|
Review Name |
Outline Objective |
|
Key Financial Systems (Oracle)
|
|
|
Note: For the following key financial systems, this is the first time that they will be subject to audit review in the Council’s new Enterprise Resource Planning (ERP) system, Oracle, which is due to go live in April 2025. |
|
|
Procure to Pay
|
To review the processes and controls relating to the procure to pay system within Oracle, including those in place for ordering, the creation and maintenance of vendor details, and the payment of invoices. |
|
Accounts Receivable
|
To review the processes and controls relating to the accounts receivable system, including those in place for ensuring the accuracy of customer details, completeness, accuracy and timeliness of invoicing, recording and matching payments to invoices, and debt recovery. |
|
HR Recruitment |
To review the processes and controls relating to the use of Oracle within the recruitment process. |
|
Revenue Budgetary Management |
To review the Council’s revenue budget management arrangements. |
|
General Ledger |
To review controls in relation to the Council’s general ledger, including in relation to year-end procedures, journal transfers, bank reconciliation and cash management. |
|
Treasury Management |
To assess the adequacy of controls and procedures across the Council’s treasury management arrangements, including in relation to cash flow forecasting, financial investments and use of treasury advisors. |
|
Children’s Services Liquidlogic (LCS) and Controcc Systems
|
A review to assess the adequacy of controls within the LCS (client information and case management system for Children) and Controcc (the social care payments and billing system), to provide assurance that payments are complete, accurate, timely and are only made to bona fide care providers where approved services have been provided to ESCC care clients. |
|
Adults Social Care and Health Liquidlogic (LAS) and Controcc Systems |
A review to assess the adequacy of controls within the LCS (client information and case management system for Adults) and Controcc (the social care payments and billing system), to provide assurance that payments are complete, accurate, timely and are only made to bona fide care providers where approved services have been provided to ESCC care clients. |
|
Key Financial Systems (SAP)
|
|
|
Note: Oracle Payroll is due to go-live in 2026. Pending this implementation, we will continue to undertake the annual review of Payroll in SAP, as follows: |
|
|
Payroll
|
To review compliance with key controls within the Payroll system within SAP, including controls in relation to pre-employment checks, starters, leavers, temporary and permanent variations of pay. |
|
East Sussex Pension Fund |
|
|
Governance Arrangements
|
This review will focus on the controls in place to ensure that Pension Fund roles and responsibilities are sufficiently well defined, documented and understood to ensure that the accountability and resilience of the Fund are maintained in the face of the loss of key personnel. |
|
Preparedness for Pooling Reforms |
A review to provide assurance that appropriate governance and controls are in place to manage the transition to new investment pooling arrangements in accordance with legislative requirements. |
|
Investments |
A review to assess the adequacy of controls over the Fund’s investments, including the safeguarding and performance of investments, the valuation of assets, compliance with investment regulations and receipt of investment income. |
|
The Administration of Benefit Payments |
To review controls to ensure that the right pension benefits are paid to the right people, at the right time. We will also test controls over transfers to and from the Pension Fund and the maintenance of the Fund’s data. |
|
Key Governance Arrangements |
|
|
Corporate Governance |
To review the adequacy of corporate governance arrangements within the Council, including assessing the extent to which previously identified governance improvement actions have been implemented. |
|
Strategic Risks/Projects |
|
|
Devolution/Local Government Reorganisation |
To provide support, advice and assurance to the Council on matters of risk, governance and control as the changing local government landscape under Devolution and Local Government Reorganisation starts to become clearer. |
|
Oracle Post Phase 1 and 2 Go-Live Activity |
This is in addition to the key financial systems above and will cover risk areas including system access and security, programme governance and risk management arrangements, and business continuity. |
|
Oracle Phase 3 – Payroll Implementation |
To assess the adequacy of control within the proposed business processes for Payroll, prior to its implementation in 2026. |
|
Implementation of Procurement Regulations 2024 |
A review of the effectiveness with which the new regulations have been implemented and embedded within Council rules and procedures, and how they are being complied with and monitored across the organisation. |
|
Other Areas |
|
|
Transport for the South-East – Governance Arrangements
|
Transport for the South-East is the sub-national transport body for the South-East of England. Its purpose is to determine what investment is needed to transform the region’s transport system and drive economic growth. The partnership is made up of 16 local authorities, representatives of district and borough authorities, protected landscapes and national deliver agencies. ESCC is the accountable body for the partnership and is responsible for the funding it holds. We will review the governance and financial management arrangements in place where there are both financial and reputational risks to the Council should these not be robust. |
|
Section 17 of the Children Act 1989 requires local authorities to safeguard and promote the welfare of children in need in their authority, and to promote the upbringing of such children by their families so far as is consistent with the duty. Requests for assistance may relate to one-off funding to support a specific need, or placements where it is not appropriate for the child to remain in the family home. We will review the arrangements in place for the application, approval, provision and revocation of Section 17 Payments. |
|
|
Deprivation of Liberty Safeguards (DoLS) |
Deprivation of Liberty Safeguards (DoLS), included in the Mental Capacity Act (2005), ensure individuals who cannot consent to their care arrangements in a care home are protected if those arrangements deprive them of their liberty. We will assess compliance with legislation and regulations in this area. |
|
Cultural Compliance Reviews |
To provide assurance over basic management controls within a sample of teams across the organisation, assessing compliance with key Council policies and procedures. |
|
School Audits |
|
|
Schools |
We will continue our audit coverage in schools which will involve a range of assurance work, including key controls testing in individual schools and follow-ups of previous audit work where appropriate. We will also work with our Orbis partners to provide information bulletins and guidance for schools on risk, governance and internal control matters. |
|
Add Your Own Device |
Councils are encouraging officers to use their personal devices to support their work, particularly mobile phones, in order to support savings targets. This audit will review the arrangements in place to ensure that risks from this approach, which could include an increase in data breaches, are appropriately managed. |
|
The Online Safety Act 2023 is a new set of laws that protect children and adults online. It puts a range of new duties on social media companies and search services, making them more responsible for their users’ safety on their platforms. Whilst the act primarily targets online platforms and services, it also has implications for local government in the UK. This audit will review the controls in place to help ensure the Council complies with the relevant elements of the Act. |
|
|
In order to maximise efficient ways of working, the Council is exploring Artificial Intelligence and other similar tools, including Co-Pilot. This audit will assess the controls in place to manage the risks associated with these tools, including that key decisions could be made based on information that is incorrect or inaccurate. |
|
|
General Data Protection Regulations Compliance (GDPR) - Covert Recording |
With mobile devices more readily available, the Council is seeing an increase in the use of 'covert recording' of conversations which contain personal or sensitive information. This audit will review the controls in place to manage the risks of data breaches and ensure that officers clearly understand their responsibilities with regard to covert recordings. |
|
Microsoft Tools Data Governance (including Power BI) |
The Council use a number of powerful tools to manage, manipulate and report on data from systems, with these tools also used to support the transfer of data from one system to another. This audit will review the arrangements in place to ensure that risks associated with data protection and accuracy are appropriately mitigated. |
|
IT Training |
With Councils more reliant on Information Technology and data than ever before, it is important that the workforce understands the risks associated with these. This audit will consider the IT Training available to staff to ensure it is fit for purpose for a modern workforce, focusing particularly on the suitability of training to raise awareness of cyber and information governance related risks. |
|
Shadow IT – Governance Arrangements |
Shadow IT services cover all computer systems and applications used by the Council which are outside the direct control of IT & Digital (IT&D). Where these services and applications are hosted outside of the Council's network infrastructure and IT&D provide limited or no technical support, the risks to the security and availability of the data held is greatly increased. This audit will evaluate the effectiveness of the internal control framework to ensure that key risks, including access control, data management (retention and deletion), system ownership, updates and business continuity arrangements are considered at the point of procurement. |
|
Follow-Up Reviews |
|
|
Mental Health Services – Compliance with Corporate and Local Procedures |
Follow-up reviews of the previous audits in these areas, all of which received partial assurance opinions. The work will assess the extent to which the agreed actions have been implemented as expected, in order that the control environment is strengthened within the area under review.
|
|
Home Care Contract Management |
|
|
External Funding |
|
|
Grant Certification |
|
|
Highways Maintenance Block Integrated Transport Funding |
To check and certify the grant in accordance with the requirements of the Department for Transport. |
|
Bus Services Operators Grant |
To check and certify the grant in accordance with the requirements of the Department for Transport. |
|
Supporting Families Programme
|
Certification of periodic grant claims returns in-year on behalf of Children’s Services to enable the release of funds from the Department for Levelling Up, Housing and Communities. |
|
Childcare Expansion Capital Grant |
To check and certify the grant in accordance with the requirement of the Department for Education. |
|
Multiply Grant |
To check and certify the grant in accordance with the requirement of the Department for Education. |
|
Review Name |
Outline Objective |
|
Action Tracking
|
Ongoing action tracking and reporting of agreed, high risk actions. |
|
Internal Audit and Fraud Management
|
Overall management of all audit and counter fraud activity, including work allocation, work scheduling and Orbis Audit Manager meetings. |
|
Audit Committee Reporting, Attendance and Other Member Support |
Production of periodic reports to management and Audit Committee covering results of all audit and anti-fraud activity. |
|
Client Service Liaison
|
Liaison with clients and departmental management teams throughout the year. |
|
Client Support and Advice
|
Ad hoc advice, guidance and support on risk, internal control and governance matters provided to clients and services throughout the year. |
|
Impact of Local Government Reorganisation on Orbis Internal Audit |
Capacity for the service to consider and manage the potential time implications of Local Government Reorganisation on internal audit and counter fraud services, in order to ensure these remain effective and fit for purpose. |
|
Orbis Internal Audit Developments
|
Internal Audit and counter fraud service developments, including quality improvement and ensuring compliance with Global Sector Internal Audit Standards. |
|
Organisational Management Support
|
Attendance and ongoing support to organisational management meetings, e.g. Financial Management Team (FMT), Statutory Officers Group (SOG). |
|
System Development and Administration |
Development and administration of Audit and Fraud Management systems.
|
|
Contingencies |
|
|
Anti-Fraud and Corruption
|
To cover the investigation of potential fraud and irregularity allegations as well as proactive counter fraud activities, including the National Fraud Initiative (NFI) data matching exercise. |
|
Emerging Risks
|
A contingency budget to allow work to be undertaken on new risks and issues identified by Orbis IA and/or referred by management during the year. |
|
Contingency
|
A contingency budget to allow for effective management of the annual programme of work as the year progresses. |
|
Other Potential Auditable Areas These are potential audits that could be drawn into the 2025/26 annual programme of work on a risk-basis should other audits be postponed or deferred, or should available contingency time allow for it. In the event that any of these reviews are not completed in 2025/26, they will be considered for inclusion in future year’s audit plans.
|
|
Microsites |
|
Property Services Programme Management |
|
IR35 Compliance |
|
Corporate Induction Arrangements |
|
Capital Budgetary Control |
|
Alternative Education Provision Commissioning |
|
Unaccompanied Asylum-Seeking Children |
|
ASCH Implementation of Savings |
|
Care Quality Commission Assessment Outcomes |
|
ASCH Care Assessments and Reviews |
|
Financial and Benefit Assessments |
|
Hospital Discharges |
|
Household Support Fund |
|
ASCH Budget Management |
|
Integrated Community Teams |
|
Highways Maintenance |
|
Local Enterprise Partnership Transition and Compliance |
|
Sussex Safer Roads Partnership |