The Audit and Governance Committee convened to discuss internal audit plans, risk management, and policies for fraud prevention and whistleblowing, and approved the recommendations that were put forward.

Internal Audit Plan Development

The committee discussed the proposed approach to developing the internal audit plan for 2026/27. Rachel Ashley-Caunt, Chief Internal Auditor, outlined the process, which includes consulting with the leadership team, reviewing risk registers and corporate plans, and mapping existing assurances. The aim is to create a risk-based plan that aligns with internal audit standards. Councillor David Brackenbury suggested growth, regeneration and regulatory services as potential areas for review. Councillor Brendon Lovell-Moore asked about plans to audit the shift of responsibilities for EHCPs and EOTAS from West Northamptonshire Council to North Northamptonshire Council. The committee agreed to note the proposed approach.

Internal Audit Progress

Rachel Ashley-Caunt presented the internal audit progress report, summarising six finalised audit reports. Key findings included:

• Mandatory Training: Compliance was at 60%, with managers needing better oversight of their teams.
• Absence Management: Absence levels appeared higher than expected, with anxiety, mental health and depression being the primary reasons. Data accuracy was a concern due to late recording of absences.
• Customer Services: Improvements were noted, but non-compliance in mandatory training and security incident reporting remained.
• Development Management: Site notices lacked proper recording, and extensions of time were not published online, raising transparency concerns.
• Service User Monies - Adults: Checks were in place, but audits were not always conducted regularly, and some agreements lacked signatures.
• Payroll (Shared Service): An audit by Cambridgeshire County Council found some areas for improvement related to recommendations from previous audits.

The report also noted that 25 actions had been implemented since the last progress report, but 46 were still overdue by more than three months.

Councillor Trevor Conway questioned the high average of 13.45 sick days per staff member and the certification process for absences related to anxiety, depression and stress. He also highlighted that 56% of sample testing showed a failure to undertake return to work discussions. Councillor Mark Pengelly raised concerns about site notices being put in the wrong places and a lack of consultation with statutory bodies. Councillor Steve Geary noted that the 13-14 days lost per year due to sickness was high and that the council needed to look at why this was the case.

The committee approved a recommendation to amend the internal audit plan, removing the audit of building control and reallocating the planned days to an audit on housing complaints.

Strategic Risk Register

Rachel Ashley-Caunt presented an update on the Strategic Risk Register, highlighting a new risk entry regarding the decommissioning of the public switched telephone network¹ and its potential impact on vulnerable service users. The health and safety risk entry was also reviewed following a change in the lead service area. Councillor Pengelly noted that some risks had remained on the register for three years and asked whether staffing issues were a contributing factor. The committee agreed to note the outcomes of the risk register.

External IT Audit

Claire Edwards, Executive Director of Finance and Performance, introduced an external auditor, Paul, from Grant Thornton, to present the findings of the external IT audit report for 2024/25. The audit reviewed IT systems that feed into the council's financial statements, including ERP Gold, Heycentric, and Capita Academy. The report identified two minor recommendations:

• User access revocation in Heycentric was not always timely.
• Password complexity settings in Care First, the adult social care system, did not align with council policy.

Councillor Conway asked why this was being done as an external audit and not an internal audit, and how much the external audit cost. The committee approved the recommendations.

Anti-Fraud and Corruption and Anti-Bribery Policies

Rachel Ashley-Caunt presented the anti-fraud and corruption policy and the anti-bribery policy for annual review and approval. The anti-fraud and corruption policy was updated to include an assessment against the new requirements of the Economic Crime and Corporate Transparency Act, which introduces a new offence for organisations of failure to prevent fraud. Councillor Brackenbury thanked Rachel Ashley-Caunt for bringing the policies before the committee and for explaining why she was doing so. The committee approved both the existing anti-bribery policy and the updated anti-fraud and corruption policy.

Whistleblowing Policy

Kamila Coulson-Patel, Director of Law & Governance and Monitoring Officer, presented the updated whistleblowing policy for review. The policy was updated to reflect organisational practices, modernise associated policies, provide examples of what is and is not likely to fall within a protected disclosure, and clarify the process to be followed when a protected disclosure is made. Councillor Brackenbury raised concerns about a paragraph stating that disciplinary action would be considered if an allegation was found to be unfounded, malicious, mischievous or vexatious, arguing that this could discourage genuine whistleblowers. Councillor Garner noted that the Act does actually state in section 43FA if the person makes the disclosure in good faith. Councillor Pengelly asked how the council benchmarked itself against other councils in terms of whistleblowing requests. Michael Whitworth suggested having a laminate of who to speak to in the event of a whistleblowing or safeguarding concern next to water coolers. The committee approved the recommendations, noting the review undertaken and updates to the policy, and were satisfied that the feedback to the policy prior to adoption would assist them for future assurances.