Contact: Ejner Knudsen, ext 7403, email [email protected]

1 Introduction

1.1 This report summarises:

· Progress against the Hampshire County Council's internal audit plan for 2006/07.

· An update on action taken by management to address the issues raised in the Hampshire County Council annual internal audit opinion for 2005/06.

· Significant matters arising from 2006/07 internal audit work.

· Priorities for the remainder of 2006/07.

1 Progress against the internal audit plan for 2006/07

1.1 The 2006/07 internal audit plan was prepared in line with the updated internal audit strategy that was approved by the Governance Committee in March 2006. The original plan totalled 3704 days and, in addition, 333 days of work in progress was carried forward from last year. Just under half the year's plan has been delivered to date as shown in table 1 below.

Table 1 - summary of audit days delivered 1 April 2006 to 30 September 2006

1.2 There has been a great deal of pressure on resourcing the internal audit delivery over the last two years, both in terms of available days and the staff mix required. This is due to the impact of ongoing long term sickness, the increased incidence of reported fraud and irregularity cases as well as the impact of agreed changes to the audit strategy.

1.3 The result of this is that resources have been redistributed to cover the higher risk areas. The 2006/07 plan was prepared on the basis of assessed audit need and additional resources were approved by members and the County Treasurer to address the pressure and enable us to further develop our approach to proactive fraud detection, governance issues and value for money.

1.4 Exceptional levels of sickness have continued into 2006/07 and plans are regularly reviewed to ensure that the necessary level of assurance can be provided.

1.5 A summary of the audit opinions given to date for each department is included in Appendix A.

2 Action taken by management to address the issues raised in the Hampshire County Council annual internal audit opinion for 2005/06

2.1 The 2005/06 annual internal audit opinion reported to members of the Governance Committee in July 2006, raised new or ongoing concerns in the following areas:

· Adult Services budget

· Pay and Benefits project

· CRB checks

· SAP access controls

· Computer Suite/Business Continuity

· VAT

· Information Security management

· Irregularities.

2.2 The 2006/07 internal audit plan includes time to follow-up these issues and work is in progress in some areas. However, an update on progress is summarised below and the full results of follow-up work will be included in the annual internal audit opinion which will be presented to members in June 2007.

Adult Services budget

2.3 The 2005/06 annual internal audit report raised concerns over the effectiveness of the analysis and the reporting of results and the escalation process with regards to the significant budget pressures.

2.4 We have been working closely with the department to review action taken in establishing a recovery plan and improved monitoring processes. We have agreed a schedule of five budgetary control reviews during 2006/07, the first of which has commenced with the remaining four reviews due for completion by 31 December 2006.

2.5 Our understanding is that a significant amount of work has been done by the department to secure a gradual reduction in the predicted overspend for 2006/07.

Pay and Benefits project

2.6 Our 2005/06 annual report highlighted a lack of consistency in the approaches taken by departments to checking the information supplied by the Pay and Benefits Project team and significant variations in the extent and evidencing of checking undertaken. We have been working closely with the Pay and Benefits Project team to ensure that our audit work is carried out to give assurance at key stages of the implementation timetable. Our testing so far this year has shown an improvement in the consistency and extent of checking that departments are undertaking on the data supplied by the Pay and Benefits Project team. Further audit work will be carried out in quarter three to ensure the continued consistency of approach across all departments.

CRB checks

2.7 Our 2005/06 report highlighted that a draft CRB policy had been produced. This is still in draft form and Chief Officers are currently being consulted on the specific arrangements for their departments. The policy is not likely to be approved until January 2007 and we therefore plan to review CRB procedures during quarter four.

2.8 Our 2005/06 report also highlighted some concerns with CRB checks for voluntary and contract workers. Audit testing on Adult Services voluntary drivers has confirmed that progress has been made and that CRB checks are now being carried out.

2.9 We also reported concerns regarding the controls relating to the checking of residential providers before inclusion on the Children and Families Purchasing database. Audit work in this area is planned for quarter four.

SAP access controls

2.10 Over the last two years, concerns have been raised about the process of requesting access to SAP. Significant work has been done over the last twelve months to improve the process of requesting and granting access to departmental staff.

2.11 However, we remain concerned about the number of powerful SAP access rights which are still not being adequately monitored and controlled. We are working closely with IT Services to provide advice and support as required to secure further improvement in access controls.

2.12 A further audit review of SAP access controls is planned for January 2007.

Computer Suite

2.13 We carried out follow up work which showed that the majority of our recommendations have been implemented, or are in progress. A business case has been made for a recovery site, to enable the continuation of IT provision in the event of unavailability of the Elizabeth II Court computer suite and a decision on the way forward is currently awaited.

Business Continuity

2.14 A Corporate Business Continuity Advisor has been appointed and work is ongoing to develop a corporate business continuity policy. There has been little progress made on the development of business continuity plans at section/team level, however we are told that work is now under way.

VAT

2.15 During 2005/06 concerns were raised regarding the validity of some VAT invoices raised by County Council departments due to limited information recorded regarding the type of supply and VAT category applied. Training has been given to appropriate staff and an exception report has been requested for use by Corporate Finance, which should identify potential issues in the future.

Information Security management

2.16 Two members of IT Services staff have been temporarily holding a watching brief on security matters, including the Security Managers Group (SMG), pending an appointment to the full time security role in IT Services. An appointment to this role has been made with effect from 4 October 2006, and the new postholder will be chairing SMG. We hope that this permanent appointment will improve the effectiveness of SMG and we will review this as part of our audit work during 2006/07.

3 Significant matters arising from 2006/07 internal audit work

3.1 Details of the main issues identified between April and September 2006 are given in appendix B which is not for publication by virtue of Paragraph 3 of Part 1 of Schedule 12A to the Local Government Act 1972 as it is likely, in view of the nature of the business to be transacted or the nature of the proceedings, that if members of the public were present there would be disclosure to them of exempt information relating to the financial or business affairs of any particular person (including the County Council as holder of that information) arising from investigations undertaken by Internal Audit. Appropriate action has been agreed by relevant managers to address these issues and progress is being monitored.

Direct Payments

3.2 We identified that there is an incomplete framework of control over payments made to Adult Services' clients for purchasing care. Whilst there are procedures and guidance notes in place these are not embedded into the department and audit testing identified a number of irregularities which have been investigated, leading to repayment in one case so far.

3.3 The procedures and guidance notes were put into place after the last audit and the direct payments finance team was introduced, however the majority of the findings are the same as they were at the previous audit.

Irregularities

3.4 Eighteen new cases of potential irregularity were reported during the first half of 2006/07. This mostly occurred in the first quarter, with a significant reduction in reporting during the second quarter of the year (39 cases were reported during 2005/06). Work commenced on new cases and continued for irregularities reported last year, with three cases currently going through the courts. This included a guilty plea from the former admin officer of Front Lawn Junior School who has been ordered to repay £48,472 in respect of payments received following the manipulation of payroll records and this has featured in press reports.

3.5 Of the irregularities investigated since our annual report was produced, five relate to the misuse of direct payments for care made to Adult Services' clients, as indicated in paragraph 4.2. Two have related to the inappropriate use of laptops at schools.

3.6 Proactive fraud detection work has also commenced and data collection is in progress for the 2006 National Fraud Initiative data matching exercise. Results for this are expected in March 2007, when potential matches will be risk assessed and investigated.

4 Priorities for the remainder of 2006/07

4.1 During the first half of the financial year internal audit work mainly focused on completing work in progress from 2005/06, irregularity investigations, establishment visits and some departmental systems. During the second half of the year internal audit attention will turn to key financial systems reviews. This is to allow audit samples to be drawn from a greater number of transactions. This work will include the central payroll, creditors, debtors and pensions payroll systems.

4.2 In line with the internal audit strategy and other reports to members on monitoring compliance with the Code of Corporate Governance, internal audit work will be carried out during the period October 2006 to March 2007 in order to provide an opinion on the effectiveness of corporate governance and the extent of compliance in departments and the County Council as a whole. The scope of this work will include risk management, crime and disorder, organisational structure and value for money. The results of this work will be included in the annual internal audit opinion for 2006/07 which will be presented to members in July 2007.

5 Audit Commission - Annual Governance Report 2005/06

5.1 At its meeting on the 27 September 2006 the Committee considered the Annual Governance Report for 2005/06 presented by the Audit Commission. Only three recommendations were made and the proposed formal response and implementation plan is attached at Appendix B, which the Committee is asked to approve.

6 Recommendations

6.1 That the Governance Committee notes the progress of internal audit work during 2006/07 and notes the key issues arising from that work.

6.2 That the proposed responses to the Audit Commissions recommendations from the Annual Governance Report be approved.

Section 100 D - Local Government Act 1972 - background papers

The following documents disclose facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of this report.

NB the list excludes:

Published works.

Documents which disclose exempt or confidential information as defined in the Act.

TITLE FILE

None

Appendix A

Internal audit opinions for work delivered between April 2006 and September 2006

Audit opinion definitions