Interim Internal Audit & Assurance Report

 

[i]

 

November 2018
Maidstone Borough Council


Introduction

1.             The Institute of Internal Audit gives the mission of internal audit: to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.

2.             The mission and its associated code of ethics and Standards govern over 200,000 professionals in businesses and organisations around the world.  Within UK Local Government, authority for internal audit stems from the Accounts and Audit Regulations 2015.  The Regulations state services must follow the Public Sector Internal Audit Standards – an adapted and more demanding version of the global standards.  Those Standards set demands for our reporting:

Audit Charter

3.             This Committee approved our Audit Charter in March 2016. The Charter remains effective through the updated standards in April 2017.  We will bring an updated Charter to Members later this year.

Independence of internal audit

4.             Mid Kent Audit works as a shared service between Ashford, Maidstone, Swale and Tunbridge Wells Borough Councils. A Shared Service Board including representatives from each council supervises our work based on our collaboration agreement.

5.             Within Maidstone BC during 2018/19 we have continued to enjoy complete and unfettered access to officers and records to complete our work.  On no occasion have officers or Members sought or gained undue influence over our scope or findings.

6.             I confirm we have worked with full independence as defined in our Audit Charter and Standard 1100.

Management response to risk

7.             We include the results of our work in the year so far later in this report.  In our work we often raise recommendations for management action.  During the year so far management have agreed to act on all recommendations we have raised.  We report on progress towards implementation in the section titled Recommendation Follow Up Results.

8.             There are no risks we have identified in our work that we believe management have unreasonably accepted.

Resource Requirements

9.             We reported in our plan presented to this Committee in March 2018 an assessment on the resources available to the audit partnership for completing work at the Council.  That review decided:

…we believe we have enough resource to deliver the 2018/19 plan

10.         In 2018/19 we drew that conclusion considering setting up new software.  That implementation is on track and described further later in this report.  Since the plan we have also engaged with Dartford and Sevenoaks Councils to provide support, again described later in this report.  Considering extra contractor support available to us through the Apex Contract managed by LB Croydon, we remain content we have enough resource to deliver the 2018/19 plan.


 

Audit Plan Progress

11.         This Committee approved our Annual Audit & Assurance Plan 2018/19 on 19 March 2018.  The plan set out an intended number of days devoted to each of various tasks.  We began work on the plan during May 2018 and expect completing enough to form our Annual Opinion by June 2019.

12.         The table below shows progress in total number of days delivered against the plan (figures are up to end of October 2018, about 40% through the audit year).


Category

2018/19 Plan Days

Outturn at Interim

Days Remaining

2017/18 Assurance Projects

0

80

n/a

2018/19 Assurance Projects

380

68

312

Non project assurance work[1]

120

99

21

Unallocated contingency

30

26

4

Totals (18/19 Work Only)

530

193

337

 

13.         Based on resources available to the partnership for the rest of the year we forecast delivery of around 315 further audit days.  This creates a forecast total of 508, or 96% of planned days. 

14.         We detail the specifics, and results, of this progress further within this report.

 


Results of Audit Work

15.         The tables below summarise audit project findings and outturn up to the date of this report.  Where there are material matters finished between report issue and committee meeting we will provide a verbal update.  (* = days split between partners, MBC only shown).

Completed Assurance Projects Since Annual Report in June 2018

 

Title

Days Spent

Report Issue

Assurance Rating

Notes

2017/18 Plan Projects Issued after 1 June 2018

 

Member Training & Induction

18

Jun-18

Sound

Reported to Members July 2018

 

HR Policy Compliance

7*

Jun-18

Sound

Reported to Members July 2018

 

Street Scene

16

Jul-18

Sound

Reported to Members July 2018

 

Complaints

23

Jul-18

Sound

Reported to Members July 2018

I

Animal Welfare Control

20

Nov-18

Weak

 

II

Contract Management

20

Nov-18

Weak

 

2018/19 Plan Projects Issued up to Report Date

III

Housing Allocations

16

Aug-18

Sound

 

IV

Financial Resilience Index

5*

Sep-18

N/A

 

V

Budgetary Control

16

Oct-18

Sound

 

VI

Museum Income Collection

15

Oct-18

Sound

 

 


 

Assurance Projects Underway

Title

Days So Far

Expected Report

Notes / Stage

Revenues & Benefits Compliance Team

4*

Jan-19

Fieldwork in progress

Cyber Security

1*

Jan-19

Planning (undertaken by specialist contractor)

Accounts Payable

1

Jan-19

Planning

Building  Control

5

Feb-19

Planning

Licensing Administration

1*

Feb-19

Planning

Commercial Waste

1*

Mar-19

Planning

NNDR Liabilities & Reliefs

1*

Mar-19

Planning

Absence Management

1*

Mar-19

Planning

Declarations of Interest

1

Mar-19

Planning

Markets

1

Apr-19

Planning


Assurance Projects Yet to Begin

Title

Expected Start

Expected Report

Notes

Planning Enforcement

Quarter 3

Mar-19

 

Community Protection Team

Quarter 3

Mar-19

 

Property Management

Quarter 3

Apr-19

 

Public Consultations

Quarter 3

Apr-19

 

Recruitment

Quarter 3

Apr-19

Joint with SBC

Waste Contract

Quarter 3

Apr-19

Joint with ABC and SBC

Council Tax Reduction Scheme

Quarter 4

May-19

Joint with TWBC

General Data Protection Regulations

Quarter 4

May-19

Cross partnership

Air Quality

Quarter 4

Jun-19

 

Cobtree Trust Governance

Quarter 4

Jun-19

 

Transformation

Quarter 4

Jul-19

 

Homelessness Reduction Act

Quarter 4

Jul-19

Cross Partnership

IT Technical Support

Quarter 4

Jul-19

Joint with SBC and TWBC

 

We will continue to keep these projects under review because of our available resources and the changing risk position at the authority.

 

 

 


Audit Project Summary Results

I: Animal Welfare Control (November 2018)

16.         Our opinion based on our audit work is that there are Weak controls around animal welfare control. 

17.         The stray dog service is being delivered by an external organisation (Viking Oak) and has been for at least 18 years.  No procurement exercise has ever been undertaken and therefore is in breach of the Council’s financial regulations.  There is also no contract in place with the provider.  This results in the Council being unable to enforce certain conditions on the provider. The Council has little to no assurance that the service is being run in compliance with the Environmental Protection Act 1992 and best practice guidance with examples found in testing showing that it is not.

18.         The Pest Control Contract is currently awarded to Goodwin Pest Management.  The contract remained unsigned though in operation for 14 months after its implementation.  Management of the contract is insufficient with a number of significant gaps in compliance identified by the audit that the service had been previously unaware of.

19.         The service conducts premises inspections to support licence applications for riding establishments and animal boarding establishments.  These are done in line with the relevant legislation.

20.         As noted above, management remain engaged in internal discussions on the best approach to tackle recommendations, but have accepted the audit findings.  We hope to finalise the report in late November.


 

II: Contract Management (November 2018)

21.         Our opinion based on our audit work is that the controls around the Contract Management arrangements are Weak.  This means the controls do not consistently work well enough to give assurance to the Council.

22.         The Council does not have a complete overview of its contracts.  Although a variety of information exists across the Council, it should be brought together in an accessible central listing.  The revised procurement process ensures better identification and involvement of contract managers. To build on these improvements, and the general management of contracts, the Council should develop a contract management strategy, and accompanying training.

23.         A general understanding exists of contract risk, but it is not documented, monitored or reviewed.  Similarly while contracts usually set out performance measures, monitoring is inconsistent although officers do cite a general awareness of how well a contract performs.

24.         There is good awareness of how to manage contract changes and termination, although with some scope to improve to ensure the Council maintains value for money.

25.         Members will receive a separate update from management on Contract Management at the Council and plans for its development.

 

 

III: Housing Allocations (August 2018)

26.         Our opinion based on our audit work is the Housing Allocations service has Sound controls in place to manage its risks and support achievement of its objectives. 

27.         Our testing has concluded applicants entered onto the housing register are suitably scrutinised to establish their eligibility. The housing need and local connection are properly determined, and allocation decisions are transparent.

28.         However, due to a recent lack of resources all areas of the Scheme are not being enforced.  In particular rules around the frequency of bidding and review timescales aren’t being met. Furthermore, there are limited controls in place to prevent MBC Officers from accessing and updating their own housing register accounts.

29.         Our recommendations began to fall due for action at the end of October 2018. We will report progress to management in early 2019.

 

IV: Financial Resilience Index (September 2018)

30.         CIPFA closed its consultation on a proposed Resilience Index (the “Index”) on 24 August 2018.  The stated aim of the index, according to CIPFA is:

“…to be an authoritative measure of council’s financial resilience, drawing on publicly available information, intended to provide an early warning system where it is needed so that action can be taken at a local level in a timely manner.”

31.         CIPFA published a reasonably detailed explanation of its intended method alongside the consultation on its overall proposal.  The core of the method is to take accounts data focusing on RSG reliance, reserve levels and auditor opinions and combine them into a single weighted score.  CIPFA will then adjust the scores to set the median at 100.  Authorities with a score of greater than 100 show signs associated with greater financial resilience than their peers.

32.         Based on the method set out in the consultation, we found all four authorities in the partnership comfortably into or beyond the mid-range with index scores between 98 and 125.   However, there is notable range among districts. The top of the index is 190, far above the median level, with scores falling down to 55.  Across Kent we found a range between 87 and 166.

33.         CIPFA plan to develop a final version of its Index before the end of the year.  We will update our work accordingly and report again to partner authorities.

 

 

V: Budgetary Control (November 2018)

34.         Our opinion based on our audit work is that finance have Sound controls in place to manage risks and support achievement of objectives in relation to budgetary control. 

35.         The Council's budgetary control process is defined within its Financial Procedure Rules. There are no budget monitoring procedure notes in place to support the process. These should be introduced to provide guidance and ensure a consistent approach.

36.         Training was provided to budget managers in 2017 and this was supplemented by a detailed budget management pack. The Finance team also provide ongoing individual support. However our testing identified staff who hadn't received training and staff who required additional training. Budget managers also made a number of suggestions for improvement to the support provided by Finance in response to our survey.

37.         Our virement testing concluded they were processed and authorised in line with the Financial Procedure Rules. However the Service needs to better document where the authorisation for the virement has come from.

38.         We will follow up recommendations for action as they fall due during 2019.


 

VI: Museum Income Collection (November 2018)

39.         Our opinion based on our audit work is that the museum has Sound controls in place to manage its risks and support achievement of its objectives. 

40.         Our review concludes that controls are generally operating as designed to ensure that income is appropriately collected, banked and coded. Detailed procedures are in place to help ensure cash is collected, stored and banked accurately and securely. However, our testing found that some invoices sent to schools are not being raised in a timely manner. Combined with ineffective credit control, this has resulted in several late payments. This can be partially attributed a lack of sufficient cover within the team to undertake this task.

41.         The Museum’s income targets have been set as part of the annual budget setting process. At the time of audit, income (excluding grants) was 19% short of the budgeted year to date target. However this was found to be due to targets not being profiled over the year. There are appropriate mechanisms in place to monitor income levels.

42.         We will follow up recommendations for action as they fall due during 2019.

 


Recommendation Follow Up Results

43.         Our approach to recommendations is that we follow up each issue as it falls due in line with the action plan agreed with management when we finish our reporting.  We report progress on implementation to Corporate Leadership Team each quarter. This includes noting any matters of continuing concern and where we have revisited an assurance rating (typically after action on key recommendations).

44.         In total, we summarise in the table below the current position on following up agreed recommendations:

Project

Total

High Priority[2]

Medium Priority

Low Priority

Recommendations brought into 2018/19

55

7

25

23

New recommendations agreed in 2018/19

76

11

26

39

Total Recommendations Agreed

131

18

51

62

Fulfilled by 30 September 2018

58

7

21

30

Recommendations cfwd past 30 September

73

11

30

32

Not Yet Due

57

9

23

25

Delayed Implementation but no extra risk

16

2

7

7

Delayed Implementation with risk exposure

0

0

0

0

 

45.         We have raised one critical recommendation.  In this instance we believed that our finding represents an immediate threat that demands rapid response.  Specifically our concern is that the Council is operating a statutory function through a third party without any sound legal basis.  We reproduce the recommendation in full below along with management’s acceptance and proposed response.

R1: Stray Dog Service Contract

Priority 1: Critical

Develop and agree contract terms for the provision of the stray dog service that are in line with legislation and best practice.

This should include provision within the contract for the following:

·         Contractor to provide full details as required regarding each individual dog including supporting evidence/documentation;

·         Contractor to discover the reason for straying and provide advice on how to prevent in future.  They should document this and inform the Council.

·         Contractor to exhaust all options for reuniting stray dogs with their owners, including the consideration for using social media.  All actions taken should be recorded.

·         Contractor to record the reasons a dog was rehomed, including a record of a suitability assessment for rehoming.

·         Contractor to record the reasons for destroying stray dogs, including a vet’s assessment and agreement.  They should also consult with the Council’s Animal Welfare Officer prior to putting any dog to sleep so that they are immediately aware.

Implementation of the recommendation will ensure that the Council is able to monitor the service provision and ensure compliance with the Environmental Protection Act 1990.

Management Response

Our current provider has previously resisted agreeing or committing to a formal contract, it was thought that trying to force this issue would result in their ceasing the service before an alternative provider could be identified, resulting in a loss of service meaning MBC would be unable to deliver on its statutory duties.

To reduce the risk level and to comply with the Council’s requirements to document the level of service and responsibilities expected from both parties a written agreement will be drafted in the form of either a Service Level Agreement or Memorandum of Understanding. A meeting will be arranged for the Community Partnerships & Resilience Manager and the Community Protection Team Manager to meet with the supplier before the end of November 2018 to seek agreement to these terms in the form of either an SLA or MOU.

In order to mitigate the potential impact any decision to cease arrangements with MBC we have asked Medway Council to quote for the provision of the service as a temporary solution to allow time for a formal tender process to be undertaken.

We are also in discussions with the other Local Authorities to whom the organisation provides a service.  The recent introduction of the Animal Welfare Regulations 2018 means that aspects of the business may need to be licensed under the regulations. This provides another opportunity to regularise the arrangements.

Responsible officer:

Community Protection Manager

Implementation date:

End of November 2018

 

46.         We will remain in contact with the service and follow progress towards fulfilling this recommendation.  We will report back to Members in due course.

47.         The table below shows distribution of outstanding recommendations across the Council.  The high priority recommendations outstanding in the below are largely in the ‘corporate’ area, with one related to Emergency Planning, one in Performance Management, one in Subsidiary Company Governance and two in Legal Services.  There is one remaining outstanding high priority recommendation relates to Grounds Maintenance.

48.         Note that the table above does not yet include recommendations arising from reports on Contract Management or Animal Welfare Control.  Adding these recommendations puts an extra 10 onto ‘corporate’ recommendations (rising from 15 to 25) and an extra 10 onto ‘environment’ (rising from 5 to 15).  The table also only shows recommendations outstanding relevant to Maidstone Borough Council


Other Audit Service Work

Risk Management Update

49.         Effective risk management is an essential part of the Council’s governance. It sets out how the Council identifies, quantifies and manages the risks it faces as it seeks to deliver services and achieve objectives.

50.         The Council’s Policy & Resources Committee approved the current risk management guidance in February 2016. The Council has also published the full guide on its website.  The same Committee agreed a risk appetite statement in October 2017; also available on the Council’s website.

51.         Since then we have had lead responsibility for co-ordinating and promoting risk management across the Council.  Our role includes reporting regular updates to Officers and Members, through the Corporate Leadership Team (CLT), Policy & Resources Committee and the Audit, Governance & Standards Committee.  We also provide support and training to help ensure that effective risk management. 

52.         We report the Council’s risks twice a year to Policy and Resources Committee and quarterly to Corporate Leadership Team.  Audit, Governance and Standards Committee receive an annual report on the effectiveness of the Council’s risk management.  We set out the current risk profile below.  The evaluation uses inherent risk; meaning the risk factoring in controls currently in place.

53.         Risks by definition are uncertain since they consider future events. We will therefore continue to report to CLT and Members, and oversee progress through the year to highlight any significant movement of risks over time.

54.         Risk management is continuous and delivers best value when current.  Our general support continues with focus in the coming months on:

1.      Full review of the guidance: The guidance has been in place for nearly 3 years, and needs periodic review and, if needed, updates to ensure that it remains effective.

2.      Training programme: We have continued to lead workshops, and deliver risk sessions when asked. However, developing the overall knowledge and expertise for risk management across the Council demands a wider approach. We aim to develop a training session for managers and officers on the principles of risk management, and to tailor that to new guidance.  We will also deliver training to Members.

3.      Refresh of Corporate Risks: Following updates the Council’s strategic plan we will coordinate a workshop in the new year to refresh the Corporate Risks. 

Counter Fraud Update

55.         We consider counter fraud and corruption risks in all of our audit engagements when considering the effectiveness of control.  We also undertake distinct work at assess and support the Council’s arrangements.

Investigations

56.         During the first half of 2018/19 we have continued progress with the major investigation we began in early 2017.  After sifting through significant volumes of evidence we are now at the point of taking final witness statements and gathering our final report. We aim to report to CLT in January 2019 on where we go next.

57.          We have also helped officers with other investigations referred to us.  These include:

·         An allegation of theft against an employee.  The Council recovered the money and the individual left employment and received a police caution.

·         A concern raised on how a contractor accounts for work within a profit share with the Council.  We found no evidence of hidden work, but suggested extra controls to the service that would help track and check any future discrepancies.

Whistleblowing

58.         The Council’s whistleblowing policy names internal audit as one route through which Members and officers can safely raise concerns on inappropriate or even criminal behaviour.

59.         We have so far had no matters raised with us through the Whistleblowing Policy, although note we are still receiving information from other routes.

National Fraud Initiative

60.         We continue to coordinate the Council’s response to the National Fraud Initiative (NFI).  NFI is a statutory data matching project and we must send in various forms of data to the Cabinet Office who manage the exercise.

January 2017 Data Matches

61.         We have now completed our investigations into the January 2017 matches.  Most fell to the MKS Revenues and Benefits Compliance team to look into.  That team report separately to this Committee. 

62.         We have looked into matches from non-revenues datasets in line with approved strategies with the focus on ‘high risk’ matches identified by the Cabinet Office based on previous national results.  The Cabinet Office does not expect authorities to look into every match.

63.         The table below sets out results for the data sets within Mid Kent Audit’s scope:

Dataset

Matches
(high risk)

Investigated (high risk)

Frauds

Errors

Value

Insurance Claims

2 (2)

2 (2)

0

0

0

Procurement

10 (9)

10 (9)

0

0

0

Payroll

17 (1)

1 (1)

0

0

0

Taxi Drivers

11 (4)

11 (4)

0

1

0

Housing Waiting List

55 (52)

55 (52)

0

2

£6,480

Totals

95 (68)

79 (68)

0

3

£6,480

 

64.         The total ‘hit rate’ for looking into these matches was 4% (or 4.5% if we consider only the high-risk matches).  The average return for a match was £82 (£95 for high-risk only).

 

January 2019 Data Matches

65.         We received notice from the Cabinet Office seeking data for the 2019 exercise in July.  Working with services, we have correctly provided the data before the deadline of October 2018.  Before submission the Council must complete a Privacy Notice to confirm it has processed data in line with relevant law.  We worked with services to ensure the Council met this duty.

66.         We expect results from this exercise by the end of January 2019.  We will update the Committee next year on findings arising from those matches.

Other Audit and Advice Work

67.         We also continue to undertake a broad range of special and scheduled consultancy and advice work for the Council.  Examples include our attendance at Information Governance and Corporate Governance Groups and as part of the Wider Management Team. We have also completed specific reviews looking at individual parts of the Council’s control environment at the request of officers such as assessing local planning risks.

68.         The Council has also commissioned the audit service, following a successful pilot last year, to undertake another Independent Management Report (IMR) for the Kent & Medway Safeguarding Children Board.  This report will consider the Council’s contact with two residents who died tragically earlier this year.  We will reflect on the Council’s involvement and feed in to a broader report. This will consider whether there are lessons across the public sector.

69.         We have also, at the request of the Mid Kent Services Board, begun a programme of ‘mid-term reviews’ examining shared services.  These reviews follow the model of the Audit Mid-Term Review completed last year and start with a look at the Shared HR Service.  We aim to complete that review in early 2019.

70.         We have also begun planning, at this Committee’s request, an analysis of the Committee’s effectiveness against CIPFA’s Practical Guidance for Audit Committees.  We will report separately on that work.

71.         We remain engaged and flexible in seeking to meet the assurance needs of the Council. We are happy to discuss opportunities large and small where the Council can usefully employ the experience and expertise of the audit team.


 

Code of Ethics and Standards Compliance

72.         On 1 April 2017 the RIASS[3] published a changed set of Public Sector Internal Audit Standards (the “Standards”).  These updates made more than thirty changes and improvements, building on the recently published International Professional Practices Framework.

73.         All auditors working in the public sector (including, for instance, health and central government too) must work to these standards.

Code of Ethics

74.         We include the full Code at Annex 2.  This Code applies specifically to internal auditors, though individuals within the team must comply with similar Codes for their own professional bodies.   Also the Standards also direct auditors in the public sector to consider the Committee on Standards in Public Life’s Seven Principles of Public Life (the “Nolan Principles”).

75.         We have included the Code within our Audit Manual and training for some years.  We also have policies and guidance in place on certain specifics, such as managing and reporting conflicts of interest.

76.         We can report to Members we remain in conformance with the Code. 

Public Sector Internal Audit Standards

77.         Under the Public Sector Internal Audit Standards we must each year assess our conformance to those standards and report the results of that assessment to Members.

78.         We underwent an external independent assessment from the IIA in 2014 which confirmed our full conformance with all but 5 of the standards and partial conformance to the rest.  In 2015, following action to fulfil the IIA’s recommendations, we achieved full conformance to the standards – the first English local authority audit service to be so assessed by the IIA.

79.         The Standards demand a new assessment at least every five years, meaning ours is due before April 2020.  Guidance from the Internal Audit Standards Advisory Board advises that Members should play a leading role in the assessment, including acting as sponsor and receiving the findings and recommendations.  We will include in our 2019/20 audit plan a proposal for getting the needed assessment but welcome any comments from Members as we prepare that plan.

80.         We continue to work in full conformance with the Standards.

Pentana Audit Software

81.         In our Annual Report we confirmed that, after a competitive tender, we had decided to move from Teammate to Pentana audit software.  As well as providing a significant saving in licence costs each year, Pentana expands our capacity to organise, use and present the information we gather in completing audits.

82.         Our implementation project is nearing completion, with information drawn from Teammate and all the team now using Pentana for day-to-day work.  We hope to make much greater use of its analysis and presentation alternatives in future communications with Members, starting with our 2019/20 audit plan.  However, as a sign of the possible uses, the chart below quickly shows comparative coverage of the audit universe of each authority in the partnership in our 2018/19 audit plan.

83.         The numbers related to how many audit reviews planned cover that area. Red shading means an area does not feature in our plan.  Green means we plan to examine the entire area with shading inbetween showing the proportion covered in year.


Audit Team Update

Working with Dartford and Sevenoaks Borough Councils

84.         On 1 August our Deputy Head of Audit Partnership – Russell Heppleston – took up a six-month secondment to the Head of Audit role for the existing partnership between Dartford and Sevenoaks Councils.  This secondment, awarded to Russell after a competitive interview, reflects well on his work in the partnership and is a great opportunity for him to lead a service.

85.         The temporary move also created opportunities within the audit team in Mid Kent.  After interviews, Jo Herrington has moved from Senior Auditor to Audit Manager covering Swale and Tunbridge Wells. Andy Billingham moves from an Auditor role to take Jo’s place as a Senior Auditor, again after interviews within the team.

86.         This means that, at least until the end of the secondment period, the Mid Kent Audit Management Team comprises:

·         Ali Blake: Ashford BC Manager and risk management lead across the partnership

·         Frankie Smith: Maidstone BC Manager, Shared Service Lead plus counter fraud lead across the partnership.

·         Jo Herrington: Swale BC and Tunbridge Wells BC Manager.

87.         During November we will begin discussions with Dartford and Sevenoaks on the longer term once the secondment ends in February.  We hope to update Members as part of our 2019/20 audit plan.

Performance Indicators

88.         Aside from the progress against our audit plan we also report against some specific performance measures designed to oversee the quality of service we deliver to partner authorities.  The Shared Service Board (with Mark Green, Director of Finance & Business Improvement as the Council’s representative) considers these measures at each quarterly meeting. We also consolidate the results into reports presented to the MKS Board (which includes the Council’s Chief Executive and Leader).

89.         Note that all figures are for performance across the Partnership.  Given how closely we work together as one team, as well as the fact we examine services shared across authorities, it is not practical to present authority by authority data.  

Measure

2014/15 Results

2015/16 Results

2016/17 Results

2017/18

Results

2018/19 Q1/2

Cost per audit day

Met target

Met target

èç

Beat target

é

Beat target

é

Ahead of target

é

% projects completed within budgeted number of days

47%

60%

é

71%

é

78%

é

80%

é

% of chargeable days

75%

63%

ê

74%

é

74%

èç

70%[4]

èç

Full PSIAS conformance

56/56

56/56

èç

56/56

èç

58/58

é

58/58

èç

Audit projects completed within agreed deadlines

41%

76%

é

81%

é

87%

é

80%

ê

% draft reports within ten days of fieldwork concluding

56%

68%

é

71%

é

80%

é

80%

èç

Satisfaction with assurance

100%

100%

èç

100%

èç

100%

èç

100%

èç

Final reports within 5 days of closing meeting

89%

92%

é

94%

é

96%

é

100%

é

Respondents satisfied with auditor conduct

100%

100%

èç

100%

èç

100%

èç

100%

èç

Recommendations fulfilled as agreed

95%

98%

é

98%

èç

97%

èç

100%

é

Exam success

100%

100%

èç

85%

ê

85%

èç

100%

é

Respondents satisfied with auditor skill

100%

100%

èç

100%

èç

100%

èç

100%

èç

 

90.         We note the continuing improvement in performance and productivity in our project reviews, while keeping high levels of satisfaction with the service. 

91.         We have had the same set of indicators since 2014/15.  The choice of those indicators reflects the service at the time and the limits of what we could draw from our audit software.  With the powers of our new software and potential further development of the audit service we plan to look again at how best to provide an insight into our performance.  We are consulting with the MKS Board and Ashford BC and hope to have a refreshed set of indicators for 2019/20.


 

Acknowledgements

92.         We achieve these results through the hard work and dedication of our team and the resilience that comes from working a shared service across four authorities.

93.         As a management team in Mid Kent Audit, we wish to send our public thanks to the team for their work through the year so far.

94.         We would also like to thank Managers, Officers and Members for their continued support as we complete our audit work during the year.

Annex: Assurance & Priority level definitions

Assurance Ratings 2018/19 (Unchanged from 2014/15)

Full Definition

Short Description

Strong – Controls within the service are well designed and operating as intended, exposing the service to no uncontrolled risk.  There will also often be elements of good practice or value for money efficiencies which may be instructive to other authorities.  Reports with this rating will have few, if any; recommendations and those will generally be priority 4.

Service/system is performing well

Sound – Controls within the service are generally well designed and operated but there are some opportunities for improvement, particularly with regard to efficiency or to address less significant uncontrolled operational risks.  Reports with this rating will have some priority 3 and 4 recommendations, and occasionally priority 2 recommendations where they do not speak to core elements of the service.

Service/system is operating effectively

WeakControls within the service have deficiencies in their design and/or operation that leave it exposed to uncontrolled operational risk and/or failure to achieve key service aims.  Reports with this rating will have mainly priority 2 and 3 recommendations which will often describe weaknesses with core elements of the service.

Service/system requires support to consistently operate effectively

Poor – Controls within the service are deficient to the extent that the service is exposed to actual failure or significant risk and these failures and risks are likely to affect the Council as a whole. Reports with this rating will have priority 1 and/or a range of priority 2 recommendations which, taken together, will or are preventing from achieving its core objectives.

Service/system is not operating effectively

 


Recommendation Ratings 2018/19 (unchanged from 2014/15)

Priority 1 (Critical) To address a finding which affects (negatively) the risk rating assigned to a Council strategic risk or seriously impairs its ability to achieve a key priority.  Priority 1 recommendations are likely to require immediate remedial action.  Priority 1 recommendations also describe actions the authority must take without delay.

Priority 2 (High) – To address a finding which impacts a strategic risk or key priority, which makes achievement of the Council’s aims more challenging but not necessarily cause severe impediment.  This would also normally be the priority assigned to recommendations that address a finding that the Council is in (actual or potential) breach of a legal responsibility, unless the consequences of non-compliance are severe. Priority 2 recommendations are likely to require remedial action at the next available opportunity, or as soon as is practical.  Priority 2 recommendations also describe actions the authority must take.

Priority 3 (Medium) – To address a finding where the Council is in (actual or potential) breach of its own policy or a less prominent legal responsibility but does not impact directly on a strategic risk or key priority.  There will often be mitigating controls that, at least to some extent, limit impact.  Priority 3 recommendations are likely to require remedial action within six months to a year.  Priority 3 recommendations describe actions the authority should take.

Priority 4 (Low) – To address a finding where the Council is in (actual or potential) breach of its own policy but no legal responsibility and where there is trivial, if any, impact on strategic risks or key priorities.  There will usually be mitigating controls to limit impact.  Priority 4 recommendations are likely to require remedial action within the year.  Priority 4 recommendations generally describe actions the authority could take.

Advisory – We will include in the report notes drawn from our experience across the partner authorities where the service has opportunities to improve.  These will be included for the service to consider and not be subject to formal follow up process.


 

Annex 2: Institute of Internal Audit Code of Ethics



[1] Non-assurance project work includes our work in the fields of Risk Management, Counter Fraud and Investigative Support, following up recommendations and annual audit planning.

[2] Includes one Critical priority recommendation

[3] Relevant Internal Audit Standards Setters: A group comprising CIPFA (Chartered Institute of Public Finance & Accountancy), the Department of Health, HM Treasury, the Northern Irish Department of Finance & Personnel and the Welsh and Scottish Governments.  The RIASS are advised by the Chartered Institute of Internal Audit (IIA) and the Internal Audit Standards Advisory Board (IASAB).

[4] Target lowered slightly in 2018/19 to account for project costs on new software implementation.  We remain on target with chargeability



[i] Photograph of the River Medway running through Maidstone courtesy of Louise Taylor of the Mid Kent Audit Team.