Compliance Audit

Compliance Audit applies to organisations receiving funding under HCA affordable housing programmes to ensure that policies, funding conditions and procedures are followed.

Compliance Audit

The Annual Compliance Audit Programme provides assurance that organisations receiving grant (Providers) have met all the Homes and Communities Agency’s requirements and funding conditions, and that providers have properly exercised their responsibilities as set out in the Capital Funding Guide. Standardised checks are made by provider appointed Independent Auditors (IAs) on an agreed sample of schemes which have received HCA funding under current and earlier affordable housing programmes. Compliance Audit does not reduce the responsibility of the provider and the Agency to ensure that the costs in any claim for grant are appropriate and have been properly incurred.

Policy, procedures and guidance

All HCA funding requirements for Providers are set out the Capital Funding Guide (CFG) together with the relevant Contract or Agreement and funding conditions. Depending on the funding programme, the following documents may also be applicable:


Design Quality Standards

Programme guidance

Policies and procedures may change with the funding programme, therefore providers and IAs must satisfy themselves that they are referring to the policy and procedures current at the time.

Compliance Audit guidance

The compliance audit procedural requirements are set out in Chapter 2 of the Capital Funding Guide, on 2015 to 2018 Affordable Homes Programme Management. Section 6 of this chapter covers the current reporting and audit requirements for all programmes, including Standardised Terms of Engagement for Independent Auditors.

Compliance Audit checklists, the breach list and related documents can be downloaded from the CA documents page.

Audit document file

Providers must maintain a comprehensive scheme file (or equivalent) that contains all relevant documents for Compliance Audit purposes. Phased schemes should be identified separately on documentation. The following list is indicative of the types of documents which will be examined. It is not intended to be a comprehensive listing.

i. Shared ownership, Affordable Rent and Social Rent schemes:

  • Valuation report for the site/property acquired. The report should: Take account of all the relevant factors affecting the site/property and its development; Carry the valuer’s original signature; Clearly identify the site/property which is the subject of the valuation on an accompanying plan endorsed by the valuer; and Be valid at the date of exchange of purchase contracts;
  • (Where the vendor is a local authority) A letter from the local authority endorsing valuation
  • Confirmation from provider’s solicitors of the dates of exchange of purchase contracts and of completion, the purchase price paid and a comprehensive report on title (except works only schemes);
  • Documentary evidence to indicate that the procurement arrangements used agree with arrangements and procedures approved by the provider’s governing body;
  • Where providers are receiving any other subsidy they must maintain a funding profile on file showing that grant is not being received in respect of costs subsidised by any other body;
  • Where capital contributions to the scheme from other sources, including other public sources, are involved, confirmation of the amounts on offer and the sources of funding should be retained, including any correspondence with the third party (parties);
  • (For schemes subject to s106 agreements) Full details of off-site works required by vendor or obligations imposed by the local authority;
  • (For schemes subject to s106 agreements) Detailed estimated costs associated with s106 works;
  • Surveys, drawings, specifications, specialist and other consultants’ reports;
  • Terms of appointment of consultants;
  • Evidence of the basis of selection of consultants and building contractor;
  • Copies of the building contract document and final account documentation;
  • Planning permissions, building regulations approval and any other statutory consents;
  • Details of the insurance of the property during construction and following completion;
  • Sale valuations (Sale schemes only);
  • Details of prospective rents documented on the provider’s development files;
  • Certificate of Practical Completion (including where partial possession is appropriate provided that all the units have been handed over leaving only external works to be completed);
  • For major site development works and VAT - final certificate/account in respect of the pre works and VAT certificates equating to the actual works costs above NB: these figures must together equate to the actual works cost element included in the final costs statement mentioned above;
  • Consultant’s estimate of final works costs and, where appropriate (Design and Build and Package Deals, etc.) a separate estimate of the non-works elements, e.g. on costs;
  • Latest interim certificate showing actual costs to date;
  • Rural Repurchase - record of surpluses made on staircasing transactions; and
  • (For charitable providers that have claimed grant to cover VAT) A letter from Customs & Excise or the RP’s professional adviser confirming that the supply cannot be zero rated; and

In addition, for:

ii. Schemes for rent:

  • Details of rents, including housing benefit eligible service charges.

iii. Schemes for shared ownership:

  • A property schedule showing addresses, floor areas, and valuations for the completed properties, together with actual rents and housing benefit eligible service charges;
  • Sales valuations; and
  • Copies of leases.

iv. Affordable and Social Rent schemes where the vendor is a public body offering Other Public Subsidy in the form of discounted land: To confirm the amount of Other Public Subsidy that the provider may have received, both of the following must be kept on file by the provider for Compliance Audit purposes:

  • A copy of the Market Value valuation provided by a qualified independent valuer, either obtained by the Local Authority or commissioned by the provider; and
  • A letter from the public body stating that it endorses the valuation

The Compliance Audit System

The HCA manages the annual Compliance Audit programme using a web-based IT system. Registered uses can access the Compliance Audit system

The system is accessible to HCA staff such as HCA Lead Auditors, and non-HCA staff such as providers and their appointed Independent Auditors. It provides a communication platform including alerts to participants, tracks programme delivery and records annual audit findings and outcomes.

External users of the Compliance Audit system will be set up by their organisation’s Investment Management System’s (IMS) Primary Security Administrator and will be required to log in with username and password.

Audit set up and Independent Auditor reporting

The audit year runs from 1 April to 31 March. Scheme sample selection will take place early in the audit year, following which HCA Lead Auditors will notify providers of their selection, and inform them of the indicative number and type of schemes in their sample to assist with Independent Auditor procurement.

Audit appointment

Providers must engage an Independent Auditor in line with published guidance in Chapter 6 of the Capital Funding Guide, using the standardised form of appointment published there. Procedural Compliance Audits are expected to be carried out over a three to four month period (most likely between July and October) and before the Long Stop Date which will be set each year by the HCA. Providers must confirm their Independent Auditor appointment, audit start dates and contact details on the Compliance Audit system. Providers and appointed Independent Auditors can access the schemes selected for audit in the Compliance Audit System four weeks before the audit is scheduled to commence.

Annual Independent Auditor and Provider seminars and training

Each year over the summer period, the HCA organises a number of Compliance Audit update seminars for Providers and Independent Auditors, to update them on changes to policy and procedure and to disseminate good practice. All providers being audited and their Independent Auditors, particularly those new to the audit process, will be expected to attend an HCA scheduled training event.

Audit process

During the audit, the Independent Auditor checks each scheme for compliance using questions from HCA published checklists, dependent on funding programme and scheme type. The Compliance Audit system automatically presents the correct set of questions for each scheme. The Independent Auditor reviews scheme information contained on file and HCA’s Investment Management System (IMS). The Independent Auditor completes the relevant Compliance Audit system checklists, setting out any ‘findings’ against published HCA policy and procedures.

A ‘finding’ could mean that the Independent Auditor has deemed that a question is not applicable to the type of scheme being audited, allowing the HCA Lead Auditor to confirm whether he/she agrees. Equally a ‘finding’ could indicate a problem for further consideration using evidence provided by the Independent Auditor and the provider. Independent Auditors may also upload documentary evidence in support of their responses to checklist questions on to the Compliance Audit System. For grant claims for Rent/Sale scheme types, the evidence set out below is required to be uploaded on to the Compliance Audit System:

SOS grant claim: a scanned copy of each of the following documents:

  • Extracts from the Standard Form of Building Contract (SFBC) evidencing the:

Project name/details; Parties to the contract; Contract date/date of agreement; Date of possession (if relevant); Project signatories ; Details of the works and parties to the contract; and A copy of the Appendix to the Contract showing the date of site possession; and A copy of the Notice of Detailed Planning Permission (also known as the Decision Notice) from the relevant local planning authority; or Other confirmation evidence as agreed with the Operating Area.

PCF grant claim: a scanned copy of one of the following documents:

  • Practical completion certificate (or similar) from the professional named in the Building Contract as the employer’s contract administrator; or
  • Other confirmation evidence as agreed with the Operating Area. On conclusion of the checks, the Independent Auditor submits their findings on the Compliance Audit system. This should take place within six weeks of the commencement of the audit and before the long stop date. The system then concurrently notifies the provider and the HCA Lead Auditor that the findings are available to view. Under no circumstances should the Independent Auditor share their findings with the provider prior to submission, in any form.

The individual performance of providers is one of the considerations of pre-qualification for future funding. Therefore the impact of the Independent Auditor not submitting their findings by the due date may find reflection in an adverse performance assessment.

Reporting and breaches

The HCA Lead Auditor reviews the Independent Auditor findings and records the ones he/she decides are ‘breaches’ on the Compliance Audit system, which then compiles the provider’s HCA Compliance Audit report. Breaches are used as the basis for awarding grades to Providers. Grades may also be supported by recommendations and requests for further information. Any grade awarded should not be read alone but in the context of comments.

From the date of the Independent Auditor submitting audit findings to the HCA Lead Auditor and the provider (via the Compliance Audit System), providers are notified by the system and have 10 working days to submit a response on the Compliance Audit system, if necessary, setting out the reasons for any identified findings and any corrective measures being undertaken.

The HCA Lead Auditor considers the results of the Independent Auditor’s factual assessment and decides on behalf of the HCA whether public funds have been used for the intended purposes and in line with policies and procedures.

NB: If the provider fails to respond within the 10 working day limit, the Agency will form an opinion based solely upon the Independent Auditor findings without any mitigating considerations. The HCA Lead Auditor then drafts a judgment for inclusion in the HCA audit report, recording the number of breaches identified, the reasons for them and their severity. This allows the areas of non-compliance and the remedial action required to be set out.

The Agency will issue the Compliance Audit Report via the Compliance Audit system, usually by the end of Q1 of the following audit year, to both the provider and, where applicable, their lead partner.

Provider grading

The Compliance Audit Report awards providers a red, amber or green grade based on the number and severity of breaches recorded.

Provider grades defined below may also be accompanied by further recommendations and contextual detail. Grades should be read in the context of comments.

Green grade: The Provider meets requirements.

  • Through identifying no high or medium breaches, the HCA Audit Report will show that the Provider has a satisfactory overall performance, but may identify areas where minor improvements are required.

Amber grade: There is some failure of the Provider to meet requirements

  • Through identifying one or more high or medium breaches, the HCA Audit Report will show that the Provider has failed to meet some requirements, but has not misapplied public money. The Provider will be expected to correct identified problem(s) in future schemes and current developments.

Red grade: There is serious failure of the Provider to meet requirements

  • Through identifying one or more high level breaches, the HCA Audit Report will show that the Provider has failed to meet some requirements and there has been a risk of misapplication of public funds.

Breach severity and impact on grades

The breaches list, available on the Compliance Audit documents page, is a list of common breaches with their associated levels. This is to promote clarity and consistency of reporting. The list is not exhaustive.

Not all breaches apply to all funding programmes. The HCA will adjust or update the published breaches list as necessary.

When grading providers, the HCA Lead Auditor will consider the number of breaches and their severity, together with the information and evidence available at the time of writing.

Sanctions/reclaiming grant

As set out in the CFG, under funding conditions and contract agreements the HCA has the power to reclaim grant (in part or in whole), and/or apply interest.

Fraudulent behaviour

CA is not a first line of defense against fraudulent behaviour but occasionally behaviour of this type is identified during audits. If an Independent Auditor becomes aware of potentially fraudulent behaviour during the audit year or whilst the audit is being undertaken, they should take steps immediately to notify the HCA Lead Auditor who in turn will notify the relevant HCA contacts.

Compliance Audit annual timeline

Step Action Time of year
1 Providers with eligible schemes have schemes selected for audit and are notified of inclusion in the current year audit programme, with approximate number and type of schemes to be audited, by HCA Lead Auditor April – June
2 Provider appoints and agrees audit dates with independent auditor. Provider confirms audit visit dates and name of appointed Independent Auditor in Compliance Audit system June/July
3 Provider and Independent Auditor training July - September
4 IA submits findings; Compliance Audit system concurrently notifies HCA Lead Auditor and provider of Independent Auditor submission. Provider has 10 working days to respond to HCA Lead Auditor on the CA system, addressing the Independent Auditor’s findings July - October
5 HCA Lead Auditors compile and prepares HCA audit reports using Compliance Audit system (July - October)
6 HCA Moderation process January - February
7 HCA Lead Auditor issues advance copy of HCA audit report to provider’s Compliance Audit lead, development director and chief executive via CA system May
8 HCA Lead Auditor issues the audit report to provider’s Board Chair, copying in Partnership/Consortium Lead Partner five days after issue of advance copy May

Waivers and variations


For schemes funded under the AHP 2011 to 2015, a waiver is required when a scheme does not meet the minimum requirements under the Design and Quality Standards. Waivers should have been processed at firm (scheme approval) stage, or requested by providers as soon as non-compliance with the minimum standards was identified as waivers cannot be awarded retrospectively. For schemes funded under the AHP 2015 to 2018 and the SOAHP 2016 to 2021, the Design and Quality Standards no longer apply.


A change in contractually agreed standards and completion is a variation, not a waiver, (as long as any minimum mandatory standards are met). Any variation should be discussed with the area team before approval, and then dealt with as part of normal investment processing on IMS.

Shadow Audits

Shadow audits are observations by an HCA Lead Auditor of Independent Auditor’s (IA) conducting compliance audit. They are the means by which the risk of poor quality audits is managed. Each HCA operating area will select at least two IAs for shadow audit per audit year, focusing in particular on:

  • New / inexperienced IAs
  • IAs who have not undergone a shadow audit in the recent past
  • IAs where previous performance issues or concerns have been identified.

At the end of the audit year, Lead Auditors will identify, as part of the CA judgment, where a shadow audit has been completed and include a separate shadow audit comment which will appear in the final compliance audit report sent to providers.

Published 23 August 2012
Last updated 13 July 2017 + show all updates
  1. Amended text and replaced documents.
  2. amends to summary
  3. Revised documents added.
  4. First published.