Another emerging requirement of the CPA process is for the County Council to have undertaken an assessment of its Anti-Fraud and Corruption arrangements against the recently issued CIPFA guidance document entitled "Managing the Risk of Fraud". Despite only being published in the Autumn of 2006 as "guidance" it does seem that in common with other advice on the management of local authorities, it has been incorporated into the current inspection regime with a somewhat unrealistic expectation of retrospective action.
The Governance Committee is invited to consider whether it wishes to change its policy in respect of the two issues relating to publicity and statistical reporting, or any other element of the Anti-Fraud and Corruption Strategy at this stage.
Although this guidance has been issued by CIPFA it is not specific to local authorities - indeed a large contribution seems to have drawn on practice within the NHS. It is conceded that some local authorities may suffer more significant levels of fraud and therefore require more robust procedures but the guidance does propose a much more structured approach than is currently operating within Hampshire County Council. A detailed self-assessment follows and is numbered according to the checklist provided with the guidance.
1 Strategic approach |
|
|
1.1 Does the organisation have a counter fraud and corruption strategy that can be clearly linked to the organisation's overall strategic objectives? |
|
Yes - the Corporate Anti Fraud and Corruption Strategy was approved by the Governance Committee in March 2005 and is supported by a comprehensive set of policies. |
1.2 Is there a clear remit to reduce losses to fraud and corruption to an absolute minimum covering all area of fraud and corruption affecting the organisation? |
|
Yes - that is the stated purpose of the policy and is incorporated into the Internal Audit Strategy, and also the Terms of Reference for Internal Audit agreed with the Governance Committee in March 2006. |
1.3 Are there effective links between `policy' work (to develop an anti-fraud and corruption and `zero tolerance' culture, create a strong deterrent effect and prevent fraud and corruption by designing and redesigning policies and systems) and `operational' work (to detect and investigate fraud and corruption and seek to apply sanctions and recover losses where it is found)? |
|
Yes - the link is through the Governance Committee which is served by regular reports from Internal Audit, Monitoring Officer and External Audit. These updates also include progress reports on irregularities from Internal Audit. As a practical example, during 2006 internal audit worked with the Children's Services dept. to restate the expectations of schools' financial management standards and conduct following the discovery of malpractice by several headteachers involving off-site activity, and the requirement for the disclosure of any additional earnings for retention by the school. |
1.4 Is the full range of integrated action being taken forward or does the organisation `pick and choose'? |
|
No - `pick and choose' as appropriate but Internal Audit risks are all covered within a 3 year strategy. |
1.5 Does the organisation focus on outcomes (ie. reduced losses) and not just activity (ie. the number of investigations, prosecutions, etc.)? |
|
Both are reported to the Governance Committee within the progress and year end/annual reports, and in particular the successful recovery of losses in accordance with the policy. |
1.6 Has the strategy been directly agreed by those with political and executive authority for the organisation? |
|
Yes - it is a corporate policy of the whole County Council and the Governance Committee reports to both County Council and the Executive as appropriate. |
2 Measuring fraud and losses |
|
|
2.1 Are fraud and corruption risk considered as part of the organisation's strategic risk management arrangements? |
|
Yes - management of the risk of Fraud and Corruption is incorporated in the Corporate Strategy for Managing Risk 2007-2010. The audit risk assessment is also matched to the strategic risk recorded on the linked audit and risk modules of the MK Insight system recently implemented. As controls are tested by internal audit both records will be automatically updated. |
2.2 Is the organisation seeking to identify accurately the nature and scale of losses and fraud and corruption, using a: |
|
|
|
|
Definitions - yes, in all the policy documents. |
· Professional statistical methodology for making accurate estimates and building in a proper level of independent validation?
|
|
Statistics and independent validation - no, although losses from actual cases investigated are properly evaluated at an individual level and used in accordance with the subsequent efforts to secure recovery. |
2.3 Does the organisation use accurate estimates of losses to make information judgements about levels of budgetary investment in work to counter fraud and corruption. |
|
Accurate estimates are not made or published but reliance is placed on the risk assessment from Internal Audit. For the purposes of predicting potential levels of fraud it has not been demonstrated what added value arises from such estimates ( which may imply an acceptable minimum ) particularly when resources are already effectively deployed on deterrence and prevention. |
3 Authority and support |
|
|
3.1 Do those tasked with countering fraud and corruption have the appropriate authority needed to pursue their remit effectively, linked to the organisation's counter fraud and corruption strategy? |
|
Yes - within Financial Regulations and the approved Terms of Reference for Internal Audit. |
3.2 Is there strong political and executive support for work to counter fraud and corruption? |
|
Yes - through the Governance Committee whose constitution includes the leaders of all 3 political parties. |
3.3 Is there a level of financial investment in work to counter fraud and corruption that is proportionate the risk that has been identified? |
|
Yes - Internal Audit recommendations are agreed and additional staff resources were provided in 2006/07 to deal with an exceptional workload. |
|
|
|
3.4 Are all those working to counter fraud and corruption professionally trained and accredited for their role? |
|
Yes - Internal Audit is professionally led and investigators specially trained (specialist qualifications are also under consideration). |
3.5 Do those employees who are trained and accredited formally review their skills base and attend regular refresher courses to ensure they are abreast of new developments and legislation? |
|
Yes - as part of the annual review of learning needs for all audit staff. |
3.6 Are all those working to counter fraud and corruption undertaking this work in accordance with a clear ethical framework and standards of personal conduct? |
|
Yes - the Investigators Code of Conduct ( approved in April 2007 by the Governance Committee ) is part of the Anti Fraud and Corruption Strategy and incorporates all standards and procedures to be followed by staff. |
|
|
|
3.7 Is an effective propriety checking process - implemented by appropriately trained staff - in place that includes appropriate action where individuals fail the check? |
|
Yes - CRB policy recently updated with new procedures to underpin compliance. |
3.8 Does the organisation regularly review its propriety checks and are random checks carried out to ensure that it is implemented? |
|
Yes - all are subject to periodic 1A compliance checks. |
|
|
|
3.9 Are there framework agreements in place to work with other organisations and agencies? |
|
No formal agreements but regular interaction through groups CCAN, HCCIAG, HIAG and also NAFN,NFI. |
3.10 Are the framework agreements focussed on the practicalities of common work? |
|
Regular exchanges of information. |
3.11 Are there regular meetings to implement and update these agreements? |
|
Regular meetings and exercises (such as NFI). |
4 Taking the full range of action and integrating different strands |
|
|
4.1 Is the organisation undertaking the full range of necessary action (see also 1.3)? |
|
Yes - Internal Audit plans include proactive work and monitoring changes in risk. |
Culture, deterrence and prevention of framework
|
|
|
4.2 Does the organisation have a clear programme of work attempting to create a real anti-fraud and corruption and zero tolerance culture (including strong arrangements to facilitate whistleblowing)? |
|
Yes - updates are provided through dedicated training events and also at induction/staff briefing sessions. The corporate policies are also available on the website and intranet, including Reporting Concerns at Work with extensive contact details. |
4.3 Are there clear goals for this work (to maximise the percentage of staff and public who recognise their responsibilities to protect the organisation and its resources)? |
|
Improving levels of awareness (which are tested through corporate governance reviews but not expressed as specific numeric targets). The Statement of Internal Control action plan requires further investment in training and communications from 2006/07 to secure continual improvement in awareness levels as evidenced through annual testing in the audit of corporate governance. |
4.4 Is this programme of work being effectively implemented? |
|
Yes - prompted by corporate governance work and the need to provide evidence for external inspection (CPA). |
4.5 Are there arrangements in place to evaluate the extent to which a real anti-fraud and corruption culture exists or is developing throughout the organisation? |
|
Yes - through monitoring both incidence and awareness levels. For example, an interruption of the historically low incidence of irregularities in schools was detected early in 2005/06 and dealt with promptly through investigation, review of policies, and follow up. We are now seeing a return to previous lower numbers of incidents. |
4.6 Are agreements in place with stakeholder representatives to work together to counter fraud and corruption? |
|
No stakeholder agreements as such but in practice co-operation has not been a problem and the introduction of governance arrangements for partnerships has formalised accountability and rights of access. |
4.7 Have arrangements been made to ensure that stakeholder representatives benefit form successful counter fraud and corruption work? |
|
No, other than the benefits from reviewing policy and procedures post investigation. |
|
|
|
4.8 Does the organisation have a clear programme of work attempting to create a strong deterrent effect? |
|
No - current policy reflects the view that publicity would have negative impact on culture and reputation whilst incidence is low and reporting is effective. |
4.9 Does the organisation have a clear programme of work to publicise the: |
|
Not specifically ( but see comments below ). Any benefits from additional publicity would be difficult to measure in terms of reducing an already low number of cases. |
|
|
The policy is quite explicit about the County's intolerance of fraud and corruption, and the duty of all staff to report any suspicions. |
|
|
The annual internal audit report has to be relied on as a source of assurance in preparing the SIC. The report will also provide data on the total numbers of investigation undertaken compared to previous years. |
|
|
Included in the Investigators Code of Conduct and operating procedures, and involves the use of technology and specialist systems where appropriate (eg Forensic audit services) . |
· Professionalism of those investigating fraud and corruption and their ability to uncover evidence;
|
|
Conduct is specified in the code and training dedicated to fraud investigation provided to staff involved. |
|
|
Prosecutions and Recovery policy is part of the Anti Fraud and Corruption Strategy approved by the Governance Committee and sets clear expectations for every proven case. |
|
|
Again, targets are set within the policy for maximum recovery where possible. |
4.10 Has the organisation successfully publicised work in this area? |
|
No - although after updating the expectations of conduct in schools financial management during 2006 no new problems have been reported. |
4.11 Has the publicity been targeted at the areas of greatest fraud losses? |
|
No - the largest cases have tended to generate sufficient publicity from the early stages of investigation due to suspensions, up to the point of prosecution in the courts. |
|
|
|
4.12 Does the organisation seek to design fraud and corruption out of new policies and systems and to revise existing ones to remove apparent weaknesses? |
|
Yes - Internal Audit is consulted on system changes. |
4.13 Do concluding reports on investigations include a specific section on identified policy and systems weaknesses that allowed the fraud and corruption to take place? |
|
Yes - action is recommended where appropriate, although examples of inherent weaknesses are very infrequent due to the frequency of review and testing. |
4.14 Is there a system for considering and prioritising action to remove these identified weaknesses? |
|
Yes - timetable is agreed to follow up implementation of recommendations. |
|
|
|
4.15 Are there effective `whistleblowing' arrangements in place? |
|
Yes - evidenced by the rarity of any longstanding fraud /corruption cases which eventually come to light and ought to have been detected earlier by other means. |
4.16 Are analytical intelligence techniques used to identify potential fraud and corruption? |
|
Yes - where appropriate to the proactive detection programme. |
4.17 Are there effective arrangements for collating, sharing and analysing intelligence? |
|
Yes - through NAFN, NFI and audit groups. |
4.18 Are there arrangements in place to ensure that suspected cases for fraud or corruption are reported promptly to the appropriate person for further investigation? |
|
Yes - detailed procedures in place and available on the website/intranet ( see Reporting Concerns at Work ) . |
4.19 Are arrangements in place to ensure that identified potential cases are promptly and appropriately investigated? |
|
Yes - detailed procedures in place within the Investigators Code of Conduct and also the Internal Audit manual.. |
4.20 Are proactive exercises undertaken in key areas of fraud risk or known systems weaknesses? |
|
Yes - part of the internal audit strategy and plan. The 2006/07 audit plan earmarked specific resources and work programmes designed to detect fraud in higher risk areas using additional targeted sampling . |
|
|
|
4.21 Is the organisation's investigation work effective? |
|
Yes - and progress is controlled through a central record of irregularities and the action taken. |
4.22 Is it carried out in accordance with clear guidance? |
|
Yes - procedures in place as part of the Investigators Code of Conduct. |
4.23 Do those undertaking investigations have the necessary powers, both in law, where necessary, and within the organisation? |
|
Yes - Part of policy. |
4.24 Are referrals handled and investigations undertaken in a timely manner? |
|
Yes - afforded a high priority within internal audit ( other work is rescheduled where necessary ). |
4.25 Does the organisation have arrangements in place for assessing the effectiveness of investigations? |
|
Yes - onward reporting to Treasurers Management Team, Governance Committee and Monitoring Officer. Review by External Audit. |
|
|
|
4.26 Does the organisation have a clear and consistent policy on the application of sanctions where fraud or corruption is proven to be present? |
|
Yes - specific policy in place for Prosecutions and Recovery. |
4.27 Are all possible sanctions - disciplinary/regulatory, civil and criminal - considered? |
|
Yes - covered by the specific policy and all sanctions are considered to be available for use. |
4.28 Does the consideration of appropriate sanctions take place at the end of the investigation when all the evidence is available? |
|
Yes - includes consultation with departments and any other stakeholders as appropriate including the Monitoring Officer. Needed to ensure consistency across the authority. |
4.29 Does the organisation monitor the extent to which the application of sanctions is successful? |
|
Not formally. |
|
|
|
4.30 Does the organisation have a clear policy on the recover of losses incurred to fraud and corruption? |
|
Yes - policy in place with Prosecution and Recovery. |
4.31 Is the organisation effective in recovering any losses incurred to fraud and corruption. |
|
Yes and reported by internal audit to the Governance Committee on completion. |
4.32 Does the organisation use the criminal and civil law to the full in recovering losses? |
|
Yes - where it is appropriate (probably not to the full - costs and prospects for success are taken into account). |
4.33 Does the organisation monitor proceedings for the recovery of losses? |
|
No - usually subject to externally driven timetable for legal and/or disciplinary process. |
4.34 What is the organisation's successful recovery rate? |
|
Not measured but considered satisfactory in the most important cases. |
|
|
|
5 Are there clear outcomes described for work to counter fraud and corruption? |
|
No - not specific/apart from maintaining a low incidence. |
5.1 Do the desired outcomes relate to the actual sums lost to fraud and corruption? |
|
No - not measured. |
The above analysis indicates that the County Council's present arrangements are effective in most areas in that appropriate policies are in place, monitored for compliance regularly, and help to maintain a comparatively low incidence of fraud.
There are two main gaps however, which involve the extent to which publicity is used as a deliberate policy, and the measurement of fraud on a statistical basis. When irregularities do occur then it is inevitable that normal publicity has to be managed but a deliberate escalation beyond this level has been considered a disproportionate response and detrimental to the authority's reputation. Similarly, the application of crude statistical measures to each event as a method of estimating the potential "losses" can easily be taken out of context, misrepresent the actual position, and also damage the credibility of the County Council.
The following documents discuss facts or matters on which this report, or an important part of it, is based and have been relied upon to a material extent in the preparation of this report.
1. Published works
2. Documents which disclose exempt or confidential information as defined in the Act.
(Quote list of documents here: either "none" if 1 or 2 above apply; or list the relevant letters, memos, etc and their location).
