1.1

This report details the internal audit review of procedures, controls and the management of risk in relation to health and safety (including lone working).  The audit has been undertaken in accordance with the 2022/23 internal audit plan agreed with the joint audit and governance committee of South Oxfordshire District Council (South) and Vale of White Horse District Council (Vale).  The audit has a priority score of 16.  The audit approach is provided in the audit framework in Appendix 1.

1.2

The following objective areas have been covered during the course of this review:

2.1

Health and safety was last subject to an internal audit review in September 2017. Four joint recommendations were raised and agreed, and a satisfactory assurance opinion was issued. Two recommendations have been implemented, one recommendation is no longer applicable, and one recommendation is restated in this review (Rec 1).

2.2

Lone working was last subject to an internal audit review in December 2020. 12 joint recommendations were raised and agreed, and a satisfactory assurance opinion was issued. Six recommendations have been implemented, four recommendations are no longer applicable, and two recommendations are restated in this review (Recs 15 and 16).

3.1

Limited assurance: There are some weaknesses in the adequacy of the internal control system which put the system objectives at risk and/or the level of non-compliance puts some of the system objectives at risk.

3.2

18 joint recommendations have been raised in this review.  Seven high risk, five medium risk and six low risk. A summary of the recommendations raised in the report are as follows:

4.1

The major UK legislation relating to health and safety practices at work for all organisations is The Health and Safety at Work Act 1974 (HASAWA) and The Management of Health and Safety at Work Regulations 1999 (MHSWR, otherwise known as The Management Regs). These two pieces of legislation set the standards for occupational health and safety in the UK workplace and set out general duties which:

·         employers have towards employees and members of the public;

·         employees have to themselves and to each other; and

·         certain self-employed have towards themselves and others.

4.2

In addition, there are secondary pieces of health and safety legislation which are more specific and cover a range of subjects. Together these form the legal framework for health and safety in the workplace. UK Health and Safety legislation includes:

·         Health and Safety at Work etc Act 1974

·         Management of Health and Safety at Work Regulations 1999

·         Workplace (Health, Safety and Welfare) Regulations 1992

·         The Health and Safety (Display Screen Equipment) Regulations 1992

·         The Manual Handling Operations Regulations 1992 amended 2002

·         The Regulatory Reform (Fire Safety) Order 2005

·           RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995)

·         The Personal Protective Equipment at Work Regulations 1992

·         COSHH (Control of Substances Hazardous to Health) 2002

·         The Provision and Use of Work Equipment Regulations 1998 (PUWER)

·         The Working Time Regulations 1998

4.3

The Health and Safety Executive (HSE) is the national regulator for workplace health and safety in the UK. Under health and safety law, as an employer, you have a responsibility to protect workers and others from risk to their health and safety.  Health and safety law is mostly enforced by the HSE or the local authority. Responsibility for enforcement depends on the type of workplace.

4.4

Since September 2021, following changes to the organisational structure, the health and safety team reports to the people and culture team (previously to assurance), within corporate services. This was to drive and support a cultural change across the organisation to raise awareness of health and safety management responsibilities.

4.5

The corporate health and safety team consists of one health and safety advisor, with the senior health and safety advisor post remaining vacant, following the departure of the previous incumbent.

5.1

Obj1: Policies and procedures

5.1.1

The law states that every business must have a policy for managing health and safety. On 1 January 2022, a new overarching corporate health and safety policy was implemented, following consultation with UNISON and approval of the strategic management team (SMT). The policy is scheduled for review every three years, with the next review due on 1 January 2025. A new health and safety policy review process document has also been developed to support the policy.

5.1.2

The health and safety policy includes a statement of intent, signed by the chief executive, who ultimately holds the highest level of responsibility and authority relating to health and safety practices. The policy states the chief executive assumes the role of the councils’ safety director. We are satisfied that the health and safety policy complies with HSE guidance in documenting a formal organisational health and safety policy.

5.1.3

In addition to the corporate health and safety policy, there are 45 health and safety policies and procedures. The health and safety advisor is undertaking a review of all historic health and safety policies and procedures, which can be found on Jarvis, general drives, and individual service team drives. As of October 2022, five polices had been updated and republished and review of four policies were in progress. It is expected that the revised policies will be published on the online learning management system, Learning Education Achievement Hub (LEAH), where officers can formally declare that they have read the document (via an electronic tick box).

5.1.4

Most council health and safety policies contain a standard three-yearly review period unless there is a change in legislation. As of October 2022, a total of 20 polices are published on the Jarvis health and safety polices page, of which, 18 (90%) policies are overdue for review. Of the overdue policies, most contain outdated statements, including legacy suppliers, service providers and contact/reporting information. In addition, six polices were not published on Jarvis, although active webpage links were present on individual service team pages.

5.1.5

In accordance with The Health and Safety at Work Act 1974, Sections 2(6) requires every employer to consult with all staff on matters involving health and safety. The Health and Safety (Consultation with Employees) Regulations 1996 provides employees with the right to be consulted over matters concerning their health and safety at work. Guidance on the HSE website states that employers should consult with employees and review and revise the health and safety policy regularly.

5.1.6

Corporately, this can be demonstrated by the review and consultation process in place with UNISON (a legal requirement for all health and safety related policies) and SMT. In addition, there are plans to introduce a corporate health and safety champion forum, which aims to raise awareness of health and safety management. As of November 2022, the forum is approved in principle by UNISON and SMT but not yet launched.

5.1.7

In 2019, the councils appointed an external consultant to conduct a strategic health and safety review. The review produced an action plan comprising 51 action points (17 high risk, 27 medium risk and seven low risk) across six key control areas. In January 2021, performance and half yearly progress against the action plan was presented to the Joint Audit and Governance Committee (JAGC). The action plan was last reviewed in April 2021 by the former senior health and safety advisor. Our review found that 12 actions (24%) have been completed, 16 (32%) are ongoing, 15 (29%) are not yet started, and eight (15%) require further consultation with key stakeholders. Due to the vacant post, the health and safety team have not made as much progress against report actions as planned; however, updates on key actions have been reported to SMT and JAGC within health and safety progress reports.

5.1.8

Area assurance: Limited

Three recommendations have been made as a result of our work in this area (Recs 1 to 3).

5.2

Obj2: Training and guidance

5.2.1

Under the Health and Safety at Work Act 1974 (HASAWA), as an employer, you must protect your workers and others from getting hurt or ill through work. The Management of Health and Safety at Work Regulations (MHSWR) state employers also need to provide clear information and training to employees. HSE guidance states everyone who works for you needs to know how to work safely and without risk to their health.

5.2.2

As reported within the recent learning and development 2021/22 audit, a project is underway to update the HR induction programme, which will be launched in November 2022, following SMT approval. Part of the project is to develop an induction template for use by new employees and service managers to monitor completion of mandatory and role specific training and review of council polices.

5.2.3

The induction checklist document contains health and safety policy and training requirements and provides information to new starters, whether their role is office based or remote. It is the line manager’s responsibility to identify and monitor completion of mandatory and role specific training within the six-month probation period. There is no requirement for officers to undertake regular refresher training of the mandatory health and safety training modules.

5.2.4

We reviewed a sample of 20 new starters to confirm whether mandatory health and safety training had been completed within the six-month probation period. Our review demonstrated a general lack of compliance by new starters, and lack of monitoring by line managers (i.e., non-completion of mandatory and role specific officer and manager training, within the probation period). 

5.2.5

Although elected members are not considered council employees (as such are not required to complete mandatory health and safety training), safety procedures should be in place, including a site induction/walkaround as a minimum. Members are taken on a tour of council offices and buildings and are advised of the evacuation procedures within their initial induction programme (last conducted following the May 2019 elections). Following the office move to Abbey House in October 2022, a ‘Guide to Abbey House’ and fire safety guidance has been published on Jarvis. Work is underway to update the councillor induction programme, in time for the elections in May 2023.

5.2.6

Contractors and agency staff are not required to complete mandatory health and safety training on LEAH. They fall outside of the HR onboarding and induction process, as they are not directly employed by the councils.

5.2.7

A corporate health and safety training programme plan is in place; however, further work is required to establish training gaps across high risk, key operational service roles, to ensure officers have received training specific to their role, which complies with the legislative standard. The health and safety team are developing a master health and safety training matrix (excel document) which records both completed, and required, health and safety training by employee and by role, across all services. The aim of training matrix is to ensure that role specific training is identified and completed and will require cross-service collaboration to define training requirements (e.g., property, technical and environmental services, and licensing and community safety). Once the training matrix is embedded, a next step may be to review the delivery and monitoring of external health and safety training across the service teams, to ensure there is a consistent approach across the organisation.

5.2.8

As stated within objective 1, there is a project underway to review and update health and safety policies and procedures across all council services. This includes guidance notes in relation to health and safety practices.  Per the policy review process document, there are 77 guidance notes and forms containing health and safety related information published on Jarvis. Of these 77 documents, 52 (68%) are undated, 23 (29%) were created in 2018 and two (3%) are dated 2017 and 2011 respectively. These documents need to be reviewed and updated in line with the ongoing policy and procedures project, to ensure they align to operational activities and legislation.

5.2.9

Area assurance: Limited

Two recommendations have been made as a result of our work in this area (Recs 4 and 5).

5.3

Obj3: Incident reporting

5.3.1

By law organisations must report certain workplace injuries, near-misses, and cases of work-related disease and deaths to HSE. This duty is under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations, known as RIDDOR. Keeping records of incidents helps to identify patterns of accidents and injuries, which can better assess and manage risk in the workplace.

5.3.2

The incident reporting and investigation policy must be reviewed at least every three years, or when circumstances dictate. The current version published on Jarvis is overdue for review (last issued April 2018). Our review found outdated information, including the HR provider, training requirements, and induction programme.

5.3.3

In May 2022, a dedicated email address was created to make it easier for officers to report health and safety incidents, which is monitored by the health and safety team. The mailbox has been set up to receive automatic notifications when an entry is made on the risk premises register and personal threat register in relation to a violent or abusive threat to officers. As of November 2022, the incident mailbox and reporting process had not been officially launched due to operational issues within Jarvis.

5.3.4

Incident statistics are recorded on a master incident log (excel spreadsheet) that keeps a rolling record of incidents across the organisation.  The manual log results in increased administrative effort in collating supporting records and forms. The health and safety report submitted to SMT in May 2022 identified the benefits of developing an online self-serve incident reporting system, stating it remains a core service objective; however, it is on hold due to resource and time constraints.

5.3.5

Incident management performance is reported to SMT every month via the health and safety update, and to the Joint Audit and Governance Committee (JAGC) twice yearly.

5.3.6

The latest incident reporting figures, for the period 2019 to 27 June 2022

showed there has been a positive increase (333%) in the number of incidents reported from 2019 (nine reported incidents) to 2021 (39 reported incidents). It is noted that 2022 data was reporting over a six-month period at the time of review. The greatest increase being in the number of near misses reported, up 466% between 2019 (three reported) to 2021 (17 reported). This may be due, in part, to Covid-19 restrictions easing and more services reopening, but may also indicate greater awareness and management of incident reporting across service teams. However, the total number of incidents generally being reported remains low for the size of the organisation.

5.3.7

There has been an increase in incidents involving property damage and abuse/threats to individuals, based on year-on-year performance values. This is acknowledged within the May 2022 health and safety SMT report, where notable actions include personal safety and conflict management training being provided to officers in frontline roles. In addition, the councils are taking action to ensure suitable security measures are in place at the new office (Abbey House) and have also retained the services of the ‘LoneAlert’ monitoring system for another year.

5.3.8

In accordance with RIDDOR (regulations 4 - 6) the organisation is responsible for reporting injuries to the enforcing authority (HSE) when the injury results from a work-related accident, in line with the reporting procedure. RIDDOR reported incidents are recorded on the master Incident log and are reported to both SMT and JAGC within the general performance statistics.

5.3.9

As of October 2022, there have been three RIDDOR reportable incidents since 2019 (two employee related and one member of the public). All three incidents were reported to HSE outside of the required reporting timescales. This was due to delays in initial reporting by officers to the health and safety team, further incident investigations by the health and safety team and complications in obtaining personal information from individuals involved. Although the incidents were reported late to the HSE, internal audit is satisfied that the required information has been submitted for the three incidents and that the HSE have made no further requests for information.

5.3.10

Area assurance: Satisfactory

Two recommendations have been made as a result of our work in this area (Recs 6 and 7).

5.4

Obj4: Risk management and compliance

5.4.1

The risk assessment management system and control policy was last updated in May 2018 and is overdue for review (required every 3 years). Supporting guidance on why the councils need a risk management process, and examples of generic risk assessment documents and safe systems of work are published on Jarvis; however, a number of these documents are outdated and require review.

5.4.2

The health and safety policy states that the responsibility to assess risk lies with service managers and team leaders, who must ensure that risk assessments and safe systems of work relating to activities under their supervision are produced, properly communicated, and fully implemented. The policy also states that all staff required to carry out risk assessments will be trained in the councils’ health and safety risk assessment procedures. However, risk assessment training is not provided to officers.

5.4.3

We reviewed a sample of service teams to confirm whether risk assessments have been completed, focusing on high-risk operations and locations (e.g., Abbey House, environmental health, grounds and parks maintenance). From our review of seven service teams, three risk assessments had not been performed and two risk assessments were overdue for review. Risk assessment documentation and review frequency is inconsistent across service teams; however, the risk rating matrix (to identify the risk rating number) is used consistently across risk assessment documentation. In addition, there is no guidance on Jarvis to support officers in conducting risk assessments for employees under the age of 18, to ensure compliance with health and safety law. Risk assessment documentation is held by service teams as there is no centralised repository for health and safety risk assessments.

5.4.4

HSE guidance states that checking that you are managing risks in your organisation is vital. Checking involves setting up an effective monitoring system, backed up with sensible performance measures. This includes routine inspections of premises, plant, and equipment by staff, health surveillance to prevent harm to health, and planned function check regimes for key pieces of plant.

5.4.5

The health and safety policy states that the councils will monitor the implementation and effectiveness of these arrangements and the safety performance of the councils:

·         The councils will develop and implement a health and safety management system following the health and safety executive’s guidance.

·         The councils’ equipment, buildings, structures, and other areas will be inspected and maintained in line with statutory requirements and the councils’ inspection procedures.

·         At each location, safety performance standards will be monitored by way of safety inspections, audits, and reviews.

·         The health and safety advisor, or their appointed representative, will audit various services on a three-year cycle.

5.4.6

As noted in our recent property compliance management 2021/22 audit, all council assets are due to receive an inspection over the course of the next two years (to July 2023), in line with the property inspections schedule. Property inspections are undertaken by the property assets team, who check onsite condition, incorporating some safety elements. We were informed that the health and safety team have no visibility of the property inspections template and checks conducted by the property assets team, which is recommended to ensure that health and safety legislative requirements are met. The health and safety team plan to conduct their own independent checks on property inspections, service functions, and site records once the vacant post is filled.

5.4.7

Area assurance: Limited

Two recommendations have been made as a result of our work in this area (Recs 8 and 9).

5.5

Obj5: Contractor management

5.5.1

Under the Construction (Design and Management) Regulations 2015 (CDM 2015) and requirements under the Health and Safety at Work Act 1974, organisations have a responsibility to ensure that suitable systems, guidance, and procedures are in place for the health and safety aspects of contractor management. HSE guidance advises this should identify all aspects of the work you want the contractor to do and the safety implications of the job. The level of risk will depend on the nature and complexity of the work, and you will need to satisfy yourself that the contractor you choose can do the job safely and without risks to health.

5.5.2

Guidance is published on Jarvis in relation to contractor management. Officers are reminded that the councils are not absolved of responsibility for health and safety matters by a contract and it is essential the councils do not incur health and safety risks when using external contractors. This involves selecting competent contractors and monitoring throughout the completion of works.

5.5.3

Procurement procedures provide guidance on health and safety considerations during the tender and award of contracts. Requirements include officers obtaining appropriate risk assessments and method statements (RAMS) for the specific works in question and ensuring suitable employers’ liability and public liability insurance is validated to specified (mandatory) levels of cover, prior to the commencement of works. All procurement documentation is under review by the procurement team and is ongoing, in line with updating the contract procedure rules (CPRs) and constitution as a wider project. We recommend the health and safety advisor consults on the revised documentation at this time, to ensure health and safety legislative requirements are met.

5.5.4

We reviewed a sample of eleven awarded contracts (seven joint, two South and two Vale) to determine whether the required supporting health and safety paperwork had been obtained and uploaded to the contracts register, per procurement requirements.

·         For seven contracts (64%), example copies of RAMS were not on the contracts register as part of the tender pack, and copies of employers and public liability insurance documents were not found for four contracts (36%).

·         Detailed (site specific) RAMS were not provided for generalised services for four contracts.

·         Employers and public liability Insurance certificates were not obtained for one contractor prior to the start of contract, were found to be expired prior to the award of a contract extension for a further contractor, and public liability certificates did not provide the minimum mandatory level of cover of £10m for two contractors, both stating liability coverage to £5m with no further mitigations documented.

5.5.5

Although there is no formal permit to work system in place at South and Vale, permits to work are often provided for high risk and/or hazardous contractor maintenance works, to ensure tasks are completed safely. In addition to a risk assessment and method statement, a permit to work is issued only to a particular person, at a specific time, authorising them to carry out work under strict controls. Experienced property and facilities officers are aware of when to implement a permit to work, however, as there is no formal permit to work process in place, there is a risk that this process may not be followed by less experienced officers, and/or service teams awarding contractor works that are unfamiliar with the process. Although not a legal requirement, HSE guidance describes the benefits of such systems being in place.

5.5.6

Area assurance: Limited

Three recommendations have been made as a result of our work in this area (Recs 10 to 12).

5.6

Obj6: Lone working (operational duties)

5.6.1

Lone working and lone workers are covered by the Health and Safety at Work Act 1974, The Management of Health and Safety at Work Regulations 1999 and by any legislation associated specific to the activity undertaken. Under this legislation, employers are required to perform a suitable and sufficient risk assessment of the lone working activity, with consideration to the workers physical and mental capabilities when deciding on who to assign the work.  In all circumstances when someone works alone, the risk is increased because of the reduced ability for the lone worker to call for help.

5.6.2

The councils’ and their employees have a legal duty to eliminate these hazards and reduce the risks associated with lone working, as much as reasonably practicable. This includes providing safe systems, a safe place of work, and suitable arrangements for employees' welfare.

5.6.3

A new lone working policy was approved by UNISON and SMT, effective 1 August 2022. The policy clearly states the purpose, aim, and roles and responsibilities for using the lone working monitoring system, LoneAlert. Additional supporting information and guidance on lone working is also published on Jarvis. An example lone working risk assessment is also available on Jarvis to support service teams in identifying risks and controls.

5.6.4

The software licence (contract) for the LoneAlert system was extended on 1 April 2022, for a further year: the contract is due for renewal in April 2023. The cost to use the system is £19,548 per annum, including VAT. The system is now managed by health and safety, having previously been managed by the assurance team.

5.6.5

We analysed annual system data for the period 2020/21 and 2021/22 (to 28 September 2022), and found that:

·         An average of 128 unique users have logged onto the system averaging 2,871 days of use.

·         An average of 5,747 unique timers have been set.

·         An average of 153 alerts have been registered per annum.

5.6.6

For alerts escalations, data showed the following:

The high percentage of false alarms registered against total alerts may indicate user training issues. We reviewed the LEAH training records and found that 17% of LoneAlert users were in the process/had read the revised lone working policy; and less than 1% of users had completed the LoneAlert training (for some officers, training may have been completed prior to moving to the LEAH system, however, this cannot be measured as training records were not retained).

5.6.7

Alert activations actioned by a head of service (and above) demonstrate there has been a breakdown in management alert monitoring, where calls have escalated to the next stage manager (and so on). We reviewed the system settings and found that the system hierarchy did not accurately reflect the latest organisational structure. We also reviewed the senior management escalation hierarchy which we found to be inaccurate.

5.6.8

The councils have two threat risk registers in place: a risk premises register and a personal threat risk register, both accessed via Jarvis. The risk premises register enables officers to record and share incidents of unacceptable behaviour or threats by a person, or attacks by dogs. It also allows employees/contractors to identify customers who may be potentially violent or premises with specific risks. The personal threat risk register enables officers to record and share incidents of unacceptable behaviour by a person who has no fixed abode or where the address is unknown.

5.6.9

The lone working policy and supporting guidance on Jarvis clearly advises officers to check both risk registers prior to any visit or receiving customers on the council premises, (unless the client is known), and if there is an entry on the registers, directions on how to proceed and what measures to take to reduce risks.

5.6.10

The lone working policy states that line managers should ensure that data is entered onto the correct register, notification letters are sent appropriately to offenders by the council, information about the risk is communicated to the relevant worker, and the data is reviewed annually and removed if no longer relevant. A new email address has been set up to ensure the health and safety team are notified of any new entry to both risk registers. These entries are then transferred to incident reports and tracked by the health and safety team and reported within monthly performance statistics.

5.6.11

We reviewed the risk premises register and identified 183 (133 South and 50 Vale) risk premises entries and 43 personal threat entries registered against individuals across both districts. We are satisfied that both registers are regularly updated; however, there is no formal requirement to inform health and safety on completion of an annual data review.

5.6.12

Area assurance: Limited

Four recommendations have been made as a result of our work in this area (Recs 13 to 16).

5.7

Obj7: Hybrid working

5.7.1

Under the Health and Safety at Work Act 1974, the councils have a duty to protect the health, safety, and welfare of employees. Most of the regulations under this act apply whether working on council premises, from home, or other locations. Under the same legislation, hybrid workers have a duty of care to protect themselves and others who may be harmed whilst carrying out the councils’ activities, wherever they happen to be working.

5.7.2

A hybrid and remote working policy was created and approved via consultation with UNISON and SMT on 1 August 2022. The policy states that hybrid workers should liaise with their line manager to ensure arrangements for remote working are appropriately assessed and work can be undertaken in a safe manner. This includes the requirement to complete a display screen equipment assessment (DSE) and acknowledgment that portable electrical equipment provided by the councils is subject to safety checks and tests. Hybrid/remote workers must ensure their equipment is properly registered with facilities and presented for testing by a competent person when requested.

5.7.3

In accordance with the DSE legislation, the councils are required to identify DSE users, perform a suitable and sufficient risk assessment of the workstation and put in place, so far as reasonably practicable, the controls required to reduce the associated risks. The DSE policy was updated to incorporate hybrid/remote working and the revised policy was implemented on 1 September 2022. To ensure DSE users have the information, training, and tools to work safely, the following is available:

·         DSE awareness training (via LEAH).

·         Online DSE assessment tool (via Jarvis).

·         Qualified DSE assessors (16 in place).

·         Free eyesight tests and cost towards glasses.

·         Access to onsite workstations.

5.7.4

We reviewed DSE assessment data since the introduction of home/remote working due to Covid-19 pandemic restrictions, imposed in March 2020 to date.

Our results showed that a total of 540 assessments have been conducted in the last three years (within the three-year reassessment cycle). A total of 476 (88%) assessments have been completed by officers in their home environment and 64 (11%) assessments based on office conditions. Since there are 536 council employees (South and Vale), we are satisfied that the current controls and completion rates indicate an adequate system is in place for DSE assessments.

5.7.5

Safety checks and/or testing by a competent person are not carried out on council provided portable electrical equipment being used by officers in a home/remote environment. HSE guidance states the law simply requires an employer to ensure that their electrical equipment is maintained to prevent danger. It does not say how this should be done, or how often. An effective maintenance regime gives employers confidence that they are doing what is necessary to help them meet their legal duties.

5.7.6

Area assurance: Substantial

One recommendation has been made as a result of our work in this area (Rec 17).

5.8

Obj8: KPI reporting 

5.8.1

HSE publishes guidance on its website in relation to managing health and safety performance and the benefits of ensuring that leaders of organisations can review and be assured that legal compliance is achieved and maintained. There is no legal requirement for an organisation to provide any performance statistics relating to health and safety to an overseeing external governing body (aside from HSE RIDDOR requirements, as reported within objective 3).

5.8.2

The health and safety policy encompasses several commitments to internal health and safety performance monitoring and reporting. There are several reporting channels utilised to ensure health and safety performance is reported to senior management to raise awareness.

These include:

·         Monthly Strategic Management Team Meetings (SMT).

·         Six monthly Joint Audit and Governance Committee Meetings (JAGC).

·         Annual H&S system management reviews (attended by the Chief and Deputy Chief Executive).

Standard KPI metrics reported include an overview of operational statistics to date, including incidents (including near miss incidents), accidents (including RIDDOR), current risks and trends, health and safety training, policy and procedural updates and progress on ongoing projects.

5.8.3

Our review showed in the ten months to October 2022, monthly SMT reports were submitted for three months (May 2022, July 2022 (JAGC paper presented to SMT), and September 2022). Prior to May 2022, the last report provided to SMT was in September 2021. This was due to reports being deferred or not requested by management, delays resulting from the organisational restructure (health and safety moving to the people and culture team in October 2021) and a 50% reduction in team resource since July 2021. Internal audit was advised that the frequency of health and safety SMT reports is under review.

5.8.4

Through enquires, internal audit established that a representative of the health and safety team does not attend SMT meetings to present reports and papers, including policy and procedural changes. As a result, this impacts and delays the policy approval process where any queries raised on legislative points or operational requirements warrant a response. As the organisations qualified, appointed competent person, it may be beneficial for the health and safety advisor to attend SMT meetings when health and safety papers are discussed, to provide responses to queries in a timely manner.

5.8.5

Area assurance: Substantial

One recommendation has been made as a result of our work in this area (Rec 18).

6.1

Internal audit would like to take this opportunity to thank all staff involved for their assistance with the audit.

Obj1: Policies and procedures

Risk Rating: High

Risk Score: 8

1. Policies and procedures

Findings

Recommended Action(s)

Action Owner(s)

Per council requirements, the majority of H&S policies contain a three-yearly review cycle. Work is underway to identify, review, and update all H&S related policies, procedures, and guidance published across all council services.

Following the completion of a H&S document mapping exercise, the following is noted:

·         45 policies and procedural documents notes require review.

·         Six policies are not present on Jarvis through assigned webpage links and therefore not published to officers.

·         20 polices are published on the H&S Jarvis page, of which 18 (90%) are overdue for review.

·         Some policies contain outdated statements, including legacy suppliers, service providers and contact/reporting information.

·         77 guidance notes and forms containing H&S related information are published on Jarvis. 52 (68%) documents are undated, 23 (29%) were created in 2018 and two (3%) are dated 2017 and 2011 respectively. However, guidance notes are not intended as mandatory documents but provide an overview of information that staff should know. If in doubt staff should contact the H&S team.

We were therefore unable to provide assurance that policies, procedures, and guidance notes adhere to operational and legislative requirements.

Risk(s)

Polices are outdated and do not comply with current legislation presenting an increased risk to potential enforcement, fines, and prosecution.

Guidance is not provided to officers to conduct their duties safely, breaching health and safety legislation.

Without correct policies and procedures in place and properly managed, the councils and their staff are at significant risk.

Continue to review and update H&S related policies, procedures, and guidance.

H&S Business Partner with support from relevant stakeholders.

Management Response

Implementation Due Date

Recommendation is Agreed

This recommendation is part of the implementation of the health and safety management system, HSG65. Realistic timeframe, based on current resource levels and operational requirements, is delivery of minimum 4 policies this year and removal of redundant H&S documentation.

September 2023 update: H&S guidance notes have been removed from Jarvis following the audit as they were not thought to add value to the councils’ H&S response. It is also noted that the core H&S policies which apply to all or most staff (Health & Safety Policy, Hybrid & Remote Working Policy and Display Screen Equipment Policy) are available on Jarvis and are within the appropriate review cycle. The H&S resource will focus on updating the following policies over the next period (including the Incident Reporting Policy, Driving at Work Policy)

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

31 December 2023

Obj1: Policies and procedures

Risk Rating: Medium

Risk Score: 5

2. 2019 strategic health and safety review action points

Findings

Recommended Action(s)

Action Owner(s)

In 2019, the councils appointed an external consultant to conduct a strategic H&S review. The review produced an action plan comprising 51 action points (17 high risk, 27 medium risk and seven low risk) across six key control areas.

In January 2021, performance and half yearly progress against the action plan was presented to the Joint Audit and Governance Committee (JAGC). The action plan document was last reviewed in April 2021 by the former senior health and safety advisor.

Our review found that 12 actions (24%) have been completed, 16 (32%) are ongoing, 15 (29%) are not yet started, and eight (15%) require further consultation with key stakeholders.  This includes nine high risk actions that are recorded as ongoing or not yet started (per the ‘Corporate H&S Team Action Plan’).

Due to the vacant post, the health and safety team have not made as much progress against report actions as planned; however, updates on key actions have been reported to SMT and JAGC within H&S progress reports. The H&S team are working through the actions; however, some are no longer relevant and further review is required.

Risk(s)

Health and safety risks are not managed.

Review and update all recommendations detailed within the strategic health and safety review, and implement controls where risks remain relevant to current operations. 

H&S Business Partner with support from relevant stakeholders.

Management Response

Implementation Due Date

Recommendation is Agreed

The strategic health and safety review workplan actions are now incorporated into delivery of the HSG65 health and safety management system (HSMS). Progress on these actions continues with regular reports provided to SMT, JAGC and directly to the Chief Executive and Deputy Chief Executive (Transformation and Operations) as part of an annual health & safety update.

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

31 December 2023

Obj1: Policies and procedures

Risk Rating: Low

Risk Score: 2

3. Health and safety champion forum

Findings

Recommended Action(s)

Action Owner(s)

The Health and Safety at Work 1974, Sections 2(6) requires every employer to consult with all staff on matters involving health and safety. The Health and Safety (Consultation with Employees) Regulations 1996 and Safety Representatives and Safety Committees Regulations 1977 provides employees with the right to be consulted over matters concerning their health and safety at work. A process is now in place with UNISON (a legal requirement for all health and safety related policies) and the Strategic Management Team (SMT) to adhere to this requirement.

The H&S team intend to introduce a Corporate H&S Champions Forum to enable the councils to fulfil their legal duties and for employees to actively co-operate, communicate, and promote the effective management of H&S at work. As a minimum, the forum will include the corporate H&S team, and the safety champions for each service area.

At the time of review (October 2022), although approved in principle through UNISON and SMT, the Corporate H&S Champions Forum is not operational.

Risk(s)

Non-compliance to Health and Safety at Work regulations where guidance, procedures, and policy may be introduced without consultation with competent persons through appropriate channels.

Implement the H&S champions forum to ensure that the corporate H&S team are formally consulted on all individual service policy and procedures that may contain H&S matters and/or practices.

Head of Corporate Services, H&S Business Partner with support from relevant stakeholders.

Management Response

Implementation Due Date

Recommendation is Agreed

Heads of Services and their Service managers have begun identifying suitable staff to act as Safety Champions for their area, this will be reinforced by the Head of Corporate Services via SMT. Safety Champions require training to be able to deliver effectively in their roles. The expertise to deliver this training sits with the H&S Business Partner.

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

28 March 2024

Obj2: Training and guidance

Risk Rating: High

Risk Score: 7

4. Health and safety training – general roles

Findings

Recommended Action(s)

Action Owner(s)

It is the line manager’s responsibility to identify and monitor completion of mandatory and role specific training for new starters, within the six-month probation period. The HR Advisory Team do not hold centralised information to assist line managers when monitoring training completion in LEAH. Reports are available from HR on an ad-hoc request basis; however, they are not routinely provided.

We reviewed a sample of 20 (ten South and ten Vale) new starters (between September and December 2021) to establish whether mandatory H&S training had been completed within the required six-month probation period (i.e., by 30 June 2022).  The results showed:

·         20 (100%) new starters had not completed the mandatory H&S modules within six-months.

·         12 (60%) had not read/signed the H&S policy.

·         All six lone workers had not completed the lone working module.

·         Four new starters had not completed COSSH and legionella modules.

·         Three managers had not completed the two H&S manager modules.

In addition, there is no requirement for officers to undertake regular refresher training of the mandatory H&S training modules and training modules are not available in a variety of formats for staff to access on LEAH (suitable for all).

Contractors and agency staff are not required to complete the mandatory H&S training. As not directly employed by South and Vale, they fall outside of the HR onboarding and induction process.

Risk(s)

Non-compliance to H&S Regulations. Staff are not aware of their H&S roles and responsibilities. Managers do not comply to the H&S policy requirements to support the councils. Increased harm to contractors/agency staff conducting general tasks and checks and/or specialist H&S roles.

a)     Verify all H&S training on LEAH is fit for purpose and remains relevant to current legislation.

b)    Remind line managers of the requirement for new starters to complete the mandatory H&S training on LEAH within their probation period.

c)     Remind all officers to complete the required mandatory training within LEAH.

d)    Develop a report to assist managers in monitoring training compliance and issue at agreed intervals.

e)     Establish requirements for contractors and agency staff to complete mandatory H&S training.

f)     Develop a regular schedule for H&S refresher training for all officers (inc. contractors and agency staff if applicable).

a, e & f) H&S Business Partner

b, c & d) People and Culture Manager in coordination with the Strategic HR Business Partner and relevant stakeholders.

Management Response

Implementation Due Date

Recommendation is Agreed

This will require H&S and HR to work together and ensure the relevant courses are created and uploaded onto Leah and embedded into the induction programme (and relevant documentation). The new induction programme will be used to adapt a version for contractors/agency staff. Reminders to managers will be an ongoing action.

September 2023 update: since the audit, H&S training modules have been made available to officers and ‘all staff’ communications have reminded staff about mandatory training. In addition, training completion reports from LEAH have been developed and will be made available to all HofS.

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

a, b & c) Implemented between draft and final report stage.

d) 31 August 2023

e & f) 30 September 2023

Obj2: Training and guidance

Risk Rating: High

Risk Score: 9

5. Health and safety training – specialist roles

Findings

Recommended Action(s)

Action Owner(s)

There is no centralised record of training requirements for specialist roles across council services. The H&S team is developing, collating, and centralising a master training matrix document that details all relevant H&S training, by employee and by role, across all services. This document is work in progress and plans to assist establishing and understanding requirements for specific training, defined to each role.

A review of specialist roles is due to be conducted, that will incorporate assessment of key personnel and define knowledge base requirements for operational responsibilities. This will assist H&S and HR teams understand whether additional specialist resource is required to strengthen the corporate health and safety team, or whether additional responsibilities will be undertaken within other teams, including specialist personnel in respect of building and construction, compliance, facilities, technical and maintenance management.

Risk(s)

Non-compliance to H&S Regulations. Lack of specialist H&S training and monitoring to ensure suitable training is maintained for those in specialist roles. Officer H&S is not adequately safeguarded.

a)     Identify and define specialist officer roles, responsibilities, and health and safety training requirements across all services.

b)    Continue to develop the centralised H&S training matrix.

c)     Embed refresher training arrangements for mandatory and specialist modules.

a)     SMT and line managers need to identify and confirm roles that require specialist H&S training

b)    H&S Business Partner with support from HR and relevant stakeholders

c)     People and Culture Manager

Management Response

Implementation Due Date

Recommendation is Agreed

September 2023 update: Whilst these recommendations are agreed there is a responsibility of line managers to identify roles that require specialist H&S training, this will enable the HR and H&S teams to source suitable training as required.

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

31 December 2023

Obj3: Incident reporting

Risk Rating: Medium

Risk Score: 5

6. Incident reporting

Findings

Recommended Action(s)

Action Owner(s)

HSE guidance states that under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR), certain incidents and work-related deaths and injuries require reporting. A report must be received within 10 days of the incident, and for accidents resulting in the over-seven-day incapacitation of a worker, you must notify the enforcing authority within 15 days of the incident.

Our internal incident reporting and investigation policy must be reviewed at least every three years, or when circumstances dictate. The current version on Jarvis is overdue for review (last issued April 2018). We found outdated information (e.g., HR provider, training, and induction programme requirements).

A new, dedicated email address has been set up to make it easier for officers to report incidents; however, as of October 2022 the email address and reporting process had not been officially launched due to operational issues within Jarvis.

There were three RIDDOR reportable incidents since 2019, all reported in 2020. RIDDOR required timescales for reporting incidents to the HSE had not been met on all three occasions, which was in part due to delays in initial reporting to the H&S team and absence of required information, such as confirming of medical diagnosis, and complications in obtaining personal information with affected parties.

Although reported late, the number of RIDDOR reportable incidents is low, and the required information was submitted for all three incidents, with no further requests from the HSE. We also recognise that the upward trend in the number of incident reports since 2019, provides a way for the organisation to monitor potential problems and root causes as they occur.

Risk(s)

Potential prosecution and/or enforcement action resulting in unlimited fines. Further investigation by HSE on the organisation’s health and safety practices and routines. Reputational damage to the councils.

a)     Following review and update of the Incident Reporting Policy, relaunch the revised incident reporting procedures, including the new incident reporting email address.

b)    Remind managers to notify H&S of all RIDDOR reportable incidents in a timely manner following incidents being reported/notified.

H&S Business Partner with support from relevant stakeholders.

Management Response

Implementation Due Date

Recommendation is Agreed

In terms of the two recommendations (a) The Incident Reporting Policy will be reviewed and relaunched during 2023; (b) A staff communication for the councils’ managers will be issued.

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

a) 31 December 2023

b) 31 August 2023 (and six monthly thereafter)

Obj3: Incident reporting

Risk Rating: Low

Risk Score: 2

7. Incident reporting system

Findings

Recommended Action(s)

Action Owner(s)

The H&S team collates all incident statistics into a ‘Master Incident Log’ that maintains a rolling record of incidents across the council. This excel based document was implemented in 2020 and is retained on the health and safety shared drive.

The manual log results in increased administrative effort in collating supporting records and forms. The H&S report submitted to SMT in May 2022 identified the benefits of developing an online self-serve incident reporting system, stating it remains a core service objective; however, it is on hold due to resource and time constraints.

Risk(s)

Manual records may be subject to human error and omissions.

Increased administrative effort and process inefficiencies.

Non-compliance to GDPR regulations.

Continue to explore options for an online incident management reporting system.

H&S Business Partner with cooperation of relevant stakeholders (IT Development).

Management Response

Implementation Due Date

Recommendation is Agreed

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

28 July 2024

Obj4: Risk Management and compliance

Risk Rating: High

Risk Score: 9

8. Compliance monitoring

Findings

Recommended Action(s)

Action Owner(s)

HSE guidance states that checking that you are managing risks in your organisation is vital. Checking involves setting up an effective monitoring system, backed up with sensible performance measures. This includes routine inspections of premises, plant, and equipment by staff, health surveillance to prevent harm to health, and planned function check regimes for key pieces of plant.

The H&S Policy states:

·         The councils will monitor the implementation and effectiveness of safety arrangements and the safety performance of the councils.

·         The councils will develop and implement a H&S management system following the H&S Executive’s guidance.

·         The councils’ equipment, buildings, structures, and other areas will be inspected and maintained in line with statutory requirements and the councils’ inspection procedures.

·         At each location, safety performance standards will be monitored by way of safety inspections, audits, and reviews.

·         The H&S Advisor, or their appointed representative, will audit various services on a three-year cycle.

As noted in our recent property compliance management 2021/22 audit, all council assets are due to receive an inspection over the course of the next two years (to July 2023), in line with the property inspections schedule.

Property inspections are undertaken by the property assets team, who check onsite condition, incorporating some safety elements. We were informed that the H&S team have no visibility of the property inspections template and checks conducted by the property assets team, which is recommended to ensure that H&S legislative requirements are met. The H&S team plan to review the outcome of property inspections to ensure they fulfil the requirements of the H&S function.

Risk(s)                                                                                                          

Non-compliance to H&S regulations. Increased risk of harm to individuals and council assets. Increased risk to financial penalties and reputational damage.

a)     Implement a system for H&S inspections/monitoring, in line with HSE guidance and the councils’ Health and Safety Policy.

b)    Property Assets team to consult and agree compliance inspection routines with Health and Safety to ensure any safety elements adhere to relevant H&S legislation and are fit for purpose.

H&S Business Partner with support from Property Assets Manager.

Management Response

Implementation Due Date

Recommendation is Agreed

a)     Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

b)    Management response: Property Assets Manager  

a)     31 December 2023

b)    31 December 2023

Obj4: Risk Management and compliance

Risk Rating: High

Risk Score: 7

9. Risk assessments

Findings

Recommended Action(s)

Action Owner(s)

The H&S policy states that the responsibility to assess risk lies with service managers and team leaders, who must ensure that risk assessments and safe systems of work relating to activities under their supervision are produced, properly communicated, and fully implemented. The policy also states that all staff required to carry out risk assessments will be trained in the councils’ H&S risk assessment procedures. However, risk assessment training is not provided to officers.

A risk assessment system is in place; however, the H&S Risk Assessment and Control Policy is overdue for review (due May 2021). The policy states that all staff required to carry out risk assessments will be trained in the councils’ H&S risk assessment procedures. There is no suitable training in place across the councils, therefore we are unable to assess the competencies of persons conducting assessments.

We reviewed a sample of service teams to confirm whether risk assessments have been completed, focusing on high-risk operations and locations (e.g., Abbey House, environmental health, grounds and parks maintenance). From our review of seven service teams, three risk assessments had not been performed and two risk assessments were overdue for review.

Risk assessment documentation is in place and available to officers. Although the risk rating matrix (used to define risk rating number) is consistently used by service teams, completion of the documents and review frequency is inconsistent across the organisation.

It is the responsibility of service teams to carry out risk assessments for under 18s (required by H&S law); however, there is no guidance to support officers.

There is no central repository for completed risk assessments: they are held by individual service teams.

Risk(s)

Non-compliance to H&S regulations. Increased risk of harm to individuals and council assets. Increased risk to financial penalties and reputational damage.

a)     Review and update the councils H&S risk assessment management system (i.e., policy, procedures, training, and guidance).

b)    Establish a centralised records library for health and safety risk assessments.

c)     H&S Business Partner to remind all service teams of the need to complete and regularly review all service area’s risk assessments.

H&S Business Partner in coordination with relevant stakeholders

Management Response

Implementation Due Date

Recommendation is Agreed

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

a & b) 31 December 2023

c) 31 August 2023

Obj5: Contractor management

Risk Rating: Low

Risk Score: 2

10. Contractor management system

Findings

Recommended Action(s)

Action Owner(s)

Employers have a legal requirement to staff and others doing activities on their behalf. Essentially both the organisation and the contractor you use have responsibilities under H&S law.

A Contractor Management and Monitoring Policy and supporting guidance is published on Jarvis; however, the document was last reviewed/updated in October 2017 and overdue for review.

Risk(s)

Non-compliance to H&S regulations. Increased risk of harm to individuals and council assets.

Increased risk to financial penalties and reputational damage.

Review and update the health and safety contractor policy and guidance published on Jarvis to ensure relevance to current legislation.

H&S Business Partner in coordination with relevant stakeholders

Management Response

Implementation Due Date

Recommendation is Agreed

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

31 December 2023

Obj5: Contractor Management

Risk Rating: High

Risk Score: 7

11. Contractor procurement

Findings

Recommended Action(s)

Action Owner(s)

Procurement procedures provide guidance on H&S considerations during the tender and award of contracts. Requirements include officers obtaining appropriate risk assessments and method statements (RAMS) for the specific works in question and ensuring suitable employers’ liability and public liability insurance is validated to specified (mandatory) levels of cover, prior to the commencement of works.

A review of procurement guidance and documentation is underway by the procurement team. The review is ongoing, in line with the wider project to update the Contract Procedure Rules (CPRs) and constitution. Whilst the review is in progress, all procurement documentation has been temporarily removed from Jarvis.

At the time of review (October 2022), H&S had not provided guidance or consulted on H&S matters relating to contractor procurement. We recommend the H&S advisor consults on the revised documentation at this time, to ensure legislative requirements are met.

Following the award of a contract, detailed site/job specific RAMS must be sought and reviewed by the service team for the job/works in question, prior to the commencement of works. We reviewed a sample of eleven awarded contracts (7 joint, 2 South, and 2 Vale) to establish whether these requirements were met. Our findings showed:

·         Example copies of RAMS were not on the contracts register as part of the tender pack (4 contracts).

·         Employers and Public Liability insurance documents were not on the contracts register (4 contracts).

·         Detailed (site specific) RAMS were not provided for generalised services (4 contracts).

·         Employers & Public Liability Insurance certificates were not found, following contract award (1 contract). Certificates obtained following auditor request.

·         Employers & Public Liability Insurance certificates expired prior to the award of a contract extension (one contract).

·         Public Liability certificates did not provide the minimum advised value of £10m - coverage to £5M with no mitigations documented (2 contracts).

Risk(s)

Failure to comply with H&S legislation. Failure to ensure adequate standards are met. Officers not provided with accurate information to adequately select and manage contractors on behalf of the councils.

a)     Procurement to liaise with Health and Safety on the revised procurement process, guidance, and template documentation to ensure there is suitable consideration of health and safety requirements and controls to comply with relevant legislation.

b)    Remind service teams of the requirement per the procurement procedure rules to obtain H&S documentation as part of the tender/award of contracts etc.

a)     Exchequer & Procurement Manager / H&S Business Partner

b)    Head of Finance (S151 Officer)

Management Response

Implementation Due Date

Recommendation is Agreed

Management response: Exchequer & Procurement Manager

31 December 2023

Obj5: Contractor Management

Risk Rating: Low

Risk Score: 3

12. Permit to work system

Findings

Recommended Action(s)

Action Owner(s)

In addition to a risk assessment and method statements, a permit to work can be issued to a particular person, at a specific time, authorising them to carry out work under strict controls. Although not a legal requirement, HSE guidance describes the benefits of such systems being in place.

Although there is no formal permit to work system in place at South and Vale, they are often provided for high risk and/or hazardous contractor maintenance works (e.g., excavation/penetration of grounds more than 30cm, working at heights, and ‘hot-works’ such as welding, metal cutting and open flame works) to ensure tasks are completed safely. In addition to a risk assessment and method statement, a permit to work is issued only to a particular person, at a specific time, authorising them to carry out work under strict controls.

Experienced officers are aware of when to implement a permit to work; however, as there is no formal permit to work process in place this process may not always be followed when awarding contractor works.

Risk(s)

Inconsistency in managing contactors safely.

Failure to ensure adequate standards are being met.

a)     Formalise and document the process used by the facilities team for issuing permits to work to the contractors under their management.

b)    Consult Health and Safety to ensure the permit to work process is fit for purpose.

Property Assets Manager

Management Response

Implementation Due Date

Recommendation is Agreed

Management response: Property Assets Manager

30 June 2023

Obj6: Lone Working (operational duties)

Risk Rating: Medium

Risk Score: 4

13. Lone working system

Findings

Recommended Action(s)

Action Owner(s)

A new Lone Working Policy was approved by UNISON and SMT, effective 1 August 2022. The lone working system (LoneAlert) is used to support the safety of officers, and a LEAH training module provides guidance on operating the system effectively. LoneAlert system reports between 1 April 2020 and 28 September 2022 found:

Although the total number of alerts is low, there is a high proportion of false alarms against total alerts, which may indicate a training need. Since the lone working training modules were uploaded to LEAH on 25 August 2022, the system registered:

·         57 officers requested the Lone Working Policy, of which 36 are read/completed, 19 are in progress and two not started.

·         32 officers requested the Lone Worker Training, of which one is completed and 31 not started.

·         Nine officers requested the Responsible Officer Training, of which one is completed and eight are in progress.

As of 6 October 2022, there were 333 total users registered on the LoneAlert system. This indicates:

·         17% of system users had read the revised Lone Working Policy on LEAH; and

·         Less than 1% of users had completed the LEAH training (it is possible that training may have been completed by some officers prior to LEAH system, however, there are no supporting records).

Risk(s)

Officer safety is compromised where line managers of lone workers have not ensured adequate training has been conducted. Officers falling to use the system correctly results in false alarms and alerts being triggered that require time and resource to review and monitor.

Remind LoneAlert users to ensure that they have completed the LEAH lone working training and read the policy.

People and Culture Manager

Management Response

Implementation Due Date

Recommendation is Agreed

HR will issue a reminder to ensure that staff who are ‘lone workers’ access the available training including the councils’ agreed policy.  Since this report was drafted a reminder has been issued to all key users of the LoneAlert system.

Management response: People and Culture Manager

31 July 2023

Obj6: Lone Working (operational duties)

Risk Rating: Medium

Risk Score: 5

14.  LoneAlert system hierarchy

Findings

Recommended Action(s)

Action Owner(s)

LoneAlert activations actioned by a Head of Service (and above) demonstrates that there has been a breakdown in the user reporting hierarchy, where calls have escalated to the next stage manager (and so on).  The Lone Working Policy states that it is the line manager’s responsibility to review and keep up to date records and documentation associated with lone working (e.g., lone worker contact details and the reporting hierarchy are correct on the lone worker system).

We reviewed the LoneAlert system hierarchy against the latest payroll establishment listing and corporate organisational structure to determine the accuracy of system records. Our review showed:

·         System hierarchy did not accurately reflect the organisational structure following the recent changes, specifically across the property, licencing and community safety, and community wellbeing teams sampled.

·         The senior management escalation hierarchy does not reflect the current organisational structure, with some service managers omitted from system records, although line reporting officers were present and active.

Risk(s)

System alerts are not reported to the appropriate line manager in a timely manner.

Poor system administration may result in omissions in reporting hierarchy, compromising officer safety. 

a) Remind service teams to ensure that the registered users and the escalation hierarchy on LoneAlert accurately reflects the current organisational structure within their teams.

b) Conduct a full review of the LoneAlert senior management team escalation hierarchy to ensure accuracy in system reporting routes.

H&S Business Partner in coordination with relevant stakeholders

Management Response

Implementation Due Date

Recommendation is Agreed.

Since this report was drafted a reminder has been sent to all key users of the LoneAlert system.

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

a)     31 July 2023 (implemented between final and v2 report)

b)    30 September 2023

Obj6: Lone Working (operational duties)

Risk Rating: Medium

Risk Score: 5

15. System administration (restated)

Findings

Recommended Action(s)

Action Owner(s)

We confirmed that regular LoneAlert user access reviews are not performed.

The LoneAlert escalation hierarchy was reviewed against the organisational structure (as at June 2020) and the following was noted:

·         There are two Acting Deputy Chief Executives listed as the top of the escalation hierarchy, the councils are now operating with three.

·         Where services have moved within the organisational structure, and new services introduced, this has not been reflected within the LoneAlert escalation hierarchy. An example being the Community Hub, set up as part of the council’s response to Covid-19, and the Customer Assurance Team, which now incorporates Assurance and Health and Safety.

·         Where new appointments and management changes have been applied across council services, the escalation hierarchy has not been updated within the LoneAlert system to reflect this. An example being the appointment of the interim Strategic Finance Manager, appointed in April 2020.

Risk(s)

Delays in responding to an alarm notification in an emergency, resulting in an increased risk to officer safety.

Establish a regular LoneAlert user access review, whereby service teams are required to formally notify the health and safety team of user access changes being completed (i.e., starters, leavers, movers, and emergency SOS fob holders) 

H&S Business Partner in coordination with relevant stakeholders

Management Response

Implementation Due Date

Recommendation is Agreed.

Since this report was drafted a reminder has been sent to all key users of the LoneAlert system.

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

30 September 2023

Obj6: Lone Working (operational duties)

Risk Rating: Low

Risk Score: 2

16. System reports (restated)

Findings

Recommended Action(s)

Action Owner(s)

LoneAlert system reports are not issued to service teams to assist them in monitoring system usage and frequency of alarm activations.

Internal audit confirmed that the assurance team are considering issuing service teams with usage and alarm activation reports on a monthly basis to assist with service team monitoring activities. However, at the time of review (October 2020) this had not been implemented.

Risk(s)

Managers are unable to effectively review system usage and alarm activations within their teams to identify non-compliance to policy and training needs. 

Consider issuing LoneAlert system reports to service teams on a regular basis, for monitoring activities.

H&S Business Partner in coordination with relevant stakeholders

Management Response

Implementation Due Date

Recommendation is Agreed

Management response: Health and Safety Business Partner, Head of Corporate Services, People and Culture Manager

31 December 2023

Obj7: Hybrid Working

Risk Rating: Medium

Risk Score: 6

17. Portable electrical appliance checks

Findings

Recommended Action(s)

Action Owner(s)

Under the Health and Safety at Work Act 1974, the councils have a duty to protect the health, safety, and welfare of employees. Most of the regulations under this act apply whether working on council premises, from home or other locations.

The Electricity at Work Regulations 1989 require that any electrical equipment that has the potential to cause injury is maintained in a safe condition. However, the Regulations do not specify what needs to be done, by whom or how frequently (i.e., they don't make inspection or testing of electrical appliances a legal requirement, nor do they make it a legal requirement to undertake this annually).

A new Hybrid and Remote Working Policy was implemented by the councils on 1 August 2022. The policy states:

·         Equipment must be recorded on the councils’ central asset register (via facilities). This will enable the councils to comply with the legal requirement to manage the equipment appropriately.

·         Portable electrical equipment provided by the councils is subject to safety checks and tests. Hybrid/remote workers must ensure their equipment is properly registered with facilities and presented for testing by a competent person when requested.

We enquired with the facilities team as to what measures and checks are in place, and whether a copy of the central assist register could be provided, per the requirements of the policy. At the time of writing this report, the facilities team advised no formal safety checks and testing routines have been implemented and a central assets register is not being maintained, however, the provision of such checks was being discussed by senior management. Additionally, the facilities team advised that they had not been made aware, per the policy, that such requirements had been agreed.

Risk(s)

The councils are not ensuring that commitments to their own polices are in place, which may result in legislative action following incident. Suitable measures are not in place to ensure officers can have portable electrical equipment safety checked and maintained in a safe condition.

a)     Head of Corporate Services to present findings to SMT.

b)    SMT to establish an agreed approach to conduct regular portable electrical appliance safety checks/inspections, per the requirements of the Hybrid and Remote Working Policy.   

Head of Corporate Services and SMT

Management Response

Implementation Due Date

Recommendation is Agreed

The hybrid/remote working policy contains the approach to conduct regular checks and inspections on portable electrical equipment. The policy and approach have been endorsed by UNISON and approved by SMT. Responsibility for assigning staff to implement the approach has been raised with SMT to resolve.

Management response: Head of Corporate Services, People and Culture Manager

a)     31 March 2023 (implemented between final and v2 report)

b)    31 December 2023

Obj8: KPI Reporting 

Risk Rating: Low

Risk Score: 3

18. Management reporting

Findings

Recommended Action(s)

Action Owner(s)

The Health and Safety Policy encompasses several commitments to internal H&S performance monitoring and reporting, including:

·         a monthly H&S update at SMT meetings to advise and report on H&S issues and performance.

·         SMT are provided with monthly reports and half-yearly reviews of safety performance as a minimum. The H&S Advisor may present an overview of updates at SMT as deemed appropriate.

·         H&S team to prepare reports and monitor key performance indicators for reporting to SMT and highlight trends requiring specific action.

Review of H&S reports and presentations submitted to senior management between January and October 2022 found:

·         Monthly SMT reports were submitted for only three months (May, July, and September).

·         Prior to May 2022, the last report provided to SMT was in September 2021.

·         Reports were not requested, or reports were deferred for the months not published.

·         Delays in reporting are also noted due to the organisational restructure (Health and Safety moving to the People and Culture team in October 2021).

Through enquires, internal audit established that a representative of the H&S team does not attend SMT meetings to present reports and papers, including policy and procedural changes. As a result, this may delay the policy approval process where any queries raised on legislative points or operational requirements warrant a response. As the organisations qualified, appointed competent person, it may be beneficial for the H&S advisor to attend SMT meetings when H&S papers are discussed, to provide responses to queries in a timely manner.    

Risk(s)

Non-compliance to policy. Lack of awareness of risk and performance in managing health and safety. Delays in decision making and policy updates.

a)     The Health and Safety Advisor to attend relevant SMT meetings to present major papers, including policy and procedural changes, answer queries, and raise awareness of legislative requirements as the council’s qualified, appointed officer.

b)    H&S to be added as a standard item on the SMT agenda to ensure there is a recognised reporting channel to the organisation’s senior management and to adhere to the Health and Safety policy.

Head of Corporate Services

Management Response

Implementation Due Date

Recommendation is Agreed

Both recommended actions are complete. The Head of Corporate Services presents H&S updates to SMT on a quarterly basis after having taking advice from the H&S Business Partner. H&S is a standing item on SMT agendas, should technical advice be required the H&S Advisor will attend SMT. Further the H&S Business Partner is now providing an annual update to the Chief Executive, Deputy Chief Executive (Transformation and Operations) and Head of Corporate Services.

Management response: Head of Corporate Services

Implemented between draft and final report stage.