The Audit and Risk Management Committee of the City of London Corporation was scheduled to meet on 12 May 2025 to discuss a range of topics, including the appointment of sub-committees, external member appointments, risk management, internal audit updates, treasury management, and the Annual Governance Statement. The meeting also included time for members to ask questions relating to the work of the committee.

Appointment of Sub-Committees

The committee was expected to consider the appointment, composition and terms of reference of the Nominations and Effectiveness Sub-Committee for 2025/26. The report pack included the current terms of reference for the sub-committee, which is responsible for making recommendations on the appointment of external members, considering recruitment methods, proactively identifying potential members, promoting the role of the Audit and Risk Management Committee, and considering the skills and capabilities of the committee.

The committee was also scheduled to appoint one member to the Resource, Risk and Estates Committee of the Police Authority Board. The report pack included the current terms of reference and composition of the Resource, Risk and Estates Committee, which is responsible for monitoring the City of London Police’s use of resources, overseeing financial and human resource management, monitoring corporate risks, scrutinising internal audit reporting, and scrutinising police estates strategy requirements.

External Member Appointment

The committee was scheduled to discuss an update on the recruitment of an external member to the Audit Risk Management Committee. Following the close of advertisement, two candidates were interviewed, however, neither were successful, leaving a vacancy for an external member. The committee was asked to authorise the Town Clerk to finalise the job description and endorse a panel to conduct interviews for potential candidates. The Town Clerk was to be delegated authority, in consultation with the Chairman and Deputy Chairman(s), to recommend a candidate to the Court of Common Council in September 2025.

Risk Management Update

The committee was scheduled to receive a report providing an update on the corporate and top red departmental risk registers.

The report pack noted that since the previous update:

• The number of corporate risks remained at 14 with one score increased and three decreased.
• The number of departmental red risks decreased from 22 to 20, with two risks de-escalated¹.

The report pack also noted progress on member engagement and socialisation of the draft Risk Appetite Statement ahead of the May 2025 Court of Common Council.

The report pack stated that a report covering year one progress of the Risk Management Strategy 2024-2029 would be presented to the committee at its July 2025 meeting.

The report pack included a full risk register of all corporate risks. It noted that there were currently 14 corporate risks on the corporate risk register (4 red and 10 amber). It also noted that since the last report to the committee one risk had been increased in score with three decreasing.

The report pack stated that CR30 Climate Action had been renamed to CR30 Impact of Climate Change and had been reframed to focus on the wider impact of climate change rather than delivery of the Climate Action Strategy and associated programme. It also stated that the proposed target score had been increased from Amber 4 to Amber 12 reflecting the expectation that the impact of climate change will continue despite mitigation efforts.

The report pack noted that the highest scoring corporate risk was CR16 Information Security at Red 24 (Impact 8 Extreme x Likelihood 3 Possible). It also noted that actions to mitigate this risk were ongoing, with recent activity including cyber security training, the adoption of a minimum-security baseline and bringing security services in-house, giving greater control over, and visibility of, security controls.

The report pack included a summary of all CoLC corporate risks as of 23 April 2025:

Table 5: April 2025: List of Current Corporate Risks by Current Risk Score

The report pack also noted that there were currently 20 departmental red risks and that since the last report to the committee, two risks had been de-escalated to Amber.

Internal Audit Update

The committee was scheduled to receive a report providing an update on Internal Audit activity between 1 January 2025 and 31 March 2025. The report pack noted that 9 Internal Audit reviews had been completed to Final Report stage and work was in progress at various stages for a number of Audit reviews.

The report pack stated that Final Audit Reports had been issued in respect of 9 Audit Reviews since the last update, resulting in 1 Limited, 7 Moderate and 1 Substantial Assurance opinions.

The report pack noted that the purpose of the audit of Managing Conflicts of Interest (Procurement) was to provide assurance as to the effectiveness of arrangements in place for managing conflicts of interest within the procurement process with reference to the specific requirements within the Procurement Act 2023. It also noted that overall, limited assurance was provided in respect of the control framework within the scope of audit and recommendations were made to address relevant requirements within the Procurement Act 2023. Key findings included:

• The City’s Procurement Code and Conflict of Interest Policy have not yet been updated to align with the Procurement Act 2023.
• There is a need to embed a mechanism for ensuring that conflicts are monitored and updated as appropriate throughout the procurement lifecycle.
• Record retention arrangements are ineffective as declarations are stored individually without a central repository.

The report pack included the forward programme of Internal Audit work for 2025/26, the Internal Audit Plan.

Head of Internal Audit Annual Opinion

The committee was scheduled to receive a report summarising the Head of Internal Audit Annual Opinion, as detailed in the Head of Internal Audit’s Annual Report.

The report pack stated that based on the Internal Audit reviews completed between 1st April 2024 and 31st March 2025 and building on findings from work over the previous 2 years the Head of Internal Audit had formed the following overall opinion on the adequacy of the internal control environment, governance arrangements, and risk management for the City of London Corporation:

• Internal Control Environment: The internal control environment within the City of London Corporation has been assessed as generally effective.
• Governance Arrangements: The governance arrangements within the City of London Corporation are well documented and are considered generally sound, with a clear framework for decision-making and accountability.
• Risk Management: The risk management processes within the City of London Corporation have been assessed as adequate, with a structured approach to identifying, assessing, and mitigating risks.

Treasury Management Strategy Statement and Annual Investment Strategy

The committee was scheduled to receive a report setting out the Corporation’s Treasury Management Strategy Statement and Annual Investment Strategy (relating to Treasury Management) for 2025/26.

The report pack noted that the Treasury Management Strategy and Annual Investment Statement (relating to Treasury Management) for 2025/26 had been updated taking account of the latest information concerning the organisation’s capital plans and external factors, such as the prospects for interest rates.

The report pack stated that the document included various Treasury and Prudential Indicators required to be set for the City Fund to ensure that the Corporation’s capital investment plans are affordable, prudent and sustainable and to help the organisation identify and control the risks around its treasury management activity.

The report pack also stated that as had historically been the case, the report covered the treasury management activity carried out across the organisation, including City’s Estate and City Bridge Foundation.

The report pack highlighted the following key areas:

• Updates to Accounting Requirements impacting the 2025/26 Treasury Management Strategy
• Capital financing and borrowing
• Investments

Annual Governance Statement (City Fund) 2024-25

The committee was scheduled to consider and approve the Annual Governance Statement (AGS) 2024/25 (City Fund), which is published alongside the 2024/25 City Fund and Pension Fund Statement of Accounts.

The report pack stated that the AGS was required by The Accounts and Audit (England) Regulations 2015 which apply to the City of London’s City Fund activities. It also stated that specifically, as an audited body, the City Corporation must conduct a review each financial year of the effectiveness of its system of internal control and publish an AGS, alongside the authority’s Statement of Accounts.

The report pack noted that the Chartered Institute of Public Finance and Accountancy (CIPFA), in association with the Society of Local Authority Chief Executives and Senior Managers (SOLACE), publishes a Delivering Good Governance in Local Government: Framework and an accompanying guidance note, which represents the proper practice guidance in relation to this.

The report pack stated that the intended purpose of the AGS is to describe what steps the organisation has taken to evaluate the adequacy and effectiveness of its systems of governance and provide an overall conclusion thereon.

The report pack included the AGS, which listed actions identified to improve the effectiveness of City of London Corporation governance and the Chief Officer who has Lead responsibility for implementing these in the 2025-26 year.