3.1 There are eight grade two and two grade three recommendations contained within the detailed findings section and action plan of this report.

Transcription

1 Internal Audit Section Appendix B5 Data Quality Audit Review 2009/10 Part One Executive Summary 1. Introduction 1.1 As part of the 2009/10 Internal Audit Plan, a systems based review has been undertaken of the controls and procedures currently in place over Data Quality throughout Allerdale Borough Council. 1.2 Internal Audit would like to thank all staff involved during the course of the review for their help and assistance, in particular, the Senior Corporate Improvement Officer and the Corporate Improvement Officer. 1.3 Data quality risks should be defined within specific operational risk profiles, during the risk management review 2009/10 this was highlighted as a weakness and a recommendation was raised and agreed. 1.4 Data quality is the responsibility of all staff who manage, handle, store and input data. Data quality is a fundamental part of Corporate Performance Management, poor quality performance data can impact on the internal decision making processes and the Councils responsibilities for communicating performance data externally in particular National Indicators to Central Government. 2. Objective and Scope of the Review 2.1 The objective and scope of this audit was defined in the revised audit brief issued to all relevant staff on 5 August The original brief was revised due to the late submission of data by service managers preventing Internal Audit completing spot checks of National Indicators prior to the submission of data to the Audit Commission for Use of Resources. 3. Audit Opinion Although the Corporate Improvement Team have made every effort to raise the profile of Data Quality and provide support during 2008/09 Internal Audit considers that awareness, compliance with the principles and the data quality of performance information provided corporately is poor. 3.1 There are eight grade two and two grade three recommendations contained within the detailed findings section and action plan of this report. 3.2 Although the Corporate Improvement Team (CIT) have actively campaigned to increase the profile of data quality within Allerdale over the last financial year there has been little improvement to the standard of data quality Allerdale Borough Council is reporting to both internal and external stakeholders. Written guidance, one to one training, staff briefings and the definition of roles and responsibilities have been provided to assist all data quality leads, deputies and managers responsible for data quality to report data in an accurate and timely manner however these actions have not created a vast improvement. 3.3 The deadline for the submission of the National Indicator self assessment forms to CIT was communicated as 13 May 2009 to allow Internal Audit to complete independent spot dataqualityexecsummaryappb50.doc audit review, ref no Page 1

2 Internal Audit Section Appendix B5 checks of data prior to submission to the Audit Commission for Use of Resources. All self assessments were finally received on 17 July 2009 and upon review by CIT it was found that all forms were either not completed in line with statutory guidance, incomplete in some other form or lacked supporting evidence. If fully implemented and monitored by management the recommendations within this report should assist with the improvement of data quality awareness. However it is acknowledged for a high standard of data quality to be achieved this area needs to be given high priority corporately and embedded into Allerdale s culture at all levels, this factor is difficult to address with Internal Audit recommendations and is therefore the responsibility of Senior Management to actively promote awareness and enforce compliance. dataqualityexecsummaryappb50.doc audit review, ref no Page 2

3 Action Plan Data Quality audit review 2009/10 Grade Two 1. Data quality risks should be identified, assessed and managed within the Strategic Risk Register as detailed in the Corporate Data Quality Action Plan. 3 Portfolio Holders responsibility for Data Quality should be included in the constitution as agreed by full Council on 22 April CMT and the Executive. 30/11/09 Democratic Services Manager 30/11/09 dataqualityexecsummaryappb50.doc audit review, ref no Page 3

4 5 Data quality leads and nominated deputies should have adequate knowledge and awareness of the completion of National Indicators within their remit to ensure adequate business continuity and succession planning. 6 National Indicator data should be independently verified by a third party prior to being submitted to the Audit Commission. Heads of Service Agreed with D. Martin. DM s comments - t sure how we can set a date on this as it is not really specific but HoS and their deputies should have adequate knowledge and awareness to enable the completion of returns in the case of absence of key officers and so service managers need to pick this up asap. I would suggest 31 October to ensure all arrangements are in place. IAM s comments - This is not just to enable the completion of returns but also to take responsibility in the accurate calculation and data input of these indicators Internal Audit will build this spot check into their plan every year for annual data but will be reliant on the submission of data by service managers. Implemented dataqualityexecsummaryappb50.doc audit review, ref no Page 4

5 7 Quality Assurance and Self Assessment forms for National Indicators should fully be completed in an accurate and timely manner and the accuracy should be authorised by the relevant Heads of Service. 8 Where data and information supporting performance results, and the results themselves, are shared externally or provided by third parties appropriate written Data Sharing Agreement's should be in place. 9 For performance targets to promote progress they should be sufficiently challenging in order to ensure service delivery improvement, in line with the Performance Management Framework. Heads of Service Agreed with D. Martin. Again, not a time bound recommendation in my view but the relevant HoS should authorise all Quality Assurance and Self Assessment forms with immediate effect and the accuracy issue needs to be addressed at service level. Corporate Data Sharing Senior Corporate improvement Officer Service specific data sharing agreements Heads of Service, agreed by D. Martin CMT and Heads of Service, as agreed with D. Martin. CMT are already driving the targets, but there is a formal CMT meeting looking at performance issues across all indicators on 13th October. I would expect this to include the quarterly reports on CIP targets from CIT, HoS need to include performance challenge in their own team meetings if they do not do it already. dataqualityexecsummaryappb50.doc audit review, ref no Page 5

6 10 The Corporate Management Team should implement a process where those with a responsibility for data quality are held accountable for non compliance with the Data Quality Strategy and corporate deadlines. Grade Three 2 The Annual Governance Statement Questionnaire for managers should include reference to the primary document for Data Quality, the Data Quality Strategy. 4 Specific roles and responsibilities for data quality should be defined in all job descriptions. Heads of Service as agreed by D. Martin. CMT considered a report on data quality issues on 1 st September which outlined the main problems and agreed to support CIT in the difficulties encountered in accessing timely data quality. What this means is we want HoS to chase up their managers and ensure we are robust in the processes we use and to report back to CMT. Senior Corporate improvement Officer Human Resources to include the requirement on the job description template for use by managers. 30/11/09 31/01/10 Internal Audit shall be monitoring all current and future agreed actions through the Covalent performance management system. The use of Covalent will allow officers to directly update their progress and give managers the opportunity to monitor these actions. Implementation dates are agreed before the Final report is issued, amendments to these dates must be agreed with Internal Audit prior to changes being made within Covalent. The assigned actions will appear on users Covalent homepage. Updates and details of implementation can be completed by the officers assigned to the actions at any time. The record of the agreed actions updates within Covalent will be used to provide information required by the Corporate Management Team and Audit Committee. dataqualityexecsummaryappb50.doc audit review, ref no Page 6

7 Agreed actions are graded according to the level of importance and severity of the system weakness. This grading falls into the following three categories: Grade 1 Agreed actions which if not actioned, will result in the system weakness compromising the Head of Finance s responsibilities under Section 151 of the Local Government Act 1972 which stipulate that the Council must make arrangements for the proper administration of its financial affairs ; Grade 2 Agreed actions relating to weaknesses which affect key areas of operation of the system and should be addressed in order to establish a satisfactory level of internal control; and Grade 3 Agreed actions which, in Internal Audit s opinion, are desirable but not essential in order to achieve a satisfactory level of internal control, however upon the acceptance of the recommendation by management, the implementation will be monitored until completed by the agreed implementation date. dataqualityexecsummaryappb50.doc audit review, ref no Page 7