Appenidx 1a. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF HOUSING COMPLIANCE AUDIT PROGRAMME

Transcription

1 Appenidx 1a DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF HOUSING COMPLIANCE AUDIT PROGRAMME

2 DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance Phil Drysdale, Audit Manager Report Distribution List David Lunts, Executive Director Housing and Land Nick Taylor, Head of Area North West David Watkinson, Senior Area Manager North West Martin Clarke, Executive Director - Resources Doug Wilson, Head of Financial Services Tom Middleton, Head of Governance and Resilience

3 CONTENTS EXECUTIVE SUMMARY Page Background 1 Audit Assurance 1 Areas of Effective Control 1 Risk Issues for Management Action 2 FINDINGS and RECOMMENDATIONS Review Objectives 3 Scope 3 Framework, Policies and Procedures 3 Monitoring and Quality Assurance 4 Audit Programmes 5 Record Keeping 6 Reporting, Oversight and Scrutiny 6 ACTION PLAN Assurance and Risk Rating Definitions 8 Findings and Recommendations 9 November 2014 Review of Housing Compliance Audit Programme

4 EXECUTIVE SUMMARY 1. Background 1.1 This review has been carried out as part of the Greater London Authority (GLA) 2014/15 audit plan. Under the Localism Act 2011, the housing investment responsibilities of the Homes and Communities Agency (HCA) in London transferred to the GLA, and from 2012/13 the GLA became responsible for managing the Compliance Audit of Registered Partners (RPs) operating within London. 1.2 The Housing Compliance Audit Programme (CAP) aims to ensure that the GLA and HCA policies, funding conditions and procedures are followed. The Compliance Audit framework applies to RPs receiving grant under the National Affordable Housing Programme and the Affordable Homes Programme. 1.3 At the outset of the review, the potential risks identified to achieving the objectives of the CAP were: Lack of clear objectives, roles, responsibilities and accountabilities. Non-compliance with Compliance Audit procedures and quality standards leads to incorrect audit opinions. Audit test programme poorly adapted to the GLA s requirements. Inadequate records supporting Compliance Audit opinions and conclusions. Inadequate monitoring, scrutiny and follow up of Compliance Audit programme outputs, including breaches, leads to non-recovery of overpayments, continuation of poor practice and failure to achieve housing programme objectives. 1.4 We are looking to provide assurance that the key risks are being effectively managed. 2. Audit Assurance Substantial There is a sound framework of control operating effectively to mitigate key risks, which is contributing to the achievement of business objectives. 3. Areas of Effective Control 3.1 There is a clearly defined and approved framework in place for the management of Compliance Audits which is supported by comprehensive and well developed policies and procedures. 3.2 The schemes audited were a good mixture of large and small Registered Partners and covered both Housing Association and Local Authority schemes. Compliance Audit checklists meet the GLA s specific requirements. 3.3 The records GLA Housing and Land retain are appropriate to its role in commissioning, managing and reporting on the CAP, are generally complete and provide sufficient evidence to support audit opinions. November 2014 Review of Housing Compliance Audit Programme 1

5 EXECUTIVE SUMMARY 3.4 The arrangements for reporting and oversight in place provide effective oversight and scrutiny of the CAP and the impact of reported breaches is effectively evaluated in Audit Lead reports. Sanctions, such as recommending the withholding of grant money, are proportionate and conform to the GLA s Procedural Breach Severity Measures guidance. 4. Risk Issues for Management Action 4.1 Housing and Land do not check External Audit reports against the Capital Funding Guide Audit Document File requirements on which these rely which may result in errors not being detected. 4.2 Housing and Land retain and exercise discretion in Partnership Programme Audits sample selection (beyond the random sample generated by CAWeb) but there is currently no formal protocol or risk based methodology for exercising this discretion. This could lead to important local risk knowledge being excluded from the audit selection process and valuable H&L staff resources being misdirected. November 2014 Review of Housing Compliance Audit Programme 2

6 FINDINGS AND RECOMMENDATIONS 5. Review Objectives 5.1 Our overall objective was to review the adequacy and effectiveness of the control framework in place for the Compliance Audit Programme. In particular, we sought to give an assurance that: A clearly defined and approved framework is in place for the management of Compliance Audits which is supported by policies and procedures. Monitoring arrangements are in place that ensures Compliance Audits conform to regulations, policies, procedures and quality standards. Compliance Audit test programmes meet the GLA s specific requirements. Working papers and other evidence that supports the opinions and conclusions of Compliance Audits is retained. Adequate reporting arrangements are in place to enable effective oversight of Compliance Audits, and adverse audit findings (Breaches) are followed up and appropriate sanctions applied. 6. Scope 6.1 We reviewed the adequacy and effectiveness of the control framework in place for the Compliance Audit programme for GLA managed housing projects only. We examined whether test programmes meet the GLA s requirements and whether audit opinions are supported by and consistent with adequate working papers. We also reviewed the effectiveness of the reporting, follow up and sanction arrangements for adverse audit findings. 7. Framework, Policies and Procedures 7.1 The framework of policies and procedures supporting the GLA s Compliance Audit Programme (CAP) is largely the same as that which operate nationally via the Homes Communities Agency (HCA) and is well developed and comprehensive. It comprises the Affordable Housing Capital Funding Guide (CFG), housing Design Quality Standards, Framework Delivery Agreements, Funding Agreements and Partnering Programme Agreements. 7.2 Detailed and up to date guidance is available to RPs and EAs on the HCA and GLA websites with copies of the standard documents required for audits and specific audit checklists for each housing scheme. 7.3 For legacy London schemes funded through the National AHP RP EAs are required to use the existing HCA audit checklists which are available from the HCA website. For London schemes funded through the AHP, RP EAs use the new GLA audit checklist which is based on the London Design Guide rather than the National Design Guide. 7.4 The higher minimum quality standards, such as larger dwelling size, detailed in the London Design Guide are reflected in the London variations to the Affordable Housing Capital Funding Guide, which is accessible to RP and EAs via the GLA website. November 2014 Review of Housing Compliance Audit Programme 3

7 FINDINGS AND RECOMMENDATIONS 7.5 Specific training has been provided by H&L to RPs and EAs explaining the Compliance Audit requirements that specifically relate to the London schemes based on the London Design Guide. 7.6 The CAP is documented via the Compliance Audit Web (CAWeb), a bespoke audit management application hosted by the HCA. There is a detailed and up to date technical operating manual for CAWeb available to H&L staff that specifies the approach to major audit tasks, such as assigning a lead and external auditor, agreeing the audit programme and managing audit timetable milestones. 8. Monitoring and Quality Assurance 8.1 There is a clearly defined CAP timetable which RP EA s are required to adhere to and which is monitored via CAWeb and area tracking spreadsheets. We reviewed a sample of audits and confirmed that any slippage identified had been followed up by Housing Area Managers and explanations and revised timetables had been agreed with RP EAs. 8.2 Chapter seven of the Capital Funding Guide sets out in detail the requirements and responsibilities of RPs and EAs and includes the requirement to use standard CAP forms such as audit checklists, letters of engagement and standard report templates. The use of standard documents encourages conformance with Capital Funding Guide standards and helps maintain a consistent quality of audit. Our review of a sample of audits confirmed the effectiveness of this control, with all retained documentations conforming to those prescribed. 8.3 RP EAs are required also to confirm that audits have been carried out in accordance with the Institute of Chartered Accountants of England and Wales Technical Release AAF 01/10, Framework Document for Accountants Reports on Grant Claims. AAF 01/10 sets out the roles and responsibilities of auditors, grant paying and receiving bodies and gives guidance on best practice in securing assurance. 8.4 H&L gain additional assurance by carrying out Quality Visits on a sample of audited schemes, 12 in 2012/13, to identify best practice which can be used to inform the design of future schemes. Quality Visits consist of a site visit by H&L Assessors, interviews with residents and resident attitude surveys; which are summarised in a Quality Audit Questionnaire report. From the twelve Quality Visits completed in 2012/13 we reviewed Quality Audit Questionnaires for a sample of four and found that all the H&L relevant sections had been completed. 8.5 H&L do not check EA reports against the CFG Audit Document File requirements on which these rely which may result in some errors not being detected. Recommendation H&L to introduce a risk-based protocol for initiating checks on EA reports against the CFG Audit Document File. November 2014 Review of Housing Compliance Audit Programme 4

8 FINDINGS AND RECOMMENDATIONS 9. Audit Programmes 9.1 The GLA CAP comprises Partnership Programme Audits (PPAs) carried out by external audit suppliers, commissioned and paid for by housing RPs, and Traditional Audits carried out directly by H&L staff. 9.2 In 2012/13, the last complete year for which CAP data is available, there were 46 PPAs and three traditional audits, made up of 930 and four individual building schemes respectively. This represents approximately 10% of schemes completed in London the previous year and included a mixture of large and small RPs covering both Housing Association and Local Authority schemes. 9.3 RP s schemes completing the previous financial year are randomly selected for PPA by the HCA from a list of completed London schemes recorded on the HCA and GLA s Investment Management System (IMS). HCA send the list of sample RP s schemes to H&L for uploading onto CAWeb, through which the programme is managed. 9.4 H&L retain and exercise discretion in PPA audit sample selection (beyond the random scheme sample generated by CAWeb) but there is currently no formal protocol or risk based methodology for exercising this discretion. This could lead to important local risk knowledge being excluded from the audit selection process and scarce H&L staff resources being misdirected. Recommendation H&L to develop a formal protocol or risk based methodology for selecting RP s schemes for inclusion in the PPA programme. 9.5 Audits are carried out via checklists drawn up by Design Leads and based on the requirements set out in the Capital Funding Guide and Housing Design Guides. London schemes funded through the NAHP use the existing HCA audit checklists, and schemes funded through the AHP use GLA specific audit checklist. 9.6 We reviewed one London specific checklist, Rent and Sale, and found that it was consistent with the additional requirements set out in the London Housing Design Guide and the London variations to the Capital Funding Guide. The additional requirements correctly referred to in the checklist include: Evidence that whole life cost has been assessed Refurbishments are compliant with the London Housing Design Guide New builds achieve the required Sustainability Standard 10. Record Keeping 10.1 RPs have the primary responsibility for maintaining evidence of EA audits and detailed requirements are set out in Chapter 7.4 of the Capital Funding Guide. H&L Lead Auditors are required to obtain and retain on CAWeb only those documents that deal with the commissioning of EA work, such as the engagement November 2014 Review of Housing Compliance Audit Programme 5

9 FINDINGS AND RECOMMENDATIONS letter and sample list and audit output, such as the final audit report from EAs. Further documentation, such as completed and signed checklists, are obtained from EAs where Breaches have been reported H&L Lead Auditors are required to maintain electronic audit files for each audit comprising the following significant documents: Notice of audit letter to RP Sample list letter to RP EA engagement letter Final report from the EA H&L final audit report to RP Covering letter to RP for H&L final audit report We reviewed the records retained by H&L for a sample of individual schemes and confirmed that all significant documents were retained and where a Breach had been reported by the EA, supplementary supporting evidence had been obtained and was on file Our review confirmed that the records H&L retain are appropriate to its role in commissioning, managing and reporting on the CAP, are generally complete and provide sufficient evidence to support audit opinions. 11. Reporting, Oversight and Scrutiny 11.1 At the conclusion of each audit the EA reports to the RP using the standard report template on procedural compliance to RPs and the relevant Audit Lead in H&L. Audit Leads in H&L use the EA reports as the basis for their audit reports which are submitted to H&L Senior Management Team and the Chief Executive, Chair of the Board and Development Director of RPs. Audit Lead reports adds context and comments on any Breaches and recommends what, if any, remedial action is required Any issues, feedback and monitoring of remedial actions and sanctions following a reported breach is discussed and followed up at Quarterly Partnership meetings between H&L and individual RPs An annual update report is prepared by Housing Area Head for H&L SMT giving an update on the CAP. 2012/13 was the first year CAP had been undertaken by the GLA. The annual report provides a comprehensive summary of the CAP and included information on the timeliness of audits, a RAG status for each RP, explanations of Breaches identified and Sanctions applied, and an update on the finding of Quality Reviews and traditional (in-house) audits Arrangements for reporting and oversight in place provide effective oversight and scrutiny of the CAP and the impact of reported breaches is effectively evaluated in Audit Lead reports. We found that Sanctions, such as recommending the withholding of grant money, are proportionate and conform to the GLA s Procedural Breach Severity Measures guidance. November 2014 Review of Housing Compliance Audit Programme 6

10 ACTION PLAN RISK AND AUDIT ASSURANCE STATEMENT DEFINITIONS Overall Rating Substantial Adequate Limited No Assurance Criteria There is a sound framework of control operating effectively to mitigate key risks, which is contributing to the achievement of business objectives. The control framework is adequate and controls to mitigate key risks are generally operating effectively, although a number of controls need to improve to ensure business objectives are met. The control framework is not operating effectively to mitigate key risks. A number of key controls are absent or are not being applied to meet business objectives. A control framework is not in place to mitigate key risks. The business area is open to abuse, significant error or loss and/or misappropriation. Impact There is particularly effective management of key risks contributing to the achievement of business objectives. Key risks are being managed effectively; however, a number of controls need to be improved to ensure business objectives are met. Some improvement is required to address key risks before business objectives can be met. Significant improvement is required to address key risks before business objectives can be achieved. RISK RATINGS Priority Categories recommendations according to their level of priority. 1 Critical risk issues for the attention of senior management to address control weakness that could have significant impact upon not only the system, function or process objectives, but also the achievement of the organisation s objectives in relation to: The efficient and effective use of resources The safeguarding of assets The preparation of reliable financial and operational information Compliance with laws and regulations. 2 Major risk issues for the attention of senior management to address control weaknesses that has or is likely to have a significant impact upon the achievement of key system, function or process objectives. This weakness, whilst high impact for the system, function or process does not have a significant impact on the achievement of the overall organisational objectives. 3 Other recommendations for local management action to address risk and control weakness that has a low impact on the achievement of the key system, function or process objectives ; or this weakness has exposed the system, function or process to a key risk, however the likelihood is this risk occurring is low. 4 Minor matters need to address risk and control weakness that does not impact upon the achievement of key system, function or process or process objectives; however implementation of the recommendation would improve overall control. November 2014 Review of Housing Compliance Audit Programme 7

11 ACTION PLAN Ref. Findings and Risk Priority Recommendations Accepted 8.5 H&L do not check EA reports against the CFG Audit Document File on which these rely which may result in some errors not being detected. 3 H&L to introduce a risk-based protocol for initiating checks on EA reports against the CFG Audit Document File. Yes Management Response and Responsibility H&L will introduce a risk-based protocol for initiating checks on EA reports against the CFG Audit Document File. H&L currently reviews EA reports and has discretion to review these against the CFG Audit Document File on which these rely. Responsibility: H&L Senior Area Manager North West/ H&L Head of Area North West Target Date May 2015 (prior to 2015 audit sample selection) 9.4 H&L retain and exercise discretion in PPA audit sample selection (beyond the random sample generated by CAWeb) but there is currently no formal protocol or risk based methodology for exercising this discretion. This could lead to important local risk knowledge being excluded from the audit selection process and scarce H&L staff resources being misdirected. 3 H&L to develop a formal protocol or risk based methodology for selecting RP s schemes for inclusion in the PPA programme. Yes H&L will introduce a risk-based protocol for selecting RP s schemes for PPA, beyond the random sample selection generated by CAweb. H&L currently exercises discretion to select all or part of an RPs programme for PPA regardless of how many of its schemes have been randomly selected by CAWeb. It is acknowledged that this process could be made more transparent and robust by establishing a formal sample protocol setting out the actions to be taken in response to identified risks. This will focus on the audit sample actions to be taken in response to the downgrading of an RP s risk rating in the previous year s compliance audit report or at any other time. May 2015 (prior to 2015 audit sample selection) Responsibility: H&L Senior Area Manager North West/ H&L Head of Area North West ##ISA4D87D77654C404A9A924F78FE705525##Finding November 2014 Review of Housing Compliance Audit Programme 8