Contact: Ejner Knudsen, ext 7403

1 Introduction

1.1 It is internal audit's opinion that Hampshire County Council has an appropriate framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the County Council's objectives. Audit testing has shown controls to be working in practice, with some specific exceptions. Where improvements to controls or compliance are required, we are satisfied that appropriate action has been agreed by relevant managers and that they will be resolved in an appropriate manner.

1.2 The following paragraphs explain how we arrived at this opinion.

1 Background

1.1 From 2002/03 the Code of Practice on Local Authority Accounting in the United Kingdom has required the County Treasurer to sign a statement on the system of internal financial control as a note to the published accounts. From 2003/04, the Leader and Chief Executive are now required to sign a more general statement of internal control replacing the previous one. To support this process, the Chief Internal Auditor is required to provide an independent opinion on the adequacy and effectiveness of the system of internal control operating in each department and in the County Council as a whole.

1.2 This assurance has been appended to the annual accounts for each department for presentation to Executive Members. An overall assurance statement for the County Council as a whole is attached at Appendix A.

1.3 It is a management responsibility to develop and maintain the internal control framework, and to ensure that the County Council's resources are properly applied. Internal audit is an assurance function that primarily provides an independent and objective opinion to the County Council on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the County Council's objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources. (source: Chartered Institute of Public Finance and Accountancy - Code of Practice for Internal Audit in the United Kingdom 2003)

2 Objectives

2.1 This report will outline the level of assurance that we are able to provide, based on the internal audit work completed during the year. It will:

· give an opinion on the overall adequacy and effectiveness of the County Council's internal control environment

· disclose any qualification to that opinion, together with the reasons for the qualification

· present a summary of the audit work undertaken to formulate the opinion, including reliance placed on work by other assurance bodies

· draw attention to any issues the Chief Internal Auditor judges particularly relevant to the preparation of the statement on internal control

· compare the work actually undertaken with the work that was planned and summarise the performance of the internal audit function against performance measures and criteria

· comment on compliance with these standards and communicate the results of the internal audit quality assurance programme.

3 Audit approach

3.1 A summary outlining the audit approach and audit delivery during 2005/06 is provided in Appendix B.

3.2 Detailed reports, giving our conclusion on each of the systems examined have been issued to individual managers who have considered each report and provided a management response. This report provides an opinion on the overall control framework using the following terms which are defined in Appendix C:

· comprehensive

· appropriate

· incomplete

· inadequate.

4 Overall assurance

4.1 It is internal audit's opinion that Hampshire County Council has an appropriate framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the County Council's objectives. Audit testing has shown controls to be working in practice with some specific exceptions. Where improvements to controls or compliance are required, we are satisfied that appropriate action has been agreed by relevant managers and that they will be resolved in an appropriate manner.

4.2 There has been no change in the overall level of assurance provided compared to that given in our 2004/05 annual internal audit opinion.

4.3 It is particularly pleasing to note continued improvement in assurance levels for all of the key financial systems, which remain a fundamental part of the overall opinion.

4.4 During 2005/06, major organisational change has affected many of the County Council's departments and the impact of restructuring on management and system controls is evident in our internal audit findings. The ongoing impact on the adequacy and effectiveness of the control framework will be reviewed during 2006/07.

5 Issues raised during 2005/06

Main Findings

5.1 Details of the level of control and the main issues identified across all departments in 2005/06 is given in Appendix D which is not for publication by virtue of paragraph 7 of Part I of Schedule 12A of the Local Government Act 1972. Concerns regarding the system of internal control were raised in respect of the areas outlined below. Appropriate action has been agreed by relevant managers to address these issues and progress is being monitored.

5.2 Our follow-up of audit findings raised in 2004/05 audit reports confirmed that progress had been made during 2005/06 and appropriate action had generally been taken in respect of the recommendations made. An update on the issues raised in the 2004/05 annual audit report is included below.

5.3 We will review the implementation of audit recommendations made in 2005/06 as part of our 2006/07 audit plan.

Adult Services budget

5.4 In February 2006 the department reported an expected £11.1 million overspend and it was established, through client demand statistics and growing evidence, that management actions were not going to effectively address the increasing size of the overspend. This raised concerns over the effectiveness of the analysis and reporting of results and the escalation process with regard to the significant budget pressures. Increased client demands and funding pressures will need to be urgently reviewed in 2006/07 to manage the ongoing impact on the Adult Services budget.

Pay and benefits

5.5 Our review of the Pay and Benefits project highlighted a lack of consistency in the approaches taken by departments to checking the information supplied by the Pay and Benefits Project Team and significant variations in the extent and evidencing of checking undertaken. We intend to work closely with the Pay and Benefits Project Team during 2006/07 to advise on checking processes and undertake compliance testing within the departments prior to implementation.

CRB checks

5.6 In our 2004/05 annual audit opinion, we reported that we were unable to provide assurance that the County Council was operating in accordance with current legislation with regards to the CRB policy.

5.7 Our 2005/06 audit work confirmed significant progress has been made and a CRB policy, which complies with current legislation and covers pre-employment and re-checks, is now in draft form and will be considered by the Human Resources departmental management team on 26 July 2006. Chief Officers will then be consulted on the specific arrangements for their own departments with a view to taking the policy to Executive members for approval in September 2006. Further detail is included in a report from the Human Resources department, also being considered by the Governance Committee on 28 June 2006.

5.8 Our audit testing during 2005/06 concluded that the Human Resources department is complying with the draft policy on pre-employment checks to ensure that CRB applications are made, tracked and handled appropriately and we are therefore satisfied that the controls outlined in the draft policy are operating in practice.

5.9 In addition, the Human Resources department have recently had a CRB assurance visit, and the inspecting officer concluded that he was confident that the department is acting in accordance with the CRB's Code of Practice in respect of the operational side of applying for CRB checks. This supports the results of the internal audit work and provides further assurance that pre-employment checks are being carried out in line with the draft policy.

5.10 However, audit testing during 2005/06 has highlighted some new areas of concern, not falling within the remit of pre-employment checks carried out by the Human Resources department, for example voluntary and contract workers used directly by departments.

5.11 In 2004/05 we also reported in our audit opinion for Social Services department that our review of Children and Families Purchasing found inadequate CRB checking of providers. Discussions with staff had shown that all providers on the database had Form A approval and although this ensured that all necessary checks on staff had been carried out to obtain CSCI registration, CSCI maintained that the registration should not be used on its own and that local authorities needed to undertake their own checks regarding CRB clearances. Our follow up review in 2005/06 found that controls relating to the checking of residential providers before inclusion on the database were still incomplete, with the risk that inappropriate providers may be employed.

5.12 These issues will be followed up during our 2006/07 audit work to ensure that the remaining specific departmental risks are addressed.

SAP access

5.13 Concerns were raised in the 2004/05 annual internal audit report about weaknesses in the process of requesting access to SAP. We found that there were varieties of practice between departments, and a particular concern was that Authorised Requesters had not received training, and did not feel they had the knowledge required to ensure that they only requested access appropriate to a user's role. In August 2005 the Enterprise Steering Group agreed to a number of proposed steps to address the issues, and we agreed to provide input and support.

5.14 A number of actions have already been taken, however some powerful SAP access rights are still not being adequately monitored and controlled. It is therefore essential that the momentum of the project is maintained.

Computer suite

5.15 Our review of Business Continuity found that there is still no fallback site for use in the event of an emergency, although we acknowledge that proposals have been made to address this.

VAT

5.16 During 2005/06 concerns were raised regarding the validity of some VAT invoices raised by County Council departments due to limited information recorded regarding the type of supply and VAT category applied. The County Treasurer is reviewing the adequacy of existing system reports to validate the output tax and further testing will be carried out to assess the significance of these issues and the action required.

Information security management

5.17 The last three years' annual reports have raised concerns affecting corporate information security. The Security Managers Group is now meeting regularly after a hiatus, and action is being taken regarding the implementation of the IT security framework, which was developed in 2004. Strong leadership is required at a corporate level to manage the risks in this area.

Irregularities

5.18 2005-06 saw a significant increase in the number of reported cases of potential irregularities. Of the 39 potential irregularities, 31 related to Children's Services. Our analysis found that eight related to the investigation of consultancy payments and allowances to school staff, and nine were associated with the purchase of goods and services from one organisation closely linked with a Hampshire school.

5.19 Management action has been initiated to clarify the County Council's requirements regarding consultancy activity and financial management by Headteachers.

5.20 The County Council is determined to discharge its responsibilities to safeguard public funds and will not tolerate fraud, corruption or other irregularities, regardless of the perpetrator. The County Council is committed to the highest ethical standards and believes strongly in the honesty and integrity of its Members and employees and has achieved a reputation for maintaining effective systems of control. As outlined in the Corporate Anti-Fraud and Corruption Strategy, the County Council will take appropriate action where fraud or corruption is detected.

Common findings

5.21 There is a risk that the resumption of effective operation of some departments and individual establishments could be delayed following a major disaster due to the lack of business continuity and disaster recovery plans.

6 Recommendations

6.1 That the Governance Committee accept the internal audit assurance statement for 2005/06 detailed in Appendix A.

6.2 That progress of management actions to resolve the issues in paragraphs 6.4 to 6.18 be reported mid-year to the Governance Committee.

Section 100 D - Local Government Act 1972 - background papers

The following documents disclose facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of this report.

NB the list excludes:

Published works.

Documents which disclose exempt or confidential information as defined in the Act.

TITLE FILE

Nil.

Hampshire County Council Appendix A

Assurance statement for the year ended 31 March 2006

Introduction

The Accounts and Audit Regulation 2003 require the County Treasurer to maintain an adequate and effective system of internal audit.

From 2002/03 the Code of Practice on Local Authority Accounting in the United Kingdom has required the County Treasurer to sign a statement on the system of internal financial control as a note to the published accounts. From 2003/04, the Leader and Chief Executive are now required to sign a more general statement of internal control, replacing the previous one. To support this process, the Chief Internal Auditor is required to provide an independent opinion on the adequacy and effectiveness of the control environment, comprising risk management, control and governance for each department and the County Council as a whole.

Responsibilities

It is a management responsibility to develop and maintain the internal control framework, and to ensure that resources are properly applied in the manner and on the activities intended. It is the responsibility of Internal Audit to form an independent opinion, based on reviews during the year, on the adequacy and effectiveness of the system of internal control.

Basis of opinion

The strategic and annual internal audit plans were prepared by the Chief Internal Auditor to take account of the characteristics and relative risks of the activities involved and were approved by the County Treasurer. The internal audit plan has been delivered in accordance with the Code of Practice for Internal Audit in Local Government in the United Kingdom, issued by CIPFA.

Work has been planned and performed so as to obtain all the information and explanations which were considered necessary in order to provide sufficient evidence to give reasonable assurance that the internal control system is operating effectively. However, this assurance can never be absolute. The most that the internal audit service can do is to provide reasonable assurance that there are no major weaknesses in the system of control.

Opinion

In my opinion Hampshire County Council has an appropriate framework of control that provides reasonable assurance regarding the effective, efficient and economic achievement of the County Council's objectives. Audit testing has shown that the controls are working in practice with some specific exceptions.

Ejner Knudsen

Chief Internal Auditor

County Treasurer's Department

Hampshire County Council

28 June 2006

Appendix B

Audit background

1 Scope of internal audit

1.1 The Chief Internal Auditor is required to provide the County Council with an assurance on the system of internal control of the County Council. The opinions provided for each department will contribute to this overall assurance. It should be noted, however, that this assurance can never be absolute. The most that the internal audit service can do is to provide reasonable assurance that there are no major weaknesses in the system of control. In assessing the level of assurance to be given the following have been taken into account:

· all audits completed during 2005/06, including those audits carried forward from 2004/05

· any follow up action taken in respect of audits from previous periods

· any significant recommendations not accepted by management and the consequent risks

· the effects of any significant changes to the County Council's objectives or systems

· the quality of internal audit's performance

· the proportion of the County Council's audit plan that has been covered to date

· the extent to which resource constraints may limit the ability to meet the full audit plan of the County Council

· any limitations that may have been placed on the scope of internal audit.

2 Audit service quality

2.1 The service we provide is designed to ensure compliance with the standards for internal audit promulgated by the CIPFA Code of Practice for Internal Audit in Local Government in the United Kingdom 2003. The standards cover the following areas:

Organisational standards

· scope of internal audit

· independence

· audit committees or equivalent

· relationships with management, other auditors and other review bodies

· staffing, training and development

Operational standards

· audit strategy

· management of audit assignments

· due professional care

· reporting

· quality assurance.

2.2 Hampshire Audit Services is registered under ISO9001, the international quality management standard and we have developed comprehensive procedures to ensure that all audits are conducted to the required standard. In particular, the audit outline is approved, before site work commences, by the Audit Manager, who also reviews each draft and final report before it is issued to ensure that all key controls have been properly evaluated and that adequate audit evidence has been obtained to support the findings.

2.3 We also have Investors in People accreditation which ensures that the training and development needs of all our staff are reviewed on an annual basis as part of our performance development scheme and a detailed training and development programme is planned, delivered and evaluated each year.

2.4 Our quality assurance programme includes:

· annual service improvement planning, using appropriate management tools to challenge our approach;

· annual benchmarking with other local authority internal audit providers to compare the efficiency, effectiveness and economy of our services;

· a three year rolling programme of quarterly reviews of a sample of completed files and reports and management processes to ensure consistency in approach and compliance with professional standards and quality procedures. Issues raised are discussed by the Section's management team and follow up action is monitored by the Quality Manager;

· quarterly review of performance indicators reported to the County Treasurer's management team.

2.5 Whilst identifying some opportunities for continuous development, the results of the quality assurance programme confirm that we substantially comply with the requirements of the Code of Practice.

2.6 In addition, our work is subject to annual review by Hampshire County Council's external auditors who continue to rely on our work to support their audit opinion.

3 Audit needs

3.1 A risk assessment was undertaken for the 2005/06 audit plan, which involved an analytical review of data relating to each department including: size of budgets, content of committee reports or committee decisions, previous audit findings and consultation with departmental management to ensure the audit plan addressed the key risks facing each department.

A summary of audit days delivered during 2005/06 is provided in Table 1.

Table 1 - Summary of audit days delivered (2005/06)

Detail	2005/06 days	days
Days carried forward from 2004/05		674
Audit plan agreed by County Treasurer	3265
Variations to the plan	-86
Revised plan at the year end		3179
		3853
Total days delivered including delivery of carry forward audits		3496
Days carried forward to 2006/07		357

3.2 The audit plan was revised during the year to 3179 days. The original and revised audit plans are shown at Appendix E.

3.3 Changes made to the plan reflect the following:

· changes to the scope of individual assignments following the results of initial risk assessment and review

· new areas requiring review being highlighted during the year

· an increase in time required to follow up significant issues raised

· time saving achieved on individual reviews

· the postponement of audits following a reassessment of risk across the County Council audit plan.

3.4 The carry forward days relate to audits where a draft was issued and awaiting management response or where testing was still in progress as at 31 March. For all audits carried forward from 2004/05 and completed during 2005/06, an audit opinion is provided as part of the 2005/06 annual audit opinion.

3.5 The results of 20 reviews started in 2005/06, are not included in the 2005/06 annual internal audit opinion as they were still in progress at the end of the year. The results of these reviews will be included in our 2006/07 opinion.

3.6 No limitations were placed on the scope of our work during the year.

4 Audit approach

4.1 We examined systems operating to achieve objectives set by management in each of the areas detailed in Appendix E. We are not aware of any significant changes to any of the systems reviewed since our work was conducted. However, during 2005/06, as a result of restructuring of several County Council departments, there has been a significant change to staff and their respective responsibilities. The impact of these changes will be assessed as part of our ongoing audit work during 2006/07.

4.2 Our work has been carried out using a systems based audit approach. This covers the internal control systems of the County Council and during the conduct of our work, particular attention was given to arrangements established to ensure:

· financial control

· safeguarding of assets to reduce exposure to theft or fraud

· compliance with the County Council's policies, procedures, laws and regulations

· the integrity and reliability of information and data

· value for money.

4.3 An implicit part of our systems based audit approach is an evaluation of the controls in place to prevent and detect fraud and we perform sufficient audit testing to confirm that controls are working in practice.

5 Audit liaison

5.1 Staff within the departments have been co-operative and helpful during audits, and have worked with us to ensure that audits have been timed to suit both parties.

5.2 In most departments, management responses have been timely and have addressed the issues raised. In particular, we noted marked improvement in the timeliness of responses received from schools and the IT Services department compared to the position reported in last year's annual report.

5.3 Audit Appraisal Questionnaires (AAQs) have been received from 80 of the audits completed before 31 March 2006, with an average satisfaction score of 95.7% This confirms that there continues to be a good working relationship between Internal Audit and County Council staff.

5.4 2005/06 has seen the further development of liaison between Internal Audit and County Council staff, for example:

· at the request of the Adult Services department, we were involved in training sessions for staff who undertake internal inspection visits to care homes. In addition to this a presentation was made to Service Managers to update them on current audit findings

· 2005/06 has seen the continuation of the liaison between Internal Audit and Education Financial Services, which is of real value to both teams. Our quarterly audit plans are also shared with key clients in the Children's Services department. Notably, we have continued to develop our liaison with HIAS and now attend Local Leadership Team meetings at Havant, Fleet and Bartley termly to exchange information. These meetings have enabled us to refine our risk assessments for individual schools and in several instances have influenced the scope of our onsite audit work. We have also attended a significant number of Administration Officer network meetings to discuss arrangements for reporting concerns at work and the introduction of the Financial Management Standard in Schools

· in the County Treasurer's department, we have contributed to the pensions business process innovation workshops and we have also continued to be represented at the Corporate Accounting Forum, and the Accounting Network.

This liaison is of real value to both Internal Audit and departmental staff and helps to promote good and consistent practice.

Appendix C

Audit opinion definitions: