To provide a periodic report on the Internal Audit function for the period June 2025 – August 2025 and to provide an update on the Internal Audit Charter for approval by the Audit Committee as required by the professional standards.

 

 

The Committee was informed that the Global Internal Audit Standards had required the Internal Audit Manager to make arrangements for reporting to senior management (Management Board) and to the board (Audit Committee) during the course of the year, and for producing an annual Internal Audit opinion and report that could be used to inform the Annual Governance Statement.

 

Four audits had been completed since the last Audit Committee meeting in June 2025. Three of the audits had received a satisfactory level of overall assurance of ‘Adequate Assurance’ or ‘Substantial Assurance’.

 

The Housing Repairs and Maintenance audit had received an overall opinion of ‘Improvement Required’.

 

A further 13 audits from the 2025/26 Internal Audit Plan had been allocated and seven had currently been at the fieldwork phase.

 

The Internal Audit manager informed Members that his team had been in the ‘Key Systems’ phase of the audit plan where all financial and core service systems and processes had been reviewed. Each area had been tried and tested that was very important to the Council’s day-to-day activities. They had not anticipated any significant issues in that area as historically those issues had been well managed; however, the Internal Audit Manager had highlighted that it had been important to ensure that those systems and processes continued to work as expected and remained well controlled.

 

Fraud and Compliance work had been ongoing in that period along with GDPR priorities particularly relating to data sharing agreements, Freedom of Information Requests and Subject Access Requests.

 

Quality Assurance – The Internal Audit function issued satisfaction surveys for each audit completed. No unsatisfactory responses had been received in that period. 

 

Resourcing

 

It was reported that the Internal Audit team currently had an establishment of 4 full time employment posts with access to a third-party provider of Internal Audit Services for specialist audit days as and when required. The Internal Audit Team currently had an Audit Technician post vacant. They currently had had an apprentice within the team for nearly a year who had been continuing to develop well and had currently been undertaking the administrative responsibilities for the Audit, Fraud and Compliance functions.

 

Outcomes of Internal Audit Work

The Public Sector Internal Audit Standards had required the Internal Audit manager to report to the Audit Committee on significant risk exposures and control issues. Since the last report four audits had been completed and the final report issued.

 

Assurance	Colour	Number this Period	Total for 2025/26Plan
Substantial		1	1
Adequate		2	2
Improvement Required		1	1
Significant Improvement Required		0	0
No Opinion Required		0	0	Three consultative engagements in 2025/26 to date

 

 

For the purpose of the colour coding approach, both the substantial and adequate opinions had been shown in green as both were within acceptable tolerances.

 

Issues arising from audits completed in the period under review receiving an ‘Improvement Required’ opinion and requiring reporting to Committee were: -

 

Housing Repairs and Maintenance

 

Issue

 

The Committee was made aware that there had been a number of contractors with annual spend over £50k within the Housing Repairs and Maintenance function being used where the original contract had now expired or where no contract had ever been in place. The majority of work undertaken had been made up of smaller jobs of less than £5k each with a cumulative value of more than £50k. However, if considered the same type of work over several different properties, then a tender process would have been required for each area under the Council’s procurement procedure rules.

 

Risk

 

Without works being carried out by contractors appointed in accordance with the Procurement Rules, there had been significant risks of overspend (where contractors had no budget or the Council had limited remit to set pricing), disaggregation of spend and poor governance (in the event of dispute).

 

There could have also been issues of probity and how companies were chosen without a transparent procurement process.

 

Agreed Action

 

The Internal Audit Manager alerted the Committee to an action plan that would be created to review all contracts within the department, including their status and time remaining. Given the potential of working with other councils and LGR, all contracts would be regulated with use of retendering, exemption or extension as considered appropriate and practical.

 

In addition, a departmental contract register would also be created to help ensure contracts had been centrally monitored and prevent repetition of that situation.

 

The service had also been undertaking a full review of all contractors with an overall spend of more than £50k and determining the best course of action required in line with procurement procedure rules.

 

Members heard that where significant spend had been identified with contractors without any form of contract in place, all works with them had been ceased in the short term until appropriate action could be taken.

 

Management Response to Internal Audit Findings – There had been processes in place to track the action taken regarding findings raised in Internal Audit reports and to seek assurance that appropriate corrective action had been taken. Where appropriate, follow up audits had been arranged to revisit significant issues identified after an appropriate time.

 

The number of high severity issues outstanding had been as follows: -

 

Status	Number	Comments
Overdue more than 3 months	0
Overdue less than 3 months	0
Not yet due	2

 

The Audit Committee had requested more detail on the outstanding actions within the above table and on previous significant findings as a matter of context. Appendix B showed a summary of those findings and agreed actions including the service response and an internal audit status. That would become a regular appendix of the periodic progress reports going forwards.

 

Update on previous significant issues reported

 

All previous significant issues had been provided within Appendix B of the report.

 

 

Internal Audit Charter

 

It was reported that a requirement of the Global Internal Audit Standards (GIAS) had been for the Audit Committee to review and approve the Internal Audit Charter on an annual basis. The Charter had last been updated and approved in September 2024.

 

It had previously been reported that new Global Internal Audit Standards had been introduced in January 2024 with a view to becoming mandatory in January 2025. The team had been awaiting CIPFA’s response with a view on the impact to the public sector.

 

CIPFA had provided an application note relating to any differences between the Public Sector Internal Audit Standards (PSIAS) and the Global Internal Audit Standards and how they should be addressed going forwards.

 

The Internal Audit Charter had now been reviewed in line with the GIAS and provided for review in Appendix C. No significant changes had been required other than terminology changes. The high-level categories within the charter remained similar to those under the previous standards.

 

Quality Assurance Improvement Programme (QAIP)

 

The Internal Audit Manager had been required to undertake an annual QAIP undertaking a self-assessment of the Internal Audit function against the Global Internal Audit Standards. That had been a full review of the working practices against the standards set by the Institute of Internal Audit and adopted by CIPFA. The team had been waiting on the CIPFA application note before completing the assessment.

 

The assessment against the standards had been completed with any actions and recommendations to be reported at the next Audit Committee for its review.

 

It was reported that there had been an expectation that there would be a programme to work to because there had been some changes to the Global Standards that had been new in comparison to the Public Sector Internal Audit Standards. The QAIP would be periodically provided to the Audit Committee with updates on progress against implementation.

 

It was moved by Councillor Sudra, seconded by Councillor Placey and RESOLVED that:

 

(a)  the contents of the report (A.1) be noted; and

 

(b)  having duly reviewed the Internal Audit Charter, the Charter be approved for the 2025/26 financial year.