“An increasing number of high risk and medium risk findings relate to the financial management practices in place at the Council, specifically those around income and expenditure monitoring. A failure of the control environment around financial management could significantly exacerbate the already extensive financial pressures on the Council and increases the risk of fraud. A significant internal fraud issue was identified at the Council during 2017/18; a criminal investigation is ongoing in relation to this matter but it highlights the risks that can crystallise if the lines of defence are not appropriately designed or operating as intended.”
(Source: The London Borough of Barnet, Annual Internal Audit Opinion, 2017/2018, http://barnet.moderngov.co.uk/documents/s47416/Appendix%20-%20Annual%20Internal%20Audit%20Opinion%202017-18.pdf )
Barnet UNISON notes the serious risks and issues detailed in “The London Borough of Barnet, Annual Internal Audit Opinion, 2017/2018.”
The Audit Committee meets on Tuesday 17 July, 2018, 7 pm at Hendon Town Hall, The Burroughs, London NW4 4BG
Barnet UNISON opinion.
The most shocking omission for the Audit Committee is the failure to provide the detailed review undertaken by Grant Thornton UK LLP (GT)
“1.17 The Council subsequently employed Grant Thornton UK LLP (GT) in January 2018 to undertake a detailed review to fully understand and document the fraud itself through a forensic review, identify the reasons that the alleged fraud could occur, including weaknesses in the control environment and to identify lessons learned. The Council engaged an external provider as this ensured that the circumstances around the alleged fraud were the subject of an independent review, as well as adding capacity.
1.18 The Grant Thornton report is attached at Appendix 1. It is currently in draft form to allow Capita a period of time to review and comment on its accuracy. As the report contains financial and business information about Re and Capita and Capita has not yet had an opportunity to provide comments on its contents, it is not in the public interest to publish it at this stage. This report and further reporting information from the Grant Thornton review will be finalised over the next few weeks and months and it is intended that these will be presented to Audit Committee and any other relevant Council committee in the Autumn 2018.”
(Report of Chief Executive, Audit Committee, 17 July 2018 http://barnet.moderngov.co.uk/documents/s47427/Report%20of%20the%20Chief%20Executive.pdf
On Thursday 19 July 2018 at the Policy and Resources Committee, Barnet Council is considering the future of the Capita contracts. The report produced by senior officers provides the councillors with three options. It recommends Option 2.
Review of Capita Contracts – Strategic Outline Case
http://barnet.moderngov.co.uk/documents/s47263/Capita%20Realignment.pdf
Barnet UNISON believes that informed decision making cannot be reached without the details of the Grant Thornton Review being made available to the members of Policy and Resources Committee and Barnet Council Taxpayers and residents.
There is a very real material risk that any decisions made without the publication of the Grant Thornton report could leave Barnet Council at risk of another Judicial Review.
Below are some extracts from a number of reports on the Agenda of the Audit Committee, 17 July, 2018.
The use of bold is our own, in order to help shine a light on the fundamental and systemic issues being raised at the Audit Committee.
1. The London Borough of Barnet, Annual Internal Audit Opinion, 2017/2018.”
“There has been a significant increase in the percentage of audit reports receiving an overall rating of “limited” (from 11% in 16/17 to 25% in 17/18), and a corresponding decrease in the percentage of audit reports receiving a “reasonable rating” (from 78% in 16/17 to 61% in 17/18). This represents a clear weakening of the control environment at the Council.”
“A number of planned key financial systems audits were removed from the audit plan to avoid confusion or duplication with the review of controls separately commissioned by the Chief Finance Officer in response to the significant fraud issue identified during the year.”
“As reported to the Policy and Resources Committee in June, the Council’s revenue outturn position for 2017/18 was £13.5m overspent. At quarter 3, the forecast position had been £6.6m overspent. The increase in overspend by quarter 4 was analysed in the Financial Monitoring Report outturn to Financial Performance and Contracts Committee in July.”
“Internal audits undertaken during the period, including audits of key financial systems, demonstrated a weakening of the financial control environment. This included a number of areas where evidence could not be provided to confirm that basic fraud prevention controls were operating including segregation of duties for transaction approvals and reconciliations, proactive review of areas with a high fraud risk due to value or known issues, and user access to the key financial system of Payroll.”
“During 2017/18 the Council has been dealing with a significant financial fraud issue. This matter came to light late in December 2017 and the Council responded immediately with the following actions: a criminal investigation commenced immediately by the Corporate Anti-Fraud Team (with relevant support where required from the Police); the suspect was suspended from work immediately and shortly after dismissed; and stringent additional emergency financial controls were immediately put in place to safeguard the council’s finances until a full review could be undertaken. An independent review of financial control and financial forensic analysis was commissioned and Grant Thornton were appointed to undertake this review.”
“Non-schools payroll – The payroll system access report was not regularly reviewed to ensure that access has only been granted to appropriate members of staff. Additionally, the overtime payments process was manual and as a result, payroll staff were not able to access details of the manager who approved an individual’s overtime payment, increasing the risk of payroll processing invalid or fraudulent payments.”
“Pensions Administration – Contract monitoring meetings held to monitor the pension administration section of the CSG contract were not formally recorded by the Council and employer targets for the scheme administration strategy are not monitored. There was no scheme communication strategy or agreed fund administration strategy in place during the period under review.”
“Staff Performance Reviews – There is no super-user access to the Core HR system or central ability within HR to go into staff records to look at the quality and content of appraisal documentation. This may mean that there was not sufficiently detailed central oversight to be able to ensure that the performance review process was fairly applied across all service areas and staff groups. There was no secondary review process to challenge any missing or insufficient information within moderation panel forms, so the process relied on the HR business partner to assure the completeness and quality of these forms. Based on the audit work carried out, this was not happening consistently.”
“Water Safety – A lack of formal training for premises coordinators around legionella testing was noted.”
“Transformation – The Way We Work – While a benefits tracker is in place which clearly outlines the key benefits of the programme, there was not yet a breakdown of key milestones for each benefit, benefits monitoring was not yet taking place at a project level, and not all benefits had clear links between benefit description, baseline, measurement method and target. The review date within the assumptions log had not been filled in for the Office 365 project, and as such there was no evidence that these assumptions had been reviewed since they were first identified. Only five changes were recorded in the change log for the programme. Given the complexity and size of TW3 and the many known changes since the programme’s inception, this indicated that the change log is not being consistently used to record changes to the programme scope and budget and the agreement of these changes.”
“Staff Performance Reviews – An equalities analysis of performance rating distributions across different monitored protected characteristics was reported to the Strategic Commissioning Board (SCB) on 4 July 2017. However, this report did not effectively convey rating curves or allow the identification of variances between areas due to issues with chart layout and the quality of analysis. As a result, clear variances between service areas and variances around gender, religion and disability were not identified, investigated or reported on. This analysis also took place after the end of the moderation process, meaning that any variances could only be investigated retrospectively.”
“Issues were noted by internal audit with the extent to which statutory and internal deadlines for activity were met, increasing the Council’s potential liability for additional fees and charges, and legal sanctions and reducing the extent to which its own enforcement activity can be carried out. We noted issues with the performance of key employment checks including DBS and right to work checks, which could lead to fines, legal action and reputational damage. Key health and safety checks relating to water safety were not carried out in line with required statutory timescales. In a number of areas including some key financial systems, we noted that policies and procedures were not consistently in place or regularly updated. Policies and procedures are a basic pillar of a functioning control framework. Where they are missing or out of date, this indicates that the control environment has not been regularly reviewed and updated to mirror changes in local or statutory approaches to service delivery.”
“Eligibility to Work – Pre-Employment Checks (Non-Schools) – We noted several anomalies in the DBS data provided to us for review. In some cases HR were unclear as to whether the post required or did not require a DBS check or of the DBS level required. In other cases, no DBS certificate reference was held. As a result, it was not clear whether all staff have the required DBS clearance. CSG Management also confirmed that there were no central, consistent arrangements for logging or following up Home Office right to work (RTW) approvals approaching expiry because RTW data is not held on the Core HR system to support the necessary reporting. The Council can be fined £20,000 by the Home Office per illegal worker. Pre-employment checks, covering identity checks (proof of address), DBS checks, National Insurance checks, reference checks and qualification checks (generally the responsibility of the relevant Council manager) were not undertaken consistently.”
“Commercial Waste – achieving income target – Formal notices had not been provided to companies requiring them to use commercial waste sacks, meaning that it is difficult to undertake enforcement activity relating to non-compliance. We noted enforcement processes involving the issuing of fixed penalty notices (FPNs) where businesses were unable to provide their commercial trade waste agreement. However, intended enhancements to the enforcement process, involving the review and decision making of customer cases following the FPN enforcement process had not yet been fully introduced. Vehicle tracker monitoring and vehicle inspections were not carried out in accordance with the frequency laid out in procedure documents. Performance monitoring had not identified this issue.”
“Water Safety – Performance of water safety testing did not consistently happen in line with required timescales. In one instance annual water sampling testing was over five months overdue at the date of testing. Documentation was not consistently uploaded to Info Exchange to demonstrate that testing or remedial action had taken place.”
“Non-schools Payroll – Policies and procedures do not cover the overtime payments or processes and controls in place to manage system access.”
“While it looks like the 2017/18 outcomes are similar to 2015/16’s, if ratings were assigned on the 2015/16 basis, the number of “limited” reports in 2017/18 would increase to 12 (43% of rated reports), which represents a significant deterioration from 2015/16 in real terms.”
(Source: The London Borough of Barnet, Annual Internal Audit Opinion, 2017/2018, http://barnet.moderngov.co.uk/documents/s47416/Appendix%20-%20Annual%20Internal%20Audit%20Opinion%202017-18.pdf )
2. Report of Chief Executive, Audit Committee, 17 July 2018
“Financial Control and Risk of Fraud
1.11 A referral was received by the Corporate Anti Fraud Team (CAFT) in December 2017 alleging that a substantial amount of money had been paid into an account belonging to a member of Re staff. A criminal and financial investigation was immediately initiated by CAFT which subsequently identified that 62 allegedly fraudulent transactions, between July 2016 to December 2017, amounting to the total sum of £2,063,972.00, had been paid into various bank accounts controlled by the individual. The individual is no longer working for Re. The individual has been charged with two counts of fraud by abuse of position under the Fraud Act 2006. The case is currently listed for hearing in Harrow Crown Court. The sum has been repaid to the Council by Re and Capita has confirmed that it has underwritten this loss.
1.12 Following this discovery, the Council immediately took action to tighten financial controls and initiated an independent report into the wider financial control environment across the organisation.
1.15 The Council immediately put into place a new system of approving CHAPs payments. As these “on the day” payments are approved outside of Integra or any feeder systems that interface with the financial ledger, such as the Social Care system, approval for payments take place. The new systems went live during December. The system introduced six stringent effective new controls.
1.16 A dual authorisation process was also introduced for the release of payments from Bankline, the application through which CHAPs payments are made, so that in additional to a CSG employee, a Barnet Council employee must sign off each payment release in the system.
1.17 The Council subsequently employed Grant Thornton UK LLP (GT) in January 2018 to undertake a detailed review to fully understand and document the fraud itself through a forensic review, identify the reasons that the alleged fraud could occur, including weaknesses in the control environment and to identify lessons learned. The Council engaged an external provider as this ensured that the circumstances around the alleged fraud were the subject of an independent review, as well as adding capacity.
1.18 The Grant Thornton report is attached at Appendix 1. It is currently in draft form to allow Capita a period of time to review and comment on its accuracy. As the report contains financial and business information about Re and Capita and Capita has not yet had an opportunity to provide comments on its contents, it is not in the public interest to publish it at this stage. This report and further reporting information from the Grant Thornton review will be finalised over the next few weeks and months and it is intended that these will be presented to Audit Committee and any other relevant Council committee in the Autumn 2018.
1.19 The Internal Audit programme has been focused on internal financial controls for 2018/19. This will ensure that sufficient scrutiny and external challenge is applied to the robustness of the control environment.
OUTCOME: A tightened financial control environment and reasonable or substantial assurance on internal financial control audit reports throughout 2018/19.”
“1.34 A review of the Council’s senior management structure has been initiated and will come to Committee in the autumn. This will take into account the proposed changes to the Capita contracts and address matters in respect of roles, responsibilities and accountabilities which are highlighted in the Annual Governance Statement and Head of Internal Audit Opinion.
1.35 It is important that senior management roles and accountabilities are regularly controlled and this review will need to take into account the changes that are being proposed in the Policy and Resources Committee report on the Council’s contracts with Capita.
1.36 This review will come to Constitution and General Purposes Committee in October 2018 and will be implemented by April 2019.
OUTCOME: A new senior management structure in place for 2019.”
(Source: Report of Chief Executive, Audit Committee, 17 July 2018 http://barnet.moderngov.co.uk/documents/s47427/Report%20of%20the%20Chief%20Executive.pdf )
3. Appendix 1 Corporate Anti-Fraud Team (CAFT), Progress Report: 1 April – 30 June 2018
“4. Noteworthy investigation summaries: –
Corporate Fraud
Case 1 – Case 1 – relates to Financial Proceeds of Crime Case and a significant fraud by a member of staff working for Re (Regional Enterprise Ltd), who was also previously employed by the council. A referral was received by CAFT in December 2017 alleging that a substantial amount of money had been paid into an account belonging to a member of Re staff. A criminal and financial Investigation was immediately initiated by CAFT which subsequently identified that 62 allegedly fraudulent transactions, between the dates July 2016 to December 2017 and amounting to the total sum of £2,063,972.00 had been paid into various bank accounts controlled by the individual. The individual is no longer working for Re.
The individual was summonsed to appear before Willesden Magistrates court on the 3rd July 2018, on two charges of Fraud by Abuse of Position, contrary to the Section 4 of the Fraud Act 2006. The individual gave no indication of plea and the matter was referred to Harrow Crown Court for a Plea and Trial Preparation Hearing on 31st July 2018. Further details including the outcome of this case will be reported once the criminal proceedings have been concluded.”
(Source: Appendix 1 Corporate Anti-Fraud Team (CAFT), Progress Report: 1 April – 30 June 2018)
http://barnet.moderngov.co.uk/documents/s47418/Appendix%201%20-%20CAFT%20Q1%20Progress%20Report%201st%20April%2030st%20June%202018.pdf