Internal Audit & Assurance Plan 2017/18
Maidstone Borough Council
Introduction
1. Internal audit is an independent and objective assurance and consulting service designed to add value and improve the Council’s work. It helps the Council achieve its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance.
2. Statutory authority for internal audit lies within the Accounts and Audit Regulations 2015, specifically Regulation 5:
3. For Maidstone Borough Council, its internal auditors are Mid Kent Audit; a four-way partnership including Ashford, Maidstone, Swale and Tunbridge Wells Borough Councils. The total service spend of the four authorities (£76m in 2016/17) makes us the fourth largest provider of audit services to English District Councils.
4. Since becoming a four-way partnership in April 2010, we have refreshed our collaboration agreement which now runs until March 2019. The agreement fixes our day-to-day supervision to a Shared Services Board including the Council’s Director of Finance & Business Improvement. Also in 2015 we were the first local authority audit service assessed by the IIA as being in full conformance with the Public Sector Internal Audit Standards (the “Standards”).
5. The Standards set out demands on the Head of Audit Partnership on compiling a plan of work to deliver that effective internal audit service to evaluate the Council’s risk management, control and governance. The Standards[1] include:
6. This document sets out that plan in fulfilment of the Standards’ demands and to explain to the Committee our assessment of risk and response for 2017/18.
7. However, as the Standards make plain, our risk assessment and evaluation of the Council’s priorities does not end with approval of this document. We will continue to reflect and consider our responses as the Council’s risks and priorities may change across the year. We will report a specific update to Members midway through the year. We may also consult with the Committee (or its Chairman) on any other significant changes should the need arise.
8. We must also clarify that our audit plan cannot address all risks across the Council and represents our best use of inevitably limited resources. In approving the plan, the Committee recognises this limit. We will keep the Committee abreast of any changes in our assessment of need as we oversee the risks posed to the Council. In particular we will undertake a full evaluation of need during each annual planning round.
Available Resources and Evaluation
9. Based on anticipated personnel and productivity within the audit team for 2017/18 we expect to have 1,820 days available for completing audit plans across the four authorities. This is an increase of 110 days (7%) on 2016/17 and reflects a settled team in 2017/18, a continued increase in productivity as trainees gain experience and the over-performance of management time against forecasts for 2016/17.
10. As agreed by Shared Service Board in late 2014, the total days are allocated between the partners in line with their financial contribution to the Partnership’s costs (which are set out in our collaboration agreement). Note that projects examining shared services are split between authorities.
Category |
2016/17 |
2017/18 |
Total contracted days available (i.e. total working days less leave entitlements) |
2,435 (11.2fte) |
2,521 (11.6fte) |
Forecast chargeability (i.e. %age of time spent on plan work rather than admin, training, personnel management &c) |
70.2% |
72.2% |
Audit days available (i.e. total days available x chargeability) |
1,710 |
1,820 |
Ashford Borough Council (23%) |
395 |
420 |
Maidstone Borough Council (29%) |
500 |
530 |
Swale Borough Council (26%) |
440 |
470 |
Tunbridge Wells Borough Council (22%) |
375 |
400 |
11. Therefore the total Mid Kent Audit service share to Maidstone BC in 2017/18 is 530 days an increase of 30 days from the 2016/17 level. Guidance within the Standards sets out various factors Heads of Audit must consider when evaluating whether the resources available – in quantity and ability – are enough to fulfil responsibilities.
12. We present that analysis on the following page:
Audit Resource Evaluation 2017/18 |
|||
Step |
Question to consider |
Response |
Resource Indication |
1 |
Did you have sufficient resource to complete your prior year plan? |
Yes, anticipated fulfilment of 500 audit days (371 days, or 74% complete at end of January), including flexibility to address new areas of risk arising in year. |
No change |
Changes to the Organisation |
|||
2 |
How has the size of the organisation changed? |
No significant change |
No change |
3 |
How has the complexity of the organisation changed? |
Additional subsidiary company created in 2016/17 adds to business complexity but no immediate impact for extent of required internal audit coverage. |
No change |
4 |
How has the risk appetite of the organisation changed? |
While not formally documented as yet, our risk work over the course of the year indicate the Council is increasingly willing to take on (or support) more ambitious projects to realise its goals. |
Marginal increase in audit resource required |
5 |
How has the risk profile of the organisation changed? |
Continuing external threats such as challenging funding environment and diversifying responsibilities suggest a greater risk profile. |
Marginal increase in audit resource required |
6 |
How has the organisation’s control environment changed? |
No significant new changes to control environment and continued good outcomes to financial audits. However, note some ‘weak’ reports on broader assurance work. |
Marginal increase in audit resource required |
Changes to the Audit Service |
|||
7 |
What was the outcome of the QAIP/EQA? |
Full conformance |
No change |
8 |
What changes have there been to audit professional standards and guidance? |
Some minor changes on the role of CAE in broader assurance opens up possibilities, but currently accommodated within existing audit resource. |
No change |
9 |
What efficiencies have there been within the audit service? |
Embedding of new audit manual during 2016/17 and continued growth in experience leading to efficiencies. Also note we have largely cleared backlog work and so will be in a position to begin 2017/18 plan relatively early in comparison to previous years. |
Less audit resource required. |
13. There is no definitive guidance on the level or quality of audit needed to deliver a robust internal audit opinion. KPMG’s Audit Committee Institute Handbook – a guide aimed at Committees of FTSE250 companies – cites an average for companies with revenue of less than £400m of audit costs being 0.37% of revenue cost.
14. Considered across the Partnership, the equivalent figure at Mid Kent Audit is around 0.52% based on total net service spend[2] across the councils of £76m. However, a local authority offers a breadth of services compared with a listed company. We must also consider the special governance needs on public money and that – even taken together – the four authorities are at the smaller end of that scale. Therefore, we’re satisfied the benchmark suggests a reasonable audit provision.
15. Another benchmark is to examine the levels of audit provision at similar authorities. The chart below plots net revenue spend against number of audit days (excluding ancillary roles) on the plan for each non-metropolitan district council in South-East England. We highlight the four Mid Kent authorities (Maidstone in orange).
Sources: Revenue from CLG returns, audit days from published IA plans
16. While there is not a strong correlation between size and audit days (prior year audit days is the single strongest predictor), there is a general trend towards larger authorities having greater audit provision. By that marker all four Mid Kent Authorities lie below the trendline but there are a (smaller) number of authorities who provide an audit opinion for fewer days.
17.
In conclusion, we
feel on current assessment the Audit Partnership has enough resources in both
quantity and ability to deliver the audit plan and a robust overall audit
opinion.
Other Assurance Work
18. Beyond direct assurance projects, we have various responsibilities and work in supporting the Council’s governance. These include roles in counter fraud, risk, training (for officers and Members) and other consultancy work. We consider how much of the available time we are likely to need for those tasks by anticipating known work scheduled for 2017/18 and considering results for the year.
Other Assurance Work |
2016/17 Plan Days |
2016/17 Outturn (to Jan-17) |
2017/18 Plan Days |
Risk |
40 |
26 |
40 |
Counter Fraud |
40 |
35 |
50 |
Member Support |
16 |
15 |
20 |
Follow-Up |
40 |
26 |
40 |
Audit Planning |
10 |
11 |
10 |
Contingency |
50 |
137 |
50 |
Total Other Assurance Work Days |
196 |
250 |
210 |
Days In Audit Plan |
500 |
500 |
530 |
Days Remaining for Assurance Projects |
304 |
250 |
320 |
19. We provide more details below in turn on each area of other assurance work.
Risk
Description of current role and specific tasks in 2016/17 |
Anticipated role and specific tasks in 2017/18 |
We have responsibility for running risk management for the Council. The Deputy Head of Audit coordinates and provides operational and strategic support to officers and Members. |
Further improvement of risk management and setting in processes including: · 6 monthly reporting to PRC · Quarterly reporting to CLT · Development of a risk appetite statement · Refresh of the Corporate Level Risks · Integration of risk management into decision making · Delivering training, guidance · Project management risk improvements |
Resource evaluation requirement for 2017/18 |
Retain 40 days in audit and assurance plan |
Counter Fraud
Description of current role and specific tasks in 2016/17 |
Anticipated role and specific tasks in 2017/18 |
We have an active role in coordinating the Council’s response to the National Fraud Initiative, including advice on data upload, overseeing matches and reporting to management and the Cabinet Office. We also have specific policy roles as a route for whistleblowers and money laundering reports. In 2016/17 we have also undertaken investigations into counter fraud matters raised with us by officers. |
The NFI released more than 2,000 new matches in January 2017. Now the shared compliance team’s focus is on revenues, around a third of these matches falls to audit to examine – an extension of our previous coordination and administration role.
We will also in 2017/18 take a lead from the forthcoming CIPFA Counter Fraud Standards and undertake a major review and refresh across the breadth of counter fraud polices. |
Resource evaluation requirement for 2017/18 |
Increase to 50 days in recognition of new NFI rollout and policy refresh exercise |
Member Support
Description of current role and specific tasks in 2016/17 |
Anticipated role and specific tasks in 2017/18 |
We attend each Committee and present to most, including taking part in Chairman’s briefing and agenda setting meetings ahead of each Committee. We also provide Member training and briefings on areas of Committee interest, but are open to and attended by a broad cross section of Council Members. |
We will continue and expand, where possible, the range of Member briefings in 2017/18. This may be relevant to help publicise any new or significant revisions to counter fraud policies. |
Resource evaluation requirement for 2017/18 |
Increase to 20 days to reflect expanded Member briefing role evident in 16/17 outturn |
Follow-Up
Description of current role and specific tasks in 2016/17 |
Anticipated role and specific tasks in 2017/18 |
During 2016/17 we have been tracking over 80 risk-rated audit recommendations. |
We continue to enjoy a good response from officers on implementation and do not expect any significant change in the number and range of recommendations we make. |
Resource evaluation requirement for 2017/18 |
Retain 40 days to offset reducing number of recommendations and increasing compliance against some significant findings to review |
Audit Planning
Description of current role and specific tasks in 2016/17 |
Anticipated role and specific tasks in 2017/18 |
Extensive risk assessment, review and consultation involved in putting together the annual audit plan. Planning for individual audit projects is within the budget of each project. |
As the second year in our planning cycle, the extent of risk assessment needed will reduce. |
Resource evaluation requirement for 2017/18 |
Recognise as a separate task with 10 days in 2017/18, noting reduced scope of risk assessment. |
Contingency
Description of current role and specific tasks in 2016/17 |
Anticipated role and specific tasks in 2017/18 |
Time reserved in the budget for extra tasks arising. In 2016/17 this has included, for example: - extending scope of audit reviews - advice on procurement compliance - consultation on project management - other general advice and guidance requests.
This section also includes around 12 days of work for external clients, producing income in cash and kind for the Partnership of around £8k. |
We have no specific projects identified in 2017/18 but we expect providing continuing support and advice to the Council’s major projects such as Mote Park Visitor Centre Development. Should any tasks need the form of an audit project we will add them to the plan and advise the Committee. |
Resource evaluation requirement for 2017/18 |
In line with good practice elsewhere we aim to achieve 10% contingency except where reduced by specific known and budgeted projects (as was the case in 2016/17). For 2017/18 we can restore contingency to a 10% level. |
Project Risk Assessment
14. The Standards demand we base our plan on a documented risk assessment, and consider views of senior management. We fulfil this through the process outlined:
15. We then undertook extensive consultation with Heads of Service and Senior Management across the Council. That consultation has produced the list of audit assurance projects detailed on the next page.
2017/18 Operational Audit Plan: Assurance Projects List
Project Title & Indicative Scope |
Plan Days |
Core Finance Reviews |
|
Accounts Receivable - To examine system control design and operation |
10 |
Business Rates - To examine system control design and operation |
83 |
Council Tax - To examine system control design and operation |
83 |
Payroll - To examine system control, design and operation with precise scope to be confirmed but potentially examining payroll deductions |
6[3] |
Procurement - To review compliance with contract procedure rules, and operation of and compliance with contract register |
15 |
Governance Reviews |
|
Complaints - To review compliance with complaints procedures |
12 |
Data Protection - To establish compliance with the Data Protection Act 1998 and consider readiness for the General Data Protection Regulations in force from 2018 |
12 |
Emergency Planning - To review emergency planning arrangements and adequacy of supporting guidance |
15 |
Information Security - To consider effectiveness of implementation of one (or more) new IT security policies due for issue in 2017/18 |
73 |
IT Disaster Recovery - To consider effectiveness across the partnership of IT backup and recovery arrangements |
63 |
Operational Reviews |
|
Animal Welfare Control - To examine controls for ensuring regulatory compliance |
12 |
Building Control - To examine controls around finance and administration of discretionary fees |
15 |
Business Terrace - To review operation of the terrace, including against original projections |
15 |
Cemetery - To examine controls for ensuring regulatory compliance |
12 |
Contract Management - To consider against a checklist of good quality contract management an overview of how contracts are managed at the authority |
15 |
Debt Recovery Service - To review effectiveness of controls acting in new service |
53 |
Food Safety - To examine controls working to ensure legal compliance, including operation of establishment food hygiene ratings |
53 |
Home Improvement Grants - To examine administration and controls around distributing grants for home improvement (including disabled facilities grants) |
12 |
Homelessness - To assess progress against homelessness strategy |
15 |
HR Policy Compliance - To review effectiveness of HR policies in operation by line managers across the organisation |
73 |
Insurance - To review identification and management of insurance risks and claims handling |
12 |
Land Charges - To examine controls over collecting and distributing income in the shared service |
53 |
Legal Services - To examine controls in operation within the legal service to ensure Lexcel compliance, including quality of monitoring data |
53 |
Member Training - To review provision for Member training, especially new Member induction |
12 |
Parking Income - To examine controls on collecting pay & display and pay by phone income |
103 |
Promotion & Marketing - To review the Council’s promotion and marketing operations |
12 |
Street Scene Provision - To examine effectiveness of provision |
12 |
Subsidiary Company Governance - To review controls for ensuring good governance in the Council’s property company (from the Council’s perspective – we are not auditors of the company) |
12 |
Workforce Planning - To review progress against workforce planning strategy adopted in 2016 |
15 |
Cross Authority Reviews[4] |
|
Corporate Governance - To consider one or more areas in the Corporate Governance Code |
62 |
Financial Planning - To consider how each authority undertakes medium to long-term financial planning and review, learning from NAO work in the area |
72 |
Independent Review |
|
Risk Management - To review effectiveness of risk management. Review from the Head of Audit of Medway Council in exchange for Mid Kent Audit delivering Introduction to Internal Audit Training to the Medway team |
0 |
2017/18 Audit & Assurance Plan: Overall Summary Maidstone BC
Work Type |
Plan Days |
Planned Reports |
Core Financial Systems |
49 |
5 |
Corporate Governance |
52 |
5 |
Operational Reviews |
206 |
19 |
Cross Authority & Independent Reviews |
13 |
3 |
Total Project Work |
320 |
32 |
Risk |
40 |
2 (biannual to PRC) |
Counter Fraud |
50 |
n/a (in annual reporting) |
Member Support |
20 |
2 (biannual to Members) |
Follow-Up |
40 |
4 (quarterly to CLT) |
Audit Planning |
10 |
1 (annual to Members) |
Contingency |
50 |
n/a |
Total Non-Project Work |
210 |
9 |
Total Audit & Assurance Plan 2017/18 |
530 |
41 |
Beyond 2017/18 – Other Issues on Audit’s Radar
16. During our planning and risk assessment we considered several areas where direct review was not suitable for 2017/18. Sometimes this is because the relatively low risk allows for longer period between reviews. In others we are aware of forthcoming changes to the service or environment that make review in 2018/19 or later more useful. In other cases we rely on our cyclical approach to scheduling reviews which happens to omit 2017/18.
17. The chart below shows some areas we expect to feature in planning in future years. At the beginning of each year we will consider afresh audit resource availability and risks when considering which areas to include in our planning. However, these are also areas we keep under review and so potentially examination could come forward if risks change.
18.
We include a full
listing of areas of audit interest (the “audit universe”) in appendix A.
Delivering Audit Work
19. The risk-based approach taken to forming the plan integrates with our approach to individual projects. Besides any specific objectives agreed with the audit sponsor when drawing up the audit scope, each project considers the strategies, risks and objectives relevant to the service area under review. This includes identifying, and agreeing with management, suitable evaluation criteria to judge how well an area performs.
20. We will conduct each review in line with our standard audit method aligned to the Standards. Our Audit Charter sets out roles and responsibilities for successful delivery of audit projects. Members of this Committee approved the Charter in March 2016.
21. Each review results in an assurance rated report, giving our view on whether the particular area is performing effectively. We will keep these rating levels consistent with our reviewed approach adopted first in 2014/15. We include details of the assurance levels in this report at appendix C.
22. We will also, where fitting, make recommendations for improvement. We grade our recommendations as set out in appendix C and follow them up when due for action. Where we find officers have not acted on a recommendations and so left the Council at risk we report first to the Corporate Leadership Team. Also, the Audit, Governance and Standards Committee may demand that Senior Managers responsible for services that consistently fail to address audit recommendations attend to provide further explanation to Members.
23. Our plan also recognises the broader assurance work we deliver using our experience and expertise to aid the Council in pursuit of its priorities. We undertake this work in line with the arrangements set out in the Charter, in particular with those safeguards aimed at preserving our independence and objectivity.
24. Typically, our broader assurance work will not result in an assurance graded report but rather an alternative format relevant to the engagement agreed with the work’s sponsor. In any event, we will tell the Committee results of other assurance work through our interim and year end reports.
Monitoring Delivery
25. We undertake our audit work against our standard audit approach, assessed in our EQA as consistent with the Standards. Also we adhere to the IIA’s Code of Ethics and the roles and responsibilities set out in the Charter.
26. As part of this approach we are careful to ensure the quality and consistency of our work. With individual audit projects, each undergoes internal review focusing on each stage from compilation of the original brief, through completion of fieldwork and last our reporting.
27. We undertake broader quality assurance of our work as detailed in our annual reports which include a full self-assessment against the Standards.
28. The Audit Shared Service Board also oversees our work each quarter. Mark Green is Maidstone’s representative on the Board. The Board receives performance and financial reports on the progress of the service. This includes the set of performance indicators noted below, and we also report results to the Committee twice a year.
29. We also continue to develop and strengthen the professional expertise and experience of our audit team. In 2017/18 we will have four members of the team studying for professional qualifications to add to the nine already held across the team. We include more details about the audit team and the work to support and their development within appendix B.
Performance Indicator Set 2017/18
- Cost per audit day |
- % Satisfied with assurance |
- % Projects completed on budget |
- % Final reports on time |
- % Chargeable days |
- % Satisfied with auditor conduct |
- PSIAS conformance |
- % Implemented recommendations |
- % Projects completed on time |
- % Exam success |
- % Draft reports on time |
- % Satisfaction with auditor skill |
Appendix A: Audit Universe
The table below sets out, in headline, the “audit universe”, comprising the recurring range of areas of potential examination by internal audit at Maidstone BC. The review areas noted will have specific scopes beneath which cover a broad and shifting range of specific topics. For example a “payroll” review may examine statutory deductions in one year, starter and leaver procedures in another, expenses and special payments in another and so on. So the scope of the audit may be broader or narrower than suggested by the title alone.
The table includes only the assurance rated reviews where we reported results to Members. It therefore excludes our advice, consultancy and follow-up work.
Last, the table excludes assurance work undertaken as one-off exercises where we do not expect a repeat review in the near to medium term.
A final note that in 2014/15 we changed our assurance ratings to the scheme detailed at Appendix C. Previously, our scale ran (from greatest to least assurance): High – Substantial – Limited – No Assurance. Although there are important differences in the detailed definitions, as a broad analogy these map to our current scale so we have employed a consistent colour scheme between the two scales.
Review Area |
Last Reported: Date |
Last Reported: Rating |
Planned Next Review |
Notes |
Street Cleaning |
2010/11 |
Substantial |
2017/18 |
|
Insurance |
2011/12 |
High |
2017/18 |
|
Complaints |
2012/13 |
Substantial |
2017/18 |
|
IT Disaster Recovery |
2012/13 |
Substantial |
2017/18 |
Not assessed since operating as a shared service |
Car Parking |
2013/14 |
Substantial |
2017/18 |
|
Food Safety |
2013/14 |
Substantial |
2017/18 |
|
Housing Grants |
2013/14 |
Substantial |
2017/18 |
|
Property Income |
2013/14 |
Substantial |
2017/18 |
|
Communications |
2014/15 |
Sound |
2017/18 |
|
Data Protection |
2014/15 |
Weak |
2017/18 |
Also subject to follow up through 2015/16 |
Debtors |
2014/15 |
Substantial |
2017/18 |
|
Emergency Planning |
2014/15 |
Weak |
2017/18 |
Also subject to follow up through 2015/16 |
Budget Management |
2015/16 |
Sound |
2017/18 |
|
Business Rates |
2015/16 |
Strong |
2017/18 |
|
Council Tax |
2015/16 |
Sound |
2017/18 |
|
Homelessness |
2015/16 |
Sound |
2017/18 |
|
Planning Support |
2015/16 |
N/A |
2017/18 |
|
Procurement |
2015/16 |
Sound |
2017/18 |
|
Bereavement Services |
2016/17 |
tbc |
2017/18 |
|
Building Control |
2016/17 |
tbc |
2017/18 |
|
Corporate Governance |
2016/17 |
N/A |
2017/18 |
|
ICT Network Controls |
2016/17 |
Strong |
2017/18 |
|
Payroll |
2016/17 |
tbc |
2017/18 |
|
Animal Welfare |
|
|
2017/18 |
First review as discrete area |
Contract Management |
|
|
2017/18 |
Individual contracts reviewed previously, first systemic review |
Debt Recovery |
|
|
2017/18 |
New service established 2016 |
Democratic Services |
|
|
2017/18 |
First review as discrete area |
Economic Development |
|
|
2017/18 |
Individual projects assessed, previously |
HR Policy Compliance |
|
|
2017/18 |
First review as discrete area |
Land Charges |
|
|
2017/18 |
First review as discrete area |
Legal Services |
|
|
2017/18 |
Not previously assessed as a shared service |
Risk Management |
|
|
2017/18 |
2017/18 will be independent review given change to MKA role |
Subsidiary Companies |
|
|
2017/18 |
Timing dependent on extent of company activity, may be revised |
Sports Development |
2009/10 |
Substantial |
2018/19 |
|
Development Control |
2012/13 |
Substantial |
2018/19 |
|
Housing |
2012/13 |
Substantial |
2018/19 |
Will monitor Preventing Homelessness Bill, may bring review forward |
Spatial Planning |
2012/13 |
Substantial |
2018/19 |
|
Cash Collection |
2013/14 |
High |
2018/19 |
Cash collection diminishing part of income, consider bringing review forward depending on income system implementation timing |
CCTV |
2013/14 |
Substantial |
2018/19 |
|
Equalities |
2013/14 |
Substantial |
2018/19 |
|
Markets |
2013/14 |
Substantial |
2018/19 |
|
Museum |
2013/14 |
Limited |
2018/19 |
|
Project Management |
2013/14 |
Substantial |
2018/19 |
Individual projects reviewed (as assurance and consultancy) since methodology review |
Business Continuity |
2014/15 |
Weak |
2018/19 |
|
Recruitment |
2014/15 |
Substantial |
2018/19 |
|
Waste Collection |
2014/15 |
Sound |
2018/19 |
|
Licensing |
2015/16 |
Sound |
2018/19 |
During interim will be seeking some reliance on work of Sevenoaks DC audit team |
Members’ Allowances |
2015/16 |
Sound |
2018/19 |
|
Safeguarding |
2015/16 |
Weak |
2018/19 |
|
Café Management |
2016/17 |
Weak |
2018/19 |
Pending operational decisions on café management |
Creditors |
2016/17 |
tbc |
2018/19 |
|
Discretionary Housing Payments |
2016/17 |
Sound |
2018/19 |
Potential expansion of future review into CTS hardship scheme |
General Ledger |
2016/17 |
tbc |
2018/19 |
|
Hazlitt Theatre |
2016/17 |
Weak |
2018/19 |
|
Health & Safety |
2016/17 |
Weak |
2018/19 |
|
Housing Benefits |
2016/17 |
Sound |
2018/19 |
|
Performance Management |
2016/17 |
tbc |
2018/19 |
|
Section 106 Agreements |
2016/17 |
Weak |
2018/19 |
|
Treasury Management |
2016/17 |
Sound |
2018/19 |
|
IT Development & Procurement |
|
|
2018/19 |
Considered previously as part of general reviews and planned for 2016/17, postponed and replaced with consultancy on 2017/18 as approach changes |
Planning Support |
|
|
2018/19 |
First review as shared service |
Cobtree Golf Course |
2010/11 |
Substantial |
2019/20 |
|
Parks Income |
2011/12 |
Substantial |
2019/20 |
|
Tourism |
2012/13 |
Substantial |
2019/20 |
|
Banking |
2014/15 |
Sound |
2019/20 |
|
Credit Cards |
2014/15 |
Sound |
2019/20 |
|
Register of Interests |
2014/15 |
Weak |
2019/20 |
|
VAT Management |
2014/15 |
Sound |
2019/20 |
|
Grounds Maintenance |
2015/16 |
Sound |
2019/20 |
|
Community Safety |
2016/17 |
Sound |
2019/20 |
|
ICT Support |
2016/17 |
N/A |
2019/20 |
|
Learning & Development |
2016/17 |
Sound |
2019/20 |
|
Public Health |
2016/17 |
tbc |
2019/20 |
|
Residents’ Parking |
2016/17 |
tbc |
2019/20 |
|
Leisure Centre |
2015/16 |
Sound |
2020/21 |
|
Customer Services |
2016/17 |
Strong |
2020/21 |
|
Elections |
2016/17 |
Sound |
2020/21 |
Arrange timing around 2020 GE |
Environmental Enforcement |
2016/17 |
Sound |
2020/21 |
|
Facilities Management |
2016/17 |
Sound |
2020/21 |
|
Freedom of Information |
2016/17 |
tbc |
2020/21 |
May move date depending on developments in law |
Public Conveniences |
2016/17 |
Sound |
2020/21 |
May move date depending on contract arrangements |
Appendix B: Team Biographies
Management
Rich Clarke CPFA ACFS (Head of Audit Partnership): Rich became head of the audit partnership in April 2014 joining from KPMG. At KPMG he had various internal and external audit clients across the public sector including LB Islington, Woking BC, East Kent Hospitals University NHS Trust, the Foreign and Commonwealth Office and the Civil Aviation Authority. Rich is a Chartered Accountant (CPFA) and during 2015 undertook and passed further study to become an Accredited Counter Fraud Specialist (ACFS). Rich is also UK Local Government representative on the Internal Audit Standards Advisory Board, the body charged with updating the Public Sector Internal Audit Standards. In 2016 Rich also began ancillary work as a CIPFA associate, delivering training on CIPFA’s behalf across the country on managing and improving internal audit teams. In addition, Rich is Chairman of the Kent Audit Group and an Executive Board Member of the London Audit Group, both groups comprising Heads of Audit from across the public sector.
Russell Heppleston CMIIA (Deputy Head of Audit Partnership): Russell started working for the Maidstone / Ashford partnership in November 2005, and continued his role as Auditor for the Mid Kent Audit Service on its creation in 2010. He progressed through professional qualifications with the Institute of Internal Auditors (IIA) to achieve both Practitioner and Chartered member status. Russell became Audit Manager for Swale and Maidstone in 2013, and later Deputy Head of Audit Partnership in the 2015 restructure. Russell is studying the International Diploma of Risk Management with the Institute of Risk Management.
Frankie Smith CMIIA (Audit Manager – Swale & Tunbridge Wells): Frankie Smith has worked in internal audit for 16 years, starting as an auditor at Maidstone Borough Council. During this time Frankie has completed audits at Ashford, Maidstone, Swale and Tunbridge Wells. Frankie achieved Chartered Auditor (CMIIA) status in August 2015 and became that same month Audit Manager at Swale and Tunbridge Wells.
Alison Blake ACCA, CIRM (Audit Manager – Ashford &
Maidstone): Alison
joined the internal audit partnership in 2012 and took on the role of Audit
Manager in January 2016. Before this Alison worked for South Coast Audit
for 7 years where she undertook internal audit work across various NHS clients in East Kent. During Alison’s career
she has completed a wide range of audit work with the aim of supporting the in
achieving their objectives and the objectives of the organisation as a
whole. In 2014 Alison achieved the Certificate qualification from
the Institute of Risk Management.
Senior Auditors
Mark Goodwin ACFT (Senior Auditor): Mark joined Ashford Borough Council in January 1999 having previously worked at Maidstone Borough Council in an audit role. He was a founder member of the Ashford and Maidstone Internal Audit Partnership before this developed into the four-way Mid Kent Audit Partnership in April 2010. He is an experienced auditor who has audited extensively the full range of council services across various local authorities. Mark achieved the Accredited Counter Fraud Technician (ACFT) designation from CIPFA in March 2016.
Claire Walker (Senior Auditor): Claire joined the audit partnership in September 2010, and has wide experience in various areas. These include Local and Central Government, Arts, Broadcasting, Financial Services, NGOs and Not for Profit Sector, also Lottery Fund distribution and associated grant making programmes. Claire delivered some training and mentoring projects for the FCO, DFID and the World Bank as well as work on European Social Fund projects. Within Local Government Claire has undertaken a wide range of audits with a focus on legal compliance, contracts and governance arrangements. Other audit experience covers outsourcing functions, due diligence, and fraud investigations.
Jo Herrington PIIA CIA (Senior Auditor): Jo joined the audit partnership on 30 September 2013. Before this Jo worked for Gravesham BC for nearly nine years where she gained experience of working in the Finance department and the Revenues department before settling in the Internal Audit team in September 2009. As part of the Internal Audit team she gained broad experience conducting audit reviews, as well as involvement in working groups across the authority. Jo became Senior Auditor in 2015 and has since gained qualifications as a Practitioner of the Institute of Internal Auditors (PIIA) in October 2015 and as a Certified Internal Auditor (CIA) in June 2016.
Jen Warrillow PIIA (Senior Auditor): Jen joined Mid Kent Audit in September 2013 from Kent County Council where she trained as an Internal Auditor. She undertook a wide range of audits including financial, governance and grant funding internally for the Council and externally for Parish Councils. Jen was previously an investigator at Swale BC and then moved on to Tonbridge & Malling BC. Having recently returned from maternity leave, she is now studying to become a Chartered Member of the Institute of Internal Auditors. Jen became a Senior Auditor in 2015.
Auditors
Paul Goodwin AAT (Auditor): Paul started with Tunbridge Wells Borough Council over 25 years ago, and has since worked mainly in Internal Audit. Paul is a qualified Accounting Technician.
Andy Billingham (Auditor): Andy joined the Partnership in December 2015. He had previously worked for Swale Borough Council for 10 years within the Revenues and Benefits department. During this time, he gained extensive knowledge of local government, dealt with complex disputes and represented the authority at Tribunals. Andy holds a degree in History as well as an Institute of Revenue Rating and Valuation qualification. He is studying towards the Certified Internal Auditor (CIA) qualification.
Trainee Auditors
Ben Davis (Trainee Auditor): Ben joined the team in March 2015 as a trainee auditor. He holds a degree in Modern History from UEA and has previous experience in finance teams in the private and voluntary sectors. Ben began training towards achieving a professional qualification through the Chartered Institute of Public Finance and Accountancy (CIPFA) and has progressed successfully through the qualification. He aims to achieve the full professional qualification in mid 2018.
Louise Taylor (Trainee Auditor): Louise joined the team in November 2015 as audit team administrator and became a trainee auditor in August 2016. Louise had previously worked in the Planning department of Maidstone Borough Council and has extensive experience working with local authorities. In early 2017 Louise began training to become a Certified Internal Auditor (CIA) with the Institute of Internal Auditors (IIA). She also holds an MA in Planning, Policy and Practice and a degree in Human Geography.
The Audit Team Administrator role is vacant but we plan to recruit in April 2017.
Appendix C: Assurance & Recommendation Ratings
Assurance Ratings 2017/18 (unchanged since 2014/15)
Full Definition |
Short Description |
Strong – Controls within the service are well designed and operating as intended, exposing the service to no uncontrolled risk. There will also often be elements of good practice or value for money efficiencies which may be instructive to other authorities. Reports with this rating will have few, if any, recommendations and those will generally be priority 4. |
Service/system is performing well |
Sound – Controls within the service are generally well designed and operated but there are some opportunities for improvement, particularly with regard to efficiency or to address less significant uncontrolled operational risks. Reports with this rating will have some priority 3 and 4 recommendations, and occasionally priority 2 recommendations where they do not speak to core elements of the service. |
Service/system is operating effectively |
Weak – Controls within the service have deficiencies in their design and/or operation that leave it exposed to uncontrolled operational risk and/or failure to achieve key service aims. Reports with this rating will have mainly priority 2 and 3 recommendations which will often describe weaknesses with core elements of the service. |
Service/system requires support to consistently operate effectively |
Poor – Controls within the service are deficient to the extent that the service is exposed to actual failure or significant risk and these failures and risks are likely to affect the Council as a whole. Reports with this rating will have priority 1 and/or a range of priority 2 recommendations which, taken together, will or are preventing from achieving its core objectives. |
Service/system is not operating effectively |
Recommendation Ratings 2017/18 (unchanged since 2014/15)
Priority 1 (Critical) – To address a finding which affects (negatively) the risk rating assigned to a Council strategic risk or seriously impairs its ability to achieve a key priority. Priority 1 recommendations are likely to require immediate remedial action. Priority 1 recommendations also describe actions the authority must take without delay.
Priority 2 (High) – To address a finding which impacts a strategic risk or key priority, which makes achievement of the Council’s aims more challenging but not necessarily cause severe impediment. This would also normally be the priority assigned to recommendations that address a finding that the Council is in (actual or potential) breach of a legal responsibility, unless the consequences of non-compliance are severe. Priority 2 recommendations are likely to require remedial action at the next available opportunity, or as soon as is practical. Priority 2 recommendations also describe actions the authority must take.
Priority 3 (Medium) – To address a finding where the Council is in (actual or potential) breach of its own policy or a less prominent legal responsibility but does not impact directly on a strategic risk or key priority. There will often be mitigating controls that, at least to some extent, limit impact. Priority 3 recommendations are likely to require remedial action within six months to a year. Priority 3 recommendations describe actions the authority should take.
Priority 4 (Low) – To address a finding where the Council is in (actual or potential) breach of its own policy but no legal responsibility and where there is trivial, if any, impact on strategic risks or key priorities. There will usually be mitigating controls to limit impact. Priority 4 recommendations are likely to require remedial action within the year. Priority 4 recommendations generally describe actions the authority could take.
Advisory – We will include in the report notes drawn from our experience across the partner authorities where the service has opportunities to improve. These will be included for the service to consider and not be subject to formal follow up process.
[1] As described in the Audit Charter, at the Council “Chief Audit Executive” in the Standards is the Head of Audit Partnership. “Board” is the Audit, Governance & Standards Committee. “Senior Management” is the Council’s Corporate Leadership Team.
[2] We’ve used net service spend rather than gross to remove large bulk costs such as Housing Benefits which are (largely but not entirely) reimbursed by Government and have separate certification arrangements.
[3] Shared service with other authority/ies. Maidstone BC contribution to audit budget only.
[4] Reviews not of shared services, but parallel reviews of similar work undertaken at two or more authorities resulting in a single output report