Agenda item

Report of the Director of Finance.

Members received a report which provided details on the 2021/22 Internal Audit & Corporate Anti-Fraud Plans and the Internal Audit Charter.

Members were advised that the internal audit plan for 2021/22, took into account the risk management framework and the corporate priorities and the requirement to provide an annual internal audit opinion.  The plan would be delivered primarily by a dedicated internal team of the Council.  However, it was highlighted that there were some challenges with resources and around Covid-19 restrictions still in place.  It was reported that the plan was flexible and may be adjusted throughout the year to meet the needs of the organisation, with any significant changes to be bought back to the Committee.

The Committee were advised that Internal Audit’s independence has not changed since last year and that asked to note that all the core financial system reviews would be undertaken as evidence-based control self-assessments with specific testing on authorisations throughout the previous year because during the pandemic there had to be a different approach in order for various transactions to continue to be appropriately authorised.

It was noted that previously, there was a mixture of full reviews and control based self-assessments, however, because of the stability in previous years and the introduction of Dynamics, the challenges of the pandemic had resulted in time being more constrained.

With regard to the corporate compliance checks the annual checks on contract procedure rules and financial regulations as well as fees and charges would continue.  New to this year are the checks on HR policies in order to make sure these policies are implemented correctly.

Risk management in decision making would be a real-time review of risks addressed in Cabinet reports.  This had been introduced in December 2020 and had proved to be successful and therefore would be continued throughout 2021/22.

The KPIs have remained consistent with the previous year.

During the discussion, Members and Officers highlighted the following:

·                 A concern was raised in relation to the covid-19 grants with it being noted that there was an inconsistency with families having not received this grant.  The Committee was informed that due to the volume of different covid-19 grants, in order to get specific information, the relevant area manager would need to be contacted.

·                 The transparency of the authorisations was queried and whether they would be available to see online. However, it was explained that the authorisations in the report were for the core financial system and would be retained within the Civic Centre, with some contained via email and this needed to be checked for due diligence.

·                 It was questioned as to why there was no manual of operations of how these processes should be conducted.  The officer explained that not every system would have a manual and where manuals were available, they would be taken into account during audits and, in addition, these manuals would also be reviewed.

·                  Members questioned how previous issues identified compared to this report’s findings.  It was explained that audit knowledge had been considered and it had then used in the current audit plan.

·                 It was confirmed that there would be a specific review of the regeneration programme and governance issues had been followed up in regard to the Depot, which were still ongoing.

·                 In terms of which of the goals were found to be the highest risk and how this was reflected in the plan, it was explained that the new corporate plan lacked details of how it would be implemented, which had presented a challenged linking the work done to some of the risks and objectives.  It was noted that there were links to the corporate risks, which in turn related to the corporate plan.

·                 Clarification was sought in relation to the risk manager’s contract length.  This Contracts were currently a rolling contract and as there was insufficient funding for a permanent post.  It was confirmed that the current Risk Manager was employed via Pertemps and is not outside IR35.

·                 In response to a query about the audit vacancy since April 2020, the Committee was informed that an officer had left at the end of April 2020 and that there continued to be a vacancy.

·                 An explanation on the organisational independence of the audit team was requested and Members were informed that the audit team was an independent team with a specific scope of duties and whilst ideally the Head of Internal Audit should not have other responsibilities in most Councils they usually had other responsibilities that often included corporate anti-fraud and risk management.  At Harrow, for corporate anti-fraud, this was of an oversight nature.

·                 A follow-up question was asked if independence might be lost in certain areas and how external auditors were used.  It was explained that the external auditors had have oversight over audit reports, the risk management process and the annual governance review process.  The external auditors carry out specific work for example as part of their vfm work and report if concerns were identified. 

·                 With the challenges highlighted and work carried out to combat these, it was asked if it was the intention to revert back to the working model used prior to the Pandemic.  It was explained that this could be dependent on accommodation, and it would be assessed once accommodation is available.  Where Schools were concerned it was felt that it would be important to resume face to face work, when safe to do so.

·                 In response to a question about the number of audit days allocated to authorisation testing and what it had uncovered in previous years, the Committee were informed that this was a new process due to the pandemic and the inability to get physical signatures and has not been done in this way before.  The number of audit days reflected the number of systems and transactions to be covered by the testing.

·                 It was noted that the effectiveness of management procurement and financial controls of traffic and highways review was a management request.

The Committee then asked an officer to present, in brief, the corporate anti-fraud plan for 2021/22.  Members were advised that in the past year the pandemic had bought its own risks with central Government funding coming to local Government for grants.  The development of the council fraud strategy would provide an action plan from which the Corporate Anti-fraud Teamwould be able to set a benchmark in order to protect the authority in the best way possible.  The plan was delivered by an internal team with no planned changes to resources at this time.  The KPIs for 2021/22 have been slightly increased in order for performance to be maximised.

During the discussion, Members and Officers highlighted the following:

·                 It was asked whether any fraudulent activity was found with the business grants during the pandemic and the officer advised that the cases that came to the corporate anti-fraud team’s attention were minimal in comparison to the value and volume of covid grants.

·                 It was asked how the Council’s KPIs compared with other boroughs. An officer advised that there was no benchmarking data available for comparison.

·                 An enquiry was made about the decision-making process in terms of how the corporate anti-fraud team applied itself to particular activities.  The officer highlighted that previous years’ data would be used if there was a reason to believe there would be a continued risk.  If the Internal Audit team raised a concern, then this would provide a reason to investigate.  Another would be a high expenditure area in the council where a loss due to fraud might be more likely.

·                 In response to a question as to whether the corporate anti-fraud team had procedures in place for obtaining evidence and if they were PACE compliant, it was explained that the corporate anti-fraud team had complied with PACE by continued refresher training on conducting interviews.  Should this be continued to a prosecution then the team would be strictly regulated by the criminal justice system.

·                 It was asked what protocols were in place for anonymous referrals.  It was reported that anonymous referrals remain anonymous and would be assessed on the merit of the information provided with each referral given an individual number for reference purposes.

·                 A member questioned whether there would be an audit on the impact of the corporate anti-fraud team’s strategy on those with protected characteristics.  This was due to a concern that when an investigation is undertaken there would be a perceived risk, that an element of discrimination could be present against those with protected characteristics.  The Officer explained that the corporate anti-fraud team had a risk assessment system know as a 5x5 system that would grade the quality and source of that information received which, in turn, determined if that it would be financially viable to pursue, the likely hood of there being fraudulent activity, the financial impact and the potential reputational damage on the authority.  The Officer reassured the committee that the Criminal Procedures Investigation Act governed the way investigations were undertaken and that the corporate anti-fraud team would have to follow all reasonable lines of inquiry and document everything that happened throughout an investigation.

·                 It was noted that that there were regular checks made by managers in investigations carried out by the corporate anti-fraud team.  With sign offs required from multiple officers and solicitors would also be a part of that process.

RESOLVED:  That the recommendations be agreed by the Committee, which included:

That the Internal Audit & Corporate Anti-Fraud Plans 2021/22 and the Internal Audit Charter 2021/22 are approved in accordance with the Public Sector Internal Audit Standard 2020 Communication and Approval was reviewed and approved by the Committee;

The annual plan process, the Internal Audit Strategy, the service’s organisational independence, the resources available to complete the plan, audit techniques to be used and other sources of assurance, as covered within this report are noted.