Annex B
1. Audits Completed in Q4 (December to March)
Pension Fund Financial Controls
East Sussex Pension Fund
1.1 The Council is the designated statutory administering authority of the East Sussex Pension Fund (“the Fund”). It has statutory responsibility to administer and manage the Fund in accordance with the Local Government Pension Scheme (LGPS) regulations and has delegated the management and responsibility of the Fund to the East Sussex Pension Committee, supported by the Pensions Board and Chief Finance Officer (S151 officer).
1.2 The Fund is responsible for managing assets for the long-term benefit of scheme members in accordance with statutory regulations and is a member of ACCESS, a collaboration of 11 LGPS administering authorities, which work together to reduce investment costs and gain economies of scale.
1.3 During quarter 4, we completed the following work in relation the Pension Fund, in accordance with the Pension Fund Internal Audit plan. Where we identified opportunities to strengthen controls, actions for improvement were agreed with management in all cases.
Pension Fund – Administration of Pension Benefits
1.4 The purpose of this audit was to provide assurance that:
· Data quality is sufficiently accurate to support transactions and reporting requirements;
· The calculation of pension benefit entitlements is accurate; and
· Delivery of the pension administration service complies with statutory and regulatory requirements.
1.5 We were able to provide an opinion of substantial assurance for this audit. We found that:
· Appropriate validation controls are in place to maintain the quality of data;
· Key activities are clearly documented in process maps that accurately reflect the processes being defined;
· Processes to ensure that the reporting of key performance indicators are robust; and
· All agreed actions identified in the previous audit had been implemented in full.
1.6 Only three low risk findings were found, and actions were agreed with management to address these.
Pension Fund – Financial Controls
1.7 The purpose of this audit was to provide assurance that controls are in place to meet the following objectives:
· All transactions are genuine and are processed promptly and accurately, in accordance with agreed policies and approval limits; and
· Pension Fund transactions are accurately reflected in the Fund’s accounts.
1.8 As a result of our work, we were able to provide an opinion of substantial assurance. We found that:
· Invoices are paid in accordance with the requirements of Financial Regulations and are subject to appropriate checks and authorisation before payments are made;
· Pension payroll related payments to third parties (e.g., HMRC) are made promptly and in accordance with the relevant requirements; and
· Appropriate reconciliation of control accounts, including payroll, creditors and debtors, takes place to ensure entries in the general ledger remain correct.
1.9 We only identified one low-risk area where controls could be strengthened, and a management action was agreed to address this.
Waivers to Procurement and Contract Standing Orders
1.10 The Council's Procurement and Contract Standing Orders (PCSOs) are the rules that everyone who works for or on behalf of the Council must follow when procuring goods, services or works. They set out how the Council authorises and manages expenditure and resulting commercial contracts with other organisations. The purpose of these is to ensure that, prior to any significant expenditure, there is proper consideration of whether there is a need to buy or if the need could be serviced internally, and that, when external expenditure is required, it is completed in a fair, open and transparent way, whilst delivering value and maximising public benefit. Anyone who buys on behalf of the Council is responsible for adhering to PCSOs.
1.11 A waiver is required for any proposed procurement or contractual action which is not in compliance with PCSOs. For example, a waiver may be sought where the application of these orders prevents or inhibits the delivery or continuity of service.
1.12 In this audit, we assessed the adequacy of arrangements in place in relation to the waiver process and sought to provide assurance that this is being used appropriately. In providing an audit opinion of substantial assurance, we found robust processes in place, including that:
· Waivers are authorised in line with PCSOs or by an appropriate delegate in accordance with the Council’s Scheme of Delegation;
· Waiver application forms are completed with support from the Procurement Team and contain sufficient information to allow for scrutiny. Appropriate considerations are made to other options, value for money, risks to the Council, and legal considerations to ensure they are only granted where appropriate;
· A Procurement Forward Plan is actively maintained and monitored allowing Procurement to have oversight of large contracts and to adequately prepare for procurement activities; and
· Appropriate guidance is available on the Procurement intranet page and within PCSOs.
1.13 No actions for improvement were identified as part of this review.
1.14 The Oracle Programme is the programme to replace the Council’s existing Enterprise Resource Planning (ERP) system, SAP, with Oracle. A phased go-live approach is being taken to the implementation, with phase 2 (Finance, Procurement and Recruitment) going live in April 2025, and phase 3 (HR/Payroll) scheduled for 2026. Phase 1 (Enterprise Performance Management) went live in October 2024.
1.15 Since the inception of the programme, we have provided ongoing support and advice in relation to the system implementation, including continuing attendance at Programme Board and through the delivery of assurance work in specific areas of focus. This continued in quarter 4, where we completed work in the following areas, as agreed with programme management:
· Key Financial Systems – Key Controls (Procure to Pay, Accounts Receivable/Cash Management, General Ledger, HR Recruitment);
· Testing Arrangements;
· Interfaces (Integrations) and Reconciliation;
· System Security and Administration;
· Data Cleansing and Migration; and
· Business Continuity Arrangements
1.16 Our work was based on a review of documentation where available and discussions with programme officers. Clearly, with an implementation of a system on this scale and complexity, it would not be possible for us to provide complete assurance that all controls are in place and that no issues would arise following go-live, particularly in view of the pace at which the programme progressed during the quarter. Whilst we communicated areas of potential control weaknesses to programme management which will need to be kept under review, based on the work that we were able to complete against the focus areas above, we did not identify anything which we believed should prevent the Board from agreeing to go-live with phase 2 of the programme. We will, as soon as it is practicable following go-live, complete full audits of each area of the system to provide more comprehensive assurance over the control environment.
1.17 Microsoft (MS) Teams is a part of the Microsoft 365 series of products and is used for chat, video conferencing and collaboration, with file storage and sharing capabilities within individual Team sites. The solution was introduced quickly as a solution for the Council during Covid to provide staff with the means to work and collaborate with their colleagues and clients, from any location, with the assistance of a Council-owned PC.
1.18 Microsoft Teams (MS Teams) is a part of the Microsoft 365 series of products and is used for chat, video conferencing and collaboration, with file storage and sharing capabilities within individual Teams sites. This software was quickly introduced as a solution for the Council during the pandemic to provide staff with the means to work and collaborate with their colleagues and clients from any location with the assistance of a Council-owned device.
1.19 The purpose of the audit was to provide assurance that controls were in place to meet the following objectives:
· MS Teams was set up according to documented Council policies and service objectives, with a clear definition of its intended purpose;
· There are established processes to review system configurations and actively monitor activity and new functionality within MS Teams to ensure compliance with relevant policies and regulations;
· Measures are in place to protect sensitive and confidential information within MS Teams,
· There is an effective training program and communication channel for staff regarding the use, security, and update of MS Teams; and
· Governance arrangements exist for individual Team’s creation, access, and permissions to protect data and ensure a swift response to cyber incidents.
1.20 Our audit confirmed that the expected controls were in place and operating effectively, and that the control environment was therefore suitably robust. Overall, we provided an opinion of substantial assurance, with no actions for improvement required.
IT Asset Records Management
1.21 IT Asset Records Management is the systematic process of acquiring, monitoring, maintaining, and documenting an organisation’s information technology (IT) assets throughout their lifecycle. This process is crucial for efficient IT asset management, compliance, cost control and security. It covers both tangible and non-tangible assets, inclusive of laptops, mobile devices, software licences and servers.
1.22 For the purposes of this review, we focussed on laptops and mobile devices, seeking to provide assurance that:
· The Council has a formal, documented asset management policy in place for recording assets;
· Roles and responsibilities for IT asset records management are known, with a clear understanding in relation to ownership of the process; and
· Adequate procedures are in place in relation to monitoring and safeguarding of Council assets.
1.23 In providing an opinion of reasonable assurance, we found that:
· There is a formal process in place for managing assets throughout their lifecycle; and
· Laptops are disabled where they have not been active for 90 days.
1.24 There were, however, some areas where controls could be strengthened, including the need to ensure that:
· Whilst there is a formal asset management process in place, associated roles and responsibilities of individuals are clearly defined;
· There is a process to ensure that all disabled laptops are retrieved so that they can be redistributed to staff;
· Where more than one laptop is assigned to an individual user, there are clear, documented reasons for this; and
· Access to laptop storage rooms is restricted to authorised personnel only.
1.25 Appropriate actions for improvement were agreed with management in relation to these areas.
Transition of Young People into Adult Social Care
1.26 The Transition Service provides a route, advice and support for some young people transitioning from Children’s Services (CS) into Adult Social Care (ASC) with complex needs. The Council has a statutory duty in accordance with the Care Act (2014) to assess an individual’s needs for care and support once turning 18.
1.27 There are three main ASC services in which young people transition into from CS:
· Learning Disabilities (LD);
· Neighbourhood Support Team (NST); and
· Mental Health
1.28 Within this review, we examined the adequacy of joint working arrangements between ASC and CS to ensure the smooth transition of individuals between the services, and compliance with statutory duties. We also assessed governance and financial monitoring arrangements.
1.29 Based on the work completed, we were able to provide an opinion of reasonable assurance in this area. We found that:
· Robust governance arrangements are in place to identify transition cases prior to a young person’s 18th birthday, which ensures that appropriate care is in place for their transition and supports long-term financial planning within ASC services. The individual is assessed to determine their care needs under the Care Act (2014), which are reviewed and approved at ASC panels;
· There is evidence of effective joint planning, communication, protocols and a clearly documented transitions pathway, with care planning being person-centred; and
· Good practice was identified in the recording and circulating of meeting minutes, ensuring staff have access to detailed information and up-to-date knowledge of cases awaiting allocation.
1.30 Some opportunities for improvement were, however, identified, including the need to ensure that:
· All transition cases follow the expected internal procedures, where we found that some assessments and support plans had not been completed prior to a young person’s transition to ASC;
· Transition cases from the Children and Adolescent Mental Health Service (CAMHS) are referred to the Preparing for Adulthood (PfA) Board so that they receive the same oversight as transition cases from other areas within CS; and
· High-cost transitions are notified to ASC Finance as early as possible so that this can be taken into account within the budget management process.
1.31 Improvement actions in respect of these areas were agreed with management.
Grant Certification
Supporting Families Grant Certification
1.32 The Supporting Families (SF) programme has been running in East Sussex since January 2015 and is an extension of the original Troubled Families scheme that began in 2012/13. The programme is intended to support families who experience problems in certain areas, with funding for the local authority received from the Ministry of Housing, Communities and Local Government (MHCLG), based on the level of engagement and evidence of appropriate progress and improvement.
1.33 Children’s Services submit periodic claims to the MHCLG to claim grant funding under its ‘payment by results’ scheme. The MHCLG requires Internal Audit to verify 10% of claims (capped at 20) prior to the Local Authority’s submission of its claim. We therefore reviewed 20 of the 282 families included in the January to March 2025 grant cohort.
1.34 In completing this work, we found that valid ‘payment by results’ (PbR) claims had been made and outcome plans had been achieved and evidenced. All the families in the sample of claims reviewed had, firstly, met the criteria to be eligible for the SF programme, and had achieved significant and sustained progress. We therefore concluded that the conditions attached to the SF grant determination programme had been complied with.
2. Counter Fraud and Investigation Activities
2.1 The team continue to monitor intel alerts and share information with relevant services when appropriate.
2.2 In addition, the team continue to review matches released as part of the National Fraud Initiative. High risk matches will be prioritised for investigation and support provided to services reviewing the reports.
Summary of Completed Investigations
Financial Abuse
2.3 Internal Audit provided support to a management investigation by undertaking targeted searches on the Outlook account of an employee, who was the focus of an adult social care financial safeguarding review, unrelated to the employee’s work role within the Council.