Customer Support Group (CSG) Invoicing and Monitoring Arrangements. April 2016

Similar documents
Contract Management Final Report March 2016

Parking Permit Administration June 2016

Client Affairs December 2015

Internal Audit and Corporate Anti-Fraud (CAFT) Disabled Blue Badges. July 2014

Internal Audit Report

The Care Act LGA Stocktake Submissions. March 2015

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

Internal Audit Report

London Borough of Barnet. Internal Audit Annual Opinion 2015/16

Internal Audit Charter

Grant Thornton s annual report on the HCPC s governance, risk management and internal control systems is attached.

Cairngorms National Park Authority

Internal Audit Charter

The Annual Audit Letter for Devon Partnership NHS Trust

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

Loch Lomond and The Trossachs National Park Authority. Key Controls Report

Loch Lomond and The Trossachs. National Park Authority. Review of Internal Controls 2015/16. Prepared for Loch Lomond and The Trossachs.

Glasgow Caledonian University Internal Audit Annual Report for the year ended 31 July 2008

AGH SOLUTIONS LIMITED GOVERNANCE FRAMEWORK

Skills Team Supply-Chain Fees and Charges Policy

The University s responsibilities and its arrangements for internal audit Internal audit protocol 2012/13

Loch Lomond & The Trossachs National Park Authority. Annual internal audit report Year ended 31 March 2015

ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY

Gloucestershire Hospitals NHS Foundation Trust

The LSB s Information for Practitioners. The Standards of Lending Practice for business customers Asset Finance. Governance and oversight

Three Year Audit Programme and 2012/13 Audit Plan

Internal Audit Report

Procurement & Probity Policy (v3.0)

Internal Audit Charter

Annual Audit Letter. South Central Ambulance Service NHS Trust Audit 2008/09 September 2009

AUDIT COMMITTEE ANNUAL REPORT TO TRUST BOARD 2012/13

City College Plymouth

Audit Committee, 20 March Internal Audit Report Stakeholder Communications. Executive summary and recommendations.

LLOYDS BANKING GROUP REMUNERATION COMMITTEE TERMS OF REFERENCE (LLOYDS BANKING GROUP PLC)

Role Profile. Role Details. Grade 4 Business unit. Date produced or updated March 2017

Final Assurance Plan. Annual Performance Reporting

Annual Audit Letter. Sheffield Teaching Hospitals NHS Foundation Trust. Year ending 31 March 2018

Interims, Specialists and Consultants City of York Council Internal Audit Report 2015/16

ANNUAL GOVERNANCE STATEMENT 2016/17 AUDIT AND RISK COMMITTEE. 28 March Report by Chief Executive

Annual Audit Letter. The Whittington Hospital NHS Trust Audit

BOARD OF DIRECTORS TERMS OF REFERENCE OF SUB-COMMITTEES

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

INTERNAL AUDIT WORK 2016/17 TO MARCH 2017 AUDIT AND RISK COMMITTEE. Report by Chief Officer Audit and Risk. 28 March 2017

GOVERNANCE HANDBOOK COMMUNITY REHABILITATION COMPANIES PUBLIC SECTOR OWNERSHIP MAY May

AUDIT COMMITTEES. Fulfilling annual reporting requirements

Supply Chain Specialist

PRIVY COUNCIL OFFICE. Audit of PCO s Accounts Payable Function. Final Report

Roles and Responsibilities

THE ARCG CHARTER. Issued in March 2008

Libor. the risk lesson

5. Effective controls and risk management

Following up recommendations/management actions

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

Meeting Date 15 March 2018 Agenda Item 2b

RISK STATEMENT & ASSURANCE PLAN. Statement of risks, strengths and weaknesses and draft assurance plans for 2015/16. For consultation.

RISK MANAGEMENT STRATEGY

Audit Committee Annual Report. Director of Corporate Governance. Stage 1 only (no negative impacts identified)

Audit & Risk Committee Charter

INTERNAL AUDIT CHARTER

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

Internal Audit Report Payroll Follow Up. Page 5. Date: June 2018

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 210

FAMILY ASSURANCE FRIENDLY SOCIETY LIMITED THE AUDIT SUB-COMMITTEE TERMS OF REFERENCE. (as adopted by the Society s Board of Directors on 15/11/2018)

This report summarises the work completed by the Internal Audit Section since March 2017.

Risk Management Policy and Framework

Internal Audit Report Review of Controls Operating over Accounts Payable. Issued: 21 February 2018 Final Report

Risk Management and Assurance Strategy

1. INTERNAL AUDIT CHARTER (PDF)

SCHEME OF DELEGATION

Audit and Risk Committee Charter

Agreeing the Terms of Audit Engagements

AUSTRALIAN ENERGY MARKET OPERATOR INDEPENDENT ASSURANCE REPORT ON AEMO S COMPLIANCE WITH THE GAS SERVICES INFORMATION RULES AND GSI PROCEDURES

UNITY TRUST BANK PLC ( the Bank ) AUDIT AND RISK COMMITTEE. Terms of Reference

19 th July Review of Capita Contracts Strategic Outline Case

Internal Audit. Consultants Job Planning. February 2018

Terms of Reference for Mind Committees

Internal Audit Charter

Sub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx

ADES International Holding Ltd (the Company )

Procurement Strategy and Action Plan. Financial Year

COATS GROUP PLC (the "Company") TERMS OF REFERENCE FOR THE AUDIT & RISK COMMITTEE Adopted by the Board on 28 July 2017

Building trust and confidence in our reporting Data Assurance Summary 2017/18

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Management Practices Audit of the Treaties and Aboriginal Government Sector

ASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.

Lead Employer Flexible Working Policy. Trust Policy

Lexis PSL Commercial. Transition in outsourcing

Corporate Governance Statement

Business Case and Proposal

Internal Audit of Compensation and Benefits

Audit Report. Audit of Contracting and Procurement Activities

Auditing corporate governance

MEETING GENERAL FUNCTIONS COMMITTEE DATE AND TIME WEDNESDAY 3RD MAY, 2017 AT 6.00 PM VENUE HENDON TOWN HALL, THE BURROUGHS, LONDON NW4 4BG

MANAGING RISK AT SUNCORP

IAASB Main Agenda (December 2004) Page Agenda Item

Risk Oversight Committee - Terms of Reference

Appendix 1 Detailed Internal Audit Strategic Planning Process

Guidance Note on the College Internal Audit Service

Internal Audit. Audit of Procurement and Contracting

ANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016

Corporate Risk Register Q2

Transcription:

Internal Audit Customer Support Group (CSG) Invoicing and Monitoring Arrangements April 2016 Distributed to: Chief Operating Officer Commercial Director Director of Resources Head of Finance Partnership Manager Commercial Manager None Limited Satisfactory Substantial Audit Opinion 1

1. Executive Summary Introduction As part of the 2015/16 Internal Audit Plan, agreed by the Audit Committee in April 2015, we have undertaken a review of the invoicing arrangements for the Customer Support Group contract between the Council and Capita. Background & Context The Council has a contract for their back office services with Capita, via the Customer Support Group ( CSG ). The contract covers a number of different areas: Finance, IT, HR, Estates, Revenues & Benefits, Procurement, Corporate Programmes, Customer Services and Health & Safety. There are three separate arrangements for the approval of costs and processing of invoices received from Capita, dependent on the nature of the service provided. These are outlined below: Management fee this includes salaries and the operational cost of outsourcing of all services outlined in the contract. The costs are based on a financial model which was agreed by both parties when the contract was signed. Gain share agreements the contract between the Council and Capita includes specific gain share arrangements where Capita are entitled to a share of any savings they can demonstrate have been negotiated on behalf of the Council. In addition, there are several income targets set by the Council where Capita become eligible for financial reward if it can be demonstrated that they have met these targets. All gain share and income targets should be authorised by senior management at the Council before further action is taken to commence the procurement process. Projects and programmes these costs relate to specific projects and programmes delivered by Capita on behalf of the Council. The responsibility for the approval and monitoring of the specific programmes lies with the Delivery Unit in question and the Council s Project Management Office. The Council is invoiced for specific projects and programmes when key delivery milestones are reached. The processing of all three categories of invoice is performed by teams in the Commissioning Group at the Council. Corporate objectives and risks The audit supports all four of the strategic objectives in the Corporate Plan 2015 2020: The Council, working with local, regional and national partners, will strive to ensure that Barnet is a place: 1. of opportunity, where people can further their quality of life; 2. where people are helped to help themselves, recognising that prevention is better than cure; 3. where responsibility is shared, fairly; and 1

4. where services are delivered efficiently to get value for money for the taxpayer. Areas of Good Practice We reviewed the financial model on which the management fee is based. We selected a sample of two monthly management fee invoices and these were agreed to the payment schedule in the model. We reviewed the quarterly Key Performance Indicator ( KPI ) report for Q1 2015/16 and all underperforming KPIs were agreed to the quarterly service credit list. These represent a reduction in the cost of service for the Council. No issues were noted with the authorisation of a sample of invoices for Special Projects or invoices for gain share agreements. Key Findings (informing the Audit opinion) This audit has identified two priority 2 recommendations. We identified the following issues as part of the audit: Role of the Senior Responsible Officers - There are eight Senior Responsible Officers ( SRO s) in post within the Council who act as a liaison officer between the Commissioning Group and the relevant Department within Capita CSG, and are integral to the Council s second line of defence (oversight functions). They are the key officers responsible for the performance management of Capita. The basic remit of each of the SRO s is documented in the contract management handbook but in practice is wider than documented. It was noted that not all SRO s have an allocated deputy and the roles and responsibilities of contract managers and SRO s in the contract management handbook are not aligned to each other. This lack of clarity as to the remit of these two roles may result in Capita activities not being subject to sufficient and appropriate scrutiny or there may be a lack of alignment between the services the Council expect to be provided and the actual delivery. (Finding 2.1, priority two). Annual review of performance measures - There are ten Super Key Performance Indicators, 31 Key Performance Indicators and 91 Performance Indicators outlined in the contract which are monitored on a monthly basis. These reports are scrutinised by the monthly Partnership Operations Board and the quarterly Strategic Partnership Board. It was noted that for a number of performance measures, including Super Key Performance Indicators, an actual figure was not included in the report for quarter one of 2015/16. In these cases, the report stated that the performance measure was being baselined. This is due to be completed as part of the annual review in March 2016. (Finding 2.2, priority two). Other observations from our review 2

As part of our testing we identified an issue which was outside the scope of this specific review. We have reported this in Appendix A for management consideration. The issue is summarised below: Contract monitoring - assurance activities in line with good practice, the Council should have a formal assurance framework in place to monitor the performance of Capita in the delivery of contractual obligations. The Commercial team within the Council have documented the first, second and third lines of defence in place to provide the Council with assurance over Capita activity. This was produced by the Commercial team to summarise the core contract and performance management arrangements in place. Although this is not a formal document, there is no other published assurance framework document. A formal assurance framework document would be expected to reflect the following: 1st Line Business Operations Ensuring there is an established risk and control environment in place within each of the core processes operated by Capita. 2nd Line Oversight functions Oversight functions such as strategic management, performance management and functional oversight. 3rd Line Independent Assurance Internal audit, external audit, and other sources of assurance that provide independent challenge on the control framework. We acknowledge that the CSG contract is managed by the Council using a model where Capita are monitored on their performance against outcomes rather than how procedures are operated to mitigate the key risks to the Council. However, review of the summary of assurances noted that second line activities currently recorded in the summary document, for example the CSG Strategic Partnership Board and Performance meetings with the Senior Responsible Officers, were recorded within the first line section of the document. It would be expected that a robust first line of defence would be proactive, identifying non-compliance with contract obligations at the time of the issue. There is significant reliance on Internal Audit to provide assurance over the operation of processes and controls in place within Capita. This is a retrospective review and would only identify issues after they had arisen, often significantly after the initial instance of non-compliance. Limitation of scope This review focused on the contract management arrangements over CSG by the Council, specifically the controls in place to mitigate the risks listed in the terms of reference dated 7 August 2015. The review was limited to the invoices received from CSG and did not include invoices from Re. 3

The review of the payment arrangements did not include an assessment of whether CSG provides value for money for the Council. This work did not include a review of any processes and controls operating within CSG. Area of Scope Adequacy of Controls Effectiveness of Controls Number of Recommendations Raised Priority 1 Priority 2 Priority 3 Contract Governance Contract Monitoring 2 Invoicing and supplier payment Acknowledgement We would like to thank the Commercial team within the Council and the delivery units for their time and co-operation during the course of the Internal Audit. 4

2.1 Role of the Senior Responsible Officers P Detailed finding Risk Recommendation 2 There are eight Senior Responsible Officers ( SRO s) in post within the Council. Each function within the CSG contract has an assigned SRO who acts as a liaison officer between the Commissioning Group and the relevant Department within Capita. There is a contractual requirement outlined in Schedule 13 to ensure that there is a defined reporting line for the identification and escalation of performance issues. In order to address this requirement, SROs are the key officers responsible for the escalation of contract performance issues. The basic remit of each of the SRO s is documented in the contract management handbook but in practice is wider than documented. It was noted that not all SRO s have an allocated deputy. Placing reliance on one individual may result in contingency issues when officers leave the Council either permanently or for extended periods. The contract management handbook also includes documented roles and responsibilities for assigned contract managers within the Commercial Team. However, there is no clear documented process of how the SRO and contract manager should work together. Insufficient resource available to monitor Capita activity may result in a lack of robust scrutiny by the Council. This may lead to issues not being identified and escalated promptly, impacting on the operational delivery of Council services. Recommendation 1 a) Management should review the roles and responsibilities of those officers assigned to coordinate the contract management activities. This should include ensuring the roles and responsibilities of SRO s and contract managers do not duplicate or contain gaps. b) Management should review the resources and capacity available at the Council to monitor Capita activities and ensure that the current capacity is targeted at the key delivery risks. This should include sufficient and appropriate contingency and cover arrangements for SRO s and other senior stakeholders. 5

There may be duplication and gaps in the roles and responsibilities undertaken by the SRO and contract manager if there is no formal communication between the two. Management Response Responsible Officer Deadline As there have been changes to the Director of Resources and Director of Commercial roles, it is the right time to re-look at roles and responsibilities and how the teams work together to ensure the contracts are delivering value for money and satisfaction. There is a workshop planned to ensure robustness of clienting is demonstrated. 2.2 Annual review of Key Performance Indicators Director of Resources Director of Commercial P Detailed finding Risk Recommendation Review to be completed 31/5/2016 Implemented by 30/6/2016 2 There are ten Super Key Performance Indicators, 31 Key Performance Indicators and 91 Performance Indicators outlined in the contract which are monitored on a monthly basis by the Council. These reports are scrutinised by a number of Boards, including the monthly Partnership Operations Board and the quarterly Strategic Partnership Board which includes the SRO s. We reviewed the performance report produced for the first quarter of 2015/16 and noted that all performance measures are included. It was confirmed, however, that performance management information is not independently validated by the Council. It was noted that for a number of performance measures, including Super Key Performance Indicators, an actual figure was not included in Incomplete or inaccurate performance measures reported by Capita may result in the Council not being able to make a clear or informed judgement on functions where performance information is missing. This may lead to issues not being identified and escalated promptly, impacting on the operational delivery of Council services. 6 Recommendation 2 a) Management should review the performance measures to determine whether the correct measures are being baselined and that the new thresholds are appropriate. b) Management should consider whether it would be appropriate to validate the data used by Capita to report the Super Key Performance Indicators or Key Performance Indicators.

the report. In these cases, the report stated that the performance measure was being baselined and the thresholds for these will be changed. These are not being reported in the short term until new thresholds have been agreed. We confirmed that an annual review of the Key Performance Indicators was performed in April 2015. Discussion with management confirmed that the entire performance measure framework will be reviewed as part of the three year fundamental review of the CSG contract in March 2016. This includes baselining of existing performance measures. Management Response Responsible Officer Deadline The Council will be putting resources into doing risk based deep dives into data used by Capita to report Super KPI or KPI performance. Director of Commercial 31 July 2016 Timetable Terms of reference 14 August 2015 Fieldwork completed 29 February 2016 Draft report issued 7 March 2016 Management responses received 30 March 2016 Final Report Issued 4 April 2016 7

Appendix A: Observations for management from the review of CSG contract management arrangements As part of our testing we identified an issue which was outside the scope of this specific review. This is reported below for completeness and for consideration by management. Contract monitoring assurance activities P Detailed finding Consideration for management 1 In line with good contract management practice, the Council has a Contract Management toolkit in place to support contract managers in managing the activity on the Council s contracts. Alongside this toolkit there should be a formal assurance framework in place to monitor the performance of Capita in the delivery of contractual obligations due to the size and nature of the strategic contracts in place with them. The Council s Commercial team have prepared an assurance mapping document which outlines the first, second and third lines of defence in place to provide the Council with assurance over Capita s activity. This was produced by the Commercial team to summarise the core contract and performance management arrangements in place. Although this is not a formal document, there is no other published assurance framework document. In line with good practice, the First Line of Defence relates to the business operations i.e. ensuring there is an established risk and control environment in place within each of the core processes operated by Capita. The Second Line of Defence is the oversight functions i.e. strategic management, performance management and functional oversight. a) Management should undertake an exercise to understand the key controls in place within each of CSG s core processes. This could be achieved through review of the appropriate policy and procedure documents. b) Management should assess and document whether the controls in place are sufficient to mitigate the Council s key operational risks. c) Any control gaps identified in the first line of defence should be raised with Capita and where appropriate processes should be amended accordingly. d) Management should review and update the assurance framework document to ensure inclusion of the identified first line of defence activities. All key Second and Third line activities should also be recorded, including detailing the officers with the core roles and responsibilities in relation to them. e) Management should review the activities on the assurance map to ensure there is sufficient flow of information between the first, second and third lines of defence to allow the Council to promptly identify issues with any of the key delivery risks. f) Management should then consider whether the information available through the three lines of defence is sufficient to 8

The Third Line of Defence is independent assurance i.e. Internal Audit, External Audit, and other sources of assurance who provide independent challenge. We acknowledge that the CSG contract is managed by the Council using a model where Capita are monitored on their performance against outcomes rather than how procedures are operated to mitigate the key risks to the Council. provide senior management with assurance that the key strategic risks are mitigated. g) Once reviewed, the three lines of defence map should be signed off by senior stakeholders including all SROs, the Director of Resources, the relevant Contract Managers, the Commercial Director and the Chief Operating Officer. However, we noted the following issues for senior management consideration: There is a lack of formal documentation held by the Council of the first line defence activities operating at Capita. For example, this may include access to procedure manuals to assess whether the control framework in place mitigates the Council s key risks. This was highlighted as a finding in relation to the accounts payable process where there was no up to date procedure document in place (see Accounts Payable audit findings, January 2016). We understand through review of the Commercial team s Assurance Map and discussion with management, that currently Internal and External Audit activities provide the only evaluation of the design and operation of the controls in place within Capita processes to mitigate the Council s key risks... These form part of the third line of defence in the assurance framework. This testing approach is generally retrospective and would only identify issues after they have occurred, possibly a significant period of time following the initial noncompliance. We did not see evidence of real time monitoring of the operation of Capita controls. Although some second line management oversight activities were found to be operating effectively, there are some second line activities which are currently recorded as the first line of activities within the Commercial team s analysis. These should be moved within the updated version of the assurance map. 9

These include the following: - CSG Strategic Partnership Board - Monthly performance reports - Performance meetings with the Senior Responsible Officers Director of Commercial Director of Resources Responsible Officer Deadline Q2 of 2016/17 10

Appendix B: Statement of Responsibility We take responsibility for this report which is prepared on the basis of the limitations set out below: The matters raised in this report are only those which came to our attention during the course of our internal audit work and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact before they are implemented. The performance of internal audit work is not and should not be taken as a substitute for management s responsibilities for the application of sound management practices. We emphasise that the responsibility for a sound system of internal controls and the prevention and detection of fraud and other irregularities rests with management and work performed by internal audit should not be relied upon to identify all strengths and weaknesses in internal controls, nor relied upon to identify all circumstances of fraud or irregularity. Auditors, in conducting their work, are required to have regards to the possibility of fraud or irregularities. Even sound systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud. Internal audit procedures are designed to focus on areas as identified by management as being of greatest risk and significance and as such we rely on management to provide us full access to their accounting records and transactions for the purposes of our audit work and to ensure the authenticity of these documents. Effective and timely implementation of our recommendations by management is important for the maintenance of a reliable internal control system. 11

Appendix C: Guide to assurance and priority The following is a guide to the assurance levels given: Substantial Assurance Satisfactory Assurance Limited Assurance No Assurance There is a sound system of internal control designed to achieve the system objectives. The control processes tested are being consistently applied. While there is a basically sound system of internal control, there are weaknesses, which put some of the client s objectives at risk. There is evidence that the level of non-compliance with some of the control processes may put some of the system objectives at risk. Weaknesses in the system of internal controls are such as to put the client s objectives at risk. The level of non-compliance puts the system objectives at risk. Control processes are generally weak leaving the processes/systems open to significant error or abuse. Significant non-compliance with basic control processes leaves the processes/systems open to error or abuse. Priorities assigned to recommendations are based on the following criteria: High Fundamental issue where action is considered imperative to ensure that the Council is not exposed to high risks; also covers breaches of legislation and policies and procedures. Action to be effected within 1 to 3 months. Medium Significant issue where action is considered necessary to avoid exposure to significant risk. Action to be effected within 3 6 months. Low Issue that merits attention/where action is considered desirable. Action usually to be effected within 6 months to 1 year. 12

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback