Internal Audit & Assurance Plan 2017/18

 

Maidstone Borough Council


Introduction

1.             Internal audit is an independent and objective assurance and consulting service designed to add value and improve the Council’s work.  It helps the Council achieve its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance.

2.             Statutory authority for internal audit lies within the Accounts and Audit Regulations 2015, specifically Regulation 5:

3.             For Maidstone Borough Council, its internal auditors are Mid Kent Audit; a four-way partnership including Ashford, Maidstone, Swale and Tunbridge Wells Borough Councils. The total service spend of the four authorities (£76m in 2016/17) makes us the fourth largest provider of audit services to English District Councils.

4.             Since becoming a four-way partnership in April 2010, we have refreshed our collaboration agreement which now runs until March 2019. The agreement fixes our day-to-day supervision to a Shared Services Board including the Council’s Director of Finance & Business Improvement. Also in 2015 we were the first local authority audit service assessed by the IIA as being in full conformance with the Public Sector Internal Audit Standards (the “Standards”).

5.             The Standards set out demands on the Head of Audit Partnership on compiling a plan of work to deliver that effective internal audit service to evaluate the Council’s risk management, control and governance.  The Standards[1] include:

6.             This document sets out that plan in fulfilment of the Standards’ demands and to explain to the Committee our assessment of risk and response for 2017/18. 

7.             However, as the Standards make plain, our risk assessment and evaluation of the Council’s priorities does not end with approval of this document.  We will continue to reflect and consider our responses as the Council’s risks and priorities may change across the year. We will report a specific update to Members midway through the year. We may also consult with the Committee (or its Chairman) on any other significant changes should the need arise.

8.             We must also clarify that our audit plan cannot address all risks across the Council and represents our best use of inevitably limited resources.  In approving the plan, the Committee recognises this limit.  We will keep the Committee abreast of any changes in our assessment of need as we oversee the risks posed to the Council.  In particular we will undertake a full evaluation of need during each annual planning round.


 

Available Resources and Evaluation

9.            Based on anticipated personnel and productivity within the audit team for 2017/18 we expect to have 1,820 days available for completing audit plans across the four authorities.  This is an increase of 110 days (7%) on 2016/17 and reflects a settled team in 2017/18, a continued increase in productivity as trainees gain experience and the over-performance of management time against forecasts for 2016/17.

10.        As agreed by Shared Service Board in late 2014, the total days are allocated between the partners in line with their financial contribution to the Partnership’s costs (which are set out in our collaboration agreement).  Note that projects examining shared services are split between authorities.

Category

2016/17

2017/18

Total contracted days available

(i.e. total working days less leave entitlements)

2,435

(11.2fte)

2,521

(11.6fte)

Forecast chargeability

(i.e. %age of time spent on plan work rather than admin, training, personnel management &c)

70.2%

72.2%

Audit days available

(i.e. total days available x chargeability)

1,710

1,820

Ashford Borough Council (23%)

395

420

Maidstone Borough Council (29%)

500

530

Swale Borough Council (26%)

440

470

Tunbridge Wells Borough Council (22%)

375

400

 

11.         Therefore the total Mid Kent Audit service share to Maidstone BC in 2017/18 is 530 days an increase of 30 days from the 2016/17 level.  Guidance within the Standards sets out various factors Heads of Audit must consider when evaluating whether the resources available – in quantity and ability – are enough to fulfil responsibilities. 

12.         We present that analysis on the following page:


 

Audit Resource Evaluation 2017/18

Step

Question to consider

Response

Resource Indication

1

Did you have sufficient resource to complete your prior year plan?

Yes, anticipated fulfilment of 500 audit days (371 days, or 74% complete at end of January), including flexibility to address new areas of risk arising in year.

No change

Changes to the Organisation

2

How has the size of the organisation changed?

No significant change

No change

3

How has the complexity of the organisation changed?

Additional subsidiary company created in 2016/17 adds to business complexity but no immediate impact for extent of required internal audit coverage.

No change

4

How has the risk appetite of the organisation changed?

While not formally documented as yet, our risk work over the course of the year indicate the Council is increasingly willing to take on (or support) more ambitious projects to realise its goals.

Marginal increase in audit resource required

5

How has the risk profile of the organisation changed?

Continuing external threats such as challenging funding environment and diversifying responsibilities suggest a greater risk profile.

Marginal increase in audit resource required

6

How has the organisation’s control environment changed?

No significant new changes to control environment and continued good outcomes to financial audits.  However, note some ‘weak’ reports on broader assurance work.

Marginal increase in audit resource required

Changes to the Audit Service

7

What was the outcome of the QAIP/EQA?

Full conformance

No change

8

What changes have there been to audit professional standards and guidance?

Some minor changes on the role of CAE in broader assurance opens up possibilities, but currently accommodated within existing audit resource.

No change

9

What efficiencies have there been within the audit service?

Embedding of new audit manual during 2016/17 and continued growth in experience leading to efficiencies.  Also note we have largely cleared backlog work and so will be in a position to begin 2017/18 plan relatively early in comparison to previous years.

Less audit resource required.

 

13.         There is no definitive guidance on the level or quality of audit needed to deliver a robust internal audit opinion.  KPMG’s Audit Committee Institute Handbook – a guide aimed at Committees of FTSE250 companies – cites an average for companies with revenue of less than £400m of audit costs being 0.37% of revenue cost.

14.         Considered across the Partnership, the equivalent figure at Mid Kent Audit is around 0.52% based on total net service spend[2] across the councils of £76m.  However, a local authority offers a breadth of services compared with a listed company. We must also consider the special governance needs on public money and that – even taken together – the four authorities are at the smaller end of that scale. Therefore, we’re satisfied the benchmark suggests a reasonable audit provision.

15.         Another benchmark is to examine the levels of audit provision at similar authorities.  The chart below plots net revenue spend against number of audit days (excluding ancillary roles) on the plan for each non-metropolitan district council in South-East England.  We highlight the four Mid Kent authorities (Maidstone in orange).

Sources: Revenue from CLG returns, audit days from published IA plans

16.         While there is not a strong correlation between size and audit days (prior year audit days is the single strongest predictor), there is a general trend towards larger authorities having greater audit provision.  By that marker all four Mid Kent Authorities lie below the trendline but there are a (smaller) number of authorities who provide an audit opinion for fewer days. 

17.         In conclusion, we feel on current assessment the Audit Partnership has enough resources in both quantity and ability to deliver the audit plan and a robust overall audit opinion.

Other Assurance Work

18.        Beyond direct assurance projects, we have various responsibilities and work in supporting the Council’s governance.  These include roles in counter fraud, risk, training (for officers and Members) and other consultancy work. We consider how much of the available time we are likely to need for those tasks by anticipating known work scheduled for 2017/18 and considering results for the year.


Other Assurance Work

2016/17 Plan Days

2016/17 Outturn

(to Jan-17)

2017/18 Plan Days

Risk

40

26

40

Counter Fraud

40

35

50

Member Support

16

15

20

Follow-Up

40

26

40

Audit Planning

10

11

10

Contingency

50

137

50

Total Other Assurance Work Days

196

250

210

Days In Audit Plan

500

500

530

Days Remaining for Assurance Projects

304

250

320

 

19.        We provide more details below in turn on each area of other assurance work.

Risk


Description of current role and specific tasks in 2016/17

Anticipated role and specific tasks in 2017/18

We have responsibility for running risk management for the Council. The Deputy Head of Audit coordinates and provides operational and strategic support to officers and Members.

Further improvement of risk management and setting in processes including:

·         6 monthly reporting to PRC

·         Quarterly reporting to CLT

·         Development of a risk appetite statement

·         Refresh of the Corporate Level Risks

·         Integration of risk management into decision making

·         Delivering training, guidance

·         Project management risk improvements

Resource evaluation requirement for 2017/18

Retain 40 days in audit and assurance plan


 

Counter Fraud


Description of current role and specific tasks in 2016/17

Anticipated role and specific tasks in 2017/18

We have an active role in coordinating the Council’s response to the National Fraud Initiative, including advice on data upload, overseeing matches and reporting to management and the Cabinet Office.  We also have specific policy roles as a route for whistleblowers and money laundering reports.  In 2016/17 we have also undertaken investigations into counter fraud matters raised with us by officers.

The NFI released more than 2,000 new matches in January 2017.  Now the shared compliance team’s focus is on revenues, around a third of these matches falls to audit to examine – an extension of our previous coordination and administration role.

 

We will also in 2017/18 take a lead from the forthcoming CIPFA Counter Fraud Standards and undertake a major review and refresh across the breadth of counter fraud polices.

Resource evaluation requirement for 2017/18

Increase to 50 days in recognition of new NFI rollout and policy refresh exercise

Member Support


Description of current role and specific tasks in 2016/17

Anticipated role and specific tasks in 2017/18

We attend each Committee and present to most, including taking part in Chairman’s briefing and agenda setting meetings ahead of each Committee.

We also provide Member training and briefings on areas of Committee interest, but are open to and attended by a broad cross section of Council Members.

We will continue and expand, where possible, the range of Member briefings in 2017/18.  This may be relevant to help publicise any new or significant revisions to counter fraud policies.

Resource evaluation requirement for 2017/18

Increase to 20 days to reflect expanded Member briefing role evident in 16/17 outturn

Follow-Up


Description of current role and specific tasks in 2016/17

Anticipated role and specific tasks in 2017/18

During 2016/17 we have been tracking over 80 risk-rated audit recommendations. 

We continue to enjoy a good response from officers on implementation and do not expect any significant change in the number and range of recommendations we make.

Resource evaluation requirement for 2017/18

Retain 40 days to offset reducing number of recommendations and increasing compliance against some significant findings to review

Audit Planning


Description of current role and specific tasks in 2016/17

Anticipated role and specific tasks in 2017/18

Extensive risk assessment, review and consultation involved in putting together the annual audit plan.  Planning for individual audit projects is within the budget of each project.

As the second year in our planning cycle, the extent of risk assessment needed will reduce.

Resource evaluation requirement for 2017/18

Recognise as a separate task with 10 days in 2017/18, noting reduced scope of risk assessment.

Contingency


Description of current role and specific tasks in 2016/17

Anticipated role and specific tasks in 2017/18

Time reserved in the budget for extra tasks arising.  In 2016/17 this has included, for example:

-          extending scope of audit reviews

-          advice on procurement compliance

-          consultation on project management

-          other general advice and guidance requests.

 

This section also includes around 12 days of work for external clients, producing income in cash and kind for the Partnership of around £8k.

We have no specific projects identified in 2017/18 but we expect providing continuing support and advice to the Council’s major projects such as Mote Park Visitor Centre Development.  Should any tasks need the form of an audit project we will add them to the plan and advise the Committee.

Resource evaluation requirement for 2017/18

In line with good practice elsewhere we aim to achieve 10% contingency except where reduced by specific known and budgeted projects (as was the case in 2016/17). For 2017/18 we can restore contingency to a 10% level.

 


 

Project Risk Assessment

14.        The Standards demand we base our plan on a documented risk assessment, and consider views of senior management. We fulfil this through the process outlined:

15.        We then undertook extensive consultation with Heads of Service and Senior Management across the Council.  That consultation has produced the list of audit assurance projects detailed on the next page.


2017/18 Operational Audit Plan: Assurance Projects List

Project Title & Indicative Scope

Plan Days

Core Finance Reviews

Accounts Receivable

-          To examine system control design and operation

10

Business Rates

-          To examine system control design and operation

83

Council Tax

-          To examine system control design and operation

83

Payroll

-          To examine system control, design and operation with precise scope to be confirmed but potentially examining payroll deductions

6[3]

Procurement

-          To review compliance with contract procedure rules, and operation of and compliance with contract register

15

Governance Reviews

Complaints

-          To review compliance with complaints procedures

12

Data Protection

-          To establish compliance with the Data Protection Act 1998 and consider readiness for the General Data Protection Regulations in force from 2018

12

Emergency Planning

-          To review emergency planning arrangements and adequacy of supporting guidance

15

Information Security

-          To consider effectiveness of implementation of one (or more) new IT security policies due for issue in 2017/18

73

IT Disaster Recovery

-          To consider effectiveness across the partnership of IT backup and recovery arrangements

63

Operational Reviews

Animal Welfare Control

-          To examine controls for ensuring regulatory compliance

12

Building Control

-          To examine controls around finance and administration of discretionary fees

15

Business Terrace

-          To review operation of the terrace, including against original projections

15

Cemetery

-          To examine controls for ensuring regulatory compliance

12

Contract Management

-          To consider against a checklist of good quality contract management an overview of how contracts are managed at the authority

15

Debt Recovery Service

-          To review effectiveness of controls acting in new service

53

Food Safety

-          To examine controls working to ensure legal compliance, including operation of establishment food hygiene ratings

53

Home Improvement Grants

-          To examine administration and controls around distributing grants for home improvement (including disabled facilities grants)

12

Homelessness

-          To assess progress against homelessness strategy

15

HR Policy Compliance

-          To review effectiveness of HR policies in operation by line managers across the organisation

73

Insurance

-          To review identification and management of insurance risks and claims handling

12

Land Charges

-          To examine controls over collecting and distributing income in the shared service

53

Legal Services

-          To examine controls in operation within the legal service to ensure Lexcel compliance, including quality of monitoring data

53

Member Training

-          To review provision for Member training, especially new Member induction

12

Parking Income

-          To examine controls on collecting pay & display and pay by phone income

103

Promotion & Marketing

-          To review the Council’s promotion and marketing operations

12

Street Scene Provision

-          To examine effectiveness of provision

12

Subsidiary Company Governance

-          To review controls for ensuring good governance in the Council’s property company (from the Council’s perspective – we are not auditors of the company)

12

Workforce Planning

-          To review progress against workforce planning strategy adopted in 2016

15

Cross Authority Reviews[4]

Corporate Governance

-          To consider one or more areas in the Corporate Governance Code

62

Financial Planning

-          To consider how each authority undertakes medium to long-term financial planning and review, learning from NAO work in the area

72

Independent Review

Risk Management

-          To review effectiveness of risk management.  Review from the Head of Audit of Medway Council in exchange for Mid Kent Audit delivering Introduction to Internal Audit Training to the Medway team

0

 

2017/18 Audit & Assurance Plan: Overall Summary Maidstone BC

Work Type

Plan Days

Planned Reports

Core Financial Systems

49

5

Corporate Governance

52

5

Operational Reviews

206

19

Cross Authority & Independent Reviews

13

3

Total Project Work

320

32

Risk

40

2 (biannual to PRC)

Counter Fraud

50

n/a (in annual reporting)

Member Support

20

2 (biannual to Members)

Follow-Up

40

4 (quarterly to CLT)

Audit Planning

10

1 (annual to Members)

Contingency

50

n/a

Total Non-Project Work

210

9

Total Audit & Assurance Plan 2017/18

530

41


Beyond 2017/18 – Other Issues on Audit’s Radar

16.         During our planning and risk assessment we considered several areas where direct review was not suitable for 2017/18.  Sometimes this is because the relatively low risk allows for longer period between reviews.  In others we are aware of forthcoming changes to the service or environment that make review in 2018/19 or later more useful.  In other cases we rely on our cyclical approach to scheduling reviews which happens to omit 2017/18.

17.         The chart below shows some areas we expect to feature in planning in future years.  At the beginning of each year we will consider afresh audit resource availability and risks when considering which areas to include in our planning.  However, these are also areas we keep under review and so potentially examination could come forward if risks change.

18.         We include a full listing of areas of audit interest (the “audit universe”) in appendix A.

Delivering Audit Work

19.         The risk-based approach taken to forming the plan integrates with our approach to individual projects.  Besides any specific objectives agreed with the audit sponsor when drawing up the audit scope, each project considers the strategies, risks and objectives relevant to the service area under review.  This includes identifying, and agreeing with management, suitable evaluation criteria to judge how well an area performs.

20.         We will conduct each review in line with our standard audit method aligned to the Standards.  Our Audit Charter sets out roles and responsibilities for successful delivery of audit projects.  Members of this Committee approved the Charter in March 2016.

21.         Each review results in an assurance rated report, giving our view on whether the particular area is performing effectively.  We will keep these rating levels consistent with our reviewed approach adopted first in 2014/15.  We include details of the assurance levels in this report at appendix C.

22.         We will also, where fitting, make recommendations for improvement.  We grade our recommendations as set out in appendix C and follow them up when due for action.  Where we find officers have not acted on a recommendations and so left the Council at risk we report first to the Corporate Leadership Team.  Also, the Audit, Governance and Standards Committee may demand that Senior Managers responsible for services that consistently fail to address audit recommendations attend to provide further explanation to Members.

23.         Our plan also recognises the broader assurance work we deliver using our experience and expertise to aid the Council in pursuit of its priorities. We undertake this work in line with the arrangements set out in the Charter, in particular with those safeguards aimed at preserving our independence and objectivity.

24.         Typically, our broader assurance work will not result in an assurance graded report but rather an alternative format relevant to the engagement agreed with the work’s sponsor.  In any event, we will tell the Committee results of other assurance work through our interim and year end reports.


 

Monitoring Delivery

25.         We undertake our audit work against our standard audit approach, assessed in our EQA as consistent with the Standards.  Also we adhere to the IIA’s Code of Ethics and the roles and responsibilities set out in the Charter.

26.         As part of this approach we are careful to ensure the quality and consistency of our work.  With individual audit projects, each undergoes internal review focusing on each stage from compilation of the original brief, through completion of fieldwork and last our reporting.

27.         We undertake broader quality assurance of our work as detailed in our annual reports which include a full self-assessment against the Standards.

28.         The Audit Shared Service Board also oversees our work each quarter. Mark Green is Maidstone’s representative on the Board.  The Board receives performance and financial reports on the progress of the service.  This includes the set of performance indicators noted below, and we also report results to the Committee twice a year.

29.         We also continue to develop and strengthen the professional expertise and experience of our audit team.  In 2017/18 we will have four members of the team studying for professional qualifications to add to the nine already held across the team.  We include more details about the audit team and the work to support and their development within appendix B.

Performance Indicator Set 2017/18

-          Cost per audit day

-          % Satisfied with assurance

-          % Projects completed on budget

-          % Final reports on time

-          % Chargeable days

-          % Satisfied with auditor conduct

-          PSIAS conformance

-          % Implemented recommendations

-          % Projects completed on time

-          % Exam success

-          % Draft reports on time

-          % Satisfaction with auditor skill


 

Appendix A: Audit Universe

The table below sets out, in headline, the “audit universe”, comprising the recurring range of areas of potential examination by internal audit at Maidstone BC.  The review areas noted will have specific scopes beneath which cover a broad and shifting range of specific topics.  For example a “payroll” review may examine statutory deductions in one year, starter and leaver procedures in another, expenses and special payments in another and so on.  So the scope of the audit may be broader or narrower than suggested by the title alone. 

The table includes only the assurance rated reviews where we reported results to Members.  It therefore excludes our advice, consultancy and follow-up work. 

Last, the table excludes assurance work undertaken as one-off exercises where we do not expect a repeat review in the near to medium term.

A final note that in 2014/15 we changed our assurance ratings to the scheme detailed at Appendix C.  Previously, our scale ran (from greatest to least assurance): High – Substantial – Limited – No Assurance.  Although there are important differences in the detailed definitions, as a broad analogy these map to our current scale so we have employed a consistent colour scheme between the two scales.


Review Area

Last Reported: Date

Last Reported: Rating

Planned Next Review

Notes

Street Cleaning

2010/11

Substantial

2017/18

 

Insurance

2011/12

High

2017/18

 

Complaints

2012/13

Substantial

2017/18

 

IT Disaster Recovery

2012/13

Substantial

2017/18

Not assessed since operating as a shared service

Car Parking

2013/14

Substantial

2017/18

 

Food Safety

2013/14

Substantial

2017/18

 

Housing Grants

2013/14

Substantial

2017/18

 

Property Income

2013/14

Substantial

2017/18

 

Communications

2014/15

Sound

2017/18

 

Data Protection

2014/15

Weak

2017/18

Also subject to follow up through 2015/16

Debtors

2014/15

Substantial

2017/18

 

Emergency Planning

2014/15

Weak

2017/18

Also subject to follow up through 2015/16

Budget Management

2015/16

Sound

2017/18

 

Business Rates

2015/16

Strong

2017/18

 

Council Tax

2015/16

Sound

2017/18

 

Homelessness

2015/16

Sound

2017/18

 

Planning Support

2015/16

N/A

2017/18

 

Procurement

2015/16

Sound

2017/18

 

Bereavement Services

2016/17

tbc

2017/18

 

Building Control

2016/17

tbc

2017/18

 

Corporate Governance

2016/17

N/A

2017/18

 

ICT Network Controls

2016/17

Strong

2017/18

 

Payroll

2016/17

tbc

2017/18

 

Animal Welfare

 

 

2017/18

First review as discrete area

Contract Management

 

 

2017/18

Individual contracts reviewed previously, first systemic review

Debt Recovery

 

 

2017/18

New service established 2016

Democratic Services

 

 

2017/18

First review as discrete area

Economic Development

 

 

2017/18

Individual projects assessed, previously

HR Policy Compliance

 

 

2017/18

First review as discrete area

Land Charges

 

 

2017/18

First review as discrete area

Legal Services

 

 

2017/18

Not previously assessed as a shared service

Risk Management

 

 

2017/18

2017/18 will be independent review given change to MKA role

Subsidiary Companies

 

 

2017/18

Timing dependent on extent of company activity, may be revised

Sports Development

2009/10

Substantial

2018/19

 

Development Control

2012/13

Substantial

2018/19

 

Housing

2012/13

Substantial

2018/19

Will monitor Preventing Homelessness Bill, may bring review forward

Spatial Planning

2012/13

Substantial

2018/19

 

Cash Collection

2013/14

High

2018/19

Cash collection diminishing part of income, consider bringing review forward depending on income system implementation timing

CCTV

2013/14

Substantial

2018/19

 

Equalities

2013/14

Substantial

2018/19

 

Markets

2013/14

Substantial

2018/19

 

Museum

2013/14

Limited

2018/19

 

Project Management

2013/14

Substantial

2018/19

Individual projects reviewed (as assurance and consultancy) since methodology review

Business Continuity

2014/15

Weak

2018/19

 

Recruitment

2014/15

Substantial

2018/19

 

Waste Collection

2014/15

Sound

2018/19

 

Licensing

2015/16

Sound

2018/19

During interim will be seeking some reliance on work of Sevenoaks DC audit team

Members’ Allowances

2015/16

Sound

2018/19

 

Safeguarding

2015/16

Weak

2018/19

 

Café Management

2016/17

Weak

2018/19

Pending operational decisions on café management

Creditors

2016/17

tbc

2018/19

 

Discretionary Housing Payments

2016/17

Sound

2018/19

Potential expansion of future review into CTS hardship scheme

General Ledger

2016/17

tbc

2018/19

 

Hazlitt Theatre

2016/17

Weak

2018/19

 

Health & Safety

2016/17

Weak

2018/19

 

Housing Benefits

2016/17

Sound

2018/19

 

Performance Management

2016/17

tbc

2018/19

 

Section 106 Agreements

2016/17

Weak

2018/19

 

Treasury Management

2016/17

Sound

2018/19

 

IT Development & Procurement

 

 

2018/19

Considered previously as part of general reviews and planned for 2016/17, postponed and replaced with consultancy on 2017/18 as approach changes

Planning Support

 

 

2018/19

First review as shared service

Cobtree Golf Course

2010/11

Substantial

2019/20

 

Parks Income

2011/12

Substantial

2019/20

 

Tourism

2012/13

Substantial

2019/20

 

Banking

2014/15

Sound

2019/20

 

Credit Cards

2014/15

Sound

2019/20

 

Register of Interests

2014/15

Weak

2019/20

 

VAT Management

2014/15

Sound

2019/20

 

Grounds Maintenance

2015/16

Sound

2019/20

 

Community Safety

2016/17

Sound

2019/20

 

ICT Support

2016/17

N/A

2019/20

 

Learning & Development

2016/17

Sound

2019/20

 

Public Health

2016/17

tbc

2019/20

 

Residents’ Parking

2016/17

tbc

2019/20

 

Leisure Centre

2015/16

Sound

2020/21

 

Customer Services

2016/17

Strong

2020/21

 

Elections

2016/17

Sound

2020/21

Arrange timing around 2020 GE

Environmental Enforcement

2016/17

Sound

2020/21

 

Facilities Management

2016/17

Sound

2020/21

 

Freedom of Information

2016/17

tbc

2020/21

May move date depending on developments in law

Public Conveniences

2016/17

Sound

2020/21

May move date depending on contract arrangements

 

 

 


 

Appendix B: Team Biographies

Management

Rich Clarke CPFA ACFS (Head of Audit Partnership): Rich became head of the audit partnership in April 2014 joining from KPMG. At KPMG he had various internal and external audit clients across the public sector including LB Islington, Woking BC, East Kent Hospitals University NHS Trust, the Foreign and Commonwealth Office and the Civil Aviation Authority.  Rich is a Chartered Accountant (CPFA) and during 2015 undertook and passed further study to become an Accredited Counter Fraud Specialist (ACFS).  Rich is also UK Local Government representative on the Internal Audit Standards Advisory Board, the body charged with updating the Public Sector Internal Audit Standards.  In 2016 Rich also began ancillary work as a CIPFA associate, delivering training on CIPFA’s behalf across the country on managing and improving internal audit teams.  In addition, Rich is Chairman of the Kent Audit Group and an Executive Board Member of the London Audit Group, both groups comprising Heads of Audit from across the public sector.

Russell Heppleston CMIIA (Deputy Head of Audit Partnership): Russell started working for the Maidstone / Ashford partnership in November 2005, and continued his role as Auditor for the Mid Kent Audit Service on its creation in 2010.  He progressed through professional qualifications with the Institute of Internal Auditors (IIA) to achieve both Practitioner and Chartered member status. Russell became Audit Manager for Swale and Maidstone in 2013, and later Deputy Head of Audit Partnership in the 2015 restructure.  Russell is studying the International Diploma of Risk Management with the Institute of Risk Management.

Frankie Smith CMIIA (Audit Manager – Swale & Tunbridge Wells): Frankie Smith has worked in internal audit for 16 years, starting as an auditor at Maidstone Borough Council.  During this time Frankie has completed audits at Ashford, Maidstone, Swale and Tunbridge Wells.  Frankie achieved Chartered Auditor (CMIIA) status in August 2015 and became that same month Audit Manager at Swale and Tunbridge Wells.

Alison Blake ACCA, CIRM (Audit Manager – Ashford & Maidstone): Alison joined the internal audit partnership in 2012 and took on the role of Audit Manager in January 2016.  Before this Alison worked for South Coast Audit for 7 years where she undertook internal audit work across various NHS clients in East Kent. During Alison’s career she has completed a wide range of audit work with the aim of supporting the in achieving their objectives and the objectives of the organisation as a whole.   In 2014 Alison achieved the Certificate qualification from the Institute of Risk Management.

Senior Auditors

Mark Goodwin ACFT (Senior Auditor): Mark joined Ashford Borough Council in January 1999 having previously worked at Maidstone Borough Council in an audit role.  He was a founder member of the Ashford and Maidstone Internal Audit Partnership before this developed into the four-way Mid Kent Audit Partnership in April 2010.  He is an experienced auditor who has audited extensively the full range of council services across various local authorities.  Mark achieved the Accredited Counter Fraud Technician (ACFT) designation from CIPFA in March 2016.

Claire Walker (Senior Auditor): Claire joined the audit partnership in September 2010, and has wide experience in various areas.  These include Local and Central Government, Arts, Broadcasting, Financial Services, NGOs and Not for Profit Sector, also Lottery Fund distribution and associated grant making programmes.  Claire delivered some training and mentoring projects for the FCO, DFID and the World Bank as well as work on European Social Fund projects.  Within Local Government Claire has undertaken a wide range of audits with a focus on legal compliance, contracts and governance arrangements.  Other audit experience covers outsourcing functions, due diligence, and fraud investigations. 

Jo Herrington PIIA CIA (Senior Auditor): Jo joined the audit partnership on 30 September 2013. Before this Jo worked for Gravesham BC for nearly nine years where she gained experience of working in the Finance department and the Revenues department before settling in the Internal Audit team in September 2009. As part of the Internal Audit team she gained broad experience conducting audit reviews, as well as involvement in working groups across the authority. Jo became Senior Auditor in 2015 and has since gained qualifications as a Practitioner of the Institute of Internal Auditors (PIIA) in October 2015 and as a Certified Internal Auditor (CIA) in June 2016.

Jen Warrillow PIIA (Senior Auditor): Jen joined Mid Kent Audit in September 2013 from Kent County Council where she trained as an Internal Auditor.  She undertook a wide range of audits including financial, governance and grant funding internally for the Council and externally for Parish Councils. Jen was previously an investigator at Swale BC and then moved on to Tonbridge & Malling BC.  Having recently returned from maternity leave, she is now studying to become a Chartered Member of the Institute of Internal Auditors. Jen became a Senior Auditor in 2015. 


 

Auditors

Paul Goodwin AAT (Auditor): Paul started with Tunbridge Wells Borough Council over 25 years ago, and has since worked mainly in Internal Audit. Paul is a qualified Accounting Technician.

Andy Billingham (Auditor): Andy joined the Partnership in December 2015.  He had previously worked for Swale Borough Council for 10 years within the Revenues and Benefits department. During this time, he gained extensive knowledge of local government, dealt with complex disputes and represented the authority at Tribunals.  Andy holds a degree in History as well as an Institute of Revenue Rating and Valuation qualification.  He is studying towards the Certified Internal Auditor (CIA) qualification.

Trainee Auditors

Ben Davis (Trainee Auditor): Ben joined the team in March 2015 as a trainee auditor.  He holds a degree in Modern History from UEA and has previous experience in finance teams in the private and voluntary sectors.  Ben began training towards achieving a professional qualification through the Chartered Institute of Public Finance and Accountancy (CIPFA) and has progressed successfully through the qualification.  He aims to achieve the full professional qualification in mid 2018.

Louise Taylor (Trainee Auditor): Louise joined the team in November 2015 as audit team administrator and became a trainee auditor in August 2016.  Louise had previously worked in the Planning department of Maidstone Borough Council and has extensive experience working with local authorities.  In early 2017 Louise began training to become a Certified Internal Auditor (CIA) with the Institute of Internal Auditors (IIA).  She also holds an MA in Planning, Policy and Practice and a degree in Human Geography.

 

The Audit Team Administrator role is vacant but we plan to recruit in April 2017.

 


 

Appendix C: Assurance & Recommendation Ratings

Assurance Ratings 2017/18 (unchanged since 2014/15)

Full Definition

Short Description

Strong – Controls within the service are well designed and operating as intended, exposing the service to no uncontrolled risk.  There will also often be elements of good practice or value for money efficiencies which may be instructive to other authorities.  Reports with this rating will have few, if any, recommendations and those will generally be priority 4.

Service/system is performing well

Sound – Controls within the service are generally well designed and operated but there are some opportunities for improvement, particularly with regard to efficiency or to address less significant uncontrolled operational risks.  Reports with this rating will have some priority 3 and 4 recommendations, and occasionally priority 2 recommendations where they do not speak to core elements of the service.

Service/system is operating effectively

WeakControls within the service have deficiencies in their design and/or operation that leave it exposed to uncontrolled operational risk and/or failure to achieve key service aims.  Reports with this rating will have mainly priority 2 and 3 recommendations which will often describe weaknesses with core elements of the service.

Service/system requires support to consistently operate effectively

Poor – Controls within the service are deficient to the extent that the service is exposed to actual failure or significant risk and these failures and risks are likely to affect the Council as a whole. Reports with this rating will have priority 1 and/or a range of priority 2 recommendations which, taken together, will or are preventing from achieving its core objectives.

Service/system is not operating effectively

 


Recommendation Ratings 2017/18 (unchanged since 2014/15)

Priority 1 (Critical) To address a finding which affects (negatively) the risk rating assigned to a Council strategic risk or seriously impairs its ability to achieve a key priority.  Priority 1 recommendations are likely to require immediate remedial action.  Priority 1 recommendations also describe actions the authority must take without delay.

Priority 2 (High) – To address a finding which impacts a strategic risk or key priority, which makes achievement of the Council’s aims more challenging but not necessarily cause severe impediment.  This would also normally be the priority assigned to recommendations that address a finding that the Council is in (actual or potential) breach of a legal responsibility, unless the consequences of non-compliance are severe. Priority 2 recommendations are likely to require remedial action at the next available opportunity, or as soon as is practical.  Priority 2 recommendations also describe actions the authority must take.

Priority 3 (Medium) – To address a finding where the Council is in (actual or potential) breach of its own policy or a less prominent legal responsibility but does not impact directly on a strategic risk or key priority.  There will often be mitigating controls that, at least to some extent, limit impact.  Priority 3 recommendations are likely to require remedial action within six months to a year.  Priority 3 recommendations describe actions the authority should take.

Priority 4 (Low) – To address a finding where the Council is in (actual or potential) breach of its own policy but no legal responsibility and where there is trivial, if any, impact on strategic risks or key priorities.  There will usually be mitigating controls to limit impact.  Priority 4 recommendations are likely to require remedial action within the year.  Priority 4 recommendations generally describe actions the authority could take.

Advisory – We will include in the report notes drawn from our experience across the partner authorities where the service has opportunities to improve.  These will be included for the service to consider and not be subject to formal follow up process.

 



[1] As described in the Audit Charter, at the Council “Chief Audit Executive” in the Standards is the Head of Audit Partnership.  “Board” is the Audit, Governance & Standards Committee.  “Senior Management” is the Council’s Corporate Leadership Team.

[2] We’ve used net service spend rather than gross to remove large bulk costs such as Housing Benefits which are (largely but not entirely) reimbursed by Government and have separate certification arrangements.

[3] Shared service with other authority/ies.  Maidstone BC contribution to audit budget only.

[4] Reviews not of shared services, but parallel reviews of similar work undertaken at two or more authorities resulting in a single output report