated the performance of Internal Audit as good or excellent.

90% (Annual)

N/A The annual survey of Heads of Service will be undertaken in April 2018.

Percentage of the agreed 2017/18 Internal Audit plan delivered (as at 2.2.18).

90% (75% pro

rata)

58%* *Includes allocated time for contingency etc.

Percentage of agreed recommendations arising from internal audit reviews implemented by the agreed date (as at 31.12.17)

80% 82% April 2017– December 2017 (51/62 recommendations)

Appendices Appendix A – Summary of progress against the 2017/18 Audit Plan (as at the 2nd

February 2018) Appendix B – Summary of Final Audit Reports Issued Appendix C – Follow Ups: Recommendations Not Implemented By the Agreed Date

as at 31st January 2018

4

Appendix A

PROGRESS AGAINST THE 2017/18 AUDIT PLAN (as at 2.2.18)

2017/18 Audit Plan Plan Days

Spent Days

Status Assurance Level


Key Financial Systems

Full Systems Audit

Treasury Management 8.00 0.25 Scoping/ Planning

Income Collection 10.00 0.30

Housing Benefits & CTS 15.00 14.50 In Progress

Housing Rents 12.00 10.80 In Progress

Targeted Testing:

Accountancy & Budgetary Control

3.00

0.25

Scoping/ Planning

Payroll 3.00 0.15 Scoping/

Planning

Capital Accounting 2.00 0.10

Creditors 3.00 0.20 Scoping/ Planning

Council Tax 3.00 0.80 Scoping/ Planning

Non Domestic Rates 2.00 2.00 Final Report Moderate High

Debtors 3.00 0.10

Quarterly Testing:

Treasury Management 1.00 0.75 Ongoing N/A

Bank Reconciliation 2.00 1.50 Ongoing N/A

67.00 31.70

Strategic & Service Risk Audits

Anti-fraud including NFI 20.00 11.00 Ongoing

Homelessness 0.00 0.25 Deferred to 2018/19

Data Protection/ Information Security

10.00 0.70 Scoping/ Planning

Markets & Fairs 12.00 1.00 Scoping/ Planning

Environmental Services Contract Monitoring

15.00 15.00 Completed Limited High

Open Spaces Contract Monitoring

12.00 12.00 Completed Moderate High

Section 106 Agreements 12.00 12.00 Completed Substantial High

Elections 12.00 12.00 Completed Moderate Medium

Temporary staff/ consultants/external legal fees

12.00 7.25 In Progress

Governance & Ethics 10.00 10.00 Completed Moderate High

Planned & Cyclical Maintenance

10.00 1.00 Scoping/ Planning

5

2017/18 Audit Plan Plan Days

Spent Days

Status Assurance Level


Gas Servicing Contract 5.00 0.30 Scoping/ Planning

Warden Services 7.00 3.75 In Progress

Asset Management (Property Services)

7.00 5.50 In Progress

HR Contract 7.00 7.00 Completed Moderate High

Safeguarding 5.00 0.25 Scheduled for Quarter 4

Lifeline 5.00 5.00 Completed Moderate High

Members Allowances 5.00 5.00 Completed Substantial Medium

Business Continuity 5.00 0.00 Proposed to be deferred to 2018/19 IT Audit Plan.

171.00 109.00

IT Audit (Non-technical)

Change Management 15.00 2.75 In Progress

Key ICT Controls 10.00 0.00 Scheduled for Quarter 4

25.00 2.75

Externally Resourced Audits

Health & Safety 8.00 Work awarded to external provider, RSM UK, and will be completed by 31st March 2018. Risk Management 10.00

Insurance 10.00

Other Work

Recommendations - Follow Ups

20.00 12.00 Ongoing

Ad Hoc Investigations/ Contingency 10.00 10.00

Allowance to complete 2016/17 Audits

10.00 10.00

40.00 32.00

TOTAL – Audit Plan (not including externally resourced audits)

303.00 175.45*

*Including work in progress, and the planned number of days when an audit reaches the final report stage.

6

7

Appendix B SUMMARY OF FINAL AUDIT REPORTS ISSUED S106 Agreements 2017/18

1. Background

Section 106 (S106) Planning Obligations are legal agreements formed between the Council and the developers as part of the planning application process. Section 106 of the Town and Country Planning Act 1990 enables Councils to negotiate contributions from developers to ensure the creation of sustainable communities, particularly through contributions towards community buildings and facilities such as an affordable housing process. As the financial value of the contributions can vary from a few hundred pounds to in excess of a million pounds the timely and appropriate use of the contributions is high profile and attracts considerable public attention.

The agreement sets out when payments should be made, by the developer, at key points in the development and also sets out a time frame during which the funding must be used for its intended purpose. If the funding is not spent within the agreed time frame the developer can expect to be reimbursed the relevant unexpended amount plus any interest accumulated. Responsibilities for the administration of S106 agreements and contributions fall within Planning, Accountancy and Legal Services. A S106 Working Group made up of a collection of various officers involved in the S106 process meet on a quarterly basis to monitor various aspects of agreements

2. Executive Summary

2.1 Overview

ASSURANCE RATING – SUBSTANTIAL ASSURANCE

CORPORATE SIGNIFICANCE – HIGH

Assurance Internal Audit can give substantial assurance to those charged with governance. The internal control environment within the areas reviewed is adequate and effective, and appropriate actions are being taken to manage risks

8

Based upon the work undertaken it was found that there are satisfactory procedures in place for the approval of S106 agreements and that all agreements are in compliance with relevant legislation and council policies. Agreements are sufficiently monitored to minimise the risk of claw back by developers; all monies due to the Council are received in a timely manner and had been accurately recorded in the Council’s accounts. However, whilst undertaking testing during this audit it was found that documentation was disjointed and difficult to locate. Significant efficiency savings could be made in the process by having standard templates for key documents, such as completion memorandums, case officer reports and agreements and by having a consistent methodology for naming agreements and associated documentation on SharePoint. Improvements to document management would also provide a more adequate audit trail.

Corporate Significance The area reviewed has been rated as being of MEDIUM corporate significance, on the basis of:

General risk of financial loss between £10,000 and £100,000

Service failures would have moderate impact on customers

Risk of moderate reputational damage (local press)

Direct link to identified operational risks 2.2 Key Findings

We are pleased to report that the procedures in place incorporate the following examples of good practice:

There are satisfactory procedures in place for the recording and distribution of contributions received.

Quotes, receipts and invoices are obtained from 3rd parties before contributions are paid over to ensure contributions are used for its intended purpose.

Quarterly monitoring meetings are held to ensure contributions are spent or committed within the agreement timescales.

The policy framework in place is generally satisfactory.

Experienced officers and legal professionals are involved in the S106 Process.

The planning issues that were considered are documented in the Case Officers report and the relevant legislation referred to where appropriate.

9

However, from the work undertaken during the review, we have also identified the following areas where there is scope for improvement to ensure that the system operates more effectively and efficiently:

Testing found that monitoring documentation did not detail the exact terms in relation to spending (i.e. does the contribution just need to be committed or spent within the agreed timescales).

The information provided on completion memorandums varies in detail, referencing to paragraphs within the agreement results in duplication of effort across all services and could lead to agreements being open to interpretation by individuals.

In 60% (6/10) of cases the Case Officers report did not document consideration of the CIL Regulations either as an overall comment or as a direct link to the contributions being considered.

Testing showed that in 50% (5/10) of cases service areas were not always included in the distribution of Legal completion memorandums.

The Supplementary Planning Document is available on the Council’s website and although it was a recommendation in the 2012/13 audit, this document has not been updated since 2007.

There is a gap in the negotiation process between the initial engagement with service areas and when the agreement is finalised whereby services have no input in the decisions undertaken regarding timescales etc.

Legal Services make all S106 agreements accessible electronically, via SharePoint, however due to inconsistent file naming these are difficult to identify.

3. Action Plan

Observation Risk Recommendation Priority Response/Agreed

Action Officer

Responsible Action Date

1.1 Testing found that monitoring documentation did not detail the exact terms in relation to spending (i.e. does the contribution just need to be committed or spent

Developers claw back contributions.

1. To ensure monitoring information is consistent and agreements are not open to interpretation by individuals, the Legal completion memorandum should provide clear detail on

Low Legal Service’s current completion memo template shall be circulated to the s106 Working Group for their comments/approval; agreed completion memo template to then be update and used for

Legal Services Manager

January 2018

10

Observation Risk Recommendation Priority Response/Agreed Action

Officer Responsible

Action Date

within the agreed timescales). 1.2 The information provided on completion memorandums varies in detail, referencing to paragraphs within the agreement results in duplication of effort across all services and could lead to agreements being open to interpretation by individuals.

The terms of agreements are misinterpreted. Resources are not used efficiently.

contributions due to Charnwood Borough Council, payment triggers, timescales and conditions on repayment and should follow a standardised format.

future Agreements.

2. In 60% (6/10) of cases the Case Officers report did not document consideration of the CIL Regulations either as an overall comment or as a direct link to the contributions being considered.

There is no evidence to support CIL regulations have been considered.

2. Within the Case Officers report it should be clearly documented where CIL regulations have been considered and for each proposed contribution it is recorded as to whether or not the contribution request meets the CIL requirements

Low That case officer’s reports involving planning obligations should record that the three tests set out in the CIL Regulations have been considered and state whether or not the planning obligations meet the CIL Regulation requirements

Head of Planning and

Regeneration

With immediate effect

11


Officer Responsible

Action Date

3. Testing showed that in 50% (5/10) of cases service areas were not always included in the distribution of the Legal completion memorandum.

Not all parties are made aware of finalised agreements resulting in contributions not being used within the timescales.

3. Legal Services ensure that all relevant parties are included in the distribution of the completion memorandum

Low Legal Service’s current completion memo template shall be circulated to the s106 Working Group for their comments/approval; agreed completion memo template to then be update and used for future Agreements. S106 Working Group to ensure that legal services are kept up-to-date with any staff changes, so that the template can be up-dated.


January 2018

4. The Supplementary Planning Document is available on the Council’s website and although it was a recommendation in the 2012/13 audit, this document has not been updated since 2007.

Inaccurate and out of date information given to recipients.

4. The Supplementary Planning Document is reviewed and updated to reflect any changes in legislation, if this is still considered a working document.

Low Whilst much of the SPD is out of date, elements of the SPD remain relevant to decision making and should be retained. These aspects are explained in case officer’s reports. Recent case law on the preparation of SPD suggests that a replacement may not be appropriate. Therefore consideration

Group Leader, Plans, Policies and Place

April 2018

12


Officer Responsible

Action Date

will be given to an alternative means of guidance as part of the review of the Local Development Scheme

5. There is a gap in the negotiation process between the initial engagement with Services and when the agreement is finalised whereby Services have no input in the decisions undertaken regarding timescales etc.

Conditions set within the agreement do not meet the needs of the community as timescales etc. are not appropriate, resulting in developers clawing back money.

5. Management consider the areas for improvement in the negotiation process and where appropriate make changes (paragraph 4.3)

Low Head of Planning and Regeneration and Legal Services Manager to discuss and agree with the s106 Working Group, a procedure for keeping stakeholders informed during the negotiation process.

Head of Planning and Regeneration and Legal Services Manager

April 2018

6. Legal Services make all agreements accessible electronic, via SharePoint, however due to inconsistent file naming these are difficult to identify.

Users no longer access the data in this manner. Agreements cannot be located.

6. Management consider using more appropriate file names for agreements, deeds of variation and supplementary agreements on SharePoint to make is easier for other users to find documents (e.g. planning reference, site and document

Low Standardised format (to include the planning reference number) for naming s106 agreements on Sharepoint, to be circulated by e-mail to the s106 Working Group for their comment/approval. Legal Services Administration team to


January 2018

13


Officer Responsible

Action Date

type)

then be briefed on the agreed format to be used going forward.

14

Members Allowances 2017/18

1. Background

Councillor’s who attend Council meetings and undertake various approved duties are eligible to receive an allowance and expenses depending on their role, in accordance with the Local Authorities (Members’ Allowances) (England) Regulations 2003. The Council’s Member’s Allowance Scheme determines which roles are eligible and the levels of payment. The Scheme was reviewed by an Independent Remuneration Panel (IPR) and the report was considered by Council in April 2017. The next scheduled IPR review is in 2020/21.

Expenses and allowances are paid through payroll and must therefore be submitted within set timescales to ensure they can be processed in time for the monthly pay runs.

The amounts paid to Councillors and Independent Members in allowances and the amounts claimed in expenses are reported to the Audit Committee, and are published annually on the Council’s website in accordance with the Regulation 15(3) of the Local Authorities (Members’ Allowances)(England) Regulations 2003.


2.1 Overview

ASSURANCE RATING – SUBSTANTIAL ASSURANCE

CORPORATE SIGNIFICANCE – MEDIUM

Assurance

Internal Audit can give moderate assurance to those charged with governance. Whilst there are no serious weaknesses in the internal control environment within the areas reviewed, there is a need to further enhance controls and to improve the arrangements for managing risks.

15

Based upon the work undertaken it was found that the scheme was current and was conducted in accordance with the Local Authorities Regulations 2003 and the procedures in place for the payment of member’s allowances and expenses are generally satisfactory. However, whilst undertaking testing on the payment of expenses claims it was found that the fuel receipts provided, to support mileage claims, did not always relate to the period being claimed. It was also noted that the expense claim form did not have the appropriate rate on in relation to passenger allowance and the form does not include a journey starting point so that the council can ensure reasonableness of the mileage claimed.

Corporate Significance The area reviewed has been rated as being of medium corporate significance, on the basis of:

General risk of financial loss between £10,000 and £100,000


Direct link to identified operational risks

2.2 Key Findings


The scheme is current and was conducted in accordance with the Local Authorities Regulations 2003.

The scheme, Independent Remuneration Panel report and the total sum actually paid under the scheme of allowances to each member of the council have been published in accordance the Local Authorities Regulations 2003.

There are procedures in place to ensure allowances are paid in accordance with the councillor’s responsibilities and the scheme


Documentary evidence (i.e. fuel receipts) to substantiate mileage claimed does not always cover the period being

claimed for.

16

The particulars of the journeys are not documented when claiming mileage, only the venue of the approved duty is recorded. As there is no starting address documented the council cannot establish the reasonableness of the mileage being claimed.

The rate for taking a passenger is 2p on the expense claim form, yet the scheme states that the rate is 5p per mile per passenger

3. Action Plan


Action Officer


1. Documentary evidence (i.e. fuel receipts) to substantiate mileage claimed does not always cover the period being claimed for.

Breach in HMRC requirements.

1. Administration Officers ensure that documentary evidence to support mileage claims cover the period of the claim.

L Agree with recommendation Consistency with staff expense claims needs to be introduced The Cllr expenses claim form to be amended to include the following sentences: “All mileage claims must be accompanied by a VAT receipt for sufficient fuel to cover the total mileage claimed. Receipts must be dated before the first date for which the mileage is claimed. Claims not

Democratic Services Manager

December 2017

17


Officer Responsible

Action Date

accompanied by a valid VAT receipt will not be processed” Administration Officers will check that all mileage claims received are accompanied by a VAT receipt for sufficient fuel to cover the total mileage claimed. Any claims received where there are concerns over the reasonableness of supporting documentation will be raised with the Democratic Services Officer for a decision.

Customer Services Delivery Manager

January 2018

2. The particulars of the journeys are not documented when claiming mileage, only the venue of the approved duty is recorded. As there is no starting

Mileage claimed may not be reasonable in relation to distance travelled.

2. The expenses claim form is updated to include a journey starting point so that the council can ensure reasonableness of the mileage claimed.

L Agree with recommendation The Cllr expenses claim form to be amended so that journey starting point is identified


December 2017

18


Officer Responsible

Action Date

address documented the council cannot establish the reasonableness of the mileage being claimed.

3. The rate for taking a passenger is 2p on the expenses claim form, yet the scheme states that the rate is 5p per mile per passenger.

The incorrect rate maybe

3. The rate for passengers is updated so that it is in line with the members allowance scheme of 5p.

L Agree with recommendation The Cllr expenses claim form to be amended so it the passenger rate is in line with the members allowance scheme of 5p


December 2017

19

Elections 2017/18

1. Background

Whilst undertaking work on the Community Governance Review it was identified that some parish boundaries run through developments. The Head of Strategic Support has requested a review to determine the processes in place to ensure that where developments cross parish boundaries the properties are correctly allocated to the correct parish.


2.1 Overview

ASSURANCE RATING – MODERATE ASSURANCE

CORPORATE SIGNIFICANCE – MEDIUM

Assurance Internal Audit can give moderate assurance to those charged with governance. Whilst there are no serious weaknesses in the internal control environment within the areas reviewed, there is a need to further enhance controls and to improve the arrangements for managing risks. There is a lack of documented and agreed policy and procedures in place for the consistent allocation of properties to parishes, for Council Tax and elections purposes. In particular, responsibility has not been assigned to a specific officer for the allocation of properties to a parish where there are complexities or anomalies or where there are developments that cross administrative boundaries. Inaccurate use of terminology on the Street Naming and Numbering Allocation Notices that were previously in use, has resulted in properties that straddle the Loughborough and Woodhouse boundary being incorrectly allocated to Loughborough instead of Woodhouse for Council Tax and elections purposes.

20

Corporate Significance The area reviewed has been rated as being of medium corporate significance, on the basis of:


2.2 Key Findings


When a Street Naming and Numbering (SN&N) application is received it is booked onto Northgate the Building Control System which has an interface with the Local Land and Property Gazetteer (LLPG). This enables the use of the Geographical Information System (GIS) feature of the LLPG to be used to map the development and check boundaries.

The Council Tax section has documented procedures for creating new addresses on Academy (the Council Tax System) which detail the requirement to select the appropriate parish to which the address is to be allocated.

The address Allocation Notice issued by the Street Naming and Numbering Team and a copy of the site plan is sent to notify both Council Tax and Electoral Services of new address allocations.

Both Council Tax and Electoral Services check property details to the Charnwood Online Geographical Information System (GIS) available via the ‘iMap’ application on the Council’s website.


There is no documented and agreed policy or procedures in place in respect of the consistent allocation of properties to

parishes, for Council Tax or elections purposes. In particular, responsibility has not been assigned to a specific officer for the allocation of properties to a parish where there are complexities or anomalies or where there are developments that cross administrative boundaries.

For Council Tax purposes the SN&N Allocation Notice is used to determine which parish to allocate the property to.

It was identified during audit testing that there were different formats of the SN&N Allocation Notice being received by Council Tax staff. The Council Tax Section Manager confirmed that where the Allocation Notice does not state ‘Parish’ it

21

is assumed that the details stated in the ‘Locality’ column refer to the parish and this is what is used to determine the Parish Code that is entered on Academy (The Council Tax System) and therefore influences the parish precept amounts.

For SN&N purposes the ‘Locality’ of an address is determined dependent upon the parish of its serving road (i.e. the physical location of the road from which the property is accessed). The ‘Locality’ as determined by the SN&N Team does not equal the ‘Parish’ that a property is in for electoral or council tax purposes. This is determined by the physical geographical location of the property.

The SN&N Senior Technical Officer confirmed that the Allocation Notice that was in previous use did state ‘Parish’ but was in fact giving the ‘Locality’. As the term was not correct, the document was amended in September 2016 and the revised format has been used for all new addresses allocated since.

The following example was given of where the misuse of terminology had resulted in properties being allocated to the incorrect parish: The Alan Turing Road properties which straddle the Loughborough and Woodhouse boundary are an example of the term being misused on old Allocation Notices. The Allocation Notice for these properties shows that they were all notified as having a ‘Parish’ of Loughborough when in fact the ‘Locality’ of these properties as determined dependent upon the ‘Parish’ of its serving road is Loughborough and the properties themselves are geographically located in the parish of Woodhouse.

All the properties on and around the boundary of Loughborough and Woodhouse in the Alan Turing Road area were originally allocated to Loughborough, during the Community Governance Review it was identified that they were either on the boundary or actually physically located in the Parish of Woodhouse. The Head of Strategic Support and the GIS Analyst reviewed each property and applied their judgement to determine whether to re-allocate the properties to Loughborough or Woodhouse. The principles applied and the rationale for each decision included factors such as the location of the actual property, the proportion of the property within each area, the allocation of adjacent properties and others on the same road (where the boundary cuts through a property). It was decided that 24 properties would be re-allocated to Woodhouse. The Electoral Services System has been updated to reflect the changes and it was agreed that the Council Tax System and associated billing for parish precepts would also be updated for the next billing year. Audit testing included a check of the reasonableness of the rationale applied to determine whether 41 properties around the boundary should be allocated to Loughborough or Woodhouse, the allocation of each property was found to be reasonable and principles were consistently applied, however the principles are not documented.

There is a Charnwood Borough Council (CBC) Street Naming and Numbering Policy which is followed for the naming and numbering of new properties. The version of the Policy available on the CBC website was not the same as the document currently used by the service area and shared with the Audit Team.

22

Each new property listed on the Council Tax report is allocated to a Polling District on the Electoral Services System (Xpress).

The Polling Districts have letters assigned to them for Electoral Register purposes; the Polling District to which a property is allocated is the key driver as to the ‘Election Area’ depending on the type of election. For each Polling District the parameters within the system are such that there will be an associated Parliamentary Constituency (Loughborough or Charnwood), and the ‘area’ for the: Parish (where relevant); the Borough; and the County elections.

When determining which Polling District a new property is to be allocated to, a number of checks are undertaken including:

- The location of the property is checked on the GIS available via the ‘iMap’ application on the Council’s website.

It was observed during the walkthrough audit testing that the property being added to the Xpress system did not actually appear on the map being used for checking purposes.

The GIS Analyst commented that it was likely that the service was using a downloaded/offline version of the interactive map as opposed to the ‘live’ version on the website and hence why it would not be the most up to date version.

- The location of the property is checked on the hard copy of the Polling District maps. It was identified during the audit testing that the hard copy map being used for checking the property location was dated 2007 and therefore did not show the location of the new property being added to the Xpress system.

There are several different layers of information currently available on the GIS via the maps on the website. The different layers can be selected depending upon what information is required; the map features include the options to display the following Administrative Boundaries:

- Area Forums - Charnwood Borough Boundary - Parishes - Parliamentary Constituencies - Wards

The maps do not currently include a layer for Polling Districts. The inclusion of the Polling District boundaries on the live maps would enable the Electoral Services staff to check the accuracy of the allocation of properties to Polling Districts and eliminate the need to estimate the location of new properties on the offline or hardcopy versions of the maps.

23

2. Action Plan


Action Officer


1. There is no documented and agreed policy or procedures in place in respect of the consistent allocation of properties to parishes, for Council Tax or elections purposes. In particular, responsibility has not been assigned to a specific officer for the allocation of properties to a parish where there are complexities or anomalies or where there are developments that cross administrative boundaries.

A lack of a documented policy with assigned responsibilities and principles to be applied when developments cross administrative boundaries could lead to properties being allocated to the incorrect parish for elections and council tax purposes resulting in electors voting in the wrong constituency and parish precepts being paid to the wrong authority.

1.1 A policy should be developed to:

clearly set out the responsibilities for allocating properties to parishes for council tax and election purposes

assign overall responsibility to the Head of Strategic Support for the allocation of properties to a parish where there are complexities or anomalies or where there are developments that cross administrative boundaries

document the principles to be applied when allocating properties that cross

Medium

A protocol will be put in place setting out the processes and respective responsibilities. The Constitution will then be amended to reflect the agreed protocol where required.

Head of Strategic Support

March 2018

24


Officer Responsible

Action Date

administrative boundaries to a parish

1.2 The delegated responsibility for allocating properties to parishes, where they cross administrative boundaries should be included in the constitution.

Medium

2. There is a Charnwood Borough Council (CBC) Street Naming and Numbering Policy which is followed for the naming and numbering of new properties however the version of the Policy available on the CBC website was not the same as the document currently being used and shared with the Audit Team.

Out of date policy documentation is published on the CBC website which does not reflect current practice.

2. The latest version of the CBC Street Naming and Numbering Policy should be made available on the CBC website and the previous version removed from circulation.

Low Review the existing SNN policy which is currently published on the website and update as required.

Building Control Team Leader

March 2018

3. It was observed during the

Estimating the location of a

3.1 The Electoral Services staff should

Low

Recommendation agreed.

Electoral Services & Land

March 2018

25


Officer Responsible

Action Date

walkthrough audit testing that the property being added to the Xpress system did not actually appear on the interactive map being used for checking purposes. The GIS Analyst commented that it was likely that the service was using a downloaded/offline version of the interactive map as opposed to the ‘live’ version on the website and hence why it would not be the most up to date version. It was also identified that the hard copy Polling District map being used for checking the property location was dated 2007 and therefore did not show the location of the new

property and not using up to date maps could result in it being allocated to the incorrect Polling District which influences the Parish a property is in for election purposes.

use the live version of the GIS interactive map, available on the CBC, website when checking the geographical location of a property before allocating it to a Polling District. 3.2 As a back-up process for when the live version of the interactive maps may not be available (e.g. due to upgrades and downtime) the hard copies of the maps that are held within Electoral services should be periodically re-printed to ensure that they are maintained up to date.

Low

Charges Manager

26


Officer Responsible

Action Date

property being added to the Xpress system.

4. There are several different layers of information currently available on the GIS via the maps on the website. The different layers can be selected depending upon what information is required; the map features do not currently include the option to display the Polling District Boundaries.

Estimating the location of a property and not using maps showing the Polling District boundaries could result in properties being allocated to the incorrect Polling Districts which influence the Parish a property is in for election purposes.

4.1 The option to add the Polling District boundaries as another layer should be included on the interactive maps available on the CBC website. 4.2 Once set up, the Electoral Services staff should select the Polling District boundaries layer on the live maps to enable checking of the accuracy of the allocation of properties to Polling Districts and eliminate the need to estimate the location of new properties.

Low

Low

Recommendation agreed.

Electoral Services & Land Charges Manager

March 2018

27

Non-Domestic Rates 2017/18

1. Background

The non-domestic rates (NDR) system is one of the identified financial systems which are audited on an annual basis. The Revenues and Benefits function, including the collection of NDR, is administered by Capita. Their three main areas of responsibilities include billing, enforcement and control. The monitoring of the Capita Contract is overseen by the Head of Customer Experience.


2.1 Overview

ASSURANCE RATING – MODERATE ASSURANCE

CORPORATE SIGNIFICANCE – HIGH

Assurance

Internal Audit can give moderate assurance to those charged with governance. Whilst there are no serious weaknesses in the internal control environment within the areas reviewed, there is a need to further enhance controls and to improve the arrangements for managing risks.

Based upon the work undertaken during the review the procedures in relation write-offs are generally satisfactory however there were a number of write-offs (27(50%)) which were not appropriately authorised in line with the limits set within the Council’s Financial Procedure Rules. All reconciliations reviewed had been completed promptly and accurately and where appropriate had been reviewed.

Corporate Significance The area reviewed has been rated as being of high corporate significance, on the basis of:

General risk of financial loss greater than £100,000

28

Risk of serious reputational damage (national press/TV)

2.2 Key Findings


There are procedures in place to ensure write-offs are appropriately monitored and recorded.

All write-offs were for valid reasons and were applied promptly to the appropriate account following authorisation, although not all had been authorised in accordance with the Council’s Financial Procedure Rules.

All reconciliations had been completed promptly and accurately and where appropriate had been reviewed However, from the work undertaken during the review, we have also identified the following areas where there is scope for improvement to ensure that the system operates more effectively and efficiently:

Testing found that in 27 (50%) cases write-offs had not been authorised in accordance with the Financial Procedure

Rules.

3. Action Plan


Action Officer


1. Testing found that in 27 (50%) cases write-offs had not been authorised in accordance with the Financial Procedure Rules.

The authorisation of write-offs outside of the agreed limits resulting in a breach of Financial Procedure Rules.

1. Where write-off batches contain debts that exceed £1,000, these are countersigned by the S151 Officer to ensure compliance to the Financial Procedure Rules.

High 1. Future write-off batches will be separated in line with the Council’s Financial Procedure Rules. The write-off batch of October 2017 has been counter-signed by the S151 Officer to comply with the Financial Procedure Rules.

Principal Rates & Billing Officer (Capita)

March 2018

29

Appendix C

Follow Ups: Recommendations Not Implemented By the Agreed Date as at 31st January 2018

Audit Observation Recommendation

Priority Agreed Action Agreed

Date

Responsible

Officer

Comments

PCI DSS 2016-17

1. The Roles and Responsibilities for PCI DSS compliance have not been formally approved.

1.1 Consideration should be given to the ICT Steering Group being tasked with formally approving the Roles and Responsibilities for PCI DSS Compliance.

Low The roles and responsibility will be agreed between the Head of Customer Experience and the Director of Corporate Services.

June 17 Revised to Sept 17, Dec 17, Mar 18

Head of Customer Experience

July 2017 – Partially implemented. The action is still in progress, the Head of Customer Experience has started discussions with the Strategic Director of Corporate Services however these have not yet come to a conclusion and it is expected that the action will be completed by the end of September. Oct 2017- Partially Implemented. The Head of Customer experience has indicated that the ICT Steering Group will be requested to give approval at their next meeting to be held late November/early December. Jan 2018 - In November 2017 the Head of Customer Experience informed Internal Audit that a project to review PCI DSS

30

requirements and to ensure compliance is to commence in the New Year. A further update has been provided in January 2018. Independent advice is being obtained by the end of January to inform the project plan and timelines. The recommendations arising from the audit will be addressed through the project and further follow up action and approach to follow up will be agreed.

3. The responsibility for completing the SAQ assessments has not been formally assigned.

3.1 The responsibility for the completion and submitting of SAQ’s should be formally assigned and approved by the ICT Steering Group.

Low The assignment of this role will be discussed and agreed between the Head of Customer Experience and the Director of Corporate Services. The role will then be assigned to an individual.

June 17 Revised to Sept 17, Dec 17, Mar 18


July 2017 – Partially implemented. Explanation as for Rec.1 above. Oct 2017 – Partially implemented. Explanation as for Rec.1 above. Jan 2018 - Explanation as for Rec.1 above.

2. The organisations complete card payment environment has not been identified.

2.1 The organisations complete card payment environment should be clearly identified and documented.

Medium A review will be completed to identify all current employees taking card payments across the organisation. A record of this will be produced and consideration will be given as to whether

Oct 17 Revised to Mar 18

Customer Service Delivery Manager

Nov 2017 – Not implemented. Jan 2018 - Explanation as for Rec.1 above.

31

the numbers of employees and the locations of payments taken are appropriate and meet the requirements of the legislation.

4. Information to substantiate responses for online assessments is not being maintained.

4.1 Where possible, online SAQ’s should be printed off and retained and supporting information substantiating entries should be collated and retained.

Low Once the responsibility for completing the SAQ is confirmed a new process will be agreed to ensure appropriate records are maintained.

Oct 17 Revised to Mar 18


Nov 2017 – Not implemented. Jan 2018 - Explanation as for Rec.1 above.

5. There is no formal training or guidance provided to staff taking payments outside the contact centre

5.1 Formal training and guidance should be provided to staff taking card payments. 5.2 Consideration should be given to limiting card processing to a designated area i.e. Contact Centre.

Medium The Customer Service Delivery Manager with support from the Learning and Development team will identify/design and implement PCI training for all officer taking card payments

Dec 17 Revised to Mar 18

Customer Service Delivery Manager

Jan 2018 – Not implemented. Explanation as for Rec.1 above.

Environmental Services Contract 2017-18

4. Review and testing of the calculations for additional properties for waste, recycling and for garden waste collection services identified

4.1 The annual price calculations and the annual variation calculations need to be checked for each contract year (since

High 4.1 In progress, all invoices and credit notes from previous contract years reconciled against subscriber numbers

Nov 17 Revised to Jan 18

Programme Manager and Head of Cleansing and Open Spaces

Jan 2018 – Partially implemented. Considerable work was undertaken prior to the November 2017 Audit

32

various errors, some which go back a number of years and therefore have had a knock on effect on the price calculations for subsequent years and also impact on the calculation of the annual variation for increases throughout each year. The audit calculations indicate that the net overpayment on total annual variations from the start of the contract amounts to £47,021.76 with the error first impacting on the 2012/13 figures. For the annual contract price calculations, the total net overpayment since the start of the contract amounts to £253,760.33.

the commencement of the contract) against the recalculated figures and then compared to actual amounts paid to confirm the value of the total overpayments and then appropriate action needs to be taken to recover the overpaid amount from the contractor.

(garden waste) and number of properties (refuse and recycling) Once the outcome of the reconciliation exercise is completed, negotiations will take place in order to recover overpaid sums.

Committee to determine the correct value of the overpayment and the approach to recovery. It was reported to the Committee that since the

issue of the final audit report the Cleansing & Open Spaces team had revisited the contractual amounts due to the contractor and reconciled these to payments made; there was an indication that the level of overpayment would be reduced but this had not yet been verified in full. At that stage the recommendations were recorded as being partially implemented. Jan 18 – As recorded in Section 6 of the Committee report, a final figure has now been signed off by the Head of Cleansing & Open Spaces. Arrangements for rectifying the underpayment are to be agreed with the contractor.

5. Testing identified inaccuracies in the calculations of variation payments. The majority of these relate to the variations arising

5. As per recommendation 4.1 above, appropriate action should be taken to recover the net overpaid amount

Medium 5. All variations for 2016/17 will be reconciled against payments made. Any overpayments will be included in

Nov 17 Revised to Jan 18

Programme Manager and Head of Cleansing and Open Spaces

Jan 2018 – Partially implemented. Explanation as for Rec. 4.1 above.

33

from the addition of properties for recycling and waste collection services and additional subscribers for garden waste collection services arising throughout the year (as detailed above). Minor errors were also identified during testing for three out of a sample of ten other 2016/17 variation payments.

for the annual variation for 2016/17 from the contractor. The recalculated amount should incorporate the net underpayment of £377.20 that is attributable to the inaccurate calculations for the three VOs identified during audit testing.

the negotiations to recover overpaid sums.

Responsive Repairs 2016-17

7. The lack of reporting from Service Connect and the fact that the management information dashboards were still to be built, training provided and user guidance developed made it difficult to compare the performance and productivity of operatives and easily identify problem areas.

7.1 Ensure that management information dashboards are built, tested and fully operational as soon as possible.

Medium 7.1 Action agreed we will work closely with I.T to implement the action point.


Repairs and Investment Manager

Jan 2018 – Partially implemented. Some management information dashboards are now in place and these do provide information for performance monitoring. There are some issues still to resolve and these form part of the project planning process for phase 2 of the Service Connect project that will be completed by April 2018.

8. Although operatives’ time and performance is monitored on a day to day operational basis, limited performance information from Service Connect is

8.1 Use management information from Service Connect for operatives’ performance monitoring including time keeping and productivity,

Medium 8.1 We will use management information from Service Connect for operatives’ performance monitoring including time keeping and


Principal Officer (Repairs and Maintenance)

Jan 2018 – Partially implemented. Some management information dashboards are now in place and these do provide information for performance monitoring.

34

being used in order to inform discussions at individuals’ performance review meetings and to identify any problem areas or development needs.

undertake analysis and comparisons to identify any problem areas or development needs and take action to address these.

productivity, undertake analysis and comparisons to identify any problem areas or development needs and take action to address these.

They will be adapted to ensure they are better fit for purpose by April 2018. Not all of the data provided from Service Connect is accurate i.e. no access data is incorrect, first time fix / follow on / completions are being recorded incorrectly. There are some issues still to resolve and these form part of the project that will be completed by April 2018.

8.2 Maintain evidence of the monitoring carried out and the actions taken to address problem areas.

Medium 8.2 We will maintain evidence of the monitoring carried out and the actions taken to address problem areas.


Principal Officer (Repairs and Maintenance)

Jan 2018 – Partially implemented. Explanation as for Rec. 8.1 above.

Documents

AUDIT COMMITTEE - - Charnwood COMMITTEE – 20TH February 2018 Report of the Head of Strategic Support Part A ITEM 10 INTERNAL AUDIT PROGRESS REPORT Purpose of Report The report summarises