Meeting documents

Background Paper

Date

File Reference

None

Appendix II

To HCW/15/51

Internal Audit Report

DAWRRC Small Bodies Return

Devon Authorities Waste Reduction & Recycling Committee

DRAFT

May 2015

Devon Audit Partnership

The Devon Audit Partnership has been formed under a joint committee arrangement comprising of Plymouth, Torbay and Devon councils. We aim to be recognised as a high quality internal audit service in the public sector. We work with our partners by providing a professional internal audit service that will assist them in meeting their challenges, managing their risks and achieving their goals. In carrying out our work we are required to comply with the Public Sector Internal Audit Standards along with other best practice and professional standards.

The Partnership is committed to providing high quality, professional customer services to all; if you have any comments or suggestions on our service, processes or standards, the Head of Partnership would be pleased to receive them at robert.hutchins@devonaudit.gov.uk.

Confidentiality and Disclosure Clause

This report is protectively marked in accordance with the National Protective Marking Scheme. Its contents are confidential and, whilst it is accepted that issues raised may well need to be discussed with other officers within the organisation, the report itself should only be copied/circulated/disclosed to anyone outside of the organisation in line with the organisation's disclosure policies.

This report is prepared for the organisation's use. We can take no responsibility to any third party for any reliance they might place upon it.

1

Introduction

The Devon Authorities' Waste Reduction and Recycling Committee (DAWRRC) was established under the Provisions of Section 101 of the Local Government Act 1972. It is funded by a levy from City, Borough and District Councils as well as Devon County Council (DCC).

This audit was carried out as a result of DAWRCC being required to have their accounts shown as an entity, to be accounted for separately, and to have submitted an annual Small Bodies Return to the External Auditor.

2

Audit Opinion

High Standard - The system and controls in place adequately mitigate exposure to the risks identified. The system is being adhered to and substantial reliance can be placed upon the procedures in place.

3

Executive Summary

The applicable internal control objectives described in the Small Bodies Return have been met throughout the financial year. The budget monitoring statements can easily be traced to the ledger records and the figures have been transposed to the Small Bodies Return.

As we previous audits we confirm that DAWRRC do not have a separate bank account and so a bank reconciliation process is not required. There are neither any fixed assets nor does it have its own petty cash records. These internal objectives were not considered during the course of this audit.

The detailed findings and recommendations regarding these issues and less important matters are described in the Appendices. Recommendations have been categorised to aid prioritisation. Definitions of the priority categories and the assurance opinion ratings are also given in the Appendices to this report.

4

Assurance Opinion on Specific Sections

The following table summarises our assurance opinions on each of the areas covered during the audit. These combine to provide the overall assurance opinion at Section 2. Definitions of the assurance opinion ratings can be found in the Appendices.

Areas Covered

Level of Assurance

1

Inappropriate accounting records have been maintained.

High Standard

2

Payments made do not comply with financial regulations, are not approved, supported by invoices or appropriately accounted for.

High Standard

3

Risks to objectives are not identified or managed.

High Standard

4

Budgetary control processes are inadequate

High Standard

5

Income has not been received, properly recorded or promptly banked.

High Standard

6

Petty cash payments are not approved, supported by receipts or appropriately accounted for.

Not applicable

7

Salaries are paid without approval and PAYE and NI requirements are not met.

High standard

8

Asset and investment registers are incomplete and inaccurate.

Not applicable

9

Periodic and year end bank account reconciliations are not carried out.

Not applicable

10

Accounting statements have not been prepared on the correct basis, agreed to the cash book or supported by an adequate audit trail.

High Standard

The findings and recommendations in relation to each of these areas are discussed in the "Detailed Audit Observations and Action Plan" appendix. This appendix records the action plan agreed by management to enhance the internal control framework and mitigate identified risks where agreed. Management are required to agree an action plan, ideally within three weeks of receiving the draft internal audit report. Written responses should be returned to Martin Woolcott (martin.woolcott@devonaudit.gov.uk) or to Jane Quick (jane.quick@devonaudit.gov.uk ). Alternatively a meeting to discuss the report and agree the action plan should be arranged with the named auditors.

5

Issues for the Annual Governance Statement

The evidence obtained in internal audit reviews can identify issues in respect of risk management, systems and controls that may be relevant to the Annual Governance Statement.

Based on the evidence we have found that in this audit there are no issues arising from the risk management, systems and controls examined that would warrant inclusion in the Annual Governance Statement.

6

Scope and Objectives

We have used the internal control objectives stated in the Annual Small Bodies Return for the year ended 31st March 2015.

The internal control objectives are listed below:-

Appropriate accounting records have been kept properly throughout the year.

The body's financial regulations have been met, payments were supported by invoices, all expenditure was approved and VAT was properly accounted for.

The body assessed the significant risks to achieving its objectives and reviewed the adequacy of arrangements to manage these.

The annual taxation or levy or funding requirement resulted from an adequate budgetary process; progress against the budget was regularly monitored; and reserves were appropriate.

Expected income was fully received, based on correct prices, properly recorded and promptly banked; and VAT was appropriately accounted for.

Petty cash payments were properly supported by receipts, all expenditure was approved and VAT appropriately accounted for.

Salaries to employees and allowances to members were paid in accordance with the body approvals, PAYE and NI requirements were properly applied.

Asset and investment registers were complete and accurate and properly maintained.

Periodic and year-end bank account reconciliations were properly carried out.

Accounting statements prepared during the year were prepared on the correct accounting basis, agreed to the cash book, were supported by an adequate audit trail from underlying records, and, where appropriate, debtors and creditors were properly recorded.

The three areas of control which do not apply to DAWRCC are petty cash controls, bank account reconciliations and assets and investments:

DAWRRC does not have petty cash and this has been confirmed.

Receipts and payments for DAWRCC pass through the Devon County Council bank accounts and are reflected within the DCC Finest accounting system, where DAWRCC has its own budget code against which income and expenditure is recorded.

DAWRRC does not hold any Fixed Assets or Investments.

Additionally implementation of the recommendations made in the previous audit was reviewed.

7

Inherent Limitations

The opinions and recommendations contained within this report are based on our examination of restricted samples of transactions / records and our discussions with officers responsible for the processes reviewed.

8

Acknowledgements

We would like to express our thanks and appreciation to all those who provided support and assistance during the course of this audit.

Robert Hutchins
Head of Partnership

Appendix A

Detailed Audit Observations and Action Plan

1. Area Covered: Inappropriate accounting records have been maintained.

Level of Assurance

Opinion Statement:

Accounting records have been provided and compared to the DCC Finest system and found to be correct.

High Standard

No observations and recommendations recorded.

2. Area Covered: Payments made do not comply with financial regulations, are not approved, supported by invoices or appropriately accounted for.

Level of Assurance

Opinion Statement:

The sampled invoices for the financial year 2014/15 were found to have been paid in accordance with DCC Financial Regulations. It was noted that all invoices are date stamped for when received. One invoice sampled was dated 31st August but not paid until 18th November 2015. However as the invoice was date stamped for 18th November also provides assurance that invoices are paid promptly and in accordance with new EU regulations.

High Standard

No observations and recommendations recorded.

3. Area Covered: Risks to objectives are not identified or managed.

Level of Assurance

Opinion Statement:

A risk register is maintained and is subject to annual review and acknowledgment by Committee.

High Standard

No observations and recommendations recorded.

4. Area Covered: Budgetary control processes are inadequate

Level of Assurance

Opinion Statement:

The annual budget is approved each year by Committee. Monitoring reports are made to each Committee meeting every four months advising of variances.

High Standard

No observations and recommendations recorded.

5. Area Covered: Income has not been received, properly recorded or promptly banked.

Level of Assurance

Opinion Statement:

Income is generated from the "top-slicing" of levies made to the local councils for the collection of their waste. This income is traceable to the ledger.

High Standard

No observations and recommendations recorded.

6. Area Covered: Petty cash payments are not approved, supported by receipts or appropriately accounted for.

Level of Assurance

Opinion Statement:

DAWRRC does not operate its own separate Imprest petty cash account.

Not applicable

No observations and recommendations recorded.

7. Area Covered: Salaries are paid without approval and PAYE and NI requirements are not met.

Level of Assurance

Opinion Statement:

There is one member of staff that is directly paid from the DAWRRC project. The salary is paid through DCC Payroll via HR One and examination of the payments made confirm that Income tax and National Insurance is deducted as expected. These payments are accountable in the finance system Finest and payroll records.

The Committee have noted that the salary has been paid out of the top-slicing income stream in accordance with the internal control objectives.

High standard

No observations and recommendations recorded.

8. Area Covered: Asset and investment registers are incomplete and inaccurate.

Level of Assurance

Opinion Statement:

DARRC does not hold any assets only a small list of items on an inventory list that is monitored annually.

Not applicable

No observations and recommendations recorded.

9. Area Covered: Periodic and year end bank account reconciliations are not carried out.

Level of Assurance

Opinion Statement:

DAWRRC does not have its own separate bank account. It uses the Devon County Council bank account to pay items and so no bank reconciliations take place.

Not applicable

No observations and recommendations recorded.

10. Area Covered: Accounting statements have not been prepared on the correct basis, agreed to the cash book or supported by an adequate audit trail.

Level of Assurance

Opinion Statement:

All general ledger accounting records were found to be fully supported by appropriate documentation and agreed to the Small Bodies Return.

High Standard

No observations and recommendations recorded.

Appendix B

Definitions of Audit Assurance Opinion Levels

Assurance

Definition

High Standard.

The system and controls in place adequately mitigate exposure to the risks identified. The system is being adhered to and substantial reliance can be placed upon the procedures in place. We have made only minor recommendations aimed at further enhancing already sound procedures.

Good Standard.

The systems and controls generally mitigate the risk identified but a few weaknesses have been identified and / or mitigating controls may not be fully applied. There are no significant matters arising from the audit and the recommendations made serve to strengthen what are mainly reliable procedures.

Improvements required.

In our opinion there are a number of instances where controls and procedures do not adequately mitigate the risks identified. Existing procedures need to be improved in order to ensure that they are fully reliable. Recommendations have been made to ensure that organisational objectives are not put at risk.

Fundamental Weaknesses Identified.

The risks identified are not being controlled and there is an increased likelihood that risks could occur. The matters arising from the audit are sufficiently significant to place doubt on the reliability of the procedures reviewed, to an extent that the objectives and / or resources of the Council may be at risk, and the ability to deliver the service may be adversely affected. Implementation of the recommendations made is a priority.

Definition of Recommendation Priority

Priority

Definitions

High

A significant finding. A key control is absent or is being compromised; if not acted upon this could result in high exposure to risk. Failure to address could result in internal or external responsibilities and obligations not being met.

Medium

Control arrangements not operating as required resulting in a moderate exposure to risk. This could result in minor disruption of service, undetected errors or inefficiencies in service provision. Important recommendations made to improve internal control arrangements and manage identified risks.

Low

Low risk issues, minor system compliance concerns or process inefficiencies where benefit would be gained from improving arrangements. Management should review, make changes if considered necessary or formally agree to accept the risks. These issues may be dealt with outside of the formal report during the course of the audit.

Confidentiality under the National Protective Marking Scheme

Marking

Definitions

Not Protectively Marked
or
Unclassified

Documents, information, data or artefacts that have been prepared for the general public or are for the public web pages or can be given to any member of the public without any exemptions or exceptions to release applying, have the classification NOT PROTECTIVELY MARKED. Some organisations will also use the word UNCLASSIFIED for publicly available information.

Official

The majority of information that is created or processed by the public sector. This includes routine business operations and services, some of which could have damaging consequences if lost, stolen or published in the media, but are not subject to a heightened threat profile.

Secret

Very sensitive information that justifies heightened protective measures to defend against determined and highly capable threat actors. For example, where compromise could seriously damage military capabilities, international relations or the investigation of serious organised crime.

Top Secret

The most sensitive information requiring the highest levels of protection from the most serious threats. For example, where compromise could cause widespread loss of life or else threaten the security or economic wellbeing of the country or friendly nations.