The Audit and Standards Committee met to discuss the external audit plan, the code of conduct for members, the internal audit strategy, information governance, and civil contingencies. The committee approved the recommendation to note the information contained in the Code of Conduct for Members - Report on the Management of Complaints June 2024 - March 2025, and also approved the Proposed Internal Audit Strategy & Plan 2025/26, the Annual Information Governance Report April 2024 - March 2025, and the Annual Civil Contingencies Report April 2024 - March 2025.

Internal Audit Strategy and Plan 2025/26

The committee reviewed and approved the Proposed Internal Audit Strategy & Plan 2025/26. The plan aims to ensure resources are focused on key risks faced by the council, while maintaining flexibility to respond to emerging risks.

Debbie Harris, Chief Internal Auditor, explained that the plan had already been through a journey, starting with interviews with the wider leadership team and senior leadership team (SLT) between January and March. A draft plan was then shared with Lisa Andrews, Assistant Director – Internal Audit & Financial Services, for quality assurance, before going to Pete Shakespeare, Director of Finance and Resources and Section 151 Officer¹, and then SLT for formal endorsement.

The top risk reviews for 2025/26 include:

• Children’s Services - Ofsted Improvement Plan
• New Care System – Advice and support as part of the implementation phase of the new system and project management arrangements.
• Devolution & Local Government Reorganisation
• Adult Social Care – NHS Reforms: NHS Operational Plan
• Cyber Assurance – Cyber Security Effectiveness; the Council’s Cyber Strategy; and Cyber Security - SaaS Procurement and Monitoring (Supply Chain Security and Risk Management)
• Dedicated Schools Grant (DSG) – High Needs Block
• SEND – Enhanced Assess-Plan-Do Review Pathway; and Education, Health & Care Plans (EHCPs)
• Entrust Future Contract Arrangements – Audit time to support the review and changes to the contract.
• Digital Innovation – Digital Innovation Strategy; Artificial Intelligence and attendance at the digital programme board
• Skills & Employability – Connect to work project support and Governance and delivery (including verification of expenditure)

The plan allocates time for financial systems audits, including payroll, budgetary control, procure to pay, e-payments, VAT, and pensions administration. There will also be time set aside for the My Finance and My HR systems replacement.

The plan also includes governance-type audits supporting local government reorganisation, such as workforce sustainability and decision-making arrangements.

The school audits team will focus on governance arrangements, financial controls, procurement, payroll and income.

The plan also allocates time for proactive counter-fraud exercises, influenced by past occurrences of fraud.

In response to a question from Councillor Janice Silvester-Hall, Debbie Harris, Chief Internal Auditor, confirmed that emerging risks would be accommodated, with some audits potentially falling by the wayside. She also mentioned the use of a new audit management system, K10, to improve visibility and the potential for additional resources through corporate agency staffing contracts.

Councillor David Webster raised concerns about the capacity to manage major risks such as devolution and NHS reforms. Debbie Harris, Chief Internal Auditor, responded that the council has senior auditors with long-standing experience and can draw upon expertise from internal audit framework contracts.

Councillor Tom Loughbrough-Rudd asked about external reviews for South Staffordshire Council and Newcastle, and whether the process of doing those would end as part of Local Government Reserve Organisation. Debbie Harris, Chief Internal Auditor, responded that the council was still under contract to undertake their internal audit service and needed to continue to provide that.

Code of Conduct for Members

The committee reviewed the Code of Conduct for Members - Report on the Management of Complaints June 2024 - March 2025.

Simon Humble, Governance and Support Manager, reported that between June and December, one complaint was received, which was concluded to have no breach. From January to March, six complaints were received relating to five members. Two of those cases have been concluded with no breach of the code found. Some cases are still outstanding.

Several complaints related to communications between councillors and constituents, with some instances of lacking communication or communication not meeting constituent expectations.

Simon Humble, Governance and Support Manager, also mentioned a new process being developed to deal with customer complaints, with new protocols to strengthen existing procedures.

Councillor Tom Loughbrough-Rudd raised the government's talk of reforms to dealing with complaints to councillors, including suspension. Simon Humble, Governance and Support Manager, responded that a review was underway, prompted by the new Monitoring Officer, but there isn't a timeline yet.

Councillor Janice Silvester-Hall noted a theme of communications in the complaints and also noted a new quarantine system through Microsoft 365 that's causing emails to go into quarantine. She also suggested support for councillors, especially new ones, given the number standing down.

The committee approved the recommendation to note the information contained in the report and make any recommendation that they think fit to assist in respect to the management of member complaints.

Annual Information Governance Report

The committee reviewed the Annual Information Governance Report April 2024 - March 2025.

Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, highlighted an increase in subject access requests (SARs), especially in children's services, which has affected the response rate. She also noted a 12.5% increase in incidents, but the majority are level one incidents.

Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, reported that the council had successfully completed the Data Security and Protection Toolkit, giving continued access into the NHS patient data.

She also noted that the risk to information security continues to grow for all local authorities and especially their suppliers, so there is a lot of work that's been doing to strengthen some of the areas.

The council has been successful in renewing its public sector network connection and is about to go through its cyber essentials for the fifth year.

Training and awareness continues to be a key focus, and there have been no surveillance requests made during the reporting period.

Councillor Janice Silvester-Hall asked for more specificity about the increase in SARs in children's services. Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, clarified that it's in both social care and SEND. Councillor Janice Silvester-Hall also noted that there will continue to be an increase in the demands for those, but more so the timeframes and asked if there was something that needed to be put in place to make sure that they can acknowledge that the increase is going to be sustained. Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, responded that they've just put a new system in that will help the staff with redaction.

Councillor Tom Loughbrough-Rudd asked about the drop in the percentage of freedom of information requests completed. Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, responded that it was for a two-month period, but it's back on the levels now.

The committee approved the recommendation to review and accept the report.

Annual Civil Contingencies Report

The committee reviewed the Annual Civil Contingencies Report April 2024 - March 2025.

Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, highlighted changes underway, with the Civil Contingency Act under review. She noted that the Staffordshire local resilience forum has already implemented recommendations from inquiries.

A recent independent effectiveness and efficiency review demonstrated the value for money of the Civil Contingency Unit Secretariat, with Staffordshire operating at a best practice level.

During the reporting period, there has been a focus on developing a new business continuity framework.

Specific responses that the council has had to deal with this year include Wally's quarry.

Priorities for this year onwards include the multi-agency exercise that's taking place this year, working with the NHS on pandemic illness, and an exercise on evacuation and rescue from a tall building.

The council is also enhancing its radio communications approach.

Councillor Tom Loughbrough-Rudd asked how local government reorganisation is going to affect local authorities. Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, responded that they will work through it as they understand of which proposal they go for.

Councillor Tom Loughbrough-Rudd also suggested that internet capacity should be one of the resources in the forward plan. Tracey Thorley, Assistant Director for Corporate Operations & Data Protection Officer, responded that internet providers have no responsibility at the moment.

The committee approved the recommendation to consider this report and the assurances provided with it, accepting that the emergency planning arrangements are fit for purpose up to date, are routinely complied with, and have effectively communicated our monitors.

Forward Plan for the Audit and Standards Committee 2025/26

The committee reviewed the Forward Plan 202526 for the next civic year. Lisa Andrews, Assistant Director – Internal Audit & Financial Services, confirmed that the forward plan had been shared with external auditors. The plan will also pick up the regular reports that form part of the assurance arrangements contained within the annual governance statement.