Upload
dothuan
View
228
Download
1
Embed Size (px)
Citation preview
This report is not for reproduction publication or disclosure by any means to unauthorised persons.
FINAL
Internal Audit
Report
Corporate
Governance Document Details:
Reference: 2.24 2014/15
Date: 19 March 2015
Internal Audit Report – Corporate Governance
2
www.worcestershire.gov.uk
Executive Summary 1.
1.1 Introduction
As part of the 2014/15 Internal Audit Plan an audit of the Corporate Governance was carried out with the points of focus being:
The overall Governance and Assurance arrangements in place; The processes and procedures for compiling the Annual Governance Statement
(AGS); and A comparison of the Council’s AGS against best practice
1.2 Background
Over the past few years Worcestershire County Council, like many other public authorities, has faced significant financial challenges. In response to these challenges the county council will see it changing from one largely of service delivery to one with an emphasis on commissioning, leading regeneration, growth and jobs, while still maintaining statutory responsibilities and focusing on the things people have said are important to them, including those about looking after vulnerable adults and children.
To support this period of change effectively, the Council requires strong corporate governance and assurance arrangements.
In accordance with the requirements of the CIPFA/SOLACE Delivering Good Governance in Local Government Framework, the annual governance statement should provide a brief communication regarding the review of governance that has taken place and the role of the governance structures involved. It should be high level, strategic and written in an open and readable style. It should be focused on outcomes and value for money.
1.3 Objectives and Scope of the Audit The following control objectives were reviewed as part of the audit: CO1: We conducted a high level review of the overall Governance and Assurance arrangements in place for Worcestershire County Council; CO2: We reviewed whether Worcestershire County Council's processes and procedures for compiling the Annual Governance Statement (AGS) are robust; CO3: We determined how Worcestershire County Council's process for compiling the AGS compares against best practice.
Internal Audit Report – Corporate Governance
3
www.worcestershire.gov.uk
1.4 Overall Opinion
1.4.1 The overall audit opinion for the review is Significant Assurance – the definition of which is set out in the table below:
Governance and Assurance arrangements
1.4.2 Particular areas of good practice noted were the use of a Balanced Scorecard which can be found on the Council’s website and a risk management process underpinned by a risk management policy statement and strategy (N.B. we did not test the operating effectiveness of the risk management process as this objective forms the basis of a separate review).
1.4.3 The Council does not currently have a document which clearly sets out its ‘Governance and Assurance Framework’ (the ‘Framework’). Through interviews with staff and a desktop review of policies, procedures and other key documents we have mapped out the Framework. This map is included at Appendix 1.
1.4.4 One improvement that would enhance the Framework is documentation of the Council’s governance and assurance arrangements which ensure adequate oversight of its partnerships and commissioning arrangements. As the Council begins to commission more of its services, contract governance will become pivotal to the Framework.
AGS compilation process
1.4.5 No issues were noted with regards to compliance with the AGS requirements set out in ‘Delivering Good Governance in Local Government: a Framework’ published by CIPFA/SOLACE in June 2007.
1.4.6 Our testing of the assurance statements used to collect information on the operation of controls and risk management across the directorates identified
Overall Audit Opinion
Full assurance Full assurance that the system of internal control meets the organisation’s objectives and controls are consistently applied.
Significant assurance
Significant assurance that there is a generally sound system of control designed to meet the organisation’s objectives. However, some weaknesses in the design or inconsistent application of controls put the achievement of some objectives at some risk.
Limited assurance
Limited assurance as weaknesses in the design or inconsistent application of controls put the achievement of the organisation’s objectives at risk in some of the areas reviewed.
No assurance No assurance can be given on the system of internal control as weaknesses in the design and/or operation of key control could result or have resulted in failure(s) to achieve the organisation’s objectives in the area(s) reviewed.
Internal Audit Report – Corporate Governance
4
www.worcestershire.gov.uk
some inconsistencies in the templates used.
1.4.7 The Council does not currently have a document which clearly sets out its AGS compilation process. Through interviews with staff and a desktop review of policies, procedures and other key documents we have mapped out the process. This map is included at Appendix 2.
AGS – best practice
1.4.8 A benchmarking review of the content and compilation process of the Council’s 13/14 AGS was carried out against six other 13/14 AGS.’ This review identified the following areas of best practice that could enhance the Council’s AGS in the future:
identify and provide commentary on key governance issues/challenges facing the Council, for example reporting on the issues highlighted within limited assurance internal audit reports and the actions taken to address these
collate and provide information on the Council’s culture and values;
include a discussion of how CIPFA’s key principles of good governance are embedded into the Council’s governance and assurance framework;
provide the reader with information on how the AGS was compiled;
provide hyperlinks to information referred to within the AGS e.g. link to the Constitution; and
provide explanatory or supplemental diagrams, graphs and/or other pictorial information to aid the reader’s understanding.
Summary of Conclusions
1.1. The conclusion for each control objective evaluated as part of this audit was as follows:
Control Objective Assurance
Full Substantial Moderate Limited
CO1: To conduct a high level review of the overall Governance and Assurance arrangements in place for Worcestershire County Council
CO2: To confirm that Worcestershire County Council's processes and procedures for compiling the Annual Governance Statement (AGS) are robust
CO3: To determine how Worcestershire County Council's process for compiling the AGS compares against best practice
Internal Audit Report – Corporate Governance
5
www.worcestershire.gov.uk
1.2. The recommendations arising from the review are ranked according to their level of priority as detailed at the end of the report within the detailed audit findings. Recommendations are also colour coded according to their level of priority with the highest priorities highlighted in red, medium priorities in amber and lower priorities in green. In addition, the detailed audit findings include columns for the management response, the responsible officer and the time scale for implementation of all agreed recommendations.
1.3. Where high recommendations are made within this report it would be expected that they should be implemented within three months from the date of the report to ensure that the major areas of risk have either been resolved or that mitigating controls have been put in place and that medium and low recommendations will be implemented within six and nine months respectively.
Limitations Regarding The Scope of The Audit 2.
The following areas did not form part of this audit:
This review was not a full controls audit of corporate governance and the scope of our work was limited to the areas identified in the Terms of Reference.
This review did not include a review of Risk Management which is subject to a separate review.
Acknowledgements 3.
Audit would like to thank all involved for their assistance during this review
Internal Audit Report – Corporate Governance
6
www.worcestershire.gov.uk
Internal Audit Report – Corporate Governance
7
www.worcestershire.gov.uk
Detailed Audit Findings 4.
Ref. Priority Findings Risk Arising/ Consequence
Recommendation Management Response Responsibility and Timescale
Recommendation Implemented
(Officer & Date)
CO1: To conduct a high level review of the overall Governance and Assurance arrangements in place for Worcestershire County Council 1 Medium Governance of partnerships
and commissioning arrangements There is a lack of process documentation setting out the Council’s governance and assurance arrangements which ensure adequate oversight of its partnerships and commissioning arrangements. .
As the Council begins to commission more of its services, contract governance will become increasingly important to its Governance and Assurance Framework. Without clear contract governance and monitoring arrangements in place, there is an increased risk of poor contract performance potentially impacting on service outcomes as well as failed partnerships.
Document and communicate a Council wide approach to governing partnerships and commissioning arrangements.
This will be developed over the summer 2015 taking into account advice from the Director of Commercial and Change
Senior Finance Manager 30/09/15
2 Medium Clarity of Governance and Assurance Framework: The Council does not currently have a single document which clearly sets out its ‘Governance and Assurance Framework’ (the
Lack of clarity over arrangements which makes it difficult to identify where there are potential gaps and/or weaknesses in the framework
Develop a Governance and Assurance Framework (and associated process notes). The map contained in Appendix 1 could be used as a starting point.
This will be developed over the summer 2015 taking into account advice from the Director of Commercial and Change
Senior Finance Manager 30/09/15
Internal Audit Report – Corporate Governance
8
www.worcestershire.gov.uk
Ref. Priority Findings Risk Arising/ Consequence
Recommendation Management Response Responsibility and Timescale
Recommendation Implemented
(Officer & Date)
‘Framework’).
3 Low Documentation Review:
It was noted that the
Constitution which forms part
of the Governance and
Assurance Framework was
last reviewed in November
2013.
The Annual Governance Statement references the Constitution. If the Constitution is not kept up to date, this could lead to inaccurate references being made in the Annual Governance Statement.
The Constitution should be reviewed before the end of 2014/15. All key governance documents including policies and procedures should be subject to review on at least an annual basis.
The Council's constitution is regularly reviewed by the Head of Legal and Democratic Services. The next revision is planned to be considered at May 2015 Full Council meeting and will be released immediately afterwards
Head of Legal and Democratic Services To be completed and considered at the next Full Council meeting in May 2015
CO2: To confirm that Worcestershire County Council's processes and procedures for compiling the Annual Governance Statement (AGS) are robust 4 Medium Reporting of significant
issues within the AGS
In 1 out of the 4 assurance
statements sampled
(2013/14 statements) four
‘significant risk and control
issues’ were noted by the
Director however they did not
feature in the Annual
Governance Statement.
Upon discussion with the
Chief Financial Officer we
understood that the reported
issues had been re-assessed
in the context of the Council
Reduced transparency of significant issues identified at a directorate level.
When significant issues reported within the assurance statements are not included within the Annual Governance Statement (AGS) the reasons for the exclusion should be documented and signed off by the Chief Executive and Leader of the Council prior to signing the AGS as well as the Audit and Governance Committee prior to approving the AGS.
The AGS templates will be updated to make it clearer the impact of potential significant issues and their mitigating strategies for the 14/15 assurance process.
Senior Finance Manager 30/03/15
Internal Audit Report – Corporate Governance
9
www.worcestershire.gov.uk
Ref. Priority Findings Risk Arising/ Consequence
Recommendation Management Response Responsibility and Timescale
Recommendation Implemented
(Officer & Date)
overall and it was concluded
that they did not require
reporting as significant
issues within the AGS.
This decision and who was
involved in making the
decision was not
documented or signed off by
the Audit Committee or Chief
Executive or Leader of the
Council.
5 Medium Clarity of AGS compilation process: The Council has not documented its AGS compilation process.
Lack of clarity over arrangements which makes it difficult to identify where there are potential gaps and/or weaknesses in the process.
Document and communicate the AGS compilation process. The map contained in Appendix 2 could be used as a starting point.
This will be developed over the summer 2015 making good use of the process map as developed during the audit fieldwork
Senior Finance Manager 30/09/15
6 Medium Standardisation of assurance statement templates
1 out of 4 assurance
statements sampled
(2013/14 statements) that
were intended for the
Director of Resources had
been assigned to the Chief
Executive and Leader of the
Council.
1 out of 4 of the statements
also referred to The
Inconsistencies in the operation of this key control within the AGS compilation process could lead to risks and/or significant issues being missed and not properly reported.
A standard template should be used for all assurance statements. Guidelines for completion of the assurance statements should be drafted and circulated. Quality checks should be performed by the recipient (in this case the Director of Resources) to ensure the
The AGS templates and guidance will be updated for the 14/15 assurance process. The S.151 role that was within the former role of Director of Resources is now replaced by the Chief Financial Officer
Senior Finance Manager 30/03/15
Internal Audit Report – Corporate Governance
10
www.worcestershire.gov.uk
Ref. Priority Findings Risk Arising/ Consequence
Recommendation Management Response Responsibility and Timescale
Recommendation Implemented
(Officer & Date)
Corporate Plan Refresh
13/17 as opposed to
Worcestershire Future Fit
Corporate Plan 2013-2017
which was referred to in the
other 2 statements.
In addition, the format of the
Summary of Effectiveness
appendix differed across all 4
statements.
statements are complete, addressed appropriately and adhere to the standard template.
CO3: To determine how Worcestershire County Council's process for compiling the AGS compares against best practice 7 Medium AGS Enhancements
The AGS process and what
is reported in the AGS is
considered compliant with
the basic requirements of the
‘Delivering Good
Governance in Local
Government: a Framework’.
This is supported by the
13/14 external audit report.
However, a benchmark
exercise looking at six AGS’
from the 2013/14 financial
year which are considered to
be good AGS examples
identified that there is scope
for the Council to collect and
report on additional
Looking at the direction of travel more broadly around UK Corporate Governance requirements for companies and most recently Foundation Trusts demonstrates that the requirements of what is reported in a governance statement are increasing. By implementing some of the best practice recommendations, the Council will be better placed to respond to any changing requirements in the future.
Suggested enhancements drawing on best practice include:
identify and provide commentary on key governance issues/challenges facing the Council, for example reporting on the issues highlighted within limited assurance internal audit reports and the actions taken to address these
collate and provide information on the Council’s culture and values;
include a discussion of how CIPFA’s key
Most of these improvements can be implemented for the 2014/15 AGS as practicable.
Senior Finance Manager 30/06/15
Internal Audit Report – Corporate Governance
11
www.worcestershire.gov.uk
Ref. Priority Findings Risk Arising/ Consequence
Recommendation Management Response Responsibility and Timescale
Recommendation Implemented
(Officer & Date)
information that would
enhance the reader’s
understanding of the
Council’s governance
framework and its
effectiveness.
principles of good governance are embedded into the Council’s governance and assurance framework;
provide the reader with information on how the AGS was compiled;
provide hyperlinks to information referred to within the AGS e.g. link to the Constitution; and
provide explanatory or supplemental diagrams, graphs and/or other pictorial information to aid the reader’s understanding.
Key to Priorities
High
This is essential to provide satisfactory control of serious risk(s)
Medium
This is important to provide satisfactory control of risk
Low
This will improve internal control
Limitations relating to the Internal Auditor's work
Internal Audit Report – Corporate Governance
12
www.worcestershire.gov.uk
The matters raised in this report are limited to those that came to our attention, from the relevant sample selected, during the course of our audit and to the extent that every system is subject to inherent weaknesses such as human error or the deliberate circumvention of controls. Our assessment of the controls which are developed and maintained by management is also limited to the time of the audit work and cannot take account of future changes in the control environment.
Internal Audit Report – Corporate Governance
13
www.worcestershire.gov.uk
Appendix 1: Governance and Assurance Framework
Internal Audit Report – Corporate Governance
14
www.worcestershire.gov.uk
Internal Audit Report – Corporate Governance
15
www.worcestershire.gov.uk
Appendix 2: AGS compilation process