Planned Audit Reviews


Review Name

Outline Objective

Key Financial Systems

Accounts Payable (Procure to Pay)



To review compliance with key controls within the accounts payable system, including controls in place for ordering, the creation and maintenance of supplier details, goods receipting and the payment of invoices.

Accounts Receivable



To review compliance with key controls within the accounts receivable system including controls in relation to the accuracy of customer details, completeness, accuracy and timeliness of invoicing, recording and matching payments to invoices, and debt recovery.




To review compliance with key controls within the payroll system, including controls in relation to pre-employment checls, starters, leavers, temporary and permanent variations of pay.

General Ledger

To review controls in relation to the Council's general ledger, including in relation to year-end procedures, journal transfers and bank reconciliation.

Treasury Management

To assess the adequacy of controls and procedures across the Council's treasury management arrangements, including in relation to cash flow forecasting, financial investments and use of treasury advisors.

Adult Social Care and Health (ASCH) Liquidlogic (LAS) and Controcc


To assess the adequacy of controls within the LAS (client information system for ASCH) and Controcc (the social payments and billing system), to provide assurance that payments are complete, accurate, timely and are only made to bona fide care providers, where approved services have been provided to ESCC care clients.

East Sussex Pension Fund

Collection of Contributions

The Fund collects in excess of £130m annually in contributions, without access to prime accounting records to provide assurance that contributions have been collected accurately from all members of the scheme and have been paid over in full.  We shall assess the availability and quality of sources of assurance over employers’ payroll, and other systems for collecting and paying over employees’ and employers’ contributions.

Investments and Accounting

To provide assurance that fund managers and custodians have adequate controls in place over the Fund’s investments, including in relation to the safeguarding and performance of investments, the valuation of assets, compliance with investment regulations and receipt of, and accounting for, investment income.

Cash Management

We shall review the arrangements in place to ensure the effective management of cash flow, including the Fund’s ability to meet its liabilities when they fall due.

Administration of Pension Benefits

We shall review controls over the calculation and payment of pension benefits, transfers to and from the Pension Fund and the maintenance of the data. 

Key Governance Arrangements

Business Continuity Planning

To assess the adequacy of business continuity arrangements within the Council, including a review of overall governance arrangements, impact/risk assessments, and continuity planning.

Corporate Governance

To review the adequacy of corporate governance arrangements within the Council, including assessing the extent to which previously identified governance improvement actions have been implemented.

Risk Management

To assess the arrangements in place to identify, assess and mitigate risk across the organisation.

Strategic Risks/Projects

Modernising Back Office Systems (MBOS)

We will continue to provide independent advice, support and challenge on risk, control, probity and governance issues in respect of this programme, including the provision of post go-live assurance activity as agreed with the Board.

Managing Service Demand

Increasing demand for statutory services continually puts pressure on Council budgets.  We will review the actions being taken to manage this ongoing pressure against a sample of volatile budget areas.

Workforce Capacity and Working Arrangements

With the current challenges in being able to recruit and retain skilled staff, we will complete a review to assess the adequacy of arrangements in place within the Council to maximise its workforce capacity, including management of risks associated with potential single points of failure.  The may also cover aspects of hybrid working arrangements.

Adult Social Care Regulatory Changes

During 2023/24, there will be significant areas of change in the area of Adult Social Care and Health, including integration with the NHS, Care Quality Commission Inspection Framework, Financial Services programme and the ‘Being Digital’ programme. We will work with management to identify and agree how best we can support these areas through the provision of audit advice, support and assurance.

Ukraine Funding

We will review the governance arrangements in place to provide assurance that government funding in relation to the Ukraine crisis is being properly managed and safeguarded.

Health and Safety Phase 2

Following our assessment of the framework of health and safety within the Council in 2022/23, we will undertake a review of overall compliance with this across the organisation.

Supplier Failure

A review to determine the resilience the Council has in the face of supplier failure. This review will seek to provide assurance on the controls to identify critical suppliers at risk of failure and to mitigate the effects of any failures that occur, including, where relevant, the wider supply chain.

Highways Maintenance Contract Management

A new contract for highways and infrastructure services has been awarded to Balfour Beatty Living Places Ltd.  The contract, which will start from May 2023, will run for an initial seven years with an option to extend to a maximum of fourteen years. We will undertake a contract management review which will include the arrangements over governance, performance management, payment mechanisms and new processes.

Integrated Waste Management Services - Contract Management

ESCC and Brighton and Hove City Council have held a Private Finance Initiative with Veolia South Downs Ltd since 2003 for the delivery and operation of waste facilities, including recycling and disposal services for household waste across both authorities.  We will audit the contract management arrangements for this contract.

Other Known Areas of Risk

Procurement Regulatory Changes

Major changes to procurement regulations are expected in late 2023 which are likely to include more stringent transparency requirements. These will need to be reflected in the Council’s own regulations, including Procurement and Contract Standing Orders.  We will provide support and advice in relation to the updating of these.

Children’s Disability Services – Direct Payments

To examine the system of control associated with the administration, payment and monitoring of direct payments within Children’s Disability Services.

Children’s Services – Quality Assurance Framework

In order to ensure that children and families in East Sussex receive a high quality service, robust quality assurance arrangements need to be in place.  We will examine the underpinning principles and practices within the Children’s Services quality assurance function and seek assurance over its effectiveness in driving improvement within service practice.

Adult Social Care and Health (ASCH) - Debt Management and Recovery

Due to the cost of living crisis, there has been an increase in the level of debt within ASCH.  We will review the arrangements for debt management within the department, including the timeliness of invoicing, recording and matching of payments received to invoices and debt recovery.

Property Services Programme Management

To provide assurance that the overall programme of work within Property is effectively managed, including the planning, prioritisation and allocation of resources, and how overall performance and delivery is monitored.

Milton Grange Nursing Home - Cultural Compliance Audit


To provide assurance that management and financial controls are in place and operating effectively within the home, assessing compliance with key Council policies and procedures.  Further similar reviews of other care homes may subsequently take place.

Mental Health Services - Compliance with Corporate and Local Procedures


To provide assurance that management and financial controls are in place and operating effectively within the Mental Health Service, assessing compliance with key Council policies and procedures, and also their own local procedures.

Parking – Procurement and Monitoring of External Service Providers


We will look to ensure that the engagement, through the Parking Team, of service providers for key parking related activities, complies with the Council's Procurement and Contract Standing Orders and other key Council policies. We will also assess the adequacy of monitoring arrangements in place to ensure providers are deliverying services in accordance with contracts.

School Audits


We will continue our audit coverage in schools which will involve a range of assurance work, including key controls testing in individual schools and follow-ups of previous audit work where appropriate.  We will also work with our Orbis partners to provide information bulletins and guidance for schools on risk, governance and internal control matters.




ICT Audit

Property Asset Management System (PAMS) Replacement

To provide pro-active support, advice and assistance to the property asset management system replacement programme, including the evaluation of the effectiveness of any key control changes arising from the implementation of the system.

Robotics (Governance Arrangements)

Robotic Process Automation (RPA) is a form of business process automation that allows a user to define a set of instructions for a robot to perform automatically, often repeating the task quickly.  The review will evaluate the effectiveness of the controls to govern the use of Robotics within the Authority, including review of the controls to ensure the accuracy of all data processed by 'robots' and ensuring appropriate failure reports are built into the decision making routines.

Adult Services Data Handling

Social workers/safeguarding teams sometimes use video to record interviews and other interactions with service users.  This audit will seek to ensure there is an appropriate Data Protection Impact Assessment (DPIA) in place and being complied with, appropriate permissions are sought, and data is encrypted in transit and deleted as appropriate.

Patch Management

We will review the controls in place to support effective patch management, ensuring that patches and system updates are tested prior to being applied and that patches are applied in a timely manner.

New Home to School Transport System

This application audit will review all major input, processing, and output controls, including access controls and the interfaces with other systems, and to ensure appropriate system ownership and responsibilities are known. 

Recovery and Resilience (including Cyber Security) Arrangements

This audit will review the key controls operating to ensure that Council arrangements are resilient and robust  in the event of a cyber attack or other technology-related outage.   The audit will also seek assurance over  controls to allow the Authority to recover from any technology-related disaster, focussing on corporate systems (supported by IT&D) as well as those procured and managed within departments.

Follow-Up Reviews

Contract Management Group Cultural Compliance

A follow-up of the previous audit completed which received an audit opinion of partial assurance.

Climate Change

A follow-up of the previous audit completed which received an audit opinion of partial assurance.

Children's Services Data Handling

A follow-up of the previous audit completed which received an audit opinion of partial assurance.

Procurement Data Analytics

A follow-up of the previous audit completed which received an audit opinion of partial assurance.

External Funding – Grants and Loans

A follow-up of the previous audit completed which received an audit opinion of partial assurance.

Grant Certification

Local Transport Capital Block Funding-  Integrated Transport & Highways Maintenance (Including Traffic Signals/Pot Holes)

To check and certify the grant in accordance with the requirements of the Department for Transport.


Bus Services Operators Grant

To check and certify the grant in accordance with the requirements of the Department for Transport.


Broadband Grant

To check and certify the grant in accorance with the requirements of the Department of Digital, Culture, Media and Sport.

Contain Outbreak Management Fund

To check and certify that the funding is used in accordance with the requirements o fthe Department of Health and Social Care.

Supporting Families Programme

Certification of periodic grant claims returns in-year on behalf of Children’s Services to enable the release of funds from the Department for Levelling Up, Housing and Communities.

European Social Fund Transform Project


To provide assurance that quarterly returns submitted to the European Social Fund are accurate and reflective of apprenticeship activity within the reported period.

Schools Basic Needs Allocation

To check and certify various capital grants in accordance with the requirements of the Department for Education.


Service Management and Delivery

Review Name

Outline Objective

Action Tracking


Ongoing action tracking and reporting of agreed, high risk actions.

Annual Internal Audit Report and Opinion

Creation of Annual Report and Opinion.

Audit and Fraud Management


Overall management of all audit and counter fraud activity, including work allocation, work scheduling and Orbis Audit Manager meetings.

Audit and Fraud Reporting

Production of periodic reports to management and Audit Committee covering results of all audit and anti-fraud activity.

Audit Committee and other Member Support


Ongoing liaison with Members on internal audit matters and attending Audit Committee meetings and associated pre-meetings.

Client Service Liaison


Liaison with clients and departmental management teams throughout the year.

Client Support and Advice


Ad hoc advice, guidance and support on risk, internal control and governance matters provided to clients and services throughout the year.

Orbis IA Developments



Audit and corporate fraud service developments, including quality improvement and ensuring compliance with Public Sector Internal Audit Standards.

Organisational Management Support


Attendance and ongoing support to organisational management meetings, e.g. Financial Management Team (FMT), Statutory Officers Group (SOG).

Strategy and Annual Audit Planning


Development and production of the Internal Audit Strategy and Annual Audit Plan, including consultation with management and Members.

System Development and Administration

Development and administration of Audit and Fraud Management systems.


Anti-Fraud and Corruption



To cover the investigation of potential fraud and irregularity allegations as well as proactive counter fraud activities, including the National Fraud Initiative (NFI) data matching exercise.

Emerging Risks



A contingency budget to allow work to be undertaken on new risks and issues identified by Orbis IA and/or referred by management during the year.



A contingency budget to allow for effective management of the annual programme of work as the year progresses.


Other Auditable Areas Identified During the Audit Planning Process

Some of these reviews may be brought forward into the plan if there is additional capacity during the year. In addition, we will consider any emerging risks and prioritise audits accordingly.


Procurement Cards

Beacon/Grove Park Project Management

Controller of Premises

Microsoft Cloud Environment – Governance Review

Active Directory/Identity Management (incl. 3rd Party)

Digital Data Preservation Strategy

Data Breach Management

Surveillance Cameras

Life Certification

Direct Payments

Home Care Contract

Health Visiting Contract

Women’s Refuge Contract

Care Home Cultural Compliance

Hospital Discharges

Financial and Benefit Assessments

Children’s Placement Contracts

Alternative School Provision