The Audit and Performance Committee meeting on 24 February 2026 addressed the Council's Q3 performance and financial position, highlighting the ongoing impact of a significant cyber incident. Key discussions also focused on the Council's ethical standards, internal audit progress, and the draft internal audit plan for the upcoming year.

Q3 Performance Report

The committee received an update on the Council's performance at Quarter 3 (October-December 2025), noting that a significant cyber security incident on 24 November 2025 had impacted data availability. Recovery work was ongoing, and some performance data for Q3 was not yet available, with 7% of Key Performance Indicators (KPIs) reported as off-track. The committee commended the rapid response to the cyber attack and sought assurances on long-term changes to mitigate future risks. Discussions also covered the financial implications of various initiatives, including the Community Equality Strategy and the Selective Licensing Scheme, with concerns raised about the potential diversion of funds from vulnerable groups and the calculation of social value. The committee requested further details on the assumptions underpinning the Selective Licensing Scheme and landlord market trends. The operational and financial impacts of the cyber incident on services like housing repairs and complaints were also discussed, with plans in place to manage backlogs and ensure target timeframes are met. The committee was informed that choice-based lettings for families would be operational from 25 February 2026. Assurance was sought on the robustness of risk management and escalation processes, with the committee noting that the Council's approach is considered robust and has been highlighted as a best practice case study. The committee also questioned whether cyber security should be a higher risk on the register, given its significant impact. Engagement with the newly merged Integrated Care Board (ICB) was also discussed, with the Council actively involved in conversations regarding representation and commissioning.

Q3 Finance Monitor

The committee reviewed the Quarter 3 Finance Monitor, acknowledging that the cyber incident had significantly limited the ability to gather comprehensive financial data. A risk-based approach was adopted for reporting, with Q2 positions rolled forward where updated data was unavailable. The General Fund was forecasting a £4.6 million overspend, primarily due to increased demand and costs in Temporary Accommodation (TA) and Children's Services. Conversely, underspends were noted in Environment and Communities, largely due to increased income from parking and reduced waste disposal costs. Inflationary pressures were a significant concern, with budgeted inflation falling short of actual increases, particularly impacting contracts and the London Living Wage. The committee discussed the capital programme, noting a projected £53.9 million underspend due to project delays, including the Seymour Leisure Centre and Marylebone Library, and questioned the associated risks to regeneration priorities and future borrowing. The committee also sought clarity on the level of reserves required to manage current pressures and their impact on medium-term financial resilience, noting that the £4.6 million overspend would need to be drawn from reserves. The greatest financial risks for 2026/27 were identified as TA, social care demand, and the cost of care. A detailed discussion on inflation included the drivers behind variations, the use of forecasting models, and the impact on different service areas, particularly social care contracts. The committee also raised concerns about the write-off of irrecoverable debt, requesting further details on the Cabinet Member Report concerning this matter. The sales market for Ebury Phase 1 was discussed, with a revised sales profile due to slower sales, and the practice of employing agencies to sell Council properties was questioned.

Progress Report and Sector Update at February 2026

The committee received an update from Grant Thornton on the progress of the 2025/26 financial statements audit. The cyber incident had caused a delay in audit planning, but work was ongoing to establish a feasible timeline for completion. The committee was assured that additional work would be undertaken to understand the Council's response to the cyber incident and its impact on the audit. The report also highlighted sector updates, including the After the Backstop initiative aimed at addressing the backlog of local authority accounts, the Fair Funding Review impacting local government finance, and concerns regarding the rising costs and pressures within Special Educational Needs and Disabilities (SEND) services. The committee was also informed about business cases for net zero initiatives and the importance of linking them to economic growth and community wellbeing.

Ethical Standards Report

The committee reviewed the annual report on ethical standards, noting that no ethical governance complaints were identified in the past year. The report detailed the role of the Standards Committee, the appointment of Independent Persons, and updates to the Member/Officer Protocol to strengthen guidance on communication and confidentiality. The committee also received details on staff disciplinary cases, grievances, and whistleblowing complaints, with the overall number of disciplinary cases showing a slight decrease. The report indicated that the 17% of staff experiencing or witnessing inappropriate behaviour in the workplace remained unchanged, and the Council's Let's Voice it campaign aims to address this. The committee discussed the importance of robust procurement processes, the updated Procurement Code, and the implications of the Procurement Act 2023, emphasizing transparency and fair competition. The Council's Modern Slavery Statement was noted, highlighting its Leading rating in self-assessment and a forward-looking action plan.

Internal Audit Progress Report

The committee received an update on the progress of internal audits, noting that five audits had been finalised since the last report, with four receiving satisfactory assurance and one, Odhams Walk TMO, receiving limited assurance due to financial and governance concerns. The committee expressed thanks to Moira Mackie, Head of Internal Audit, and Andy Hyatt, Shared Services Head of Fraud, who are retiring. The committee queried the need for a specific report on the Pension Fund's investment strategy, noting that while audits have covered specific investments and administration, they have focused on processes rather than financial numbers. The committee resolved to note the progress of internal audits and commented on the results of the work carried out.

Internal Audit Plan 2026/27

The committee reviewed the draft Internal Audit Plan for 2026/27, noting it is an early draft focusing on the first quarter's activities. Concerns were raised about whether the plan adequately covers the Council's highest financial and operational risks, with assurances that the plan balances cyclical coverage of key risks with responsiveness to emerging issues. The committee discussed the role of Internal Audit in auditing risks associated with the decline in government funding and the importance of maintaining the quality of statutory services amidst competing priorities. The committee sought assurance on the sufficiency of resources and specialist capabilities within the Internal Audit team, noting that resource gaps are being addressed. The team's dual role as a check and balance and a management tool was acknowledged, with confirmation of their engagement in the cyber incident recovery work. The committee discussed procurement and contract management, particularly concerning Small and Medium-sized Enterprises (SMEs), and the importance of financially robust contract awards.

The meeting concluded with the committee reviewing and commenting on the draft audit plans.