Consultancy services

 Local Councils, Internal Drainage Boards and other Smaller Authorities in England and Wales all need to properly prepare for their interim (where applicable) and year end audit. Audits can be very stressful, and critical to decreasing the stress of the audit is preparation. Preparation and planning are key to helping you achieve a smooth and successful audit.

Audits are a process where an organisations financial and governance records are examined and verified to ensure accuracy and fair representation. The audit is the keystone which satisfies statutory regulations and maintains the public trust for government funded organisations. Without auditing, government funded organisations could inadvertently misstate their financial records, fail to comply with their lawful authority and misrepresent their operational efficacy, making themselves appear more performant than they actually are.

Two different audits are performed for government funded organisations and charities:

• Internal audits are performed by independent companies or entities. The independent auditor signs off the required Statutory Return and provides a detailed internal audit report to the organisation being audited, for onward submission to the appointed external auditor, with the year-end submission.

• External audits are performed by the Government appointed external auditor. The External Auditor reviews the audited accounts, governance statements and detailed internal audit review prior to issuing its certificate and report and the conclusion of audit notice.

Preparing for an audit is crucial in ensuring that the government funded organisation receives an unqualified or clean opinion. The opinions essentially mean that the auditor stamps its approval that the financial and governance records are not materially misstated and that other statutory requirements have been met.

How we can assist you

Our Audit & Internal Controls Advisory team is able to assist you with the following:

• Creating an Audit Check List
• Audit schedule preparation
• Review of Financial Records during the financial year
• Review of Financial Reporting during the financial year
• Review of Standing Orders and Financial Regulations
• Review of Internal Controls
• Review of website in relation to published governance, finance and statutory documentation
• Review of Statutory Notices
• Review of prior year Internal and External Audit reports and the implementation of recommendations and instructions contained therein
• Review of Sales and Purchase Ledger (where in use)
• Review of procurements within the financial year
• Review of VAT
• Review of Health & Safety and Business Risk Registers
• Review of Insurance policies
• Review of Budget Setting and Precept determination processes
• Review of Employee contracts, salary payments and HMRC returns
• Review of Fixed Asset Registers
• Review of Investment Registers
• Review of Financial Exposure
• Review of Investments and Loans
• Review of Charitable Trusts and / or Trust Funds if the organisation acts as a trustee

Our approach is aimed at developing a detailed audit preparation process for your organisation, which can be conducted on a one off or an annual basis, that ensures that our advice is of lasting value to you.

The Data Protection Impact Assessment (DPIA) is an instrument which is used to identify the privacy risks associated with data processing prior to the event, and then develop comprehensive and quantifiably defined measures to reduce these risks. A DPIA is mandatory under certain conditions. All organisations in the UK that process personal data must comply with these two data privacy laws or risk fines of up to £17.5 million or 4% of annual global turnover – whichever is greater.

In the UK, data protection is governed by the UK GDPR (General Data Protection Regulation) and the DPA (Data Protection Act) 2018, which should be read together. Organisations may be required to carry out a Data Protection Impact Assessment. 

A DPIA is required when a data processing operation is likely to pose a high privacy risk to the people whose data the organisation is processing or when an organisation falls into one of the following categories:

• The systematic and comprehensive assessment and or aggregation and repurposing of personal data aspects based on automated processing, including profiling and rules based decisions processing that may have an impact on natural persons;
• Industrial scale processing of special personal data or criminal data.
• Industrial scale systematic tracking of natural persons in a publicly accessible area (e.g. with camera surveillance).

In addition, the Data Protection Authority has drawn up a list of types of processing for which the performance of a DPIA is mandatory before a processing operation starts. For all variants, it is your own responsibility to determine whether a DPIA is necessary.

How we can assist you?

Our Audit & Internal Controls Advisory team is able to assist you with the following:

• Determination as to whether a DPIA is necessary for your organisations type of data processing
• Design and perform the DPIA for your organisation as a single even or a continuous process
• Implementation of the DPIA
• Integration within your organisations Risk Management processes/systems
• Continuous monitoring of your organisations data processing requirements

Our approach is aimed at developing a detailed and proportionate DPIA for your organisation, which ensures that our advice is of lasting value to you.

A General Data Protection Regulation (GDPR) compliance audit is an independent audit of an organisation’s compliance with the GDPR legislation which may be amended from time to time.

The purpose of a GDPR compliance audit is to assist organisations to ensure that they meet all their obligations under the GDPR and to make recommendations for improvement where areas of weakness or non-compliance are identified. We recommended that all organisations conduct a GDPR audit at least once a year during the first three years, and then at a time interval indicated by the size, complexity and risk factor.

Under the Regulation, personal data must be processed according to six principles:

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality

These are underpinned by the principle of accountability: Data controllers must keep certain records to demonstrate organisational compliance.

The GDPR compliance audit considers the extent to which data protection policies and procedures, internal controls, reporting mechanisms are implemented and operating throughout your organisation and how responsibility and accountability is understood.

How can we assist you?

We audit the following:

• GDPR Governance documentation
• Corporate, including, Business and Health & Safety Risk Registers
• Privacy Risk Management Assessment
• Data Protection Impact Assessments
• Existing Data Protection Internal Controls
• Internal Communication of Data Protection Internal Controls, Responsibility and Accountability
• Risks to the Rights and Freedoms of Natural Persons identified
• Currently implemented pan-organisational GDPR infrastructure
• The roles and responsibilities of the Data Protection Officer (if in place)
• The roles and responsibilities of Data managers and inputters
• Identification of the organisations core activities requiring systematic monitoring of data subjects
• Identification of the organisations core activities requiring industrial-scale processing of sensitive personal data and data relating to criminal convictions and/or offences
• Scope of compliance
• Process analysis ensuring that Article 30 is complied with, and that data controllers are maintaining proper records of all processing activities.
• Privacy Information Management System (PIMS) ensuring that your GDPR documentation is current, can demonstrate compliance and an appropriate employee orientation and training scheme, which will assist your organisation working towards ISO 27701 (where required) the international standard that specifies the requirements for PIMS and aligned with GDPR requirements.
• Information Security Management Systems (ISMS) to ISO 27001:2013 standards to achieve independent audited certification to demonstrate compliance. Giving assurance that your organisation has adequate security measures in place to protect personal data in physical or electronic form as processed via your systems: review of published methodology for testing security, standards and codes of practice and current cyber security certifications.
• The Rights of Data Subjects: under the General Data Protection Regulation (as amended from time to time) Data Subjects have the following rights; The Right to be informed, The Right of access, The Right of rectification, The Right to erasure, The Right to restrict processing, The Right to data portability, The Right to object, Data Subject Rights in relation to automated decision-making and profiling.

Our General Data Protection Regulation (GDPR) compliance audit confirms the extent to which your organisation meets its requirements under the GDPR, assessing your data privacy and information security practices against regulatory requirements, Information Commissioner’s Office (ICO) guidance and IT Governance best practice, making recommendations for improvement where appropriate.

Our approach is aimed at developing a detailed and proportionate GDPR and Data Protection infrastructure for your organisation, which ensures that our advice is of lasting value to you.

Internal control is a process, effected by an organisations Members, Proper Officers and management, which is designed to provide reasonable assurance that:

• Statutory and management information is reliable, accurate and up to date
• It is compliant with applicable laws, Financial Regulations, Standing Orders,  policies, procedures and third-party agreements, and,
• Financial reports and management accounts are reliable

Internal controls are a mechanism by which problems and irregularities are identified, corrective action taken to correct and prevent errors. In the majority of cases, process owners within your organisation will perform controls, and interact with the control structure on a daily basis, sometimes without even realising it, as the controls are built into operational procedures.

How can we assist you?

Working the Greener Way – online, provides end-to-end internal control mapping, analysis, transformation, and implementation based on these fundamental concepts:

• Internal control is a business process: It is a means to an end, nor an end in itself
• Internal control is enacted by people: It is not just policies, manuals and forms, but the active engagement with and enactment by the people at every level of your organisation, and,
• Internal control can be expected to provide only reasonable, not absolute, assurance to your organisation’s members, responsible officers, management and executives

Internal controls are designed and implemented to further strengthen:

• The reliability and integrity of accounting data
• The reliability and integrity of governance information
• Compliance with Financial Regulations, Standing Orders, policies, plans, procedures, prevailing legislation and regulations
• Safeguarding the fixed assets under the ownership, conservatorship and control of any organisation
• The economical and efficient use of resources, and, 
• The accomplishment an organisation’s established short, medium and long objectives for operations

Our approach is aimed at developing a detailed and proportionate system of Internal Controls for your organisation, which ensure that our advice is of lasting value to you.

 A chairman/woman is elected annually by the Council Members elected to the Council. The main rules of law governing the role of the chairman/woman of Town, Parish and Community Councils are set out in the Local Government Act 1972, and, in particular, in Schedule 12 of that Act.

The position of chairman/woman is held by a councillor who is appointed at the council's annual general meeting held in May. The position is held for a period of one year and is apolitical.

During their civic year, the chairman/woman may also choose to raise money for charity through fundraising events.

A Vice Chairman is also appointed to represent the Chairman should they be unable to attend an event.

It is not only the chairman/chairwoman's duty to chair council meetings, but also to promote their constituency at civic and ceremonial events which may include functions organised by local and national organisations, charities and businesses where there is a local connection. 

This course covers the following learning objectives:

• The role of the chairman/woman
• Establishing a professional working relationship with the Proper Officer (Clerk) and the Responsible Finance Officer (RFO)
• The rolling Municipal year
• Creating the Agenda
• Instructing the Proper Officer to issue the Agenda and Summons
• Understanding the Council's Standing Orders & Financial Regulations
• Working with Members
• Working with Staff
• Chairing the Council meeting
• Recording absentees and latecomers
• Managing and recording the vote for formal Resolutions
• Implementing the casting vote where necessary
• Recision!
• Reviewing the Minutes with the Proper Officer 
• Managing unlawful practices within meetings
• Maintaining objectivity
• Budget setting and Precept determination
• Financial matters
• The Audit Process
• Annual Meetings
• Elections

Full digital course collateral work book provided on booking with pre-course preparation list.

Each half-day online course is four academic hours (45 minutes) 3 hours long, with a 15 minute break half way through the course.

All Council and Committee meetings should be run respectfully, efficiently and effectively.  The proper management of the council chamber to enable open debate of business is critical to the performance and proper operation of every council, irrespective of its size:

This course covers the following learning objectives:

• The purpose of Council and Committee meetings
• The role of the chair
• Critical skills required to chair a productive meeting
• Planning the meeting
• Constructing an agenda – working in concert with the Proper Officer
• Managing the meeting: maintaining focus and professionalism
• Managing Members; absentees, latecomers and dominant personalities
• Managing disruptive members of the public
• Working in concert with the Proper Officer to record the permanent record of the meeting
• Managing 'extraneous business items & meetings within meetings’
• Maintaining objectivity and facilitating debate
• Complying with Standing Orders, Financial Regulations & prevailing legislation
• Action Planning

Full digital course collateral work book provided on booking with pre-course preparation list.

Each half-day online course is four academic hours (45 minutes) 3 hours long, with a 15 minute break half way through the course.

The main function of a Town, Parish or Community Councillor is to represent the views of all residents within their constituency. To listen to, and understand, the views and needs of individuals and different groups. As a Councillor there is a responsibility to be well-informed about local views. Councillors cannot assume that they represent the interests of the electorate without consulting them.

Town, Parish and Community Councillors are elected, or co-opted representatives, not volunteers or employees.  Usually Councillors serve for a 4 year term, unless co-opted or elected in a bye-election when they serve until the next election. All Councillors must comply with their Council's statutory authority, Standing Orders, Financial Regulations and with the Code of Member Conduct.

Councillors are required to contribute to the proper operation of the Council by serving on the Council, its committees and working groups, contributing to constructive debate in a professional and measured manner,  responding to the needs and views of the community and influencing council policies which effect their constituents. 

This course covers the following learning objectives:

• Becoming a Council Member
• The Declaration of Acceptance of Office
• The Register of Members Interests
• The Code of Conduct
• The seven principles of public life: Selflessness, Integrity, Objectivity, Accountability, Openness, Honesty, Leadership
• The Role of the Council Member
• The powers of the Council Member
• Answering the Summons to Council meetings and absence
• The two Annual Meetings
• Appointment to committees and working groups
• Appointment to external organisations
• Acting as the impartial voice for your community
• Participating in the Council meeting
• Voting
• Responsibilities for services including, possibly public open spaces, play areas, village halls, closed churchyards etc.,
• Influencing and shaping council policy
• Planning
• Improving the quality of life and the environment in your constituency
• Working to identify issues of importance to local residents 
• Procurement
• Financial matters
• Budget setting & Precept determination
• The annual audit cycle
• The Municipal Year

Full digital course collateral work book provided on booking with pre-course preparation list.

Each half-day online course is four academic hours (45 minutes) 3 hours long, with a 15 minute break half way through the course.

The role of the Responsible Finance Officer (RFO) within a council is the only position which is required, by statute to be held by an employee of the Council.  The RFO is responsible for maintaining an effective framework for managing the council’s financial resources, regular and accurate reporting to Council members, maintaining the council's accounts in good order and the preparation of the year end accounting statements and statutory Annual Return.

This course covers the following learning objectives:

• The Statutory obligations of the Responsible Finance Officer
• Working with the Proper Officer (Clerk) where applicable
• Understanding the common terms and regulatory framework  
• Understanding the powers and sources of income available to the Council
• Using or selecting Accounting Software
• General principles of accounting  
• Accounting and strategy guidance 
• Financial Regulations 
• Standing Orders 
• Financial and Business Risk Assessment
• Internal Controls  
• Daily, weekly and monthly accounting procedures 
• Earmarked reserves
• Monitoring your budget
• Procurement processes
• The Tender process (contracts finder and sell2wales)
• compliance
• Purchase Invoice processing / Purchase Ledger
• Sales invoice processing / Sales Ledger
• Other income streams
• Contracts
• Accounting for Trust Funds and Charitable Trusts (where applicable)
• Salary processing
• Handling Petty Cash
• Reporting to your Members - agreeing the report pack
• The Budget setting and precept determination process
• Recording the Precept and Budget in the Minutes
• Preparing for the annual Internal and External Audits
• Working with the Proper Officer to respond to Internal and External audit requests
• Continuous professional development

Full digital course collateral work book provided on booking with pre-course preparation list.

Each full-day online course is eight academic hours (45 minutes) 6 hours long, with two 15 minute breaks half way through the morning and afternoon sessions and a 30 minute lunch break.

The annual audit is the keystone which satisfies statutory regulations and maintains the public trust in Town, Parish and Community Councils. Without auditing, government funded organisations could inadvertently misstate their financial records, fail to comply with their statutory duties, and/or misrepresent their operational efficacy, making themselves appear more performant than they actually are.

All Councils need to prepare for two different audits each year:

· Internal audit: Performed by independent companies or entities. The independent auditor signs off the required Statutory Return and provides a detailed internal audit report to the organisation being audited, for onward submission to the appointed external auditor, with the year-end submission.

· External audits: Performed by the Government appointed external auditor. The External Auditor reviews the audited accounts, governance statements and detailed internal audit review prior to issuing its certificate and report and the conclusion of audit notice.

This course covers the following learning objectives:

• Annual audit preparation
• Appointment of the internal auditor
• Receipt of the external auditor’s audit instructions
• Planning for the audit
• Collation and presentation of the accounting records
• Purchase Invoice sampling
• S126 and standard VAT returns
• Health & Safety and Business Risk Assessments
• Presentation of Standing Orders, Financial Regulations, and Minutes
• Budget setting and precept determination process
• Budget and reserves management
• Sales invoice sampling, client contracts and other income sources
• Petty cash reporting (where applicable)
• Salary payments and members’ allowances reporting, employment contracts and statutory deductions
• Financial accounts and investments reconciliations
• Accounting statements
• Limited Assurance Reviews and Exempted status
• Free to access website information and the transparency code
• Notice for the Exercise of Public Rights and the Accounts and Audit Regulations
• Publication Requirements for the English AGAR and Welsh AR
• Trust Funds and charitable trusts
• Variance reports and additional information
• Approval of the internal audit report, Accounting and Governance Statements
• Submitting your Return, internal audit and supporting documentation to the External Auditor.
• The External Audit certificate, report and notice of conclusion of audit.
• What happens next...

Full digital course collateral work book provided on booking with pre-course preparation list.

Each full-day online course is eight academic hours (45 minutes) 6 hours long, with two 15 minute breaks half way through the morning and afternoon sessions and a 30 minute lunch break.

This course has been designed for Data Protection Officers and employees who work in or are associated with data protection within UK companies and organisations. The Data Protection Officer (DPO) has a statutory basis in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The Data Protection Officer is responsible for their employer’s data protection compliance program.

Under the GDPR it is mandatory for certain data controllers and processors to designate a DPO. This is the case for all public authorities and bodies, and for other organisations systematically harvest, acquire and or manage personal data, or which process special categories of personal data on an industrial scale.

This one-day course prepares individuals who wish to take on the role and responsibilities of  the Data Protection Officer, including an introduction to privacy law, the GDPR articles, and the designations, tasks and statutory position of DPO.

Learning outcomes: 

· Introduction to Privacy Law in England and Wales 

· UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018

· Peripheral legal frameworks concerning Data Protection

· Regulation and compliance 

· The role of the Data Controller and Data Processor

· The role of the Information Commissioner as the UK Regulator 

· Individual Rights and the lawful basis for processing data

· Process of special categories of personal data under Article 9(1)

· International data transfer governance & compliance 

· The Data Protection Officer: role, experience, skills and relationships 

· Designation, position and Relationships of the data protection officer

· Data Protection Impact Assessments (DPIAs)

· Risk Management : Health & Safety and Business Risk

· Professional Advice

· Implementation of Risk based data management systems

· Security relating to data processing

· Internal Controls and Management reporting

· Developing you documentation

· Data subject requests

· Communication of a data breach

· Liability

· Continuous professional development

Full digital course collateral work book provided on booking with pre-course preparation list.

Each full-day online course is eight academic hours (45 minutes) 6 hours long, with two 15 minute breaks half way through the morning and afternoon sessions and a 30 minute lunch break.