Cross Council Assurance Service

Internal Audit Report

Facilities Management
June 2018

To: Deputy Chief Executive, LBB

Head of Estates, LBB
Client Lead for CSG Estates, LBB
Operations Director, CSG
Director of Estates, CSG
Head of Building Services, CSG
Acting Head of Facilities Management, CSG
Commercial Performance and Development Manager, LBB
Community Safety Manager, LBB
Information Management Officer, LBB
Internal Communications & Engagement Manager, LBB
Copied to: Director of Finance, LBB
Head of Finance, LBB
From: Internal Audit Executive, LBB
Internal Audit Apprentice, LBB
We would like to thank management and staff of CSG and LBB Commissioning for their time and co-operation during the course of the
internal audit.
Executive Summary
Assurance level Number of recommendations by risk category

Critical High Medium Low Advisory

Limited
- 2 2 2 -
Scope

Facilities Management is delivered at the Council through the Customer and Support Group (CSG), a contract between the Council and Capita. The Facilities
Management Team provide a number of services within the CSG contract for the seven maintained sites within the Council estate (North London Business Park
(Buildings 2 and 4), Barnet House, Hendon Town Hall, Oakleigh Road Depot, Friary House and Colinhurst House).

Facilities Management are responsible for a number of key tasks to support the delivery of this aspect of the CSG contract such as:

- Resolving facilities incidents: The Facilities Management Team respond to building issues regarding maintained sites. In October 2017 a new software
package, FM Support Works, was implemented to support the logging, tracking and reporting of incidents and their resolution. Facilities management incident
resolution times are monitored through KPI CSG/C25. In Q1, 2017/18 the KPI reported that 100% of reported incidents were resolved within target timeframes;

- Budgets: Facilities Management are responsible for monitoring the facilities management budget, which is circa £3 million per annum, on behalf of the Council
and work with the Council to ensure that cost savings are identified and subsequently realised; and

- Policies and procedures: Facilities Management are responsible for ensuring that relevant policies and procedures are in place that clearly define the roles and
responsibilities of key personnel in facilities management processes.

This audit reviewed the design and operating effectiveness of the key controls in place relating to the three key activities listed above.

Summary of findings

During our audit, we noted that a number of actions had been taken by CSG Estates to improve the work of the Facilities Management Team including:

o The Hornbill system went ’live’ in October 2017 to support incident resolution and performance measurement;

o Regular reports of budget positions were included in Monthly CSG Estate Services Performance Reports to assist with oversight of budgetary position;

o The role of Facilities Manager had been filled with a permanent member of staff to support Facilities Management and reduce the risks associated with a single
point of failure within the Team; and
o We also noted that management had identified improvements to be made regarding policies and process documents, such as the creation of welcome packs for
new custodians and new officers to the Council. The Team has also recognised the need to upload policies in a central location within BarnetWork (the Council’s
Intranet). We found evidence that management were working towards implementing these actions.

This audit has identified two high, two medium and two low risk findings.

We identified the following issues as part of the audit:

o Data Quality – KPI CSG 25: Incident Resolution (finding 1, ‘high’ risk rating) – The Facilities Management Team report on incident resolution through KPI
CSG 25 (Incident Resolution). This is the only KPI in place specifically regarding Facilities Management, which was forecast to spend £6.4m in 2017/18. We noted
that where the outturn is under 100% the Council is entitled to a service credit.

We noted the following issues:

o The KPI definition requires for jobs to be categorised according to resolution time; however, we found that there was no definition of reporting categories and
their agreed rectification times. All requests in 2017 were reported as requiring a resolution in 48 hours.

o Management confirmed that incidents could be placed on ‘hold’ when there is a delay outside the control of Facilities Management but we noted there was no
definition or clear expectation of reasons to place incidents on hold.

o We selected 11 jobs which were completed in October and November 2017 and found that:

▪ 1/11 (9 %) incidents were reported as closed but had not been resolved in February 2018. Management confirmed that this incident requires the input
of the Landlord which is outside CSG’s control but this issue had been escalated with them. We found there is no agreed protocol in place for resolving
issues with the Landlord;

▪ 1/11 (9 %) requests related to a potential health and safety issue regarding a chair. Although this job was resolved in under an hour which suggested
that jobs were being prioritised, it had not been escalated to a higher priority and was classed as a ‘P4’ which required resolution within 48-hours; and

▪ 1/11 (9 %) requests required the procurement of materials and required two people to be present at the site. We found that the job was placed on hold
for 19 days. Management confirmed that some of this delay was due to a key member of staff being on annual leave which delayed the acquisition of
parts and two officers not being available to complete the job.

o External contractors (finding 2, ‘high’ risk rating) - We noted the following issues:

o We found that there was a lack of audit trail linking incidents raised on Hornbill with Permit to Work (PtW) forms and subsequent Purchase Order (PO) numbers
and invoices raised by contractors. This meant that in some instances we were unable to confirm controls were operating as expected.

2
 o We were informed that standard practice for resolving incidents using external contractors is to raise a purchase order for £250, which is approved by a the CSG
Estates Team. The contractor attends the site and subsequently raises an invoice for the correct amount, in line with a schedule of works. We considered that
there was there the potential for work to be agreed by CSG Estates without a detailed knowledge of the final cost to the Council;

o We selected five jobs which required the use of an external contractor:

▪ For 4/5 (80%) there was no evidence to support Facilities Management approval of invoices to confirm that goods and services has been received prior
to payment in four cases; and

▪ For 1/5 (20%) jobs we could find evidence of two invoices which were for the same amount (£124.00) and same job completed date in addition to many
similar details within narrative fields. Whist we found Facilities Management approval to pay one of the invoices, due to the lack of audit trail between
jobs raised on Hornbill and invoices we were unable to conclusively state whether payment had been made twice for the same job.

o We were informed that payments over £250 require the authorisation of a suitable Approver but for one payment of £368.94, it was identified that no evidenced
to confirm the relevant Project Manager approved goods and services had been received prior to payment.

- Budget monitoring (finding 3, ‘medium’ risk rating) – During the time of our fieldwork we noted that the Facilities Management managed budget for 2017/18
was £3.87m but in December 2017 was forecast to spend £4.91m (an overspend of 27%).

o Roles and responsibilities: During our review, we found there was a lack of clarity regarding the named Budget Holders and Budget Managers, whether
budgets were monitored using Integra BDM and roles and responsibilities in approving works/invoices and the monthly budget monitoring process. This led to
confusion when we made requests for evidence and conflicting views on the design and operating effectiveness of the controls in place, requiring additional
audit resource to complete the review.

o Budget Monitoring Process: We were informed by Management that the Estates budget monitoring process does not occur within the Integra BDM module,
but that the following monthly budget monitoring cycle process was in place. We were informed that:

▪ CSG Operations sends the Client Lead for Estates a spreadsheet containing the actuals and forecasts for financial year to date;

▪ The CSG Operations Manager and the Client Lead for Estates meet to discuss the spreadsheet and its contents. Any discrepancies between forecast
and actual are discussed along with the identification of savings. There is an expectation that the Head of Estates and Head of Building Services will
attend the meeting quarterly; and

▪ Actions arising from the meeting are compiled circulated to the attendees.

We selected three months from the financial year of 2017/18 and sought to verify that the budget monitoring was happening in line with the expectations described
to us above. We found that:

▪ For 1/3 (33%) months we considered that the Budget Monitoring was not completed in line with expectations described to us. W hilst we found evidence
of the CSG Operations Manager and CSG Finance meeting to discuss the Annual Work Plan we were informed this impacted on the Building Services
budget rather than Facilities Management. We also saw evidence to confirm forecast versus actual being reported in the Monthly Estates Services Report.

3
 However, we could not be supplied with evidence of what was discussed at the meeting, involvement of the Council or if any actions were raised as a
result of the meeting.

o Identification and monitoring of savings: We considered that improvements could be made to the controls in place to document and support regular monitoring
of budgets and devising a systematic and coordinated approach to identifying savings and monitoring them being achieved

- Policies and Procedure Documents (finding 4, ‘medium’ risk rating) - We noted the following issues:

o Policies in Place: We selected seven areas of the output specification (Schedule 1) of the CSG contract and asked to inspect the procedure documents in place
for these areas. We also reviewed other procedures referred to within these documents. We found that there were significant errors within some of the
documents, for example:
▪ The Facilities Management Welcome Starter Pack for New Employees for North London Business Park showed the fire evacuation point as Barnet House;
▪ There was no Facilities Management Welcome Starter Pack for Oakleigh Road Depot.
▪ Fire and Bomb Evacuation Procedures only covered North London Business Park and Barnet House;
▪ Dynamic Lockdown Procedures only covered Barnet House and Hendon Town Hall

We also found that some policies were not freely available to on the intranet, had not been reviewed recently or in-line with their review date and documents
were not in place for each building within the Managed/Maintained Estate.

- Notifying customers when incidents are placed on ‘hold’ (finding 5, ‘low’ risk rating). Management confirmed that the Hornbill system has the necessary
functionality for Facilities Management to use Hornbill to manually contact requesters when a ‘hold’ has been placed on their job. At the time of fieldwork Management
confirmed this functionality was not routinely used.

- Expenses (finding 6, ‘low’ risk rating). Management informed us that expenses relating to the procurement of materials are approved by a senior manager in
CSG and subsequently reclaimed through a monthly report to the Head of Estates, LBB. Facilities Management confirmed that only two expenses were reclaimed
within the six months to January 2018 with a total sum of £104.03. We found that whilst there was evidence of CSG management approving expenses, spreadsheets
provided to the Council to reclaim the funds did not document the sums to be reclaimed.

Notes:

Out of Hours Work: During fieldwork, it came to light through our discussions with Management that work is completed outside office hours where there is a pressing
issue with the Facilities (i.e. in an emergency). We were told that there was no rota in place to identify which member of the Facilities Management Team would be
available to deal with issues or would be ‘on-call’ to ensure a response. Most calls are received by the Acting Facilities Manager; however, Management confirmed that
only one member of staff had a requirement in their job description to receive out-of-hours calls. Whilst out of the scope of our audit, we considered that management
should review the procedures in place to ensure there is effective cover and clear reporting lines for out-of-hours contact and ensure there is not a single point of failure
if a key member of the Facilities Team is not available.

4
CHAPS payments: We completed an analysis of payments made through Facilities Management cost codes and identified one CHAPS payment that had been made
on 9 May 2017 for £2868. The payment was to WMF United Kingdom Limited, a catering equipment specialist. The Council’s agreed approach is that CHAPS payments
should only be made in exceptional circumstances so for emergencies or for payments that could not have been foreseen and settlement via Accounts Payable will incur
significant additional costs or reputational damage to the Council due to payment delays. We considered that a payment to a catering specialist was not an exceptional
circumstance and could not be provided with evidence to assure us that the payment in May 2017 was an emergency.

Facilities Management Welcome Packs for New Employees: We found that there was no routine mechanism for ensuring new employees at the Council were given
a starter pack that had been designed by Facilities Management to make new employees aware of many protocols relating to Building and Facilities Management.
Management confirmed that it is the responsibility of CSG HR not Estates, to ensure that new starters have sight of the packs. This is raised as a finding within our
review of the Council’s Onboarding processes, currently at the draft report stage.

5
 2. Findings, Recommendations and Action Plan
Risk
Ref Finding Risks
category
1. Data Quality – KPI CSG 25: Incident Resolution - (Control Design and If responsible High
Operating Effectiveness) officers do not
know the correct
The Facilities Management Team report on incident resolution through KPI CSG 25
KPI definition and
(Incident Resolution). Whilst the Estates Team as a whole report on 13 KPIs this is the
do not follow the
only one which relates to Facilities Management. The KPI is reported as a percentage of appropriate
jobs completed within the appropriate reporting category (e.g. Emergency 30 mins, Urgent arrangements
4 hours, etc) divided by the total number of jobs received in each category. We noted that consistently and
where the outturn is less than 100% the Council is entitled to a service credit. In October
correctly for KPI
of 2017/18 an outturn of 100% was reported.
collation and
The Council has a Data Quality Policy to support the collection and use of data within the reporting, then KPI
organisation. The five key principles underpinning the policy are that data is: information may not
be reported
correctly and timely
1. Accurate and complete for appropriate
decision making.
The Hornbill system went ’live’ in October 2017 to support incident resolution and KPI
performance measurement. Management confirmed that for October the KPI was
measured using data collected within Hornbill but some incidents were resolved outside of
the system whilst the system was being embedded and therefore not all incidents would If the KPI reported
be logged in Hornbill and incorporated into the KPI outturn. We were therefore unable to outturn is not
ascertain the completeness of the reported outturn for KPI EST25 for October. accurate then the
Council may not be
Management confirmed that from November all jobs would be logged in Hornbill and able to scrutinise
therefore reported in the KPI outturn. the performance of
the Facilities
2. Reliable Management
function, including
We reviewed the KPI and processes in place and considered improvements could be applying service
made regarding the data quality of the outturn with respect to reliability. credits where
- Request Categories: The KPI definition sheets held by the Council’s Performance necessary and
reaching a view as
Team states that jobs must be completed as in-line with the agreed reporting
category. We could not find any further information to define reporting categories and to the value for
agreed rectification times. We found that all requests in October 2017 were reported money being
as requiring a resolution in 48 hours. provided by the
service.
Agreed action
Agreed actions:
a) Management will draft
expectations regarding KPI CSG
25 (Incident Resolution) to define:
- Expectations to ensure
completeness of data;
- Reporting categories and
expected resolution time;
- Criteria for jobs being marked
as pending or ’on hold’ and any
approval which should be
sought from LBB
- When jobs should be reported
as resolved and closed out on
Hornbill; and
- Steps to be taken by
management to ensure that
data quality is reliable, for
example verifying data within
the outturn and/or reviewing
the progress of jobs, including
those which have been placed
on hold for long periods of time.
Responsible officer:
Acting Facilities Manager, CSG
Target date: 22 June 2018
b) The draft document will be
presented to and agreed by the
Head of Estates
6
 Risk
Ref Finding Risks Agreed action
category
- Placing requests on hold: Management confirmed that requests can be placed on Responsible officer:
‘hold’ when there is a delay outside of the control of Facilities Management, for
If incidents are Acting Facilities Manager, CSG
example when an external contractor is required or delivery of a part is needed.
delayed
When Officers place a request on hold they can choose the length of ‘hold’ time. We Head of Estates, LBB
unnecessarily then
found there was no agreed definition of what constituted a reasonable reason for
issues may not be Target date: 29 June 2018
putting incidents on ‘hold’ or an agreed approach for the length of time a request
rectified in a timely
would be placed on ‘hold’. We selected 4 jobs which were placed on ‘hold’ and found
manner resulting in
that one job was held as management were on leave so parts could not be ordered c) The KPI will be updated as a
dissatisfaction with
from a supplier. We were informed this job was also delayed as FM staff were not result
the service
available to complete it in a timely manner. We considered these reasons were
provided by the Responsible officer:
within the control of the Facilities Management team which would not warrant putting
Facilities
the job ‘on hold’ for the purposes of KPI reporting. Acting Facilities Manager, CSG
Management
We selected 11 jobs which were completed in October and November 2017 and found Team. Commercial Performance and
that: Development Manager, LBB
- 1/11 (9 %) incidents were reported as closed but had not been resolved. The Target date: 30 September 2018
If the KPI is
incident related to an access card not working. Management confirmed that this job
reported incorrectly
required the input of the Landlord which is outside Facilities Management control.
or in line with data
The incident was therefore closed out in Hornbill. We considered that the incident
quality princciples
should have been placed on ‘hold’ until it had been sufficiently rectified. d) CSG will review and formalise
the the
Management confirmed the issue has been escalated with Comer but there is no their existing escalation
agreed protocol in place for resolving issues with Comer. The issue regarding procedures with the Landlord
access cards was not rectified at the time of issuing this report in March 2018. (COMER).

- 1/11 (9 %) requests related to a potential health and safety issue regarding a chair. Responsible officer:
Although this job was resolved in under an hour suggesting that work had been Director of Estates, CSG
prioritised, it had not been escalated to a higher priority within Hornbill and was
classed as a ‘P4’ which required resolution within 48-hours; and Target date: 29 June 2018

- 1/11 (9 %) requests required the procurement of materials and required two people
to be present at the site to conduct the work safely. We found that the job was e) The escalation procedures will
placed on hold for 19 days. Management confirmed that some of this delay was due then be enacted regarding the
to a key member of staff being on annual leave which delayed the acquisition of ongoing issue with swipe card
parts and two officers not being available to complete the job. access
Responsible officer:
3. Timely – No issues noted. Director of Estates, CSG

7
 Risk
Ref Finding Risks Agreed action
category
Target date: 29 June 2018
4. Accessible and transparent – No issues noted.
f) Management will review where
5. Relevant – No issues noted.
jobs have been delayed by factors
See Appendix 3 for a detailed breakdown of our findings. within their control – for example
a key Officer being on leave and
required materials therefore not
being procured – to ensure
corrective actions are put in place
to prevent recurrence.
Responsible officer:
Acting Facilities Manager, CSG
Target date: 29 June 2018

2. External contractors (Control Design and Operating Effectiveness) If contractors do not High Agreed Action:
complete a Permit
a) Contractors will not commence
to Work form then
a) Permit to Work Forms work before a Permit to Work
the Facilities
Form has been completed and is
The contractor completes a ‘Permit to Work’ form when they first attend the site. The form Management team
held on file.
is signed by the contractor to ensure that he or she has taken all the safety precautions and will not be able to
read the site rules. demonstrate that Responsible officer:
key health and
We noted that the Permit to Work form does not contain a field for Custodians to log the Acting Facilities Manager, CSG
safety requirements
Hornbill job reference number or PO number. This would ensure there is a full audit trail have been met Target date: 22 June 2018
between the form and incidents being reported on Hornbill or payments being made to before and after
contractors. completing work.
We selected five incidents where a contractor attended the Managed/Maintained Estate to b) The Permit to Work form will be
complete the service request. We noted that: updated to include a requirement
If management for Custodians to insert the job
- For 3/5 (60 %) requests we could not be provided with evidence to confirm the Permit approval is not reference number from Hornbill.
to Work form had been completed for the job. sought or granted
before payments Responsible officer:
are made then Acting Facilities Manager, CSG
payments may be

8
 Risk
Ref Finding Risks Agreed action
category
b) Raising of Purchase Orders and Payment of Invoices relating to external made for work not Target date: Implemented
Contractors completed, is of an
inadequate
We were informed that where external contractors attend the site, these are typically done
standard or has c) Management will:
by approved contractors, unless the work is outside the scope of their abilities in which
already been paid - Ensure there is an effective
case a new procurement will be undertaken. The Facilities Manager requests that a
for. and full audit trail from Hornbill
purchase order is raised for an initial sum of £250 which is subsequently approved by the
through to purchase orders,
Head of Building Services, CSG or Head of Estates, CSG. The contractor then attends the
invoices and payments made
site and an invoice is subsequently submitted to CSG Estates.
If invoices cannot for incident responses.
We considered that there was a potential that CSG could commit the Council to be easily linked to
expenditure by agreeing to work without an oversight of costs before an invoice is the job raised then - Ensure there are sample
submitted, especially if it exceeds the original amount of the purchase order. there will not be checks completed on jobs
sufficient audit trail under £250 by the Facilities
During fieldwork, we were informed that if the invoice is under £250 then a member of the
in the event of a Management Team to ensure
Property and Facilities Support Team pay the invoice but for those of £250 or over the
query. the jobs are completed
Acting Facilities Manager approves the invoice before it is paid by the Property and
correctly and have not been
Facilities Support team. We found that during Q3 of 2017/18, 57 invoices were received
paid for previously.
relating to Facilities Management with an estimated cost of £15,579. 24 out of the 57 had
an estimated amount of less than £250.
- Ensure there is a schedule in
We found that there were no clear processes in place to ensure that the Facilities place which states named
Management Team had oversight of payments under £250. Management confirmed to us Officers which can request
that approval can take place verbally but this results in a lack of audit trail and therefore work as well as approve
we were unable to verify that approval had, been granted. invoices of certain values.
We also found that there was no clear audit trail to reconcile jobs raised on Hornbill with - Ensure that there is there is
corresponding Purchase Orders and Invoices. oversight of work costing £250
We selected five jobs within Hornbill which required a contractor to attend the before an invoice is raised by
Managed/Maintained Estate to complete the service request. We noted that: the contractor.
- For 3/5 (60 %) service requests we could not effectively match purchase order The approach will be documented and
numbers or invoices to jobs within Hornbill. held on file.
Responsible officer: Acting
- For 1/5 (20%) jobs we could find evidence of two invoices which were for the same
Facilities Manager, CSG
amount (£124.00) and same job completed date in addition to many similar details
within narrative fields. Due to the lack of audit trail between jobs raised on Hornbill Target date: 22 June 2018
and invoices we were unable to conclusively state whether payment had been made
twice for the same job. We noted that payment for one of the invoices was approved
by the CSG Estates team.

9
 Risk
Ref Finding Risks Agreed action
category
d) The Council and CSG Estates will
- For 4/5 (80%) we could not be supplied with Facilities Management approval that the agree a documented approach as
goods and services had been received before payment was made. described above.
Responsible officers:
We were provided with a list of 9 invoices which had been paid between Oct and Dec of
Head of Estates, LBB
2017 to RGE, a vetted external contractor frequently used by the Facilities Management
Team. Only one invoice was for over £250 (£368.94) but we could not be provided with Director of Estates, CSG
evidence of Facilities Management approval to pay this invoice, in-line with the
Target date: 22 June 2018
expectations described to us.
We therefore considered there was an opportunity to review the processes in place
e) Management will investigate
regarding the ordering and payment of works to ensure there was controls trails in place to
whether a duplicate payment
ensure there is effective oversight and monitoring of works orders.
was made for £124 and if so
pursue reimbursement from the
supplier.
Responsible officer: Acting
Facilities Manager, CSG
Target date: 22 June 2018

f) The Council and CSG will

consider whether this
recommendation is applicable to
other budgets within CSG
Estates.
Responsible officers:
Head of Estates, LBB
Director of Estates, CSG
Target date: 22 June 2018

3. Budget Monitoring (Control Design and Operating Effectiveness) If budgets are not Medium Agreed actions:
monitored regularly
a) Management will produce a
then inappropriate
protocol which clearly outlines the
a) Roles and Responsibilities spend may not be

10
 Risk
Ref Finding Risks Agreed action
category
During the Audit, we found there was a lack of clarity regarding: identified and Budget Monitoring process and
appropriate action expectations. This will include:
- The names of Budget Holders and Budget Managers for Facilities Management
to address over or - Names/Job titles of the
budgets
under-spends Budget Holder and Budget
o At different times of the audit we were informed that the Budget Holder was
cannot be taken in a Manager;
the Head of Estates (LBB) or the Interim Acting Head of Facilities
timely manner. - Roles and responsibilities in
Management (CSG) and the Budget Manager was Director of Estates (CSG)
the Budget Monitoring
or the Operations Manager (CSG).
process of all involved
If budgetary parties, including the
- The use of the Integra BDM module
savings are not frequency tasks will take
o There was a lack of clarity regarding the whether the BDM module was used
identified and place; and
to support monthly budget monitoring.
subsequently - How savings will be routinely
achieved then the captured outside the forecast
- Monthly Budget Monitoring processes:
service may incur setting process and how
o During the audit, we were informed that the meetings between CSG
unnecessary actions will be tracked so that
Operations and the Client Lead for Estates happen monthly, and also given
expenditure and savings are realised.
conflicting information that there is no need for monthly meetings as the
face budgetary
actuals do not differ from the forecasts. Responsible officers:
pressure
Head of Estates, LBB
- Involvement of the Acting Facilities Manager
o We found there was a lack of clarity regarding the expected involvement of Director of Estates, CSG
the Acting Faculties Manager in the Budget Monitoring Process.
Target date: 22 June 2018

We also noted there was a lack of clarity regarding roles and responsibilities in approving
invoices prior to payment. b) Management will ensure that the
budget monitoring cycle takes
place monthly and evidence of all
meetings and actions are kept on
b) Monthly Budget Monitoring Cycle
file.
The usual budget monitoring process at the Council involves the monthly submission,
Responsible officer: Director of
review and approval of budget forecasts within the Integra BDM module; however, we were
Estates, CSG
informed that budget monitoring lies outside Integra BDM for the Estates managed budgets.
Target date: 22 June 2018
We were informed that the forecast for 2017/18 was approved in August 2017 but since
there is a monthly forecast monitoring cycle which involves the following process:
- CSG Operations send the Client Lead for Estates a spreadsheet containing the c) The Council and CSG will
actuals and forecasts for financial year to date. consider whether this

11
 Risk
Ref Finding Risks Agreed action
category
recommendation is applicable to
- The CSG Operations Manager and the Client Lead for Estates meet to discuss the other budgets within CSG
spreadsheet and its contents. Any discrepancies between forecast and actual are Estates.
discussed along with the identification of savings. There is an expectation that the
Responsible officers:
Head of Estates and Head of Building Services will attend the meeting quarterly; and
Head of Estates, LBB
- Actions arising from the meeting are compiled and circulated to the attendees.
Director of Estates, CSG
Target date: 22 June 2018
We selected three months from the financial year of 2017/18 and found that:
- For 1/3 (33%) months we could not find evidence of the budget monitoring cycle
happening as discussed.

c) Savings
We asked management to confirm the arrangements in place regarding the identification
and delivery of savings. We were informed that savings are identified when forecasts are
agreed with LBB at the start of the year, with any further possible savings incorporated into
the forecast which is then monitored throughout the year via the Budget Management Cycle.
Whilst we considered this as reasonable at a high level, we also considered improvements
could be made to monitor specific savings against specific different aspects of the budget
throughout the year and set and follow up on actions to ensure their delivery.

d) Other CSG Budgets

We were informed that the budget monitoring cycle for all of CSG Estates follows a similar
approach as described for the Facilities Managed Budget. We noted that there was a
forecast overspend in the Managed/Maintained buildings of £1.99m and considered that
Management should consider whether this finding recommendation is applicable to other
budgets within CSG Estates.

2017/2018 Variance (Budget

2017/2018 Budget
Forecast versus Forecast)

Managed Budgets £3,870,339 £4,491,552 - £621,213

12
 Risk
Ref Finding Risks Agreed action
category

Additional £500,000 £377,991 £122,009

Security

Rents (Not 0 £1,436,953 - £1,436,953

Managed Budget)

General Misc. 0 £55,456 - £55,456

Managed/Maintain £4,370,339 £6,361,953 - £1,991,613

ed Buildings

See Appendix 3 for a detailed breakdown of our findings.

4 Policies and Procedure Documents (Operating Effectiveness) If policies and Medium Agreed Action:
procedures are not
(a) Management will undertake a
available or not
a) Policies in place (Operating Effectiveness) review of the policies and
communicated to
procedures and ensure that,
Schedule 1 of the CSG contract (the Output Specification) contains the services to be relevant staff then
where relevant, documents:
delivered by the Facilities Management Team. We selected seven service areas and asked there is a risk that
- Cover the whole of the
to inspect policy and procedure documents for these areas. We also inspected the activity may be
Managed/Maintained Estate;
documents refereed to within these policies. undertaken
- Clearly contain an issue date
inappropriately or
and a date at which they will
We found that there were significant errors within some of the documents, for example: inconsistently
be reviewed; and
resulting in required
- Are in-date and not past
outcomes not being
- The Facilities Management Welcome Starter Pack for New Employees for review dates.
achieved.
- North London Business Park showed the fire evacuation point as Barnet House; Responsible officer:
- There was no Facilities Management Welcome Stater Pack for Oakleigh Road If policies and
Depot; procedures do not Acting Facilities Manager, CSG.
- Fire and Bomb Evacuation Procedures only covered North London Business Park refer officers to the
For CCTV Policy: Community Safety
and Barnet House; and appropriate
Manager, LBB
- Dynamic Lockdown Procedures only covered Barnet House and Hendon Town Hall. role/team where
applicable then Information Management Officer, LBB
We also noted other issues: decisions or
responsibilities may Target date:
- We found instances of reference to policies which were:

13
 Risk
Ref Finding Risks Agreed action
category
o Not available on BarnetWork, the staff intranet (for example the General Site be discharged by 30 September 2018
Security Access Procedure); and personnel without
o Superseded by other policies (for example the Physical Security Policy the prerequisite (b) The Council’s Communications
referred to the Violent or Threatening Procedures document but we were knowledge or Team and CSG Estates will work
informed this has been superseded by the Violence at Work policy) experience together on agreeing an approach
resulting in required to ensure that all documents are
- Facilities Management procedure documents which were held on BarnetWork were outcomes not being available on Barnet Works and
held in a variety of locations and were not on one central page. Having all achieved are held within a central location.
documents located in one place would assist staff in being able to swiftly locate and
Responsible officers:
refer to them when needed; and
Internal Communications &
- When verifying that procedure documents were still in place we found that some Engagement Manager, LBB
policies:
o Had not been reviewed in-line with their review date (for example the CCTV Acting Facilities Manager, CSG.
policy had not been reviewed since May 2016 and had been due for review in Target date: 30 September 2018
May 2017);
o Had not been updated for a considerable period of time (for example the
Violence at Work policy was dated January 2009 and it was not clear when
the document was scheduled for review); and
o Did not contain either an issue or review date (for example the Facilities
Management Custodian Starter Pack for Barnet House).
See Appendix 3 for a detailed breakdown of our findings.

5 Notifying customers when incidents are placed on ‘hold’ (Control Design) If Customers are Low
not made aware
Management confirmed that the Hornbill system has the necessary functionality to contact that jobs are put on
Requestors when there is a change to their request, for example, when a job is placed on ‘hold’ then
hold, but this is not routinely used by Facilities Management staff. duplicate jobs may
See Appendix 3 for a detailed breakdown of our findings. be raised or there
may be
dissatisfaction with
the Facilities
Management Team
Agreed Action: Management will
review the mechanisms in place to
ensure that all Customers are made
aware when their requests have been
paused or delayed.
Responsible officer: Acting
Facilities Manager, CSG.
Target date: Implemented

14
 Risk
Ref Finding Risks Agreed action
category

6 Expenses (Control Design) If Council evidence Low Agreed Action: Submissions to the
of approval for Council will include a line
CSG Management informed us that expenses for Facilities Management Staff (e.g. expenses is not documenting expenses that have
mileage) are reclaimed from Capita and are not reclaimed from the Council through any kept on file then it been incurred.
other mechanism. However, CSG Management informed us that expenses relating to the may not be able to
procurement of materials are loaded into Concur (the system used to approve expenses Responsible officer: Finance
demonstrate that
by CSG Estates), approved by a senior manager in CSG and subsequently reclaimed Manager, CSG
the reimbursed
through a monthly report to the Head of Estates, LBB. monies were validly Target date: Implemented
Facilities management confirmed that only two expenses were reclaimed within the six spent on Facilities
months to January 2018 with a total sum of £104.03. Management
materials.
See Appendix 3 for a detailed breakdown of our findings.

15
Appendix 1: Definition of risk categories and assurance levels in the Executive Summary
Risk rating
Critical Immediate and significant action required. A finding that could cause:
 • Life threatening or multiple serious injuries or prolonged work place stress. Severe impact on morale & service performance (eg mass strike actions); or
• Critical impact on the reputation or brand of the organisation which could threaten its future viability. Intense political and media scrutiny (i.e. front-page headlines, TV). Possible criminal
or high profile civil action against the Council, members or officers; or
• Cessation of core activities, strategies not consistent with government’s agenda, trends show service is degraded. Failure of major projects, elected Members & Senior Directors are
required to intervene; or
• Major financial loss, significant, material increase on project budget/cost. Statutory intervention triggered. Impact the whole Council. Critical breach in laws and regulations that could
result in material fines or consequences.
High Action required promptly and to commence as soon as practicable where significant changes are necessary. A finding that could cause:
 • Serious injuries or stressful experience requiring medical many workdays lost. Major impact on morale & performance of staff; or
• Significant impact on the reputation or brand of the organisation. Scrutiny required by external agencies, inspectorates, regulators etc. Unfavourable external media coverage. Noticeable
impact on public opinion; or
• Significant disruption of core activities. Key targets missed, some services compromised. Management action required to overcome medium-term difficulties; or
• High financial loss, significant increase on project budget/cost. Service budgets exceeded. Significant breach in laws and regulations resulting in significant fines and consequences.
Medium A finding that could cause:
 • Injuries or stress level requiring some medical treatment, potentially some workdays lost. Some impact on morale & performance of staff; or
• Moderate impact on the reputation or brand of the organisation. Scrutiny required by internal committees or internal audit to prevent escalation. Probable limited unfavourable media
coverage; or
• Significant short-term disruption of non-core activities. Standing orders occasionally not complied with, or services do not fully meet needs. Service action will be required; or
• Medium financial loss, small increase on project budget/cost. Handled within the team. Moderate breach in laws and regulations resulting in fines and consequences.
Low A finding that could cause:
 • Minor injuries or stress with no workdays lost or minimal medical treatment, no impact on staff morale; or
• Minor impact on the reputation of the organisation; or
• Minor errors in systems/operations or processes requiring action or minor delay without impact on overall schedule; or
• Handled within normal day to day routines; or
• Minimal financial loss, minimal effect on project budget/cost.
Level of assurance
Substantial There is a sound control environment with risks to key service objectives being reasonably managed. Any deficiencies identified are not cause for major concern. Recommendations will normally
only be Advice and Best Practice.


Reasonable An adequate control framework is in place but there are weaknesses which may put some service objectives at risk. There are Medium priority recommendations indicating weaknesses but
 these do not undermine the system’s overall integrity. Any Critical recommendation will prevent this assessment, and any High recommendations would need to be mitigated by significant
strengths elsewhere.

Limited There are a number of significant control weaknesses which could put the achievement of key service objectives at risk and result in error, fraud, loss or reputational damage. There are High
recommendations indicating significant failings. Any Critical recommendations would need to be mitigated by significant strengths elsewhere.


No There are fundamental weaknesses in the control environment which jeopardise the achievement of key service objectives and could lead to significant risk of error, fraud, loss or reputational
 damage being suffered.

16
Appendix 2 – Analysis of findings

Critical High Medium Low Total

Area
D OE D OE D OE D OE

Resolving Facilities Incidents - - 1 - - 1 - 2

Budgets - - 1 1 1 - 2

Policies and procedures - - - - - 1 - - 2

Total - - 2 2 2 - 6
*Includes two findings relating to control design and operating effectiveness

Key:
• Control Design Issue (D) – There is no control in place or the design of the control in place is not sufficient to mitigate the potential risks in
this area.
• Operating Effectiveness Issue (OE) – Control design is adequate; however, the control is not operating as intended resulting in potential risks
arising in this area.

Timetable

Terms of reference Fieldwork Fieldwork Draft report issued: Management Final report issued:
agreed: commenced: completed: comments received:
29 November 2017 29 November 2017 19 March 2018 23 March 2018 13 June 2018 25 June 2018

17
Appendix 3 – Identified controls

Area Objective Risks Identified Controls

Resolving All incidents If Facilities KPI CSG C25 (Incident Resolution)

Facilities logged in Management
Incidents relation to incidents are not The Facilities Management Team report on incident resolution through KPI CSG 25 (Incident Resolution). The KPI
Facilities identified is reported as a percentage of jobs completed within the appropriate reporting category (e.g. Emergency 30 mins,
Management captured and Urgent 4 hours, etc) divided by the total number of jobs received in each category. In October of 2017/18 an outturn
(FM) building resolved then the of 100% was reported against this KPI.
services are conditions of the
Control Design Issue
carried out in buildings may
an efficient deteriorate and - We found there was no documented guidance or agreement to define expectations regarding the reporting
and timely the health and categories as per the KPI definition sheet. At the time of fieldwork 119 jobs had been reported and all had been
manner and in safety of the given a ‘P4’ rating which required a 48-hour closure medium.
accordance buildings and their
with agreed occupants may be - We were informed that jobs were placed ‘on hold’ but found there was no consistent explanation regarding what
timescales. compromised. constituted a reasonable ‘pause’ reason and length, with officers able to pause jobs for an indeterminate length
There may also of time.
The FM be dissatisfaction
Support with the FM See Finding 1.
Works service.
software used
to log and
monitor Hornbill System
facilities
Staff report facilities incidents via the Hornbill system which became operational in October 2017. The system is
management
accessed through BarnetWork, the LBB intranet, and allows staff to raise facilities management requests as well as
incidents
report issues for rectification.
supports
incident A document - Barnet Estates Self-Service User Guide - has been produced to assist staff in logging requests using
resolution and the Hornbill system.
the reporting
of KPI Members of the Facilities Management Team review the request to ensure it has been correctly been completed by
CSG/C25. the customer. Where necessary they the Team can reprioritise the priority number. Each priority number has a
specified time limit, under which the job should be completed to meet the KPI obligation (for example, P4 has an
expected resolution time of 48 hours)

18
Facilities Management attend the site and consider whether the job can be completed themselves or require an
external contractor to be used. The Facilities Management Team with the necessary permissions within Hornbill can
place tasks on ‘pause” where the incident will be delayed to due factors considered outside the control of the Team
(for example, a contractor is required or the Team await the delivery of parts). Only staff with the necessary
permissions can pause jobs but they can be paused for any length of time.

Where a job is placed on hold the Facilities Team can put in a narrative within the system for the requestor to view
when the log into Hornbill. Alternatively, an email can be sent to the requestor via Hornbill.

Once jobs are resolved, they are closed within Hornbill by the Facilities Management Team

Control Design Issue

- Managements confirmed that the Hornbill system has the necessary functionality to ensure that Requestors are
contacted when pause has been put on an incident; however, at the time of fieldwork we could not find evidence
of Faculties Management contacting requestors when jobs were placed on hold; and.

- We found there was no consistent explanation regarding what constitutes a reasonable ‘pause’ reason and
length.

Operating Effectiveness Issues

We selected 11 jobs within Hornbill from September and October and noted the following issues:

- 1/11 (9 %) incident was reported as closed but had not been resolved. The incident related to an access card
not working. Management confirmed that this job required the input of the Landlord and is therefore outside the
control of Facilities Management and was closed on Hornbill. We considered that the incident should have been
placed on hold until it was able to be sufficiently rectified. Management confirmed the issue has been escalated
with Comer but there is no agreed protocol in place for agreeing resolutions with the landlord. The issue was
raised on 29/11/2017 but had not been rectified at the end of January 2018)

- 1/11 (9 %) related to a potential health and safety issue regarding a chair. Although this job was resolved in
0.6 hours, it had not been escalated to a higher priority and was classed as a ‘Priority 4’ incident which required
48-hour turnaround time.

- 1/11 (9 %) related to a request which required the procurement of materials and required two people to be
present at the site. We found that the job was placed on hold for 19 days. Management confirmed that some

19
 of this delay was due to a key member of staff being on annual leave which delayed the acquisition of parts and
two officers not being available to complete the job.

Note: The Hornbill system went 'live' in October 2017 and, at the time of our fieldwork, had only been implemented
for under two months. We have therefore been able to verify how embedded the system is in the long-term.

See Findings 1 and 5.

External contractors – authorisation of payments

Where an external contractor needs to attend the site, these are typically done by approved contractors. The
Facilities Manager requests that a purchase order is raised for an initial sum of £250 which is later approved by the
Head of Building Services or Head of Estates,

The contractor completes a 'Permit to Work' form when they attend the site. The form is signed by the contractor
to ensure that he has taken all the safety precautions and read the site rules.

The contractor raises an invoice. If the invoice is under £250 then a member of the Property and Facilities Support
pay the invoice. For involves of £250 or over the Acting Facilities Manager approves the invoice before it is paid on
Integra.

Control Design Issue

- We considered that there was no routine oversight of payments under £250 by the Facilities Management Team
after the invoice had been raised.

- We found that there was no clear audit trail to reconcile jobs raised on Hornbill with corresponding Purchase
Orders and Invoices.

Operating Effectiveness Issue

We selected five jobs within Hornbill which required a contractor or attend the Managed/Maintained Estate to
complete the service request. We noted that:

- For 3/5 (60 %) service requests we could not effectively match purchase orders numbers or invoices to jobs
within Hornbill;

- For 1/5 (20 %) jobs we could find evidence of two invoices which were for the same amount and same job
completed date in addition to many similar details within narrative fields. Due to the lack of audit trail between

20
 jobs raised on Hornbill and invoices we were unable to conclusively state whether payment had been made
twice for the same job; and

- For 4/5 (80%) we could not be supplied with evidence of Facilities Management approval to pay the invoice.

We were provided with a list of 9 invoices which had been paid between Oct and Dec of 2017 to RGE, an external
contractor frequently used by the FM team. Only one job was over £250. We could not be provided with Facilities
Management approval to pay this invoice, in-line with expectations described to us.

See Finding 2.

External contractors - Permit to Work Form

The contractor completes a 'Permit to Work' form when they attend the site. The form is signed by the contractor
to ensure that he has taken all the safety precautions and read the site rules.

Control Design Issue

- We found that there was no clear audit trail to reconcile jobs raised on Hornbill with Permit to Work forms.

Operating Effectiveness Issue

We selected five in which a contractor attended the Managed/Maintained Estate to complete the served request.
We noted that:

- For 3/5 (60 %) requests we were provided with Permit to Work forms but the date written on the form did not
reconcile with the date the job was closed on Hornbill. We considered this could be due to us not being supplied
the correct Permit to Work form or the job had been closed on Hornbill before the work had been completed.

See Finding 2.

21
Budgets Effective If the budgets are Budget Monitoring Cycle
budget not monitored
monitoring is regularly then Management confirmed that there is a monthly budget monitoring cycle in place.
in place to inappropriate
- CSG send the Client Lead for CSG Estates a spreadsheet containing the actuals and budgets for financial
identify under spend may not be
year to date.
and over- identified and
spends. appropriate action
- The CSG Operational Manager and the Client Lead for CSG Estates (meet to discuss the spreadsheet and its
to address over or
Management contents. Any discrepancies between budget and actual are discussed along with any identification for
under-spends
identify potential savings. There is an expectation that the Head of Estates, LBB, and Head of Building Services, CSG,
cannot be taken in
budgetary attend the meeting quarterly.
a timely manner.
savings and
- The CSG Operations Manager and/or Client Lead for CSG Estates compiles a list of actions resulting from the
take If budgetary
meeting and circulates these to attendees
subsequent savings are not
action to identified and
- Monthly Estates Service Performance Reports contains a section on managed budgets which documents a
ensure they subsequently
breakdown of budget, forecasts and any variance for the finical year to date.
are realised. achieved then the
service may incur Control Design Issue
unnecessary
expenditure and - We found there was a lack of clarity regarding the formal identification of Budget Holders and Budget
face budgetary Managers for Facilities Management. At different times of the audit we were informed that the Budget Holder
pressure was the Head of Estates (LBB) or the Interim Acting Head of Facilities Management (CSG) and the Budget
Manager was Director of Estates (CSG) or the Operation Manager (CSG).

Operating Effectiveness Issue

We selected three months within 2017/18 (September, November and January of financial year 2017/18) and
asked to see evidence to ensure that that monthly budget monitoring was happening in line with our expectations.

- For 1/3 (33 %) months we could not be supplied with evidence of budgets versus actuals being collated and
forwarded to the budget holders;
- For 1/3 (33 %) months we could not find evidence of CSG meeting with the Client Lead for CSG Estates
meeting with the CSG Operations Manager; and
- For 1/3 (33 %) months we could not be supplied with evidence of any actions being raised as a result of the
meeting.

See Finding 3.

22
 If expense Expenses
reimbursements
are made We were informed that expenses from Facilities Management Staff (e.g. mileage) are reclaimed from Capita and
inappropriately the Acting Facilities Manager confirmed that these are not reclaimed from the Council through any mechanism.
then budget
Expenses relating to procurement of materials are reclaimed by loading into Concur (the system used to approve
overspends may
expenses by CSG Estates). There is then approval a senior manager in CSG and the monies subsequently
occur and impact
reclaimed through an end of year to report to the Client Lead of CSG Estates and included as an end of year ‘true
on service
up’ (payment to CSG).
provision
Facilities management confirmed that only two expenses were reclaimed from Facilities Management budgets
within the six months to January 2018 with a total sum of £104.03

Control Design Weakness

- Management confirmed that the expenses were included in figures which were presented to the Head of
Building Services but the level of detail in the report did not allow for the clear identification of the £104.03.

See Finding 6.

Policies Policies and If policies and Schedule 1 (Output Specification)) of the CSG contract contains a set of Facilities Management services which are
and procedures procedures are to be provided by the Service Provider (CSG).
procedures are in place, not in place or are
are up to date unclear then Policies and procedures are formulated by the Facilities Management Team and approved. Where applicable they
and support there is a risk that are uploaded onto BarnetWork, the Employee Portal, for Staff to access and refer to when necessary.
officers activity may be
For policies which do not require all Barnet staff to have access to as the intended audience is Barnet staff,
undertaking undertaken
policies and process documents are accessible through the Facilities Management shared drive or circulated by
work inappropriately or
email to the Facilities Management Team.
consistently inconsistently
and correctly. resulting in Policies and process documents are updated when required, (e.g. the documents require an annual review or
required when new systems and/or processes become operational).
Policies and outcomes not
procedures being achieved Operating Effectiveness Issues
are accessible and the
to officers and objectives of the We chose seven areas from the output specification and asked to see evidence of the policies and procedures in
communicated place to support delivery of the Customer Support Group contract.

23
effectively to Council may not
officers be realised. We found that where polices and procedure document were available on the intranet but found them located in
including new three different locations on the intranet and considered they should be kept on one page to ensure that staff can
starters and If policies and easily access all the required documents.
agency staff procedures are
not available or We also noted the following issues within the table below.
Policies and not
Area Detailed Findings
procedures communicated to
detail the relevant staff Security We were informed that this area was detailed in the following policies:
responsibilities then there is a Services -
of key risk that activity Static - Physical Security Policy. The policy contains a list of 12 further polices within the
personnel in may be appendix. We noted the following issues:
operations undertaken o 3/12 (25%) policies did not cover the whole of the Managed/Maintained estate
inappropriately or ▪ General Site Security Access Procedures only covered procedures for
inconsistently North London Business Park (NLBP) and Barnet House (BH);
resulting in ▪ Dynamic Lockdown Procedures only covered BH and Hendon Town Hall
required (HTH); and
outcomes not ▪ Fire and Bomb Evacuation Procedures only covered NLBP and BH.
being achieved.
o 4/12 (33%) policies were past their review date or issued a substantial time ago
If policies and ▪ The Violence at Work policy was dated January 2009. We considered
procedures do the policy should be reviewed and up-issued due to the length of time
not refer officers which has passed;
to the appropriate ▪ The General Site Security Access Procedure was last updated in 2013.
role/team where We considered the policy should be reviewed and up-issued due to the
applicable then length of time which has passed;
decisions or ▪ The CCTV policy which is issued by the Information Management Team
responsibilities was due for review in May 2017 but had not been updated; and
may be ▪ The Dynamic Lockdown Procedures did not have any date of issue.
discharged by
personnel without o 2/12 (17%) policies could not be found on BarnetWork, the Council’s intranet
the prerequisite pages. These documents were:
knowledge or ▪ The General Site Security Access Procedure; and
experience ▪ The Starter, Movers and Leavers Procedure
resulting in
required o 1/12 (8%) policies referred to the incorrect name of a document:

24
outcomes not ▪ The Violent or Threatening Persons Procedure had since been
being achieved. superseded by the Violence at Work Policy.

- Facilities Management Custodian Starter Pack. We noted the following issues:

o The pack is only designed for custodians operating in BH and does not
incorporate details about the other Managed/Maintained estate sites.
Management confirmed that the Starter Pack was recently formulated for BH but
would now be adapted for the other Managed/Maintained estate sites; and
o The pack does not have an issue date confirming when it is due for review.

- General Site Security Policy. We noted the following issues:

o The policy only referred to NLBP and BH;
o The document was last updated in 2013. We considered the policy should be
reviewed and up-issued due to the length of time which has passed; and
o The policy was not available on BarnetWork, the London Borough of Barnet staff
intranet.

Fire We were informed that this area was detailed in the following policies:
Management
- Facilities Management Welcome Pack for New Employees. There is a pack for
NLBP, BH, HTH, Mill Hill (MH) but not Oakleigh Depot (OD). We noted the following
issues:
o The pack for NLBP needs a refresh as it currently shows the evacuation point as
BH; and
o There is no welcome back for Oakleigh Depot (OD)

- Facilities Management Custodian Starter Pack. The pack contains a list of fire
wardens, weekly fire alarm test procedures and fire evacuation policies as well as
custodian responsibility in the event of a fire. We noted the following issues:
o The pack is only designed for custodians operating in BH and does not
incorporate details about the other Managed/Maintained estate sites.
Management confirmed that the Starter Pack was recently formulated for BH but
would now be adapted for the other Managed/Maintained estate sites;
o The pack does not have an issue date or date to confirm when it will be due for
review; and

25
 o The pack contained references to the previous system used to report Facilities
Management incidents, not Hornbill

Reactive We were informed that this area was detailed in the following policies:
repairs and
maintenance - The Term Maintenance Contract 2014-2017. The document defines actions to be
taken by all reactive repairs contractors. We noted the following issue:
o The policy is dated 2014 – 2017 and could be considered as out of date during
our fieldwork in early-2018. Management confirmed that the policy was current
but there will be a retendering of contractors in 2018 at which point the policy will
be updated to reflect any changes resulting.

- Facilities Management Custodian Starter Pack. The pack documents actions to be

taken by Custodians when there a reactive repair or maintenance is required. We noted
the following issues:
o The pack is only designed for custodians operating in BH and does not
incorporate details about the other Managed/Maintained estate sites.
Management confirmed that the Starter Pack was recently formulated for BH but
would now be adapted for the other Managed/Maintained estate sites; and
o The pack does not have an issue date confirming when it is due for review.

Recyclable We were informed that this area was detailed in the following policies:
Waste
- Facilities Management Custodian Starter Pack. We noted the following issues:
o The pack is only designed for custodians operating in BH and therefore only
contains collection points for BH, not other Managed/Maintained estate buildings
o The pack does not have an issue date confirming when it is due for review.

- Facilities Management Welcome Pack for New Employees. We noted the following
issued:
o The document refers to the old incident resolution website, not the Hornbill
system which became operational in October 2017.

26
 - Poster campaign and First Team updates. We found evidence of a poster campaign
which was distributed to staff as well as First Team weekly email updates which
documented actions to be taken by Employees regarding recycling.

Car Parking We were informed that there was only a requirement for parking policies at NLBP and BH and
were supplied with parking policies for both sites. We noted the following issues:

- We considered the Facilities Management Welcome Pack for New Employees should be
updated to included reference to the relevant parking policies.

Goods in Management confirmed the Goods Facility is no longer operational within NLBP and all other
sites within the Managed/Maintained estate do not require one.

For NLBP goods are delivered to Reception and a sign-ion sheet documents delivery and
collection of packages. As such management confirmed a formal policy was not required. We
considered this reasonable.

Statutory Facilities Management staff confirmed that the only areas of statutory testing and inspection
testing and they are responsible for Portable Application Testing and communication with the Landlord,
inspection Comer Homers to ensure jobs are completed. This is outlines in the Output
Specification under PS016 and BS002 and, therefore, an additional policy was not required.

We accepted this as being reasonable

See Finding 4.

27
Appendix 4 – Internal Audit roles and responsibilities
Limitations inherent to the internal auditor’s work
We have undertaken the review of Facilities Management subject to the limitations outlined below.
Internal control
Internal control systems, no matter how well designed and operated, are affected by inherent limitations. These include the possibility of poor
judgment in decision-making, human error, control processes being deliberately circumvented by employees and others, management overriding
controls and the occurrence of unforeseeable circumstances.
Future periods
Our assessment of controls is for the period specified only. Historic evaluation of effectiveness is not relevant to future periods due to the risk that:
• the design of controls may become inadequate because of changes in operating environment, law, regulation or other; or
• the degree of compliance with policies and procedures may deteriorate.

Responsibilities of management and internal auditors

It is management’s responsibility to develop and maintain sound systems of risk management, internal control and governance and for the
prevention and detection of irregularities and fraud. Internal audit work should not be seen as a substitute for management’s responsibilities for the
design and operation of these systems.
We endeavour to plan our work so that we have a reasonable expectation of detecting significant control weaknesses and, if detected, we shall carry
out additional work directed towards identification of consequent fraud or other irregularities. However, internal audit procedures alone, even when
carried out with due professional care, do not guarantee that fraud will be detected.
Accordingly, our examinations as internal auditors should not be relied upon solely to disclose fraud, defalcations or other irregularities which may
exist.

28