The Governance and Assurance Committee for Redbridge Council was scheduled to meet on 4 November 2025. On the agenda was the annual audit results, an update on information governance, and a review of the strategic risk register. The committee was also expected to review a draft self-assessment and annual report, and receive an update on internal audit and counter fraud activities.

Internal Audit and Counter Fraud Update

The committee was scheduled to receive an update on internal audit and counter fraud activity since the last meeting on 7 July 2025. The update included the outcomes of completed internal audit work, particularly where there was limited or no assurance over governance, risk management, or control arrangements.

The committee was also scheduled to review progress made by management in implementing recommendations to address previously identified significant governance, risk management, or internal control issues.

According to the report pack:

The Governance and Assurance Committee's overarching role regarding Internal Audit and Counter Fraud is to review the operation, resources, and performance of Internal Audit and to review the delivery of the Counter Fraud Strategy.

The report pack included a summary of counter fraud activity and outcomes. According to the report, there were 194 cases opened in the year to date, and 206 cases closed. The total value of outcomes was £1,076,547, including £49,000 in cash outcomes and the remainder in notional positive outcomes.

The report also noted completion rates of online fraud awareness training materials:

• Anti-Bribery: 62%
• Fraud Prevention: 59%
• Whistle Blowing: 62%

Appendix 2 of the report pack contained a Red Risk Recs Update as at 3 October.

Appendix 1 contained an Internal Audit Plan Update 2025-26 Q2.

Strategic Risk Register

The committee was scheduled to discuss the 2025/26 Strategic Risk Register Quarter 2.

According to the report pack:

The Council's Strategic Risk Register contains risks, which should they occur, will influence the achievement of the corporate priorities.

The register is regularly monitored and reviewed, and contains details of the inherent, residual, and target risk scores, including mitigation controls.

According to the report pack, there were 14 risks displayed on the register.

The report pack noted that one risk had been de-escalated from the strategic risk register:

CORP0009, 'Non-Compliance with relevant Health & Safety legislation'. This risk has been deemed an operational challenge to be monitored by the H&S Board rather than a major strategic concern for the Council.

The report pack also provided updates on several risks, including:

• CORP0004: Failure of Council Safeguarding arrangements results in harm to vulnerable children.
• CORP0034: Redbridge Council does not become a carbon neutral organisation by 2030 or net zero organisation by 2050.
• CORP0036: Ineffective recruitment and retention of staff.
• CORP0035: Ineffective contract management, procurement and commissioning arrangements.

Appendix A - Strategic Risk Register - Q2 2025-2026 provided a detailed breakdown of the risks, their causes, and assigned owners. Appendix B - Scoring template - Impact and Likelihood Measures described how the council scores risks based on their potential impact and likelihood.

Annual Audit Results Report 2023/24

The committee was scheduled to receive an update on the action plan related to the Annual Audit Results Report 2023/24. The original report, which the committee received at its meeting on 20 February 2025, highlighted a number of issues with the preparation of the draft Statement of Accounts for that year, and the ensuing audit process.

The update included progress against each external audit recommendation and the immediate work undertaken for the closure of 2024/25, as well as longer-term improvements that will aid future closures and external audit work.

According to the report pack, the statutory deadline for publication of the draft 2024/25 Statement of Accounts was 30 June 2025, but this date was not achieved. The draft was eventually issued on 22 August 2025. Reasons for the delay included:

• Staff Turnover and Capacity Constraints
• Delays in Information and Responses
• Valuation Timelines
• Manual and Inefficient Processes

Annual Audit Results Report 2023-24 - Action Plan - Appendix 1 contained an EY Action Plan, which detailed weaknesses identified in systems and processes, recommendations, and management responses.

Information Governance Mid-Year Update

The committee was scheduled to receive the Information Governance Mid-Year Update Quarter 2 from the Senior Information Risk Owner (SIRO), who is the Executive Director of Resources. The report provided an update on the work the council has been undertaking with respect to Information Governance.

According to the report pack, the council has been continuing to build robust information governance structures and processes to safeguard residents' personal data and to improve Redbridge compliance with Data Protection legislation by implementing the requirements of the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

The report included data on vendor risk assessments, data protection impact assessments, freedom of information requests, subject access requests, and data breaches.

According to the report, 74% of council systems have undergone a Data Protection Impact Assessment (DPIA).

The report also included performance data on Freedom of Information (FOI) requests:

The report also included performance data on Subject Access Requests (SAR):

The report noted that the three main causes of data breaches were:

• Unauthorised or Accidental Disclosure (38%)
• Phishing emails (including simulations) (29%)
• Suspicious emails (22%)

The report also included data on data protection awareness training:

Governance and Assurance Committee Self-Assessment and Annual Report

The committee was scheduled to review the draft Governance and Assurance Committee Self-Assessment and Annual Report for 2024/25.

The report pack stated that it is good practice for committees such as the Governance and Assurance Committee to report to Full Council on:

• Whether it has fulfilled its agreed terms of reference and assessed its own effectiveness and the conclusions and actions from that review.
• What impact the committee has on the improvement of governance, risk and control arrangements within the authority.

The report referenced two CIPFA publications: Audit Committees: Practical Guidance for Local Authorities and Police (2022 edition) and "CIPFA's Position Statement: Audit Committees in Local Authorities and Police (2022).

The report pack included a self-assessment against good practice requirements, as well as a draft action plan for 2025/26. The draft action plan included submitting an annual report to Full Council and considering the wording of the committee's Terms of Reference.

The report pack also included an appendix outlining the committee's terms of reference and a summary of core areas of knowledge for committee members.