Professional Documents
Culture Documents
Jennison
DRAFT
INTERNAL AUDIT PL AN
2007/08
Page 1 of 47
CONTENTS
Section
Page
1)
2)
3)
Key Issues
4)
12
5)
13
17
22
25
27
28
30
31
32
33
35
37
38
39
1.
INTRODUCTION
Purpose
This document sets out the proposed Westminster City Council annual Internal
Audit plan for 2007/08. The Plan has been derived from the 5-year plan agreed
by the Director of Finance and Resources and reported to the Audit and
Performance Committee. The Plan has been reviewed and updated in view of
findings arising from 2006/07 audit work and with reference to departmental
business plans and risk registers. A consultation process has been undertaken
during March with Departmental management to ensure that the audit coverage
for each department reflects key risks.
The policy context of the Internal Audit Service is to ensure effective control over
Council activities by:
The purpose of Internal Audit is to provide the Council, through the Audit and
Performance Committee and the Director of Finance, and Resources with an
independent and objective opinion on risk management, control and governance
and their effectiveness in achieving the Council's objectives. This opinion forms
part of the framework of assurances that the Council receives and is to be used
to help inform the annual Statement on Internal Control (SIC). Internal Audit also
has an independent and objective consultancy role to help line managers
improve risk management, governance and control.
Our Responsibilities
Our professional responsibilities as Internal Auditors are set out in the CIPFA
Code of Practice for Internal Auditing in Local Government (2006). In line with
these requirements, we perform our Internal Audit work with a view to reviewing
and evaluating the risk management, control and governance arrangements that
the Council has in place to:
As well as the planned audits detailed in the Annual Audit Plan, Internal Audit will
also undertake the following work during the forthcoming year:
1
Follow-up
Recommendations arising from audits will be followed up to confirm that agreed
actions have been implemented. The following criteria will be applied:
Audits which receive No Assurance will be followed up on an ongoing basis
until all priority 1 recommendations have been implemented.
Audits which receive Limited Assurance will be followed up 3 months after the
final report is issued.
Audits which receive Substantial Assurance will be followed up six months
after issue of the final report.
Follow ups include testing of key recommendations to ensure that they have
been implemented. A report will be issued in respect of all follow ups with a
revised action plan for the implementation of outstanding recommendations. A
revised assurance level will also be provided which reflects our opinion of the
adequacy of the system of control after the recommendations of the original
report have been implemented.
Ad-hoc Advice and Support
This will be provided throughout the year on a range of issues including; risk
management, money laundering, freedom of information, control improvement,
governance, application of Financial Regulations and Standards etc.
Set out below is a summary of the total coverage of the Audit and Counter Fraud
work to be carried out at Westminster in 2007/08. For comparison purposes
2006/07 details are also provided.
AREA OF COVERAGE
RESOURCE ALLOCATION
2006/07 Days
1920
2007/08 Days
1725
1920
2006/07 Days
100
2170
850
1725
2007/08 Days
100
1950
750
300
300
3420
5340
3100
4825
Permit / Badge
Fraud Services
(850 days)
16%
Benefit Fraud
Services (2170
days)
40%
Systems and
Compliance Audit
Services (1920
days)
36%
General Fraud
Services (300
days)
6%
Proactive AntiFraud Services
(100 days)
2%
Permit / Badge
Fraud Services
(750 days)
16%
Systems and
Compliance Audit
Services (1725
days)
36%
Benefit Fraud
Services (1950
days)
40%
General Fraud
Services (300
days)
6%
Proactive AntiFraud Services
(100 days)
2%
an
d
Co
rp
or
at
R
e
Ch
es
ou
ild
re
rc
n'
es
s
Se
rv
ice
s
Po
Cu
H
lic
st
ou
om
y
sin
an
er
g
d
Se
Co
r
m
vi
ce
m
un
s
ic
a
tio
Tr
Co
an
ns
Ad
m
s
po
m
ul
un
rta
tS
ity
tio
oc
Pr
n
ia
lC
ot
e
ar
ct
e
io
an
n
d
Le
H
ga
ea
la
lt h
nd
Pl
En
Ad
an
v
m
ni
a
in
ng
nd
an
Le
d
isu
De
re
ve
lo
pm
en
t
400
350
300
250
200
150
100
50
0
Fi
na
nc
e
No. of Days
Notwithstanding the above the Audit Needs Assessment also led to the
identification of areas for audit coverage that do not appear as high priority risks,
but where Internal Audit can provide tangible inputs to the overall assurance
process and its efficiency, for example:
Requirements of management
Minimum Internal Audit coverage requirements e.g. key
controls audit and documentation of key information flows
Areas of concern flagged by management or the Audit and
Performance Committee
The requirements of the external auditor
Emerging issues; and
Need for ongoing assurance in relation to key aspects of
internal control
10
Audit Circulars
Audit circulars will be issued quarterly to all Chief Officers and Heads of Finance
highlighting instances of non compliance or risk which have corporate
significance. Typically the areas of non compliance which will be reported will
cover:
Procurement Code
Financial Regulations
Standing Orders/Constitution
Value for Money Issues Identified
Contract Monitoring
Response to and implementation of audit recommendations
Fraud Awareness
Internal Audit Contract. There is a monthly review process in place whereby the
contractor will discuss and agree changes to the plan with the Head of Risk and
Audit.
Our professional judgement has been applied in assessing the level of resource
required for the audits identified in the strategic cycle. The level of resource
applied is a product of:
The audit needs assessment is prepared with regard to constraints such as time
and resources. Its purpose is to:
12
The HB Fraud Team will investigate every case to determine whether a criminal
offence has been committed.
The team will be aiming at sanctioning
(Prosecution / Administrative Penalty / Caution) in accordance with the Councils
Prosecution Policy in approximately 20% of the cases investigated.
Cases will continue to be investigated until one of the following outcomes is
reached:
13
There is insufficient evidence (or prospect) that a criminal offence has been
committed and the case is to be closed with no further action.
In some case although a criminal offence may have been committed (and it can
be proven) there will be a decision not to take further action. This will be in
accordance with the Councils Prosecution Policy and where appropriate in
consultation with the Councils solicitors and Head of Risk and Audit. In addition,
in some cases an overpayment of benefit may be identified but no criminal
offence committed.
Other Fraud Investigations
The non HB investigation team will be sufficiently resourced to provide 280
input days of reactive fraud work and 100 days of proactive fraud work.
Allegations of fraud will be referred to the non-housing benefit team for
investigation from a variety of sources including:
Fraud Hotline;
Report a Fraud (Website);
Written allegations;
National Fraud Initiative (NFI);
Council Officer / Member referrals;
Results of Proactive exercises;
Results of other fraud investigations
Investigations carried out by the non hb team will continue to be made until one
(or more) of the following outcomes is met:
In fulfilling the above, the investigation team will additionally provide any
necessary assistance in concluding a case including attendance at Disciplinary
Hearings and in the criminal courts.
In addition, in carrying out the above, the investigation team will have due regard
for the identification and recovery of any lost assets and the extent to which
system controls require strengthening.
14
The scope of investigations will depend on the nature of the referral. However,
investigations will be carried out in all cases until one of the following outcomes is
reached:
Sufficient evidence exists to show that the permit / badge is legitimately held
and or used;
Sufficient evidence exists to show that the permit / badge is not legitimately
held and/or used. In these cases action including the issue of a caution or
prosecution will be considered in light of Council policy;
15
C O R P O R ATE AU D I T S
16
17
18
The terms of reference of this audit will be discussed with the Director of
Legal and Administrative Services prior to commencement
13 Compliance Reviews High Risk 35 Days
A sample of transactions will be taken each month from the General
Ledger and traced back to source documentation to ensure Financial
Regulations and the Procurement Code have been complied with.
19
20
F I N A N C E A N D R E S O U R C E S D E P AR T M E N T
.
The following projects are proposed in 2007/08:
1
2.
3.
21
Cash & Banking Control incl Bank Rec High Risk 20 Days
This audit will include an audit of key financial controls and documentation
of key information flows. In view of the service moving from City Hall a full
review of the control processes in place at the new location will be
undertaken.
10
11
22
financial
23
C U S T O M E R S E R V I C E S D E P AR T M E N T
24
with line
All significant audits carried out in respect of Vertex in 2007/08 are likely
to be reported through the Commercials Board.
25
T R A N S P O R T AT I O N D E P AR T M E N T
The following projects are proposed in 2007/08:
1
26
27
28
29
30
L E G A L & AD M I N I S T R AT I V E S E R V I C E S
The following projects are proposed in 2007/08:
1
31
CHILDRENS SERVICES
The following projects are proposed in 2007/08:
SCHOOLS
1
School Audits
A programme of school audits is carried out on a three year rolling
programme. Schools are audited against the Ofsted / Audit Commission
guidelines for financial controls in Schools. In addition the Department for
Education and Skills requires all schools to be accredited as compliant
with its new financial standards once every 3 years. The new standards
are an enhancement to the previous guidelines. The Director of Finance
and Resources is required to certify the number of schools reaching the
standard at the end of each financial year. The review and certification
process at each school will be carried out as part of the internal audit. 5
days are allocated for each primary school audit and 6.5 days for each
secondary school audit. The complete list of schools to be audited in
2007/8 is:
Schools:
St. Augustines CE Primary School
Gateway School
George Eliot Infants School
George Eliot Juniors School
St. Barnabas CE School
St. Edwards RC
St. Gabriels School
St. Vincents RC School
Wilberforce School
All Souls
Barrow Hill
Burdett Coutts
Chistchurch Bentinck
Churchill Gardens
Essendine School
Hallfield Infants School
Hallfield Junior School
Hampden Gurney School
St Marys Paddington Hospital Class (audit only)
Pimlico School (charged March 07)
32
3.
Children & Families Team incl Sect 17 paymt Medium Risk - 12 Days
The scope of this audit will be decided after a risk review carried out in
conjunction with line management responsible for this area
LIFELONG LEARNING
7
33
HOUSING
The following projects are proposed in 2007/08
34
7.
35
AD U LT S O C I AL C AR E a n d H E ALTH
The following projects are proposed in 2007/08:
1
2.
36
2.
3.
37
Appendix B
CITY OF WESTMINSTER DRAFT PROACTIVE ANTI-FRAUD PLAN 2007/08
TYPE OF
ACTIVITY AND
OBJECTIVES
FRAUD
AWARENESS
(EXTERNAL)
To provide ongoing
publicity for the
Councils
Freephone Fraud
Hotline,
encouraging
members of the
public to report
suspected
fraud
against the Council.
To deter those who
might
seek
to
commit
fraud
against the City
Council.
In association with the above, use the leaflets advertising the Fraud Hotline in
conjunction with other Council activity.
The aim of this work is to provide the fraud hotline leaflets to a much wider audience
(emphasis on residents but also businesses), inserting them with other posted materials and
especially reaching those who may not ordinarily visit the Councils offices. Methods for
delivery include:
Electoral Registration canvassing
Renewal of Residents Parking permits / Disabled Persons Badges
Housing Benefit Applications
Housing correspondence
Council tax demands
NNDR demands
Other renewal applications and demands (yet to be identified)
38
Project
Arisin
g From
Good
Practice /
Ongoing
Prominence
Planned
Estimated
Delivery
Budget
Reminders to
managers once
per Quarter
throughout
2007/08.
1 day
.
Visits by
Investigation staff
throughout the
year. Each site to
have a minimum
of one visit per
quarter.
Good
Practice /
Ongoing
Prominence
Dependent upon
timing of the
renewals/deman
d activity and
what methods
have been used
in 2006/07.
3 days
TYPE OF
ACTIVITY AND
OBJECTIVES
Obtain space and write relevant articles in Council monthly / quarterly magazines and
newsletters such as The Reporter or City West News.
Continue to obtain publicity (press) for successful prosecutions including the
provision of the Councils hotline number.
The aim of this work is to consider all potential opportunities for press releases on successful
prosecutions and to ensure that releases include reference to the City Councils freephone
fraud hotline. In addition opportunities will also be taken to inform Council staff of the
outcome of fraud investigation in order to demonstrate that the Council takes fraud seriously
and warn of possible frauds to which the Council may be subject.
Continue to improve / reinforce the entries on the Councils A-Z of Services and Wire
and Internet relating to reporting a fraud.
The aim of this work is to review and refresh, where necessary, sections in the Councils Web
site, intranet facility and also the printed version of the A-Z of services relating to reporting
fraud.
39
Project
Arisin
g From
Good
Practice /
Ongoing
Prominence
Good
Practice /
Ongoing
Prominence
Good
Practice /
Ongoing
Prominence
Good
Practice /
Ongoing
Prominence
Planned
Estimated
Delivery
Commencing 1
quarter of
2007/08.
Budget
st
4 Days
2 days
Ongoing
throughout
2007/08 as and
when there is
benefit in
publicising good
results.
2 days
1st quarter of
2007/08
1 day
TYPE OF
ACTIVITY AND
OBJECTIVES
FRAUD
AWARENESS
(INTERNAL)
To obtain confirmation from all staff, managers, chief officers and members of their
understanding and acceptance of the Councils anti-fraud policy and strategy and other
related policies including the Councils whistle-blowing and money laundering policies.
To raise internal
awareness of the
Councils stance
on fraud,
responsibilities
for reporting and
how to report a
fraud.
To complement the above or in place of the above consideration will be given to separate
methods of communicating anti-fraud responsibilities including presentations and workshops
as appropriate. This work will be coordinated with other internal audit work on Governance
arrangements , particularly in respect of policy awareness.
To encourage
members of staff
and contractors to
report concerns.
To continue to
strengthen the
Councils antifraud culture.
INTELLIGENCE
GATHERING
To provide data
analysis and
information that
may identify areas
of potential fraud
for proactive
attention.
Carry out a Surgery or open afternoon where members of Internal Audit and the Fraud
Team are available for general advice or guidance to chief officers, managers, staff, and
contractors staff. Copies of the Councils relevant policies would be made available as well
as any other promotional material about the Councils hotline and on-line fraud reporting
facilities.
Project
Arisin
g From
Good
Practice /
Ongoing
Prominence
Planned
Estimated
Delivery
Budget
Dependent on
the product
availability, likely
that a phased
approach
throughout
2007/08 will take
place.
15 days
Good
Practice /
Ongoing
Prominence
Throughout
2007/08.
2 days
Good Practice
Ongoing
Part of normal
service
delivery
Good
Practice /
Ongoing
Prominence
3rd Quarter so as
to allow any
issues arising to
be incorporated
into the 2008/09
programme.
3 days
The aim of the surgery / open afternoon would be to provide a dedicated time (advertised
widely in advance) when those working for the Council have the opportunity to meet Internal
Audit and Fraud staff, report fraud, raise concerns, discuss fraud related / control issues etc.
The surgeries would take place at two or three key locations across the Council. Although,
only one location will be covered each year.
Formal monthly Internal Audit and Fraud Team briefings
Identifying any possible areas of concern for immediate or later inclusion in the proactive anti
fraud plan.
Survey Staff and Managers
Consider survey of staff and managers actively inviting them to help identify potential
systems or areas of concern.
NOTE: This activity may be dependant on the results of the survey carried out as part of the
2006/07 anti-fraud proactive plan.
40
TYPE OF
ACTIVITY AND
OBJECTIVES
Project
Arisin
g From
Good Practice
Planned
Estimated
Delivery
Budget
Ongoing
Part of normal
service
delivery
Good Practice
3 Days
(extended to 5
days if a forum
is arranged)
Good Practice
Throughout
2007/08
8 days
Good Practice
Ongoing, mostly
4th Quarter
2 days
Good practice
inherent
Staged across
the full year.
5 days
This work involves gathering information about the results of reactive referrals, identifying any
emerging trends or areas of concern that could / should be included in future proactive plans.
In addition, topics covered at regular forums such as LBFIG, The London Public Sector Fraud
Partnership, CIPFA, LAIOG, NAFN that have a potential impact on anti-fraud proactive plans
will be included as building intelligence for future planned activity.
Follow up questionnaire to other Local Authorities (and other public bodies) in London
This work involves obtaining information from across London, especially Counter Fraud and
Internal Audit teams to establish any potential areas of common risk that should be
addressed by proactive activity. In carrying out this work reference will be made to the Audit
Commission to determine whether there are emerging trends elsewhere as part of their work.
To carry out
Follow Up
The 2006/07 questionnaire will be refreshed taking on board comments made by those who
participated in that exercise. In addition, given the comments made in the 2006/07
questionnaire it may be appropriate to set up a half yearly forum for interested London Local
Authorities to discuss specific proactive fraud related topics.
Follow up Recommendations arising from Investigations during 2006/07
In each case where recommendations are made for improvements following an investigation
a follow up will take place. This follow up will aim to determine the extent to which
recommendations have been implemented. At the end of 2006/07 the 2007/08 plan will be
populated with those areas where follow up activity is due and throughout the year any
additional follow up planned during 2007/8 will also be included as it arises.
Proactive plan for 2007/08
PROACTIVE
PROJECT
INITIATIVES
To identify projects, other than those which may be identified as a result of the exercises set
out below, that should be included in the 2008/09 proactive plan and to formulate a draft plan
with indicative inputs.
Identification of significant income streams
The purpose of this exercise is to identify all significant sources of the Councils income and
obtain a break down (for each source) of the method of income i.e. cash, cheque or credit
41
TYPE OF
ACTIVITY AND
OBJECTIVES
Individual projects
aimed at high
risk areas and
designed to
identify whether
fraudulent activity
is taking place.
card. For the purpose of this exercise significant income is defined as that where individual
transactions are greater than 1,000 or total annual income is greater than 50,000. A
systematic evaluation of the risk of fraud / theft for all such sources of income will then take
place assessing vulnerability to fraud. Particular emphasis will be placed on transactions
carried out by the Council with individuals rather than organisations. Specific attention will be
given to those sources that are composed of a significant level of cash income. The results of
this exercise will be used to determine further exercises for future proactive plans.
Project
Arisin
g From
risks.
Planned
Estimated
Delivery
Budget
Risk
assessment
and previous
fraud referrals
10 days
Risk
assessment
and previous
fraud referrals
2nd Quarter
7 days
Refunds
The purpose of this exercise is to detect any potential or actual fraudulent refunds made and
will be undertaken in the following way:
Determine if there are any areas within the Council that have a system for making refunds
that does not involve WIMS, including credit card charge-backs.
Where such systems are identified the following work will be carried out:
1)
2)
3)
Obtain an understanding of the system to verify that refunds are being appropriately
authorised and there is an adequate separation of duties;
Test a sample of refunds to ensure that each refund can be associated with a previous
payment and that payments are being made to a legitimate customer and for a legitimate
reason;
Test overall value of refunds by comparing total value of refunds to income in a specific
period and by looking at trend in value of incomes over a period of time e.g. 1 year.
Verification of applicants last declared address(es) and the reason they were made
homeless from their most recent address;
42
TYPE OF
ACTIVITY AND
OBJECTIVES
Project
Arisin
g From
Planned
Estimated
Delivery
Budget
Risk
assessment
and previous
fraud referrals
3rd Quarter
8 days
Risk
assessment
and previous
fraud referrals
4th Quarter
6 days
Matches carried
6 days
Check applicants name on 192.com, Council Tax, Land-Registry to confirm that they are
not connected with any other, unknown address(es);
Verification of the validity of any documents supplied to support application, particularly
on medical grounds;
Check that the correct amount of points have been accrued in respect of Choice Based
Lettings scheme.
Procurement
The purpose of this proactive exercise is to identify that purchases made n behalf of the
Council are made for a legitimate business need. This exercise will involve (but not limited
to) the following:
1)
2)
3)
4)
Section 17 Payments
The purpose of this exercise is to identify the range of Section 17 payments made to
qualifying individuals and to carry out testing to determine whether:
1)
2)
3)
Individual projects
aimed at high
risk areas and
designed to
identify whether
fraudulent activity
is taking place.
Suggestion of
audit and
Process
Working Group
43
TYPE OF
ACTIVITY AND
OBJECTIVES
Project
Arisin
g From
Planned
Estimated
Delivery
Budget
Matches carried
out twice per
year
2 days
Every month
throughout
2007/08
10 days
Good practice /
previous fraud
referrals
Good practice /
previous fraud
referrals
Uncashed HB Cheques
Uncashed cheques sent to a benefit claimant or (landlord) can indicate that the claimant no
longer resides at the property, has other financial means, the landlords address is incorrect,
the claim etc. On a monthly basis a list of uncashed cheques will be obtained and checks
carried out including analysis of the Academy, EDMS and RAT terminal (DCI) to determine
any factors which could identify the reason. Where it is considered necessary investigations
will be carried out to determine whether there are grounds to suspect fraudulent activity.
44