CT/12/57 | |
Audit Committee | |
7 December 2012 | |
SIX MONTH INTERNAL AUDIT REPORT 2012/13 | |
Report of the County Treasurer | |
|
|
Please note that the following recommendations are subject to confirmation by the Committee before taking effect. |
Recommendations:
i. That members note the internal audit opinion that the Council's systems contain a satisfactory level of internal control.
ii. That members note the satisfactory performance and achievements of Devon Audit Partnership during the first six months of 2012/13.
iii. That the Council's continuing commitment to the maintenance and enhancement of an anti-fraud culture is endorsed.
1. The key objective of Internal Audit is to provide assurance to Members, Executive Directors and the County Treasurer (as the Council's "section 151 responsible officer") on the adequacy and security of those systems on which the County Council relies for its internal control, both financial and management.
2. The attached report provides the six month audit opinion of the Council's Internal Audit Service (Devon Audit Partnership) and describes the progress to date against the internal audit plans for 2012/13 that were approved by the Audit Committee in March 2012. This work, and the continuing contribution of Devon Audit Partnership to both risk management and anti-fraud arrangements within the Council, lead to an opinion that the Council continues to have an effective framework of control which provides reasonable assurance regarding the effective, efficient and economic achievement of its objectives. The Committee can take assurance from these findings.
Mary Davis
County Treasurer
Electoral Divisions: All
Local Government Act 1972: List of Background Papers
Contact for Enquiries: Robert Hutchins
Tel No: (01392) 382438 Room 180
Background Paper Date File Reference
Nil
There are no equality issues associated with this report
|
|
| |
Internal Audit | |
| |
Devon County Council | |
| |
| |
| |
Internal Audit Monitoring Report First Six Months | |
2012/13 | |
| |
Restricted |
Devon Audit Partnership |
|
The Devon Audit Partnership has been formed under a joint committee arrangement comprising of Plymouth, Torbay and Devon councils. We aim to be recognised as a high quality internal audit service in the public sector. We work with our partners by providing a professional internal audit service that will assist them in meeting their challenges, managing their risks and achieving their goals. In carrying out our work we are required to comply with the CIPFA code of practice for Internal Audit and other best practice and professional standards. |
|
The Partnership is committed to providing high quality, professional customer services to all; if you have any comments or suggestions on our service, processes or standards, the Head of Partnership would be pleased to receive them at Robert.hutchins@devonaudit.gov.uk
|
|
Confidentiality and Disclosure Clause |
|
This report is protectively marked in accordance with the National Protective Marking Scheme. Its contents are confidential and, whilst it is accepted that issues raised may well need to be discussed with other officers within Devon County Council, the report itself should only be copied/circulated/disclosed to anyone outside of the organisation in line with the organisation's disclosure policies. |
|
This report is prepared for the organisation's use. We can take no responsibility to any third party for any reliance they might place upon it. |
|
1 | Introduction |
| |
| This report provides a summary of the first six months performance against the internal audit plan for the 2012/13 financial year, highlighting the key areas of work undertaken and summarising our main findings and recommendations aimed at improving controls.
The key objectives of the Devon Audit Partnership (DAP) have been to provide assurance to the Audit Committee, Section 151 Officer (County Treasurer) and senior management on the adequacy and security of the systems and controls operating within the Council and to provide advice and assurance to managers and staff.
|
2 | Opinion |
|
|
| In our opinion, and based upon our audit work completed so far in this year and in previous years, we consider that adequate arrangements are in place to control the operations of Devon County Council.
Where weaknesses have been identified and recommendations made to strengthen controls, management have provided responses to the recommendations reported. Where appropriate, we shall undertake follow up work to ensure that risks continue to be suitably controlled.
|
3 | Performance against the Plan |
| |
| Overall, good progress has been made against the plan agreed with management and the Audit Committee for the 2012/13 financial year. As at the end of September 2012, 50.5% of the planned audits had commenced (against a target of 50%) and 48% of the expected number of audit days had been provided (against a target of 48%).
Due to the fluidity of audit delivery some audits relating to the previous year (2011/12) have been brought to a conclusion in 2012/13.
At this stage we remain confident that we will be able to deliver the internal audit plan as expected.
|
4 | Executive Summary |
| |
| Appendix A details the assurance opinions for individual audits so far completed in 2012/13. The definitions of the assurance opinion ratings are given in Appendix C.
Corporate Services - In our opinion, and based upon our audit work undertaken so far in this year and in previous years, we consider that adequate controls are in place for this group of services.
|
| In consultation with the client, amendments have been made to the Corporate Services HR section of the audit plan. These changes have been reflected within this report.
To date, no significant concerns have been identified from our work; previous years work identified that the overall control environment was sound and effective, and this view continues.
People - In our opinion, and based upon our audit work completed during the 2012/13 financial year to date and in previous years, we consider that adequate controls are in place within this realm.
Overall, good progress has been made against the plan agreed with management for the 2012/13 financial year. A number of audits which were work in progress as at 31st March 2012 have been completed. Additional work has been commissioned during the course of the 2012/13 financial year to date, these pieces of additional work have either been completed or currently remain ongoing; as a result certain audits originally agreed at commencement of the financial year have, with the agreement of management, been rescheduled for the latter part of the year.
We have been involved, and continue to be involved where necessary, with a number of critical projects for the People service area.
The audit of Fostering, in keeping with that of Adoption Services in the previous financial year, identified weaknesses in respect of IT based business systems. We consider that changes to systems and procedures may result in opportunities for operational efficiencies.
Place - In our opinion, and based upon our audit work completed during the 2012/13 financial year to date and in previous years, we consider that adequate controls are in place to control this realm.
Progress in the first six months has included completion of work carried forward from 2011/12, undertaking follow up audits on areas where significant findings were made in the previous year and reporting to committee thereon, and progressing assignments in accordance with timescales agreed with management.
Schools - We have made good progress in the delivery of our audit plan to schools and headteachers / governing bodies have again been very appreciative of the quality of our service. The requirements to meet the challenges through change to the SFVS (Schools Financial Value Standards) are significant. We are focusing all of our effort to achieve the targets and support schools to the fullest of our ability.
Many revised and improved audit services and processes have been implemented to benefit the audit provided to schools.
Good Standard - our opinion is that the systems and controls in schools mitigate the risks identified in many areas. However, there are some areas that require attention, with the key matters arising from our audits being:-
|
|
understanding of financial management by governors and skills assessment as evidenced by the requirements of the Standard demonstrable financing of plans for raising standards and attainment; and, absence of financial benchmarking.
|
5 | Irregularities |
| |
| Preparations for the 2012/13 National Fraud Initiative (NFI) Data Matching Exercise commenced during the first half of this year, with data from pensions, creditor payments, salaries, blue badges, care homes and parking permits administrated by the Authority, uploaded (via the secure upload portal) to the Audit Commission's NFI website in early October. The exercise, which is run every two years by the Audit Commission, requires all councils to provide data for cross-matching with information supplied by other organisations, such as the Department for Works and Pensions and the NHS, to identify potential cases of fraud and error. The subsequent matching reports should be received back from the Audit Commission at the end of January 2013 and examined either by Internal Audit or provided to relevant departments for their investigation.
|
| Corporate Services work has been carried out in respect of suspected misuse of the Council's email and internet. We have also assisted in the investigation into an allegation of employee misconduct, as well as three cases of potential financial irregularity and continue to provide management with advice on courses of action to take in cases of alleged irregularity
People - We are pleased to report that there have been no significant irregularities brought to our attention so far this year.
Place we have investigated the events and processes that led to a ex-employee receiving salary payments after leaving the Council's employment. The investigation highlighted a number of control weaknesses within the leavers process and with budget monitoring and as a result of our work, a number of changes have been proposed and actioned.
Schools - We have concluded our work on West Exe College and issued our report which the College Governing Body are considering. There were allegations of escalated pay, poor governance, nepotism and misuse of resources. Most of the allegations were founded, but not provable to the extent of fraud. The Headteacher and Deputy Head resigned during the course of the review. The review, although complete, is not closed and therefore comments are restricted.
|
6 | Inherent Limitations |
| |
| The opinions contained within this report are based on our examination of restricted samples of transactions / records and our discussions with officers responsible for the processes reviewed. |
7 | Acknowledgements |
| |
| We would like to express our thanks and appreciation to all those who provided support and assistance during the course of the audits undertaken during the first six months of the 2012/13 financial year. |
| |
| Robert Hutchins |
Appendix A
Assurance Opinion and extract Executive Summaries - First Six Months of 2012-13
Group of services: Corporate Services | ||||
Audit Area | Year | Status | Assurance Opinion | Executive Summary |
Corporate - Finance - Material Systems | ||||
Main Accounting System | 2012/13 | In progress |
| The audit is in progress and it is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Debtors | 2012/13 | In progress |
| The audit is in progress and it is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Income Allocation & Collection | 2012/13 | In progress |
| The audit is in progress and it is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
RMS System | 2012/13 | In progress |
| This is work which is planned over the first three quarters of the year to provide assurance to the external auditor. It is anticipated that a report will be agreed and issued in the fourth quarter. This work also links with work currently ongoing on the Virtual Joint Venture.
|
Bank Reconciliation | 2012/13 | In progress |
| The audit has been completed and is under review. It is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Fixed Asset Register | 2012/13 | In progress |
| The audit has been completed and is under review. It is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Upgrade to Devon Pensions System (Axise)
| 2012/13 | In progress |
| Audit have been informed that the upgrade is progressing and we will provide support and advice on both the IT and business aspects of the project. We have been asked to advise on plans for parallel running between the current and new systems.
|
Finest Application | 2012/13 | In progress |
| We have identified two types of issue concerning change control. The first relates to documentation and, we understand, steps are now being taken to improve present arrangements. The second relates to the level of testing undertaken prior to applying releases to the production environment and is a corollary of the large number of systems (approximately 50) that interface with Finest. The work is currently under review and a report will be issued shortly.
|
Corporate - Finance - Other | ||||
VAT Claim | 2012/13 | In progress |
| The audit has been completed and is under review. It is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Lodged Purchase Cards | 2012/13 | In progress |
| The audit has been completed and is under review. It is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Corporate Finance Additional Work | ||||
Business Master file corruption | 2012/13 | Draft | High Standard | The audit has been completed and the draft audit report issued. The current controls are operating well and can be used to provide assurance against the risk to the Authority. A new web based system is under development which will prevent future corruption of the data and review of this system is included in the IT audit plan. A follow up review is planned to ensure that the recommendations have been addressed. |
Corporate - Human Resources | ||||
CM2000 Project and interface with payroll | 2012/13 | In Progress |
| This is additional work to that originally agreed in the plan and relates to a new system which is being developed to process expenses and mileage claims for care workers. This is initially a Project review to ensure the Devon Way has been followed and all processes mapped. The system will directly interface with the Payroll System and thus this will be reviewed in more detail when this part of the system is ready for testing. |
PRISM upgrade | 2011/12 | In progress |
| The audit is in progress and it is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Payroll | 2012/13 | In progress |
| The audit is in progress and it is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Auto Enrolment | 2012/13 | In progress |
| Project involvement in line with the Authority's requirement to commence auto enrolment under the Governments new pension legislation for February 2013. |
Real Time Information HMRC | 2012/13 | In progress |
| Project involvement in line with the HMRC's new requirements for real time information on tax from April 2013. |
Corporate - IT Audit | ||||
Project Management | 2011/12 | Draft |
| Our findings indicate that some improvements could be made to communications processes, the level of control applied in monitoring the project, and to the linkages between various components of the project management and delivery mechanisms. |
ICT SWGFL Telehouse link | 2011/12 | In progress |
| We have worked closely with senior managers to develop an appropriate and robust approach to this work. We are currently gathering evidence and discussing the arrangements in place at the Trust in order to form our audit opinion.
|
Hosted Services | 2012/13 | Draft | N/A | A review of the Council's current strategy towards the use of externally hosted services has been carried out and the procedures that are in place for acquiring such services examined. The output from this exercise has been to provide a checklist or 'Tool Kit' that potential users of externally hosted computer systems can use to demonstrate that they have considered the risks involved and that they have complied with the Council's approved policies and procedures for acquiring such systems. |
ICT backups | 2012/13 | In progress |
| We are refreshing our assessment performed last year. Additionally, we have contributed to a recently established project within ICT to replace the corporate backup system.
|
Website and Web Services | 2012/13 | In progress |
| We have worked closely with the teams involved to develop an approach that will address the key issues around the work that is already underway to modernize the way in which the council's website and web services are delivered. Fieldwork is under way.
|
Telephony | 2012/13 | In progress |
| A good level of overall control is in place. However, we have identified some issues with the management of mobile devices the recording of which, on asset registers, is inconsistent across the groups of services. The work is currently under review and a report will be issued shortly. |
Database Administration | 2012/13 | In progress |
| The fieldwork for this review is coming to an end and a draft report will be prepared and issued in due course.
|
New Desktop Rollout
| 2012/13 | In progress |
| The project is well managed given the resources available and we are pleased to note the recent enhancement of the project delivery resource. There are challenges in measuring benefits achieved and in measuring end user satisfaction. Our work is currently under review and a report will be issued shortly.
|
Storage Area Network (SAN) | 2012/13 | In Progress |
| Our fieldwork is near completion and a draft report is being prepared which will be issued in due course for management to comment on and agree any recommended actions.
|
Corporate Other | ||||
Information Governance | 2012/13 | On-going |
| Internal Audit have attended recent meetings of the Information Governance Forum and have provided advice and comments on revisions to policies and procedures including FOI.
|
Risk Management incl. Partnership Registers
| 2012/13 | In Progress |
| The audit is in progress and it is anticipated that the report will be issued and agreed in the third quarter of 2012/13.
|
Grants | ||||
Teachers Pensions Return | 2012/13 | Final | N/A | Grant audited, certification signed by County Treasurer and agreed by the external auditor. Records to support the return were found to be of a good standard and complied with the Teachers Pensions Agency requirements. |
Active Devon | 2012/13 | Final | N/A | Records were found to be of a very good standard and the claim was approved within required timescales. |
Making It Local | 2012/13 | Final | N/A | This involved providing post payment supervisory checks on a number of Making It Local schemes prior to return to DEFRA. Records to support the funding were found to be of a good standard and complied with scheme guidelines. |
People Services | ||||||||
Child & Adult Protection | ||||||||
Audit Area | Year | Status | Assurance Opinion | Executive Summary | ||||
Project TEAM - Follow Up | 2011/12 | Final | Improvements Required | We have concluded that the post implementation phase would benefit from some form of continued governance. Executive Management are being kept informed of progress, however there was a lack of guidance being given to officers as to whether the action being taken is acceptable or not. | ||||
Accommodation / rental costs for buildings used for FIS / Social work provision | 2011/12 | Final | Good Standard | A number of premises are utilised by the Family Intervention Service (FIS), Fostering and Adoption Services, Residential Services and Intervention, Permanency and Transition Teams and Atkinson Unit. | ||||
|
|
|
|
| ||||
Education & Learning | ||||||||
Audit Area | Year | Status | Assurance Opinion | Executive Summary | ||||
Learning & Development Partnership - Joint Venture | 2012/13 | Final | High Standard
| The project has continued to be managed competently by the Project Manager and the Project Board.
As with all large projects there have been some challenging situations and by dint of complexity there are still some operational issues to resolve, for example in the areas of property transfers, vehicle operator's licences, secure data sharing and the Managed Services Agreement. We believe, however, that the project has been successful in achieving its main goal; the setting up of a joint venture with Babcock Training Ltd in the form of a limited liability partnership which started to deliver services from April 2012. | ||||
Governance of budgets for SHAD, DAPH, DASH and DAG | 2011/12 | 2nd Draft | Improvements Required | The four School Phase Associations received a total budget of 225,200 funded from the dedicated schools grant (DSG) in 2011-12. The audit identified that there is a draft terms of reference that covers all four Phase Associations however the funding sections are minimal and should be enhanced so that the financial procedures are transparent and accountable to the bodies that they represent. | ||||
Devon Personalised Learning Service | 2011/12 | Draft | Improvements Required | This review identified a number of areas in which either "good" or "high" standard level of assurance has been given, which is much to the credit of all staff involved. However, "improvements required" has been given in a number of areas, which is due to either an absence or breakdown of key controls, or where it is felt that the existing infrastructure / control framework is insufficient to meet the expectations of the forthcoming enforced service changes. In particular, governance and budget management in which the existing arrangements are not deemed to be robust in their current format.
| ||||
Social Care Commissioning | ||||
Audit Area | Year | Status | Assurance Opinion | Executive Summary |
Targeted Support Review | 2012/13 | Ongoing |
| Review continuing, not yet completed. (note - was Supporting People) |
Social Care Provision | ||||
Audit Area | Year | Status | Assurance Opinion | Executive Summary |
Care Leavers | 2011/12 | Final | Improvements Required | Policy & Procedures were found to be in place for Care Leavers but need to include specific detail in certain areas such as further education and claiming Housing Benefit.
A wide range of accommodation is provided for those young persons aged 16 and over. This includes both supported and unsupported accommodation. Bed & Breakfast accommodation is deemed as unsuitable accommodation but has on occasions been used by the Care Leavers team.
|
Fostering
| 2012/13 | Final | Fundamental Weaknesses - ICT
Good Standard - Staff resourcing
| The CareFirst application has not been developed to be used by the Fostering Service, necessitating:- the creation of a multitude of bespoke 'database' solutions (based upon mainstream Microsoft Office applications) in order for the service to operate; to work to "minimum standards", and provide the necessary central government returns.
Resulting in information being fragmented, disparate and, crucially, not providing a 'single source of the truth'. This represents operational risk to the Authority.
|
Atkinson Unit - follow up | 2012/13 | Final | Improvements Required | There were several systems and processes where only "Improvements required" could be given due to the absence of, or breakdown in key controls, namely Amenity Fund, Suspense Account, Purchasing and Payments and the single Central CRB record. Further recommendations have been made to tighten controls in these areas and management are strongly advised to implement these as soon as possible.
|
Integrated Children's Services and Adult Care Management | ||||
Audit Area | Year | Status | Assurance Opinion | Executive Summary |
South Hams & West Devon LD Community Team | 2011/12 | Final | Good Standard | We can confirm that the SW Devon LD Team has significantly improved their financial approval processes and have effective and robust budget monitoring procedures in place. The team has a clear and detailed understanding of budget variances which are monitored throughout the year
|
Personalisation | 2011/12 | Final | Improvements Required | The Council have started to transform systems, processes, staff and services to ensure they are in-line with the Personalisation agenda. However, our audit identified that significant progress still needs to be made to enable it to meet the target of all social care users having an 'authentic' personal budget, with the majority on direct payments.
Uptake of direct payments remains relatively low, resulting in targets having to be revised. Various actions have been proposed to ensure that the Government targets for 1st April 2013 are met. Our audit identified some additional actions or improvements that management should consider:
improve access to clear, transparent information, improve support mechanisms to enable people to access and maintain direct payments, improve marketing of services, have effective processes in place that allow the sharing of good practice between teams; and introduce effective risk management processes to promote consistency across all teams.
|
Place | ||||
Audit Area | Year | Status | Assurance Opinion | Executive Summary |
Planning, Transportation and Environment | ||||
Climate Change Carbon Reduction Scheme | 2012/13 | In progress |
| Internal Audit reviewed the evidence, complied by NPS, to support the County Council's annual CRC Energy Efficiency Scheme submission, as required by the Environment Agency. We were able to provide assurance that the Council has fulfilled its obligations with regard to its annual submission to the prior to the submission deadline of 31st July 2012. A report, following a review of the process, has been prepared and will be issued shortly.
|
Fuel Cards | 2012/13 | In progress |
| This is currently work in progress, but based on our findings to date we have not found any significant issues.
|
Highways and Traffic Management | ||||
Deterioration of the highway. | 2011/12 | Draft | High Standard | We have found the systems in place to be well controlled and operating to high standard. However this does not mean that the highways may not deteriorate as a result of the challenges posed by funding issues, or as a result of adverse weather conditions.
Discussion with the County Insurance Manager has confirmed that there has been no reduction in the apparent appetite of the public to continue to make damage claims against the Highway Authority. However, it is noted that DCC continues to robustly refute significant numbers these. A review of claims lodged against the Authority from 2009 has found that there has not been any significant increase in the claims lodged or paid.
|
Civil Parking Enforcement Validation of agency claims | 2011/12 | Final | Improvements Required | The majority of the field work relating to Civil Parking Enforcement returns was completed by the end of March 2012. However, South Hams and West Devon Councils work in partnership and although officers were able to provide information requested, they experienced difficulties in producing comparable data; this delayed completion of the field work.
|
Peninsula Safety Camera Partnership | 2011/12 | Complete | Good Standard | We are pleased to confirm that the results of our audit lead us to the conclusion that the Peninsula Safety Camera Partnership is operated in accordance with the terms of the agreement and that DCC's exposure to financial and other risks has been properly assessed and is subject to regular review. Overall the partnership appears to be well managed.
|
Virtual Joint Venture (VJV) Partnership (Highways) | 2012/13 | In Progress |
| A working group has been tasked with reviewing and updating the Highway Term Maintenance contract to a target price regime from reimbursement being driven from Bills of Quantity work. Using our bespoke data analysis software Audit is able to provide detailed analyses of where spend is taking place not only by job type, but into expenditure bands. It is hoped that with our input, an efficient and effective checking regime can be implemented which concentrates checks on invoices which fall into high value spending bands, with a lighter touch checking regime for low value invoices. |
South West Highways Invoicing | 2012/13 | In Progress |
| We have carried out the first tranche of our regular reviews of payments to ensure that there is the correct division of duties in the ordering and payment process. However as part of the VJV ongoing work described above, there are proposed changes in relation to payments and the automatic authorisation of some payments. Our work in this area is therefore ongoing into the remainder of the year
|
Highway Improvements, including South Devon Link Road | 2012/13 | In Progress |
| Internal Audit have had initial discussions with the Council's Project Manager regarding project governance surrounding the South Devon Link Road scheme and will continue to maintain a watching brief on progress with the construction.
|
Dangerous Trees | 2012/13 | In Progress |
| We are pleased to report that progress has been made with regards to improving the reporting capabilities of the commercial software. This work is still ongoing and we will therefore be revisiting this assignment in the latter half of this year. |
Capital Development & Waste Management | ||||
Exeter Energy from Waster Project | 2012/13 | Not yet started |
| We will keep a watching brief as this project progresses through its construction phase.
|
Waste disposal in North of County | 2012/13 | In Progress |
| Work is underway to identify the benefits realised by other waste partnerships in the region. |
Capital Development & Waste Management Additional Work | ||||
Devon Association Waste, Reduction & Recycling Committee (DAWRRC) - Waste recycling | 2012/13 | Final | High Standard | The applicable internal control objectives described in the Small Bodies Return have been met throughout the financial year. It was pleasing to acknowledge that the previous audit recommendation had been implemented and the asset register reported to committee.
Following on from the change of practice in 2010/11, correct accounting procedures have been maintained in relation to the year end balances |
In Vessel Composting | 2012/13 | In progress |
| Our examination of the Open Book arrangements at the Deep Moor plant is largely complete and no significant issues have been found; an interim report has been issued. The only item which remains is for us to confirm that the contractors holding account for 2011/12 has been accurately cleared and if any adjustment is due to DCC, it has been received.
|
Jacobs Contract Key Performance Indicators Waste Engineering and Transportation Services (WEATS) | 2012/13 | In progress |
| Field work on this assignment is nearing completion and the draft report will be issued in due course. |
Services for Communities | ||||
Body Removal Contract | 2012/13 | Completed | High standard | Audit were involved in this retendering exercise as part of the project group which included evaluation scoring of tenders received. Given our close involvement with this project, it was decided that we would not issue a formal audit report unless there were any issues to report. We can confirm that contract re-tendering was carried out correctly and in a manner which should identify cost savings. |
Trading Standards Strategic intelligence Unit | 2011/2 | In progress |
| This piece of work was requested in March 2012 and has carried forward into the current year. DCC Trading Standards are in the vanguard of introducing revised ways of working. It was agreed that we perform the role of "critical friend" to examine how the service has adapted the national Policing models to the trading standards environment. The review is nearing completion and a draft report will be issued in due course. Findings so far indicate the development of sound systems which will continue to evolve.
|
Appendix B | |
Definitions of Audit Assurance Opinion Levels | |
| |
Assurance | Definition |
High Standard. | The system and controls in place adequately mitigate exposure to the risks identified. The system is being adhered to and substantial reliance can be placed upon the procedures in place. We have made only minor recommendations aimed at further enhancing already sound procedures. |
|
|
Good Standard. | The systems and controls generally mitigate the risk identified but a few weaknesses have been identified and / or mitigating controls may not be fully applied. There are no significant matters arising from the audit and the recommendations made serve to strengthen what are mainly reliable procedures. |
|
|
Improvements required. | In our opinion there are a number of instances where controls and procedures do not adequately mitigate the risks identified. Existing procedures need to be improved in order to ensure that they are fully reliable. Recommendations have been made to ensure that organisational objectives are not put at risk. |
|
|
Fundamental Weaknesses Identified. | The risks identified are not being controlled and there is an increased likelihood that risks could occur. The matters arising from the audit are sufficiently significant to place doubt on the reliability of the procedures reviewed, to an extent that the objectives and / or resources of the Council may be at risk, and the ability to deliver the service may be adversely affected. Implementation of the recommendations made is a priority. |
Definition of Recommendation Priority | |
| |
Priority | Definitions |
High | A significant finding. A key control is absent or is being compromised; if not acted upon this could result in high exposure to risk. Failure to address could result in internal or external responsibilities and obligations not being met. |
Medium | Control arrangements not operating as required resulting in a moderate exposure to risk. This could result in minor disruption of service, undetected errors or inefficiencies in service provision. Important recommendations made to improve internal control arrangements and manage identified risks. |
Low | Low risk issues, minor system compliance concerns or process inefficiencies where benefit would be gained from improving arrangements. Management should review, make changes if considered necessary or formally agree to accept the risks. These issues may be dealt with outside of the formal report during the course of the audit. |
Confidentiality under the National Protective Marking Scheme | |
| |
Marking | Definitions |
Not Protectively Marked | Documents, information, data or artefacts that have been prepared for the general public or are for the public web pages or can be given to any member of the public without any exemptions or exceptions to release applying, have the classification NOT PROTECTIVELY MARKED. Some organisations will also use the word UNCLASSIFIED for publicly available information. |
Protect | Any material that may cause distress to individuals, breach proper undertakings to maintain the confidence of information provided by third parties, breach statutory restrictions on the disclosure of information, cause financial loss or loss of earning potential, or to facilitate improper gain, give unfair advantage for individuals or companies, prejudice the investigation or facilitate the commission of crime, disadvantage government in commercial or policy negotiations with others should be marked PROTECT. |
Restricted | Information or data or documents that should only be shared between a specific group of work staff who have to demonstrate a need to know, because of the sensitive content, then the document must be marked RESTRICTED. |
Confidential | Material that is so sensitive that only specific named staff should have access. Special handling rules apply and so CONFIDENTIAL must only be applied to highly sensitive data. |
Secret and Top Secret | Information with this sensitivity is unlikely to be available to the Partnership and the Chief Executive of the relevant organisation must make the decision to apply either of these protective markings. These markings are only to be used with information that can only be shared on a strict must know basis, with each party having signed a specific confidentiality agreement. |
|