Issue - meetings

This report summarises the activity of Internal Audit for the financial year 2025-26, including an update on work completed since the previous updated provided in December 2025 including a summary on delivery of the Internal Audit Plan, key findings arising from audit work, and the extent to which agreed management actions have been implemented.

The report also provides the annual audit opinion, provided by the Deputy Director Organisational Assurance and Resilience (Head of Internal Audit), on the adequacy and effectiveness of the Council’s framework for governance, risk management and control, which is used to support the Council’s Annual Governance Statement.

This report summarises the activity of Internal Audit for the financial year 2024-25, including an update on work completed since the previous updated provided in December 2024.

The report also provides the annual audit opinion, provided by the Deputy Director Organisational Assurance and Resilience (Head of Internal Audit), on the adequacy and effectiveness of the Council’s framework for governance, risk management and control, which is used to support the Council’s Annual Governance Statement.

Darren Armstrong (Deputy Director Organisational Assurance and Resilience) introduced a report from the Corporate Director Finance & Resources which outlined the activity undertaken by Internal Audit during 2024-25 (and work undertaken since the previous update in December 2024) and included the Annual Audit opinion provided by the Deputy Director Organisational Assurance and Resilience (as Head of Internal Audit) on the adequacy and effectiveness of the Council’s framework for governance, risk management and internal control used to support the Annual Governance Statement.

In considering the Internal Audit Annual Report (as detailed within Appendix 1 of the report) the Committee noted the following key points:

• There had been no actual or perceived threats to the independence and objectivity of the Internal Audit function in relation to the work carried out to deliver the 2024-25 internal audit plan. The Head of Internal Audit and all internal auditors had continued to receive unrestricted access to senior management, officers and all information and records necessary to undertake their work.  This was supported by the internal audit function having also received an External Quality Assessment (EQA) during 2022-23, which identified no concerns regarding to the independence or objectivity of the function.

• The summary relating to delivery of the internal audit plan during 2024-25 contained within section 4 of the Annual Report attached as Appendix A to the report. This had included the conclusion and issuing of 51 separate audit reports which was felt to represent a notable achievement given that the team had operated at approximately 75% capacity for most of the year with the team praised for their dedication and hard work.  In terms of outcome, this activity had led to a total of 122 findings being raised, comprising 39 classified as high risk, 56 medium risk, and 21 low risk and with all recommendations being accepted by management.
• Section 5a within the Audit Plan detailed the core assurance work undertaken during 2024-25 focussed around the Council’s sore systems and controls based on a rolling three-year cyclical plan.  This had included the completion of 13 core assurance audits (representing 100% of the planned work for 2024-25). These audits had generated 52 findings, with 14 classified as high risk, 24 as medium risk, and 14 as low risk. The outcomes had included nine opinions of moderate assurance and four opinions of limited assurance with all recommendations having been accepted by management.  Section 5b of the Annual Report provided a summary of the outcomes from each core assurance audit, while section 5c provided a headline summary of the key findings.

• Under the agile risk focussed element of the Internal Audit Plan, the team had adopted a more fluid, flexible, and adaptive approach to providing assurance on emerging risks and issues.  As part of the agile risk-based work undertaken during 2024-25 10 audits had been completed, with 6 providing moderate assurance and 4 providing limited assurance opinions.  This work had generated 50 findings, comprising 17 classified as high risk, 26 as medium risk, and 7 low risk findings.  Section  ...  view the full minutes text for item 8