Review Name |
Outline Objective |
Key Financial Systems |
|
Accounts Payable (Procure to Pay)
|
To review the processes and key controls relating to the procure to pay system, including those in place for ordering, the creation and maintenance of vendor details, and the payment of invoices. |
Accounts Receivable
|
To review the processes and key controls relating to the accounts receivable system, including those in place for ensuring the accuracy of customer details, completeness, accuracy and timeliness of invoicing, recording and matching payments to invoices, and debt recovery. |
Payroll
|
To review compliance with key controls within the payroll system, including controls in relation to pre-employment checks, starters, leavers, temporary and permanent variations of pay. |
Children’s Services Liquidlogic (LCS) and Controcc Systems
|
A review to assess the adequacy of controls within the LCS (client information and case management system for Children) and Controcc (the social care payments and billing system), to provide assurance that payments are complete, accurate, timely and are only made to bona fide care providers, where approved services have been provided to ESCC care clients. |
Direct Payments |
To examine the system of control associated with the administration, payment and monitoring of direct payments to adult social care clients. |
Financial and Benefit Assessments |
The Care Act 2014 provides Councils with the power to charge for care and support needs and requires them to undertake an assessment of an individual's financial resources to determine the amount they should pay towards these. We will review the controls in place for the financial and benefits assessment process (where new processes have recently been introduced) to ensure the correct calculation of contributions from care clients and that accurate payments are made. |
Capital Budgetary Control
|
To document and test the Council’s processes and key controls to ensure robust capital budgetary control is achieved. |
East Sussex Pension Fund |
|
Accounting Controls
|
This review will focus on the controls in place to ensure that funds have been correctly accounted for and are accurately reflected in the Council’s accounting system. |
Investments and Accounting |
A review to assess the adequacy of controls over the Fund’s investments, including the safeguarding and performance of investments, the valuation of assets, compliance with investment regulations and receipt of, and accounting for, investment income.
|
Compliance with Regulatory Requirements |
We shall review the arrangements in place to ensure that the fund complies with the requirements of the Pension Regulator. The aim will be to provide assurance that employers in the Scheme comply with their regulatory obligations and that the respective responsibilities of the Council, as Scheme Manager, and the Fund, are clearly segregated. |
The Administration of Benefit Payments |
We shall review controls over the payment of pension benefits, transfers to and from the Pension Fund (including the retention of appropriate evidence) and the maintenance of the Fund’s data. |
Key Governance Arrangements |
|
Corporate Governance |
To review the adequacy of corporate governance arrangements within the Council, including assessing the extent to which previously identified governance improvement actions have been implemented. |
Risk Management |
To assess the adequacy and effectiveness of arrangements in place to identify, assess and mitigate risk across the Council. |
Strategic Risks/Projects |
|
Transition of Local Enterprise Partnerships |
In 2023, government announced that the functions of LEPs should be integrated into upper tier local authorities, with effect from April 2024. As a result, the functions and responsibilities of the South-East Local Enterprise Partnership (SELEP) are transitioning to the Council. We will aim to provide assurance that the transition has taken place in accordance with government guidance and that the new arrangements are properly governed and controlled. |
Organisational Response to Financial Challenges |
With uncertainty over funding and increasing demand for services, the Council is faced with continuing financial pressures. As part of its response to this, Corporate Management Team (CMT) guidance in relation to spending behaviour is being developed and communicated to all staff, and we will seek evidence that this is being applied within teams to help mitigate some of these challenges. |
Implementation of IMPOWER Recommendations |
During 2023, IMPOWER supported the Council in identifying opportunities to reduce costs and improve outcomes relating to children and young people in care. We will assess the extent to which the recommended activity and intervention from this exercise has been taken forward. |
Supply Chain Cyber Security |
The Council relies on numerous suppliers to deliver products, systems and services that help us support our residents. Organisations are seeing that, rather than being targeted directly, there is an increasing trend in supply chains being targeted by cyber attackers to exploit vulnerabilities and obtain access to networks and/or system data via these indirect routes. This audit will review the approach to supplier management of key strategic or operationally critical contracts to assess the extent to which third party cyber resilience is monitored and assured as part of the core contract and supplier management responsibilities. |
Modernising Back Office Systems (MBOS) |
We will continue to provide independent advice, support and challenge on risk, control and governance issues in respect of this programme and will develop our assurance activities in agreement with the Board as the programme progresses. |
Cultural Compliance Reviews |
To provide assurance over basic management controls within a sample of teams across the organisation, assessing compliance with key Council policies and procedures. |
Other Known Areas of Risk |
|
Volunteers |
Volunteers have a key role to play in the delivery of Council services. We will look at the adequacy of arrangements in place over the management of volunteers and the extent to which these are being complied with across departments. |
Accountable Body Status |
In addition to being in various partnerships with other bodies and organisations, the Council also holds accountable body status for some of these, where it is responsible for overall governance and financial management. We will look to provide assurance that, where the Council has designated accountable body status, it is deploying its responsibilities in a sound manner. |
Home Care Contract – Contract Management |
The Home Care contract was recommissioned in 2023. We will undertake a contract management review which will include assessing the arrangements over governance, performance management, payment mechanisms and new processes. |
Transition of Young People into Adult Social Care |
Upon turning 18, an individual’s care needs will be provided by Adult Social Care instead of Children’s Services. This audit will examine the adequacy of joint working arrangements between the two departments to ensure the smooth transition of service users and compliance with statutory duties. We will also assess governance and financial monitoring arrangements. |
Unaccompanied Asylum-Seeking Children (UASC) are children and young people, under the age of 18, who arrive in the county without a parent or guardian. We will work with management to further assess the associated risks in this area and to identify and agree how best we can provide assurance that these are being appropriately managed. |
|
Alternative Education Provision Commissioning for Children |
Alternative provision is education arranged by local authorities for children who, because of exclusion, illness or other reasons, would not otherwise receive a suitable education. We will assess the arrangements for the commissioning of alternative provision for children, within appropriately regulated settings. |
Emergency Planning |
Emergency planning should aim, where possible, to prevent emergencies occurring, and when they do, good planning should reduce, control or mitigate the effects of the emergency. We will seek to provide assurance over the adequacy and effectiveness of the arrangements for emergency planning within the Council, including in relation to roles and responsibilities, the coordination of internal and external resources, emergency plans and testing. |
Procurement Regulatory Changes |
Major changes to procurement regulations are likely to include more stringent transparency requirements. These will need to be reflected in the Council’s own regulations, including Procurement and Contract Standing Orders. We will provide support and advice in relation to the updating of these. |
Waivers to Procurement and Contract Standing Orders |
The Council's Procurement and Contract Standing Orders set out how the Council authorises and manages spending and contracts with other organisations. In the event that the application of these orders prevents or inhibits the delivery or continuity of service, a waiver may be sought. We will assess the adequacy of arrangements in place in relation to the waiver process and seek to provide assurance that this is being used appropriately, where inappropriate use has both reputational and financial implications for the Council. |
School Audits |
|
Schools |
We will continue our audit coverage in schools which will involve a range of assurance work, including key controls testing in individual schools and follow-ups of previous audit work where appropriate. We will also work with our Orbis partners to provide information bulletins and guidance for schools on risk, governance and internal control matters. |
ICT Audit |
|
IT&D Project Management |
This audit will review the effectiveness of the control environment to ensure the overall delivery of major IT&D projects across the Council. As part of the scope, we will consider IT&D’s approach to project management, their prioritisation of projects and their delivery. |
Artificial Intelligence |
The future of artificial intelligence (AI) in local government is a topic of increasing importance, interest, opportunity and risk. As AI technology continues to advance and become more widely available, local authorities are exploring how it could be used to improve key services and support communities. This audit will review the framework by which AI is being applied within the Council and to ensure its implementation is in line with relevant policies that have been introduced. |
Mobile Phone Application Management |
This audit will review the effectiveness of the control environment to ensure the overall delivery and deployment of applications to mobile phones is managed appropriately. As part of the scope, we will consider application security, compliance with data protection legislation and risk management processes.
|
Microsoft Teams is a part of the Microsoft 365 series of products and is used for chat, video conferencing and collaboration, with file storage and sharing capabilities within individual Team sites. This audit will review the Council’s governance arrangements in relation to Microsoft Teams, including the creation and management of individual Team sites and the securing of Council data within the application. |
|
Surveillance Cameras |
This review will examine the effectiveness of the controls in place to meet the requirements of the Surveillance Camera Code of Practice. |
PAX – Application Control |
This application audit will review all major input, processing and output controls, including access controls and the interfaces with other systems, and to ensure appropriate system ownership and responsibilities are known. |
Follow-Up Reviews |
|
Appointeeship and Deputyship Process |
Follow-up reviews of the previous audits in these areas, all of which received partial assurance opinions. |
Ukraine Funding |
|
External Funding |
|
Supplier Failure |
|
Contract Management |
|
Techforge IT Application Controls |
|
Vehicle Use |
|
Grant Certification |
|
Local Transport Capital Block Funding |
To check and certify the grant in accordance with the requirements of the Department for Transport.
|
Bus Services Operators Grant |
To check and certify the grant in accordance with the requirements of the Department for Transport. |
Broadband Grant
|
To check and certify the grant in accordance with the requirements of the Department of Digital, Culture, Media and Sport. |
Contain Outbreak Management Fund
|
To check and certify that the funding is used in accordance with the requirements of the Department of Health and Social Care. |
Supporting Families Programme
|
Certification of periodic grant claims returns in-year on behalf of Children’s Services to enable the release of funds from the Department for Levelling Up, Housing and Communities. |
Review Name |
Outline Objective |
Action Tracking
|
Ongoing action tracking and reporting of agreed, high risk actions. |
Audit and Fraud Management
|
Overall management of all audit and counter fraud activity, including work allocation, work scheduling and Orbis Audit Manager meetings. |
Audit Committee Reporting, Attendance and Other Member Support |
Production of periodic reports to management and Audit Committee covering results of all audit and anti-fraud activity. |
Client Service Liaison
|
Liaison with clients and departmental management teams throughout the year. |
Client Support and Advice
|
Ad hoc advice, guidance and support on risk, internal control and governance matters provided to clients and services throughout the year. |
Orbis IA Developments
|
Audit and corporate fraud service developments, including quality improvement and ensuring compliance with Public Sector Internal Audit Standards. |
Organisational Management Support
|
Attendance and ongoing support to organisational management meetings, e.g. Financial Management Team (FMT), Statutory Officers Group (SOG). |
System Development and Administration |
Development and administration of Audit and Fraud Management systems. |
Contingencies |
|
Anti-Fraud and Corruption
|
To cover the investigation of potential fraud and irregularity allegations as well as proactive counter fraud activities, including the National Fraud Initiative (NFI) data matching exercise. |
Emerging Risks
|
A contingency budget to allow work to be undertaken on new risks and issues identified by Orbis IA and/or referred by management during the year. |
Contingency
|
A contingency budget to allow for effective management of the annual programme of work as the year progresses. |
Other Auditable Areas Identified During the Audit Planning Process Some of these reviews may be brought forward into the plan if there is additional capacity during the year. In addition, we will consider any emerging risks and prioritise audits accordingly.
|
Property Services Programme Management |
IR35 Compliance |
Access Synergy Application Audit |
Corporate Petty Cash Accounts |
Budget Management (ASCH) |
Hospital Discharges |
Carers Contract |
Independent Non-Maintained School Fee Increases |
New Attendance Duties |
Value for Money in Care Placements |
Foster Care |
Connected Families |
Holiday Activity and Food Programme |
Corporate Petty Cash Accounts |
Road Safety |
Registrars |