SUMMARY OF FINDINGS
Control Objective Findings / Risk Recommendations
Control Objective / Findings / Risk / Recommendations
1.GENERAL
1.1Policies and procedures over the control and the administration of key areas of operation are established with policies appropriately approved and reviewed. /

None

/ N/A
1.2Access to end user systems is adequately restricted with critical systems files backed up on a regular basis and adequate change control procedures in place. Software licences are up to date and installable media is securely located. / Verbal Comment / A regular review of users should be undertaken to ensure leavers are removed from the system.ICT can supply this information.
1.3The application of value for money criteria within Safety and Risk is appropriately addressed. /

None

/ N/A
2.HUMAN RESOURCE MANAGEMENT
2.1Staffing arrangements for Safety and Risk are appropriately determined and administered in accordance with national conditions and local policies. /

None

/ N/A
2.2Salary information submitted for payroll input is appropriately completed and subject to prior review and approval. /

None

/ N/A
2.3Staff within the insurance, safety and risk sections are appropriately qualified. / Verbal Comment / A record should be kept of CPD and declarations submitted to professional bodies if required. HR have confirmed this is best practice.
3.FINANCIAL MANAGEMENT
3.1All income sources are identified and charges are regularly reviewed. Sales invoices are accurately prepared and approved, issued timeously and correctly posted. Cash takings and balances are adequately secured, promptly banked, correctly allocated and fully accounted for. / There is an SLA in place with Shetland Charitable Trust (SCT) for £1,800 pa plus VAT for services carried out relating to insurance. It appears that there are no SLAs in place with SLAP or SHE&P although they have been invoiced for and have paid £1,800 plus VAT each.
  1. There are no SLAs in place with SLAP and SHE&P detailing the amounts to be charged for administering insurance on their behalf.
  1. Grant income totalling £6,125 has been applied for and received from Sustrans in the year to date and the claims were appropriately authorised and with adequate back-up. It was noted that they have been coded to expenditure codes rather than income codes.
Audit Comment #3 /
  1. SLAs should be put in place with SLAP and SHE&P regarding the provision of insurance services.
  1. All income should be coded appropriately, i.e. to type codes starting with 4, rather than being netted off expenditure codes. The Road Safety Officer should discuss this with Management Accountancy to arrange any journals that are required.

4.INSURANCE
4.1Insurance policies are current, with appropriate cover in place and subject to annual review. /

None

/ N/A
4.2Insurance contracts are processed in accordance with legislative and Council policy. /

None

/ N/A
4.3Claims are recorded accurately and processed timeously. /

None

/ N/A
4.4Mortgage properties and Council flat insurance renewals are promptly and accurately issued. / The Insurance Officer forwarded a spreadsheet showing the ex-Council flats where the Council still retains an interest in at least one flat in the block but that are insured by their owners rather than as part of the Council’s blanket policy.
He stated that their procedure is to ask the owners for sight of their insurance documents and in August 2010 about 30 letters were sent out to owners requesting this. Due to sickness within the Section, it appears that there were no follow-up letters issued and the spreadsheet indicates that a number of policies have not been evidenced.
Comfort is not being received that, where the Council still retains an interest in at least one property in a block of ex-Council flats, all other properties in the block are adequately insured.
Audit Comment #1 /
  1. The Insurance Section should make a judgement on whether it should continue to ask for sight of insurance documentation from owners of ex-Council flats, after considering the risks attached to not seeking this information.
  1. If it decides to continue with this practice, follow-up letters should be issued to those owners who do not respond to the first letter.
  1. The spreadsheet should be adjusted to reflect the efforts that have been made to obtain the requested information.

4.5Contractor insurance details are accurately maintained and updated. / Verbal Comment / Request and obtain renewal certificates on a regular timely basis
4.6An inventory of insurable assets is maintained and regularly updated to ensure appropriate insurance cover is effected. /

Observation

/ Insurance position regarding museum artefacts will be looked at on follow-up
4.7Insurance costs are consistently and accurately recharged. /

None

/ N/A
4.8Details of all drivers of Council vehicles are correctly recorded and appropriate insurance is in place where applicable. /

None

/ N/A
4.9Statistical returns and performance indicators are accurately completed and promptly submitted. /

None

/ N/A
4.10The insurance fund is operated in accordance with legislation and Council policy. /

None

/ N/A
4.11An independent review of the insurance fund is performed with an appropriate financial statement prepared. /

None

/ N/A
5.RISK MANAGEMENT
5.1Appropriate risk management policies, procedures and structures are in place. /

None

/ N/A
5.2 A prioritised risk register is in place which covers all areas of the Council and relates to strategic and operational objectives. /

Key Observation

/ Acknowledged that this is outwith the control of Safety and Risk
5.3Risk management initiatives are in place to manage key risks and are adequately planned, controlled and monitored. / Refer to Control Objective 6.1 / Refer to Control Objective 6.1
5.4Insurance claims details are subject to review and analysis to identify pervasive issues. /

None

/ N/A
6.SAFETY
6.1Adequate monitoring of performance in Health and Safety across the Council is performed. / Planned monitoring of health and safety
At the opening meeting with the Safety and Risk Manager, she stated that Health and Safety audits have not progressed because of staff resourcing issues within the section and this has been re-iterated by the Safety Manager.
The Safety Manager stated that although a formal rolling programme of Health Checks is not taking place, they monitor health and safety across the Council through submitted PIN forms, all of which are reviewed by staff in the Safety section.
Since starting with the Council in May 2010, the Safety Officer has been involved with carrying out fire safety audits. This is being progressed using a risk-based approach, starting with properties involving accommodation and progressing to properties involving vulnerable groups and then to offices and other properties.
He has also been carrying out a review of practical rooms in schools and advising on such things as risk assessments where these are not in place or are insufficient.
The audit of Safety in 2003/04 identified that “No system for monitoring performance of health and safety across the Council is currently in place, which would provide assurance that the Council is fulfilling its health and safety obligations.” At the follow-up in June 2005, it was noted that a Safety and Risk Health Check programme had been devised but it had been delayed due to various factors. However the first health check was due to take place later that month.
Review of management activity
A review of management activity would take place as part of these planned inspections but in their absence, this is being monitored through PIN forms, safety forums and the work being done on fire safety and technical room audits.
Monitoring of risk assessments
The Safety and Risk intranet site gives guidance on the Council’s Risk Assessment Scheme.
The Safety Manager emphasised that risk assessments and their review are the responsibility of individual managers as they are the ones with the knowledge and expertise to complete them. She stated at the opening meeting that if the Health Check Rolling Programme was taking place, a sample of risk assessments would be reviewed. Any lack of suitable and sufficient risk assessments would be highlighted by that process.
For some time, Internal Audit, during its audits of individual services, reviewed risk assessments but only to the extent that they were in place and were in date. This was stopped, after the Internal Audit Service Manager discussed the matter with the Head of Finance and the Safety and Risk Manager, in order to prevent a misperception that Internal Audit staff were reporting on the suitability and sufficiency of the assessments, a task that they are not qualified to do. It was seen as part of the role of Safety and Risk to ensure that there are suitable and sufficient risk assessments in place.
Training regarding Risk Assessments is carried out periodically at Train Shetland, with the training generally delivered by the Safety Manager.
Risk Management
We were informed that risk audits had been taking place up until the introduction of the new risk register system. Since then the Risk Management Officer’s efforts have had to be focused on assisting departments with the completion of the risk registers.
Stress Management
It is acknowledged that work is being carried out in relation to stress management, eg stress focus groups are taking place and a report was put to the Risk Management Board in February 2011 detailing corporate issues that have been identified at focus groups. It was agreed via the Risk Management Board that stress focus groups would be carried out by Safety & Risk staff normally as part of the Risk Health Checks but no service or unit would be refused one if it were required outwith a Risk Health Check. However, a scheduled programme of Risk Health Checks, to include monitoring of stress management, has not been taking place.
  1. While we acknowledge that various aspects of health and safety monitoring are taking place within Safety and Risk and that there have been resourcing issues in the last few years, there is no formal programme of planned inspections, surveys and audits for undertaking health and safety audits and risk audits across the Council on a systematic basis.
  1. Consequently, one of the means of assessing that management activity in relation to health and safety is appropriate, that risk assessments are in place across the Council and that monitoring of stress management within the Council is adequate is not in place.
Audit Comment #2 / A formal programme of health and safety and risk audits should be devised to ensure that the Council is meeting its responsibilities under health and safety legislation.
6.2Management activity in Health and Safety is monitored and additional measures highlighted where these are required. / Refer to Control Objective 6.1 / Refer to Control Objective 6.1
6.3Risk assessment schemes are implemented throughout the Council with suitable training provided. / Refer to Control Objective 6.1 / Refer to Control Objective 6.1
6.4New Health and Safety legislation and guidance is adequately communicated to management and staff. /

None

/ N/A
6.5Health and Safety meetings are held at regular intervals and attended by relevant personnel. /

None

/ N/A
6.6All current Council-wide Health and Safety documents are maintained and effectively communicated. / Refer to Control Objective 6.1 / Refer to Control Objective 6.1
6.7Adequate Health and Safety training is undertaken for all levels in the Council. /

None

/ N/A
6.8Road safety education complies with requirements. /

None

/ N/A
6.9Reporting of incidents to HSE under RIDDOR takes place timeously. / Verbal Comment /
Key Observation in final report – RIDDOR requirements are not always being timeously reported to Safety & Risk. / Re-look at system during follow-up to ensure incidents are being reported timeously once computer glitch is sorted. Also to ascertain whether Departments are reporting timeously to Insurance & Risk.
6.10Central records and statistics are maintained of accidents, incidents and work-related ill-health and regular reports are prepared highlighting trends or matters of general concern. /

None

/ N/A

1