Bentley

Jennison

RISK MANAGEMENT LTD

WESTMINSTER CITY COUNCIL

DRAFT
INTERNAL AUDIT PL AN
2007/08

Page 1 of 47

CONTENTS
Section

Page

1)

Introduction and Summary of coverage

2)

Audit Needs Assessment Methodology

3)

Key Issues

4)

Strategy for Internal Audit

12

5)

Proactive Counter Fraud Plan

13

Appendix A Departmental Plans

Corporate
Finance and Resources Department
Customer Services Department
Transportation Department
Policy and Communications
Planning and City Development
Environment and Leisure
Legal and Administrative Services
Childrens Services
Housing
Adult Social Care and Health
Community Protection

17
22
25
27
28
30
31
32
33
35
37
38

Appendix B Proactive Counter Fraud Plan

39

1.

INTRODUCTION

Purpose
This document sets out the proposed Westminster City Council annual Internal
Audit plan for 2007/08. The Plan has been derived from the 5-year plan agreed
by the Director of Finance and Resources and reported to the Audit and
Performance Committee. The Plan has been reviewed and updated in view of
findings arising from 2006/07 audit work and with reference to departmental
business plans and risk registers. A consultation process has been undertaken
during March with Departmental management to ensure that the audit coverage
for each department reflects key risks.
The policy context of the Internal Audit Service is to ensure effective control over
Council activities by:

Monitoring, appraising and reporting upon the Councils internal control

procedures.
Investigating and reporting upon any suspected areas of fraud or
irregularity.

The purpose of Internal Audit is to provide the Council, through the Audit and
Performance Committee and the Director of Finance, and Resources with an
independent and objective opinion on risk management, control and governance
and their effectiveness in achieving the Council's objectives. This opinion forms
part of the framework of assurances that the Council receives and is to be used
to help inform the annual Statement on Internal Control (SIC). Internal Audit also
has an independent and objective consultancy role to help line managers
improve risk management, governance and control.
Our Responsibilities
Our professional responsibilities as Internal Auditors are set out in the CIPFA
Code of Practice for Internal Auditing in Local Government (2006). In line with
these requirements, we perform our Internal Audit work with a view to reviewing
and evaluating the risk management, control and governance arrangements that
the Council has in place to:

Establish and monitor the achievement of the Councils objectives

Identify, assess and manage the risks to achieving the Councils objectives
Formulate and evaluate policy, or provide policy advice, within the
responsibilities of the Section 151 Officer
2

Ensure the economical, effective and efficient use of resources

Ensure compliance with established policies, procedures, laws and
regulations, including the Councils own governance arrangements
Safeguard the organisations assets and interests from losses of all kinds,
including those arising from fraud, irregularity or corruption
Ensure the integrity and reliability of information, accounts and data

As well as the planned audits detailed in the Annual Audit Plan, Internal Audit will
also undertake the following work during the forthcoming year:
1
Follow-up
Recommendations arising from audits will be followed up to confirm that agreed
actions have been implemented. The following criteria will be applied:
Audits which receive No Assurance will be followed up on an ongoing basis
until all priority 1 recommendations have been implemented.
Audits which receive Limited Assurance will be followed up 3 months after the
final report is issued.
Audits which receive Substantial Assurance will be followed up six months
after issue of the final report.
Follow ups include testing of key recommendations to ensure that they have
been implemented. A report will be issued in respect of all follow ups with a
revised action plan for the implementation of outstanding recommendations. A
revised assurance level will also be provided which reflects our opinion of the
adequacy of the system of control after the recommendations of the original
report have been implemented.
Ad-hoc Advice and Support
This will be provided throughout the year on a range of issues including; risk
management, money laundering, freedom of information, control improvement,
governance, application of Financial Regulations and Standards etc.

Summary of Coverage 2007/08

Set out below is a summary of the total coverage of the Audit and Counter Fraud
work to be carried out at Westminster in 2007/08. For comparison purposes
2006/07 details are also provided.
AREA OF COVERAGE

RESOURCE ALLOCATION

Internal Audit Services

Systems and Compliance Audits (including
Advisory Services)
Internal Audit Services sub-total
Fraud Investigation Services
Proactive Anti-Fraud (including follow up)
Benefits Fraud Investigation
Parking Permits and Disabled Badge
Investigation
General Fraud Investigation (including
Advisory Services)
Fraud Services sub-total
Internal Audit and Fraud Services Total

2006/07 Days
1920

2007/08 Days
1725

1920
2006/07 Days
100
2170
850

1725
2007/08 Days
100
1950
750

300

300

3420
5340

3100
4825

Allocation (by approximate person days) of Audit and Fraud Coverage

2006/07

Permit / Badge
Fraud Services
(850 days)
16%

Benefit Fraud
Services (2170
days)
40%

Systems and
Compliance Audit
Services (1920
days)
36%

General Fraud
Services (300
days)
6%
Proactive AntiFraud Services
(100 days)
2%

Allocation (by approximate person days) of Audit and Fraud Coverage

2007/08
4

Permit / Badge
Fraud Services
(750 days)
16%

Systems and
Compliance Audit
Services (1725
days)
36%

Benefit Fraud
Services (1950
days)
40%

General Fraud
Services (300
days)
6%
Proactive AntiFraud Services
(100 days)
2%

an
d

Co
rp
or
at
R
e
Ch
es
ou
ild
re
rc
n'
es
s
Se
rv
ice
s
Po
Cu
H
lic
st
ou
om
y
sin
an
er
g
d
Se
Co
r
m
vi
ce
m
un
s
ic
a
tio
Tr
Co
an
ns
Ad
m
s
po
m
ul
un
rta
tS
ity
tio
oc
Pr
n
ia
lC
ot
e
ar
ct
e
io
an
n
d
Le
H
ga
ea
la
lt h
nd
Pl
En
Ad
an
v
m
ni
a
in
ng
nd
an
Le
d
isu
De
re
ve
lo
pm
en
t

400
350
300
250
200
150
100
50
0

Fi
na
nc
e

No. of Days

Allocation of Internal Audit time between departments

Allocation of Counter Fraud Time 2007/08

Proactive Anti - Fraud Services

(100 days)
3%

General Fraud Services (300

days)
10%

Permit / Badge Services(750

days)
24%

Benefit Fraud Services (1950

days)
63%

Rationale for coverage:

Internal Audit Services
Risk Based Systems and Compliance Audits (1725 days)
This work is used to complete a risk based schedule of audit across Council
Departments. The amount of time used represents our assessment of the
number of audits required to meet CIPFAs Code of Practice guidelines for
Internal Audit in local authorities. This is broadly comparable with other similar
local authorities which have externalised their internal audit service. Time is
included to follow up audit recommendations to ensure their effective
implementation.
Included in the 1725 days above is a 200 day contingency amount used to
provide internal audit advice and guidance on a range of issues as requested by
senior Council staff as they emerge during the year. It may include work relating
to key Council priorities such as worksmart or procurement. It may also include
a range of issues such as advice on new IT systems, advice on financial
regulations, compliance with governance requirements, input to the annual Use
of Resources assessment and support in the development of management self
certification and assurance systems
.

Counter Fraud Services

Proactive anti Fraud Programme (100 Days)
The proactive counter fraud programme consists of a programme of targeted
projects to those areas of the City Councils services that are considered to be
exposed to an inherently high risk of fraud and corruption. It also includes a
programme of intelligence gathering internally and externally to assist the Council
in implementing preventative measures. A programme of awareness raising
activities also takes place to ensure line managers are focused on fraud
prevention measures. Included in the programme is 8 days time to follow up
fraud recommendations to ensure effective implementation by management.
Benefits Fraud Investigations (600 cases- 1950 days)
Resources are allocated to investigate 600 cases of potential Housing Benefit
Fraud each year of which approximately 20% result in sanctions being applied
(prosecutions, formal cautions, and administrative penalties). The number of
cases to be investigated is set with reference to numbers required to achieve
upper quartile performance as measured by the Best Value Performance
Indicators applicable to Housing Benefit Investigations.
Parking Permits and Disabled Badges Fraud Investigation (1680 cases - 750
days)
1680 investigations of suspected parking permit fraud are investigated each year.
This level of activity is set by the Council to provide sufficient deterrent to limit the
amount of fraud without incurring excessive cost. The cases selected for
investigation are based on an agreed set of criteria including referrals by
members of the public, interrogation of ICPS (the parking IT database), on
street surveys and home visits.
Other Fraud Investigations (300 days)
All suspected cases of fraud at Westminster are investigated by Internal Audit.
This category covers all fraud investigations that are not Housing Benefit related.
Referrals are received from a number of sources including pro active fraud
exercises, management referrals, reports via the fraud hotline , information
received from other local authorities and the Audit Commission via the National
Fraud Initiative. The number of days in the work programme is arrived at from
historical knowledge of the number and scope of referrals received. A
contingency is included for advice relating to the prevention of fraud. Time is
also allowed for input to the CPA assessment and periodic Benefits Fraud
Inspection Team review

2. AUDIT NEEDS ASSESSMENT METHODOLOGY

Our audit approach is risk based. In order to identify the areas that require
Internal Audit coverage, we therefore need to understand the risks facing the
Council as a whole and, at a lower level, the risks faced by individual
departments. Therefore as a starting point the Councils corporate risk register is
used to inform our audit needs assessment.
A comprehensive risk based Internal Audit approach has been adopted which
ensures that risk is integrated into strategic and operational reviews, processes
and practices. A summary of our approach is provided below:

Identification of risk areas;

Performance of a risk assessment to gauge the degree of risk or
materiality associated with a particular area. Audit areas are classified
as high, medium or low priority;
Internal Audit resources are then focused on the areas of highest risk.
We used cumulative knowledge of the organisation from previous
Internal Audit work to identify areas that would benefit from Internal
Audit coverage
From the Councils own risk register and performance reports, we
identified the priorities afforded to the risks by the Council

Notwithstanding the above the Audit Needs Assessment also led to the
identification of areas for audit coverage that do not appear as high priority risks,
but where Internal Audit can provide tangible inputs to the overall assurance
process and its efficiency, for example:

Requirements of management
Minimum Internal Audit coverage requirements e.g. key
controls audit and documentation of key information flows
Areas of concern flagged by management or the Audit and
Performance Committee
The requirements of the external auditor
Emerging issues; and
Need for ongoing assurance in relation to key aspects of
internal control

3. KEY ISSUES 2007/8

8

Focus on key financial systems

All core financial systems will be audited in 2007/08. The audit work will
complement the substantive revision to the financial regulations and procedures
which has recently been undertaken in the Department of Finance and
Resources. In addition the majority of the audits undertaken in departments will
include testing to ascertain whether financial regulations and the Procurement
Code are being complied with. This will build on the wide range of compliance
audits, across departments, which took place in 2006/07.
Schools Financial Management Standard
The Department for Education and Skills required all Secondary schools to be
accredited as compliant with its new financial standards by March 2007. In
subsequent years all schools need to achieve this standard. All primary schools
will be audited in either 2007/08 or 2008/09 to ensure that they meet the
standard. Our programme of internal audits at schools will therefore complement
the financial management standard assessments to ensure that schools are also
compliant with Westminster financial regulations.
Over and above this a programme of seminars and dissemination of information
on audit requirements is currently being carried out to assist schools in improving
their ability to meet Westminster requirements.
Line Management Self Assurance
The Chief Executives Steering Group and Corporate Management Board have
agreed to the Head of Risk and Audits proposals to incorporate a new system
of line management self assurance in relation to those elements of the control
environment for which they are responsible. We have tested this framework in
the Finance and Resources Department during 2006/07.
In 2007/08 the system will be further developed and rolled out across the Council
with the involvement of operational managers. It is essentially a self-assessment
exercise which provides an overall assurance level for the service area,
highlights service specific risks, and identifies any significant control weaknesses
and actions proposed. This forms a key component of the basket of assurance
available to the Chief Executive. We will therefore verify the information provided
on a sample basis.
Some of the key benefits expected of the new system are as follows:
Support managers in the delivery of services and achievement of
objectives

 Provide a consistent framework for management monitoring and

accountability across the Council
Address external audit concerns about weaknesses in control systems
and support improvement of the CPA score in this area
Support the external auditors plans for increased emphasis on review of
financial systems
Underpin the implementation of revised financial regulations and
procurement code
Demonstrate compliance with corporate policies and procedures
Support the preparation of the Statement of Internal Control
E- Procurement
The Council is planning to introduce E-Procurement during 2007/08. We fully
support this initiative which can make a significant contribution to improving the
level of compliance with financial regulations in addition to strengthening the
control framework relating to procurement generally and improving efficiency. We
will therefore be involved in the development of the controls in the system in
addition to carrying out a full systems audit during 2007.
Key Audit Issues
A number of common themes have arisen from our 2006/07 Internal Audit work
and these will be used to inform all relevant audits in 2007/08. These include:

Controls to maximise income recovery

Controls to ensure that debt is identified and recovered effectively
Contract Monitoring of Contractors
Compliance with financial regulations and the procurement code

Agreement of Annual Plan / Circulation of Internal Audit Work

The 2007/08 Plan will be discussed and agreed with each Departmental
Management Team. The circulation of all audit briefs and audit reports will also
be agreed at the DMT meetings as will a protocol in respect of which officers can
sign off briefs and audit reports. Generally all briefs and draft reports will be
signed off by the relevant Departmental management team member with a copy
of the final report being sent to the relevant Chief Officer. Some chief officers
have also asked to see draft reports prior to sign off.
Following DMT approval the 2007/08 Plan will also be circulated to the Corporate
Management Board for discussion and final agreement.

10

Audit Circulars
Audit circulars will be issued quarterly to all Chief Officers and Heads of Finance
highlighting instances of non compliance or risk which have corporate
significance. Typically the areas of non compliance which will be reported will
cover:

Procurement Code
Financial Regulations
Standing Orders/Constitution
Value for Money Issues Identified
Contract Monitoring
Response to and implementation of audit recommendations
Fraud Awareness

Process and Audit Working Group

The Audit and Performance Committee has initiated four working groups to
examine, in detail, issues of key importance across the Council (People, Process,
Property and Procurement). We will be particularly involved in the Process and
Audit Working Group which is considering issues arising from the work of the
Audit and Performance Committee relating to process controls within the Council.
It is also likely that our audit work will inform the deliberations of the working
groups that are considering procurement issues.
4. STRATEGY FOR INTERNAL AUDIT WORK
The timing of audits, that is, how soon they will be undertaken in the cycle will
depend upon:
The priority for each area of coverage for Internal Audit, in terms of levels
of risk to the Council
When the last audit of the area was undertaken and what was the
outcome
When the risk to be considered is likely to impact upon the organisation
Whether there are management concerns about the area
Whether or not there have been significant systems, staff or organisational
changes since the last audit.
In the course of the period covered by the Internal Audit Strategy, the priority and
frequency of audit work will be subject to amendment in order to recognise
alterations in audit needs assessment/risk analysis, caused by changes within
the Council. A formal update will be performed each year to inform each years
periodic plan, but changes may be necessary in-year and these will be agreed
with the Head of Risk and Audit who is responsible for managing the Councils
11

Internal Audit Contract. There is a monthly review process in place whereby the
contractor will discuss and agree changes to the plan with the Head of Risk and
Audit.
Our professional judgement has been applied in assessing the level of resource
required for the audits identified in the strategic cycle. The level of resource
applied is a product of:

The complexity of the system in place

Factors such as number of locations, number of transactions or frequency
of transactions
The assurance which can be brought forward from previous years audits
The type of audit undertaken.

The audit needs assessment is prepared with regard to constraints such as time
and resources. Its purpose is to:

Determine priorities and establish the most cost effective means of

achieving audit objectives
Assist in the direction and control of all audit work
Ensure that adequate attention is devoted to critical aspects of audit work

All audits are followed up according to a timetable dependent on the level of

assurance received. The purpose of the follow up is to assess the degree of
implementation achieved in relation to recommendations agreed by management
during the audit. The level of implementation is reported to the Audit and
Performance Committee.
5. COUNTER FRAUD WORK
Proactive Work
The draft 2007/08 proactive plan is attached. The plan includes the detailed work
that it is anticipated will be carried out in 2007/08. The plan is split into three
areas;
1.
2.
3.

Anti-fraud awareness and maintenance of an anti-fraud culture

Anti-fraud intelligence gathering
Specific anti fraud proactive projects (both non HB and HB fraud)

The projects mentioned at 3 above represent approximately half of the budgeted

annual plan. These projects represent areas of potential high risk and arise
from a risk assessment including:

12

Assessment of the outcome of reactive fraud results / referrals;

Internal Audit findings;
Feedback from any external fraud questionnaires;
Issues emerging from fraud forums;
Risk assessment of Council activities in relation to the potential for fraud;
Experiences of Bentley Jennisons Business Integrity and Investigations Service
with other clients;
Materiality of each area
Having carried out the above analysis, the plan is populated with a number of
specific tasks that are to be carried out in 2007/08.
The plan will be kept under continual review and amended as necessary in
agreement with the Head of Risk and Audit in response to any emerging high risk
areas. The detailed plan is set out in Appendix B of this document.
Housing Benefit Investigations
The Housing Benefit Investigation team will be sufficiently resourced to
investigate up to 600 cases of suspected Benefit Fraud during 2007/08. The
acceptance of investigations will be in accordance with a risk-based model and
no cases will be accepted for investigation unless the appropriate threshold is
met.
Referrals to the HB Fraud Team will be made from a number of sources, these
include:

Housing Benefit Matching Service (HBMS);

National Fraud initiative (NFI);
Fraud Hotline;
Report a Fraud (website);
Written allegations;
Benefits Assessment Teams;
Department for Work and Pensions;
Proactive Fraud initiatives;
Results of other fraud investigations.

The HB Fraud Team will investigate every case to determine whether a criminal
offence has been committed.
The team will be aiming at sanctioning
(Prosecution / Administrative Penalty / Caution) in accordance with the Councils
Prosecution Policy in approximately 20% of the cases investigated.
Cases will continue to be investigated until one of the following outcomes is
reached:

13

There is sufficient evidence to demonstrate that a criminal offence has been

committed and a sanction is to be applied;

There is insufficient evidence (or prospect) that a criminal offence has been
committed and the case is to be closed with no further action.

In some case although a criminal offence may have been committed (and it can
be proven) there will be a decision not to take further action. This will be in
accordance with the Councils Prosecution Policy and where appropriate in
consultation with the Councils solicitors and Head of Risk and Audit. In addition,
in some cases an overpayment of benefit may be identified but no criminal
offence committed.
Other Fraud Investigations
The non HB investigation team will be sufficiently resourced to provide 280
input days of reactive fraud work and 100 days of proactive fraud work.
Allegations of fraud will be referred to the non-housing benefit team for
investigation from a variety of sources including:

Fraud Hotline;
Report a Fraud (Website);
Written allegations;
National Fraud Initiative (NFI);
Council Officer / Member referrals;
Results of Proactive exercises;
Results of other fraud investigations

Investigations carried out by the non hb team will continue to be made until one
(or more) of the following outcomes is met:

Evidence to show that a criminal offence has been committed;

Evidence to show that a disciplinary offence has taken place;
Evidence that no fraud has taken place;
No realistic prospect of proving / disproving an allegation.

In fulfilling the above, the investigation team will additionally provide any
necessary assistance in concluding a case including attendance at Disciplinary
Hearings and in the criminal courts.
In addition, in carrying out the above, the investigation team will have due regard
for the identification and recovery of any lost assets and the extent to which
system controls require strengthening.

14

Residents Parking Investigations

The Permit Investigations Team will be sufficiently resourced to investigate up to
1,680 cases of suspected residents permit and disabled badge fraud in 2007/08.
These investigations will arise from the following:

Calls to the Fraud Hotline

Report a Fraud (Website)
Standard Investigation types (disabled workers)
Queries raised by permit administration teams
Council Officer / Member referrals
Proactive initiatives (programmed and ad hoc)
National Fraud Initiative (NFI)

The scope of investigations will depend on the nature of the referral. However,
investigations will be carried out in all cases until one of the following outcomes is
reached:

Sufficient evidence exists to show that the permit / badge is legitimately held
and or used;
Sufficient evidence exists to show that the permit / badge is not legitimately
held and/or used. In these cases action including the issue of a caution or
prosecution will be considered in light of Council policy;

15

C O R P O R ATE AU D I T S

The following projects are proposed in 2007/08:

1 Corporate Contract Monitoring High Risk- 30 Days
Departmental arrangements will be reviewed for monitoring and reporting
key contracts in compliance with the Procurement Code. In particular
Internal Audit will be looking for evidence that Departmental Managers are
accurately reporting the financial and operational performance of major
contracts to Departmental Contract Review Boards. This audit will review
the guidance provided to managers for undertaking contract monitoring to
ensure it is consistent, risk focused, soundly based and takes into account
achievements against output based performance measures covering
service delivery, income maximisation, debt recovery and contract
compliance. The audit will also examine the reporting lines and
governance arrangements in circumstances where complex monitoring
and reporting arrangements exist due to the involvement of subcontractors and /or differing departmental and NPO responsibilities. At the
request of the Process and Audit Working Group the audit will examine
and comment on Value For Money and effectiveness aspects of Contract
Monitoring including relative costs of contract monitoring across the
Council and differing approaches. The audit will also examine whether
correct Governance arrangements are being followed in respect of
reporting contract monitoring information to officers and members.
2 Procurement Code High Risk- 20 Days (plus advisory audit time as
needed )
The Procurement Code provides the corporate framework for letting and
managing contracts for the City Council. The Code is currently being
rewritten (Feb 07). This audit will be in two stages. A review of the new
code prior to implementation and a subsequent review 3 months after
implementation to assess the impact of the code. The audit will also
excess the extent to which best practice on issues such as the Green
Agenda and VFM are promoted within the Code . In addition to this audit
time will be allocated as necessary from the Advisory audit budget to
ensure that audit is involved is advising management on control issues
during the project implementation stage.

16

3 E Procurement High Risk 25 Days (plus advisory time as

required)
The Council is currently introducing a new E-Procurement IT solution.
Internal audit are involved in the process of agreeing the control
framework embedded in the software. This audit will be carried out in the
last quarter of the year and will review the effectiveness of E-Procurement.
This will include an assessment of whether the objectives of the initiative
have been achieved and the control framework is operating effectively.
Advisory time will be used as necessary during the development stage of
the project to advise management on the effective implementation of the
system.
4 E- Procurement IT Audit High Risk 20 Days
In addition to the systems audit set out above an IT audit will be carried
out on the E-Procurement system. The terms of reference for this audit will
be agreed with line management prior to commencement based on risk
issues identified after implementation.
5 Approved List/Contract Register Medium Risk- 20 Days
This audit is to focus on compliance with controls to ensure only
appropriate contractors are included on the list and that departments use
the list in accordance with the Procurement Code. This audit will be
carried out in conjunction with audit work arising from the introduction of EProcurement. A significant amount of work is currently taking place on the
Approved list by the Procurement Team. This audit is subject to review
dependant on the outcome of that work to avoid duplication. The audit will
also examine the corporate procedures for ensuring the Council retains
corporately sufficient information on its contracts that is readily available
and is used to ensure relets are dealt with in good time etc.
6 Business Continuity High Risk - 14 Days
This will be a corporate review of the arrangements in place to ensure
effective business continuity arrangements are in place across the
Council. This work will be carried out tin May 2007 and will include follow
up to the 2006/07 audit on Business Continuity plans in the event of a Flu
Pandemic.

17

7 Grant Claims (and Working Papers) Medium Risk - 20 Days

This audit will examine the control mechanisms in place to ensure the
Councils major grant claims are prepared and presented accurately and
on a timely basis. The audit will cover the adequacy and accuracy of
working papers prepared to support the claims. The grant(s) to be audited
will be agreed with the Director of Finance and Resources. In addition the
audit may follow up the recommendations of the Audit Commissions
2006/07 grant claim work.

Performance Indicators High Risk - 25 Days

In respect of BVPIs a full audit will be carried out to verify that the
Performance Indicators are being correctly calculated and adequate
supporting information is available to support the figures. The audit will
include where appropriate reperformance of Performance Indicator
calculations and sample checks back to source documentation. Follow up
work will also be carried out to ensure recommendations arising from the
2006/07 audit work have been implemented.

9 Performance Management High Risk 20 Days

This will be a review of processes in place for identifying , reporting and
acting on key performance measurement issues across the Council. It will
identify whether the Councils performance management framework has
successfully addressed areas which have previously been identified as
poorly performing. It will also examine the methodology for identifying
performance status to evaluate whether this is correctly aligned with the
Councils key operational and financial risks. This audit is currently
scheduled to take place in November.
10 Worksmart High Risk 15 Days (plus increased allocation as
required during the year)
The Worksmart programme is a key corporate initiative. This audit will be
carried out in the last quarter of 2007/08 and is intended to ensure that
key benefits arising from the programme have been realised and that the
project is meeting its key milestones. Particular issues that have been
raised with audit for consideration as part of this review are ordering and
control of IT via the BT portal and the new rewards scheme. In addition to
the time allocated to this audit, time will be allocated from the Advisory
contingency or from other lesser priority audits during the year as
necessary to ensure audit involvement on an ongoing basis in this key
Council initiative.

18

11 Westminster City Partnerships High Risk- 20 Days

The audit work in respect of Westminster City Partnerships will be split into
two parts. Firstly, Internal Audit are required to certify expenditure in
respect of LAAs . The precise scope of the work will depend on the nature
of the certification required. This work is likely to take place in July.
An additional audit is likely to take place to verify that the control
framework is sufficient to ensure that partners achieve agreed objectives.
This audit will take place in November

12 Governance High Risk 16 Days

The following areas will be covered :.

Policies and Procedures a review of how the authority ensures that it

makes policies and guidance available to all staff, that they have read
the guidance, and where necessary accepted it. Policies to be included
in the remit of this audit include Employee Code of Conduct, Financial
Regulations, Procurement Code, HR policies , Gifts and Hospitality,
Conflicts of Interest and Whistleblowing.

In addition the audit will review the Governance arrangements relating

to officers, members, partners and contractors involvement in external
organisations

The audit will also review whether adequate information sharing

protocols are in place for both Electronic and Hard Copy Data in respect
of partner organisations

The terms of reference of this audit will be discussed with the Director of
Legal and Administrative Services prior to commencement
13 Compliance Reviews High Risk 35 Days
A sample of transactions will be taken each month from the General
Ledger and traced back to source documentation to ensure Financial
Regulations and the Procurement Code have been complied with.

19

14 Line Management Self Assurance High Risk 20 Days

Responsible managers across Departments will be asked to complete risk
based control self assessment questionnaires for a sample of high risk
operational and financial systems. The results will be used to target
internal audit work and as a mechanism for disseminating control
framework knowledge throughout the Council.
15 Risk Management High Risk 13 Days
The Councils risk management systems will be reviewed to verify their
effectiveness. This audit will take place in the last quarter of 2007/08.
16 CRB Checks High Risk 10 Days
In view of the adverse findings of the audit work carried out on this system
in 2006/07 a compliance review will be carried out to ascertain whether
internal controls are now operating effectively in this area. Views will be
ascertained from all relevant Departments as to how well this is working.
In addition the review will be extended from previous work to cover the
extent to which effective controls are in place to ensure contractors are
carrying out CRB checks on relevant staff.
17 Budgetary Control High Risk - 16 Days
The effectiveness of application of budgetary control procedures across a
sample of Council Departments will be reviewed.

20

F I N A N C E A N D R E S O U R C E S D E P AR T M E N T
.
The following projects are proposed in 2007/08:
1

Housing Benefit High Risk - 20 Days

This audit will concentrate on the operation of controls to ensure that the
possibility of fraudulent receipt of benefits is minimised and that adequate
controls exist over the payment and reconciliation of benefit.

2.

Council Tax High Risk - 8 days

Controls over charging, billing, collection and enforcement will be reviewed.
In view of previous substantial opinions the scope of this review has been
reduced and will concentrate on testing of key financial controls only.

3.

NNDR High Risk - 8 days

Focus upon key controls, reconciliation and the collection fund. In view of
previous substantial opinions the scope of this review has been reduced
and will concentrate on testing of key financial controls only.

Debtors High Risk -20 days

Review of the level of debt and the effectiveness of the debt recovery
process. Attention will be focused on those areas of the Council identified
in the performance monitoring reports to Corporate Management Board as
under-performing. This review will include an assessment of the extent to
which financial regulations are complied with in the management of debts
and include a review of key controls and documentation of key information
flows .

Creditors High Risk - 20 days

Focus on compliance with financial controls in respect of use of the ordering
system correctly prior to entering into commitments to purchase. This
review is to encompass a key controls compliance review and
documentation of key information flows. The sample of transactions tested
will cover compliance with financial regulations for the authorising of
payments across the Council.

21

Cash & Banking Control incl Bank Rec High Risk 20 Days
This audit will include an audit of key financial controls and documentation
of key information flows. In view of the service moving from City Hall a full
review of the control processes in place at the new location will be
undertaken.

Main Accounting System High Risk 16 Days

Review to focus on the monthly management accounts process and
controls to ensure that all expenditure on WIMS is accrued for/correctly
stated. A review of suspense accounts will also take place to ensure that
suspense accounts are being managed effectively. Key account
reconciliations between feeder systems and the General Ledger will also be
reviewed. The review also needs to consider the extent to which
recommendations arising from the PwC review are effectively addressed by
controls within WIMS e.g. authorisation levels

Corporate Property Division IT System High Risk- 12 Days

An IT audit will be carried out in respect of the new Corporate Property
Database. The detailed scope of the audit will be carried out following a risk
review in conjunction with line management and will take place in the first
quarter of 2007/08.

Corporate Property Control Systems High Risk 20 Days

This audit will review the extent to which Corporate Property is now
operating financial and operational controls in line with corporate financial
procedures , the Procurement code and recommendations arising from
previous audit work and the PwC review of this area.

10

VAT Medium Risk 16 Days

This audit will review the procedures in place for ensuring all VAT due to the
Council is recorded and reclaimed.

11

Corporate Financial Procedures Medium Risk 16 Days

Corporate Financial Procedures were extensively reviewed in 2006/07. This
audit will determine the extent to which they comply with Best Practice and
compliance is controlled through training and dissemination. A review will
take place of the extent to which departments have ensured that all relevant

22

managers have received appropriate training in respect of

regulations and the Procurement Code.
12

financial

Capital Monitoring and Reporting Medium Risk 16 Days

New controls were introduced in 2006 in respect of the budgeting , control
and reporting of Capital Expenditure. The application of these controls will
be reviewed to ensure they are operating effectively

23

C U S T O M E R S E R V I C E S D E P AR T M E N T

The following projects are proposed in 2007/08:

1 Off Street Parking High Risk- 25 Days
The following audit will be undertaken in 2007/08:
Contract Monitoring
Contract monitoring review of the Off St. Parking Contract. This audit will
review the financial and operational monitoring of the contract. The
objective is to ensure that effective controls are in place to ensure that
the key objectives of the contract are being achieved (including
savings/income maximisation) and monitoring is taking place in
accordance with the Procurement Code. This audit will take place in the
second quarter of 2007/08.
2

On Street Parking High Risk 45 Days

The following audits will be undertaken in 2007/08.
Disabled Parking
At the request of the Audit and Process Working Group an audit will be
carried out of the effectiveness of controls for validating eligibility and
administering the scheme for Disabled Parking permits. Controls to
validate continuing eligibility will also be examined. This audit will be
carried out in the first quarter of 2007/08 in view of the possible removal
of single yellow line exemption for Westminster which may increase the
number of permits applied for.
ICPS IT Audit
A computer audit review will be undertaken of the ICPS Parking System.
The audit will review controls over the input/output of transactions,
access controls, IT support, back-up/contingency plans and the integrity
of the data transfer process via system interfaces. System change
management procedures will also be reviewed. This audit will take place
in the first six months of 2007/08.

24

On Street Parking Enforcement Contract

An audit will take place of the financial and operational controls in the
NCP contract. Issues to be considered will include the extent to which
contract savings are being achieved and the effectiveness of the camera
enforcement service. This audit will take place in the third quarter of
2007/08.
3

Contract Monitoring / Management CSI High Risk 30 Days

The scope of these audits will be agreed with line management following
a joint risk review of this area. The reviews are likely to cover the
following:
Review 1 ( 2nd quarter)
Compliance with agreed financial procedures in service areas
transferred to Warrington or Dingwall. This will include debt recovery and
banking and control issues. It will also examine the extent to which
Council Departments are maximising the benefits of Vertex services by
using them correctly e.g. directing all payments to Warrington rather
than Dingwall and using the debt recovery services provided by Vertex.
Review 2 ( 3rd Quarter)
Effectiveness of contract monitoring of Vertex and Vertex monitoring of
sub contractors. This will include an assurance that financial
regulations and the procurement code are being complied with in the
processing of payments and that performance information is accurate.
Incentive payments will also be audited . The audit will also look at the
distinctions between Contract Monitoring and Development work and the
links with the Worksmart programme.
The detailed scope of the above audits will be agreed
management prior to commencement of the audits.

with line

All significant audits carried out in respect of Vertex in 2007/08 are likely
to be reported through the Commercials Board.

25

T R A N S P O R T AT I O N D E P AR T M E N T
The following projects are proposed in 2007/08:
1

Temporary Road Traffic Regulation Orders and Crane and Platform

Operations Licences Medium Risk 20 Days
Detailed scope of this audit will be agreed with line management prior to
commencement. It is likely , at the request of line management to focus on
the financial and administrative controls surrounding income collection and
reconciliation in respect of Road Closure and Crane Licences. The focus
of the audit will be on whether income targets are being met and whether
all costs, including the process of notifying TFL, are included in the fees.
The adequacy of controls systems in respect of Highways inspections
including data quality will also be reviewed . This audit will take place in
the first quarter of 2007/08

Construction Impact Team - Medium - Risk 25 Days

Detailed scope of this audit will be agreed with line management prior to
commencement. Areas of coverage for this review are likely to include
Highways Licences Deposits , fees for skips and temporary structures,
Licence processing
controls including the interface between
Transportation and Vertex, and the degree of automation of processing,
application and payment. This audit will be carried out in the first quarter of
2007/08 and was requested by line management.

Contract Monitoring High Risk 25 Days

A contract monitoring audit will be carried out to ensure key departmental
contracts are being monitored in accordance with the Procurement Code
and Financial Regulations. The audit will also determine whether
monitoring controls are effective at determining whether contractors have
delivered the service in accordance with the contract. The contract (s) to
be covered in this review will be determined in conjunction with
departmental management. At the request of line management this review
is likely to focus on the Whitehall Streetscape projects being carried out for
the Cabinet Office and the Westone contract in general. The financial
authorisation process will be reviewed together with mechanisms for
ensuring contract compliance by the contractor. This review will be carried
out in the second quarter for completion by the time of the Gateway review
for the Whitehall project in September.

26

POLICY AND COMMUNICATIONS DEPARTMENT

The following projects are proposed in 2007/08:
1

Payroll Contractor Progress & Key Controls High Risk - 20 Days

( Core Financial System)
This audit will review the control framework in place to control and
reconcile payments made to staff. The audit will identify progress made
against the concerns raised in the 2006/07 audit and will encompass a
review of key controls.

Health & Safety 13 Days

An audit review will take place of the Councils procedures for ensuring
compliance with statutory requirements and best practice in respect of
Health and Safety issues.

3. Pensions Systems - Medium Risk 14 Days

A systems review will take place concerning the adequacy of pension
payment, reconciliation and control systems
Corporate IT Audits
Following discussions with the Head of IT, four corporate IT exercises
are proposed in the 2007/08 audit programme. These are in addition to the
departmental IT audits proposed elsewhere in this programme. The
precise scope of these audits will be decided after discussions with line
management.
4 E-Mail/Internet/Security Review - Medium Risk - 12 Days
Controls will be examined to ensure that the risk of unauthorised use of
the internet is monitored and controlled, an adequate Data Security policy
is in place particularly for shared usage arrangements with partner
organisations, and that Corporate initiatives such as WiFI, electronic
payment mechanisms and worksmart are securely controlled.
5 IT Disaster Recovery /Business Continuity - High Risk 16 Days
Controls in place to minimise the risks relating to IT failure at a corporate
level will be examined including a follow up to the IT back up and recovery
work carried out in 2006/07. At departmental line management request the

27

review will specifically consider server rooms and the arrangements in

respect of the Tunstall system at the Emergency Link Office.
6 Worksmart High Risk 15 Days
Corporate IT solutions are a key part of the Worksmart programme (e.g
EDRMS). This audit to be carried out in the final quarter of the year will
assess the effectiveness of the implementation and use of new
applications . The precise scope of this audit will be agreed with corporate
IT management at the time of the audit.
7. Physical Security and Inventory Maintenance Review Medium Risk
15 Days
This audit is carried over from the 2006/07 programme. The objectives of
the audit are to ensure that effective controls are in place to ensure the
inventory of IT equipment including portable is maintained accurately and
up to date in accordance with financial regulations. Security over fixed
and portable equipment will also be examined following a number of thefts
of portable IT equipment

28

PL AN N IN G & C ITY D EVELOPM EN T

The following project is proposed in 2007/08:
1

Planning High Risk - 20 Days

It has been agreed with the Director of Planning and City Development
that the audit in 2007/08 will concentrate on charges made by the
Department to members of the public for services or advice other than
standard planning applications. The audit will aim to ensure that income
is maximised within the cost recovery parameters the City Council is
allowed to operate within. This audit will take place in November.

29

ENVIRONMENT & LEISURE

The following projects are proposed in 2007/08:
1

Commercial Waste High Risk- 15 Days

This audit will focus on financial control in respect of commercial waste. In
particular the audit will focus on billing, collection, debt recovery and write
off procedures as well as account reconciliations . This audit will take place
in the 3rd quarter.

Waste Disposal Medium Risk - 14 Days

This will be a systems audit which concentrates on the financial ,
operational and Value for Money controls over the Waste Disposal
Function. This audit will take place in the 1st quarter of the year.

Leisure Facilities Contracts 15 Days

This audit will review the contract monitoring of the Councils Leisure
Facilities Contracts. This audit will be carried out in November.

30

L E G A L & AD M I N I S T R AT I V E S E R V I C E S
The following projects are proposed in 2007/08:
1

Street Trading Medium Risk 15 Days

An audit will be carried out in respect of financial and operational controls
over Street Trading Licensing . In particular billing and collection systems
will be examined and annual fees will be examined. This audit will take
place in the 1st quarter of the year. This audit will be coordinated with work
carried out in the Community Protection Department

Land Charges 14 Days Medium Risk

This audit will review the internal controls in place to ensure the control
framework for administering the land charges system is adequate
particularly in respect of income recovery.

Control of Contract Costs Medium Risk 12 Days

As a result of a departmental request an audit of contract costs incurred has
been included in the plan for 2007/08. The audit will be targeted at ensuring
that a control framework exists to ensure payments made to contractors
were fully in accordance with the terms and conditions of the contract. The
audit will include an examination of
the systems operated within
Departments to spend devolved legal budgets and a review to ensure that
departments are commissioning external legal services in compliance with
the contracts let by the Legal and Administrative Services Department

31

CHILDRENS SERVICES
The following projects are proposed in 2007/08:
SCHOOLS
1

School Audits
A programme of school audits is carried out on a three year rolling
programme. Schools are audited against the Ofsted / Audit Commission
guidelines for financial controls in Schools. In addition the Department for
Education and Skills requires all schools to be accredited as compliant
with its new financial standards once every 3 years. The new standards
are an enhancement to the previous guidelines. The Director of Finance
and Resources is required to certify the number of schools reaching the
standard at the end of each financial year. The review and certification
process at each school will be carried out as part of the internal audit. 5
days are allocated for each primary school audit and 6.5 days for each
secondary school audit. The complete list of schools to be audited in
2007/8 is:
Schools:
St. Augustines CE Primary School
Gateway School
George Eliot Infants School
George Eliot Juniors School
St. Barnabas CE School
St. Edwards RC
St. Gabriels School
St. Vincents RC School
Wilberforce School
All Souls
Barrow Hill
Burdett Coutts
Chistchurch Bentinck
Churchill Gardens
Essendine School
Hallfield Infants School
Hallfield Junior School
Hampden Gurney School
St Marys Paddington Hospital Class (audit only)
Pimlico School (charged March 07)

32

Recoupment (inc Ind School Fees) Low Risk- 5 Days

This audit will review the system for ensuring all appropriate recruitment
costs are identifed , recharged , collected and reconciled.

3.

Home to School Transport Low Risk 14 Days

Home to School Transport Costs will be examined to ensure adequate
systems are in place to ensure Value For Money is obtained.

Education other than Schools Low Risk - 14 Days

The provision and payment for specialised Education other than at
Schools will be examined to ensure that adequate financial and
administrative controls are in place.

Payments to Foster Carers inc Child Minders Medium Risk 12 Days

An audit will take place of the operational and financial controls over the
payments made to Foster Carers

Children & Families Team incl Sect 17 paymt Medium Risk - 12 Days
The scope of this audit will be decided after a risk review carried out in
conjunction with line management responsible for this area

LIFELONG LEARNING
7

Adult Education Service Medium Risk- 16 Days

Scope of this audit is to be agreed. It is likely to focus on the financial
control and assurance framework at the Adult Education Service. This audit
is likely to be reported as part of the Adult Services Audit Plan.

33

HOUSING
The following projects are proposed in 2007/08

HOUSING REVENUE ACCOUNT AUDITS (CITYWEST HOMES

AUDITS)
1

Tenant Management Organisations Medium Risk-13 Days

TMOS are run by residents. This audit may be either a broad financial
controls audit or may concentrate on problems identified in previous
years. The under-performance or failure of TMOs has been identified
as a key risk in the risk register. This risk is to be mitigated by close
monitoring of performance, governance and finances. Line
Management will be consulted as to which organisations are reviewed
and the frequency of review which should be no more than every two
years for TMOs carrying out major works. Key issues to be covered in
07/08 include Voids and Procurement. This audit will take place in the
second six months of the year.

Housing Rents Collection/Arrears High Risk 13 Days

This is a core financial audit . The audit will focus on the financial
control framework in respect of collection, accounting for and
reconciliation of rent, and the recovery of arrears.

IT Strategy Review including Business Continuity

arrangements. (HRA) Medium risk 10 Days
An IT review will take place of CWHs IT strategy in respect of HRA IT
systems including arrangements for IT Disaster recovery and
Business Continuity arrangements. This audit was scheduled to take
place in 2006/07 but was postponed to allow a business review to
take place. This audit will take place in the first half of the financial
year with the focus on disaster recovery.

Major Works (HRA) Medium Risk - 16 Days)

This will be a contract audit of the project planning , contract letting
and project control mechanisms within CWH. Issues to be examined
include achievement of capital programme targets and delivery of
agreed coast savings

34

Estates (Housing Management) (HRA) Medium Risk- 16 Days

This audit will review the management of Housing estates from a
financial and operational perspective

Academy OHMS interface Medium Risk 14 Days

This audit will review the interfaces between OHMS and the Academy
Housing Benefit System. This audit was postponed from 2006/07 to
allow for new data reconciliation and transfer processes.

7.

Verification of Tenancies Medium Risk 16 Days

A systems audit will take place of the procedures in place to ensure
only bona fide tenants are in residence in Council properties. This
audit will take place in the first quarter and concentrate on street
properties

Housing General Fund Proposed Audits

1.

Housing Options Medium Risk 15 Days

The audit will focus on a review of systems and controls relating to
rent accounting in the HOS. Precise scope of the audit will be agreed
with management prior to commencement.

Homelessness Applications High Risk 15 Days

The audit will whether mechanisms for ensuring eligibility are effective
and whether controls can be put in place to pick up patterns of
unusual activity which are indicative of fraud.

35

AD U LT S O C I AL C AR E a n d H E ALTH
The following projects are proposed in 2007/08:
1

Pooled Budgets Older People, JLDT , Disability Medium Risk 15

Days
A review will take place of the extent to which financial and operational
control is maintained over pooled budgets in this area. In other areas where
pooled budgets are used problems have been experienced with joint
accountability.

2.

Taxi Cards Medium Risk - Medium Risk - 12 Days

The financial and operational control framework concerning use and
payment for taxi cards will be carried out.

To be allocated within Department - Grants to Voluntary Organisations

Medium Risk 15 Days
At the request of the Audit and Performance Committee Process and Audit
Working Group a review of the effectiveness of the councils systems for
ensuring that Voluntary bodies deliver the outcomes for which the grant
was intended. The precise scope of this audit will be agreed with
management. It is likely to include detailed verification of the performance
and outcome information provided by specific voluntary bodies. The
effectiveness of monitoring of performance against Service Level
agreements will also be included. This audit is likely to be reported as part
of the Childrens Services Audit Plan. This audit may need to be carried
out in the second six months of the year as Service Level Agreements are
currently being put in place

36

COMMUNITY PROTECTION (S CODES)

The following projects are proposed in 2007/08:
1

Food Safety Inspections High Risk - 16 Days

This audit will review compliance with financial, operational and legal
requirements in respect of Food Safety requirements.

2.

Civic Watch Medium Risk 10 Days

As this is a unique local authority service the precise scope of the audit will
be agreed with line management prior to the commencement of the review.
Prior to the audit commencing a risk assessment of auditable areas within
Civic Watch will be conducted to ensure the audit adds value. Potential
auditable issues include the achievement of corporate objectives and
financial management.

3.

Licensing Medium Risk 20 Days

This audit will take place in the last quarter of the financial year and will
address issues surrounding the prosecution policy and whether the
processes supporting it are fit for purpose. A separate review of financial
processes relating to St. Trading fees will be carried out prior to the transfer
of work from Legal and Administrative Services to Community Protection
and is included in the Legal and Administrative Services audit programme.

37

Appendix B
CITY OF WESTMINSTER DRAFT PROACTIVE ANTI-FRAUD PLAN 2007/08
TYPE OF
ACTIVITY AND
OBJECTIVES
FRAUD
AWARENESS
(EXTERNAL)
To provide ongoing
publicity for the
Councils
Freephone Fraud
Hotline,
encouraging
members of the
public to report
suspected
fraud
against the Council.
To deter those who
might
seek
to
commit
fraud
against the City
Council.

INITIATIVE & METHOD OF DELIVERY

Refresh and reinforce the 2006/07 poster and leaflet campaign in all Council public
buildings
The aim of this years work is to ensure that the posters are being displayed in all public sites
including those listed below and to ensure that the leaflets are readily available to members
of the public and sufficient stocks are in situ for the coming year. Managers at each of the
sites will also be encouraged to give early warning of reduced leaflet stocks.

In association with the above, use the leaflets advertising the Fraud Hotline in
conjunction with other Council activity.
The aim of this work is to provide the fraud hotline leaflets to a much wider audience
(emphasis on residents but also businesses), inserting them with other posted materials and
especially reaching those who may not ordinarily visit the Councils offices. Methods for
delivery include:
Electoral Registration canvassing
Renewal of Residents Parking permits / Disabled Persons Badges
Housing Benefit Applications
Housing correspondence
Council tax demands
NNDR demands
Other renewal applications and demands (yet to be identified)

38

Project
Arisin
g From
Good
Practice /
Ongoing
Prominence

Planned

Estimated

Delivery

Budget

Reminders to
managers once
per Quarter
throughout
2007/08.

1 day
.

Visits by
Investigation staff
throughout the
year. Each site to
have a minimum
of one visit per
quarter.

Good
Practice /
Ongoing
Prominence

Dependent upon
timing of the
renewals/deman
d activity and
what methods
have been used
in 2006/07.

3 days

TYPE OF
ACTIVITY AND
OBJECTIVES

INITIATIVE & METHOD OF DELIVERY

Ensure that as many relevant application forms as possible carry the City Councils
Freephone Fraud Hotline number.
The City Council provides the ability to members of the public and businesses to apply for a
raft of services over the internet using on-line application facilities and downloadable
applications. There are several hundred listed on the Councils web-site. The aim of this
work is to review the facilities provided and to identify 20 applications where the fraud hotline
could / should be incorporated. Identified forms will have all versions amended to include
provision of the hotline number.

Obtain space and write relevant articles in Council monthly / quarterly magazines and
newsletters such as The Reporter or City West News.
Continue to obtain publicity (press) for successful prosecutions including the
provision of the Councils hotline number.
The aim of this work is to consider all potential opportunities for press releases on successful
prosecutions and to ensure that releases include reference to the City Councils freephone
fraud hotline. In addition opportunities will also be taken to inform Council staff of the
outcome of fraud investigation in order to demonstrate that the Council takes fraud seriously
and warn of possible frauds to which the Council may be subject.
Continue to improve / reinforce the entries on the Councils A-Z of Services and Wire
and Internet relating to reporting a fraud.
The aim of this work is to review and refresh, where necessary, sections in the Councils Web
site, intranet facility and also the printed version of the A-Z of services relating to reporting
fraud.

39

Project
Arisin
g From
Good
Practice /
Ongoing
Prominence

Good
Practice /
Ongoing
Prominence
Good
Practice /
Ongoing
Prominence

Good
Practice /
Ongoing
Prominence

Planned

Estimated

Delivery
Commencing 1
quarter of
2007/08.

Budget
st

By the end of the

2nd Quarter all
relevant forms to
have been
amended subject
any print lead
times and current
stock holding.
During the first
half of 2007/08.

4 Days

2 days

Ongoing
throughout
2007/08 as and
when there is
benefit in
publicising good
results.

2 days

1st quarter of
2007/08

1 day

TYPE OF
ACTIVITY AND
OBJECTIVES

INITIATIVE & METHOD OF DELIVERY

FRAUD
AWARENESS
(INTERNAL)

To obtain confirmation from all staff, managers, chief officers and members of their
understanding and acceptance of the Councils anti-fraud policy and strategy and other
related policies including the Councils whistle-blowing and money laundering policies.

To raise internal
awareness of the
Councils stance
on fraud,
responsibilities
for reporting and
how to report a
fraud.

To complement the above or in place of the above consideration will be given to separate
methods of communicating anti-fraud responsibilities including presentations and workshops
as appropriate. This work will be coordinated with other internal audit work on Governance
arrangements , particularly in respect of policy awareness.

To encourage
members of staff
and contractors to
report concerns.
To continue to
strengthen the
Councils antifraud culture.
INTELLIGENCE
GATHERING
To provide data
analysis and
information that
may identify areas
of potential fraud
for proactive
attention.

Carry out a Surgery or open afternoon where members of Internal Audit and the Fraud
Team are available for general advice or guidance to chief officers, managers, staff, and
contractors staff. Copies of the Councils relevant policies would be made available as well
as any other promotional material about the Councils hotline and on-line fraud reporting
facilities.

Project
Arisin
g From
Good
Practice /
Ongoing
Prominence

Planned

Estimated

Delivery

Budget

Dependent on
the product
availability, likely
that a phased
approach
throughout
2007/08 will take
place.

15 days

Good
Practice /
Ongoing
Prominence

Throughout
2007/08.

2 days

Good Practice

Ongoing

Part of normal
service
delivery

Good
Practice /
Ongoing
Prominence

3rd Quarter so as
to allow any
issues arising to
be incorporated
into the 2008/09
programme.

3 days

The aim of the surgery / open afternoon would be to provide a dedicated time (advertised
widely in advance) when those working for the Council have the opportunity to meet Internal
Audit and Fraud staff, report fraud, raise concerns, discuss fraud related / control issues etc.
The surgeries would take place at two or three key locations across the Council. Although,
only one location will be covered each year.
Formal monthly Internal Audit and Fraud Team briefings
Identifying any possible areas of concern for immediate or later inclusion in the proactive anti
fraud plan.
Survey Staff and Managers
Consider survey of staff and managers actively inviting them to help identify potential
systems or areas of concern.
NOTE: This activity may be dependant on the results of the survey carried out as part of the
2006/07 anti-fraud proactive plan.

40

TYPE OF
ACTIVITY AND
OBJECTIVES

INITIATIVE & METHOD OF DELIVERY

Fraud Team intelligence

Project
Arisin
g From
Good Practice

Planned

Estimated

Delivery

Budget

Ongoing

Part of normal
service
delivery

Good Practice

2nd / 3rd Quarter

3 Days
(extended to 5
days if a forum
is arranged)

Good Practice

Throughout
2007/08

8 days

Good Practice

Ongoing, mostly
4th Quarter

2 days

Good practice
inherent

Staged across
the full year.

5 days

This work involves gathering information about the results of reactive referrals, identifying any
emerging trends or areas of concern that could / should be included in future proactive plans.
In addition, topics covered at regular forums such as LBFIG, The London Public Sector Fraud
Partnership, CIPFA, LAIOG, NAFN that have a potential impact on anti-fraud proactive plans
will be included as building intelligence for future planned activity.
Follow up questionnaire to other Local Authorities (and other public bodies) in London
This work involves obtaining information from across London, especially Counter Fraud and
Internal Audit teams to establish any potential areas of common risk that should be
addressed by proactive activity. In carrying out this work reference will be made to the Audit
Commission to determine whether there are emerging trends elsewhere as part of their work.

To carry out
Follow Up

The 2006/07 questionnaire will be refreshed taking on board comments made by those who
participated in that exercise. In addition, given the comments made in the 2006/07
questionnaire it may be appropriate to set up a half yearly forum for interested London Local
Authorities to discuss specific proactive fraud related topics.
Follow up Recommendations arising from Investigations during 2006/07
In each case where recommendations are made for improvements following an investigation
a follow up will take place. This follow up will aim to determine the extent to which
recommendations have been implemented. At the end of 2006/07 the 2007/08 plan will be
populated with those areas where follow up activity is due and throughout the year any
additional follow up planned during 2007/8 will also be included as it arises.
Proactive plan for 2007/08

PROACTIVE
PROJECT
INITIATIVES

To identify projects, other than those which may be identified as a result of the exercises set
out below, that should be included in the 2008/09 proactive plan and to formulate a draft plan
with indicative inputs.
Identification of significant income streams
The purpose of this exercise is to identify all significant sources of the Councils income and
obtain a break down (for each source) of the method of income i.e. cash, cheque or credit

41

TYPE OF
ACTIVITY AND
OBJECTIVES

INITIATIVE & METHOD OF DELIVERY

Individual projects
aimed at high
risk areas and
designed to
identify whether
fraudulent activity
is taking place.

card. For the purpose of this exercise significant income is defined as that where individual
transactions are greater than 1,000 or total annual income is greater than 50,000. A
systematic evaluation of the risk of fraud / theft for all such sources of income will then take
place assessing vulnerability to fraud. Particular emphasis will be placed on transactions
carried out by the Council with individuals rather than organisations. Specific attention will be
given to those sources that are composed of a significant level of cash income. The results of
this exercise will be used to determine further exercises for future proactive plans.

Project
Arisin
g From
risks.

Planned

Estimated

Delivery

Budget

Risk
assessment
and previous
fraud referrals

1st / 2nd Quarter

10 days

Risk
assessment
and previous
fraud referrals

2nd Quarter

7 days

Refunds
The purpose of this exercise is to detect any potential or actual fraudulent refunds made and
will be undertaken in the following way:
Determine if there are any areas within the Council that have a system for making refunds
that does not involve WIMS, including credit card charge-backs.
Where such systems are identified the following work will be carried out:
1)
2)
3)

Obtain an understanding of the system to verify that refunds are being appropriately
authorised and there is an adequate separation of duties;
Test a sample of refunds to ensure that each refund can be associated with a previous
payment and that payments are being made to a legitimate customer and for a legitimate
reason;
Test overall value of refunds by comparing total value of refunds to income in a specific
period and by looking at trend in value of incomes over a period of time e.g. 1 year.

Homeless Housing Applications

The purpose of this exercise is to check that Council Housing is not being allocated to people
who are not entitled either due to a lack of diligence or fraud by staff. The exercise will be
undertaken in the following way:
A sample of current Housing applications from people who have declared themselves as
homeless are tested in the following way:
1)

Verification of applicants last declared address(es) and the reason they were made
homeless from their most recent address;

42

TYPE OF
ACTIVITY AND
OBJECTIVES

INITIATIVE & METHOD OF DELIVERY

2)
3)
4)

Project
Arisin
g From

Planned

Estimated

Delivery

Budget

Risk
assessment
and previous
fraud referrals

3rd Quarter

8 days

Risk
assessment
and previous
fraud referrals

4th Quarter

6 days

Matches carried

6 days

Check applicants name on 192.com, Council Tax, Land-Registry to confirm that they are
not connected with any other, unknown address(es);
Verification of the validity of any documents supplied to support application, particularly
on medical grounds;
Check that the correct amount of points have been accrued in respect of Choice Based
Lettings scheme.

Procurement
The purpose of this proactive exercise is to identify that purchases made n behalf of the
Council are made for a legitimate business need. This exercise will involve (but not limited
to) the following:
1)
2)
3)
4)

Identification of high volume items

Identification of portable (saleable) equipment
Tracing items through from specification, order to supply
Confirming the physical location / presence of purchases

Section 17 Payments
The purpose of this exercise is to identify the range of Section 17 payments made to
qualifying individuals and to carry out testing to determine whether:
1)
2)
3)
Individual projects
aimed at high
risk areas and
designed to
identify whether
fraudulent activity
is taking place.

They qualify i.e. have children

The individuals are entitled to other welfare benefit assistance
There are no fictitious applicants

Data Matching Council Tax , Electoral Registration, Residents Parking Database

Subject to confirmation of legalities with the Audit Commission a comparison of data held on
the above systems will take place to identify potential anomalies for investigation

Suggestion of
audit and
Process
Working Group

Specific Housing Benefit Proactive anti-fraud projects.

Throughout 2007/8 a number of proactive projects aimed at identifying potential Housing
Benefit fraud will take place. the projects for 2007/08 include:

43

TYPE OF
ACTIVITY AND
OBJECTIVES

INITIATIVE & METHOD OF DELIVERY

Project
Arisin
g From

Planned

Estimated

Delivery

Budget

out once per

quarter
Good practice /
previous fraud
referrals

Right to buy applications

This activity is aimed at data matching applicants for the Right to Buy and Housing Benefit
claimants. This checking can identify HB claimants who have an undeclared source of
income (means to purchase the property) and also to identify sales which end entitlement to
Housing Benefit.

Matches carried
out twice per
year

2 days

Every month
throughout
2007/08

10 days

Good practice /
previous fraud
referrals

Licensing Applications / Stall Holders

This activity is aimed at data matching applications for licensed pitch holding and Housing
Benefit claimants. This checking can identify HB claimants who have not declared their
work / income status when making claims to benefit.

Good practice /
previous fraud
referrals

Uncashed HB Cheques
Uncashed cheques sent to a benefit claimant or (landlord) can indicate that the claimant no
longer resides at the property, has other financial means, the landlords address is incorrect,
the claim etc. On a monthly basis a list of uncashed cheques will be obtained and checks
carried out including analysis of the Academy, EDMS and RAT terminal (DCI) to determine
any factors which could identify the reason. Where it is considered necessary investigations
will be carried out to determine whether there are grounds to suspect fraudulent activity.

44