Agenda item

This report provides an update on progress made in delivering the internal audit workplan for 2018/19 and on current counter fraud activity.

Members considered an update on progress made in delivering the internal audit workplan for 2018/19 and on current counter fraud activity. The Head of Internal Audit attended the meeting to present the report. He highlighted the planned external assessment of internal audit working practices, which was required at least every 5 years.

In response to Member questions he stated that:

·        9% of the audit work plan had currently been completed, compared to 27% the previous year. This was considered ‘as expected’ because work was being completed as scheduled. Some of the audits were much larger and took more time. It could be that work scheduled during Q1 and Q2 had contained more of these large audits than in previous years;

·        It was possible to provide more detail about ‘in progress’ audits. It was however, difficult to anticipate to which Audit & Governance meetings reports may be presented to;

·        There was a requirement that internal auditors be externally assessed. Some councils commissioned external organisations to produce this and many choose to use a ‘peer review’ approach. Veritau had joined a group which represented councils with very similar shared service arrangements to Veritau. This meant there was a good understanding of operating in this way. There was no cost to the Council and Veritau would go on to assess another organisation;

·        This organisation had been selected by the S151 Officers across Veritau’s member councils and all councils had been satisfied with the choice. In CYC’s case the Deputy S151 Officer was the client as the S151 Officer was on the Veritau board;

·        The requirement for an external assessment was introduced in 2013 and Veritau’s first assessment was undertaken in 2014. Auditors were given 5 years to comply and Veritau had chosen to do this at a very early stage; many councils were only now having a first assessment;

·        There was a standard process to complete one of these assessments and this involved speaking to Officers and Chairs of Audit committees at member councils. It was a thorough and robust process, not merely a summary of internal audit arrangements;

·        The assessors on 2014 produced a report which set out recommendations and where practices met professional standards. This was reported to the Audit & Governance committee and actions were taken to address the recommendations;

·        Although there had been several chairs of the Audit & Governance committee since the last assessment, this was an assessment of internal audit practices at a point in time, and it was for the assessors to determine who they wished to speak to;

·        In relation to counter fraud work, the counter fraud team had exceeded its savings target by 28 August, however it had been a slightly unusual year with a few very good cases and this did not necessarily mean the target was too low or that this level could be sustained. The team were improving in terms of deciding which cases to pursue and services were getting better at referring possible cases of fraud;

·        Successful outcomes depended on the type of fraud, this could be disciplinary action, prosecution or recovering financial loss;

·        There was no reason to believe that fraud was becoming more prevalent, the figures more likely show that identification and action taken were improving;

·        Every attempt was made to recover financial loss to the Council. He did not have detail on recovery levels available but could circulate these to the committee. He highlighted it was important to remember recovery could take years; and

·        The savings target was previously higher but had come down in recent years. This figure could be skewed by 1 or 2 cases so it was difficult to set an accurate target. Value was perhaps not the best way to measure the success of the team, for example there was more value in prosecutions and he press coverage of these.

Members then looked in detail at the audit of Taxi Licensing. The Corporate Director - Economy & Place and Head of Public Protection also attended to answer questions relation to the Taxi Licensing Audit. Officers highlighted that they were unaware that this report had been redacted by Veritau until it was brought to their attention by Members. This had been republished as an unredacted version immediately afterward. They went on to explain that this service area had been chosen for audit as the Corporate Director was aware that the service had been under significant pressure, particularly in relation to UBER operating in the City. The taxi trade itself had also been resistant to the Council’s attempts to regulate the service. A petition had been received lobbying the Council to remove the requirement for drivers to attend Child Sexual Exploitation (CSE) training.

He went on to state that he did not find the lack of Disclosure and Barring Service (DBS) checks found during the audit acceptable and took action to mitigate that as soon as it was brought to his attention. All drivers had undertaken a DBS check when they were licensed and this was a gold standard measure. However, this was a backwards looking measure and in no means reflected the risk on a given date. If someone was arrested the day after a DBS certificate was received it would not reflect this. The Council did have a close working relationship with the police and there was a requirement to self declare notifiable offences on renewal of a licence. Licences were regularly revoked for offences after notification by the police.

A report would be taken to Gambling, Licensing and Regulatory Committee on 10 December to propose that any drivers who did not engage with the DBS process would have their licences revoked for non compliance.

Members highlighted their concern that there was a lack of reporting to senior Officers and Members, as there must have been an awareness within the department that this was an issue.

In response to Member questions Officers stated:

·        This highlighted the importance of rigorous audit, senior Officers could not know what they did not know. However, appropriate managerial conversations had since taken place to highlight situations which needed reporting upward;

·        The duty for police to notify the Licensing Authority applied nationwide, but the strongest relationship was with North Yorkshire Police;

·        In respect of drivers who held school transport contracts, they were required to hold an Enhanced DBS check and this was administered by Children’s’ Services;

·        The decision to redact the report was made by Veritau. CYC were one of very few councils who chose to publish all audit reports and therefore sometimes it was necessary to redact where it was felt there was risk to the Council. Ultimately though it was up to the Council and this is why it had been republished in full;

·        Taxi driving was a notifiable occupation and it was common practice for police to ascertain an individuals occupation when detaining them. There was no single organisation or database holding this information and representations had been made to Government on this issue; 

·        Officers did not have the exact detail on the date the oldest ‘out of date’ DBS was issued, but would circulate this to the Committee; and

·        DBS found it more difficult to issue certificates to individuals who had lived overseas. This required the embassy in those countries to provide a certificate of good conduct. Not every country provided these and in this instance it was a judgement call as to whether the individual passed the ‘fit and proper person test’. If Licensing Officers were not content this was the case, applications would be refused.

Resolved:  That Members :

1.   Note the progress made in delivering the 2018/19 internal audit work programme, and current counter fraud activity.

2.   Note the arrangements for the external assessment of internal audit.

Reason:

1.   To enable members to consider the implications of audit and fraud findings.

2.   To enable members to fulfil their responsibilities for oversight of internal audit arrangements.