EAST SUSSEX COUNTY COUNCIL, 

SURREY COUNTY COUNCIL AND 

BRIGHTON AND HOVE COUNTY COUNCIL 

 

ORBIS JOINT COMMITTEE MEETING 

 

DATE:   22 JANUARY 2021 

 

LEAD OFFICER:                    NIGEL MANVELL (DEPUTY CHIEF FINANCE OFFICER BRIGHTON & HOVE CITY COUNCIL), PHIL HALL (ACTING CHIEF OPERATING OFFICER EAST SUSSEX COUNTY COUNCIL), LEIGH WHITEHOUSE (EXECUTIVE DIRECTOR OF RESOURCES SURREY COUNTY COUNCIL) 

 

SUBJECT:                             INTERNAL AUDIT SERVICE SPOTLIGHT 

 

 

 

 

  SUMMARY OF ISSUE:  

 

This spotlight report provides the Orbis Joint Committee with an overview of the activities and achievements by the Orbis Internal Audit and Counter Fraud Service (Orbis IA). 

 

RECOMMENDATIONS: 

 

The Orbis Joint Committee is asked to note the achievements and on-going service developments for the partnership service. 

 

REASONS FOR RECOMMENDATIONS: 

 

The Joint Committee is responsible for the effective monitoring of Orbis performance. 

 

DETAILS: 

 

 

Background 

 

1.1   The Internal Audit Service is an integrated Orbis partnership function delivering internal audit and counter fraud services to all three partner councils and a range of external, fee paying, clients.  The service is led by a single Chief Internal Auditor appointed in April 2017, with a new integrated structure created with effect from April 2018 (see below).

 

1.2   Internal Audit is a statutory service in the context of the Accounts and Audit Regulations 2015, which require every local authority to maintain an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes.  Within local government in the UK, it is a specific requirement that internal audit services are delivered in accordance with Public Sector Internal Audit Standards (PSIAS). 

 

Integrated Structure

1.3   At the time of establishing Orbis IA, a new organisational structure was implemented with the intention of continuing to provide high quality, localised services to our partner and client organisations, whilst also developing specialist teams in the areas of ICT Audit and Counter Fraud, who provide these services across all partners and clients.  Maintaining such specialisms within smaller individual teams prior to integration had become unsustainable, resulting in the increased costs associated with buying in services from external providers.  A copy of the current Orbis IA structure chart is attached to this report below, a structure that, at the time it went live, delivered approximately £450k of savings to the Orbis partner authorities (representing 25% of the net budget). 

 

1.4   Alongside the integration of the teams, a substantial amount of work was undertaken to successfully standardise all aspects of working practice within the new service, thereby driving further efficiencies and facilitating more effective partnership working.  This work represented a significant achievement given how differently the services operated prior to forming the partnership, and included:

 

·         Procurement and implementation of a new electronic audit management system, including online working papers, enhanced performance reporting and automatic audit report generation.  This system is a web based applicated enabling Orbis IA staff to work for any client from any location;

·         Streamlined and standardised audit methodology, from initial assignment planning through to final report production;

·         Introduction of standard audit report templates and a consistent set of audit opinions (and associated definitions);

·         Standardised audit committee reporting for all partner councils, including format, content and frequency.

 

1.5      Whilst some ongoing challenges have been faced historically by the service with recruiting suitably skilled and experienced staff, five new staff at entry level have recently been successfully appointed, with a focus on training and development to effectively ‘grow our own’.  This includes a robust programme of support for appropriate professional development, incorporating apprenticeship schemes where possible.  Significantly, and subsequently to this, the service has also now appointed two new experienced Principal Auditors to support the delivery of services across all three Councils and external clients.

 

1.6      Alongside the delivery to ESCC, SCC and B&HCC, Orbis IA also provides services to a range of external, fee paying clients, including Horsham District Council, East Sussex Fire Authority, Elmbridge Borough Council and the South Downs National Park Authority.  Total income of £444k is currently generated from this work, making a substantial contribution toward business overheads, thereby driving down the cost to the Orbis partner councils.  The most significant individual external client is Horsham District Council, an arrangement which also commenced in April 2018 and involved the TUPE transfer of a small number of staff into Orbis IA. 

 

Core Service Delivery

 

1.7     Every year, an updated Internal Audit Strategy and Annual Audit Plan is produced for each partner council.  As well as setting out our overall approach to the delivery of internal audit and counter fraud services, these documents also incorporate a detailed programme of work for the year, applying the following key principles:

 

·         All key financial systems are subject to a cyclical programme of audits covering, as a minimum, compliance against key controls;

·         Previous reviews which resulted in lower assurance-based audit opinions are subject to a specific follow-up review by Internal Audit to assess the effective implementation by management of agreed actions;

·         Formal action tracking arrangements are in place to monitor the implementation by management of all individual high risk recommendations.

 

1.8     In line with best practice, all audit plans are kept under review throughout the year and include provision to enable the service to respond to new and emerging risks.  Along with normal, assurance-based audit assignments, a key element of the Orbis IA approach is to provide proactive advice, support and challenge to major organisational projects and change programmes.  This real time support is highly valued by stakeholders, enabling risk and internal control issues to be identified and resolved as new systems and processes are being designed.

 

1.9     The results of all internal audit and counter fraud activities, along with details of service performance, are reported on a quarterly basis to each of the council senior leadership teams and audit committees.  Along with these, each partner authority receives an annual internal audit report, incorporating an overall opinion from the Chief Internal Auditor on the adequacy of the organisation’s risk, governance and internal control arrangements.  These reports form a key source of evidence in support of each council’s annual governance statement.  For 2019/20, ESCC, SCC and B&HCC all received an annual opinion of ‘Reasonable Assurance[1]’.

 

Professional Compliance and Performance

 

1.10   As referenced in para 1.2 above, all of the relevant internal audit standard setting bodies, including CIPFA, have adopted a common set of Public Sector Internal Audit Standards (PSIAS), based on the Institute of Internal Auditors International Professional Practices Framework.

 

1.11   Included within these Standards is the requirement for each internal audit service to maintain an ongoing quality assurance and improvement programme based on an annual self-assessment against the Standards, supplemented at least every five years by a full independent external assessment.  During 2018, our first year as an integrated service, South West Audit Partnership (SWAP) were commissioned to undertake the independent external assessment of Orbis IA against the following core principles defined within the Standards:

 

·         Demonstrates integrity;

·         Demonstrates competence and due professional care;

·         Objective and free from undue influence (independent);

·         Aligns with the strategies, objectives, and risks of the organisation;

·         Is appropriately positioned and adequately resourced;

·         Demonstrates quality and continuous improvement;

·         Communicates effectively;

·         Provides risk-based assurance;

·         Is insightful, proactive, and future-focused;

·         Promotes organisational improvement.

 

1.12   Overall, the review concluded that Orbis IA is achieving the highest level of conformance with the Standards and Code of Ethics.  The opinion given, ‘Generally Conforms’, is the highest of the three rankings, as defined by the Chartered Institute of Internal Auditors.

 

 

1.13   In giving their opinion, the review team commented on the significant areas of successful internal audit practice they identified, particularly:

 

·         That Orbis IA is well respected and its advice and opinion is sought by stakeholders, with numerous examples offered during the assessment;

        Strong support and a sense of trust is placed in the team by both senior management and Members;

        Interviews with key stakeholders confirmed that the team have a good reputation and organisational profile;

        The service receives a high level of satisfaction from internal audit feedback forms;

        Stakeholders rated the service with an average score of 8.03 (out of 10).

 

1.14   Alongside the assessments of professional compliance, the performance of Orbis IA continues to be measured against key service targets focussing on service quality, productivity and efficiency, compliance with professional standards, influence and our staff.  These are all underpinned by appropriate key performance indicators as set out in the following table:

 

Aspect of Service

Orbis IA Performance Indicators

Target

Quality

  • Annual Audit Plan agreed by Audit Committees
  • Annual Audit Report and Opinion
  • Satisfaction levels

By end April

 

To inform AGS

90% satisfied

Productivity and Process Efficiency

  • Audit Plan – completion to draft report stage by 31 March each year

90%

Compliance with Professional Standards

 

  • Public Sector Internal Audit Standards
  • Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures and Investigations Act

 

Conforms

Conforms

Outcomes and degree of influence

  • Implementation of management actions agreed in response to audit findings

95% for high priority

Our Staff

  • Professionally Qualified/Accredited

80%

 

Covid-19 Service Response

 

1.15   Unsurprisingly, like all Council services, the pandemic has had a significant impact on Orbis IA, including the way in which our staff work, the nature of the work we are able to carry out and the extent to which we are able to deliver our planned audit activities, be they completion of the previous 2019/20 audit plan or commencement of planned 2020/21 work.  Despite this, because of the hard work of the team throughout 2019/20, sufficient work had been completed for that year, prior to the Coronavirus outbreak, to enable the Chief Internal Auditor to still provide an overall annual audit opinion for each of the Councils.  In all three cases, this was ‘Reasonable Assurance’.

 

1.16   Immediately upon the start of the outbreak and associated lockdown, Orbis IA recognised the priority that needed to be given to frontline service delivery and community support.  For this reason, the decision was taken to suspend all planned audit activities in order to avoid interfering with the wider organisational response and to enable Orbis IA resources to be focussed on the new risk environment emerging from the pandemic.

 

1.17   As a result of the original lockdown, and subsequent continued remote working arrangements, virtually all activities within the partner councils have, at extremely short notice, needed to be redesigned.  In such circumstances, systems, processes and controls can easily be undermined and weakened, exposing the organisations to a range of new risks.  The Orbis IA team have therefore been working extremely hard in order to identify the most important of these changes and provide advice to management to ensure, as far as possible, an appropriate internal control environment is maintained.  All of this work has been formally logged by the team in order for us revisit these areas in future once services look to return to some form of business as usual.  In addition, the team has also:

 

·         Produced and promoted an updated fraud risk assessment for each of the councils specifically in relation to the pandemic and issue arising from it;

·         Carried out data analytics work to provide assurance over a sample of higher risk fraud areas, including payment cards and creditors;

·         Provided extensive advice and support on the arrangements for processing grant payments to local businesses, helping ensure proper verification controls are in place;

·         Supported the councils in the procurement, verification and distribution of PPE, including formally redeploying Orbis IA staff into the Procurement Service to aid this process;

·         Started to develop a programme for delivering assurance over key financial systems through use of data analytics, utilising entire data populations.

 

1.18   Finally, despite the continued uncertainty, Orbis IA continues to plan for the future and what this might mean for delivering assurance in what could be such a fundamentally different environment.  As part of this, we have been liaising with our professional bodies and other local authority internal audit providers to help ensure we develop the most effective response. 

 

1.19   In light of the most recent spike and associated lockdown, the revised plans for 2020/21 are once again being re-prioritised in an attempt to ensure sufficient coverage is achieved to enable the Chief Internal Auditor to still provide annual opinions for each of the partner councils.  Audit planning for 2021/22 is also being reviewed with a view to focussing coverage only on core assurance areas (such as key financial systems) with much more time earmarked for more reactive/emerging risk activity.

 

2.         Conclusion and reasons for recommendations  

 

2.1     Orbis IA is a core part of the Orbis delivery and is providing high quality audit and counter fraud services to all of our organisations and a range of external, fee paying, clients.  In doing so, the service has delivered substantial savings and has been independently assessed as having achieved the highest level of conformance with relevant professional standards.

 

2.3     Looking forward, the service will seek to build on the strong foundations already established whilst exploring further opportunities to grow the service by taking on new client organisations.

 

 

Contact Officer: 

Russell Banks CMIIA – Orbis Chief Internal Auditor

 

Consulted: 

Phil Hall – Acting Chief Operating Officer (ESCC) 

Leigh Whitehouse – Executive Director of Resources (SCC) 

Nigel Manvell  - Deputy Chief Finance Officer (BHCC) 


 



[1] Potential opinions are ‘Substantial Assurance’, ‘Reasonable Assurance’, ‘Partial Assurance’ and ‘Minimal Assurance’.