Agenda item

To present the report of the Head of Audit and Risk.

The report of the Head of Audit and Risk incorporating the Annual Report of Internal Audit for 2024/25 was presented for the committee’s consideration.

The Head of Audit and Risk presented the report as one of the key reports of the year, providing her opinion on the adequacy and effectiveness of the Council’s framework of governance, risk management and controls during the year. She confirmed that in her opinion, for the twelve months ending 31 March 2025, the Council had an adequate and effective framework for these areas. While she did not consider any areas of significant corporate concern, some areas require the introduction or improvement of internal controls to ensure the achievement of objectives and these are the subject of monitoring. There were no qualifications to this opinion.

The Head of Audit and Risk noted that her assessment was based on the work completed in the year, primarily the review of the Council’s strategic risks. Internal Audit met its aim of reviewing 80% of red and amber strategic risks over a two year cycle by covering eight such risks in 2024/25 alongside twelve audits of other areas of the Council’s activities. Internal Audit achieved five of its six annual performance targets including strategic risk coverage. Internal Audit also conformed with the Public Sector Internal Audit Standards (PSIAS) except in the area of assurance mapping. As of 1 April, 2025, the PSIAS were replaced by the Global Internal Audit Standards in the UK Public Sector (GIAS) which will apply to local government organisations including the Council, from 2025/26 onwards.

The committee raised the following issues in relation to the Internal Audit Annual report –

·      The committee noted that in the Head of Audit and Risk’s opinion, the Council has an adequate and effective framework for risk management and internal control. However, it is also recognised that this framework has its limitations and that the ultimate responsibility for maintaining sound internal control lies with management. The system’s effectiveness is therefore dependent on individuals carrying out their responsibilities properly. As such, it was suggested that the organisation is only as strong as its weakest link. The committee asked whether the Head of Audit and Risk is confident that the framework is robust and responsive enough to identify the weakest link before a failure occurs.

The Head of Audit and Risk explained that her opinion was based on the internal audit work completed during the year which included coverage of 80% of the Council’s strategic risks. Subject to the identified improvement activity, which is currently being monitored, she confirmed that she was satisfied in providing reasonable assurance over the Council’s risk management, governance and internal control framework.

·      Reference was made to the recovery of Council Tax, Non Domestic Rates and Sundry debts which was revisited during the year and to Internal Audit’s work with the fraud initiative. It was noted that members were aware of reports of individuals avoiding the second homes premium by falsely claiming their second home as their primary residence. As a result, the committee inquired whether Internal Audit could undertake a review to identify how false evidence is being submitted to evade payment and recommend measures to close any gaps/loopholes.

The Head of Audit and Risk explained that Internal Audit regularly reviews this area using  information submitted through the online fraud reporting tool. It also works in collaboration with the Tax Compliance Officer within the Revenues and Benefits Team to share relevant information for further investigation.

·      Reference was also made to the limited assurance audit of Disabled Facilities Grants (DFGs) with the follow up review again resulting in a limited assurance opinion. It was noted that delivery of DFGs consistently underperforms, as reflected in the quarterly scorecard reports. While a course of action has been proposed to improve the scorecard performance indicator, it was suggested that it is important that Internal Audit also highlights this matter.

The Head of Audit and Risk confirmed that a second follow-up review of DFGs will be conducted during 2025/26 and reported to the committee.

Having considered the Internal Audit Annual Report for 2024/25 and the Head of Audit and Risk’s opinion, it was resolved to note the following –

·      The summary of the work carried out during the year and the assurances provided

·      The overall opinion and,

·      The performance of the internal audit function in particular the level of conformance with the Public Sector Internal Auditing Standards.