Internal audit

Internal audit is delivered by the South West London Audit Partnership (SWLAP) which is a five Borough shared audit service covering the London Boroughs of Merton, Richmond, Sutton and Wandsworth along with the Royal Borough of Kingston. This also includes delivery of audit services to Achieving for Children, a social enterprise company owned by Kingston and Richmond for the delivery of their Children’s Services functions. The audit service is largely provided by our in-house audit team however specialist audit services are procured through the Croydon framework contract which is currently provided by Mazars.

How internal audit works

Within an organisation, there are three lines of defence in place to effect controls. The first line of defence is the day-to-day operational controls, the second is the management controls (eg. budget and performance monitoring, authorisation) and the third is independent inspection, both internal and external.

Internal audit forms part of the third line of defence and provides assurance on the effectiveness of governance arrangements, risk management and internal controls, and this includes an assessment of the effectiveness of the first two lines of defence. Internal audit can place reliance on assurances provided by third parties, although depending on the source, this may require some independent validation.

The focus of our Audit team is to work with our partners to help provide assurance and make improvements to its effectiveness. Aside from this, Internal Audit is a statutory requirement. The Accounts and Audit (England) Regulations 2015 requires the Council to undertake an effective internal audit in accordance with Public Sector Internal Audit Standards and guidance.

Internal Audit plans and progress are regularly reported to the Audit Committee and associated papers and appendices can be found on the Council's online portal.

Public Sector Audit Appointments Ltd publish external audit letters for local authorities and these can also be found online.

Counter fraud

Internal audit’s planned work includes evaluating controls for their effectiveness in preventing or detecting fraud. Managing the risk of fraud is the responsibility of management, however internal audit will consider the risks and exposures which may allow fraud or corruption to occur.

Fraud work is undertaken by the South West London Fraud Partnership (SWLFP) which is a shared service covering the same five Boroughs, led by the Richmond and Wandsworth SSA. Both the shared audit and fraud services are overseen by the Shared Service Board which includes the Section 151 officers from each of the constituent councils or their delegated representatives. Work will be undertaken in accordance with an agreed Fraud Plan which includes a mix of proactive and reactive fraud work in the following main areas:

  • Housing tenancy
  • Internal fraud
  • Procurement
  • Business rates
  • Council tax reduction
  • Disabled persons’ Blue Badge
  • Social care
  • Schools

Report fraud

If you know someone who is stealing from or defrauding the Council, please report it to us.

Data matching

We are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for auditing or administering public funds, or where undertaking a public function, to prevent and detect fraud.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Cabinet Office is also responsible for carrying out National data matching exercises which we are required to participate in, known as the National Fraud Initiative (NFI). This is a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise as shown on the GOV.UK website.

The use of data by the Cabinet Office in a data matching exercise is carried out with legal authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018. Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office's legal powers and the reasons why it matches particular information.

Internal audit team