Housing – guidance

Compliance Audit

Compliance Audit applies to organisations receiving funding from the HCA to ensure that policies, funding conditions and procedures are followed.

Compliance Audit

The Annual Compliance Audit (CA) Programme provides assurance that organisations receiving grant (providers) have met all the Homes and Communities Agency’s requirements and funding conditions, and that providers have properly exercised their responsibilities as set out in the Capital Funding Guide

Policy, procedures and guidance

All HCA funding requirements for providers are set out the Capital Funding Guide (CFG) together with the relevant contract or agreement and funding conditions. Depending on the funding programme, the following documents may also be applicable:

Contracts

Design Quality Standards

  • Design and Quality Standards, April 2007 – AHP 2011 to 2015 and NAHP 2008 to 2011
  • AHP 2015 to 2018 prospectus, standards guidance / FAQs

Programme guidance

Policies and procedures may change with the funding programme, therefore providers and IAs must satisfy themselves that they are referring to the policy and procedures current at the time.

Compliance Audit guidance

The compliance audit procedural requirements are set out in Chapter 2 of the Capital Funding Guide, on 2015 to 2018 Affordable Homes Programme Management. Section 6 of this chapter covers the current reporting and audit requirements for all programmes, including Standardised Terms of Engagement for Independent Auditors.

Compliance Audit checklists, the breach list and related documents can be downloaded from the CA documents page.

Audit document file

Providers must maintain a comprehensive scheme file that contains all relevant documents for Compliance Audit purposes. Phased schemes should be identified separately on documentation. The following list is indicative of the types of documents which will be examined. It is not intended to be a comprehensive listing.

Shared ownership, Affordable Rent and Social Rent schemes:

Valuation report for the site/property acquired. The report should:

  • take account of all the relevant factors affecting the site/property and its development;
  • carry the valuer’s original signature;
  • clearly identify the site/property which is the subject of the valuation on an accompanying plan endorsed by the valuer; and
  • be valid at the date of exchange of purchase contracts;
  • where the vendor is a local authority - a letter from the local authority endorsing valuation
  • confirmation from provider’s solicitors of the dates of exchange of purchase contracts and of completion, the purchase price paid and a comprehensive report on title (except works only schemes);
  • documentary evidence to indicate that the procurement arrangements used agree with arrangements and procedures approved by the provider’s governing body;
  • where providers are receiving any other subsidy they must maintain a funding profile on file showing that grant is not being received in respect of costs subsidised by any other body;
  • where capital contributions to the scheme from other sources, including other public sources, are involved, confirmation of the amounts on offer and the sources of funding should be retained, including any correspondence with the third party (parties);
  • for schemes subject to s106 agreements - full details of off-site works required by vendor or obligations imposed by the local authority;
  • for schemes subject to s106 agreements - detailed estimated costs associated with s106 works;
  • surveys, drawings, specifications, specialist and other consultants’ reports;
  • terms of appointment of consultants;
  • evidence of the basis of selection of consultants and building contractor;
  • copies of the building contract document and final account documentation;
  • planning permissions, building regulations approval and any other statutory consents;
  • details of the insurance of the property during construction and following completion;
  • sale valuations (sale schemes only);
  • details of prospective rents documented on the provider’s development files;
  • certificate of Practical Completion (including where partial possession is appropriate provided that all the units have been handed over leaving only external works to be completed);
  • for major site development works and VAT - final certificate/account in respect of the pre works and VAT certificates equating to the actual works costs above NB: these figures must together equate to the actual works cost element included in the final costs statement mentioned above;
  • consultant’s estimate of final works costs and, where appropriate (Design and Build and Package Deals, etc.) a separate estimate of the non-works elements, e.g. on costs;
  • latest interim certificate showing actual costs to date;
  • rural repurchase - record of surpluses made on staircasing transactions;
  • for charitable providers that have claimed grant to cover VAT - a letter from Customs & Excise or the registered provider’s professional adviser confirming that the supply cannot be zero rated;
  • since October 2014 there is no longer a requirement to collect Tender Price Index of Social Housing data

In addition, for:

Schemes for rent:

  • details of rents, including housing benefit eligible service charges

Schemes for shared ownership:

  • a property schedule showing addresses, floor areas, and valuations for the completed properties, together with actual rents and housing benefit eligible service charges;
  • sales valuations;
  • copies of leases

Affordable and Social Rent schemes where the vendor is a public body offering Other Public Subsidy in the form of discounted land:

To confirm the amount of Other Public Subsidy that the provider may have received, both of the following must be kept on file by the provider for Compliance Audit purposes:

  • a copy of the Market Value valuation provided by a qualified independent valuer, either obtained by the Local Authority or commissioned by the provider;
  • a letter from the public body stating that it endorses the valuation

The Compliance Audit system

Commencing in the 2016 to 2017 audit year, the HCA will manage the annual CA programme using a web-based IT system (the CA System). Registered uses can access the CA system.

The system is accessible to HCA staff such as HCA lead auditors, and non-HCA staff such as providers and their appointed IAs. It provides a communication platform including alerts to participants, tracks programme delivery and records annual audit findings and outcomes.

External users of CA will be set up by the IMS Primary Security Administrator (PSA) of the provider and will be required to log in with username and password.

Audit and set up and independent auditor reporting

The audit year runs from 1 April to 31 March. Scheme sample selection will take place early in the audit year, following which HCA Lead Auditors will notify providers of their selection, and inform them of the indicative number and type of schemes in their sample to assist with Independent Auditor procurement.

Audit appointment

Providers must engage an IA in line with published guidance in Chapter 2 of the Capital Funding Guide, using the standardised form of appointment published there. Procedural Compliance Audits are expected to be carried out over a 3 to 4 month period (most likely between July and November) and before the Long Stop Date which will be set each year by the HCA. Providers must confirm their IA appointment, audit dates and contact details on the CA system. The system automatically notifies providers and appointed IAs of the schemes selected for audit four weeks before the audit is scheduled to commence.

Annual IA and Provider seminars and training

Each year over the summer period, the HCA organises a number of CA update seminars for providers and IAs, to update them on changes to policy and procedure and to disseminate good practice. All providers being audited and their IAs, particularly those new to the audit process, will be expected to attend an HCA scheduled training event.

Audit process

During the audit, the IA checks each scheme for compliance using questions from HCA published checklists, dependent on funding programmer and scheme type. The CA system automatically selects the correct set of questions for each scheme. The IA reviews scheme information contained on file and HCA’s Investment Management System (IMS). The IA completes the relevant CA system question templates, setting out any ‘findings’ against published HCA policy and procedures.

A ‘finding’ could mean that the IA has deemed that a question is not applicable to the type of scheme being audited, allowing the HCA lead auditor to confirm whether he/she agrees. Equally a ‘finding’ could indicate a problem for further consideration using evidence provided by the IA and the provider.

Independent Auditors may also upload documentary evidence in support of their responses to checklist questions on to the CA System. For grant claims for Rent/Sale scheme types, the evidence set out below is required to be uploaded on to the CA System:

SOS grant claim: a scanned copy of each of the following documents:

Extracts from the Standard Form of Building Contract (SFBC) evidencing the:

  • project name/details;
  • parties to the contract;
  • contract date/date of agreement;
  • date of possession (if relevant);
  • project signatories ;
  • details of the works and parties to the contract; and
  • a copy of the Appendix to the Contract showing the date of site possession; and
  • a copy of the Notice of Detailed Planning Permission (also known as the Decision Notice) from the relevant local planning authority;
  • other confirmation evidence as agreed with the Operating Area

PCF grant claim: a scanned copy of one of the following documents:

  • practical completion certificate (or similar) from the professional named in the Building Contract as the employer’s contract administrator;
  • other confirmation evidence as agreed with the Operating Area

On conclusion of the checks, the IA submits their findings on the CA system – this should take place within 6 weeks of the commencement of the audit and before the long stop date. The system then concurrently notifies the provider and the HCA lead auditor that the findings are available to view. Under no circumstances should the independent auditor share their findings with the provider prior to submission, in any form.

The individual performance of providers is one of the considerations of pre-qualification for future funding. Therefore the impact of the independent auditor not submitting their findings by the due date may find reflection in an adverse performance assessment.

Reporting and breaches

The HCA lead auditor reviews the IA findings and records the ones he/she decides are ‘breaches’ on the CA system, which then compiles the provider’s HCA compliance audit report. Breaches are used as the basis for awarding grades to providers. Grades may also be supported by recommendations and requests for further information. Any grade awarded should not be read alone but in the context of comments.

From the date of notification of the IA findings to the HCA lead auditor and the provider, providers have 10 working days to submit an initial response on the CA system, if necessary, setting out the reasons for any identified findings and any corrective measures being undertaken.

The HCA lead auditor considers the results of the IA’s factual assessment and decides on behalf of the HCA whether public funds have been used for the intended purposes and in line with policies and procedures.

NB: If the provider fails to respond within the 10 working day limit, the Agency will form an opinion based solely upon the independent auditor findings without any mitigating considerations.

The HCA lead auditor then drafts a judgment for inclusion in the HCA audit report, recording the number of breaches identified, the reasons for them and their ‘level’. This allows the areas of non-compliance and the remedial action required to be set out.

The Agency will issue the Compliance Audit Report (CAR) via the CA System, usually by the end of Q1 of the following audit year, to both the provider and, where applicable, their lead partner.

Provider grading

The CAR awards providers a red, amber or green grade based on the number and severity of breaches recorded.

Provider grades defined below may also be accompanied by further recommendations and contextual detail. Grades should be read in the context of comments.

Green grade: The provider meets requirements.

  • Through identifying no high or medium breaches, the HCA audit report will show that the provider has a satisfactory overall performance, but may identify areas where minor improvements are required.

Amber grade: There is some failure of the provider to meet requirements

  • Through identifying one or more high or medium breaches, the HCA audit report will show that the provider has failed to meet some requirements, but has not misapplied public money. The provider will be expected to correct identified problem(s) in future schemes and current developments.

Red grade: There is serious failure of the provider to meet requirements

  • Through identifying one or more high level breaches, the HCA audit report will show that the provider has failed to meet some requirements and there has been a risk of misapplication of public funds.

Breach levels and impact on grades

The breaches list, available on the CA documents page, is a list of common breaches with their associated levels. This is to promote clarity and consistency of reporting. The list is not exhaustive.

Not all breaches apply to all funding programmes. The HCA will adjust or update the published breaches list as necessary.

When grading providers, the HCA lead auditor will consider the number of breaches and their level, together with the information and evidence available at the time of writing.

Sanctions/reclaiming grant

As set out in the Capital Funding Guide, under funding conditions and contract agreements the HCA has the power to reclaim grant (in part or in whole), or apply interest.

Fraudulent behaviour

CA is not a first line of defense against fraudulent behaviour but occasionally behaviour of this type is identified during audits. If an IA becomes aware of potentially fraudulent behaviour during the audit year or whilst the audit is being undertaken, they should take steps immediately to notify the HCA lead auditor who in turn will notify the relevant HCA contacts.

Compliance Audit annual timeline

Step Action Time of year
1 Providers with eligible schemes have schemes selected for audit and are notified of inclusion in the current year audit programme, with approximate number and type of schemes to be audited, by HCA lead auditor April – June
2 Provider appoints and agrees audit dates with independent auditor. Provider confirms audit visit dates and name of appointed IA in CA system June/July
3 Provider and IA training July - September
4 CA system notifies provider and IA of scheme sample 4 weeks prior to the first audit visit July onward
5 IA submits findings; CA system concurrently notifies HCA lead auditor and provider of IA submission. Provider has 10 working days to respond to HCA lead auditor on the CA system, addressing the IA’s findings by end of November (or as requested by operating area)
6 HCA Lead Auditors compile and prepares HCA audit reports using CA system January - February (earlier when possible)
7 HCA Moderation process February - March
8 HCA Lead Auditor issues advance copy of HCA audit report to provider’s development director and chief executive via CA system, and copying in partnership / consortium lead provider development director and chief executive May
9 HCA Lead Auditor issues the audit report to provider copying in partnership / consortium lead provider five days after submission of advance copy - (development director, chief executive and board chair) May

Waivers and variations guidance

Waivers

A waiver is required when a scheme does not meet the minimum requirements under the Design and Quality Standards. For schemes funded under Affordable Homes Programmes post the 2011 to 2015 AHP, the Design and Quality Standards no longer apply. Waivers should have been processed at firm (scheme approval) stage, or requested by providers as soon as non-compliance with the minimum standards was identified as waivers cannot be awarded retrospectively.

Variations

A change or drop in standards between firm (scheme approval) stage and completion is a variation, not a waiver, as long as minimum standards are met. Any variation should be discussed with area design managers before approval, and then dealt with as part of normal investment processing on IMS.

Shadow Audits

Shadow audits are observations by an HCA lead auditor of IAs conducting compliance audit. They are the means by which the risk of poor quality audits is managed. Each HCA operating area will select at least 2 IAs for shadow audit per audit year, focusing in particular on:

  • new / inexperienced IAs
  • IAs who have not undergone a shadow audit in the recent past
  • IAs where previous performance issues or concerns have been identified

At the end of the audit year, lead auditors will identify, as part of the CA judgment, where a shadow audit has been completed and include a separate shadow audit comment which will appear in the final compliance audit report sent to providers.

Quality Assessments

Quality Assessments sit outside the main Compliance Audit process. Their purpose is to monitor provider performance in terms of quality and resident satisfaction, measure the impact of previous investment decisions and to inform future investment strategy. The number of schemes selected for review is determined by the HCA Operating Area, and will not necessarily be schemes selected for Compliance Audit. However, if procedural findings come to light during the quality assessment for a scheme which has been selected for audit, those findings will be included for consideration within the Compliance Audit Report.