Agenda item

To receive the progress report from the Council’s external auditors, Grant Thornton.

Officers present spoke to the Grant Thornton Audit Progress Report and provided more detail of the audit, highlighting that the report addressed the progress made rather than any definitive findings, and would report a conclusion of the audit upon completion.

In previous updates at past meetings, officers discussed how they had updated their risk assessment and various different judgments. This report included a sample of these from 2020 in comparison to 2021, thus far noting that a lot was being asked of the finance team this year due to the change in various judgments.

The progress report showed where the audit team was at present, addressing all the samples within the report that were required to be completed before the audit was finalised.

Grant Thornton officers highlighted that despite the volume of issues that the finance department was currently experiencing, they remained committed to the audit, which was important to note during this audit.

The Chair raised a question on whether there was any cause for concern within the audit. The officers advised there was concern about how quickly the audit could be completed, as the service had not reached a conclusion on the vast majority, therefore they were unable to draw any overall conclusions.

Officers highlighted the issue of the number of journals that were self-authorised, which was a control weakness. Journals should have a two-stage authorisation process to ensure accuracy within the work. This would be reported within the audit findings report. Members heard about payroll and the particular approach used for the process, and testing carried out on what was known as the full equivalent list.

Following the information shared by officers, Members discussed the report and made various comments.

Members commented on the management override of control journals and the two-step authorisation process, with a single personal authorisation process resurfacing this year having not previously been an issue, and queried whether there was evidence of it being the same departments or individuals; furthermore whether movement between journals to correct the budget was something that was common. Officers responded that the reasons auditors focused on journals was the movement of expenditure within the Council’s ledger, which raised risk and a lot of attention. Auditors were seeing a handful of self-authorised journals and wanted to build extra review around this to put retrospective controls in place. Officers further added that it was not just the finance team who could undertake journal transfers, the wider organisation was able to do this too, as such, a subsequent review was to be conducted to address the issue. Journal transfers, in summary, were income that came into one of the organisation’s bank accounts, allocated to a cost centre, which would need to be moved into the relevant departments budget; or it could be expenditure incurred on one cost centre but relate to three or four cost centres, as within the organisation not everyone would be entitled to a purchasing card for strict control; however, more measures were being put in place to prevent this from happening again. Members asked further questions on the system and the movement of double entries to be made without two different authorisation numbers being tapped in. Officers clarified that some financial systems could ban this self-authorisation.

Further questions were asked relating to the inaccuracy of the staffing data, and officers informed that with a change in the system some of the analytics were easier, with the report highlighting a number of the small issues however, officers were looking at the options to resolve these.

Members acknowledged the variety of delays set out within the report, which was mostly due to the pandemic, though wanted clarification on the normal timing for an audit report to be completed for the year ending March 2020. Furthermore, questions were asked about how much the findings within this report contributed to the report in the public interest, the work that was done on the audit prior to the report in the public interest coming out, what the interrelation was between the two, along with why and what the prognosis was for missing information sent to auditors. Officers informed that the normal cycle of an audit would normally consist of planning in November, December, some early testing within that journey to March, thus a three month period. Work was carried out before the pandemic and Grant Thornton had issued their first version of the audit plan at the March 2020 meeting.

Grant Thornton continued to engage with the finance team throughout the year, and conversations were had around the value for money conclusion and the elements that were addressed in the public interest reports around budget setting and concerns about their positon in March 2020. Further conversations with the Council, throughout April and September, raised questions about what was happening on the wider value for money position, including where the financial sustainability aspect was reviewed in relation to the budget setting, which was highlighted in the public interest report. Though there had been changes within the organisation with remote operation and within the financial team, officers continued to have good level of engagement with Grant Thornton, communications had been held and officers continued to gather all information required. Subsequently, Members asked what the projected date was for the audit to be completed, with it estimated a time frame for auditors drawing to a conclusion in February, though there was complexity within the accounting standards, which may take longer to resolve.

Members followed up with comments regarding the audit sample progress update table, which was a snapshot of December, and queried whether there had been progress since then. Officers clarified that progress had happened and some areas had moved quicker than others.

Members discussed the IT systems, which was noted to have been an issue concerning access, and raised a question relating to training on the usability of systems and how management had responded. Officers shared that a risk within the audit plan was the implementation of a new system that involved data transfer. Grant Thornton had specialist auditors brought in to understand the controls. The finance team was continuing to improve the systems and still used the My Resources Board, which was set up to oversee the implementation of new elements of the system, and met regularly. There had been on-going development of the system, to ensure it continued to be robust, with many controls, checks and balances in place with internal audits to review the systems regularly.

Other questions raised by Members brought a conversation relating to an update on the Brick by Brick audit report. The officers informed that the Grant Thornton auditors had look into the work of a company called Ensoles as part of the audit as the Brick by Brick figures were consolidated into the Croydon group accounts. Further insight to how the figures had gone through and how work had been conducted was part of the process.

Members discussed their concerns relating to the excessive number of users with access, including non IT staff, and the management response, which seemed to be very weak, highlighting a lack of control. Furthermore, there were concerns relating to the number of people with server admin access within the general Oracle Cloud. Officers acknowledged that there were a lot of users with access and that there was a model where budget managers were responsible for putting on information directly. Officers were monitoring information directly into the finance system. There was a model where purchase orders could be raised within the business rather than through a small team of people. There were different levels of access for different people, and officers informed that more information would be provided to Members.

Members sought further clarification relating to controls and how Croydon was doing for the year 2019-2020 and 2020-2021, and what the plans were to manage this. Officers shared that there would be some overlap for the year 2021, and this was due to the unforeseen impact of the pandemic which had caused accounts to be sent late, meaning audits would take longer to complete, and any adjustments made the reserve levels would be affected. Grant Thornton had aimed to close the audits to be able to monitor budgets for the year 2020-2021 to a reasonable place; there was also a conversation about what the 2021-2022 year would look like regarding Croydon’s financial position, value for money and setting budgets.

The Chair thanked Grant Thornton and officers for the report and the questions and answer session.