final internal audit report corporate governance

This report is not for reproduction publication or disclosure by any means to unauthorised persons.

FINAL

Internal Audit

Report

Corporate

Governance Document Details:

Reference: 2.24 2014/15

Date: 19 March 2015

Internal Audit Report – Corporate Governance

2

www.worcestershire.gov.uk

Executive Summary 1.

1.1 Introduction

As part of the 2014/15 Internal Audit Plan an audit of the Corporate Governance was carried out with the points of focus being:

The overall Governance and Assurance arrangements in place; The processes and procedures for compiling the Annual Governance Statement

(AGS); and A comparison of the Council’s AGS against best practice

1.2 Background

Over the past few years Worcestershire County Council, like many other public authorities, has faced significant financial challenges. In response to these challenges the county council will see it changing from one largely of service delivery to one with an emphasis on commissioning, leading regeneration, growth and jobs, while still maintaining statutory responsibilities and focusing on the things people have said are important to them, including those about looking after vulnerable adults and children.

To support this period of change effectively, the Council requires strong corporate governance and assurance arrangements.

In accordance with the requirements of the CIPFA/SOLACE Delivering Good Governance in Local Government Framework, the annual governance statement should provide a brief communication regarding the review of governance that has taken place and the role of the governance structures involved. It should be high level, strategic and written in an open and readable style. It should be focused on outcomes and value for money.

1.3 Objectives and Scope of the Audit The following control objectives were reviewed as part of the audit: CO1: We conducted a high level review of the overall Governance and Assurance arrangements in place for Worcestershire County Council; CO2: We reviewed whether Worcestershire County Council's processes and procedures for compiling the Annual Governance Statement (AGS) are robust; CO3: We determined how Worcestershire County Council's process for compiling the AGS compares against best practice.

http://www.worcestershire.gov.uk/


3


1.4 Overall Opinion

1.4.1 The overall audit opinion for the review is Significant Assurance – the definition of which is set out in the table below:

Governance and Assurance arrangements

1.4.2 Particular areas of good practice noted were the use of a Balanced Scorecard which can be found on the Council’s website and a risk management process underpinned by a risk management policy statement and strategy (N.B. we did not test the operating effectiveness of the risk management process as this objective forms the basis of a separate review).

1.4.3 The Council does not currently have a document which clearly sets out its ‘Governance and Assurance Framework’ (the ‘Framework’). Through interviews with staff and a desktop review of policies, procedures and other key documents we have mapped out the Framework. This map is included at Appendix 1.

1.4.4 One improvement that would enhance the Framework is documentation of the Council’s governance and assurance arrangements which ensure adequate oversight of its partnerships and commissioning arrangements. As the Council begins to commission more of its services, contract governance will become pivotal to the Framework.

AGS compilation process

1.4.5 No issues were noted with regards to compliance with the AGS requirements set out in ‘Delivering Good Governance in Local Government: a Framework’ published by CIPFA/SOLACE in June 2007.

1.4.6 Our testing of the assurance statements used to collect information on the operation of controls and risk management across the directorates identified

Overall Audit Opinion

Full assurance Full assurance that the system of internal control meets the organisation’s objectives and controls are consistently applied.

Significant assurance

Significant assurance that there is a generally sound system of control designed to meet the organisation’s objectives. However, some weaknesses in the design or inconsistent application of controls put the achievement of some objectives at some risk.

Limited assurance

Limited assurance as weaknesses in the design or inconsistent application of controls put the achievement of the organisation’s objectives at risk in some of the areas reviewed.

No assurance No assurance can be given on the system of internal control as weaknesses in the design and/or operation of key control could result or have resulted in failure(s) to achieve the organisation’s objectives in the area(s) reviewed.



4


some inconsistencies in the templates used.

1.4.7 The Council does not currently have a document which clearly sets out its AGS compilation process. Through interviews with staff and a desktop review of policies, procedures and other key documents we have mapped out the process. This map is included at Appendix 2.

AGS – best practice

1.4.8 A benchmarking review of the content and compilation process of the Council’s 13/14 AGS was carried out against six other 13/14 AGS.’ This review identified the following areas of best practice that could enhance the Council’s AGS in the future:

identify and provide commentary on key governance issues/challenges facing the Council, for example reporting on the issues highlighted within limited assurance internal audit reports and the actions taken to address these

collate and provide information on the Council’s culture and values;

include a discussion of how CIPFA’s key principles of good governance are embedded into the Council’s governance and assurance framework;

provide the reader with information on how the AGS was compiled;

provide hyperlinks to information referred to within the AGS e.g. link to the Constitution; and

provide explanatory or supplemental diagrams, graphs and/or other pictorial information to aid the reader’s understanding.

Summary of Conclusions

1.1. The conclusion for each control objective evaluated as part of this audit was as follows:

Control Objective Assurance

Full Substantial Moderate Limited

CO1: To conduct a high level review of the overall Governance and Assurance arrangements in place for Worcestershire County Council

CO2: To confirm that Worcestershire County Council's processes and procedures for compiling the Annual Governance Statement (AGS) are robust

CO3: To determine how Worcestershire County Council's process for compiling the AGS compares against best practice



5


1.2. The recommendations arising from the review are ranked according to their level of priority as detailed at the end of the report within the detailed audit findings. Recommendations are also colour coded according to their level of priority with the highest priorities highlighted in red, medium priorities in amber and lower priorities in green. In addition, the detailed audit findings include columns for the management response, the responsible officer and the time scale for implementation of all agreed recommendations.

1.3. Where high recommendations are made within this report it would be expected that they should be implemented within three months from the date of the report to ensure that the major areas of risk have either been resolved or that mitigating controls have been put in place and that medium and low recommendations will be implemented within six and nine months respectively.

Limitations Regarding The Scope of The Audit 2.

The following areas did not form part of this audit:

This review was not a full controls audit of corporate governance and the scope of our work was limited to the areas identified in the Terms of Reference.

This review did not include a review of Risk Management which is subject to a separate review.

Acknowledgements 3.

Audit would like to thank all involved for their assistance during this review



6




7


Detailed Audit Findings 4.

Ref. Priority Findings Risk Arising/ Consequence

Recommendation Management Response Responsibility and Timescale

Recommendation Implemented

(Officer & Date)

CO1: To conduct a high level review of the overall Governance and Assurance arrangements in place for Worcestershire County Council 1 Medium Governance of partnerships

and commissioning arrangements There is a lack of process documentation setting out the Council’s governance and assurance arrangements which ensure adequate oversight of its partnerships and commissioning arrangements. .

As the Council begins to commission more of its services, contract governance will become increasingly important to its Governance and Assurance Framework. Without clear contract governance and monitoring arrangements in place, there is an increased risk of poor contract performance potentially impacting on service outcomes as well as failed partnerships.

Document and communicate a Council wide approach to governing partnerships and commissioning arrangements.

This will be developed over the summer 2015 taking into account advice from the Director of Commercial and Change

Senior Finance Manager 30/09/15

2 Medium Clarity of Governance and Assurance Framework: The Council does not currently have a single document which clearly sets out its ‘Governance and Assurance Framework’ (the

Lack of clarity over arrangements which makes it difficult to identify where there are potential gaps and/or weaknesses in the framework

Develop a Governance and Assurance Framework (and associated process notes). The map contained in Appendix 1 could be used as a starting point.

This will be developed over the summer 2015 taking into account advice from the Director of Commercial and Change




8





(Officer & Date)

‘Framework’).

3 Low Documentation Review:

It was noted that the

Constitution which forms part

of the Governance and

Assurance Framework was

last reviewed in November

2013.

The Annual Governance Statement references the Constitution. If the Constitution is not kept up to date, this could lead to inaccurate references being made in the Annual Governance Statement.

The Constitution should be reviewed before the end of 2014/15. All key governance documents including policies and procedures should be subject to review on at least an annual basis.

The Council's constitution is regularly reviewed by the Head of Legal and Democratic Services. The next revision is planned to be considered at May 2015 Full Council meeting and will be released immediately afterwards

Head of Legal and Democratic Services To be completed and considered at the next Full Council meeting in May 2015

CO2: To confirm that Worcestershire County Council's processes and procedures for compiling the Annual Governance Statement (AGS) are robust 4 Medium Reporting of significant

issues within the AGS

In 1 out of the 4 assurance

statements sampled

(2013/14 statements) four

‘significant risk and control

issues’ were noted by the

Director however they did not

feature in the Annual

Governance Statement.

Upon discussion with the

Chief Financial Officer we

understood that the reported

issues had been re-assessed

in the context of the Council

Reduced transparency of significant issues identified at a directorate level.

When significant issues reported within the assurance statements are not included within the Annual Governance Statement (AGS) the reasons for the exclusion should be documented and signed off by the Chief Executive and Leader of the Council prior to signing the AGS as well as the Audit and Governance Committee prior to approving the AGS.

The AGS templates will be updated to make it clearer the impact of potential significant issues and their mitigating strategies for the 14/15 assurance process.




9





(Officer & Date)

overall and it was concluded

that they did not require

reporting as significant

issues within the AGS.

This decision and who was

involved in making the

decision was not

documented or signed off by

the Audit Committee or Chief

Executive or Leader of the

Council.

5 Medium Clarity of AGS compilation process: The Council has not documented its AGS compilation process.

Lack of clarity over arrangements which makes it difficult to identify where there are potential gaps and/or weaknesses in the process.

Document and communicate the AGS compilation process. The map contained in Appendix 2 could be used as a starting point.

This will be developed over the summer 2015 making good use of the process map as developed during the audit fieldwork


6 Medium Standardisation of assurance statement templates

1 out of 4 assurance

statements sampled

(2013/14 statements) that

were intended for the

Director of Resources had

been assigned to the Chief

Executive and Leader of the

Council.

1 out of 4 of the statements

also referred to The

Inconsistencies in the operation of this key control within the AGS compilation process could lead to risks and/or significant issues being missed and not properly reported.

A standard template should be used for all assurance statements. Guidelines for completion of the assurance statements should be drafted and circulated. Quality checks should be performed by the recipient (in this case the Director of Resources) to ensure the

The AGS templates and guidance will be updated for the 14/15 assurance process. The S.151 role that was within the former role of Director of Resources is now replaced by the Chief Financial Officer




10





(Officer & Date)

Corporate Plan Refresh

13/17 as opposed to

Worcestershire Future Fit

Corporate Plan 2013-2017

which was referred to in the

other 2 statements.

In addition, the format of the

Summary of Effectiveness

appendix differed across all 4

statements.

statements are complete, addressed appropriately and adhere to the standard template.

CO3: To determine how Worcestershire County Council's process for compiling the AGS compares against best practice 7 Medium AGS Enhancements

The AGS process and what

is reported in the AGS is

considered compliant with

the basic requirements of the

‘Delivering Good

Governance in Local

Government: a Framework’.

This is supported by the

13/14 external audit report.

However, a benchmark

exercise looking at six AGS’

from the 2013/14 financial

year which are considered to

be good AGS examples

identified that there is scope

for the Council to collect and

report on additional

Looking at the direction of travel more broadly around UK Corporate Governance requirements for companies and most recently Foundation Trusts demonstrates that the requirements of what is reported in a governance statement are increasing. By implementing some of the best practice recommendations, the Council will be better placed to respond to any changing requirements in the future.

Suggested enhancements drawing on best practice include:

identify and provide commentary on key governance issues/challenges facing the Council, for example reporting on the issues highlighted within limited assurance internal audit reports and the actions taken to address these

collate and provide information on the Council’s culture and values;

include a discussion of how CIPFA’s key

Most of these improvements can be implemented for the 2014/15 AGS as practicable.




11





(Officer & Date)

information that would

enhance the reader’s

understanding of the

Council’s governance

framework and its

effectiveness.

principles of good governance are embedded into the Council’s governance and assurance framework;

provide the reader with information on how the AGS was compiled;

provide hyperlinks to information referred to within the AGS e.g. link to the Constitution; and

provide explanatory or supplemental diagrams, graphs and/or other pictorial information to aid the reader’s understanding.

Key to Priorities

High

This is essential to provide satisfactory control of serious risk(s)

Medium

This is important to provide satisfactory control of risk

Low

This will improve internal control

Limitations relating to the Internal Auditor's work



12


The matters raised in this report are limited to those that came to our attention, from the relevant sample selected, during the course of our audit and to the extent that every system is subject to inherent weaknesses such as human error or the deliberate circumvention of controls. Our assessment of the controls which are developed and maintained by management is also limited to the time of the audit work and cannot take account of future changes in the control environment.



13


Appendix 1: Governance and Assurance Framework



14




15


Appendix 2: AGS compilation process


final internal audit report corporate governance

Documents