Internal Audit & Assurance Plan 2020/21

 

 

 

Maidstone Borough Council

 


Introduction

1.             Our mission as an Internal Audit service is to enhance and protect organisational value. We achieve this by bringing a systematic and disciplined approach to evaluate and improve effectiveness of risk management, control and governance. We work within statutory rules drawn from the Accounts and Audit Regulations 2015 and the Public Sector Internal Audit Standards (the “Standards”).

2.             In 2015 the Institute of Internal Audit (IIA) assessed us as working in full conformance with the Standards.  We have kept full conformance since then, including through the major update to the Standards in 2017. The Chartered Institute of Public Finance and Accounting (CIPFA) won the contract to conduct the External Quality Assessment due in 2020. That work is underway. We will report findings to Members of this Committee at its next meeting in the summer. 

3.             To protect the independence and objectivity of our service, we work to an Audit Charter. The Charter sets out the local context for audit, including granting right of access to systems, records and personnel.  At this Council, the Audit, Governance and Standards Committee approved the Charter in September 2019.

4.             The Standards set out demands for compiling and presenting a document to describe planned work for the year ahead.  Specifically, our plan must set out:

·                Internal audit’s evaluation of and response to the risks facing the organisation.

·                How we consult with senior management and others.

·                How we have considered whether we have suitable resources to address the risks we identify.

·                How we will effectively use those resources to complete the plan.

5.             Our plan includes assurance and other work, such as consultancy engagements.  We can accept advisory work where it is the best way to support the Council.  The Audit Charter sets out how we consider such engagements, including how we safeguard our independence.

6.             We must also clarify that our audit plan cannot address all risks across the Council and represents our best use of the resources we have available.  In approving the plan, the Committee recognises this limit. To that end, we constantly keep the plan under review to be live to risks issues as they emerge.

Risk Assessments

7.             The Standards direct us to begin our audit planning with a risk assessment.  This assessment must consider internal and external risks, including those relevant to the sector or global risk issues.  Our plan for 2020/21 represents our views now, but we will continue to reflect and consider our response as risks and priorities change across the year. We will report a specific update to Members midway through the year. We may also consult the Committee (or its Chair) on significant changes.

Global and Sector Risks

8.             In considering global and sector risks we draw on various sources.  These include updates provided by relevant professional bodies, such as the IIA and CIPFA.  We also consult colleagues in local government audit both direct through groups such as London and Kent Audit Groups and through review of other published audit plans in the South East.

9.             These sources give us insight into the key issues facing local government and how other audit teams and business leaders are responding to future risk issues. To show our thinking on these wider risks we’ve highlighted below some of the issues discussed by the IIA in Risk in Focus 2020:

Corporate Risk Review

10.         The Council maintains a corporate risk register. These key risk issues cover matters that threaten the Council’s overall objectives, either because of their severity or the breadth of impact across several services. This Committee received an annual risk update in January 2020, which included details of each corporate risks and the overall effectiveness of the risk management process.

11.         Some of the corporate risk issues identified include financial restrictions, housing, retail and leisure. In addition to recognising the significant impact that can result from failures relating to IT security, major projects and contracts. We have therefore considered these risks specifically when undertaking our audit planning assessments.

Audit Risk Review and Consultation

12.         Beyond keeping an awareness of Sector and local risk issues, we conduct our own assessment. We consider all possible audit entities across the Council (the “audit universe”) on one specific risk:

What is the risk we offer a mistaken opinion because we don’t understand the service?

13.         As with a typical risk assessment there are two main parts to consider (impact and likelihood).  The first: how important is the service to the Council’s overall objectives, the controls and how errors might impact our opinion.  Here we consider:

Finance Risk: The value of funds flowing through the service.  High value and high-volume services (such as Council Tax) represent a higher risk than low value services with regular and predictable costs and income.

Priority Risk: The strategic importance of the service in delivering Council priorities.  For example, Regeneration and Climate Change will be higher risk owing to the direct link with the Council’s objectives.

Support Service Risk: The extent interdependencies between Council departments. For example, many services rely on effective ICT.

14.         The second part is the likelihood we might hold (or gain) a mistaken view of the service.  Here we consider:

Oversight Risk: Considering where other agencies regulate or inspect the service.  For example, Mid Kent Legal Services receive regular inspections from the Law Society to keep Lexcel accreditation and so have relatively low risk.

Change Risk: Considering the extent of change the service faces or has recently experienced.  This might be voluntary (a restructure, for example) or imposed (like new legislation).

Audit Knowledge: What do we know about the service?  This considers not just our last formal review, but any other information we have gathered from, for example, following up agreed actions.  We also consider the currency of our knowledge, with an aim to conduct a full review in each service at least every five years if possible.

Fraud Risk: The susceptibility of the service to fraud loss.  High volume services that deal directly with the public and handle cash, for example licensing and parking, are higher risk.

 

15.         The results of these various risk assessments provide a provisional audit plan.  We then take this provisional plan out to consultation. We meet Managers, Heads of Service and Corporate Leadership Team (which includes the Directors and Chief Executive) to get their perspective on our assessment and give us updates on their areas of responsibility.

16.         We set out the full audit universe and audit history in Appendix I.

Resources

17.         Having gained a perspective on the key issues for audit attention in the coming year we then consider the quantity and quality of our resources.

18.         The Audit Partnership has 11.6 full time equivalent officers. To calculate the available resources for the year, we take the total available days and subtract various categories of non-working and non-audit time. Our planning estimate for 2020/21 shows 1,810 days across the partnership for the year available for inclusion in audit plans.

19.         We then divide the total number of days between the 4 partnership authorities based on the proportions set out in our collaboration agreement. Maidstone contributes approximately 29%, which rounds to audit days of 520.  

20.         The actual number of days allocated are set out below:

Audit Projects

255 days

Members Support

25 days

Consultancy

100 days

Risk & Governance

45 days

Follow-up

30 days

Counter Fraud

30 days

Audit Planning

35 days

 

 

 

21.         Audit Standards require us to assess whether the resources available – in both quantity and quality – can fulfil our responsibilities.  In that assessment we must consider:

·         Whether we had enough resource to complete our prior year plan.

·         How the size and complexity of the organisation has changed.

·         How the organisation’s risk appetite and profile have changed.

·         How the organisation’s control environment has changed, including how it has responded to our audit findings.

·         Whether there have been significant changes to professional standards.

22.         Based on this assessment, we believe we have a sufficient quantity of resources to deliver the 2020/21 audit plan.

23.         We must also consider the skills, expertise and experience of our team. We hold a variety of qualifications that help to ensure that we provide a high-quality service. These include CIPFA, Certified and Chartered Internal Auditors, a Chartered Accountant, a Certified Risk Manager and Accredited Counter Fraud Specialists. In addition, we are also supporting 2 apprentices through level 7 audit qualifications (equivalent to full Chartered status). This gives us a wealth of relevant technical expertise to undertake the various specialist areas identified on our audit plan.

24.         We also have access to sources of specialist expertise through framework agreements with audit firms, which includes access to subject matter experts. While this access is less than in previous years (with Maidstone choosing to use some of these days to provide savings) access to specialist resources is still available.

25.         Based on the above, we believe we also have skills and expertise to deliver the 2020/21 audit plan.

Proposed Audit & Assurance Work 2020/21

26.         Members will be familiar with the assurance ratings that we issue upon concluding our work (see Appendix II for the definitions and different levels).  However, we recognise circumstances where our work aims principally at supporting work in progress or providing advice where an assurance rating would not be suitable.

27.         This recognition of the wider assurance that we provide means that our audit plan also includes the governance, risk and other advisory roles we fulfil.


Audit & Assurance Plan 2020/21

28.         Below we set out our audit engagements for the year ahead, along with an indicative objective for each review. We will agree the detailed objectives with the service as part of planning each review. Based on our risk assessment and consultations with management we have allocated a priority level to each of the audit projects:

HIGH PRIORITY: We will aim to deliver 100% of these projects during the year

MEDIUM PRIORITY: We aim to deliver more than 50% of these projects during the year

Project Title

Priority Rating

Proposed objective of the review

("Obtain assurance on the effectiveness of controls seeking to…")

Section 106 Agreements

High

- collect, monitor and release funds under Section 106 Agreements

Development Management

High

- ensure that decisions are made in accordance with scheme of delegations and planning application files that they are quality assured appropriately

Project Management Governance

High

- ensure appropriate governance processes are in place for internal transformation projects

Capital Project Management

High

- manage the innovation centre project

- learn lessons from past capital projects

Public Consultations

High

- to seek and obtain views on Council proposals

Homelessness Duties

High

- manage homelessness in line with the Homelessness Reduction Act duties

Climate Change

High

- take action in light of the declared climate change emergency

Bailiff Service[1]

High

- administer enforcement cases in line with regulation
- collect, record, monitor and distribute debt income

IT Back-Up1

High

- back-up the Councils' data
- recover data after a data loss event

Environmental Enforcement - Air Quality1

High

- response to Climate Change crisis and to verify progress against agreed actions

Homeless Outreach

Medium

- securely manage and administer the outreach budgets and allowances

Residential property management

Medium

- ensure that residential properties are safe and comply with relevant safety legislation

Accounts Receivable

Medium

- collect, record and monitor income owed to the Council through the accounts receivable process

Grounds maintenance

Medium

- ensure the Council's green spaces are maintained
- ensure the commercial aspect of the service is operating effectively

Garden waste

Medium

- provide garden waste collections to residents paying for the service

Electoral Registration

Medium

- enrol eligible individuals on the electoral register

Property Acquisition & Disposal

Medium

- ensure effective purchasing and selling of properties in line with Council policy

Property management

Medium

- ensure that commercial properties are safe and comply with relevant safety legislation
- collect, record and monitor rental income.

Subsidiary Company Governance

Medium

- governance arrangements over the subsidiary company
- monitoring and reporting arrangements for the subsidiary company

Commissioning

Medium

- effectively commission council services

Local Plan Project Governance Review

Medium

- monitor and report milestones, risks and project information

Community Infrastructure Levy

Medium

- collect, monitor and release funds under the Community Infrastructure Levy scheme

IT Asset Management[2]

Medium

- manage and control IT assets

Pay & Display[3]

Medium

- ensure pay & display parking is managed in line with regulations and policy
 - collect, record & monitor pay & display income

Traffic Regulation Orders3

Medium

- ensure traffic regulation orders are implemented in line with Traffic Regulation Act 1984

Planning Admin3

Medium

- validate planning applications
- collect, record and monitor of planning application fees

Housing Benefit Overpayments[4]

Medium

- collect, record & monitor housing benefit overpayments

29.         Total days allocated to assurance projects: 255 days

30.         The table below outlines key workstreams that we intend to undertake as part of the wider risk, governance and counter fraud support for the Council:

Proposed Assurance Non-Project Work 2020/21

165 days

Risk & Governance

·         Review and Implementation of risk software

·         Regular monitoring and reporting to Senior Officers and Members

·         Training, briefings and advise to Officers and Members

Counter Fraud

·         General Policy and Advice, including Whistleblowing and Anti-Corruption

·         Continued development of the Council Fraud Risk Assessment to identify possible proactive counter fraud work

·         Incident specific advice, support and reactive investigation

·         Training, briefings and advice to Officers and Members

Member Support

·         Attendance and preparation for Audit, Governance & Standards Committee and other Members’ meetings (including Chairman’s briefings).

·         Developing and presenting Member briefings on governance issues.

Agreed Actions Follow Up

·         Ensuring officers carry out actions as agreed.

·         Reporting progress towards implementation to Senior Officers and Members.

Audit Planning

·         Continued horizon scanning and review of audit plan risk assessments to ensure emerging risk issues are identified

31.         In addition to planned work, our plan must have flexibility to provide reactive or ad-hoc support. We have a pool of days available for the Council to draw on in such circumstances. Work allocated to these days includes:

Proposed consultancy 2020/21

100 days

Consultancy

·         Attendance and contribution to officer groups, for instance information management group, wider leadership team and corporate governance group

·         Providing ad-hoc advice, guidance and support to officers and management

·         Completing housing benefit workbooks and testing for the External Auditors

·         These days will also assist when we are required to expand to audit scopes to cover concerns or interests identified during an audit, effectively allow days to be used as contingency


Delivering the Audit & Assurance Plan

32.         We work in full conformance with the Public Sector Internal Audit Standards.  The illustration below shows the process we follow for ‘typical’ audit engagements.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Overseeing Delivery

33.         Throughout our work we undertake internal quality assessments and review. This includes specific management sign-off and checks on individual engagements in progress as well as periodic ‘cold review’ assessments. Through the latter process, we reflect on work completed to identify and take forward any learning to help us improve. 

34.         We also report progress on delivering the plan to this Committee part-way through the year. Internally, we monitor and report each month on various performance indicators detailing our progress. These updates are reported to the Shared Services Board (with Mark Green – Director of Finance & Business Improvement - as Maidstone’s representative).

Quality & Improvement Plan

35.         Although in 2015 the IIA assessed us as fully conforming to the Standards, we have continued to challenge and update how we work.  Through our internal assessments we have kept our full conformance with the Standards alongside being able to work more efficiently resulting in an increase in productive days by nearly 20% since 2015. This has all been without additional investment and only inflationary budget increases, meaning the ‘cost per audit plan day’ has fallen by almost 15% in real terms over the past 5 years.

36.         We have been using Pentana Audit Management Software for nearly 2 years. As a service we have been paperless for over a decade, but Pentana has enabled us to deliver greater quality, consistency and efficiency in how we work. This is also visible during audit planning as we can manage and organise our risk assessments within a fully automated and flexible database of our entire audit universe.

37.         For the year ahead our priority will be to address any matters arising from our EQA. Beyond those objectives our aim is to safeguard and standardise how we assess and improve our service in a full five-year plan looking ahead to our next external assessment in 2025. We will provide further details of this plan to Members alongside the EQA results in July.

 

 

External Quality Assessment

38.         Public Sector Internal Audit Standard 1312 demands we undergo an external assessment at least every five years.  The IIA undertook our last assessment, in spring 2015, that reported Mid Kent Audit as fully conforming to the Standards.  Members will already be aware that earlier in the year we commissioned CIPFA to conduct the EQA 2020 for the Audit Partnership.

39.         That review is taking place across February and March 2020 and we are grateful to those Members who have contributed either by meeting our assessor or completing a survey. We expect the final report in late March and will report to Members alongside an action plan in July.

 

 

 

 

 

 

 

 

 

 

 

 

Appendix I: Audit Universe

The “Audit Universe” is our running record of all services at the Council we might examine.  The list below shows Maidstone specific entities on our current audit universe, followed by a record of audit audit history:

Service Area

Auditable Areas

MBC Bereavement Services

Cemeteries & Crematoria

MBC Building Control

Building Control Income
Building Control

MBC Commissioning & Contracts

Contract Management
Procurement & Commissioning

MBC Communications

Marketing
Internal Communications
Public Consultations
Social Media
Website

MBC Community Safety

Safeguarding
Safety Partnerships
CCTV & Monitoring

MBC Customer Services

Customer Services

MBC Democratic Services

Democracy

MBC Development Control

Pre-Application Planning
Section 106 Income
Conservation & Heritage
Planning Enforcement
Development Management

MBC Digital & Transformation

Project Management
Social Media
Website

MBC Environmental Enforcement

Environmental Enforcement

MBC Estate Management

Health & Safety
Property Income
Property Acquisition & Disposal
Facilities Management

MBC Grounds Maintenance

Grounds Maintenance

MBC Housing

Homelessness
Home Improvement Grants
Rent Deposit Scheme

MBC Project Management

Project Management

MBC Public Health

Public Health

MBC Finance

Budget Setting
Budgetary Control
Creditors (Accounts Payable)
Debtors (Accounts Receivable)
General Ledger
Treasury Management
Insurance
Subsidiary Company Governance

MBC Leisure

Tourism Support
Leisure Services
Parks
Theatre Operations

MBC Museums

Museum

MBC Policy & Governance

Information Management
Performance Management
Complaint Handling
Corporate Governance
Climate Emergency Response

MBC Regeneration & Economy

Economic Development
Tourism Support

MBC Residential Property

Health & Safety
Property Income

MBC Resilience

Business Continuity
Emergency Planning

MBC Spatial & Strategic Planning

Strategic Planning

MBC Subsidiary Companies

Subsidiary Company Governance

MBC Waste Collection

Waste Collection
Recycling

Non-MKS Shared Services

Environmental Health

Mid Kent HR

Absence Management
Policy Compliance
Recruitment
Staff Performance Management
Training & Development
Workforce Planning
Payroll & Expenses

Mid Kent Audit

Risk Management
Counter Fraud

Mid Kent Revenues & Benefits

Council Tax
Business Rates
Compliance
Housing Benefits

Mid Kent ICT

IT Asset Management
IT Backup & Recovery
Network Security
IT Development
Technical Support

Mid Kent Legal Services

Declarations of Interest
Legal Services

Mid Kent Planning

Planning Administration
Land Charges

 

 


Appendix I: Audit History

Service Area

Audit Project

Audit Year

Audit Rating

MBC Communications

MBC10(14/15) - Communications & Social Media

2014/15

Sound

MBC Democratic Services

MBC11(14/15) - Members' Allowances

2014/15

Sound

MBC Finance

MBC23(14/15) - Corporate Credit Cards

2014/15

Sound

MBC Finance

MBC08(14/15) - Business Rates Retention Scheme (Risk)

2014/15

Strong

MBC Finance

MBC09(14/15) - VAT Management

2014/15

Sound

MBC Finance

MBC17(14/15) - Bank Reconciliation

2014/15

Sound

MBC Finance

MBC28(14/15) - Accounts Payable (Creditors)

2014/15

Sound

MBC Leisure

MBC07(14/15) - Leisure Centre Contract

2014/15

Sound

MBC Policy & Governance

MBC15(14/15) - Data Protection

2014/15

Weak

MBC Resilience

MBC02(14/15) - Emergency Planning

2014/15

Weak

MBC Waste Collection

MBC12(14/15) - Waste Collection Contract

2014/15

Sound

Mid Kent HR

MBC20(14/15) - Members' & Officers' Declarations of Interest

2014/15

Weak

Mid Kent ICT

MBC06(14/15) - Computer Use Policy

2014/15

Sound

Mid Kent Legal Services

MBC20(14/15) - Members' & Officers' Declarations of Interest

2014/15

Weak

Mid Kent HR

MBC14(14/15) - Payroll

2014/15

Strong

Shared Revenues & Benefits

MBC22(14/15) - Business Rates (Systems audit)

2014/15

Strong

MBC Commissioning & Contracts

MBC/CF03(15/16) - Procurement

2015/16

Sound

MBC Community Safety

MBC/CG05(15/16) - Safeguarding

2015/16

Weak

MBC Community Safety

MBC/SR01(15/16) - Community Safety

2015/16

Sound

MBC Democratic Services

MBC/CG04(15/16) - Members' Allowances

2015/16

Sound

MBC Development Control

MBC/SR07(15/16) - Section 106

2015/16

Weak

MBC Environmental Enforcement

MBC/SR03(15/16) - Litter Enforcement

2015/16

Sound

MBC Finance

MBC/CF01(15/16) - Budget Setting

2015/16

Sound

MBC Finance

MBC/CF02(15/16) - Accounts Receivable (Systems Audit)

2015/16

Sound

MBC Grounds Maintenance

MBC/SR10(15/16) - Grounds Maintenance

2015/16

Sound

MBC Housing

MBC/SR04(15/16) - Temporary Accommodation

2015/16

Sound

MBC Leisure

MBC/CF04(15/16) - Mote Park & Cobtree Café

2015/16

Weak

MBC Policy & Governance

MBC/SR08(15/16) - Service Improvement

2015/16

Strong

MBC Resilience

MBC/CG01(15/16) - Business Continuity

2015/16

Weak

MBC Waste Collection

MBC/SR11(15/16) - MBC Garage

2015/16

Sound

Non-MKS Shared Services

MBC/SR05(15/16) - Licensing

2015/16

Sound

Mid Kent HR

MKS/SR01(15/16) - Learning & Development

2015/16

Sound

Mid Kent ICT

MKS/SR02(15/16) - ICT Network Controls

2015/16

Strong

Mid Kent HR

MKS/CF01(15/16) - Payroll

2015/16

Strong

Shared Revenues & Benefits

MKS/CF02(15/16) - Business Rates

2015/16

Strong

Shared Revenues & Benefits

MKS/CF03(15/16) - Council Tax

2015/16

Sound

MBC Bereavement Services

MBC-OR03(16-17) - Crematorium

2016/17

Sound

MBC Democratic Services

MBC-OR05(16-17) - Elections

2016/17

Sound

MBC Estate Management

MBC-OR06(16-17) - Facilities Management

2016/17

Sound

MBC Estate Management

MBC-OR13(16-17) - Health & Safety

2016/17

Weak

MBC Finance

MBC-CF01(16-17) - Accounts Payable

2016/17

Sound

MBC Finance

MBC-CF02(16-17) - General Ledger: Journals & Feeder Systems

2016/17

Sound

MBC Finance

MBC-CF03(16-17) - Treasury Management

2016/17

Sound

MBC Grounds Maintenance

MBC-OR09(16-17) - Public Conveniences

2016/17

Sound

MBC Leisure

MBC-OR07(16-17) - Hazlitt

2016/17

Weak

MBC Policy & Governance

MBC-CG04(16-17) - Performance Management

2016/17

Weak

MBC Policy & Governance

MBC-CG03(16-17) - Freedom of Information

2016/17

Sound

MBC Public Health

MBC-OR10(16-17) - Public Health

2016/17

Sound

Non-MKS Shared Services

MKS-OR04(16-17) - Residents' Parking

2016/17

Sound

Non-MKS Shared Services

MBC-OR12(16/17) - Park & Ride

2016/17

Weak

Mid Kent ICT

MKS-CG01(16-17) - ICT Controls & Access

2016/17

Sound

Mid Kent HR

MKS-CF01(16-17) - Payroll

2016/17

Strong

Shared Revenues & Benefits

MKS-CF02(16-17) - Housing Benefits

2016/17

Sound

Shared Revenues & Benefits

MKS-OR05(16-17) - Discretionary Housing Payments

2016/17

Sound

MBC Commissioning & Contracts

MBC-OR05(17-18) - Contract Management

2017/18

Weak

MBC Commissioning & Contracts

MBC-CF02(17-18) - Procurement

2017/18

Weak

MBC Communications

MBC-OR10(17-18) - Promotion & Marketing

2017/18

Sound

MBC Community Safety

MBC-OR01(17-18) - Animal Welfare Control

2017/18

Weak

MBC Democratic Services

MBC-OR09(17-18) - Member Training & Induction

2017/18

Sound

MBC Finance

MBC-OR08(17-18) - Insurance

2017/18

Sound

MBC Finance

MBC-CF01(17-18) - Accounts Receivable

2017/18

Weak

MBC Grounds Maintenance

MBC-OR11(17-18) - Street Scene

2017/18

Sound

MBC Housing

MBC-OR06(17-18) - Home Assistance Grants

2017/18

Sound

MBC Housing

MBC-OR07(17-18) - Homelessness

2017/18

Sound

MBC Policy & Governance

MBC-CG01(17-18) - Complaints

2017/18

Sound

MBC Regeneration & Economy

MBC-OR03(17-18) - Business Terrace

2017/18

Sound

MBC Resilience

MBC-CG03(17-18) - Emergency Planning

2017/18

Sound

MBC Subsidiary Companies

MBC-OR12(17-18) - Subsidiary Company Governance

2017/18

N/A

Non-MKS Shared Services

MKS-OR02(17-18) - Food Safety

2017/18

Sound

Non-MKS Shared Services

MKS-OR06(17-18) - Parking Income

2017/18

Sound

Shared Revenues & Benefits

MKS-OR01(17-18) - Debt Recovery Service

2017/18

Strong

Mid Kent HR

MKS-OR03(17-18) - HR Policy Compliance

2017/18

Sound

Mid Kent ICT

MKS-CG04(17-18) - IT Disaster Recovery

2017/18

Sound

Mid Kent Legal Services

MKS-OR05(17-18) - Legal Services

2017/18

Sound

Mid Kent HR

MKS-CF01(17-18) - Payroll

2017/18

Sound

Director of Mid Kent Services

MKS-OR04(17-18) - Land Charges

2017/18

Weak

Shared Revenues & Benefits

MKS-CF02(17-18) - Business Rates

2017/18

Strong

MBC Building Control

M19-AR04 - Building Control

2018/19

Sound

MBC Commissioning & Contracts

X19-IV03 - Procurement Fraud Risk Review

2018/19

N/A

MBC Development Control

M19-AR12 - Planning Enforcement

2018/19

Weak

MBC Digital & Transformation

M19-AR15 - Transformation

2018/19

Sound

MBC Finance

M19-AR03 - Budgetary Control

2018/19

Sound

MBC Finance

M19-AR01 - Accounts Payable

2018/19

Sound

MBC Housing

M19-AR09 - Housing Allocations

2018/19

Sound

MBC Museums

M19-AR11 - Museum Income Collection

2018/19

Sound

MBC Policy & Governance

X19-AR04 - General Data Protection Regulations

2018/19

N/A

MBC Regeneration & Economy

M19-AR10 - Markets

2018/19

Sound

MBC Spatial & Strategic Planning

M19-CN01 - Local Plan Project Review

2018/19

N/A

MBC Waste Collection

M19-AR06 - Commercial Waste

2018/19

Sound

Non-MKS Shared Services

X19-AR07 - Licensing Administration

2018/19

Sound

Shared Revenues & Benefits

X19-AR10 - Revs & Bens Compliance Team

2018/19

Sound

Mid Kent HR

X19-AR01 - Absence Management

2018/19

Sound

Mid Kent ICT

X19-AR03 - Cyber Security

2018/19

Sound

Mid Kent Legal Services

M19-AR07 - Declarations of Interest

2018/19

Weak

Mid Kent HR

X19-IV02 - Payroll Fraud Risk Review

2018/19

N/A

Shared Revenues & Benefits

X19-AR02 - Council Tax Reduction Scheme

2018/19

Sound

MBC Communications

M20-AR06 - Social Media

2019/20

Sound

MBC Estate Management

M20-AR03 - Health & Safety

2019/20

Weak

MBC Finance

X20-CON02 - Financial Resilience Index

2019/20

N/A

MBC Finance

M20-AR05 - Corporate Credit Cards

2019/20

Sound

MBC Leisure

M20-AR04 - Parks

2019/20

Sound

Non-MKS Shared Services

X20-AR02 - Civil Parking Enforcement

2019/20

Sound

Mid Kent HR

X20-AR05 - Recruitment

2019/20

Sound

 

 

 


Appendix II: Assurance Ratings

Assurance Ratings 2020/21 (unchanged since 2014/15)

Full Definition

Short Description

Strong – Controls within the service are well designed and operating as intended, exposing the service to no uncontrolled risk.  There will also often be elements of good practice or value for money efficiencies which may be instructive to other authorities.  Reports with this rating will have few, if any, recommendations and those will generally be priority 4.

Service/system is performing well

Sound – Controls within the service are generally well designed and operated but there are some opportunities for improvement, particularly with regard to efficiency or to address less significant uncontrolled operational risks.  Reports with this rating will have some priority 3 and 4 recommendations, and occasionally priority 2 recommendations where they do not speak to core elements of the service.

Service/system is operating effectively

WeakControls within the service have deficiencies in their design and/or operation that leave it exposed to uncontrolled operational risk and/or failure to achieve key service aims.  Reports with this rating will have mainly priority 2 and 3 recommendations which will often describe weaknesses with core elements of the service.

Service/system requires support to consistently operate effectively

Poor – Controls within the service are deficient to the extent that the service is exposed to actual failure or significant risk and these failures and risks are likely to affect the Council as a whole. Reports with this rating will have priority 1 and/or a range of priority 2 recommendations which, taken together, will or are preventing from achieving its core objectives.

Service/system is not operating effectively

 


Recommendation Ratings 2019/20 (unchanged since 2014/15)

Priority 1 (Critical) To address a finding which affects (negatively) the risk rating assigned to a Council strategic risk or seriously impairs its ability to achieve a key priority.  Priority 1 recommendations are likely to require immediate remedial action.  Priority 1 recommendations also describe actions the authority must take without delay.

Priority 2 (High) – To address a finding which impacts a strategic risk or key priority, which makes achievement of the Council’s aims more challenging but not necessarily cause severe impediment.  This would also normally be the priority assigned to recommendations that address a finding that the Council is in (actual or potential) breach of a legal responsibility, unless the consequences of non-compliance are severe. Priority 2 recommendations are likely to require remedial action at the next available opportunity, or as soon as is practical.  Priority 2 recommendations also describe actions the authority must take.

Priority 3 (Medium) – To address a finding where the Council is in (actual or potential) breach of its own policy or a less prominent legal responsibility but does not impact directly on a strategic risk or key priority.  There will often be mitigating controls that, at least to some extent, limit impact.  Priority 3 recommendations are likely to require remedial action within six months to a year.  Priority 3 recommendations describe actions the authority should take.

Priority 4 (Low) – To address a finding where the Council is in (actual or potential) breach of its own policy but no legal responsibility and where there is trivial, if any, impact on strategic risks or key priorities.  There will usually be mitigating controls to limit impact.  Priority 4 recommendations are likely to require remedial action within the year.  Priority 4 recommendations generally describe actions the authority could take.

Advisory – We will include in the report notes drawn from our experience across the partner authorities where the service has opportunities to improve.  These will be included for the service to consider and not be subject to formal follow up process.

 



[1] Shared service with Swale and Tunbridge Wells

[2] Shared service with Swale and Tunbridge Wells

[3] Shared service with Swale

[4] Shared service with Tunbridge Wells