HERTFORDSHIRE COUNTY COUNCIL
AUDIT COMMITTEE
WEDNESDAY 20 JUNE 2012 AT 10.30AM
RISKS ON THE COUNTY COUNCIL’S Risk Register: FRAUD RISK
Report of the Director Resources and Performance
Author: Helen Maneuf, Head of Assurance Services
Tel: 01438 845502
Executive Member: Derrick Ashley (Transformation, Performance & Waste Management)
1.Purpose of Report
1.1.Toprovide further information regarding the risk and controls relating to risk AUDIT 001: ‘as a result of the current economic conditions there is an increased risk that the Council experiences significant fraud’. The current risk score is ‘Significant’ (12).
2.Summary
2.1.The Audit Committee has requested an update on the above related risk,the assessment and rating of thisrisk and the controls in place to minimise or avoid its occurrence.
3.Recommendation
3.1.That the Committee notes the information provided in this report.
4.Background
4.1For practical purposes fraud may be defined as the use of deception with the intention of obtaining an advantage, avoiding an obligation, or causing loss to another party. The 2006 Fraud Act includes a number of fraud offences: the most commonly encountered being fraud by false representation; failure to disclose information; and fraud by abuse of position. All organisations are potentially at risk of fraud, from both internal and external threats, which can result in financial loss, reputational damage and reduced quality of service.
4.2The Shared Internal Audit Service maintains risk AUDIT0001 relating to fraud risk in the Council Council’s risk register. Although not one of the most highly scoring risks currently held by the Council, the Audit Committee selected the risk for review at this meeting because:
- The Audit Committee’s terms of reference include responsibility for advising the Executive on Anti-Fraud and Anti-Corruption arrangements; and
- PWC were commissioned to review the Council’s arrangements, and the results of this piece of work have recently been received. It is important for the Audit Committee to consider the results of this review.
5Results of the PWC review of HCC’s fraud arrangements
5.1The PWC report, published in May 2012, has given ‘substantial’ assurance on the anti-fraud and anti-corruption arrangements in place at the Council. This opinion supports the current risk score. The auditors have recommended a number of improvement actions, which can be summarised as:
- Ensuring the anti-fraud and anti-corruption policy is updated
- Undertaking a fraud risk assessment and gaining specific assurance on key fraud risk areas
- Review and streamline the Council’s Whistleblowing Policy
- Introduce a tri-age mechanism for determining appropriate response to fraud to ensure effective use is made of investigation resource
- Amend the fraud register to better record fraud concerns
- Conclude investigations in respect of the current National Fraud Initiative
- Carry out a training needs assessment for management and arrange suitable anti-fraud training.
5.2The full recommendations and management responses are contained in the risk template report under the section ‘Additional actions required to manage risk to an acceptable score’.
6Developments in the national anti-fraud agenda
6.1Since the Audit Committee briefing on fraud in November 2012 there have been two high profile national reports on the subject of combating fraud.
6.2Firstly, in April 2012 the Government published ‘Fighting Fraud Locally’ to highlight the need for greater prevention and smarter enforcement across local government to counter the £2.2 billion estimated fraud loss to councils annually. The report recommends that councils’ strategic approach to fraud should be to:
- ‘Acknowledge the threat of fraud and the opportunities for savings that exist. This acknowledgement must start at the top and lead to action. The strategy recommends that the starting point for each council is to perform its own risk assessment and fraud resilience check.
- Prevent: this area forms the second element of the strategy. With reducing investigative and police resources, a counter fraud strategy can no longer depend on enforcement activity. Prevention is often the most efficient way to make savings, and so what is called for is a radical realignment of counter fraud resources with greater investment in techniques, technology and approaches that will prevent fraud.
- Pursue: stopping fraud happening in the first place is our aim. However, motivated offenders will still succeed. A robust enforcement response is therefore needed to pursue fraudsters and deter others. Fraud is an acquisitive crime, and the best way to deter offenders is to ensure that they are caught and do not profit from their illegal acts. The strategy argues for a fundamental shift to emphasise civil recovery and the more rigorous pursuit of losses’.
6.3Secondly, in May 2012 the Audit Commission published its report on the latest National Fraud Initiative (NFI) exercise, and the Member Briefing to accompany the report is given in Appendix A. The report advises on the £229 million recovered in the latest exercise, and contains a member checklist for assessing how the NFI is being used in organisations and whether its benefits are maximised.
6.4It will be appropriate in reviewing the Council’s anti-fraud and anti-corruption policy to take into account the recommendations of these publications.
1
CORPORATE RISK REGISTERRisk Number / Risk Owner / Department
Audit 0001 / Helen Maneuf / Resources and Performance
Date risk first included on risk register / Strategy for managing the risk / Executive Member
January 2009 / Reduce / Derrick Ashley
Short description of the risk
As a result of the current economic conditions there is an increased risk that the Council experiences significant fraud.
Consequences of the risk
Loss of financial and other resources (e.g. easily portable assets); damage to Council’s reputation as a body which can be trusted to manage public funds in a responsible way.
Current controls
The Audit Committee’s terms of reference include the role of advising the Executive on anti-fraud and anti-corruption arrangements.
The Council has an up to date anti-bribery policy and an anti-fraud and corruption policy which is currently being revised and updated to reflect organisational changes.
Recruitment procedures are fraud-proofed to ensure appropriate background checks.
Herts Direct pages provide for reporting of suspected fraud and corruption directly to Head of Assurance; internally, employees can use the Council’s Whistleblowing arrangements to report concerns on a confidential basis.
A record is maintained of all reports of suspected fraud and corruption received and of action taken to ensure these are investigated.
Two members of the Shared Internal Audit Service have qualified as accredited Counter-Fraud investigators with the Chartered Institute of Public Finance and Accountancy.
The Shared Internal Audit Service uses a set of fraud investigation response materials which comply with evidential standards.
The Council participates regularly in the National Fraud Initiative data-matching exercise.
The Shared Internal Audit Service has links with investigative teams in Trading Standards.
Additionally, the controls described in the risk register are:
-risk based audit focussing on areas susceptible to fraud; and
-exploring potential for District Councils for a shared fraud hotline. Discussions at a recent Hertfordshire Audit Group indicated a preference for local fraud reporting.
The risk register will be updated to fully reflect all the controls listed.
Current Risk score based on effectiveness of current controlsQ4 2011/12
Likelihood score: Impact score: Overall score:
Possible (3)Medium (4)Significant (12)
Reason for inclusion on Corporate Register
Risk is distributed throughout entire Council, with some areas particularly susceptible.
Direction of travel(overall risk score for previous three quarters)
Q3 (11/12) / Q4 (11/12) - No change / Q1 (12/13) – No change
Target risk score
Likelihood score: Impact score: Overall score:
Rare (1)Medium (4)Manageable (4)
Reason for changes in risk score.
N/A
Additional actions required to manage risk down to an acceptable score
Set out below are the recommendations and management responses from the Fraud Arrangements carried out by PWC which was finalised in May 2012.
Recommendation 1
Consideration should be given as to whether “Being notified of any action taken under the anti-fraud and anti-corruption arrangements” should form part of the Audit Committee’s constitution. This could be underpinned by a requirement for an annual report of frauds against the Council to the Audit Committee. The Council’s “Anti-Fraud and Corruption Strategy” should be updated with a requirement for all frauds to be reported to the Audit Committee and the mechanism and responsibility for doing so.
Response – for completion by September 2012
The quarterly update from the HIA contains summary information on fraud activity. There is some concern about reporting detail of current cases in the public domain but an anonymous statistical representation will be able to be presented.
The Council’s Anti-Fraud and Corruption strategy will be updated and re-issued and the role of the Audit Committee re-visited as part of this exercise. As part of this exercise the recommendations from‘Fighting Fraud Locally’ and the Audit Commission’s review of the latest National Fraud Initiative exercise will be considered.
Recommendation 2
As a next stage following the anti-fraud service performance review by PWC, the counter-fraud function should undertake an assessment of the key fraud risks to the Council in order to produce a centralised fraud risk register. This exercise could be undertaken through a risk assessment workshop involving senior officers, including service directors. The counter-fraud function should then develop a strategy for obtaining assurance that the key fraud risks are mitigated by the relevant departments.
Response – for completion April 2013A fraud risk assessment exercise will be undertaken.
Discussions will be held with the Risk Management Team with a view to capturing the risk assessment in the authority’s risk management software.
Audit planning for 13/14 will use the risk assessment to determine assurance needs.
JLT assurance statements for 13/14 will reference counter fraud roles and responsibilities.
Recommendation 3
The Anti-Fraud and Corruption Strategy should include a definition of fraud and refer to the various offences under the 2006 Fraud Act, along with examples of each offence relevant to local government.
Response- for completion by September 2012
Agreed. These definitions and examples will be included.
Recommendation 4
The Council should revert to a single Whistleblowing policy. The policy should be updated to include:
- A clear statement setting out who the policy is applicable to, which should include permanent employees, agency staff, voluntary staff, consultants and contractors. The Council should also ensure that it has a strategy for ensuring that the policy is effectively communicated to these other groups.
- Clarification of the role of HR, Internal Audit, Chief Legal Officer and Monitoring Officer, the Employee Assistance Programme, and Trade Union Representative in the reporting mechanisms, along with contact details for each.
- A requirement for an annual review by a suitable officer or body, which should ideally be overseen by the Audit Committee.
- Source of report (i.e., whether internal, external, or unknown/anonymous);
- Summary of incident;
- Details of Lead Investigator*; and
- Latest actions taken.
Response – for implementation by December 2012
A review will be undertaken to produce one policy and the points made in Recommendation 4 will be considered as part of that review.
Recommendation 5
Internal Audit should consider introducing a formal assessment for all referrals as a basis for deciding what further action is required. Assessment criteria typically includes:
- Source
- Potential value
- Reputational risk
- Likelihood of success
- Time lapse
- Jurisdiction
Response – for implementation July 2012
Formal assessment criteria will be determined.
Recommendation 6
Consideration should be given to revising the fraud register format so that referrals are separated into certain categories - for example actual, attempted or suspected frauds against the Council, and general queries raised to Internal Audit, including those requesting assistance by other authorities.
Management should review the register on a monthly basis to ensure that for each entry in relation to actual, attempted or suspected frauds against the Council the following information is recorded:
- Nature of suspected fraud;
- Date of incident;
- Potential costs;
- Details of Lead Investigator*;
- Latest actions taken;
- Outcome;
- Consideration of whether wider publicity of the fraud is required, as a warning and/or deterrent; and
- Consideration of whether controls need strengthening to prevent any future incidents.
Response – for implementation by June 2012
The register will be reviewed and consideration given accordingly. A monthly review by the Head of Assurance Services or a delegated team member will be undertaken.
Recommendation 7
Internal Audit should:
- Ensure that payroll to creditors matches are investigated and evidenced as such;
- Follow up with Serco in relation to the duplicate payments and creditors reports to ensure that monies in relation to any duplicate payments are being recovered and that any duplicate suppliers are de-activated;
- Consider the value of commissioning data analytics of current payment and supplier data, to identify erroneous or fraudulent transactions or supplier records.
Payroll to Creditors matches to be examined.
For the period in question there were alternative arrangements in place ie the IA quarterly data matching exercise. Subsequently a data matching exercise has been commissioned by Finance which reviewed total payments of £5.7bn and found duplicates totalling £165k, indicating strong control over duplicate payments. The duplicated amounts are now to be recovered.
Recommendation 8
The Council should carry out an anti-fraud training needs assessment for managers, and arrange for appropriate training to be given. This will identify managers with greater training needs as a result of the nature of their job. Benefits of developing such a programme are likely to include:
- Managers understanding their personal, as well as corporate, responsibilities in respect of fraud and corruption;
- Achieving 'buy-in' from employees, and a commitment to disseminate the anti-fraud agenda to the wider workforce and other key stakeholders;
- Spreading the message to potential fraudsters that the Council takes fraud seriously and will respond to attempted fraud in a consistently robust manner; and
- Publicising of whistle blowing arrangements.
Approach to training needs assessment to be discussed with Learning Organisational Development
Awareness-raising programme to be designed for early 2013.
Known factors that could have a positive effect on the risk
It is in line with recommended practice to take a pro-active approach to raising awareness of fraud risk, and of actions to take should fraud and corruption be suspected.
The introduction of the Universal Credit system is intended to reduce fraud and error by simplifying the benefit system.
Known factors that could have a negative effect on the risk
N/A
Contingency plan
A fraud response procedure is in place which sets out actions that are taken when a potential fraud is identified.
Does the risk present any opportunities that could be exploited
Changes in responsibility for benefit fraud investigation may provide an opportunity for the Shared Internal Audit Service to develop a service offering to District Councils in relation to fraud investigation.
Arrangements for risk monitoring and review
This risk is monitored by the Resources and Performance Board on a quarterly basis and then by Risk Champions.
Additional comments/context
To ensure that the recommendations made in Fighting Fraud Locally and in the Report on the outcomes of the latest National Fraud Initiative exercise are taken into account when updating the Council’s anti-fraud and anti-corruption policy.
1