Annexe A
Internal Audit and Counter Fraud
Quarter 1 Progress Report 2023/24
CONTENTS
1. Summary of Completed Audits
2. Counter Fraud and Investigation Activities
3. Action Tracking
4. Amendments to the Audit Plan
5. Internal Audit Performance
1. Summary of Completed Audits
Accounts Payable (Procure to Pay)
Procure to pay is the end-to-end process from the purchasing of services to the payment of the supplier. The central Accounts Payable (AP) team is responsible for the processing of payments to suppliers using the AP system, which is a sub-module within SAP, the Council’s main financial system.
This audit aimed to provide assurance over key controls operating with the procure to pay system, as follows:
· Orders are only raised for goods, works and services that are needed by the Council;
· Invoices are only paid for goods, works and services that are needed by the Council;
· All payments are made to the correct vendors, for the correct amounts, at the right time and only for goods, works or services ordered and satisfactorily received by the Council;
· Only vendors that meet the needs of the Council, and that do not already exist with the accounting system, are set-up and their details maintained accurately; and
· Transactions in the AP system are completely and accurately transferred to, and reflected in, the General Ledger.
Based on the work we completed, we were able to provide an opinion of reasonable assurance, with a number of areas of good practice identified.
Areas for improvement were, however, identified; in particular, relating to the process in relation to changes to bank details of supplier accounts where, as a result of a fraudulent payment earlier in the year (as reported to Audit Committee at the time), procedures in this area were subsequently strengthened. Whilst we did not find any other instances of fraud as part of this latest audit, our testing found that the control failing that allowed the fraudulent payment to be made was not an isolated example. However, no further action was deemed necessary as, for the instances found, all pre-dated the fraud and the subsequent strengthening of controls to help prevent this happening.
Other areas for improvement included the need to ensure:
· Robust checks are carried out to reduce the risk of making duplicate payments;
· Urgent payments are supported by a clearly documented approval process that records both the approval and the rationale for processing them outside of the normal pay runs; and
· Invoices are paid on time.
Actions were agreed with management to address these issues.
East Sussex Pension Fund
The Council is the designated statutory administering authority of the East Sussex Pension Fund (“the Fund”). It has statutory responsibility to administer and manage the Fund in accordance with the Local Government Pension Scheme (LGPS) regulations and has delegated the management and responsibility of the Fund to the East Sussex Pension Committee and the Pension Board, supported by the Chief Finance Officer for ESCC.
The Fund is responsible for managing assets for the long-term benefit of scheme members in accordance with statutory regulations and is a member of ACCESS, a collaboration of 11 LGPS administering authorities, which work together to reduce investment costs and gain economies of scale.
During quarter 1, we completed the following work in relation the Pension Fund, in accordance with the Pension Fund Internal Audit plan. Where we identified opportunities to strengthen controls, actions for improvement were agreed with management in all cases.
Pension Fund Cash Management
The purpose of this audit was to provide assurance that:
· Pension contributions from all employers in the scheme are collected in full, at the time they fall due;
· Information from employers is provided in a timely manner to maintain the Fund’s ability to deliver an effective service;
· Funding levels of new employers are sufficient to cover their liabilities; and
· Spikes in benefit demands are managed to avoid the Fund becoming overdrawn.
Overall, we were able to give an opinion of reasonable assurance in relation to this work. We found that:
· The admission of new employers into the Fund is managed effectively;
· Work has begun to draft communications that will help support employers in the main key processes they are responsible for;
· Robust processes are in place to ensure that contributions due, as notified by employers, are received intact, with late payments being monitored and warning notifications sent to employers where contributions have not been received by the due date;
· To ensure the Fund is able to cover its liabilities, cash management activities and analysis are undertaken by the Investments and Accounting team on a daily basis.
Opportunities for improvement included:
· Strengthening of the Cash Management Strategy (in development at the time of our work) to include the addition of the Strategy’s objectives and associated risks and clarity over roles and responsibilities;
· Ensuring that payments cannot be made from the Pension Fund account to the ESCC account without the involvement of a Pension Fund officer;
· Strengthening the existing reconciliation process to ensure that contributions received from employers is correct; and
· Establishing guidance over the chasing of late/incomplete employer data.
Pension Fund Investments and Accounting
This audit reviewed the arrangements to management Fund investments, including pooling arrangements. The purpose of this audit was to provide assurance that:
· The ACCESS pool achieves the benefits of economies of scale, oversee the operator, fund managers and custodian effectively, and exploits investment opportunities;
· The Fund’s assets are safeguarded and managed in accordance with regulatory requirements;
· The performance of the Fund’s investments meets its objectives;
· Investment returns are received in a full and timely manner;
· Effective management of payments and income ensures that the Fund’s bank account does not become overdrawn; and
· Accounting of the Fund is accurate resulting in an unqualified opinion by the external auditor on the Fund’s annual accounts.
In completing this review, we were able to give an opinion of substantial assurance for the following reasons:
· The recently expanded Fund’s team comprises experienced officers, who are supported by investment consultants, to ensure that investment performance is monitored and that new investment opportunities are explored (with appropriate due diligence before making investments);
· Investments are made and managed in accordance with regulatory requirements;
· Robust processes are in place to ensure that assets are safeguarded;
· Rigorous checks take place to ensure that fund managers’ fees are paid in accordance with contractual obligations;
· The Fund’s custodian, Northern Trust, ensures that all investment returns are received in full and timeously;
· Regular reconciliations take place to provide assurance that transactions are accurately reflected in the general ledger; and
· Effective arrangements are in place to ensure that the back account remains in credit.
Only one minor area for improvement was identified, around the need to enhance the already documented key accounting and control processes to improve resilience in the event of loss of key officers.
Pension Fund - Administration of Pension Benefits
This audit reviewed the controls in place in relation to the calculation and payment of pension benefits and transfers to and from the Fund. The purpose of the audit was to provide assurance that:
· Data quality is sufficiently accurate to support transactions and reporting requirements;
· The calculation of pension benefit entitlements is accurate; and
· Delivery of the pension administration service complies with the requirements of the Pension Regulator.
Overall, we were able to provide an opinion of reasonable assurance. We found that processes are generally in place to ensure that data quality is maintained and data quality and improvement is routinely reviewed at Board and Committee level. Mechanisms are in place to ensure that pension benefits are calculated correctly and are paid on time, and we also found that the pension administration service is run in accordance with regulatory requirements and delivers an effective service to members of the scheme.
In relation to data quality, there remain some significant concerns about the quality of data being received from one large employer. The Fund is working closely with the employer to ensure it can provide data of the quality required. Where the inability of that employer to provide the necessary data of the required quality has resulted in breaches of regulations, the breaches have been documented and reported to the Pension Regulator.
There were some areas from our work where we found opportunities to strengthen controls, including the need to ensure that:
· Payments over £100k are approved by the Head of Pension Administration, with investigations to be made as to whether this can be enforced ‘on-system’; and
· Where requests to amend members’ bank details are received on bulk from employers, evidence of these requests are retained against individuals’ records in the pension system.
Pension Fund Cyber Security
The Pension Regulator’s ‘Cyber Security Principles for Pension Schemes’ states that ‘Pension schemes hold large amounts of personal data and assets which can make them a target for fraudsters and criminals. Trustees and scheme managers need to take steps to protect members and assets accordingly, which includes protecting them against cyber risk. This is an issue which all trustees and scheme managers, regardless of the size or structure of their scheme, should be alert to’.
The objective of this audit was to provide assurance that the ESPF complies with the Pension Regulator’s cyber security principles for pension schemes. The principles provide guidance over governance, controls, incident response and managing evolving risk.
In completing this work, we were able to provide an opinion of substantial assurance on the basis that, considering all the current cyber security measures in place for the Fund, there is a high level of compliance with the principles as set out by the Pension Regulator.
The controls that exist to manage a cyber attack for ESCC apply equally to the Fund. We also found there are adequate preparations in place to manage an incident with support from the Council’s Information Security Team, should a cyber event occur.
Frequent back-ups, both online and to off-line services, ensure that, should an attack occur, members’ and the funds’ data would be available to continue service as soon as possible.
We raised only one finding as a result of our work where we found that, whilst there are generic Council-wide policies, procedures and training in place to meet the expectations of the cyber security principles identified by the Pensions Regulator, it was not always clear that these also apply to the Pension Fund. An action was agreed to address this through collaboration between the Pension Team and IT&D colleagues.
Annual Governance Statement – Directorate Assurance Statements and Policy Review
ESCC is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money is safeguarded, properly accounted for, and used economically, efficiently and effectively. The Council also has a duty under the Local Government Act 1999 to make arrangements to secure continuous improvement in the way in which its functions are exercised. In order to ensure these aims are delivered, strong corporate governance is required to support the integrity, transparency and efficiency of the organisation.
This audit aimed to provide assurance over the extent to which policies and procedures exist which contribute to the Council’s overall governance arrangements, and that Directorate Assurance Statements (DAS) are in place to improve governance within individual departments of the Council.
In completing this work, we were able to provide an audit opinion of substantial assurance. We found that, when implemented, actions agreed within the DAS result in a reasonable improvement in governance within departments and therefore the organisation overall. We also found that improvements have been made to the process of ensuring that key Council policies, which contribute to overall governance arrangements, are up-to-date and reflect current legislation, Council policy and best practice, and that there is sufficient awareness of these.
Only minor actions for improvement were identified and these were agreed with management.
Health and Safety Framework
The Health and Safety at Work Act 1974 (HSWA) sets out wide-ranging duties on employers to protect the health, safety and welfare of employees and the general public, insofar as is reasonably practicable. The Health and Safety Executive (HSE) is the primary regulator for workplace health and safety, working alongside other regulators, aiming to prevent workplace death, injury or ill health by working with duty holders to understand the risks they create and how to manage them.
This review aimed to provide assurance that there is an effective framework of health and safety within the Council, to help reduce the risk of injury, death, financial penalty or reputational damage. It included a review of governance arrangements, Council policy and training.
In completing this work, we were able to provide an opinion of reasonable assurance for the following reasons:
· There is a dedicated Health and Safety Team with clearly defined roles and responsibilities;
· The health and safety framework is supported by a Corporate Health and Safety Steering Group as well as departmental steering groups;
· A corporate Health and Safety Policy is in place which complies with the requirements set out by the Health and Safety Executive.
· Further policies in relation to key areas of health and safety risk have been developed, are subject to regular review and are easily accessible; and
· Roles and responsibilities are clearly defined across all levels of staff within the departmental and corporate health and safety steering groups.
Whilst these areas of good practice were identified, some opportunities for improvement were also found, including the need to ensure that:
· The process for near-miss reporting is clear for all staff so that trends can be monitored and analysed;
· Mandatory health and safety training is clearly stipulated as such so that managers and staff are aware that it must be undertaken;
· The training matrix, which outlines training relevant to specific roles, is included within the induction pages of the intranet to help ensure that all relevant training is undertaken when new employees start; and
· Records of training undertaken by senior managers, who have responsibility for the implementation of health and safety protocols across the organisation, are up-to-date.
Formal actions to address these areas were agreed with management. A review to assess compliance with the Council’s framework of health and safety is scheduled within the 2023/24 Internal Audit plan.
Subject Access Requests and Freedom of Information Reporting Arrangements
The Freedom of Information Act 2000 (FOIA), which came into effect on 1 January 2005, governs and increases rights of access to information held by public authorities (other than personal information which continues to be governed by the Data Protection Act (DPA) 2018). Under the DPA 2018, an individual can submit a Subject Access Request (SAR) for the information which they are entitled to ask for under section 7 of the DPA 2018.
Both pieces of legislation are upheld by the Information Commissioner’s Office (ICO), whose responsibilities include promoting good practice, monitoring breach reports and compliance and taking enforcement action, where appropriate.
The purpose of the audit was to provide assurance that:
· There is an effective governance framework in place to support compliance with FOI and SAR responsibilities;
· Policies and procedures are in place which provide direction as to the Council’s approach to requests received to ensure compliance with legislation, as well as documenting and communicating associated responsibilities;
· Council officers have awareness of their requirements and responsibilities when handling requests.
Overall, we were able to give an opinion of reasonable assurance with areas of good practice being found, including that:
· An effective framework is in place for the reporting of FOI and SAR requests, with oversight for monitoring of performance by the Council’s Information Governance Board;
· Council policies and public facing guidance is in place for both FOI and SAR which explain the Council’s approach to handling requests and the rights of individuals that make them; and
· Support and procedural guidance are available for officers who handle requests within the Information Governance teams, as well as training and guidance for those outside of those teams who are responsible for responding to requests.
Some areas for improvement were identified through our work, including the need for further clarity and transparency of performance reporting in relation to responding to FOI and SAR. Management agreed to review the current approach in relation to this to see where further context could be provided.
Cyber Security
Cyber-attacks on the Council’s IT systems and devices are a threat to the security of the Council’s data and could have a significant adverse impact on service delivery. Cyber security refers to the measures in place to combat these threats and is defined as the protection of information systems (hardware, software, and associated infrastructure), the data on them, and the services they provide, from unauthorised access, harm or misuse.
The purpose of the review was to provide assurance that:
· All cyber security incidents, including threats and both successful and unsuccessful attacks, are recorded;
· Anomalous activity is detected in a timely manner and reviewed appropriately;
· User security policies are in place, and all staff have received cyber security training to provide awareness of their role in supporting the Council to manage cyber security threats;
· Controls are in place to respond to identified cyber security incidents in an effective and timely manner; and
· Security measures are in place to minimize the likelihood and impact of cyber security incidents.
In providing an audit opinion of reasonable assurance, we found a number of areas of good practice, including that:
· Appropriate arrangements are in place over the recording and review of potential cyber security incidents;
· There are measures in place to detect unusual network activity and to protect the network and devices against potentially malicious attacks and content;
· Whilst there is no mandatory cyber security training for staff, they are provided with regular cyber security updates and elements of cyber security training through mandatory information governance training; and
· The Authority is aware of new and emerging risks as the Information Security team are updated through numerous routes, including NCSC early warning reporting and updates.
Whilst, generally, we found robust controls in place, some areas for improvement were identified. We do not look to share the specific details of our findings here as this information may be used to increase the risk of a successful cyber-attack. However, appropriate actions to mitigate the risks identified were agreed with management.
Adults Safeguarding
The purpose of the review was to provide assurance that robust governance arrangements are in place to ensure that safeguarding concerns and incidents are appropriately and effectively managed. It included a review of safeguarding policy and processes, safeguarding checks of staff and training arrangements.
Based on the work we completed, we were able to provide an opinion of reasonable assurance in relation to the adequacy of controls in this area. We found that:
· Clear governance arrangements are in place over the safeguarding of adults, with appropriate oversight from the Safeguarding Team and the East Sussex Safeguarding Adults Board (SAB);
· There is a comprehensive Adults Safeguarding Policy which covers the regulatory requirements of safeguarding;
· Sound procedures are in place with clear investigation and escalation procedures;
· Quality checks of safeguarding reviews are undertaken on a six-monthly rolling cycle by the Safeguarding Development Team, and Safeguarding Adult Reviews (SAR) are completed by the SAB, in line with the Care Act 2014; and
· Critical onboarding checks are completed for social workers, including DBS checks, and that social workers are listed on the Social Work England public register.
We did, however, identify some areas where controls could be improved and these were agreed with management. They included the need to ensure that:
· Safeguarding policies and procedures are subject to ongoing review;
· Performance statistics are used where possible to identify trends and training needs in relation to safeguarding;
· A central record of safeguarding training is maintained to ensure training and development is up-to-date; and
· There is guidance for officers on the checks (including DBS checks) that are required for the ad hoc services of volunteers, consultants and other third parties prior to being appointed, to reduce the risk of unsuitable candidates being engaged.
Appointee and Deputyship Process
Appointee and deputyships (A&D) allow the Council to assume responsibility for an individual’s financial affairs where the individual no longer has the mental capacity to do so themselves and there are no available family, friends or associates who could undertake this role on their behalf. Both roles are discretionary, and the Council is under no obligation to provide this function. The Council has, however, established criteria for cases where appointee and deputyship will be considered. Where these criteria are met, this is handled by the A&D Team, who utilise online banking facilities to manage client accounts.
Following concerns reported by an individual relating to the management of client accounts, we were asked by management to provide assurance that the Council is complying with the relevant legal requirements in this area. In completing this work, whilst we identified areas of good practice, we also found weaknesses in control in a number of areas and were only able to provide an opinion of partial assurance as a result. A robust action plan was therefore agreed with management to address these issues, including the need to ensure that:
· A backlog of historical transactions sitting in suspense accounts are allocated to client accounts to ensure that their balances are correct and to reduce the risk of financial hardship;
· Routine reconciliations of individual client accounts are undertaken to ensure that the client is receiving the income to which they are entitled to from known income sources, including benefits and pensions;
· A formal process is established to invest client monies that is in excess of their annual needs (whilst there is no legal requirement for this, the Council is required to ensure that client funds are managed in their best interests);
· Where client balances have reached the financial threshold for corporate deputyship to apply (over £5,000, where the Council should apply for deputyship and receive fee income as a result), these cases are routinely reviewed to ensure that such income is optimised;
· A comprehensive suite of procedural documentation is developed to provide guidance to members of the A&D Team and is subject to regular review and update to ensure continuing compliance with legislative requirements and principles, in what is a complex area; and
· All staff within the A&D Team complete an annual declaration of interest, in accordance with the Council’s Code of Conduct and Conflict of Interest policy.
Having completed this review, it is clear that resourcing pressures within the A&D Team have contributed to the issues identified. A number of new posts have recently been created, which should help to address these areas. As the team is self-funded, the optimisation of fee income, as above, is beneficial to ensuring the team is appropriately resourced.
External Funding, Grants and Loans
The Economic Development Skills and Infrastructure (EDSI) service within the Communities, Economy and Transport Department of the Council, lead on economic regeneration priorities. The Economic Development Team within EDSI manage grants and loans provided by the Council to support sustainable business growth through the East Sussex Invest (ESI) fund. The Major Projects and Growth Team within EDSI manage funds, allocated by other bodies, to third-party organisations, for the development and delivery of East Sussex led transport and infrastructure schemes.
In completing this review, we sought to assess the adequacy of arrangements operating with the EDSI service in respect of the provision of funding and ongoing monitoring, to provide assurance that:
· Governance arrangements are sound and effective, with adequate and proportionate controls in place over the provision and monitoring of grants and loans;
· Adequate records exist for each grant or loan made, including in relation to decision-making, funding agreements and ongoing monitoring and reporting; and
· Arrangements to recover guaranteed sums are effective leading to full recovery, and there is adequate approval and transparency over debt write-off and recovery.
In completing this work, we were only able to provide an opinion of partial assurance. Whilst areas of good practice were identified, we found a number of areas where controls could be strengthened, including ensuring that:
· The Corporate Funding Protocol is reviewed and enhanced to provide further advice and guidance to staff involved in the provision of funding to third parties;
· Improvements are made to document storage arrangements in relation to external funding where specific documentation could not be located during the audit;
· The financial vetting process for funding applicants is consistent across different funding streams;
· Regular reports of external funding provided (both grants and loans), the debt outstanding and any recovery arrangements are provided to the Chief Finance Officer and Corporate Management Team;
· Suitable evidence is retained of all key stages in the approval of projects funded through either Council or external funding;
· There is appropriate Finance Team consultation and advice in the assessment and approval of external funding applications, to inform decision-making; and
· Loans are repaid to the Council in accordance with the frequency stipulated in the agreement with the Council’s loan allocation and recovery service provider, in order to increase cash flow;
· Loan funding agreed for a successful applicant is not used to pay another applicant whilst the paperwork/contracts are being drawn up.
A formal action plan was agreed with management to address all of the findings of the review. We will complete a follow-up review later in the year to assess the extent to which the agreed actions have been implemented.
School Audit Work
We have a standard audit programme in place for all school audits, with the scope of our work designed to provide assurance over key controls operating within schools. The key objectives of our work are to ensure that:
The table below shows a summary of the one school review completed in Q1, together with the level of assurance received and areas for improvement.
Name of School |
Audit Opinion |
Areas Requiring Improvement |
St Richard’s Catholic College |
Partial Assurance |
|
2. Counter Fraud and Investigation Activities
Counter Fraud Activities
2.1 During the quarter, we have provided fraud awareness training to teams in Adult Social Care. We have also been liaising with the relevant services to provide advice and support in processing the matches received as part of the National Fraud Initiative, and the team continue to monitor fraud intelligence alerts and share information with relevant services, where appropriate.
Summary of Completed Investigations
Petty Cash Discrepancy
Inappropriate Use of School Funds
Preliminary enquiries were conducted following concerns that a Headteacher had inappropriately used school funds to pay for the repair costs on a personal vehicle. The investigation concluded that there was insufficient evidence to support the allegation and decision was made that no further action would be taken.
Theft from County Hall
Concerns were raised by Adult Social Care that a pot of charity money had been stolen from County Hall. Insufficient information was available to pursue the investigation further. However, advice was provided relating to the security of personal items.
3. Action Tracking
3.1 All high priority actions agreed with management as part of individual audit reviews are subject to action tracking, whereby we seek written confirmation from services that these have been implemented. As at the end of quarter one, all high priority actions due had been implemented.
4. Amendments to the Audit Plan
4.1 In accordance with proper professional practice, the internal audit plan for the year remains under regular review to ensure that the service continues to focus its resources in the highest priority areas based on an assessment of risk. Through discussions with management, the following reviews have been added to the audit plan so far this year:
Review |
Rationale for Addition |
Sea Change Sussex |
Continued support in helping the organisation collate information to address queries raised. |
4.2 In order to allow this additional work to take place, to-date the following audits have been removed or deferred from the audit plan and, where appropriate, will be considered for inclusion in the 2023/24 plan as part of the overall risk assessment completed during the annual audit planning process. These changes are made on the basis of risk prioritisation and/or as a result of developments within the service areas concerned requiring a rescheduling of audits:
Planned Audit |
Rationale for Removal |
Covid Outbreak Management Fund – Grant Certification |
No requirement for certification this year. |
Schools Basic Needs Allocation – Grant Certification |
No requirement for certification this year. |
4.3 The following audit work is currently in progress at the time of writing this report (including those at draft report stage, as indicated) or is scheduled for quarter 2:
In Progress:
· Contract Management (draft report)
· Milton Grange Cultural Compliance audit (draft report)
· Risk Management (draft report)
· Techforge IT Application audit (draft report)
· Mobile Device Management (draft report)
· Procurement of IT Systems (draft report)
· Adult Social Care Data Handling (draft report)
· Pevensey and Westham CE Primary School (draft report)
· Firle CE Primary School (draft report)
· Sea Change Sussex
· Parking – Procurement and Monitoring of External Service Providers
· Waste Management Contract – Contract Management
· Children’s Disability Services Direct Payments
· Supplier Failure
· Ukraine Funding
· Business Continuity Planning
· Pension Fund – Collection of Contributions
· General Ledger
· Mental Health Cultural Compliance
· Adult Social Care Debt Management and Recovery
· Treasury Management
· Home to School Transport Follow-Up
· Robotics (Governance Arrangements)
· System Change Control and Release Management
· Supporting Families Grant
Scheduled:
· LAS/Controcc
· Accounts Payable
· Accounts Receivable
· Payroll
· Health and Safety
· Children Services Data Handling Follow-Up
· MBOS Key Control Work
· MBOS Business Continuity Arrangements
· MBOS Cutover Arrangements
· St Mary’s Catholic School
· Local Transport Capital Block Funding Grants
· Bus Subsidy Grant
5. Internal Audit Performance
5.1 In addition to the annual assessment of internal audit effectiveness against Public Sector Internal Audit Standards (PSIAS), the performance of the service is monitored on an ongoing basis against a set of agreed key performance indicators as set out in the following table:
Orbis IA Performance Indicator |
Target |
RAG Score (RAG) |
Actual Performance |
||
Quality
|
Annual Audit Plan agreed by Audit Committee |
By end April |
G |
2023/24 Internal Audit Strategy and Annual Audit Plan formally approved by Audit Committee on 31 March 2023. |
|
Annual Audit Report and Opinion |
By end July |
G |
2022/23 Internal Audit Annual Report and Audit Opinion was approved by Audit Committee on 7 July 2022. |
||
Customer Satisfaction Levels |
90% satisfied |
G |
100% |
||
Productivity and Process Efficiency |
Audit Plan – completion to draft report stage |
90% |
G |
26.5% achieved to the end of Q1, against a Q1 target of 22.5%. |
|
Public Sector Internal Audit Standards |
Conforms |
G |
Dec 2022 -
External Quality Assurance completed by the Chartered Institute of
Internal Auditors (IIA). Orbis Internal Audit assessed as
achieving the highest level of conformance available against
professional standards with no areas of non-compliance identified,
and therefore no formal recommendations for improvement arising. In
summary the service was assessed as: |
||
|
Relevant legislation such as the Police and Criminal Evidence Act, Criminal Procedures and Investigations Act |
Conforms |
G |
No evidence of non-compliance identified |
|
Outcome and degree of influence |
Implementation of management actions agreed in response to audit findings |
97% for high priority agreed actions |
G |
100% |
|
Our staff |
Professionally Qualified/Accredited
|
80% |
G |
88% |
Appendix B
Audit Opinions and Definitions
Opinion |
Definition |
Substantial Assurance |
Controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
Reasonable Assurance |
Most controls are in place and are operating as expected to manage key risks to the achievement of system or service objectives. |
Partial Assurance |
There are weaknesses in the system of control and/or the level of non-compliance is such as to put the achievement of the system or service objectives at risk. |
Minimal Assurance |
Controls are generally weak or non-existent, leaving the system open to the risk of significant error or fraud. There is a high risk to the ability of the system/service to meet its objectives. |