As funding pressures continue, the need to make savings means local authorities now outsource an ever wider range of activity, from IT, finance and HR functions to legal services, management of social housing and environmental health.
The advantages can be substantial. Authorities can gain more technical expertise, cut down administrative work and get better value for money. These benefits, however, can only be realised if outsourcing arrangements are designed and managed effectively, with proper assessment and control over the risks.
Unfortunately, there is an assumption that outsourcing the service also outsources the risk. This is not the case; failing to plan for outsourcing risks can result in service failures, delays in the implementation of new projects and significant additional costs. These problems leave taxpayers and service users feeling let down. If a supplier fails to deliver on time, or delivers inadequate services, both the commissioning body and the outsourcer can end up under attack and local community confidence in them is damaged.
Examples of systemic failures in outsourcing are plentiful across the public sector, with IT projects a particular problem area. The NHS database system, Connecting for Health, was notoriously abandoned in 2011 at a cost of £10bn following failed outsourcing to a technology consultancy. Several local authorities have experienced similar issues with IT and communications projects.
Local government bodies must learn from past experience. This is where internal audit has an increasingly important role to play. Internal auditors provide independent assurance that local authorities’ risk management, governance and internal control processes are operating effectively.
It is our view that councils should not approve strategically important outsourcing projects without first getting full assurance from their internal audit teams that the potential risks have been properly considered and effective controls are in place.
Internal auditors can review the supplier selection process and assess whether the organisation has adequate and effective policies and procedures for tendering. They also have a key part to play in contract management, ensuring the right performance management systems are in place.
It is important to get internal audit involved as early on in the process as possible; they can assist by reviewing the process by which a decision was taken to seek a service externally. This could have a bearing on whether an outsourcing should proceed. It is also vital to keep tabs on outsourcing risks once contracts are up and running. Too often, ‘right to audit’ clauses that allow their oversight are not actually used.
We hope that our report, Outsourcing and the Role of Internal Audit, will help local authority internal audit teams to make sure that outsourcing helps, not hinder the delivery of high quality public services.
Ian Peters, chief executive, Chartered Institute of Internal Auditors