Internal audit & risk management

Internal audit & risk management

Here we provide information about internal audits, the role of the lead executive director and risk management directives.

Internal audit & risk management

Section 151 of the Local Government Act 1972 requires the proper administration of all the financial affairs within the county council. The officer holding this responsibility is referred to as the lead executive director.

The lead executive director should provide a range of services to all council directorates and a number of associated bodies, including Homes for Northumberland and Arch, the Northumberland development company.

There are three services within the finance group:

  • business support
  • administration and transactional services
  • internal audit and risk management
The audit service is split into three sections: Internal audit
This page explains the role and objectives of the audit service within Northumberland County Council.

Internal audit - introduction
Internal audits must be carried out by every local government organisation, as stated by Section 151 of the Local Government Act 1972.

Our aim is to give assurance to management and members that certain processes operate in an efficient and effective manner and ensure the integrity of transactions.

The work and performance of the audit service is overseen by the county council's audit committee.

Internal audit also has responsibility for investigating possible irregularities. For further information on the council's commitment to fighting fraud, please visit our fraud information website.
 
Audit service
The audit service provides an independent appraisal to the county council to review its systems of internal control. It is a review activity which does not relieve line management of its responsibility for ensuring that effective systems of control are in place.

The audit service fulfils this role by carrying out independent reviews of the county council's activities and reporting its findings to those who need to know and can ensure appropriate action is taken.

In carrying out this role, the audit service complies with the Chartered Institute of Public Finance and Accountancy (CIPFA) code of practice for internal audits in local government and other CIPFA statements.  
 
Audit objectives
To objectively assure the county council that:
  • its systems of internal control are operating effectively
  • its operations are being conducted in accordance with council policy and procedures, current legislation and provide best value
  • its assets and interests are accounted for and safeguarded from losses of all kinds, including fraud, waste and inefficiency
Audit authority
The audit service derives its authority from the county council through its constitution. The audit committee has approved the charter and considers and monitors the annual audit plan.

The audit service has authority to:
  • visit any county council establishment at any time
  • have access to all documents, correspondence and other records
  • have access to all stocks and cash held at establishments
  • require and receive from employees, members and other persons, assistance or explanation, written or oral
Audit service - responsibilities
In carrying out its role, the audit service will maintain objectivity and display professionalism. It will be tactful and provide advice and assistance where appropriate.

The audit service will maintain a strategic audit plan, which will take account of the audit needs and risks of the council, ensuring they are subject to audit over a five-year period. The audit plan is developed alongside other directorates and stakeholders.

Each year the head of audit and risk management presents the updated strategic plan, along with a detailed plan of activity for the forthcoming year to the audit committee for approval. Progress against the plan will be reported to the audit committee throughout the year.

The head of audit and risk management provides an annual report on internal control systems to the audit committee.

The audit service also reviews systems under development, perform special investigations where necessary and seeks to minimise the potential for fraud and corruption within the county council. The audit service will work closely with external audit (Deloitte) and other external review agencies, with the aim of co-ordinating, planning and avoiding unnecessary duplication.

Specialist computer audit work is undertaken by a contractor reporting directly to senior management.

Risk management

This section explains the role and objectives of the risk management team within Northumberland County Council.

Risk management - introduction
Our aim is to reduce the level of risk facing the council that may prevent it from achieving objectives. This is overseen by the county council's audit committee.
 
Risk management team
The team co-ordinates risk management across the county council. The team fulfils its role by developing and implementing ways to manage risks across the county council.

The risk manager achieves this through the strategic risk management group, consisting of senior managers representing each of the county council's groups.

The approach is documented in the risk management framework, encompassing the risk management policy and risk management strategy.
Risk management objectives
  • input into corporate governance processes
  • drive the embedding of risk management processes throughout the county council
  • provide support and guidance on risk management issues throughout the county council
Risk appraisal process
The council's corporate planning processes incorporate the consideration of risk at an early stage, both at a strategic and operational level. The process formalises the consideration of risk within projects and proposals, as contained in reports going to the strategic management team/executive.

Escalation within the risk appraisal process ensures the consideration of risk is not unduly onerous for less significant issues. The process is underpinned by a risk assessment workshop involving interested parties and, where appropriate, approval by the risk appraisal panel comprising members and senior officers.

Various proformas and guidance are provided in the risk management toolkit: Risk assessment templates Risk appraisal panel Action plans and monitoring Risk management training slides
Risk management team responsibilities
Responsibilities of the risk management team are to:
  • facilitate and provide support to the organisation's risk management process, giving advice and guidance on best practice
  • co-ordinate Northumberland County Council's risk management approach, ensuring a consistent approach is adopted throughout the organisation
  • report regularly to the audit committee and executive/strategic management team on progress
  • develop Northumberland County Council's risk management approach, including setting of policy, strategy and methodology
  • ensure risk management is integrated within the policy development, service planning and performance management processes
  Responsibilities of county council services:  
  • implement the risk management policy
  • ensure risk assessment protocols and adequate controls are in place
  • ensure identified actions to reduce the level of residual risk are implemented
  • monitor progress and report upon performance in reducing risk at all levels
  • utilise management reports to improve risk management within the council
What to do if you think you have suffered damage as a result of council negligence
If you are a member of the public and believe you have suffered damage as a result of council negligence, you need to write in to the insurance team at the address given below, or email the insurance mailbox.

Details must include your full name, date of birth and national insurance number. For any motoring incidents, we also require copies of evidence of your car ownership, tax disk and MOT certificate.

Please provide a full explanation and details of the incident that has occurred and any damage suffered, along with photographic evidence where possible and two estimates of the value of work required to make good the damage, if appropriate. It is important you provide the precise location of the incident and the date and time.

Where it is necessary for you to make an immediate repair, e.g. replace a tyre, we also require you to retain the damaged item for inspection by ourselves or our insurance company.

All claims are thoroughly investigated, and we prosecute anyone found to have submitted a fraudulent claim.

Email the insurance mailbox: insurance@northumberland.gov.uk

Or write to us at:

Insurance Team
Administration and Transactional Services
Finance Group
Northumberland County Council
County Hall
Morpeth
Northumberland
NE61 2EF
Fax: (01670) 626039
 
Risk management contacts
Barbara McKie, group assurance manager Lynne Brown, risk management officer Allison Mitchell, chief internal auditor Address
Shared Internal Audit and Risk Management Service
Northumberland County Council and North Tyneside Council
Quadrant (East)
The Silverlink North
Cobalt Business Park
North Tyneside
NE27 0BY
 

Fraud: data matching

Here you will find information about data matching and the audit commission.

This authority is required by law to protect the public funds it administers. It may share information with other bodies responsible for auditing or administering public funds to prevent and detect fraud.

The commission appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.
 

Data matching
Data Matching

This Council is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.  Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.

Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.  Data matching by the Cabinet Office is subject to a code of practice, a copy of which is available here.
 
More information
  • View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information here.
  • For further information on data matching at this authority, contact the Internal Audit Service.
    Tel: (01670) 623929