Contact: Ejner Knudsen, ext 7403, email [email protected]

1 Introduction

1.1 This report summarises:

· Progress against the Hampshire County Council's internal audit plan for 2004/05.

· An update on action taken by management to address the issues raised in the Hampshire County Council annual internal audit opinion for 2003/04.

· Significant matters arising from 2004/05 internal audit work.

· Priorities for the remainder of 2004/05.

1 Progress against the internal audit plan for 2004/05

1.1 The 2004/05 internal audit plan was prepared in line with the internal audit strategy that was agreed by members of the Standards Committee in January 2003 and updated in 2004. The original plan totalled 3200 days and, in addition, 173 days of work in progress was carried forward from last year. Just under half the year's plan has been delivered to date as shown in table 1 below.

Table 1 - summary of audit days delivered 1 April 2004 to 30 September 2004

1.2 A summary of the audit opinions given to date for each department is included in Appendix A.

2 Action taken by management to address the issues raised in the Hampshire County Council annual internal audit opinion for 2003/04

2.1 The 2003/04 annual internal audit opinion reported to members of the Standards Committee in July 2004, raised concerns in the following areas:

· Social Services

· SAP development

· IT security

o computer suite

o viruses

o corporate information security

· Business continuity

· Criminal Records Bureau pre-employment checks

· Governance

o documented schemes of delegation

o documentation of partnership arrangements.

2.2 The 2004/05 internal audit plan includes time to follow-up these issues and work is in progress in some areas. However, an update on progress is summarised below and the full results of follow-up work will be included in the annual internal audit opinion which will be presented to members in July 2005.

Social Services

Children's services

2.3 Our 2002/03 annual internal audit opinion raised significant concerns about the failure to use a central approved supplier list for children's services. At this time a Contract Support Manager (Children and Families) had been appointed and was in the process of compiling an approved list of suppliers for children's services. Our follow up work has shown that this issue remains unresolved. A database of providers is being set up in conjunction with 18 other local authorities, however at present only 12 have signed up to this and the group are waiting for another six to join before proceeding.

Regulation 38 foster carers

2.4 Concerns were also raised regarding the procedures for placing children with Regulation 38 foster carers, in particular the time taken to approve the placement by the Foster Carers panel. A shortened assessment has since been put into place for the approval of Regulation 38 foster carers. This assessment consists of an appraisal of the carer and police and medical checks. There is a six week target for completing these checks, although in reality the police and medical checks are sometimes taking longer. Discussions with staff have shown that there are fewer cases going over the six week period, but there are still some issues to resolve. Management consider that regular use of the workload management facilities within the new SWIFT system will improve these timescales further.

SAP Development

2.5 A major upgrade of SAP was undertaken in October 2004. This resulted in a freeze on development during the year and has limited progress possible in developing controls further. However:

· work continues on the reconciliation of the payroll holding accounts

· the payroll business process innovation project is continuing to define the detailed processes and procedures

· since March 2004, high risk payroll data is checked on screen and using individual reports. Further reports are included on the list of required developments for the year

· the Enterprise team will progress the review of user roles and access rights to ensure that access is secured and in line with business needs and legislation. This is an ongoing, major review, which will cover all users.

Audit work in this area is ongoing and a further update will be included in the annual internal audit report.

IT Services

2.6 Follow-up work to assess progress made by management on the issues surrounding virus protection and corporate information security is currently in progress.

2.7 The 2003/04 annual internal audit report raised concern that there is no secondary power supply to the main computer centre. Work has been carried out to develop a list of critical business systems and IT Services are currently reviewing possible solutions. Longer term plans to provide a solution to IT disaster recovery still need to be resolved.

Criminal Records Bureau pre - employment checks

2.8 Reviews of HC3S payroll, children and families purchasing and Regulation 38 foster carers in 2003/04, raised concerns that CRB checks are not always carried out to confirm the suitability of applicants. As highlighted in paragraph 3.4, police checks are now requested for all Regulation 38 foster carers, however the results of these checks are taking longer than six weeks to be returned to the department. The response from the Police CRB office puts the delays down to a slow response from local police offices.

2.9 The database for children's services referred to in paragraph 3.3 should also help to improve the quality of checks on providers. All providers will be subject to basic checks, including checks that the providers are registered with the Commission for Social Care Inspection (CSCI). One of the requirements of CSCI registration is that the provider must have evidence of a satisfactory CRB check at an enhanced level.

2.10 Further work is planned to check compliance with the controls in HC3S.

Corporate Governance

2.11 As indicated in section 5, our reviews of corporate governance arrangements are planned for the remainder of the year and this will include follow up of the issues raised in the 2003/04 annual internal audit report. To assist with the documentation of the established schemes of delegation in place within departments, a standard approach and format has been developed by the Chief Executive's department and will be circulated to Chief Officers in December 2004.

3 Significant matters arising from 2004/05 internal audit work

3.1 Details of the level of control and the main issues identified between April and September 2004 are given in appendix B which is not for publication by virtue of paragraph 14 of Part I of Schedule 12A of the Local Government Act 1972. Appropriate action has been agreed by relevant managers to address these issues and progress is being monitored. To date, significant issues have been found in respect of the areas outlined below.

Social Services

Data protection

3.2 Concerns were raised during the course of a data protection audit as subject access requests are not always being actioned with the statutory 40 day period. In response, Social Services management have employed temporary staff to clear the backlog of requests so that the statutory 40 day period can be complied with.

Non county placements

3.3 An audit of non county placements for children and families highlighted that there is insufficient evidence on file to confirm that the quality of providers used has been thoroughly checked. In addition HCC tendering and contracting procedures had not always been adhered to. These issues are the same as those raised in 2003/04 relating to children and families purchasing arrangements and should be addressed once the database referred to in paragraph 3.3 is up and running.

Irregularities

3.4 A number of irregularities have been investigated during the year. Whilst none of the incidents have resulted in material loss, some common themes have emerged, particularly relating to theft of cash or property from County Council offices, accounting for residents' property in Social Services establishments and misuse of blue badges.

4 Priorities for the remainder of 2004/05

4.1 During the first half of the financial year internal audit work mainly focused on establishment visits and some departmental systems. During the second half of the year internal audit attention will turn to key financial systems audits. This is to allow audit samples to be drawn from a greater number of transactions. This work will include the central payroll, creditors, asset register and main accounting systems.

4.2 In line with the internal audit strategy and other reports to members on monitoring compliance with the Code of Corporate Governance, internal audit work will be carried out during the period December 2004 to March 2005 in order to provide an opinion on the effectiveness of corporate governance and the extent of compliance in departments and the County Council as a whole. The results of this work will be included in the annual internal audit opinion for 2004/05 which will be presented to members in July 2005.

5 Recommendation

5.1 That the Governance Committee notes the progress of internal audit work during 2004/05 and notes the key issues arising from that work.

Section 100 D - Local Government Act 1972 - background papers

The following documents disclose facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of this report.

NB the list excludes:

Published works.

Documents which disclose exempt or confidential information as defined in the Act.

TITLE FILE

None

Appendix A

Internal audit opinions for work delivered between April 2004 and October 2004

Audit opinion definitions