An internal audit report into Brent Council's planning application process by PriceWaterhouseCooper (PcW) has given only a 'Limited Assurance' rating and identified high and medium risks of error or fraud. The report LINK which was submitted in November 2016 will be discussed at the Audit Committee on Wednesday January 11th 7pm at Brent Civic Centre.
In the last year there have been major staff changes in the Planning Department. Both planning and regeneration come under the Strategic Director for Regeneration and Environment. Recently the lead member for Regeneration, Growth, Employment and Skills, which also covers planning policy, Cllr Roxanne Mashari, resigned from the Cabinet earlier this month to be replaced by Cllr Shama Tatler.
The summary states: (my emphasis highlighted in yellow)
A new management team has been in place since May 2016 and there was evidence of some improvement being made to the system of controls within the planning application assessment process. However, our review did identify significant weaknesses in the planning application review and assessment process due to issues in the design of automated and user access controls with the system used to process planning applications, Acolaid. Issues identified around the system audit trail, user access rights and system enforced controls in place mean that the system is highly susceptible to manipulation and abuse through inappropriate or fraudulent activity and action should be taken immediately by management to strengthen the controls embedded within the system. We have included on page 4 a summary process map identifying the key weaknesses within the overall control system.
Based on the findings identified by this review we are only able to give Limited Assurance over how the risks covered by this review are being mitigated. Key findings
Given the multi-million value of planning applications in Brent and the fact that for several years now, as pointed out on this blog, major decisions are delegated to the head of planning, this is an area of obvious concern. As with any Audit Report an action plan has been devised for each area of concern but councillors will need to step up their scrutiny of the internal working of their own department to ensure it is fit for purpose.
• The audit trail supporting the completion of key planning tasks is driven by the user selection from a drop down field that any user can amend rather than being automatically recorded based on the username within the system who has actually processed the task. The audit trail, including evidence of key approvals in the planning application process, may not accurately reflect who has actually performed the task and could be susceptible to manipulation to hide inappropriate activity.
• The system does not enforce segregation of duties between key parts of the planning process such as the initial assessment of the application by a Planning Officer and the subsequent approval by a Planning Manager.
• Roles and responsibilities are not fully aligned to access rights within the system. There are 9 levels of user access rights in the Acolaid system. Those responsible for granting/amending access rights were not able to define what access rights these user profiles permitted.
• Acolaid system user access rights have not been regularly reviewed by management. There are 739 user IDs listed on the Acolaid system. 429 (58%) users had not used the system since 30/3/2016 at the time of audit (01/08/2016) consisting of staff that have left the Council or who no longer require access to Acolaid. There is no effective mechanism in place to identify users who have left the Council or no longer require access to the system and withdraw access rights accordingly.
• There is no evidence an anti-bribery risk assessment has been completed for the Planning Department and anti-bribery awareness training has not been provided to planning staff. The Council may not be able to demonstrate that it has taken steps to prevent bribery resulting in non-compliance with the Bribery Act 2010 which could result in reputational damage and prosecution under this legislation.
• The Council officers a pre-application advice service in relation to prospective planning applicants. Advice issued should be subject to review in advance of being issued. 7/101 (7%) of pre-applications had been processed and reviewed by the same person.
An immediate question that springs to mind is whether, historically, any fraud may have taken place or major errors made? Are any investigations planned into past planning application decisions in the light of this report?
The report states:
Planning Officers are bound by the Royal Town Planning Institute's Code of Conduct, which includes competence, honesty and integrity as key principles. However, this does not include any specific requirements regarding anti- bribery. We reviewed the Council's Anti-Fraud and Bribery Policy and found:• The Council has committed to maintain adequate and proportionate procedures to prevent bribery, undertake anti-bribery risk assessments and make all employees aware of their responsibilities to adhere strictly to this policy at all times;• An anti-bribery risk assessment for the planning applications process and anti-bribery awareness training has not been provided to staff;• A planning code of conduct is in place for members, however this does not include provisions relating to officers. We note that the code of conduct is currently being redrafted to include officers; and Planning Officers are required to flag any potential conflicts of interest in processing planning applications on an ad-hoc basis, but there is no requirement to make formal written declarations and a register of interests is not maintained.
These are the risk assessment findings:
HIGH RISK Approval of planning applications: System-audit trail and workflowThe Acolaid system does not accurately record the allocation and completion of work and the audit trail is susceptible to manipulation. In addition the system does not enforce segregation of duties for key parts of the process and system access rights do not reflect roles and responsibilities. As a result planning applications may be approved without the prerequisite review and approval in line with roles and responsibilities in place. This could result in planning applications being approved inappropriately due to fraud or error.
HIGH RISK Acolaid System use accessSystem access rights do not reflect current roles and responsibilities. Individuals who do not require access to the system or have left the Council have access to the system and are able to make inappropriate changes to records and standing data due to fraud or error.
MEDIUM RISK Anti-bribery arrangementsThe Council is not able to demonstrate that it has taken steps to prevent bribery resulting in non-compliance with the Bribery Act 2010 which could result in reputational damage and prosecution. Inappropriate decisions are made regarding proposed planning applications due to bribery and undue influence.
MEDIUM RISK Pre-application adviceInsufficient segregation of duties and independent review of pre-application advice may result in poor quality advice not being identified and resolved or inappropriate advice being issued based on the scope of services that can be provided at the pre-application stage.
MEDIUM RISK Management Information Control designThere is insufficient performance information available to management to facilitate effective oversight of operational performance. Operational issues are not identified and resolved in a timely manner.