Item 5 - Internal Audit Plan 2007-08 (1)

SAMPLE AUDIT PLAN

WESTMINSTER CITY COUNCIL

DRAFT

INTERNAL AUDIT PLAN

2007/08

CONTENTS

Section

Page

1) Introductionand Summary of coverage

3

2) Audit Needs Assessment Methodology

9

3) Key Issues

9

4) Strategy for Internal Audit

12

5) Proactive Counter Fraud Plan

13

Appendix A Departmental Plans

Corporate

17

Finance and Resources Department

22

Customer Services Department

25

Transportation Department

27

Policy and Communications

28

Planning and City Development

30

Environment and Leisure

31

Legal and Administrative Services

32

Childrens Services

33

Housing

35

Adult Social Care and Health

37

Community Protection

38

Appendix B Proactive Counter Fraud Plan

391.INTRODUCTION

Purpose

This document sets out the proposed Westminster City Council annual Internal Audit plan for 2007/08. The Plan has been derived from the 5-year plan agreed by the Director of Finance and Resources and reported to the Audit and Performance Committee. The Plan has been reviewed and updated in view of findings arising from 2006/07 audit work and with reference to departmental business plans and risk registers. A consultation process has been undertaken during March with Departmental management to ensure that the audit coverage for each department reflects key risks.

The policy context of the Internal Audit Service is to ensure effective control over Council activities by:

Monitoring, appraising and reporting upon the Councils internal control procedures.

Investigating and reporting upon any suspected areas of fraud or irregularity.

The purpose of Internal Audit is to provide the Council, through the Audit and Performance Committee and the Director of Finance, and Resources with an independent and objective opinion on risk management, control and governance and their effectiveness in achieving the Council's objectives. This opinion forms part of the framework of assurances that the Council receives and is to be used to help inform the annual Statement on Internal Control (SIC). Internal Audit also has an independent and objective consultancy role to help line managers improve risk management, governance and control.

Our Responsibilities

Our professional responsibilities as Internal Auditors are set out in the CIPFA Code of Practice for Internal Auditing in Local Government (2006). In line with these requirements, we perform our Internal Audit work with a view to reviewing and evaluating the risk management, control and governance arrangements that the Council has in place to:

Establish and monitor the achievement of the Councils objectives

Identify, assess and manage the risks to achieving the Councils objectives

Formulate and evaluate policy, or provide policy advice, within the responsibilities of the Section 151 Officer

Ensure the economical, effective and efficient use of resources

Ensure compliance with established policies, procedures, laws and regulations, including the Councils own governance arrangements

Safeguard the organisations assets and interests from losses of all kinds, including those arising from fraud, irregularity or corruption

Ensure the integrity and reliability of information, accounts and data

As well as the planned audits detailed in the Annual Audit Plan, Internal Audit will also undertake the following work during the forthcoming year:

Follow-upRecommendations arising from audits will be followed up to confirm that agreed actions have been implemented. The following criteria will be applied:

Audits which receive No Assurance will be followed up on an ongoing basis until all priority 1 recommendations have been implemented.

Audits which receive Limited Assurance will be followed up 3 months after the final report is issued.

Audits which receive Substantial Assurance will be followed up six months after issue of the final report.

Follow ups include testing of key recommendations to ensure that they have been implemented. A report will be issued in respect of all follow ups with a revised action plan for the implementation of outstanding recommendations. A revised assurance level will also be provided which reflects our opinion of the adequacy of the system of control after the recommendations of the original report have been implemented.

Ad-hoc Advice and Support

This will be provided throughout the year on a range of issues including; risk management, money laundering, freedom of information, control improvement, governance, application of Financial Regulations and Standards etc.

Summary of Coverage 2007/08

Set out below is a summary of the total coverage of the Audit and Counter Fraud work to be carried out at Westminster in 2007/08. For comparison purposes 2006/07 details are also provided.

AREA OF COVERAGERESOURCE ALLOCATION

Internal Audit Services2006/07 Days2007/08 Days

Systems and Compliance Audits (including Advisory Services)19201725

Internal Audit Services sub-total19201725

Fraud Investigation Services2006/07 Days2007/08 Days

Proactive Anti-Fraud (including follow up)100100

Benefits Fraud Investigation 21701950

Parking Permits and Disabled Badge Investigation850750

General Fraud Investigation (including Advisory Services)300300

Fraud Services sub-total34203100

Internal Audit and Fraud Services Total53404825

Allocation (by approximate person days) of Audit and Fraud Coverage 2006/07

Allocation (by approximate person days) of Audit and Fraud Coverage 2007/08

Allocation of Internal Audit time between departments

Allocation of Counter Fraud Time 2007/08

Rationale for coverage:

Internal Audit Services

Risk Based Systems and Compliance Audits (1725 days)

This work is used to complete a risk based schedule of audit across Council Departments. The amount of time used represents our assessment of the number of audits required to meet CIPFAs Code of Practice guidelines for Internal Audit in local authorities. This is broadly comparable with other similar local authorities which have externalised their internal audit service. Time is included to follow up audit recommendations to ensure their effective implementation.

Included in the 1725 days above is a 200 day contingency amount used to provide internal audit advice and guidance on a range of issues as requested by senior Council staff as they emerge during the year. It may include work relating to key Council priorities such as worksmart or procurement. It may also include a range of issues such as advice on new IT systems, advice on financial regulations, compliance with governance requirements, input to the annual Use of Resources assessment and support in the development of management self certification and assurance systems

.

Counter Fraud Services

Proactive anti Fraud Programme (100 Days)

The proactive counter fraud programme consists of a programme of targeted projects to those areas of the City Councils services that are considered to be exposed to an inherently high risk of fraud and corruption. It also includes a programme of intelligence gathering internally and externally to assist the Council in implementing preventative measures. A programme of awareness raising activities also takes place to ensure line managers are focused on fraud prevention measures. Included in the programme is 8 days time to follow up fraud recommendations to ensure effective implementation by management.

Benefits Fraud Investigations (600 cases- 1950 days)

Resources are allocated to investigate 600 cases of potential Housing Benefit Fraud each year of which approximately 20% result in sanctions being applied (prosecutions, formal cautions, and administrative penalties). The number of cases to be investigated is set with reference to numbers required to achieve upper quartile performance as measured by the Best Value Performance Indicators applicable to Housing Benefit Investigations.

Parking Permits and Disabled Badges Fraud Investigation (1680 cases - 750 days)

1680 investigations of suspected parking permit fraud are investigated each year. This level of activity is set by the Council to provide sufficient deterrent to limit the amount of fraud without incurring excessive cost. The cases selected for investigation are based on an agreed set of criteria including referrals by members of the public, interrogation of ICPS (the parking IT database), on street surveys and home visits.

Other Fraud Investigations (300 days)

All suspected cases of fraud at Westminster are investigated by Internal Audit. This category covers all fraud investigations that are not Housing Benefit related. Referrals are received from a number of sources including pro active fraud exercises, management referrals, reports via the fraud hotline , information received from other local authorities and the Audit Commission via the National Fraud Initiative. The number of days in the work programme is arrived at from historical knowledge of the number and scope of referrals received. A contingency is included for advice relating to the prevention of fraud. Time is also allowed for input to the CPA assessment and periodic Benefits Fraud Inspection Team review

2. AUDIT NEEDS ASSESSMENT METHODOLOGY

Our audit approach is risk based. In order to identify the areas that require Internal Audit coverage, we therefore need to understand the risks facing the Council as a whole and, at a lower level, the risks faced by individual departments. Therefore as a starting point the Councils corporate risk register is used to inform our audit needs assessment.

A comprehensive risk based Internal Audit approach has been adopted which ensures that risk is integrated into strategic and operational reviews, processes and practices. A summary of our approach is provided below:

Identification of risk areas;

Performance of a risk assessment to gauge the degree of risk or materiality associated with a particular area. Audit areas are classified as high, medium or low priority;

Internal Audit resources are then focused on the areas of highest risk.

We used cumulative knowledge of the organisation from previous Internal Audit work to identify areas that would benefit from Internal Audit coverage

From the Councils own risk register and performance reports, we identified the priorities afforded to the risks by the Council

Notwithstanding the above the Audit Needs Assessment also led to the identification of areas for audit coverage that do not appear as high priority risks, but where Internal Audit can provide tangible inputs to the overall assurance process and its efficiency, for example:

Requirements of management

Minimum Internal Audit coverage requirements e.g. key controls audit and documentation of key information flows

Areas of concern flagged by management or the Audit and Performance Committee

The requirements of the external auditor

Emerging issues; and

Need for ongoing assurance in relation to key aspects of internal control

3. KEY ISSUES 2007/8

Focus on key financial systems

All core financial systems will be audited in 2007/08. The audit work will complement the substantive revision to the financial regulations and procedures which has recently been undertaken in the Department of Finance and Resources. In addition the majority of the audits undertaken in departments will include testing to ascertain whether financial regulations and the Procurement Code are being complied with. This will build on the wide range of compliance audits, across departments, which took place in 2006/07.

Schools Financial Management Standard

The Department for Education and Skills required all Secondary schools to be accredited as compliant with its new financial standards by March 2007. In subsequent years all schools need to achieve this standard. All primary schools will be audited in either 2007/08 or 2008/09 to ensure that they meet the standard. Our programme of internal audits at schools will therefore complement the financial management standard assessments to ensure that schools are also compliant with Westminster financial regulations.

Over and above this a programme of seminars and dissemination of information on audit requirements is currently being carried out to assist schools in improving their ability to meet Westminster requirements. Line Management Self Assurance

The Chief Executives Steering Group and Corporate Management Board have agreed to the Head of Risk and Audits proposals to incorporate a new system of line management self assurance in relation to those elements of the control environment for which they are responsible. We have tested this framework in the Finance and Resources Department during 2006/07.

In 2007/08 the system will be further developed and rolled out across the Council with the involvement of operational managers. It is essentially a self-assessment exercise which provides an overall assurance level for the service area, highlights service specific risks, and identifies any significant control weaknesses and actions proposed. This forms a key component of the basket of assurance available to the Chief Executive. We will therefore verify the information provided on a sample basis.

Some of the key benefits expected of the new system are as follows:

Support managers in the delivery of services and achievement of objectives

Provide a consistent framework for management monitoring and accountability across the Council

Address external audit concerns about weaknesses in control systems and support improvement of the CPA score in this area

Support the external auditors plans for increased emphasis on review of financial systems

Underpin the implementation of revised financial regulations and procurement code

Demonstrate compliance with corporate policies and procedures

Support the preparation of the Statement of Internal Control

E- Procurement

The Council is planning to introduce E-Procurement during 2007/08. We fully support this initiative which can make a significant contribution to improving the level of compliance with financial regulations in addition to strengthening the control framework relating to procurement generally and improving efficiency. We will therefore be involved in the development of the controls in the system in addition to carrying out a full systems audit during 2007.

Key Audit Issues

A number of common themes have arisen from our 2006/07 Internal Audit work and these will be used to inform all relevant audits in 2007/08. These include:

Controls to maximise income recovery

Controls to ensure that debt is identified and recovered effectively

Contract Monitoring of Contractors

Compliance with financial regulations and the procurement code

Agreement of Annual Plan / Circulation of Internal Audit Work

The 2007/08 Plan will be discussed and agreed with each Departmental Management Team. The circulation of all audit briefs and audit reports will also be agreed at the DMT meetings as will a protocol in respect of which officers can sign off briefs and audit reports. Generally all briefs and draft reports will be signed off by the relevant Departmental management team member with a copy of the final report being sent to the relevant Chief Officer. Some chief officers have also asked to see draft reports prior to sign off.

Following DMT approval the 2007/08 Plan will also be circulated to the Corporate Management Board for discussion and final agreement.

Audit Circulars

Audit circulars will be issued quarterly to all Chief Officers and Heads of Finance highlighting instances of non compliance or risk which have corporate significance. Typically the areas of non compliance which will be reported will cover:

Procurement Code

Financial Regulations

Standing Orders/Constitution

Value for Money Issues Identified

Contract Monitoring Response to and implementation of audit recommendations Fraud Awareness

Process and Audit Working Group

The Audit and Performance Committee has initiated four working groups to examine, in detail, issues of key importance across the Council (People, Process, Property and Procurement). We will be particularly involved in the Process and Audit Working Group which is considering issues arising from the work of the Audit and Performance Committee relating to process controls within the Council. It is also likely that our audit work will inform the deliberations of the working groups that are considering procurement issues.

4. STRATEGY FOR INTERNAL AUDIT WORK

The timing of audits, that is, how soon they will be undertaken in the cycle will depend upon:

The priority for each area of coverage for Internal Audit, in terms of levels of risk to the Council

When the last audit of the area was undertaken and what was the outcome

When the risk to be considered is likely to impact upon the organisation

Whether there are management concerns about the area

Whether or not there have been significant systems, staff or organisational changes since the last audit.

In the course of the period covered by the Internal Audit Strategy, the priority and frequency of audit work will be subject to amendment in order to recognise alterations in audit needs assessment/risk analysis, caused by changes within the Council. A formal update will be performed each year to inform each years periodic plan, but changes may be necessary in-year and these will be agreed with the Head of Risk and Audit who is responsible for managing the Councils Internal Audit Contract. There is a monthly review process in place whereby the contractor will discuss and agree changes to the plan with the Head of Risk and Audit.

Our professional judgement has been applied in assessing the level of resource required for the audits identified in the strategic cycle. The level of resource applied is a product of:

The complexity of the system in place

Factors such as number of locations, number of transactions or frequency of transactions

The assurance which can be brought forward from previous years audits

The type of audit undertaken.

The audit needs assessment is prepared with regard to constraints such as time and resources. Its purpose is to:

Determine priorities and establish the most cost effective means of achieving audit objectives

Assist in the direction and control of all audit work

Ensure that adequate attention is devoted to critical aspects of audit work

All audits are followed up according to a timetable dependent on the level of assurance received. The purpose of the follow up is to assess the degree of implementation achieved in relation to recommendations agreed by management during the audit. The level of implementation is reported to the Audit and Performance Committee.

5. COUNTER FRAUD WORK

Proactive Work

The draft 2007/08 proactive plan is attached. The plan includes the detailed work that it is anticipated will be carried out in 2007/08. The plan is split into three areas;

1. Anti-fraud awareness and maintenance of an anti-fraud culture

2. Anti-fraud intelligence gathering

3. Specific anti fraud proactive projects (both non HB and HB fraud)

The projects mentioned at 3 above represent approximately half of the budgeted annual plan. These projects represent areas of potential high risk and arise from a risk assessment including:

Assessment of the outcome of reactive fraud results / referrals;

Internal Audit findings;

Feedback from any external fraud questionnaires;

Issues emerging from fraud forums;

Risk assessment of Council activities in relation to the potential for fraud;

Experiences of Bentley Jennisons Business Integrity and Investigations Service with other clients;

Materiality of each area

Having carried out the above analysis, the plan is populated with a number of specific tasks that are to be carried out in 2007/08.

The plan will be kept under continual review and amended as necessary in agreement with the Head of Risk and Audit in response to any emerging high risk areas. The detailed plan is set out in Appendix B of this document.

Housing Benefit Investigations

The Housing Benefit Investigation team will be sufficiently resourced to investigate up to 600 cases of suspected Benefit Fraud during 2007/08. The acceptance of investigations will be in accordance with a risk-based model and no cases will be accepted for investigation unless the appropriate threshold is met.

Referrals to the HB Fraud Team will be made from a number of sources, these include:

Housing Benefit Matching Service (HBMS);

National Fraud initiative (NFI);

Fraud Hotline;

Report a Fraud (website);

Written allegations;

Benefits Assessment Teams;

Department for Work and Pensions;

Proactive Fraud initiatives;

Results of other fraud investigations.

The HB Fraud Team will investigate every case to determine whether a criminal offence has been committed. The team will be aiming at sanctioning (Prosecution / Administrative Penalty / Caution) in accordance with the Councils Prosecution Policy in approximately 20% of the cases investigated.

Cases will continue to be investigated until one of the following outcomes is reached:

There is sufficient evidence to demonstrate that a criminal offence has been committed and a sanction is to be applied;

There is insufficient evidence (or prospect) that a criminal offence has been committed and the case is to be closed with no further action.

In some case although a criminal offence may have been committed (and it can be proven) there will be a decision not to take further action. This will be in accordance with the Councils Prosecution Policy and where appropriate in consultation with the Councils solicitors and Head of Risk and Audit. In addition, in some cases an overpayment of benefit may be identified but no criminal offence committed.

Other Fraud Investigations

The non HB investigation team will be sufficiently resourced to provide 280 input days of reactive fraud work and 100 days of proactive fraud work.

Allegations of fraud will be referred to the non-housing benefit team for investigation from a variety of sources including:

Fraud Hotline;

Report a Fraud (Website);

Written allegations;

National Fraud Initiative (NFI);

Council Officer / Member referrals;

Results of Proactive exercises;

Results of other fraud investigations

Investigations carried out by the non hb team will continue to be made until one (or more) of the following outcomes is met:

Evidence to show that a criminal offence has been committed;

Evidence to show that a disciplinary offence has taken place;

Evidence that no fraud has taken place;

No realistic prospect of proving / disproving an allegation.

In fulfilling the above, the investigation team will additionally provide any necessary assistance in concluding a case including attendance at Disciplinary Hearings and in the criminal courts.

In addition, in carrying out the above, the investigation team will have due regard for the identification and recovery of any lost assets and the extent to which system controls require strengthening.

Residents Parking InvestigationsThe Permit Investigations Team will be sufficiently resourced to investigate up to 1,680 cases of suspected residents permit and disabled badge fraud in 2007/08.

These investigations will arise from the following:

Calls to the Fraud Hotline

Report a Fraud (Website)

Standard Investigation types (disabled workers)

Queries raised by permit administration teams

Council Officer / Member referrals

Proactive initiatives (programmed and ad hoc)

National Fraud Initiative (NFI)

The scope of investigations will depend on the nature of the referral. However, investigations will be carried out in all cases until one of the following outcomes is reached:

Sufficient evidence exists to show that the permit / badge is legitimately held and or used;

Sufficient evidence exists to show that the permit / badge is not legitimately held and/or used. In these cases action including the issue of a caution or prosecution will be considered in light of Council policy;

CORPORATE AUDITS

The following projects are proposed in 2007/08:

1 Corporate Contract Monitoring High Risk- 30 Days

Departmental arrangements will be reviewed for monitoring and reporting key contracts in compliance with the Procurement Code. In particular Internal Audit will be looking for evidence that Departmental Managers are accurately reporting the financial and operational performance of major contracts to Departmental Contract Review Boards. This audit will review the guidance provided to managers for undertaking contract monitoring to ensure it is consistent, risk focused, soundly based and takes into account

achievements against output based performance measures covering service delivery, income maximisation, debt recovery and contract compliance. The audit will also examine the reporting lines and governance arrangements in circumstances where complex monitoring and reporting arrangements exist due to the involvement of sub-contractors and /or differing departmental and NPO responsibilities. At the request of the Process and Audit Working Group the audit will examine and comment on Value For Money and effectiveness aspects of Contract Monitoring including relative costs of contract monitoring across the Council and differing approaches. The audit will also examine whether correct Governance arrangements are being followed in respect of reporting contract monitoring information to officers and members.2 Procurement Code High Risk- 20 Days (plus advisory audit time as needed )

The Procurement Code provides the corporate framework for letting and managing contracts for the City Council. The Code is currently being rewritten (Feb 07). This audit will be in two stages. A review of the new code prior to implementation and a subsequent review 3 months after implementation to assess the impact of the code. The audit will also excess the extent to which best practice on issues such as the Green Agenda and VFM are promoted within the Code . In addition to this audit time will be allocated as necessary from the Advisory audit budget to ensure that audit is involved is advising management on control issues during the project implementation stage.

3 E Procurement High Risk 25 Days (plus advisory time as required)

The Council is currently introducing a new E-Procurement IT solution. Internal audit are involved in the process of agreeing the control framework embedded in the software. This audit will be carried out in the last quarter of the year and will review the effectiveness of E-Procurement. This will include an assessment of whether the objectives of the initiative have been achieved and the control framework is operating effectively. Advisory time will be used as necessary during the development stage of the project to advise management on the effective implementation of the system.

4 E- Procurement IT Audit High Risk 20 Days

In addition to the systems audit set out above an IT audit will be carried out on the E-Procurement system. The terms of reference for this audit will be agreed with line management prior to commencement based on risk issues identified after implementation.

5 Approved List/Contract Register Medium Risk- 20 Days

This audit is to focus on compliance with controls to ensure only appropriate contractors are included on the list and that departments use the list in accordance with the Procurement Code. This audit will be carried out in conjunction with audit work arising from the introduction of E- Procurement. A significant amount of work is currently taking place on the Approved list by the Procurement Team. This audit is subject to review dependant on the outcome of that work to avoid duplication. The audit will also examine the corporate procedures for ensuring the Council retains corporately sufficient information on its contracts that is readily available and is used to ensure relets are dealt with in good time etc.

6 Business Continuity High Risk - 14 Days

This will be a corporate review of the arrangements in place to ensure effective business continuity arrangements are in place across the Council. This work will be carried out tin May 2007 and will include follow up to the 2006/07 audit on Business Continuity plans in the event of a Flu Pandemic.

7 Grant Claims (and Working Papers) Medium Risk - 20 Days

This audit will examine the control mechanisms in place to ensure the Councils major grant claims are prepared and presented accurately and on a timely basis. The audit will cover the adequacy and accuracy of working papers prepared to support the claims. The grant(s) to be audited will be agreed with the Director of Finance and Resources. In addition the audit may follow up the recommendations of the Audit Commissions 2006/07 grant claim work.

8 Performance Indicators High Risk - 25 Days

In respect of BVPIs a full audit will be carried out to verify that the Performance Indicators are being correctly calculated and adequate supporting information is available to support the figures. The audit will include where appropriate reperformance of Performance Indicator calculations and sample checks back to source documentation. Follow up work will also be carried out to ensure recommendations arising from the 2006/07 audit work have been implemented.

9 Performance Management High Risk 20 Days

This will be a review of processes in place for identifying , reporting and acting on key performance measurement issues across the Council. It will identify whether the Councils performance management framework has successfully addressed areas which have previously been identified as poorly performing. It will also examine the methodology for identifying performance status to evaluate whether this is correctly aligned with the Councils key operational and financial risks. This audit is currently scheduled to take place in November.

10 Worksmart High Risk 15 Days (plus increased allocation as required during the year)

The Worksmart programme is a key corporate initiative. This audit will be carried out in the last quarter of 2007/08 and is intended to ensure that key benefits arising from the programme have been realised and that the project is meeting its key milestones. Particular issues that have been raised with audit for consideration as part of this review are ordering and control of IT via the BT portal and the new rewards scheme. In addition to the time allocated to this audit, time will be allocated from the Advisory contingency or from other lesser priority audits during the year as necessary to ensure audit involvement on an ongoing basis in this key Council initiative.

11 Westminster City Partnerships High Risk- 20 Days

The audit work in respect of Westminster City Partnerships will be split into two parts. Firstly, Internal Audit are required to certify expenditure in respect of LAAs . The precise scope of the work will depend on the nature of the certification required. This work is likely to take place in July.

An additional audit is likely to take place to verify that the control framework is sufficient to ensure that partners achieve agreed objectives. This audit will take place in November

12 Governance High Risk 16 Days

The following areas will be covered :-

.

Policies and Procedures a review of how the authority ensures that it makes policies and guidance available to all staff, that they have read the guidance, and where necessary accepted it. Policies to be included in the remit of this audit include Employee Code of Conduct, Financial Regulations, Procurement Code, HR policies , Gifts and Hospitality, Conflicts of Interest and Whistleblowing. In addition the audit will review the Governance arrangements relating to officers, members, partners and contractors involvement in external organisations

The audit will also review whether adequate information sharing protocols are in place for both Electronic and Hard Copy Data in respect of partner organisations

The terms of reference of this audit will be discussed with the Director of Legal and Administrative Services prior to commencement

13 Compliance Reviews High Risk 35 Days

A sample of transactions will be taken each month from the General Ledger and traced back to source documentation to ensure Financial Regulations and the Procurement Code have been complied with.

14 Line Management Self Assurance High Risk 20 Days

Responsible managers across Departments will be asked to complete risk based control self assessment questionnaires for a sample of high risk operational and financial systems. The results will be used to target internal audit work and as a mechanism for disseminating control framework knowledge throughout the Council.

15 Risk Management High Risk 13 Days

The Councils risk management systems will be reviewed to verify their effectiveness. This audit will take place in the last quarter of 2007/08.

16 CRB Checks High Risk 10 Days

In view of the adverse findings of the audit work carried out on this system in 2006/07 a compliance review will be carried out to ascertain whether internal controls are now operating effectively in this area. Views will be ascertained from all relevant Departments as to how well this is working. In addition the review will be extended from previous work to cover the extent to which effective controls are in place to ensure contractors are carrying out CRB checks on relevant staff.

17 Budgetary Control High Risk - 16 Days

The effectiveness of application of budgetary control procedures across a sample of Council Departments will be reviewed.

FINANCE AND RESOURCES DEPARTMENT

.


1Housing Benefit High Risk - 20 Days This audit will concentrate on the operation of controls to ensure that the possibility of fraudulent receipt of benefits is minimised and that adequate controls exist over the payment and reconciliation of benefit.

2. Council Tax High Risk - 8 days

Controls over charging, billing, collection and enforcement will be reviewed. In view of previous substantial opinions the scope of this review has been reduced and will concentrate on testing of key financial controls only.

3. NNDR High Risk - 8 days

Focus upon key controls, reconciliation and the collection fund. In view of previous substantial opinions the scope of this review has been reduced and will concentrate on testing of key financial controls only.

4Debtors High Risk -20 days

Review of the level of debt and the effectiveness of the debt recovery process. Attention will be focused on those areas of the Council identified in the performance monitoring reports to Corporate Management Board as under-performing. This review will include an assessment of the extent to which financial regulations are complied with in the management of debts and include a review of key controls and documentation of key information flows .

5 Creditors High Risk - 20 days

Focus on compliance with financial controls in respect of use of the ordering system correctly prior to entering into commitments to purchase. This review is to encompass a key controls compliance review and documentation of key information flows. The sample of transactions tested will cover compliance with financial regulations for the authorising of payments across the Council.

6Cash & Banking Control incl Bank Rec High Risk 20 Days

This audit will include an audit of key financial controls and documentation of key information flows. In view of the service moving from City Hall a full review of the control processes in place at the new location will be undertaken.

7Main Accounting System High Risk 16 Days

Review to focus on the monthly management accounts process and controls to ensure that all expenditure on WIMS is accrued for/correctly stated. A review of suspense accounts will also take place to ensure that suspense accounts are being managed effectively. Key account reconciliations between feeder systems and the General Ledger will also be reviewed. The review also needs to consider the extent to which recommendations arising from the PwC review are effectively addressed by controls within WIMS e.g. authorisation levels

8 Corporate Property Division IT System High Risk- 12 Days

An IT audit will be carried out in respect of the new Corporate Property Database. The detailed scope of the audit will be carried out following a risk review in conjunction with line management and will take place in the first quarter of 2007/08.

9 Corporate Property Control Systems High Risk 20 Days

This audit will review the extent to which Corporate Property is now operating financial and operational controls in line with corporate financial procedures , the Procurement code and recommendations arising from previous audit work and the PwC review of this area.

10 VAT Medium Risk 16 Days

This audit will review the procedures in place for ensuring all VAT due to the Council is recorded and reclaimed.

11 Corporate Financial Procedures Medium Risk 16 Days

Corporate Financial Procedures were extensively reviewed in 2006/07. This audit will determine the extent to which they comply with Best Practice and compliance is controlled through training and dissemination. A review will take place of the extent to which departments have ensured that all relevant managers have received appropriate training in respect of financial regulations and the Procurement Code.

12 Capital Monitoring and Reporting Medium Risk 16 Days

New controls were introduced in 2006 in respect of the budgeting , control and reporting of Capital Expenditure. The application of these controls will be reviewed to ensure they are operating effectively

CUSTOMER SERVICES DEPARTMENT


1 Off Street Parking High Risk- 25 Days

The following audit will be undertaken in 2007/08:

Contract Monitoring

Contract monitoring review of the Off St. Parking Contract. This audit will review the financial and operational monitoring of the contract. The objective is to ensure that effective controls are in place to ensure that the key objectives of the contract are being achieved (including savings/income maximisation) and monitoring is taking place in accordance with the Procurement Code. This audit will take place in the second quarter of 2007/08.

2 On Street Parking High Risk 45 Days

The following audits will be undertaken in 2007/08.

Disabled Parking

At the request of the Audit and Process Working Group an audit will be carried out of the effectiveness of controls for validating eligibility and administering the scheme for Disabled Parking permits. Controls to validate continuing eligibility will also be examined. This audit will be carried out in the first quarter of 2007/08 in view of the possible removal of single yellow line exemption for Westminster which may increase the number of permits applied for.

ICPS IT Audit

A computer audit review will be undertaken of the ICPS Parking System. The audit will review controls over the input/output of transactions, access controls, IT support, back-up/contingency plans and the integrity of the data transfer process via system interfaces. System change management procedures will also be reviewed. This audit will take place in the first six months of 2007/08.

On Street Parking Enforcement Contract

An audit will take place of the financial and operational controls in the NCP contract. Issues to be considered will include the extent to which contract savings are being achieved and the effectiveness of the camera enforcement service. This audit will take place in the third quarter of 2007/08.

3 Contract Monitoring / Management CSI High Risk 30 Days

The scope of these audits will be agreed with line management following a joint risk review of this area. The reviews are likely to cover the following:

Review 1 ( 2nd quarter)

Compliance with agreed financial procedures in service areas transferred to Warrington or Dingwall. This will include debt recovery and banking and control issues. It will also examine the extent to which Council Departments are maximising the benefits of Vertex services by using them correctly e.g. directing all payments to Warrington rather than Dingwall and using the debt recovery services provided by Vertex.

Review 2 ( 3rd Quarter)

Effectiveness of contract monitoring of Vertex and Vertex monitoring of sub contractors. This will include an assurance that financial regulations and the procurement code are being complied with in the processing of payments and that performance information is accurate. Incentive payments will also be audited . The audit will also look at the distinctions between Contract Monitoring and Development work and the links with the Worksmart programme.

The detailed scope of the above audits will be agreed with line management prior to commencement of the audits.

All significant audits carried out in respect of Vertex in 2007/08 are likely to be reported through the Commercials Board.

TRANSPORTATION DEPARTMENT


1Temporary Road Traffic Regulation Orders and Crane and Platform Operations Licences Medium Risk 20 Days

Detailed scope of this audit will be agreed with line management prior to commencement. It is likely , at the request of line management to focus on the financial and administrative controls surrounding income collection and reconciliation in respect of Road Closure and Crane Licences. The focus of the audit will be on whether income targets are being met and whether all costs, including the process of notifying TFL, are included in the fees. The adequacy of controls systems in respect of Highways inspections including data quality will also be reviewed . This audit will take place in the first quarter of 2007/08

2 Construction Impact Team - Medium - Risk 25 Days

Detailed scope of this audit will be agreed with line management prior to commencement. Areas of coverage for this review are likely to include Highways Licences Deposits , fees for skips and temporary structures, Licence processing controls including the interface between Transportation and Vertex, and the degree of automation of processing, application and payment. This audit will be carried out in the first quarter of 2007/08 and was requested by line management.

3Contract Monitoring High Risk 25 Days

A contract monitoring audit will be carried out to ensure key departmental contracts are being monitored in accordance with the Procurement Code and Financial Regulations. The audit will also determine whether monitoring controls are effective at determining whether contractors have delivered the service in accordance with the contract. The contract (s) to be covered in this review will be determined in conjunction with departmental management. At the request of line management this review is likely to focus on the Whitehall Streetscape projects being carried out for the Cabinet Office and the Westone contract in general. The financial authorisation process will be reviewed together with mechanisms for ensuring contract compliance by the contractor. This review will be carried out in the second quarter for completion by the time of the Gateway review for the Whitehall project in September.

POLICY AND COMMUNICATIONS DEPARTMENT


1 Payroll Contractor Progress & Key Controls High Risk - 20 Days

( Core Financial System)

This audit will review the control framework in place to control and reconcile payments made to staff. The audit will identify progress made against the concerns raised in the 2006/07 audit and will encompass a review of key controls.

2 Health & Safety 13 Days

An audit review will take place of the Councils procedures for ensuring compliance with statutory requirements and best practice in respect of Health and Safety issues.

3. Pensions Systems - Medium Risk 14 Days

A systems review will take place concerning the adequacy of pension payment, reconciliation and control systems

Corporate IT Audits

Following discussions with the Head of IT, four corporate IT exercises are proposed in the 2007/08 audit programme. These are in addition to the departmental IT audits proposed elsewhere in this programme. The precise scope of these audits will be decided after discussions with line management.

4 E-Mail/Internet/Security Review - Medium Risk - 12 Days

Controls will be examined to ensure that the risk of unauthorised use of the internet is monitored and controlled, an adequate Data Security policy is in place particularly for shared usage arrangements with partner organisations, and that Corporate initiatives such as WiFI, electronic payment mechanisms and worksmart are securely controlled.

5 IT Disaster Recovery /Business Continuity - High Risk 16 Days

Controls in place to minimise the risks relating to IT failure at a corporate level will be examined including a follow up to the IT back up and recovery work carried out in 2006/07. At departmental line management request the review will specifically consider server rooms and the arrangements in respect of the Tunstall system at the Emergency Link Office.

6 Worksmart High Risk 15 Days

Corporate IT solutions are a key part of the Worksmart programme (e.g EDRMS). This audit to be carried out in the final quarter of the year will

assess the effectiveness of the implementation and use of new applications . The precise scope of this audit will be agreed with corporate IT management at the time of the audit.7. Physical Security and Inventory Maintenance Review Medium Risk 15 Days

This audit is carried over from the 2006/07 programme. The objectives of the audit are to ensure that effective controls are in place to ensure the inventory of IT equipment including portable is maintained accurately and up to date in accordance with financial regulations. Security over fixed and portable equipment will also be examined following a number of thefts of portable IT equipment

PLANNING & CITY DEVELOPMENT

The following project is proposed in 2007/08:

1 Planning High Risk - 20 Days

It has been agreed with the Director of Planning and City Development that the audit in 2007/08 will concentrate on charges made by the Department to members of the public for services or advice other than standard planning applications. The audit will aim to ensure that income is maximised within the cost recovery parameters the City Council is allowed to operate within. This audit will take place in November.

ENVIRONMENT & LEISURE


1Commercial Waste High Risk- 15 Days

This audit will focus on financial control in respect of commercial waste. In particular the audit will focus on billing, collection, debt recovery and write off procedures as well as account reconciliations . This audit will take place in the 3rd quarter.

2 Waste Disposal Medium Risk - 14 Days

This will be a systems audit which concentrates on the financial , operational and Value for Money controls over the Waste Disposal Function. This audit will take place in the 1st quarter of the year.

3 Leisure Facilities Contracts 15 Days

This audit will review the contract monitoring of the Councils Leisure Facilities Contracts. This audit will be carried out in November.

LEGAL & ADMINISTRATIVE SERVICES


1 Street Trading Medium Risk 15 Days

An audit will be carried out in respect of financial and operational controls over Street Trading Licensing . In particular billing and collection systems will be examined and annual fees will be examined. This audit will take place in the 1st quarter of the year. This audit will be coordinated with work carried out in the Community Protection Department

2Land Charges 14 Days Medium RiskThis audit will review the internal controls in place to ensure the control framework for administering the land charges system is adequate particularly in respect of income recovery.3 Control of Contract Costs Medium Risk 12 Days

As a result of a departmental request an audit of contract costs incurred has been included in the plan for 2007/08. The audit will be targeted at ensuring that a control framework exists to ensure payments made to contractors were fully in accordance with the terms and conditions of the contract. The audit will include an examination of the systems operated within Departments to spend devolved legal budgets and a review to ensure that departments are commissioning external legal services in compliance with the contracts let by the Legal and Administrative Services Department

CHILDRENS SERVICES


SCHOOLS

1 School Audits

A programme of school audits is carried out on a three year rolling programme. Schools are audited against the Ofsted / Audit Commission guidelines for financial controls in Schools. In addition the Department for Education and Skills requires all schools to be accredited as compliant with its new financial standards once every 3 years. The new standards are an enhancement to the previous guidelines. The Director of Finance and Resources is required to certify the number of schools reaching the standard at the end of each financial year. The review and certification process at each school will be carried out as part of the internal audit. 5 days are allocated for each primary school audit and 6.5 days for each secondary school audit. The complete list of schools to be audited in 2007/8 is:

Schools:

St. Augustines CE Primary School

Gateway School

George Eliot Infants School

George Eliot Juniors School

St. Barnabas CE School

St. Edwards RC

St. Gabriels School

St. Vincents RC School

Wilberforce School

All Souls

Barrow Hill

Burdett Coutts

Chistchurch Bentinck

Churchill Gardens

Essendine School

Hallfield Infants School

Hallfield Junior School

Hampden Gurney School St Marys Paddington Hospital Class (audit only)

Pimlico School (charged March 07)2 Recoupment (inc Ind School Fees) Low Risk- 5 Days

This audit will review the system for ensuring all appropriate recruitment costs are identifed , recharged , collected and reconciled.

3. Home to School Transport Low Risk 14 Days

Home to School Transport Costs will be examined to ensure adequate systems are in place to ensure Value For Money is obtained.

4 Education other than Schools Low Risk - 14 Days

The provision and payment for specialised Education other than at Schools will be examined to ensure that adequate financial and administrative controls are in place.

5 Payments to Foster Carers inc Child Minders Medium Risk 12 Days

An audit will take place of the operational and financial controls over the payments made to Foster Carers

6 Children & Families Team incl Sect 17 paymt Medium Risk - 12 Days

The scope of this audit will be decided after a risk review carried out in conjunction with line management responsible for this area

LIFELONG LEARNING

7Adult Education Service Medium Risk- 16 Days

Scope of this audit is to be agreed. It is likely to focus on the financial control and assurance framework at the Adult Education Service. This audit is likely to be reported as part of the Adult Services Audit Plan. HOUSING

The following projects are proposed in 2007/08

HOUSING REVENUE ACCOUNT AUDITS (CITYWEST HOMES AUDITS)

1 Tenant Management Organisations Medium Risk-13 Days

TMOS are run by residents. This audit may be either a broad financial controls audit or may concentrate on problems identified in previous years. The under-performance or failure of TMOs has been identified as a key risk in the risk register. This risk is to be mitigated by close monitoring of performance, governance and finances. Line Management will be consulted as to which organisations are reviewed and the frequency of review which should be no more than every two years for TMOs carrying out major works. Key issues to be covered in 07/08 include Voids and Procurement. This audit will take place in the second six months of the year.

2 Housing Rents Collection/Arrears High Risk 13 Days

This is a core financial audit . The audit will focus on the financial control framework in respect of collection, accounting for and reconciliation of rent, and the recovery of arrears.

3 IT Strategy Review including Business Continuity arrangements. (HRA) Medium risk 10 Days

An IT review will take place of CWHs IT strategy in respect of HRA IT systems including arrangements for IT Disaster recovery and Business Continuity arrangements. This audit was scheduled to take place in 2006/07 but was postponed to allow a business review to take place. This audit will take place in the first half of the financial year with the focus on disaster recovery.

4 Major Works (HRA) Medium Risk - 16 Days)

This will be a contract audit of the project planning , contract letting and project control mechanisms within CWH. Issues to be examined include achievement of capital programme targets and delivery of agreed coast savings

5 Estates (Housing Management) (HRA) Medium Risk- 16 Days

This audit will review the management of Housing estates from a financial and operational perspective

6 Academy OHMS interface Medium Risk 14 Days

This audit will review the interfaces between OHMS and the Academy Housing Benefit System. This audit was postponed from 2006/07 to allow for new data reconciliation and transfer processes.

7. Verification of Tenancies Medium Risk 16 Days

A systems audit will take place of the procedures in place to ensure only bona fide tenants are in residence in Council properties. This audit will take place in the first quarter and concentrate on street properties

Housing General Fund Proposed Audits

1. Housing Options Medium Risk 15 Days

The audit will focus on a review of systems and controls relating to rent accounting in the HOS. Precise scope of the audit will be agreed with management prior to commencement.

2 Homelessness Applications High Risk 15 Days

The audit will whether mechanisms for ensuring eligibility are effective and whether controls can be put in place to pick up patterns of unusual activity which are indicative of fraud.

ADULT SOCIAL CARE and HEALTH


1 Pooled Budgets Older People, JLDT , Disability Medium Risk 15 Days

A review will take place of the extent to which financial and operational control is maintained over pooled budgets in this area. In other areas where pooled budgets are used problems have been experienced with joint accountability.

2.Taxi Cards Medium Risk - Medium Risk - 12 Days

The financial and operational control framework concerning use and payment for taxi cards will be carried out.

3 To be allocated within Department - Grants to Voluntary Organisations Medium Risk 15 Days

At the request of the Audit and Performance Committee Process and Audit Working Group a review of the effectiveness of the councils systems for ensuring that Voluntary bodies deliver the outcomes for which the grant was intended. The precise scope of this audit will be agreed with management. It is likely to include detailed verification of the performance and outcome information provided by specific voluntary bodies. The effectiveness of monitoring of performance against Service Level agreements will also be included. This audit is likely to be reported as part of the Childrens Services Audit Plan. This audit may need to be carried out in the second six months of the year as Service Level Agreements are currently being put in place

COMMUNITY PROTECTION (S CODES)


1 Food Safety Inspections High Risk - 16 Days

This audit will review compliance with financial, operational and legal requirements in respect of Food Safety requirements.

2. Civic Watch Medium Risk 10 Days

As this is a unique local authority service the precise scope of the audit will be agreed with line management prior to the commencement of the review.

Prior to the audit commencing a risk assessment of auditable areas within Civic Watch will be conducted to ensure the audit adds value. Potential auditable issues include the achievement of corporate objectives and financial management.

3. Licensing Medium Risk 20 Days

This audit will take place in the last quarter of the financial year and will address issues surrounding the prosecution policy and whether the processes supporting it are fit for purpose. A separate review of financial processes relating to St. Trading fees will be carried out prior to the transfer of work from Legal and Administrative Services to Community Protection and is included in the Legal and Administrative Services audit programme.

Appendix B

CITY OF WESTMINSTER DRAFT PROACTIVE ANTI-FRAUD PLAN 2007/08

TYPE OF ACTIVITY AND OBJECTIVESINITIATIVE & METHOD OF DELIVERY

Project Arising FromPlanned

DeliveryEstimated

Budget

FRAUD AWARENESS (EXTERNAL)

To provide ongoing publicity for the Councils Freephone Fraud Hotline, encouraging members of the public to report suspected fraud against the Council.

To deter those who might seek to commit fraud against the City Council.Refresh and reinforce the 2006/07 poster and leaflet campaign in all Council public buildings

The aim of this years work is to ensure that the posters are being displayed in all public sites including those listed below and to ensure that the leaflets are readily available to members of the public and sufficient stocks are in situ for the coming year. Managers at each of the sites will also be encouraged to give early warning of reduced leaflet stocks.

Good Practice / Ongoing Prominence

Reminders to managers once per Quarter throughout 2007/08.

Visits by Investigation staff throughout the year. Each site to have a minimum of one visit per quarter.

1 day

.

In association with the above, use the leaflets advertising the Fraud Hotline in conjunction with other Council activity.

The aim of this work is to provide the fraud hotline leaflets to a much wider audience (emphasis on residents but also businesses), inserting them with other posted materials and especially reaching those who may not ordinarily visit the Councils offices. Methods for delivery include:

Electoral Registration canvassing

Renewal of Residents Parking permits / Disabled Persons Badges

Housing Benefit Applications

Housing correspondence

Council tax demands

NNDR demands

Other renewal applications and demands (yet to be identified)Good Practice / Ongoing ProminenceDependent upon timing of the renewals/demand activity and what methods have been used in 2006/07.3 days

Ensure that as many relevant application forms as possible carry the City Councils Freephone Fraud Hotline number.

The City Council provides the ability to members of the public and businesses to apply for a raft of services over the internet using on-line application facilities and downloadable applications. There are several hundred listed on the Councils web-site. The aim of this work is to review the facilities provided and to identify 20 applications where the fraud hotline could / should be incorporated. Identified forms will have all versions amended to include provision of the hotline number.Good Practice / Ongoing ProminenceCommencing 1st quarter of 2007/08.

By the end of the 2nd Quarter all relevant forms to have been amended subject any print lead times and current stock holding.4 Days

Obtain space and write relevant articles in Council monthly / quarterly magazines and newsletters such as The Reporter or City West News.

Good Practice / Ongoing ProminenceDuring the first half of 2007/08.

2 days

Continue to obtain publicity (press) for successful prosecutions including the provision of the Councils hotline number.

The aim of this work is to consider all potential opportunities for press releases on successful prosecutions and to ensure that releases include reference to the City Councils freephone fraud hotline. In addition opportunities will also be taken to inform Council staff of the outcome of fraud investigation in order to demonstrate that the Council takes fraud seriously and warn of possible frauds to which the Council may be subject.

Good Practice / Ongoing ProminenceOngoing throughout 2007/08 as and when there is benefit in publicising good results.2 days

Continue to improve / reinforce the entries on the Councils A-Z of Services and Wire and Internet relating to reporting a fraud.

The aim of this work is to review and refresh, where necessary, sections in the Councils Web site, intranet facility and also the printed version of the A-Z of services relating to reporting fraud.

Good Practice / Ongoing Prominence1st quarter of 2007/081 day

FRAUD AWARENESS (INTERNAL)

To raise internal awareness of the Councils stance on fraud, responsibilities for reporting and how to report a fraud.

To encourage members of staff and contractors to report concerns.

To continue to strengthen the Councils anti-fraud culture.

To obtain confirmation from all staff, managers, chief officers and members of their understanding and acceptance of the Councils anti-fraud policy and strategy and other related policies including the Councils whistle-blowing and money laundering policies.

To complement the above or in place of the above consideration will be given to separate methods of communicating anti-fraud responsibilities including presentations and workshops as appropriate. This work will be coordinated with other internal audit work on Governance arrangements , particularly in respect of policy awareness.

Good Practice / Ongoing ProminenceDependent on the product availability, likely that a phased approach throughout 2007/08 will take place. 15 days

Carry out a Surgery or open afternoon where members of Internal Audit and the Fraud Team are available for general advice or guidance to chief officers, managers, staff, and contractors staff. Copies of the Councils relevant policies would be made available as well as any other promotional material about the Councils hotline and on-line fraud reporting facilities.

The aim of the surgery / open afternoon would be to provide a dedicated time (advertised widely in advance) when those working for the Council have the opportunity to meet Internal Audit and Fraud staff, report fraud, raise concerns, discuss fraud related / control issues etc.

The surgeries would take place at two or three key locations across the Council. Although, only one location will be covered each year.

Good Practice / Ongoing ProminenceThroughout 2007/08.

2 days

INTELLIGENCE GATHERING

To provide data analysis and information that may identify areas of potential fraud for proactive attention.

Formal monthly Internal Audit and Fraud Team briefings

Identifying any possible areas of concern for immediate or later inclusion in the proactive anti fraud plan.

Good Practice OngoingPart of normal service delivery

Survey Staff and Managers

Consider survey of staff and managers actively inviting them to help identify potential systems or areas of concern.

NOTE: This activity may be dependant on the results of the survey carried out as part of the 2006/07 anti-fraud proactive plan.

Good Practice / Ongoing Prominence3rd Quarter so as to allow any issues arising to be incorporated into the 2008/09 programme.3 days

Fraud Team intelligence

This work involves gathering information about the results of reactive referrals, identifying any emerging trends or areas of concern that could / should be included in future proactive plans.

In addition, topics covered at regular forums such as LBFIG, The London Public Sector Fraud Partnership, CIPFA, LAIOG, NAFN that have a potential impact on anti-fraud proactive plans will be included as building intelligence for future planned activity.

Good Practice OngoingPart of normal service delivery

Follow up questionnaire to other Local Authorities (and other public bodies) in London

This work involves obtaining information from across London, especially Counter Fraud and Internal Audit teams to establish any potential areas of common risk that should be addressed by proactive activity. In carrying out this work reference will be made to the Audit Commission to determine whether there are emerging trends elsewhere as part of their work.

The 2006/07 questionnaire will be refreshed taking on board comments made by those who participated in that exercise. In addition, given the comments made in the 2006/07 questionnaire it may be appropriate to set up a half yearly forum for interested London Local Authorities to discuss specific proactive fraud related topics. Good Practice 2nd / 3rd Quarter3 Days

(extended to 5 days if a forum is arranged)

To carry out Follow UpFollow up Recommendations arising from Investigations during 2006/07

In each case where recommendations are made for improvements following an investigation a follow up will take place. This follow up will aim to determine the extent to which recommendations have been implemented. At the end of 2006/07 the 2007/08 plan will be populated with those areas where follow up activity is due and throughout the year any additional follow up planned during 2007/8 will also be included as it arises.

Good PracticeThroughout 2007/088 days

Proactive plan for 2007/08

To identify projects, other than those which may be identified as a result of the exercises set out below, that should be included in the 2008/09 proactive plan and to formulate a draft plan with indicative inputs. Good PracticeOngoing, mostly 4th Quarter2 days

PROACTIVE PROJECTINITIATIVES

Individual projects aimed at high risk areas and designed to identify whether fraudulent activity is taking place.Identification of significant income streams

The purpose of this exercise is to identify all significant sources of the Councils income and obtain a break down (for each source) of the method of income i.e. cash, cheque or credit card. For the purpose of this exercise significant income is defined as that where individual transactions are greater than 1,000 or total annual income is greater than 50,000. A systematic evaluation of the risk of fraud / theft for all such sources of income will then take place assessing vulnerability to fraud. Particular emphasis will be placed on transactions carried out by the Council with individuals rather than organisations. Specific attention will be given to those sources that are composed of a significant level of cash income. The results of this exercise will be used to determine further exercises for future proactive plans.

Refunds

The purpose of this exercise is to detect any potential or actual fraudulent refunds made and will be undertaken in the following way:

Determine if there are any areas within the Council that have a system for making refunds that does not involve WIMS, including credit card charge-backs.

Where such systems are identified the following work will be carried out:

1) Obtain an understanding of the system to verify that refunds are being appropriately authorised and there is an adequate separation of duties;

2) Test a sample of refunds to ensure that each refund can be associated with a previous payment and that payments are being made to a legitimate customer and for a legitimate reason;

3) Test overall value of refunds by comparing total value of refunds to income in a specific period and by looking at trend in value of incomes over a period of time e.g. 1 year.

Homeless Housing Applications

The purpose of this exercise is to check that Council Housing is not being allocated to people who are not entitled either due to a lack of diligence or fraud by staff. The exercise will be undertaken in the following way:

A sample of current Housing applications from people who have declared themselves as homeless are tested in the following way:

1) Verification of applicants last declared address(es) and the reason they were made homeless from their most recent address;

2) Check applicants name on 192.com, Council Tax, Land-Registry to confirm that they are not connected with any other, unknown address(es);

3) Verification of the validity of any documents supplied to support application, particularly on medical grounds;

4) Check that the correct amount of points have been accrued in respect of Choice Based Lettings scheme.

Procurement

The purpose of this proactive exercise is to identify that purchases made n behalf of the Council are made for a legitimate business need. This exercise will involve (but not limited to) the following:

1) Identification of high volume items

2) Identification of portable (saleable) equipment

3) Tracing items through from specification, order to supply

4) Confirming the physical location / presence of purchases

Section 17 PaymentsThe purpose of this exercise is to identify the range of Section 17 payments made to qualifying individuals and to carry out testing to determine whether:

1) They qualify i.e. have children

2) The individuals are entitled to other welfare benefit assistance

3) There are no fictitious applicants

Good practice inherent risks.

Risk assessment and previous fraud referrals




Staged across the full year.

1st / 2nd Quarter

2nd Quarter

3rd Quarter

4th Quarter5 days

10 days

7 days

8 days

6 days

Individual projects aimed at high risk areas and designed to identify whether fraudulent activity is taking place.Data Matching Council Tax , Electoral Registration, Residents Parking Database

Subject to confirmation of legalities with the Audit Commission a comparison of data held on the above systems will take place to identify potential anomalies for investigation

Specific Housing Benefit Proactive anti-fraud projects.

Throughout 2007/8 a number of proactive projects aimed at identifying potential Housing Benefit fraud will take place. the projects for 2007/08 include:

Right to buy applications

This activity is aimed at data matching applicants for the Right to Buy and Housing Benefit claimants. This checking can identify HB claimants who have an undeclared source of income (means to purchase the property) and also to identify sales which end entitlement to Housing Benefit.

Licensing Applications / Stall Holders

This activity is aimed at data matching applications for licensed pitch holding and Housing Benefit claimants. This checking can identify HB claimants who have not declared their work / income status when making claims to benefit.

Uncashed HB Cheques

Uncashed cheques sent to a benefit claimant or (landlord) can indicate that the claimant no longer resides at the property, has other financial means, the landlords address is incorrect, the claim etc. On a monthly basis a list of uncashed cheques will be obtained and checks carried out including analysis of the Academy, EDMS and RAT terminal (DCI) to determine any factors which could identify the reason. Where it is considered necessary investigations will be carried out to determine whether there are grounds to suspect fraudulent activity. Suggestion of audit and Process Working Group

Good practice / previous fraud referrals

Good practice / previous fraud referrals

Good practice / previous fraud referralsMatches carried out once per quarter

Matches carried out twice per year

Every month throughout 2007/086 days

2 days

10 days

Bentley Jennison

RISK MANAGEMENT LTD

7Page 1 of 46

_1237914806.xlsChart1

339

192

168

128

100

93

70

46

42

41

41

20

No. of Days

Sheet1

Corporate339

Finance and Resources192

Children's Services168

Housing128

Customer Services100

Policy and Communications93

Transportation70

Community Protection46

Adult Social Care and Health42

Legal and Admin41

Env and Leisure41

Planning and Development20

_1237915843.xlsChart1

Chart2

1725

300

100

1950

750

Sheet1

Systems and Compliance Audit Services (1725 days)General Fraud Services (300 days)Proactive Anti-Fraud Services (100 days)Benefit Fraud Services (1950 days)Permit / Badge Fraud Services (750 days)

17253001001950750

_1237960797.xlsChart1

100

1950

750

300

General Fraud 10%

Chart2

100

1950

750

300

Sheet1

Proactive Anti - Fraud Services (100 days)100

Benefit Fraud Services (1950 days)1950

Permit / Badge Services(750 days)750

General Fraud Services (300 days)300

_1237914390.xlsChart1

Chart2

1920

300

100

2170

850

Sheet1

Systems and Compliance Audit Services (1920 days)General Fraud Services (300 days)Proactive Anti-Fraud Services (100 days)Benefit Fraud Services (2170 days)Permit / Badge Fraud Services (850 days)

19203001002170850

Documents

Item 5 - Internal Audit Plan 2007-08 (1)