Report of: The Internal Auditor, BDO

Purpose of report: To update the Audit and Governance Committee on work conducted to provide assurance around the use of purchase cards and expenditure.

Recommendation(s):

·       That the Committee notes and discusses the report.

The Internal Auditor (GD) provided a summary of the report, including a detailed outline of the payment card processes for the Committee’s benefit. The Committee understood that this audit report had concluded a limited opinion, however, were also informed of the ongoing work to improve the matter. The Internal Auditor (GD) informed the Committee of his confidence that the matter is being taken seriously and committed to providing a robust follow up report in the future to assess the progress made.  

Phil McGaskill, Revenues and Service Delivery Manager, and Kieran Edmunds, Rapid Rehousing Manager, were also present to respond to questions.  

The Revenues and Service Delivery Manager noted that the audit findings were expected, and improvements were already underway with all recommendations being acknowledged. The Committee were informed that an assessment to identify possible fraud had been undertaken and returned no evidence of any incidents; it was emphasised that all transactions investigated had been legitimate and are now recorded. The main issue identified was lack of management approval on transactions, for which the Committee heard the details of work ongoing to improve this. The Revenues and Service Delivery Manager also explained that a revised policy is now in place which outlines the responsibilities and consequences for non-compliance, and a full review of all credit cards has taken place. Furthermore, a reminder system is now in place for authorising officers. Since the changes have been implemented, the Committee understood that the outstanding value of unapproved spend has reduced considerably to £9000 and is continually declining. Any delays to this have resulted from technical difficulties with Barclay Card.  

The Group Finance Director recognised the concerns raised in the audit report and emphasised his confidence in the Revenues and Service Delivery Manager for handling the matter. The Committee heard that action has already been taken to suspend cards for users who do not comply with the requirements, and this will continue as required.  

The Chair invited questions from the Committee. 

Councillor Ottino queried whether the matter would translate into a performance management target for all officers who hold a card and asked what impacts the removal of a card has on council functions. The date of the next follow-up report was also requested.  

 
Councillor Smith queried whether there are any other sanctions apart from card removal, emphasising the risk of possible fraud.  

The Revenues and Service Delivery Manager clarified that to date, all checks made relating to fraud have returned no evidence of any examples; it was also explained that the issue relates more to a breakdown in process and how managers approve payments. In response to queries regarding the impact of card removal, it the Committee heard that most service areas have more than one card, therefore in the case of emergencies, a card should still be accessible. If a colleague with a card cannot be found within a service area, the register of all those holding payment cards can be utilised to track down an alternative.  

 
Councillor Jupp sought to clarify whether the outstanding value of £9000 mentioned previously as the amount to which the backlog had been reduced to was accurate. The Revenues and Service Delivery Manager confirmed this, noting that the backlog had been reduced to £9000 since the report was published. Councillor Jupp also asked whether there is a target amount of money or number of transactions that the Council expects to never reconcile as a result of this issue. The Revenues and Service Delivery Manager noted that it is currently expected that all transactions on the list will be able to be concluded over time.  

Councillor Jupp, in reference to page 78, noted the breakdown of the amounts of money the Council has reconciled by year, and asked how much of the remaining balance needs to be reconciled from 2022 against the whole. The Revenues and Service Delivery Manager committed to reporting back on this number.  

The Internal Auditor (GD) clarified that that the audit reports agrees that no fraud has been identified, however it is not possible to conclusively say that none has occurred.  The Committee also heard that a follow up report will be delivered at the next meeting in January 2026. 

Councillor Smith expressed concern in relation to page 78 and the exclusion of payment card information relating to ODS and OX Place from the report. Councillor Smith recommended that BDO conduct a separate purchase card governance review for ODS and OX Place. The Group Finance Director confirmed that this would be possible as BDO cover audits for ODS and OX Place, but explained that these are delivered and managed separately to that of Oxford City Council.  

 
Councillor Corais firstly asked how much confidence there is that no fraudulent activity has occurred given the lack of documentation. Secondly, Councillor Corais queried how the council ensure that leavers are promptly identified, and cards deactivated when required, and lastly, information on the training available to support card holders and approvers was requested. 

The Internal Auditor (GD) reiterated his earlier comments which confirmed that no fraud has been identified, however it is not possible to conclusively say that none has occurred.   

In response to Councillor Corais, the Revenues and Service Delivery Manager explained that documentation regarding officers leaving the council with payment cards is now incorporated into HR processes and should this occur, the card is recovered and destroyed. It was also confirmed that monthly transaction checks occur. In relation to training, the Committee heard details of the new procedure note which has been circulated to all cardholders detailing how they should use the card; they are required to sign this to ensure they are aware of consequences for non-compliance or misuse.  

Councillor Ottino requested clarification on the purchase limit noted in the report and asked how this impacts emergency situations.  

The Revenues and Service Delivery Manager clarified that payment limits do not restrict responses to emergencies as usually there is more than one card holder within a given service area. If a larger spend is required in an emergency situation, this can be authorised centrally.  

Councillor Smith suggested that the lack of a spend plan or payment card access in an emergency situation could constitute a major risk for the Council and suggested this be considered within the corporate risk register. The Group Finance Director clarified that the Council does plan as far as possible for such risks and explained how the use of multiple payment cards facilitates quick responses.  

The Rapid Rehousing Manager provided an insight into the new procurement framework developed within housing services, noting that it may respond to some of the risks posed by payment cards gaps. The Committee heard a summary of the alternative payment methods, such as invoicing, to be used for block contracts with temporary accommodation providers.  

The Chair thanked the Internal Auditors for the report and noted his anticipation of the update report in January 2026.  

The Committee reviewed and noted the report.