South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013
Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year findings 6 Appendix 1: Terms of reference 14 Appendix 2: Limitations and responsibilities 18 Distribution List For action For information Chris Rothwell (Head of Community Services) Ashley Davey (Lead Officer, Leisure Services) Karen Curtin (Head of Finance and Procurement) Martin Henry (Director of Resources) Sue Smith (Chief Executive) Internal Audit report for Oxford City Council PwC 3
1. Executive summary Introduction The Council outsourced its leisure services to Serco Leisure Operating Limited ( Serco ) in 2001. The service has been managed through a tripartite arrangement between the Council, Serco and South Northamptonshire Leisure Trust ( SNLT ) since 2007. Areas of good practice Roles within the Council are defined and understood, with overall responsibility sitting with one individual who demonstrated full knowledge of the scope of services offered by the contractor; The Council review invoices and payments and validate values. This ensures payments made are accurate and consistent with contract terms and conditions; The Contract includes a robust process for agreeing variations and price amendments, with a clearly defined dispute process; Effective communication systems are in place which support contract operations e.g. monthly spot checks, monitoring of planned preventative maintenance ( PPM ) work performed and regular meetings between the three parties to ensure that performance reported appropriately; and The Council have identified key stakeholders and designed and implemented appropriate reporting mechanisms. This includes annual reporting to Council, user forums, a defined complaints process and use of the Council and Trust websites to communicate performance. Areas for development Financial Modelling - There are a number risks associated with the arrangement used to manage the leisure provision, including the overall corporate governance applied to the Contract, transfer of risk between parties and costs. The risks should be reviewed to ensure sufficient processes and controls are in place. There is opportunity to liaise with other authorities and technical experts in this area to evaluate these risks and share experiences; Key performance indicators ( KPIs ) and alignment to Corporate Objectives - There are no formal KPIs to assess contractor performance and there is no clear linkage between the contract and corporate objectives. The Council should review the Contract to ensure there is clear alignment between the strategies of the Council and those contained within the Contract. Performance against these objectives could be monitored through the use of formal KPIs; Contract Risk Register There is no contract risk register and no specific risks relating to leisure services are included in the Council's corporate risk register. Good practice suggests that specific risk and opportunity registers, aligned to corporate objectives, should be in place for all contracts; Default clauses and services specifications There are financial penalties for non-compliance with contract terms and conditions. There is no mechanism for monitoring these failures and penalties have never been imposed. The service specification is out-of-date and has not been updated since 2001; Right to audit clause - The Contract does not include a right to audit clause to allow the Council to validate performance information provided by the Contractor. Without this validation there is a risk that data sent by the Contractor is inaccurate or incomplete. Contract Management Forums - There is no centralised contract management working group to enable contract managers to share experiences internally across other contract management disciplines. This would be a useful mechanism to allow contract managers to share ideas, challenges and good practice. PwC 4
2. Background and scope Background The Council outsourced its leisure services to Serco Leisure Operating Limited ( Serco ) in 2001. This is managed through a tripartite arrangement between the Council, SNLT, and Serco. The relationship with Serco is managed through a 9 year contract between SNLT and Serco, originally agreed in February 2007. The contract provides for Serco to manage the provision of the leisure services at Brackley Leisure Centre, Brackley Swimming Pool and Towcester Centre. Although the contract is between SNLT and Serco, the Council have a direct interest because Serco are used to discharge the obligations and responsibilities of the Council through formal engagement with SNLT. The contract includes managing the services provided at the leisure sites. This level of service includes: Scope and limitations of scope Scope We have reviewed the procedures and controls in relation to on-going contract management activities over the leisure contract. This considered the following selected sub-processes: Management of employees; Development of a range of leisure activities which will encourage participation from all sections of the community, both retaining existing users and encouraging new users; and Promotion of leisure services through a variety of marketing strategies. Contract ownership, roles, and responsibilities, including contractor relationship management; Transfer of risk to the contractor and management of residual risks; Service delivery, payment and recording of costs in the financial statements to include sample testing of a sample of transactions to confirm these are in compliance with the contract; Monitoring mechanisms; and Governance and reporting mechanisms. This included reviewing contract governance procedures against examples seen at other organisations to identify examples of good practice. Limitations of scope The scope of our work is limited to the areas identified in the Terms of Reference (Appendix 1). This review is deemed as value enhancing within the Internal Audit Plan, as such, we have not provided risk rated findings or an overall risk rating. Our review has been performed in the context of the information provided to us. Where circumstances change the review outputs may no longer be applicable. In these situations, we accept no responsibility in respect of the advice given. PwC 5
3. Detailed current year findings 1. Financial modelling Finding Leisure services can be provided using a variety of different options. Through the use of the Trust model there are a number of risks which should be considered throughout the terms of the agreement: Corporate Governance under a Trust arrangement, there is a risk that the Council is unable to retain control over contract management. The Council should ensure it maintains appropriate member representation on the Trust Board and the service specification is up-to-date including the responsibilities of each party. All responsibilities set out within the contract should be applied as set out within the agreement; Risk transfer - the Council should review contract terms to ensure that it qualifies for sporting exemption and to determine who bears the risk in the contract, for example, determining whether the Council or Trust is liable for any potential tax losses; Cost - the Council should perform a cost analysis to determine which options are financially advantageous to the Council; Government - the Council should factor the impact of government and their preferences surrounding any model they choose to implement; and Local buy-in - for any decision made, the Council should consider its stakeholders and which model delivers the best service to its customers. The Council were interested in alternative options for providing leisure services; based on our knowledge and experience we have summarised other models used by local authorities. Our review identified that the model adopted at the Council is common, however other authorities are now exploring alternatives, including: Bringing the service in-house; Fully outsourcing the contract; Undertaking a joint venture; Set up of a community interest company; and Strategic partnerships. Recommendation/Good practice 1. The Council should ensure all clauses set out within the current model are reviewed to ensure that they are obtaining the maximum benefit from the agreement. 2. The Council should liaise with other authorities to understand how they structure their leisure services. 3. The Council should meet with technical specialists to discuss the existing structure, potential risks and other available options for the provision of this service. Management comments/actions 1. All of the findings above were looked at when embarking on the trust model the Council currently has in place and whilst some key personnel have changed, the professional, legal and finance input that established the arrangements are still in post. There is sufficient confidence that the current model is still delivering what the Council intended when establishing the revised 2007 Trust arrangements. Management do not consider there to be any significant risk that warrants a detailed PwC 6
review of the current arrangements which would require significant resources and which are not currently available to the Council. Looking ahead to 2016 and the end of the contract term the recommendations and finding will help to inform the Council s approach to the procurement exercise. 2. Agreed. This is now done more formally with Cherwell District Council however arrangements are also in place with AVDC as well as Rugby Borough Council to look at management issues as well as a wider network linking across Oxfordshire and Thames Valley Authorities. 3. A follow up meeting has taken place with PwC technical specialists in connection with alternative options and a paper is due to be forwarded to the Council. This can be considered further when procurement options are developed for the post 2016 arrangements but it is not seen as beneficial at this stage in the current Contract. There needs to be recognition that this contract is operating in a dynamic environment and any successful contract needs a degree of cooperation and flexibility from all parties to work effectively. We do this in a manner which does recognise and works within the contract parameters but does not involve an overly prescriptive approach. Implementation date and responsible person: Management will keep under review the level of risk arising from current arrangements. Operationally this will be the responsibility of the Lead Officer for Leisure with oversight by Head of Community Services. With immediate effect. PwC 7
2. KPIs and alignment to corporate objectives Finding The contract defines minimum levels of service expected by the contractor. This helps to ensure work is delivered at an appropriate quality and in line with contract terms and conditions. This helps to protect the Council from reputational damage arising from inappropriate contractor activity. However, the contract does not include any formal KPIs to assess contractor performance and there is no requirement for Serco to provide information on the delivery of PPM works or whether this has been performed in accordance with plan. Instead, the Contract states that it is the responsibility of the Council to monitor performance in this area. There is no clear linkage between the contract and its impact on the delivery of the Council's corporate objectives. Recommendation/Good practice 1. The Council should ensure that there is a clear alignment between the strategies of the Council and those contained within the Contract. Performance against corporate objectives should be monitored through the use of KPIs. 2. The contract and KPIs should be regularly reviewed and updated to ensure they are meeting the evolving needs of the Council. 3. KPIs developed should be both qualitative and quantitative. These need to be continually reviewed and updated to ensure they are measurable, achievable, realistic, timely and consistent with the corporate strategies of the Council. 4. The Council should consider the opportunity for the Contractor to self-report its performance. 5. The type of reporting including content required by the Council should be clearly defined. 6. Effective strategic review meetings to review clearly defined performance information will assist in achieving the objectives of the Council. Management comments/actions 1. There is a need to continually review and seek to align the service provided through the Contract with Corporate Priorities. The Lead Officer liaises with the Trust in connection with Council priorities but Management do not have the budget flexibility to ensure the contract delivers fully on changing Council priorities. Such a Contract provision would require an annual renegotiation of the Contract and Management do not consider this would provide value for money. The emphasis is on ensuring the service is broadly in line and is not delivering a service that is contrary to Council priorities. Our controls are largely through the monthly and quarterly Serco/Trust/SNC meetings where performance data is scrutinised at a micro and macro level. Arising from this, the contract management and client interface is effective as it uses actual income and usage figures rather than KPIs. 2. Agreed but taking account of the limitations set out in 1 above. Regular liaison takes place via the Council s Sports Development Officers. Client Contractor meetings have been re-established as this was missing from the processes. 3. There is a need to have KPI s but for these to be relevant and meaningful. Current Government thinking is to remove unnecessary burdens and many performance and target processes have been stripped away. The best measure of the service is customer satisfaction monitored through usage- failure of the service will be noted by reduced attendances. Whilst other performance indicators may be desirable, current resources limit the level of monitoring that can be implemented. 4. There is self reporting via monthly board meetings. The Contract is not designed in the way more recent contracts are around this process. This is one area to consider when looking to the arrangements post 2016. 5. This should be considered further with the Trust to establish agreed basis at no additional cost. PwC 8
6. In terms of the Council s priorities, it should be recognised that these have not changed fundamentally over previous years in relation to this contract and therefore there is little relevance to this issue. Implementation date and responsible person: Head of Community Services With immediate effect PwC 9
3. Contract Risk Register Finding There is no contract risk register and no specific risks have been incorporated as part of the Council's corporate risk register. Best practice would suggest that identification of risks surrounding contract delivery, implementation of controls and ongoing monitoring of these risks, should be considered as part of this process. This is also a useful tool to help organisations manage their contracts more effectively, including: Helping to increase the transparency of risks faced by the organisation; Helping to identify what services are required from the contractor; Helping to identify that there are appropriate resources to identify risks; and Raising awareness with other third parties about the risks faced in the delivery of the contract. Recommendation/Good practice 1. We would recommend that specific risks and opportunities are captured for all contracts. Typically, these are created at the inception of the contract with regular reviews and updates to ensure that risks are monitored on an ongoing basis and new risks are identified. 2. Risk registers should be clearly aligned to corporate objectives and include an appropriate risk rating (which is quantifiable and consistent across all departments), have specific controls, dedicated owners to update the register and action plans. 3. Contract Risk Registers should feed into the overall corporate risk register of the Council and be subject to third party challenge from Risk Management Working Groups and at Committee level. Management comments/actions An appropriate level of risk management to be formally established and captured through the Service Plan process and in the Corporate Risk register if this is appropriate. The Council s PMF process will then pick up regular monitoring of risks and reporting through Scrutiny. Implementation date and responsible person: Lead Officer for Leisure 31/03/2013 PwC 10
4. Default clauses are not implemented Finding If Serco or SNLT fails to commence or cease to perform any part of their contracted services, the Council may issue a financial penalty. The value of the penalty charge varies depending on the type of failure and duration of the fault. However, the Council does not enforce this policy. Recommendation/Best practice 1. The Council should review default clauses to ensure they are clear, easy to follow and understood by all parties. 2. Financial penalties should be linked to KPIs and service specification failure. Non-compliance should be monitored and challenged on an ongoing basis through analysis of reliable management information. 3. KPIs and any associated financial penalties for non-compliance should also be reviewed on an annual basis to ensure they remain relevant and appropriate. 4. The Council should ensure that appropriate management information is gathered to assist monitoring compliance in line with the provisions of the contract and to establish where determine where failures have occurred. 5. Where failures are identified, the Council should issue penalties in accordance with the contract. Management comments/actions 1. A review of current default clauses is not considered practicable or necessarily desirable at this stage in the contract term. It is considered this would be damaging to the working relations and be costly in terms of resource input and would not deliver significant service improvement or financial benefit. However, Management do consider that existing clauses need to be clearly understood by all parties and implemented in accordance with the contract as this is not currently the case. 2. Financial penalties should be implemented where there is default. It is not considered practicable to design new penalty clauses around a new set of KPI s. 3. Agreed. This needs review to ensure delivery of the contract in accordance with requirements and so far as is reasonably practicable, with changing priorities of the Council. Implementation date and responsible person: Lead Officer for Leisure Services to review Contract clauses; brief staff and take forward with the Trust Board. With immediate effect PwC 11
5. Right to audit clause Finding The Contract does not contain a 'right to audit' clause. Right to audit clauses provide customers with the opportunity to exercise independent audit of performance data and financial information submitted by the contractor. This provides insight into the quality and accuracy of contractor reporting and provides assurance over information provided and the contractor s internal controls and procedures. This validation check also helps to mitigate against the risk that data sent by contractors is inaccurate or incomplete meaning that performance reporting is unreliable, or that data is manipulated by contractors to avoid possibly penalty payments for poor performance. Recommendation/Good practice The Council should consider updating the contract or issuing a variation/addendum which includes a 'right to audit' clause. The Council may choose to invoke this right at their discretion. Management comments/actions Agreed. This will be explored with the Trust. Implementation date and responsible person: Lead Officer for Leisure. 28/02/2013. PwC 12
6. Contract specification is out of date Finding The Contract includes a detailed service specification outlining the requirements of the contract, specific schemes which need to be supported through the provision of the service and minimum standards of performance (see finding #2 above). From review of the specification and discussions with the Contract Manager, we have identified that the specification is out of date and has not been updated since the inception of the contract in 2001. Recommendation/Good practice 1. The Council should update the specification of services annually to ensure it reflects the services agreed and executed by each party. 2. The Council should ensure that contract arrangements and costs are reviewed annually. The review process should be clearly documented with any discussions, actions and decisions recorded. Management comments/actions 1. Where there is agreed change in requirements this should be accompanied by a Contract Variation. It is not felt there is an automatic requirement for annual review. 2. There is an annual review of the Management Fee but this appears to be instigated by Serco. The Council should control this review and management fee uplift. The Lead Officer for Leisure Services will review the Contract Clause. Some additions to the contract were made because of the nature of the Trust set up in 2007 so there has been a level of update since 2001. Implementation date and responsible person: Lead Officer for Leisure Services With immediate effect PwC 13
7. Contract Management Forum Finding There is no centralised contract management working group to enable contract managers to share experiences and knowledge of contract management. This type of forum may enable contract managers to: Share their own experiences and knowledge across the organisation, in particular any ideas or good practice; Discuss common issues and pitfalls and help to consider ways of mitigating the risk of these occurring again; Introduce standard contract management mechanisms and minimum levels expected for contract management activity; and Empower managers to execute their role effectively. Recommendation/Best practice 1. A formalised working group should be created and attended at a regular basis by contract managers from across the Council. 2. These meetings should focus on idea sharing, in particular, areas of good practice and areas for development, with agreed action plans and controls. 3. Contract risk registers should be discussed and challenged. 4. Minimum levels of contract management activity should be established. Management comments/actions 1. There are formal links with Cherwell, and contact with other Leisure managers across Northamptonshire, Oxfordshire, Thames Valley, Warwickshire and Buckingham. The new shared Procurement Team will ensure best procurement practice across the Council. No further action proposed. 2. As set out earlier. Annual RPI review to be taken back under Council control. Client Contractor meetings to be continued on a planned basis. Trust meetings to be attended and Council input to the agenda. Implementation date and responsible person: Lead Officer for Leisure with over sight by Head of Community Services. With immediate effect PwC 14
Appendix 1: Terms of Reference South Northamptonshire Council Terms of reference Contract Assurance: Leisure Contract To: From: Chris Rothwell, Head of Community Services Charlotte Bilsland, Audit Manager This review is being undertaken as part of the 2012/13 internal audit plan approved by the Audit Committee. Background South Northamptonshire Council (the Council ) is responsible for providing leisure services to the public. This is managed through a tripartite arrangement between the Council, South Northamptonshire Leisure Trust ( SNLT ), and an independent third party (Serco Leisure Operating Limited, Serco ). The relationship with Serco is managed through a 9 year contract between SNLT and Serco, originally agreed in February 2007. The contract provides for Serco to manage the provision of the leisure services at Brackley Leisure Centre, Brackley Swimming Pool and Towcester Centre. Although the contract is between SNLT and Serco, the Council have a direct interest because Serco are used to discharge the obligations and responsibilities of the Council, through formal engagement with SNLT. The contract includes managing the services provided at the leisure sites. This level of service includes: management of employees; development of a range of leisure activities which will encourage participation from all sections of the community, both retaining existing users and encouraging new users; and promotion of leisure services through a variety of marketing strategies. Scope We will review the procedures and controls in relation to on-going contract management activities over the leisure contract. The review will consider the following selected sub-processes: Contract ownership, roles, and responsibilities, including contractor relationship management; Transfer of risk to the contractor and management of residual risks; Service delivery, payment and recording of costs in the financial statements to include sample testing of a sample of transactions to confirm these are in compliance with the contract; Monitoring mechanisms (for example, use of including Key Performance Indicators ( KPIs ), application of service credits); and Governance and reporting mechanisms. This will include reviewing contract governance procedures against examples seen at other organisations to identify examples of good practice. PwC 15
Limitations of scope The scope of our work will be limited to the areas identified in this Terms of Reference. This review is deemed as value enhancing within the internal audit plan, as such, we will not be providing risk rated findings or an overall risk rating. Our review will be performed in the context of the information provided to us. Where circumstances change the review outputs may no longer be applicable. In these situations, we accept no responsibility in respect of the advice given. The areas of contract management will be assessed based on interviews and discussions with contract managers and our knowledge and experience of contract management practices we have seen elsewhere. In making this assessment we may corroborate certain practices however we will not be substantively validating or testing the information provided. We will highlight any significant financial opportunities that come to light, but the review will not be focussed on identifying these. Should our initial assessment identify opportunities for future efficiencies / cost recoveries, we could assist you further with deep dive contract reviews on individual contracts to validate / quantify the cash savings / recoveries that could be achieved. Review approach Our review approach is as follows: Obtain the contract and perform a high level review to identify the key aspects of the contract; Through discussions with the contract manager, establish the roles and responsibilities of each individual; Identify the governance structure; Assess the adequacy of monitoring mechanisms over contract performance; Review the information provided by the contractor against those specified within the contract (such as key performance indicators); Compare the contract management disciplines identified to standard practice observed elsewhere; and Identify pointers and lessons that should be considered to assist contract management techniques based on standard practice; this will be based on the discussions with the contract managers, and our experience of practices we have seen elsewhere. Internal audit team Name Richard Bacon Chris Dickens Charlotte Bilsland Lucy Jevons Role Engagement Leader Chief Internal Auditor Audit Manager Contract Assurance Manager Key contacts Name Title Role Contact details Chris Rothwell Head of Community Services Audit Sponsor* chris.rothwell@cherwellandsouthnorthants.gov.uk Ashley Davey Lead Officer, Leisure Services Audit Contact Ashley.Davey@southnorthants.gov.uk PwC 16
Other Roles and Responsibilities Name Title Responsibilities Karen Curtin Martin Henry Head of Finance and Procurement Director of Resources Receive final report Receive final report Sue Smith Chief Executive Receive final report * The audit sponsor should respond by email to the audit manager to confirm agreement with these Terms of Reference. By agreeing to the document, the responsible manager is confirming the following: Appropriateness of scope and any limitation; All relevant documentation, including source data, reports and procedures, will be made available to us promptly on request; Staff and management will make reasonable time available for interviews and will respond promptly to follow-up questions or requests for documentation; and, Agreement with the timetable of reporting within the document and the audit reporting protocol within the Annual Audit plan. Timetable Fieldwork start 20/06/2012 Fieldwork completed 29/06/2012 Clearance Meeting w/c 25/06/2012 Draft report to client w/c 13/07/2012 Response from client w/c 20/07/2012 Final report to client w/c 27/07/2012 Agreed timescales are subject to the following assumptions: All relevant documentation, including source data, reports and procedures, will be made available to us promptly on request; and Staff and management will make reasonable time available for interviews and will respond promptly to follow-up questions or requests for documentation. PwC 17
Appendix 2: Limitations and responsibilities Limitations inherent to the internal auditor s work We have undertaken the review of the Leisure Contract is subject to the limitations outlined below. Internal control Internal control systems, no matter how well designed and operated, are affected by inherent limitations. These include the possibility of poor judgment in decision-making, human error, control processes being deliberately circumvented by employees and others, management overriding controls and the occurrence of unforeseeable circumstances. Future periods Our assessment of controls relating to the Leisure Contract review is for the 2012/13 financial year. Historic evaluation of effectiveness is not relevant to future periods due to the risk that: Responsibilities of management and internal auditors It is management s responsibility to develop and maintain sound systems of risk management, internal control and governance and for the prevention and detection of irregularities and fraud. Internal audit work should not be seen as a substitute for management s responsibilities for the design and operation of these systems. We endeavour to plan our work so that we have a reasonable expectation of detecting significant control weaknesses and, if detected, we shall carry out additional work directed towards identification of consequent fraud or other irregularities. However, internal audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected. Accordingly, our examinations as internal auditors should not be relied upon solely to disclose fraud, defalcations or other irregularities which may exist. the design of controls may become inadequate because of changes in operating environment, law, regulation or other; or the degree of compliance with policies and procedures may deteriorate. PwC 18
This document has been prepared for the intended recipients only. To the extent permitted by law, PricewaterhouseCoopers LLP does not accept or assume any liability, responsibility or duty of care for any use of or reliance on this document by anyone, other than (i) the intended recipient to the extent agreed in the relevant contract for the matter to which this document relates (if any), or (ii) as expressly agreed by PricewaterhouseCoopers LLP at its sole discretion in writing in advance. 2012 PricewaterhouseCoopers LLP. All rights reserved. 'PricewaterhouseCoopers' refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.