Subscribe to updates
You'll receive weekly summaries about Croydon Council every week.
If you have any requests or comments please let us know at community@opencouncil.network. We can also provide custom updates on particular topics across councils.
Audit & Governance Committee - Thursday, 30th October, 2025 6.30 pm
October 30, 2025 View on council websiteSummary
The Audit & Governance Committee was scheduled to meet to discuss external audit progress, cyber security, information governance, and internal audit updates. The committee, including Independent Chair Dr Olu Olasode and Councillor Matt Griffiths, Vice-Chair, was also scheduled to review its work programme and action log. The meeting was to include updates on the 2024-25 annual accounts and a review of the Scrutiny & Overview Committee's annual report.
2024-25 Annual Accounts - External Audit Progress Update
The committee was scheduled to receive the second audit progress and sector update report for the year ending 31 March 2025, from the council's external auditors, Grant Thornton UK LLP. The report included a status update on the audit, noting several areas where work was behind schedule, including short-term debtors and creditors, long-term deferred capital creditors, capital grants receipts in advance, earmarked reserves, usable reserves, unusable reserves, and leases/IFRS161. The report also presented sector-specific updates, including Grant Thornton's report on financial instruments in local authority accounts, the local authority backstop and National Audit Office's Local Audit Reset and Recovery Implementation Guidance, structural changes such as multi-year allocations and pensions pooling, updates on local government financial stability, impacts of the spending review and Fair Funding review 2.0, public procurement, asylum seekers, and the new ten-year NHS plan Fit for the future.
Cyber Risk Deep Dive and Cyber Security
The committee was scheduled to discuss cyber risk, with a presentation updating members on progress against corporate risk register entry CDS0018. A presentation was planned to provide an evidence-based assessment of Croydon's current cybersecurity posture, as a direct response to the deep dive review and the committee's mandate to monitor risk management and internal control.
The presentation included a summary of the true current risk position, the cyber attack surface, immediate measurable progress, and a tactical improvement plan. It also included a detailed risk register, with information on cyber team resources, Windows 7 machines in the post room, incident management, people - identity and access, people - training and awareness, physical security, tech - external testing and fixes, tech - workstations, tech - servers (platforms), tech - networks, tech - data systems (products), and vendors and third parties.
Information Governance Improvement Plan
The committee was scheduled to receive an update on the Information Governance Improvement Plan, following a request from the committee for assurance. The presentation was to provide a summary highlighting the council's current position in terms of information governance compliance and practice, and how the improvement plan would seek to improve compliance and introduce a more robust council-wide approach.
The presentation covered the information governance framework, reasons for the improvement plan, a DPO statement, investment outcome to date, risks and mitigation, the service-led model, and the information team. It also included an action plan, with information on the information governance service, accountability and key roles, standards, compliance and policy, data governance, data breach management, records management, data protection and privacy by design, data quality, and information security.
Internal Audit Update Report
The committee was scheduled to discuss the work completed by Internal Audit during 2025/26 and the progress made by the council in resolving findings identified from audits. The report included a list of all audits completed so far in 2025/26, and lists of follow up audits completed and the percentage of priority one, and other audit findings implemented. The report also included a summary from finalised audits of key (priority 1) issues, and details of incomplete follow ups.
Scrutiny & Overview Committee Annual Report
The committee was scheduled to note the Annual Report from the Scrutiny & Overview Committee, which summarises the work of the committee and its four sub-committees: the Children & Young People Sub-Committee, the Health & Social Care Sub-Committee, the Homes Sub-Committee, and the Streets & Environment Sub-Committee, during the 2024 – 2025 municipal year.
The report included an introduction from the 2024-25 scrutiny chairs, and information on budget scrutiny, the library review, and the Croydon Community Safety Partnership Annual Review. It also included information on the Children & Young People Sub-Committee, the Health & Social Care Sub-Committee, the Homes Sub-Committee, and the Streets & Environment Sub-Committee. Finally, the report included a summary of past recommendations for the committee and all sub-committees, and a list of all recommendations.
Other Business
The agenda also included:
- Apologies for absence
- Disclosure of interests
- Approval of the minutes from the previous meeting
- Any urgent business
- The Audit and Governance Committee Action Log
- The Committee Work Programme & Committee Assurance Mapping Document
-
IFRS 16 is an international accounting standard concerning the accounting and reporting of leases. It requires lessees to recognise most leases on their balance sheets as assets and liabilities. ↩
Attendees
Topics
No topics have been identified for this meeting yet.
Meeting Documents
Agenda
Additional Documents