The Audit Committee is scheduled to meet to discuss the external auditor's report, the council's governance statement, internal audit progress, and risk management. The committee will also look at its work plan for the coming year.

External Audit Findings and Action Plans

The committee will be provided with the Audit Committee Report External Audit Dec 25 and is expected to discuss the Interim Value for Money Report, Year ended 31st March 2025 from Ernst & Young LLP (EY). The report identifies significant weaknesses in the council's arrangements for:

• Reliable and timely financial reporting
• Managing risks effectively and maintaining a sound system of internal control
• Procurement and contract management
• Effectiveness of the internal audit function
• Annual Governance Statement
• The capacity of the 'Golden Triangle' to respond to the scale and complexity of the challenges facing the Council
• Effectiveness of the Council's process for conducting internal investigations
• Social Housing

The report also includes a draft statutory recommendation regarding the effectiveness of internal investigations. The Audit Committee will consider and approve the council's responses and action plans to address these issues. The VFM Response Mobilisation Plan v4 Dec 25 sets out a plan to address the recommendations, with work organised into four workstreams: financial management and accountability, audit investigations and assurance, procurement and contract management, and Best Value Inspection, core services and capability. The committee will also note that the recommendations from the interim VFM report are included in the Continuous Improvement Plan (CIP).

Annual Governance Statement

The Audit Committee will review the Annual Governance Statement (AGS) for 2024/25, as detailed in the AGS Audit Committee Report 03Dec25 and Appendix A - Annual Governance Statement 2024-25. The AGS assesses the council's compliance with its Code of Corporate Governance and the CIPFA's Delivering Good Governance in Local Government Framework. The draft AGS reflects new guidance from CIPFA and feedback from external auditors. The report identifies areas for improvement, including managing risks and performance through robust internal control, implementing good practices in reporting and audit, and political behaviours and capacity building.

Internal Audit and Anti-Fraud Progress

The committee will receive an update on internal audit activity, as detailed in the Internal Audit and Anti-Fraud - Progress Report. The report includes progress against the 2025-26 Internal Audit Plan and details of significant findings and concerns from completed audits, including those that resulted in Limited or No Assurance audit opinions. These audits include:

• Capital Delivery Team Payment and Budgetary Control
• VAT Management
• Information Governance / GDPR Compliance¹
• Homeless Families Visiting, Inspections and Investigation

The report also covers the follow-up of management actions and the Internal Audit Strategy for 2025-28.

Risk Management

The Audit Committee will be presented with an update on risk management, including the Corporate Risk Register, a directorate deep dive, and the updated Risk Management Strategy, as detailed in the Covering Report - Risk Mgt Update Dec 2025. The summary Corporate Risk Register is attached at Appendix A - Quarterly Tracker - Corporate Risk Register inc P - 11.10.2025 and the detailed Corporate Risk Register is included at Appendix B Full Details Corporate Risk Register. The report also includes the Deep Dive of the Resources Directorate Risk Register (Appendix C - Resources Directorate Risk Register). The Council's Risk Management Strategy & Framework: 2025-30 is enclosed at Appendix E Risk Mgt Final Draft 2025-30 Risk Management Strategy Document. Appendix F - Risk Health Check Action Plan_Nov 2025 Update provides a status update of the actions agreed following the Risk Management Health Check that was carried out during 2024.

The report indicates that the total number of risks on the Corporate Risk Register has decreased to 14, with one risk being relegated, and one being withdrawn.

Risk management training has been available via the Council's Learning Hub since November 2024, and the Risk Officer has held one-to-one training sessions with staff to introduce them to the JCAD software².