Agenda item
Audit and Anti-Fraud Progress Report to September 2022
Decision:
RESOLVED:
1. to consider and note the progress and performance of the Audit & Anti Fraud Service to 30 September 2023 (Appendices 1 - 4). A summary of the draft recommendations affecting the Internal Audit service that have resulted from a recent external assessment are attached for information at Appendix 7.
2. to approve the updated (a) Anti-Fraud and Corruption Policy; and (b) Surveillance and Communications Data Policy and Procedures at Appendices 5 and 6.
Minutes:
8.1 The report was introduced by the Corporate Head of Audit, Anti-Fraud and Risk Management, and the Internal Audit Manager, who highlighted that:
50% of the plan was in progress, ahead of the same time in 2022, when it was at 42%. This was despite the fact that there were more audits in this year’s plan.
In the 2022/23 Audit Plan there had been 22 deferrals, due to the impact of the cyber attack, but this year to date there had only been 5 deferrals. It was anticipated that the overall number of deferrals would remain lower than last year.
Overall the percentage of ‘limited’ or ‘no assurance’ reports was within the levels of the previous year, but it was noted that the inability to carry out an audit in recent years raised the level of concerns in and of itself.
· The Council was required to complete an external quality assessment every five years, and had completed its latest assessment since the last meeting of the Audit Committee. It was noted that the last assessment was in 2016, with the delay due to the pandemic and cyber attack.
· The Council was currently negotiating and agreeing the final outcomes, recommendations, and overall evaluation of that report. These were presented in appendix 7.
· In response, the internal audit improvement plan had been updated and of the 8 recommendations, 4 had been implemented, with reasons given for why some recommendations would not be acted upon.
· The most significant issue raised related to the number of deferrals in each of the last two years, though it was noted that the number of completed audits was in line with other London councils.
· The key risks on the Corporate Risk Register had all been audited.
· It was acknowledged that there may have been a higher likelihood of assurance issues in areas where audit work had been deferred.
· In relation to investigations, Parking outcomes were down as Enforcement Officers were, for some time, unable to access their systems that helped identify Blue Badge fraud. That access had returned.
· Related to tenancy, there were issues beyond investigation that had provided challenges, including capacity issues in Courts.
· The proposed Anti-Fraud and Corruption Policy set out the Council’s zero tolerance approach, and the responsibility that Members, staff, managers, and investigators had.
· Whistleblower contact details had also been updated and clarity was given about staff being able to contact more senior managers and their requirement to then contact Audit and Anti-Fraud.
· The Surveillance and Communications Data Policy and Procedures document set out the arrangements for surveillance and access to communication, but it was noted that the Council had not undertaken surveillance for many years, though there may be a requirement in the future.
· The Council subscribed to the National Anti-Fraud Network and is subject to inspection in relation to the use of powers provided by the Regulation of Investigatory Powers Act (RIPA). The most recent inspection was in August 2023 and the Council was assessed as being in compliance with the requirements.
· Additional guidance had been included on the conduct of test purchases, automatic numberplate recognition (ANPR), and non-RIPA surveillance.
· The requirement for any person seeking judicial approval to be authorised to represent the Council had also been included.
8.2 The Chair commended the work of Officers and highlighted the positive post-audit survey results. Members of the committee asked questions about the energy and carbon management of Hackney schools; No Recourse to Public Funds (NRPF); and, the use of ANPR in relation to Blue Badge use.
8.3 In response, the Internal Audit Manager, and the Corporate Head of Audit, Anti-Fraud and Risk Management confirmed that:
· The proposed Schools Energy and Carbon Management audit was included on the Audit Plan, and scoped, but during that process the re-evaluation of risk indicated that the possible risk level was not significant enough to require an audit.
· The number of NRPF referrals to the service had increased, but the number of outcomes were reported as being slightly under last year, but broadly consistent.
· In relation to surveillance, the Council had not used the powers available, and the example in the policy document regarding ANPR use to support a Blue Badge investigation was to indicate what was potentially available if there as a significantly serious concern and there was not a less intrusive way of resolving, but that to date the Council had always managed to resolve things in a less intrusive way, and have not had to resort to ANPR or surveillance activity.
· In relation to oversight and engagement with the public, there was a need to be mindful about not discussing investigation techniques in public.
RESOLVED: The Audit Committee to
· note the progress and performance of the Audit & Anti Fraud Service to 30 September 2023 (Appendices 1 - 4). A summary of the draft recommendations affecting the Internal Audit service that have resulted from a recent external assessment are attached for information at Appendix 7.
· approve the updated (a) Anti-Fraud and Corruption Policy; and (b) Surveillance and Communications Data Policy and Procedures at Appendices 5 and 6.
Supporting documents:
PDF 84 KB