Archived decisions

SELF ASSESMENT RED BOOK 2

APPENDIX A

Note: An Audit Committee has been in operation since June 2009. Prior to that the work of the Audit Committee was undertaken by the Governance Committee

Key Elements of Strategic Approach

1. Does the organisation have a counter fraud and corruption strategy that can be clearly linked to the organisation's overall strategic objectives?

    Yes -the Corporate Anti Fraud and Corruption Strategy was approved by the Governance Committee in March 2005 and is supported by a comprehensive set of policies. It links to all strategic objectives due to the significance of audit to the good governance of the County Council

2. Is there a clear remit to reduce losses to fraud and corruption to an absolute minimum covering all areas of fraud and corruption affecting the organisation?

    Yes - that is the stated purpose of the policy and is incorporated into the Internal Audit Strategy, and also the Terms of Reference for Internal Audit agreed with and regularly reviewed by the Governance Committee with the last review being undertaken in March 2009.

3. Are there effective links between `policy' work (to develop an anti-fraud and corruption and `zero tolerance' culture, create a strong deterrent effect and prevent fraud and corruption by designing and redesigning policies and systems) and `operational' work (to detect and investigate fraud and corruption and seek to apply sanctions and recover losses where it is found)?

    Yes - the link is through the Audit Committee which is served by regular reports from Internal Audit, Monitoring Officer and External Audit. These updates also include progress reports on irregularities from Internal Audit. The Audit Committee authorises the audit strategy and its allocation of audit resources.

4. Is the full range of integrated action being taken forward or does the organisation `pick and choose'?

    As a practical example, internal audit has, in the light of irregularities identified in schools, worked with the Children Services Department since 2006 to produce Statements of Financial Expectations which have been issued to all schools. This document is reviewed and updated annually and issued to all Headteachers and Chairs of Governors.

5. Does the organisation focus on outcomes (ie. reduced losses) and not just activity (ie. the number of investigations, prosecutions, etc.)?

    Both are reported to the Audit Committee within the mid year progress and year end/annual reports, and in particular the successful recovery of losses in accordance with the policy. The key aim of the County Council is to reduce fraud and to achieve real, tangible results in terms of improved public confidence and reduced losses.

6. Has the strategy been directly agreed by those with political and executive authority for the organisation?

    Yes, it is a corporate policy of the whole County Council and the Audit Committee reports to both County Council and the Executive as appropriate.

Measuring Fraud and corruption losses

7. Are fraud and corruption risk considered as part of the organisation's strategic risk management arrangements?

    Yes - management of the risk of Fraud and Corruption is incorporated in the Corporate Strategy for Managing Risk 2007-2010.

8. Is the organisation seeking to identify accurately the nature and scale of losses to fraud and corruption?

    Yes - seek to quantify losses wherever possible and also undertaken through the National Fraud Initiative (NFI) data matching exercise.

9. Does the organisation use accurate estimates of losses to make information judgements about levels of budgetary investment in work to counter fraud and corruption.

    Yes, such assessments underlay the formation of the separate fraud team in Internal Audit from the Autumn 2005. Since that time there has been no significant change to the workload and resource requirements of the team and the work undertaken is considered sufficient to support the annual internal audit opinion.

Having the necessary authority and support

10. Do those tasked with countering fraud and corruption have the appropriate authority needed to pursue their remit effectively, linked to the organisation's counter fraud and corruption strategy?

    Yes - within Financial Regulations and the approved Terms of Reference for Internal Audit.

11. Is there strong political and executive support for work to counter fraud and corruption?

    Yes - through the Audit Committee whose constitution includes representatives of the two main political parties.

12. Is there a level of financial investment in work to counter fraud and corruption that is proportionate to the risk that has been identified?

    Yes - a dedicated fraud team is in existence in the internal audit section and additional support can be provided from within the section if the workload requires it.

Specialist training and accreditation

13. Are all those working to counter fraud and corruption professionally trained and accredited for their role?

    Yes - Internal audit is professionally led by managers who are CIPFA or IIA (Institute of Internal Auditors) qualified. The Senior Auditor on the fraud team obtained the CIPFA Certificate in Investigative Practice (CCIP) last year and it is anticipated that the new Audit Manager for the Investigations team will undertake the same training in the next year.

14. Do those employees who are trained and accredited formally review their skills base and attend regular refresher courses to ensure they are abreast of new developments and legislation?

    Yes - as part of the annual review of learning needs for all audit staff. The Senior Auditor also regularly attends Better Governance Forum seminars on fraud to keep abreast of current issues.

15. Are all those working to counter fraud and corruption undertaking this work in accordance with a clear ethical framework and standards of personal conduct?

    Yes - the Investigators Code of Conduct ( approved in April 2007 by the Governance Committee ) is part of the Anti Fraud and Corruption Strategy and incorporates all standards and procedures to be followed by staff.

Propriety checks

16. Is an effective propriety checking process:

    - implemented by appropriately trained staff?

      - in place that includes appropriate action where individuals fail the check?

    Yes - Pre-employment screening of staff is carried out - includes references, qualifications, identity, Criminal Records Bureau checks.

17. Does the organisation regularly review its propriety checks and are random checks carried out to ensure that it is implemented?

    Yes - For example the CRB policy is reviewed annually. The policy is currently under review due to the introduction of the Independent Safeguarding Authority.

Developing effective relationships with other organisations

18. Are there framework agreements in place to work with other organisations and agencies?

    A Memorandum of Understanding in respect of computer forensics is in place with the New Forest District Council. There is regular liaison with other groups such as the County Chief Auditors Network (CCAN), Home Counties Chief Internal Auditors Group (HCCIAG), Hampshire Fraud Group, National Anti-Fraud Network and National Fraud Initiative takes place. Advice is also sought from Hampshire Police as and when this is felt necessary.

19. Are the framework agreements focussed on the practicalities of common work?

    Agreement highlighted above with New Forest District Council purely relates to the forensic examination of laptops and computers.

20. Are there regular meetings to implement and update these agreements?

    Head of Audit from New Forest District Council attends the quarterly Hampshire Fraud Group meetings.

Taking the full range of action and integrating different strands

21. Is the organisation undertaking the full range of necessary action (see also 1.3 and 1.4)?

    Yes - A holistic approach is used incorporating action on deterrence, prevention, detection, investigation and sanctions. Training and advice is also provided.

Taking actions to tackle the problem - Culture

22. Does the organisation have a clear programme of work attempting to create a real anti-fraud and corruption and zero tolerance culture (including strong arrangements to facilitate whistleblowing)?

    Yes - updates are provided through dedicated training events and also at induction/staff briefing sessions. It is also anticipated that fraud awareness workshops will be delivered over the next year as part of the Corporate Training Programme. The corporate policies are also available on the website and intranet, including Whistleblowing with extensive contact details.

23. Are there clear goals for this work (to maximise the percentage of staff and public who recognise their responsibilities to protect the organisation and its resources)?

    Improving levels of awareness (which are tested through corporate governance reviews but not expressed as specific numeric targets). Internal audit annual report recognises the need for further awareness training for staff members.

24. Is this programme of work being effectively implemented?

    Yes - prompted by corporate governance work and the need to provide evidence for external inspection (CPA).

25. Are there arrangements in place to evaluate the extent to which a real anti-fraud and corruption culture exists or is developing throughout the organisation?

    Yes - monitoring awareness through corporate governance reviews. For example, an interruption of the historically low incidence of irregularities in schools was detected early in 2005/06 and dealt with promptly through investigation, review of policies and follow-up. We are now seeing a return to the previous lower number of incidents.

26. Are agreements in place with stakeholder representatives to work together to counter fraud and corruption?

    No stakeholder agreements as such but in practice co-operation has not been a problem and the introduction of governance arrangements for partnerships has formalised accountability and rights of access.

27. Have arrangements been made to ensure that stakeholder representatives benefit from successful counter fraud and corruption work?

    No, other than the benefits from reviewing policy and procedures post investigation.

Taking action to tackle the problem - Deterrence

28. Does the organisation have a clear programme of work attempting to create a strong deterrent effect?

    Yes, a pro-active counter fraud programme is developed and undertaken each year. Investigations Team have carried out presentations to staff raising awareness on areas such as identity fraud.

29. Does the organisation have a clear programme of work to publicise the:

Hostility of the honest majority to fraud and corruption;

    Not specifically ( but see comments below ) as there is some doubt about the benefits from additional publicity given the already low number of cases.

Effectiveness of preventative arrangements;

    The annual internal audit report feeds into the Annual Governance Statement. The report also provides data on the total numbers of investigation undertaken compared to previous years.

Sophistication of arrangements to detect fraud and corruption;

    In line with the Investigators Code of Conduct and operating procedures, and involves the use of technology and specialist systems where appropriate (eg Forensic Examination).

    Professionalism of those investigating fraud and corruption and their ability to uncover evidence;

    Conduct is specified in the code and training dedicated to fraud investigation is provided to staff involved.

Likelihood of proportionate sanctions being applied;

    Prosecutions and Recovery policy is part of the Anti Fraud and Corruption Strategy approved by the Governance Committee and sets clear expectations for every proven case.

Likelihood of losses being recovered?

    Again, targets are set within the policy for maximum recovery where possible.

30. Has the organisation successfully publicised work in this area?

    Yes - the annual updating of the Statement of Financial Expectations within schools and occasional press releases.

31. Has the publicity been targeted at the areas of greatest fraud losses?

    No - the largest cases have tended to generate sufficient publicity from the early stages of investigation due to suspensions, up to the point of prosecution in the courts.

Taking action to tackle the problem - Prevention

32. Does the organisation seek to design fraud and corruption out of new policies and systems and to revise existing ones to remove apparent weaknesses?

    Yes - Internal Audit is consulted on system changes. For example, internal audit has provided advice and support on potential control issues relating to the roll out of self directed support.

33. Do concluding reports on investigations include a specific section on identified policy and systems weaknesses that allowed the fraud and corruption to take place?

    Yes - a separate controls report is produced which identifies the system weaknesses that contributed towards the irregularity taking place in the first instance.

34. Is there a system for considering and prioritising action to remove these identified weaknesses?

    Yes - recommendations are ranked in order of priority, management responses and a timetable for action obtained. A timetable is agreed to follow up implementation of recommendations.

Taking action to tackle the problem - Detection

35. Are there effective `whistleblowing' arrangements in place?

    Yes - a number of suspected irregularities have been reported by individuals under the whistleblowing policy.

36. Are analytical intelligence techniques used to identify potential fraud and corruption?

    Yes, including through the National Fraud Initiative on data matching undertaken every two years.

37. Are there effective arrangements for collating, sharing and analysing intelligence?

    Yes - through National Anti-Fraud Network, National Fraud Initiative and audit fraud groups.

38. Are there arrangements in place to ensure that suspected cases for fraud or corruption are reported promptly to the appropriate person for further investigation?

    Yes - detailed procedures in place and available on the website/intranet ( see Whistleblowing Policy).

39. Are arrangements in place to ensure that identified potential cases are promptly and appropriately investigated?

Yes - detailed within the Investigation procedures manual.

40. Are proactive exercises undertaken in key areas of fraud risk or known systems weaknesses?

    Yes - A pro-active fraud plan has been developed based upon an assessment of known fraud risks. The audit strategy outlines the approach.

Taking action to tackle the problem - Investigation

41. Is the organisation's investigation work effective?

    Yes - and progress is controlled through a central record of irregularities and the action taken.

42. Is it carried out in accordance with clear guidance?

    Yes - Clear operating procedures are laid down within the Investigation procedures manual.

43. Do those undertaking investigations have the necessary powers, both in law, where necessary, and within the organisation?

Yes - Financial Regulations stipulate powers.

44. Are referrals handled and investigations undertaken in a timely manner?

    Yes - all referrals are logged and those that are subsequently investigated, following a formal risk assessment, are afforded a high priority within internal audit (other work is rescheduled where necessary).

45. Does the organisation have arrangements in place for assessing the effectiveness of investigations?

    Yes - onward reporting to Treasurer's Management Team, Monitoring Officer and Audit Committee. Review by External Audit. Client feedback is also sought for each investigation carried out.

Taking action to tackle the problem - Sanctions

46. Does the organisation have a clear and consistent policy on the application of sanctions where fraud or corruption is proven to be present?

Yes - specific policy in place for prosecutions and recovery.

47. Are all possible sanctions - disciplinary/regulatory, civil and criminal - considered?

    Yes - covered by the specific policy and all sanctions are considered to be available for use. Depending upon the investigation, the normal policy is to investigate to a criminal standard which requires the highest level of evidence possible.

48. Does the consideration of appropriate sanctions take place at the end of the investigation when all the evidence is available?

    Yes - All the evidence is available at the end of an investigation enabling appropriate sanctions to be considered or re-considered if it has been necessary to have applied sanctions earlier for example to prevent continuing activity. Any sanctions will be made in consultation with departments and any other stakeholders as appropriate including the Monitoring Officer which will ensure consistency across the authority.

49. Does the organisation monitor the extent to which the application of sanctions is successful?

Internal audit monitor the recovery of losses.

Taking action to tackle the problem - Redress

50. Does the organisation have a clear policy on the recovery of losses incurred to fraud and corruption?

Yes - prosecution and recovery policy in place.

51. Is the organisation effective in recovering any losses incurred to fraud and corruption?

    Wherever possible losses are recovered and these are reported by internal audit to the Audit Committee on completion. Where it is not possible, the Chief Internal Auditor/Monitoring Officer will agree the need to follow the write off procedures.

52. Does the organisation use the criminal and civil law to the full in recovering losses?

    All circumstances are taken into account before taking a decision over seeking the recovery of losses. A good example of this would be the losses sought through the courts following the conviction of a Headteacher and Deputy Headteacher. This was unsuccessful and as a result we are now considering seeking recovery of the losses through the civil route.

53. Does the organisation monitor proceedings for the recovery of losses?

Yes, but cannot necessarily influence the proceedings.

54. What is the organisation's successful recovery rate?

Not formally measured but monitored on a case by case basis.

Focusing on outcomes and not merely activity

55. Are there clear outcomes described for work to counter fraud and corruption?

Not specific/apart from maintaining a low incidence.

56. Do the desired outcomes relate to the actual sums lost to and harm caused by fraud and corruption?

Not measured.