London Borough of LambethS(oazend55ahhchfiqduuvrce2... · weaknesses in the framework of governance, risk management and control and non-compliance with controls which put the achievement

Appendix 1

London Borough of Lambeth Internal Audit and Counter Fraud Annual Report 2014-2015

Contents

INTRODUCTION .................................................................................................................................. 1

1. EXECUTIVE SUMMARY ............................................................................................................. 2

2. HEAD OF INTERNAL AUDIT’S ANNUAL OPINION ................................................................... 3

3. SUMMARY OF INTERNAL AUDIT FINDINGS............................................................................ 5

4. KEY THEMES AND FINDINGS ................................................................................................... 6

Internal Audit - key themes ........................................................................................................................................... 6

Implementation of internal audit recommendations .................................................................................................... 12

Counter Fraud Activity ................................................................................................................................................ 13

ANNEX 1: DETAILED ANALYSIS INTERNAL AUDIT REVIEWS 2014/15 ........................................ 18

ANNEX 2: REPORT CLASSIFICATIONS .......................................................................................... 24

1

Purpose of this report This report summarises the work that the Internal Audit and Counter Fraud Service has undertaken during the financial

year 2014/15 and the key themes - strengths and weaknesses - that we have identified across the Council. The report

contains the overall assessment of the Council’s control environment in the form of the Head of Internal Audit’s Annual

Opinion for 2014/15. It also highlights how responsive management are at implementing recommendations that have

been made as a result of our work and the successful outcomes achieved by the Council’s fraud investigation teams.

Report structure During the rest of this report we have set out the results of the work performed by the Internal Audit and Counter Fraud

Service as follows:

Internal Audit – a summary of Internal Audit work carried out in 2014/15, including key themes identified, an analysis of

report ratings and priority of recommendations and service summaries showing an overview of audit work done in each

department and key findings.

Counter Fraud – a summary of the counter fraud work carried out in 2014/15 by the Internal Audit and Counter Fraud

Service, along with the Insurance and Parking investigation teams, including key outcomes for the Council.

In this report, we have drawn on the findings and assessments included in all of the reports issued, including those that,

at this time, remain in draft. It should, therefore, be noted that the comments made in respect of any draft reports are still

subject to management response.

Introduction

2

Overview of work performed Internal Audit This report outlines the internal audit work we have carried out for the year ended 31 March 2015.

The Public Sector Internal Audit Standards (PSIAS) require the Head of Internal Audit to provide an annual opinion,

based upon and limited to the work performed, on the overall adequacy and effectiveness of the organisation’s framework

of governance, risk management and control (i.e. the organisation’s system of internal control). This is achieved through

a risk-based plan of work, agreed with management and approved by the Corporate Committee, which should provide a

reasonable level of assurance, subject to the inherent limitations described below. The opinion does not imply that

Internal Audit has reviewed all risks relating to the organisation.

The Council’s Corporate Committee agreed the internal audit plan for 2014/15 on 2 April 2014. We have worked with

senior management throughout the year to ensure that the audit reviews actually undertaken continue to represent a

focus on high risk areas, in the light of new and ongoing developments, both internally and externally, impacting on the

Council. As a result of the regular and ongoing dialogue with management, some changes were agreed to the Plan

during the year, with changes being reported to Corporate Committee through the year. Some projects have been added

to or removed from the Plan, others have been consolidated or split into separate elements, and the timing of a number of

others has been changed to accommodate new items. The changes to the plan are summarised in the table below.

Original

plan

Reviews

deferred to

2015/16

Reviews

no longer

required

Additions

to the plan

Total

Systems covered by the Continuous

Auditing and Monitoring programme

15 - - - 15

Schools audits/themed reviews 23 - 1 24

Risk-based audits/grant claims 54 (16) (10) 13 41

Reports not at final stage as at

2013/14 Annual Report

19 19

Total 111 (16) (10) 14 99

For 2014/15, 99% of the reviews covered in the Annual Internal Audit Plan have been completed (excluding those that

have been cancelled or deferred), with good practice being that 90% of an audit plan should be delivered. A number of

reviews have been deferred (16 reviews) in the year due to long term absence within the in house team and 10 reviews

have been cancelled either due to assurance being gathered from other sources or the audit no longer being

relevant/required by management. Of the reviews completed, a final report has been issued for 92% of the reviews, with

the remaining being closed out with management at draft report stage.

Counter Fraud The Counter Fraud work programme for 2014/15 focused on the provision of a value for money service ensuring that

challenging targets were achieved. The Counter Fraud Team focused on the following areas:

Recovering Council properties which have been fraudulently obtained or sublet in partnership with Lambeth Living

and registered social housing providers managing properties within the borough;

Working with registered social housing providers managing properties within the borough to investigate and recover

sublet properties;

Identifying fraudulent benefits overpayments for recovery and sanctioning/prosecuting offenders; and

Investigating allegations of fraud from internal sources and allegations made under the whistleblowing provisions;

Coordinating the Council’s participation in and delivery of the National Fraud Initiative;

Embedding a dedicated Counter Fraud officer in the multi-disciplinary No Recourse to Public Funds (NRPF) team

and working in partnership with four other boroughs in tackling NRPF fraud and ineligibility

Identifying and working on cases which will lead to Proceeds of Crime Act and civil recovery of assets obtained

through fraud; and,

Reviewing and updating the Council’s Counter Fraud policies for approval by Corporate Committee and raise

awareness of the policies and role of staff/managers in preventing and reporting fraud.

1. Executive Summary

3

2. Head of Internal Audit’s Annual Opinion I am satisfied that sufficient internal audit work has been undertaken to allow an opinion to be given as to the adequacy

and effectiveness of governance, risk management and control. In giving this opinion, it should be noted that assurance

can never be absolute and represents an assessment of risks to be addressed. The most that the internal audit service

can provide is reasonable assurance that there are no major weaknesses in the system of internal control.

Basis of opinion

My opinion is based on:

All audits undertaken during the year.

Any follow up action taken in respect of audits from previous periods.

Any significant recommendations not accepted by management and the resulting risks.

The effects of any significant changes in the organisation’s objectives or systems.

Any reliance that is being placed upon third party assurances, such as those from OfSTED, and control weaknesses identified through External Audit procedures.

In a change to previous years, the annual audit opinion is now being developed in line with the standard opinion types promoted by the Public Sector Internal Audit Standards (which are set out in Annex 3).

Opinion

In my opinion for 2013/14 I identified that the Council had maintained an adequate control environment. However,

there were some risk that the system would fail to meet management’s objectives; the organisation needed to improve

the adequacy and effectiveness of governance, risk management and control arrangements as it embedded the new

organisational structure and cooperative commissioning approach and delivered further significant savings. In this

context, and using the PSIAS standard opinion types, our work during 2014/15 has identified that there are some major

weaknesses in the framework of governance, risk management and control and non-compliance with controls which

put the achievement of organisational objectives at risk. This is based on a number of reviews undertaken in specific

areas through the year, although it is noted that we have undertaken other reviews where we have identified good

controls and governance arrangements in place. This means that there are key areas of focus for management to

address over the coming months where low levels of assurance have been obtained. It is noted that while the number

of critical risk reviews has increased from the previous year, a key factor in the overall opinion, the proportion of high

risk reviews has reduced from the previous year. While we have experienced difficulties in closing off some reviews

with management we have also seen an overall improvement in management’s performance in implementing

previously agreed actions for prior year reviews, particularly for high risk items.

It is recognised that a key focus for the incoming Chief Executive who joined the Council in March 2015 is to improve

the organisation’s effectiveness through changes in structure, officer and member governance, management oversight

and performance management arrangements. A number of measures have already been put in place or are due to be

implemented shortly which will strengthen governance, accountability and management oversight across the Council to

drive through the required improvements.

As a result of the above, it is my opinion for 2014/15 that major improvements are required to improve the

adequacy and effectiveness of governance, risk management and control.

I have reached this conclusion because:

We have identified a number of high and medium risk rated weaknesses in individual assignments which we believe are significant in aggregate to the overall quality of the internal control system; and

We have issued three critical risk rated reports, however these are not pervasive to the system of internal control, with a number of reviews receiving positive assurance ratings due to good controls and governance arrangements being in place and improvements noted in the implementation of previously agreed actions.

Please see Section 3: Summary of Findings and Section 4: Key Themes which summarise the nature of our findings

and key themes emerging from our work and which underpin this opinion. A summary has been included below but

Sections 3 and 4 should be read in full to understand our final Opinion.

4

Governance, Accountability and Roles and Responsibilities

There is a lack of clarity surrounding governance arrangements, accountability, associated roles and responsibilities. We raised this as an issue in the 2013/14 opinion and this continues to be a recurrent theme across our 2014/15 reviews. Council structures have been formalised but these have not been consistently embedded across the Council and in several instances we have found that oversight arrangements have not operating as effectively as possible.

Assurance from other sources

We embed the three lines of defence into all of our Internal Audit work and take assurance from third party sources to provide our Opinion. During 2014/15 we found some matters arising from three third parties (Ofsted, HMI Probation and External Audit) which identified some significant control failings which have impacted our overall Opinion. This included Ofsted rating Children’s Services as ‘Inadequate’, a HMI Probation report that although noting some improvements since the last inspection in 2011 it still rated the Youth Offending Service as “poor performing” and external audit highlighting some concerns over the accuracy timeliness of billing to leaseholders. In 2014, Lambeth entered formal monitoring by the ICO because of poor performance responding to FOIs. There has been significant improvement in this area during the last year – performance is markedly improved and the backlog has been reduced to an acceptable level and the ICO has ceased formal monitoring.

New financial systems

Oracle R12 went live on 04/08/14. The transition to a new financial system represents a significant change for an organisation due to the importance of accurate, reliable management information (to underpin decision making), changes to business processes and controls as well as the dependencies of other controls on the system.

Our three reviews of Oracle have identified some weaknesses concerning segregation of duties, system access and system configuration which need to be addressed. The implementation of the new system has also identified issues where controls have failed due to behavioural and cultural issues where goods receipting and the procurement of contracts have not been undertaken in accordance with existing or revised requirements.

Continuous Auditing and Monitoring

This is a key indicator of the strength of the control environment. Our latest report has identified that overall the control environment is stable but there is some evidence of deterioration with five of 15 systems declining this period. This is partly the result of changes to working practices and also changes to teams leading to a loss of knowledge.

High and Critical Risk Audit Reports

We have issued three critical risk and 10 high risk reports this year. These are not pervasive to the entire control environment but are significant in aggregate. In addition, two schools audits were determined to represent critical risk and four were high risk.

Implementation of recommendations

Timely implementation of recommendations is an indicator of the strength of an organisation’s control environment. There has been an improvement in the implementation of high risk recommendations identified through our planned follow up work. However, where we have revisited previously areas we have seen that a number of medium and lower risks have not been implemented following previous cross-cutting reviews. For example: all issues raised in our 2013/14 review of Management Information were re-raised in 2014/15; non-performance of reconciliations has been raised in the last 3 periods of Continuous Auditing and Monitoring (covering a period of 16 months); and our Governance review identified a number of outstanding recommendations from 2013/14 reports on Organisational Capability and Workforce Planning, Budget Monitoring and Risk Management.

Other

Risk management, in particular completion and use of risk registers was a consistent theme across our audits including (but not limited to) Public Health, Looked After Children, Commercial Properties, and Capital Assets – Transfer of Use. The Council’s risk appetite has not been updated in the year as recommended in our 2013/14 review despite the efforts of Risk Management in trying to progress this.

Our reviews of two large repairs contracts managed by Lambeth Living on the Council’s behalf identified weaknesses in the contract management and procurement practices employed by the Council’s ALMO (Arm’s Length Management Organisation). In particular, ensuring these processes extract value for money and that contract management practices are invoked fully to manage significant contractors.

Good practice

Our opinion also considers good practice identified for example improved performance across Schools and Projects & programmes and low risk reports issued for Schools Admissions and Data Quality – Published Data. The Council also retained its Public Services Network (PSN) accreditation which evaluated the IT infrastructure security arrangements. The Council continues to invest in fraud prevention and fraud detection, which is borne out in the improved outcomes achieved by the Counter Fraud Team over the past year.

5

3. Summary of Internal Audit findings During the year we have continued to focus on ensuring appropriate coverage of core systems and systems identified as

High risk in the Annual Internal Audit Plan, along with a range of reviews to provide assurance over key programmes and

projects across the Council.

The table below summarises the report classifications for the risk-based audits undertaken in 2014/15, excluding schools

audits and systems covered by the Continuous Auditing and Monitoring programme, which are shown separately in this

report on page 9. This table shows that the proportion of Critical and High Risk reports has reduced slightly to 42% in

2014/15 compared to 45% in 2013/14, although three reviews have been identified as Critical risk in 2014/15. The

proportion of Medium Risk reports and Low Risk reports is consistent with the previous year.

Number of Reviews (excluding Schools and Continuous Audit)

Report classification 2014/15 2013/14 2012/13

Low Risk 3 10% 4 11% 3 13%

Medium Risk 15 48% 17 45% 9 39%

High Risk 10 32% 16 42% 10 43%

Critical Risk 3 10% 1 3% 1 5%

Subtotal 31 38 23

Programme/Project

Assurance Diagnostic Scores

7 9 -

Grant Claims certified 7 6 -

No Risk Rating and Advisory 13 12 10

Projects in progress 1 1 8

Total 59 66 41

Priority of recommendations

At the time of writing we have made a total of 181 audit recommendations in our reports (both draft and finalised),

excluding schools (2013/14: 191 recommendations), of which 15% were classified as Critical or High risk (2013/14: 25%).

In Section 4 we have set out the key themes and findings identified during our audit work for 2014/15.

Detail of the report ratings and priority of recommendations for each audit can be found at Annex 1.

6

Internal Audit – Executive Summary The Council has gone through a significant change during 2014/15, including:

The implementation of an upgrade to the finance system, Oracle R12;

Ongoing embedding of revised operational structures;

Changes to delivery mechanisms under the Cooperative Council strategy; and

Responding to continued financial pressures (and associated savings requirements) across local government.

On the whole the core internal control environment has remained stable in the period but this level of change and uncertainty has led to some deterioration across the organisation this period. This is demonstrated through a number of key themes and findings which have emerged across out internal audit work. These themes and findings underpin the overall Opinion and have been set out below.

Governance, Accountability and Roles and Responsibilities

One of the key themes contributing to our Opinion is the lack of clarity surrounding governance arrangements,

accountability and associated roles and responsibilities. We raised this as an issue in our 2013/14 annual opinion and

this continues to be a recurrent theme across our 2014/15 audit programme.

Although the Council has formalised its revised structure, this has not consistently been embedded across the

Council and in several instances we have found that oversight arrangements have not operating as effectively as

possible. For example:

Capital Assets – Transfer of Use – This review identified that the Council’s oversight responsibilities for assets transferred to third parties are unclear. Roles and responsibilities have not been defined and it is not always clear how these are aligned to formal terms and conditions. This has resulted in inconsistent interpretation of the Council’s health and safety and maintenance responsibilities.

Adult Social Care - Social Work within Integrated Health Teams– We found roles and responsibilities for the Commissioning and Delivery clusters in relation to the partnership with South London and Maudsley NHS Trust (SLAM) are not clear and the Council’s role concerning performance management and shaping the partnership has not been determined and established.

Contract Reviews – It is a cluster responsibility to ensure that contracts with a value exceeding £500k are being contract managements effectively. Our review found that oversight arrangements of this process are unclear; we were unable to establish how cluster-review is escalated to a high level and there does not appear to be a process for ongoing oversight and monitoring of strategically significant contracts. Given the level of external spend with third parties, and increased financial pressures, it is vital the Council monitors contracts effectively to maximise efficiencies, ensure value for money and enable processes to be as effective as possible.

Looked after Children – We did not see any evidence of how performance monitoring, in particular under-performance, is being used to drive improvements and ensure the service is operating as effectively as possible. Furthermore, issues and action arising from audits performed by the Quality Assurance team were not retained and there was no record of planned actions to rectify these. Both of these areas were cited as key failings as part of an “inadequate” Ofsted report released after our fieldwork we performed.

Continuous Auditing and Monitoring – Our most recent continuous auditing and monitoring report over key financial systems found an increase in the number of control design issues and operating effectiveness issues i.e. where controls were no longer in place or were not working as designed. A frequent reason cited for this was because it was not an individual’s or department’s responsibility and in some instances we could not locate the owner for this control e.g. reconciliation between Housing Benefits and Housing Rents system.

It is vital that lines of responsibility and accountability are clear, both during the transition and as part of business-as-

usual. This needs to include an effective framework for providing assurance (often referred to as the three lines of

defence) to senior management, Members and citizens: service management, corporate/senior management

oversight and independent assurance provided by Internal Audit.

Assurance from other sources

As noted above, we embed the three lines of defence into all of our Internal Audit work, as part of this we have

performed an Assurance Mapping exercise so that we can seek to place reliance on other forms of assurance where

possible: this ensures we focus our resources on areas which have most exposure to give the Council an efficient

and effective audit plan.

4. Key Themes and Findings

7

In compiling this Annual Report, I have taken account of other sources of assurance in arriving at my overall opinion

for 2014/15. These sources include, but are not limited to: the draft Annual Governance Statement compiled by the

Risk Manager with assistance from officers across the Council and in consultation with senior management; reports

by officers to Corporate Committee and other member groups on matters including pensions and treasury

management, risk management, human resources, health and safety and complaints; reports issued by external

regulators such as Ofsted; integrated performance management that combines management information including

performance, finance, risk, stakeholder feedback; reports by other external bodies regarding the Council’s system of

internal control such as the ISA260 report issued by External Audit.

During 2014/15 we found some matters arising from three third party assurances which have impacted our overall

Opinion.

Ofsted

Ofsted’s February 2015 inspection of Children’s Services awarded an overall opinion of “inadequate”. The inspection noted: “widespread or serious failures in the delivery of services for looked after children which result in their welfare not being safeguarded and promoted. Leaders and managers have not been able to demonstrate sufficient understanding of failures and have been ineffective in prioritising, challenging and making improvements in relation to looked after children services.” As noted above, we identified some of these failings

in our 2014/15 review of Looked After Children.

External Audit

The Council received an unqualified audit opinion for 2013/14; however, some significant control weaknesses

were highlighted in their External Audit Report concerning the billing of Section 20 charges to leaseholders. This

included the potential overstatement of balances and untimely invoicing. This is consistent with the findings from

our review of S.20 Leaseholders.

The External Auditors also identified capacity issues within the Council’s finance team that undermined the

Council’s ability to meet key deadlines such as certifying the accounts in accordance with the timescales set by

Accounts and Audit Regulations. Management have focused on improving performance and progress towards

completion of the 2014/15 accounts.

HMI Probation

In 2011, the Lambeth YOS was inspected by HMI Probation. The review identified the YOS at Lambeth as ‘poor

performing’ and issued a set of eight recommendations to improve the service going forward.

A review performed in the current year by HMI Probation found the service was again “poor performing” although

noted some improvement. This is consistent with the findings of a follow up audit performed in the year that found

identified issues with case assessments and case documentation.

Other findings

Some other key findings arising from our audit work, which have contributed to our Opinion are:

o Physical Information Security – a review of three core buildings identified a range of practice from critical to

medium risk, with a number of issues being identified including physical access controls not operating

effectively, sensitive information and records not being stored securely, confidential waste not being treated

appropriately.

o Risk management – risk management, in particular completion and use of risk registers was a consistent

theme across our audits including (but not limited to Public Health, Looked After Children, Commercial

Properties, and Capital Assets – Transfer of Use).

In particular, our reviews of Commercial Properties and Capital Assets - Transfer of Use both identified issues

around how the Council manages the risks arising from transfers of property to third parties and highlighted

issues around commercial decision making and the completeness and accuracy of the Council’s underlying

property records. This could also impact the accuracy of Council’s financial statements.

o Contract management – our reviews of two large repairs contracts managed by Lambeth Living on the Council’s behalf identified weaknesses in the contract management and procurement practices employed by the Council’s Arm’s Length Management Organisation. In particular, ensuring these processes extract value for money and that contract management practices are invoked fully to manage significant contractors.

8

o Implementation of recommendations – timely implementation of recommendations is an indicator of the strength of an organisations control environment. There has been an improvement in the implementation of high risk recommendations. However, where we have revisited previously audited areas as part of our 2014/15 audits we have seen that a number of medium and lower risks that have not been implemented. For example:

Management Information – all issues raised in 2014/15 were also raised in our 2013/14 report.

Governance (and performance) – the Council overall is compliant with CIPFA’s good practice but we found some areas for improvement regarding Organisational Capability and Workforce Planning, Budget Monitoring, Risk Management and Governance which were also raised in 2013/14.

Continuous Auditing and Monitoring – Lack of performance of reconciliations has been raised as an issue

for the last 3 periods.

New financial systems

Oracle R12 went live on 04/08/14. The transition to a new financial system represents a significant change for an

organisation due to the importance of accurate, reliable and appropriate information, changes to business processes

and controls as well as the dependencies of other controls on the system.

We have not identified significant weaknesses in the system but the following items which have been considered in

forming our opinion.

During our review of JPB Controls Assessment, we ran a high level analysis on user access design, based on the responsibilities. We found responsibilities that may be able to access abilities within other Councils.

Our Segregation of Duties review (draft) identified some further violations across business processes. We believe management should implement a plan to review these as well as to re-review those already covered in this report. Management should document any mitigating control points with clear lines of responsibilities. An informed decision can then be made as to the materiality of the risk and its treatment.

Our Hierarchies report (draft at time of writing) identified that there are no well-defined change control procedures being followed for changes related to approval hierarchy components. We also noted that the average time for requisition approval is 1.7 days. This does not suggest that the average requisition is subject to long approval times but we did however 32 requisitions with an approval time of over 30 days which should be investigated by management. These had a total value of £11.5m.

Continuous Auditing and Monitoring (CAM)

CAM is the process of ongoing testing of key controls to assess whether they are operating effectively, and to flag areas and report transactions that appear to circumvent control parameters. CAM uses a combination of manual testing and data mining tools to extract data from the Council’s IT systems, using predetermined parameters to check that controls are operating as designed. 2014/15 was the fifth year in which we have applied continuous auditing and monitoring. The programme now covers the following 15 systems:

Payroll

Accounts payable

Accounts receivable

Cash

Parking

Temporary Accommodation

Housing Benefits

Council Tax

National Non-Domestic Rates

Housing Rents

Housing Repairs

Framework Financials

Contract Monitoring

Pensions Administration

Treasury and Pension Fund Management

CAM results are one of the key measures/indicators of the strength of the control environment. Our latest report has identified that overall the control environment is stable but there is some evidence of deterioration with five of 15 systems declining. This is partly the result of the implementation of the new finance system – Oracle R12 – where and partly the result of changes to teams which has led to a loss of knowledge. For example issues were identified in the running of reports in relation to duplicate payments, retrospective purchase orders and supplier amendments upon the upgrade to Oracle and these controls were not embedded into working practices upon the upgrade occurring.

9

The table on the following page shows the key systems that have been audited during 2014/15, the overall classification of those systems and a comparison to the overall classification in 2014/15.

System Overall

Classification

2014/15

Overall Classification

2013/14

Direction of Travel

2013/14 to 2014/15

Payroll Medium Low

Accounts payable Medium Medium

Accounts receivable Medium Low

Cash Medium Low

Parking Medium Medium

Temporary accommodation Medium Medium

Housing rents Medium Medium

Housing repairs Medium Medium

Council Tax Medium Low

National Non-Domestic Rates Medium Low

Housing benefits Low Medium

Contract monitoring Medium High

Framework Financials Medium Medium

Pension Administration Medium Low

Treasury and Pension Fund Management Low Low

Key: Deteriorated Improved No Change

High and Critical risk reports

As noted on page 2 this report also considers the number of high and critical risk reports we have raised and their

overall impact on the control environment. As part of the internal audit process we work with management to

determine agreed actions to alleviate the control weaknesses identified. A summary of the key issues arising from the

High and Critical risk reports has been presented as follows:

Report Key issues affecting the Opinion

Capital Assets: Transfer of Use (Critical )

Asset transfers to the community have occurred through the Children’s Services Early Adopter programme as well as through the Communities team within Commissioning. Transfers have not been coordinated using a consistent methodology and there is no evidence to demonstrate sharing knowledge or best practice between the two streams. There is limited overarching guidance in place to ensure all required controls are considered and in place;

Annual health and safety audits and quarterly monitoring were not consistently performed in

accordance with requirements and there was no evidence of significant health and safety

issues being followed up; and

Maintenance work identified prior to the handover of asset or structural issues are the responsibility of the Council. There is a backlog of required maintenance and there have been significant delays in performing required works.

Adult Social Care: Social Work in Integrated Health Teams (Critical )

This review was highlighted as an area of concern by management and the scope of the review was tailored around this.

The Section 75 (S75) agreement is the basis of the partnership between Lambeth Council (the Council) and South London and Maudsley NHS Trust (SLAM) to provide mental health services to adults in the borough. We noted that there is currently no up to date, signed S75 agreement in place;

No performance information on mental health services has been reported to the Council by SLAM for 2014/15. There are no targets in place for mental health and performance is not reported to management;

Council staff “made available” to SLAM and work in integrated teams within SLAM are not formally seconded to SLAM and there is no formal agreement that sets out disclaimers. If there were an issue with the work performed by a Council member of staff working at SLAM it is unclear whether the Council or SLAM would be legally responsible; and

10

Partnership meetings have not taken place in accordance with requirements to ensure there is sufficient oversight of the partnership.

Physical Information Security (draft)

(Critical )

A review of three core buildings identified a range of practice from critical to medium risk, with

a number of issues being identified including physical access controls not operating

effectively, sensitive information and records not being stored securely, confidential waste not

being treated appropriately.

Commercial Properties (High )

The Council performs property management services for a small proportion of the portfolio,

mainly relating to properties rented out to voluntary and community organisations. Properties

rented out to third parties did not have an underlying rental agreement outlining the rental

amounts and the agreed use of the property and in certain instances the Council is charging

below market rent but there is no documented rationale or justification to support this decision.

Council records with regards to commercial properties are not up to date and not reconciled to

the accounting fixed asset register. This means there is a lack of consistency in underlying

records maintained and could lead to inaccuracies in the financial statements.

Contract management (High )

Supporting evidence was not obtained to verify performance information produced by suppliers for any of the contracts sampled. Without this validation check, there is a risk that data sent by contractors is inaccurate or incomplete meaning that performance reporting is unreliable or that data is manipulated by contractors to avoid possibly penalty payments for poor performance

Foster Carer Recruitment (High )

Vetting checks need to be performed prior to an individual being recruited as a foster carer. These checks are largely determined by Department for Education (DfE) statutory requirements. Evidence to demonstrate the performance of required vetting checks and ongoing statutory checks was not consistently retained.

Repairs Contract (LL) (High )

There are discrepancies between the KPIs defined in the contract, the annual Task Order and those which are monitored as part of regular reporting. The current process also allows the contractor to input the works completion date onto the system but there is no check of whether this is accurate which could mean that performance information is not accurate.

Public Health (High )

Our review identified a lack of clarity around internal governance arrangements, structures,

roles and responsibilities in light of the transfer of functions into the Council. This makes it

difficult to understand how public health is being managed on a day-to-day basis and where

key decisions are being made.

Section 20- Consultation with tenants (High )

No invoices have been raised by the Home Ownership team for Section 20 qualifying works undertaken in either 2012/13 or 2013/14. This is because the Home Ownership team have not received information relating to the costs incurred for Section 20 work from Property Services. Without this information the Home Ownership team are unable to calculate an accurate final account to each leaseholder, including full details of payment options available.

TMO reviews (Roupell Park, Cowley, Waltham Estate, Holland Rise) (High )

Various issues identified upon considering the design and operating effectiveness of controls around policy and procedure notes, recruitment processes, repairs and maintenance procedures, procurement management, cash handling and the follow up of prior period recommendations.

Good Practice

The following areas of good practice have also been considered in forming our Opinion.

Governance (and performance) - our review identified 5 out of 17 areas as being fully compliant with the best

practice set out in CIPFA’s “Delivering Good Governance in Local Authorities”, with suggested improvements

being made other areas and no areas identified as being non-compliant.

11

Low risk reports were issued in relation to Schools Admissions and Data Quality - Published Data.

There has been an improvement in the Schools audits performed in the year with a decrease in the proportion of

findings classified as Critical or High risk reducing from 24% in 2013/14 to 11% in 2014/15.

Both of our project and programme management reviews (Customer Access and Your New Town Hall) show

an improved score.

A framework of integrated assurance reporting has been introduced in 2014/15 which has embedded financial,

performance, risk management and audit information within management reporting. This facilitates a more holistic

presentation of the assurance position and enables senior management and members to focus on key areas of

concern.

The Council retained its Public Services Network (PSN) accreditation which evaluated IT infrastructure security

arrangements.

Conformance with standards

As Head of Internal Audit I can confirm that the Internal Audit Service, which comprises the In House Internal Audit team

and our external provider, PwC, has carried out an assessment to ensure that the Internal Audit Service is effective when

compared against the standards set by the Chartered Institute of Public Finance and Accountancy. I undertake periodic

reviews of the quality of internal audit work completed and also review all draft and final reports issued. In delivering the

Internal Audit Service, in planning, conducting and reporting on reviews and in compiling this Annual Report, we have

done this in conformance with the requirements of the Public Sector Internal Audit Standards (PSIAS), published by the

Institute of Internal Auditors, which came into effect on 1 April 2013 and the subsequent Local Government Application

Note in respect of PSIAS published by CIPFA.. Under pan-London arrangements agreed in 2013, a peer review of the

Council’s Internal Audit service against the PSIAS was conducted in March 2015 by the London Borough of Hackney.

The review found that Internal Audit ‘fully conforms’ to the PSIAS in 12 of the 17 areas assessed, with minor

improvements being suggested in the remaining five areas which were assessed as ‘generally conforms’. The overall

assessment concluded that the Internal Audit service ‘generally conforms’ to the PSIAS, with no areas of non-

conformance being identified. Actions are already being put in place to address the suggested enhancements identified.

Schools audits During 2014/15 we undertook 22 school audits, nine more than the previous year. Our work involved carrying out targeted

internal audit testing to assess the adequacy and effectiveness of financial management and other risk assessed sub-

processes within each school visited. Our review was based on CIPFA guidance regarding schools audits, and aligns to

the areas covered by the Schools Financial Value Standard.

Schools Overall Report Classification:

The following trend table provides an overview of the direction of travel for a 3-year period:

Number of reviews

Report classification 2014/15 2013/14 2012/13

Low Risk 8 36% - - 1 8%

Medium Risk 8 36% 6 46% 6 50%

High Risk 4 18% 7 54% 4 34%

Critical Risk 2 10% - - 1 8%

Total 22

13

12

One of the two critical risk reports is based on a critical risk finding and a high risk finding; the other report is based on four high risk findings.

Schools Recommendation Analysis

We made a total of 140 audit recommendations for schools (2013/14: 113 recommendations, 2012/13: 127 recommendations); of which 11% were classified as Critical or High risk (2013/14: 24%, 2012/13: 13%). A further 19 advisory recommendations were made and in 149 instances no exceptions were identified, with the majority of these being in combined assurance areas: Budgetary Control (Schools Finance), Health & Safety, Risk Management and Data

12

Protection. A number of no exceptions were recorded in areas tested by Internal Audit: Inventory, Employees (Payroll) and Invoiced Expenditure the main areas.

There has been a decrease in the percentage of High risk findings from the previous year. Controls around employee

appointments, payments for goods and services, contract management and approval are currently the main areas of

concern.

A summary report will be issued to all schools summarising the findings of the individual reviews and the actions which

governing bodies should take to ensure that controls in these areas are appropriate and effective. This is an important

aspect of our work as it gives governing bodies and school management teams the opportunity to review and improve

their existing arrangements prior to audit and improve the level of assurance they are likely to receive.

The schools audit programme and approach have been reviewed and it is intended that 25 schools will be audited per

year from 2015/16 onwards utilising the same total audit days allocated to schools in the previous year. This will ensure

that each school is audited within a three year cycle.

Implementation of internal audit recommendations A programme of implementation reviews was carried out in 2014/15 to assess the implementation of Critical and High

priority audit recommendations. The table below shows the number of recommendations reviewed by the in-house audit

team and the percentage of those which are evidenced as being implemented/partially implemented or not implemented,

by level of risk.

Total Recs

%

Recs

% Recs not

implemented %

Recs reviewed Implemented partially

implemented

Critical Risk 2 2 100% (100%) 0 0% (0%) 0 0 (0%)

High Risk 48 38 79% (62%) 8 17% (36%) 2 4% (2%)

Medium Risk 161 138 86% (57%) 19 12% (37%) 4 2% (5%)

Low Risk 92 80 87% (92%) 8 9% (8%) 4 4% (0%)

Totals 303 258 85% (63%) 35 12% (34%) 10 3% (3%)

* Comparative percentage figures are provided in brackets for 2013/14 implementation reviews reported in the

previous year’s annual report.

Based on the data in the table above, overall, management has implemented or partially implemented 97% (same as

2013/14) of all recommendations reviewed with only 3% having not been implemented. There has been an improvement

in the proportion of recommendations fully implemented (up from 63% to 85%). It is crucial that High Priority

recommendations are implemented promptly if the Council is to improve its overall control environment and therefore we

are pleased to note this level of performance has been maintained during 2014/15. No instances were found where

management stated that they had implemented a recommendation but were not able to evidence this.

13

Counter Fraud Activity

The Council continues to invest appropriate resources into the prevention and detection of fraud and in pursuing those

committing fraud against to Council to recover money and assets lost through fraud and profits made by fraudsters

through their unlawful activities. As a result, the improved outcomes for 2014/15 over the previous year in both

preventing and detecting fraud demonstrate the value and necessity of the investment made in counter fraud activity

when the Council has reduced resources to provide services to citizens and significant savings to deliver in the future.

The Counter Fraud Team that deals with local taxation, housing and internal fraud, along with the teams investigating

parking and insurance fraud, have had a successful year and have once again demonstrated the value that they bring to

Lambeth. This is apparent when we take into account that the teams have identified £4,653,243.59 from overpayments

and savings, an increase on 2013-14 of more than 50%. In addition, a total of 48 individuals were given official warnings,

31 persons found to have been engaged in fraudulent activity have been sanctioned and a further 69 were prosecuted.

The deterrent effect of this activity should not be underestimated.

The investigation of benefit fraud transferred from Lambeth to the DWP Single Fraud Investigation Service (SFIS) on

1 February 2015. Lambeth retains responsibility for the investigation of council tax support fraud.

Successes and Outcomes

The following table contains details of successful outcomes by the Counter Fraud Team, along with the work undertaken by the Insurance Investigators and the Parking Investigations Team:

Housing Fraud

Recommendations for Recovery 139

Properties Recovered 93

Estimated saving from Recoveries £1.674m

Prosecutions Secured 7

RTB discounts prevented 10

Value of RTB discounts prevented £987,700

Benefit Fraud

Prosecutions 17

Sanctions (cautions and administrative penalties) 30

Value of fraudulent overpayments identified £977,544

Internal Fraud

Investigation reports issued 37

Dismissals/contract terminations 2

Resignations taken after investigation 1

Written warnings issued 1

Management action 3

No further action 3

Criminal prosecution (third party) 2

Advisory/proactive reviews 12

Prospective candidate not selected 1

Investigations pending outcome 12

Insurance Fraud

Fraudulent insurance claims prevented 24

Value of fraudulent claims prevented £566,000

14

Parking Fraud

Blue Badges recovered 64

Estimated annual saving £448,000

Successful prosecutions 52

Cautions issued 1

The Counter Fraud Team has had a successful year in spite of the challenges surrounding the transfer of the benefit investigations function to SFIS. The team still managed exceed the targets set for benefit fraud by securing sanctions or prosecuting 47 offenders and identifying almost £1m in fraudulent overpayments. Internal Audit and Counter Fraud (IACF) also recovered 93 social housing tenancies and completed 37 internal investigations.

Housing Fraud

Housing fraud is the most resource intensive function carried out by the fraud team in Lambeth, as it is in many other London boroughs. Councils have recognised the need to invest in tenancy investigations given the widespread incidence of tenancy fraud, particularly in the London area where the differential between social housing rents and those in the private rented sector is greatest. Lambeth was at the forefront of this change in focus introducing a tenancy fraud team more than ten years ago. The Cut the Queue project commenced in October 2011 when Lambeth took the decision to provide more resources to tackle with tenancy fraud. The project ran through until March 2013 was a great success resulting in 83 property recoveries. The end of the project saw an increase in funding from the Housing Revenue Account to support a larger core team of tenancy investigation officers. The core team has dealt with all reactive referrals during 2014-15, in addition to carrying out proactive exercises into subletting of Lambeth stock and right to buy applications. A significant development in recent months was the introduction of the Prevention of Social Housing Fraud Act 2013, on 15 October 2013. This makes subletting a criminal offence and allows councils to prosecute those found to be subletting their property on or after 15 October 2013. Unlawful profit orders can also be applied to those who are found to have sublet their tenancies for a profit. During 2014-15 IACF prosecuted 7 persons that had committed tenancy fraud; three involving right to buy applications and another four that had sublet their properties. Of these cases only one was prosecuted under the new legislation as the others involved offences prior to October 2013. IACF is currently pursuing a number of cases where proceedings under the Prevention of Social Housing Fraud Act will be taken.

Case Study A recent completed investigation saw a former tenant who had fraudulently purchased her Lambeth property jailed. Judy Thomas bought a property in Heath Road from Lambeth council under the right to buy scheme in 2003 with a discount of £38,000. However, it became apparent several years later that Thomas had not been resident at the Heath Road property at the time of the purchase. In order to support her claim that she wasn’t liable for the council tax arrears, Thomas had provided evidence including copies of a tenancy agreement and bank statements showing rent being received for the Heath Road property proving that she had been renting out the property since 2001. This invalidated the right to buy as she was not resident in the property when the purchase was made and was therefore in breach of her tenancy. The case was referred to the Lambeth Counter Fraud Team to investigate who were able to establish that Thomas had been living with her husband in Ilford since 1994. As Thomas had been subletting the property her declaration that this was her principal home was proven to be false and consequently the case was referred to the council’s legal team for criminal prosecution. She was sentenced on 15 December 2014 to 18 months in prison. Legal Services is currently taking action against Thomas under Proceeds of Crime legislation in order to recover the criminal benefit she has obtained.

15

DCLG Funding

In early 2013 Lambeth secured funding of £200,000 providing two dedicated officers to carry out investigations on behalf of housing associations over the period from June 2013 to March 2015. During the project IACF worked with the following five housing associations: Amicus Horizon, Family Mosaic, Hyde, Notting Hill and Peabody. During the period IACF seconded tenancy officers from both Notting Hill Housing and Amicus Horizon to work as investigation officers, enabling them to transfer the skills learned from Lambeth investigation officers to their colleagues when returning to their substantive posts. As a result of the project IACF has to date recovered a total of 40 properties on behalf of the housing associations. In addition, there are 30 cases that have been recommended for recovery and are being dealt with by the housing associations and a further 16 live investigations. IACF anticipates that the target to recover 70 properties set at the commencement of the project will be exceeded once all live cases have been completed. The case referred to previously that was prosecuted under the Prevention of Social Housing Fraud Act originated from this project and demonstrates joint working between IACF, Lambeth Legal Services and Amicus Horizon.

Case study Owen Simms, a tenant of Amicus Horizon, sublet his property in March 2014. The person he sublet the property to contacted Amicus when, after only a week in the property, he discovered that it was a social housing property and not owned by Simms as he had been led to believe. IACF, working in partnership with Amicus Horizon, investigated the case and obtained sufficient evidence to prosecute Simms. The case was prosecuted by Lambeth Legal Services and on 18 November 2014 Simms was sentenced in his absence. He was fined £1,100 and ordered to pay costs of £500.

Right to Buy

The right to buy (RTB) maximum discount has increased significantly in recent years, from £38,000 to £102,700. This has

proved to be extremely beneficial to tenants that wish to purchase their home, but has also been seen as an incentive for

fraudsters to obtain a significant discount when purchasing a property that they have no entitlement to purchase.

IACF has worked closely with the RTB Team in preventing ten applications from going ahead and recovering three

properties in the process. IACF also prosecuted three persons for RTB fraud.

Case study In one case, Dr Enamuna Enobakhare applied to purchase a Lambeth property on the Heath Road estate under RTB with a discount of £100,000. The case was referred to IACF as there were concerns that Enobakhare was subletting the property. IACF established that he was actually living in Romford at a property owned by his wife, was registered to vote there and was also registered there with the NHS, insurance companies, various government agencies and his employer. Enobakhare claimed he was living the Lambeth address and was therefore entitled to purchase it as a discount under the RTB scheme. However, he was interviewed under caution by Lambeth officers and the weight of evidence against him led to his right to buy claim being refused. When the case was heard in the civil court he was ordered to give up the Lambeth tenancy and pay costs of £7,321. Lambeth then instigated criminal proceedings against Enobakhare. In court he admitted failing to disclose to the Council that he was not living at the Lambeth property. He was convicted at Blackfriars Crown Court on 6 February 2015 and was sentenced to carry out 80 hours of unpaid work and ordered to pay costs of £3,000 and a victim surcharge of £60.

16

Benefit Fraud

The benefit fraud function within IACF had a very successful year, despite extremely limited resources and having benefit investigations transferred to SFIS on 1 February 2015. The team secured 30 sanctions and 17 prosecutions and identified £977,544 in fraudulent overpayments in the process.

Case studies In one case investigated jointly with DWP, Antoine Audon was prosecuted for failing to declare significant levels of income from his successful career as a DJ. He was found guilty of fraudulently obtaining benefits from both DWP and Lambeth in excess of £40,000 and was sentenced to 9 months in custody. In another case prosecuted by the Crown Prosecution Service, Maria Lucas was found to have claimed benefits in her late mother’s name. Lucas failed to report that her mother had passed away and claimed benefits from DWP and Lambeth in her name. She fraudulently claimed in excess of £25,000 from Lambeth in housing and council tax benefits. On 7 October 2014 she was sentenced 12 months in custody for offences against Lambeth and DWP.

The case involving Diane Ashley and Rudolph Pink was finally resolved in March 2015, three years after conviction. The case had been featured previously on the BBC TV series, Saints and Scroungers. Diane Ashley and Rudolph Pink failed to declare they were a married couple and lived together whilst claiming benefits separately, each claiming that the other was their landlord. They also failed to declare ownership of several properties in the South East. They were both convicted of benefit fraud totalling £125,000 and were convicted in April 2012. Pink was sentenced to 10 months in custody whilst Ashley was given a suspended sentence.

In March 2015 the Council secured, under Proceeds of Crime legislation, a total order including confiscation, compensation and costs of over £229,500. Through this the Council is due to receive a confiscation payment of around £35,000 which has to be paid by the defendants within the next 12 months.

Publicity

All prosecutions deemed suitable are given appropriate publicity via the Communications Team. In addition to previous instances of working with the BBC on Saints and Scroungers, IACF has been working in recent months with two other forthcoming BBC productions. Britain on the Fiddle is a prime-time production that should be televised later in the year and will feature benefit investigations carried out by IACF officers. IACF has also worked with another production company who are making a BBC programme dedicated to tenancy fraud. The yet to be named series is likely to be on our screens in a daytime slot later in the year and will feature several Lambeth cases.

Internal Fraud

The Internal Fraud officers at Lambeth have successfully investigated all allegations received. In addition, the Senior Investigator on the team who is accredited as a financial investigator has worked on several financial investigations across IACF, Planning and Trading Standards. A recent investigation carried out by the Internal Fraud Team has highlighted a long term, high value fraud. A data matching exercise linked an employee’s details with self-directed support payments. A lengthy and complex investigation was conducted and established that an estimated £280,000 in public funds had been misappropriated. This relates to just one care package paid out in respect of one Lambeth family. Details have recently been referred for Lambeth Legal Services to consider bringing criminal charges. Subsequently, IACF has launched further investigations into 3 more care packages where fraud is suspected. Payments of self-directed support are often significant in value and, where such large amounts of money is available; there is always the potential for fraud. IACF are liaising with management to ensure that correct processes are in place to ensure that payments are made appropriately and all suspicions of fraud referred to IACF.

17

Seconded Police Officer

Lambeth has utilised the services of a seconded police officer since 2006. The current officer has been working within the

Internal Audit and Counter Fraud Service since January 2011. This arrangement continues to be a great success. Over

the past 12 months the officer has led on or assisted in the conclusion of cases which have resulted in fraud, savings and

recoverable assets in excess of £469,000 being identified and recovery action planned or in progress, along with the

recovery of 7 social housing properties. Current cases in which the officer is working on involve potential fraud, losses

and savings in excess of £562,000 and have led or are likely to lead to the recovery of 8 Council housing properties

(estimated annual saving of £142,000, based on previous Audit Commission assessment).

MOPAC Funding

IACF has had a member of their team working closely with Lambeth’s Tackling Gang Violence Team since May 2013; a project funded by the Mayor’s Office for Policing and Crime. The officer has been involved in various exercises with the team in addition to carrying out numerous investigations in support of Police investigations into criminal activity by gang members. The project has been further extended into 2015-16 with the IACF officer continuing to carry out work exclusively for the Gang Violence Reduction Team and working colleagues from the Metropolitan Police.

Insurance Fraud

The insurance fraud function has successfully prevented 24 claims with a value of £566,000. This demonstrates the value of the service, which has two dedicated investigators carrying out investigations into potentially fraudulent claims.

Case study One case involved a claimant by the name of Barry Upfold who alleged that he had tripped on a damaged pavement in Lambeth and suffered a knee injury. At the time there was insufficient evidence to deny the claim and Lambeth settled with a payment of £16,350. At a later date information came to light that Upfold had made a similar claim to Croydon using a different solicitor. He was arrested by the seconded police officer and subsequently charged with two counts of fraud. He was found guilty of two counts of fraud at Inner London Crown Court and on 22 September 2014 was sentenced to 11 months imprisonment suspended for two years. Upfold was fined £1,000 and ordered to pay Lambeth compensation of £2,500.

Parking Fraud

The Parking Investigations function has successfully prosecuted 52 offenders whilst warning or cautioning 49 others where prosecution wasn’t deemed to be the most appropriate course of action.

Case study One successful prosecution involved a person who was found to be using an expired blue badge on 9 April 2014. A vehicle was found to be parking in a disabled bay in Gresham Road whilst displaying an expired badge. The badge had expired on 22 December 2013. The badge was registered to Marion Morris. Ms Morris was invited to attend interviews but failed to attend. She was convicted in her absence; fined £1,200 and ordered to pay costs of £316 and a victim surcharge of £20.

18

Annex 1: Detailed analysis internal audit reviews 2014/15 Deteriorated Improved No Change

Project Progress Report

classification

Direction of Travel Recommendations

C H M L Advisory

CROSS CUTTING

Budget Monitoring Final Medium N/A – our previous review was Advisory - - 4 1 -

Contract reviews Final High risk Deteriorated - 1 5 1 -

Review of Matrix system Final Medium N/A – no previous review performed - - 4 - -

Quality of Management Information Final Medium No change - - 2 - -

Data Quality – published data Final Low N/A – no previous review performed - - - 3 -

Capital Programme – Additional plan item Final Medium N/A – no previous review performed - - 3 2 -

Capital Assets – Transfer of Use Draft Critical N/A – no previous review performed - 3 5 - -

Governance (and Performance) Final Advisory N/A - management letter - - - - -

Target Operating Model Deferred to

15/16

N/A - deferred N/A – deferred to follow on from the Governance

review

- - - - -

Data Quality – Performance Indicators Deferred to

15/16

N/A - deferred N/A - deferred - - - - -

Creative Commissioning – managing risks and opportunities Cancelled N/A -

cancelled

N/A – this review was cancelled as this area was

reviewed as part of our review of Commissioning

- - - - -

Citizen Engagement Cancelled N/A -

cancelled

N/A – this review was cancelled as elements were

included in Governance and performance

- - - - -

Risk Management Cancelled N/A -

cancelled

N/A – this review was cancelled at request of

management

- - - - -

Finance Structure Cancelled N/A -

cancelled


management and replaced with the Capital

Programme review

- - - - -

Casework Management Cancelled N/A -

cancelled


management

- - - - -

Total FM Contract Cancelled N/A -

cancelled

N/A – this review was cancelled as an independent

third party was commissioned by the Council to

review this contract

- - - - -

19


classification


C H M L Advisory

Ethical Governance Cancelled N/A -

cancelled

N/A – this review was cancelled as elements were

included in Governance and performance

- - - - -

CORE PROCESS REVIEWS

Looked after Children and Payments under Section 17 Final Medium N/A – no previous review performed - - 4 1 -

Commercial Properties Final High N/A – no previous review performed - 2 3 1 -

Foster Carer recruitment Final High N/A – no previous review performed - 2 4 - -

School Admissions Final Low risk N/A – no previous review performed - - 1 2 -

Changes in local taxation arrangements Final Medium N/A – no previous review performed - - 3 1 -

Youth Offending Service Follow Up – Additional plan item Final Medium Improved, one high risk finding remaining - 1 1 - -

Validation of profit-share agreement on development

– Additional plan item

Final Advisory N/A – no previous review performed - - - - -

Contract termination (LL) – Additional plan item Final Advisory N/A – no previous review performed - - - - -

Repairs contract (LL) – Additional plan item Final High N/A – no previous review performed - 1 8 3 -

TMO Health Check – Angell Town RMO – Additional plan item Final Medium Improved - 1 1 1 -

No Recourse to Public Funds Final Advisory N/A – IACF input into project team. Review of

controls being conducted in 2015/16.

- - - - -

S106 Agreements/ Community Infrastructure Levy (CIL) Final Medium N/A – no previous review performed - - 4 1 -

Social Work in Integrated Health Teams Draft Critical N/A – no previous review performed - 4 2 - -

Better Care Fund Deferred to

15/16

N/A - deferred N/A – deferred - - - - -

Integration project (Adult Social Care) Deferred to

15/16


Health and Safety Deferred to

15/16


Car Parking (Permits) Deferred to

15/16


Planning Applications Deferred to

15/16


20


classification


C H M L Advisory

Commercial waste/Trade waste/recycling review Deferred to

15/16


London Permit Scheme Deferred to

15/16


Accessible transport Deferred to

15/16


PROJECT AND PROGRAMME MANAGEMENT

Customer Access Final 3.0 Improved - - - - -

Your New Town Hall Final 2.9 Improved - - - - -

Organisational Development Fieldwork in

progress

N/A – in

progress

N/A – fieldwork is in progress - - - - -

Programme & Project Management (PPM): Overarching report Deferred N/A - deferred N/A – to be consolidated with 15/16 reviews - - - - -

PPM: Focused reviews of high risk areas Cancelled N/A -

cancelled

N/A –assurance being obtained through ongoing

programme of PPM reviews

- - - - -

KEY FINANCIAL SYSTEMS

Continuous

auditing &

monitoring

programme

Payroll Two reports

for the year:

Period 1

(Apr-Sep

2014) and

Period 2 (Oct

2014-Feb

2015) – final

reports

issued

Medium 21 control design Improvements were made during the

year. Accounts payable Medium Accounts receivable Medium Cash Medium Parking Medium Temporary accommodation Medium Housing rents Medium Housing repairs Medium Council Tax Medium Non-Domestic Rates Medium Housing benefits Low Contract monitoring Medium Framework Financials Medium Pension Administration Medium Treasury and Pension Fund Management Low

21


classification


C H M L Advisory

IT AUDITS

Oracle- Segregation of Duties Draft Advisory N/A – no previous review performed - - - - -

Oracle Hierarchies review Draft Advisory N/A – no previous review performed - - - - -

Oracle R12 JPB Controls Assessment – Additional plan item Final Advisory N/A – no previous review performed - - 10 9 -

Oracle – Post Implementation Review and Lessons Learnt Cancelled N/A -

cancelled

N/A – cancelled as sufficient assurance gained from

other Oracle reviews

- - - - -

Oracle – GRC module Cancelled N/A -

cancelled

N/A – cancelled as sufficient assurance gained from

other Oracle reviews

- - - - -

Systems – IT General Controls Deferred to

15/16


SCHOOLS

Holmewood Nursery School and Tree House Children's Centre Final Low risk N/A - - 1 4 -

Maytree Nursery School and Children's Centre Final Low risk N/A - - 1 3 3

Triangle Nursery School Final Medium N/A - - 3 3 -

Elm Wood Primary School Final Medium N/A - - 4 3 -

Hill Mead Primary School Final Low risk N/A - - 2 4 -

St. Andrew's CE Primary School Final Critical N/A - 4 3 3 -

St. Jude's CE Primary School Final Medium N/A - - 3 3 1

St. Mary's RC Primary School Final Medium N/A - 1 2 1 2

Vauxhall Primary School Final Low risk N/A - - 2 3 1

Christ Church Streatham CE Primary School Final Medium N/A - 1 2 3 1

Crown Lane Primary School Final Medium N/A - - 4 2 1

Henry Fawcett Primary School Final Low risk N/A - - 1 5 -

Julian's Primary School - West Norwood site Final High N/A - 1 3 7 -

St. Luke's CE Primary School Final Low risk N/A - - 1 4 -

St. Mark's CE Primary School Final Medium N/A - - 3 3 1

22


classification


C H M L Advisory

Archbishop Tenison's School Final High N/A - 2 - 6 2

Bishop Thomas Grant RC School Final Low risk N/A - - 2 2 -

St. Gabriel's College Final High N/A - 2 6 1 2

Lilian Baylis Technology School Final Medium N/A - 1 2 1 3

London Nautical School Final Critical N/A 1 1 3 5 -

Norwood School Final High N/A - 1 4 3 1

The Elmgreen School Final Low risk N/A - - 1 3 1

Schools Survey: Extremism and Radicalisation Final Advisory N/A - - - - -

Schools 2014/15 Summary Report Final Advisory See Schools Audits section in main report - - - - -

OTHER REVIEWS

Community Currency in Action – September 2014 – Additional

plan item

Final N/a Grant claim certified – no issues - - - - -

Community Currency in Action – March 2014 – Additional plan

item


Community Currency in Action – May 2015 – Additional plan

item


Troubled Families Funding Q1 Final N/a Grant claim certified – no issues - - - - -




Assurance Mapping – Additional plan item Final N/A Used to inform the 2015/16 Internal Audit Plan - - - - -

Lambeth Living Due Diligence – Additional plan item Final Advisory N/A – advisory support - - - - -

Waste Contract – Additional plan item Final Advisory N/A – advisory support - - - - -

Integrated Reporting Final Advisory N/A - Management information report - - - - -

Corporate health reviews Deferred to

15/16

N/a - deferred N/A – deferred - - - - -

23


classification


C H M L Advisory

Information/ Records Management – Physical Information

Security review

Draft Critical Issues arising in previous reviews identified again

through this review

1 1 1 - -

Local Asset Registers Deferred to

15/16

TBC TBC - - - - -

Penalties & Fines Deferred to

15/16

TBC N/a – first review of this area - - - - -

Reviews carried forward from 2013/14 (not at Final Report stage in the Annual Report for 2013/14)

Temporary Accommodation Final Medium N/A – no previous review performed - 3 2 -

Section 20 – Consultation with Tenants Final High N/A – no previous review performed - 2 3 4 -

Public Health Final High N/A – no previous review performed - 1 4 - -

Portable Storage Media Final Medium N/A – no previous review performed - - 4 1 -

Change Management Final Medium N/A – no previous review performed - - 3 3 -

Procurement Final Medium N/A – no previous review performed - - 3 1 -

Commissioning Final Advisory N/A – no previous review performed - - - - -

Organisational Capability and Workforce Planning Final Medium N/A – no previous review performed - - 5 - -

TMO Health Check – Wellington Mills Final Medium No change - - 3 4 -

TMO Health Check – Roupell Park Final High Improved - 3 2 1 -

TMO Health Check – Cowley Final High Deteriorated - 2 2 2 -

TMO Health Check – Blenheim Gardens Final Low Improved - - 1 3 -

TMO Health Check – Waltham Estate Final High Improved - 1 5 1 -

TMO Health Check – Holland Rise Final High Deteriorated - 2 2 - -

Housing Capital Programme (Project and Programme review) Final 2.6 N/a – no previous review performed - - - - -

Support Services Review (Project and Programme review) Final 2.1 N/a – no previous review performed - - - - -

Customer Access (Project and Programme review) Final 2.7 N/a – no previous review performed - - - - -

Organisational Development Plan (Project and Programme review) Final 1.9 N/a – no previous review performed - - - - -

Vauxhall Nine Elms Battersea (Project and Programme review) Final 2.2 N/a – no previous review performed - - - - -

TOTAL 1 40 154 48 19

Annex 2: Report classifications For each review undertaken (excluding schools) the overall report classification is determined using a points-based

system which is set out below. This approach allocates points for individual audit findings based on the risk rating of

those findings as follows:

Findings Rating Points

Critical 40 points per finding

High 10 points per finding

Medium 3 points per finding

Low 1 point per finding

The total number of points for the findings identified determines the overall report classification. The four classifications

are equivalent to the four assurance levels that were used up to 2011/12, when they were replaced with the current report

classifications from 2012/13. The table below shows the report classifications used from 2011/12 onwards and the

equivalent assurance level used in the past.

Report Classification Points Equivalent Assurance Level up to 2011/12

Low risk

6 points or less High Assurance

Medium risk

7– 15 points Moderate Assurance

High risk

16– 39 points Limited Assurance

Critical risk

40 points and over No Assurance

The table on the following page is also included in all audit reports to assist management in understanding the level and

nature of each risk associated with the findings in the report.

Key to Individual Finding Ratings

Finding Rating Assessment rationale

Critical

A finding that could have a:

Critical impact on operational performance; or

Critical monetary or financial statement impact; or

Critical breach in laws and regulations that could result in material fines or consequences; or

Critical impact on the reputation or brand of the organisation which could threaten its future

viability.

High


Significant impact on operational performance; or

Significant monetary or financial statement impact; or

Significant breach in laws and regulations resulting in significant fines and consequences; or

Significant impact on the reputation or brand of the organisation.

Medium


Moderate impact on operational performance; or

Moderate monetary or financial statement impact; or

Moderate breach in laws and regulations resulting in fines and consequences; or

Moderate impact on the reputation or brand of the organisation.

Low


Minor impact on the organisation’s operational performance; or

Minor monetary or financial statement impact; or

Minor breach in laws and regulations with limited consequences; or

Minor impact on the reputation of the organisation.

Advisory A finding that does not have a risk impact but has been raised to highlight areas of inefficiencies or

good practice.

Annex 3: Public Sector Internal Audit Standards – annual opinion categories

Type of opinion When to use this type of opinion

Adequate and effective

generally only low risk rated weaknesses found in individual assignments; and

none of the individual assignment reports have an overall report classification of either high or critical risk.

Improvement required

medium risk rated weaknesses identified in individual assignments that are not significant in aggregate to the system of internal control; and/or

high risk rated weaknesses identified in individual assignments that are isolated to specific systems or processes; and

none of the individual assignment reports have an overall classification of critical risk.

Major improvement required

medium risk rated weaknesses identified in individual assignments that are significant in aggregate but discrete parts of the system of internal control remain unaffected; and/or

high risk rated weaknesses identified in individual assignments that are significant in aggregate but discrete parts of the system of internal control remain unaffected; and/or

critical risk rated weaknesses identified in individual assignments that are not pervasive to the system of internal control; and

a minority of the individual assignment reports may have an overall report classification of either high or critical risk.

Unsatisfactory high risk rated weaknesses identified in individual assignments that in aggregate are pervasive to the system of internal control; and/or

critical risk rated weaknesses identified in individual assignments that are pervasive to the system of internal control; and/or

more than a minority of the individual assignment reports have an overall report classification of either high or critical risk.

Disclaimer opinion An opinion cannot be issued where insufficient internal audit work has been completed. In these situations, it should be concluded (in a disclaimer opinion) that insufficient work has been undertaken to form an opinion.

Documents

London Borough of LambethS(oazend55ahhchfiqduuvrce2... · weaknesses in the framework of governance, risk management and control and non-compliance with controls which put the achievement