Section 4:
Major recommendations

4.1 This section contains our major recommendations to help Thanet take advantage of the opportunities for improvement we identified during the inspection. It follows the order set out in sections 2 and 3. The major recommendations are designed to help Thanet further improve the security of benefit delivery and the effectiveness of the administration by:

• increasing and improving joint working arrangements with BA, BFIS and ES by making more effective use of joint liaison meetings
• further development of internal monitoring and review mechanisms to give assurance of the continuing effectiveness of the service delivery and the counter-fraud strategies and activity
• reviewing and improving training for both the benefits administration and the fraud investigation staff
• giving the benefit processing staff guidelines and training on the use of discretionary powers to ensure that they make rational judgements on individual cases and do not follow fixed rules or policies or use the powers for improper purposes
• reviewing the year 2000 work programme to correct the identified deficiencies in its preparations.

Benefits administration

Claim initiation

4.2 A suggested joint action plan of issues for discussion at joint liaison meetings to help to further improve joint working between Thanet, BA and ES is at Appendix V.

4.3 We consider that the implementation of the suggestions for improvement in the action plan, with particular reference to better review and monitoring mechanisms, will enable Thanet to benefit from improvements in an area where the current delays in the passing of information from BA, BFIS and ES have a direct impact on Thanet's performance. We consider that a reduction in the time taken to pass information to Thanet would reduce the pressure on Thanet to process IS claims for HB and CTB quickly and allow it to move the emphasis from speed of processing to quality of processing. Greater emphasis on the quality of processing will give greater assurance to all parties that only legitimate claims for HB and CTB are entering the system.

4.4 BA’s delay in passing information to Thanet can cause higher overpayment and considerable overpayment recovery difficulties for Thanet. Any reduction of the delay will make Thanet's already very good HB debt recovery performance even more efficient, reduce the amounts of recoverable overpayments and resolve some of Thanet’s current problems in recovering money owed by both landlords and claimants.

4.5 Greater efficiency will improve Thanet's already excellent recovery rate and generate savings over time. This will in turn allow the resources currently used to recover overpayments to be used in other areas where shortage of staff resources is inhibiting performance.

Assessment and determination

4.6 Thanet accepts that the provision of training is an area in which it can improve and it plans to develop a comprehensive induction and refresher training programme for both assessment and investigations staff. We commend Thanet for this approach and recommend early implementation of these plans.

4.7 The implementation of a formal training programme will benefit Thanet by ensuring that all the staff have the necessary skills and expertise to get it right first time. Together with an improved procedure manual and the quality assurance checks, it will go some way to resolving the problems of inconsistent working practices between the assessment teams.

4.8 We recommend that the formal training programme should also include training for all benefit staff in the LA’s discretionary powers, particularly those identified in the main body of the report. The training should be complemented by appropriate written guidance on the legislation, software and procedures. It is vital that all the discretionary areas are included in the quality control checks the team leaders and ABMs currently make. This will help Thanet to assure the Secretary of State (SoS), and internal and external auditors that it uses rational judgements based on all relevant facts to make decisions and determinations on HB and CTB claims.

4.9 We recommend that Thanet further develops and improves the internal monitoring and reviewing mechanisms by:

• better collection and use of management information and systems
• setting SMART targets and objectives
• developing a mechanism for monitoring performance against these targets and objectives
• providing a powerful diagnostic tool for the pursuit of excellence and continuous improvement.

4.10 This will benefit Thanet by creating an environment and culture which encourages continuous improvement in the provision of an efficient and effective benefits service.

Payment and accounting

4.11 Deficiencies in Thanet’s state of preparedness for threats to business continuity which are posed by the year 2000 date change are at Appendix P. Thanet must review its work practices in this area and in particular must:

• continue to raise and maintain awareness of the year 2000 problem throughout the LA
• produce plans of year 2000 work with key milestones, achievements and exceptions (where targets have not been met) so that it can assess the whole picture and take remedial action
• develop formal monitoring and reporting procedures for all those responsible for year 2000 work to report to the IS/IT strategy group and onward to the management team on a regular basis
• compile an inventory of embedded systems to monitor compliance progress and formally assess the risks posed by a failure
• document all year 2000 action and have auditable records available for external scrutiny
• initiate independent checks of year 2000 work to validate progress, for example by DA
• include year 2000 in the existing risk management process
• develop business continuity plans incorporating contingencies for the year 2000 date change
• give the IT manager Internet access.

Counter-fraud work

4.12 Thanet offers a good counter-fraud service, but could provide a better one. A sustained and effective counter-fraud effort requires:

• effective controls from the start
• monitoring and review of the effectiveness of these controls against the changing risk profile
• modification of controls to reflect changing risks and maintain effectiveness.

4.13 These recommendations are intended to help Thanet to achieve continuous improvement and a greater level of assurance in the security of the benefits system and the efficiency of counter-fraud activity.

4.14 Thanet has produced the following important strategic documents which are intended to provide a framework for operational counter-fraud activity:

• Benefits anti-fraud strategy
• Prosecution policy
• Fraud business plan
• Code of conduct for staff
• The prevention of fraud and corruption – a policy statement.

4.15 Detailed recommendations about these documents are in the minor recommendations later in this report.

4.16 Producing these documents is an important first step, but it is only half the battle. We recommend that Thanet sets in place a mechanism to ensure that:

• the policy and strategy documents contain all necessary information (see minor recommendations for detail)
• policies and strategies are translated into targeted and effective operational activity and that they continue to be effective. This can be achieved by:

• setting appropriate and measurable targets and performance indicators
• monitoring performance against these
• regularly reporting on achievement against targets to senior management and members.

4.17 The adoption of this good practice would allow Thanet to build on its strong foundations in a structured and co-ordinated way, which would produce improved counter-fraud results in terms of:

• WBS claimed
• numbers of prosecutions undertaken
• a reduction in the opportunities for fraud (internal and external).

4.18 This in turn would give Thanet continuing assurance that counter-fraud efforts remain effectively focused on the most vulnerable areas of the benefits system.

Deterrence and prevention

4.19 Prevention of fraud within any system relies on a sound understanding of the areas of fraud or security to which it is vulnerable.

4.20 We recommend that Thanet undertakes a risk assessment that:

• describes and prioritises areas of risk throughout the benefits payment system
• describes the controls that are currently in place against each area of risk
• reviews the adequacy of each of these controls
• identifies where different controls are needed or existing controls need to be improved to ensure that appropriate prevention mechanisms exist.

4.21 A risk assessment would bring a number of benefits to Thanet. It would:

• give greater assurance of the security of the benefits payment process
• provide a framework for all counter-fraud activity
• allow Thanet to continually assess changing areas of risk and react more quickly and effectively in the prevention of fraud.

4.22 Various types of security control can be used to prevent fraud or other types of security breach. These can be technical, procedural, management, personnel or physical controls. To be effective, these controls must be used in a complementary and cost-effective manner appropriate to the risk. This can only be achieved if risks across all processes and procedures are identified. If only certain elements of the process are secured, this increases the vulnerability of other ‘unsecured’ elements and the likelihood of fraud.

Internal controls

4.23 Whilst we acknowledge the existence of Thanet's code of practice Successful staff selection, we recommend that Thanet introduces corporate monitoring mechanisms XXXX XXX XXXX XXX XX XX XX XXX XXX X

• XX XXXXXX XXXX XXX XXXX XXXXXX XX XXXXXX XXX
• XXX XX XXXXXXXXX XXXXXX XXX XX XXXXX XXXXXX
• XXX XXX XXXX XXXX XXXXX XXXXXX XXXXX XXXXXX
• XX XXXX XXXX XXX XXXXXX XXXX XXXXXXX XXXXXX
• XXXXX XXX XXXXXX XXX XXXXX XXXX XXXXX XXXXX
• XXX XXXXXXXX X XXXXXX XXXXXX XXX XXXXX XXXX

4.24 The implementation of such a policy will give Thanet greater assurance of the security of the benefits payment process from internal or collusive attack. Such a policy is a key element of an anti-fraud environment.

4.25 We are concerned about the time that IA has been able to allocate to audits of the benefits section in recent years. We do not believe that the time allocated is adequate or proportionate to the degree of expenditure or exposure to risk. We recommend that IA conducts an end-to-end audit of the benefits system and its interfaces. IA should produce a comprehensive plan which, at a minimum:

• sets a timescale for the delivery of the audit
• identifies and commits to a number of days which will be sufficient to conduct an end-to-end audit
• describes how it will monitor and review the implementation of any recommendations
• describes how the level of assurance obtained from this audit will be maintained and reported to senior officers and members.

4.26 This audit should be run in conjunction with the risk assessment suggested earlier in this section. Both activities will benefit from the other’s findings. Once IA has conducted a full audit, it will be able to audit components of the overall service. IA should develop a plan for a rolling programme of HB audit activity which ensures that all benefits system component parts are audited within a 5-year period.

4.27 This will ensure that Thanet has an appropriate degree of assurance in a system that IA has neglected in recent years. Such an end-to-end audit will also be of great value in assessing risk in the payment system. This will allow Thanet to feel fully in control of its exposure to risk rather than a ‘hostage to fortune’.

4.28 We recommend that Thanet prepares and documents business continuity plans. These should describe what actions will be taken (and who is responsible for taking them) to ensure that Thanet can continue to meets its obligations if any business-critical element of its benefits payment system fails. This plan should include:

• a description of potential failure scenarios and their likely impact on business continuity (that is, if they will lead to total service failure and if so, for how long?)
• a description of how Thanet will manage each scenario to ensure that core HB business can continue
• a clear allocation of responsibilities
• an appreciation that some failure scenarios may increase fraud or security risks by forcing reliance on less secure systems or procedures
• the identification of any claimant groups or other organisations which may be affected by a service failure (in this area it may be advantageous to do some joint planning with BA)
• a description of how the plans will be or have been tested.

4.29 Continuity plans will give Thanet confidence in its ability to continue to meet its obligations to its customers and DSS in the event of any failure of a business-critical element of its benefits payment system.

4.30 Continuity planning for the year 2000 date change is covered elsewhere.

* Highlighted parts of this report are omitted from the published version as they may assist fraudsters or may contain confidential commercial information.