The Audit and Performance Committee meeting on 24 February 2026 addressed the Council's financial and performance position for the third quarter of the 2025/26 financial year, with a particular focus on the impact of a significant cyber incident. The committee also reviewed the progress of internal audits and discussed the draft internal audit plan for the upcoming year, alongside ethical standards and the Council's risk management framework.

Q3 Performance Report

The committee received an update on the Council's performance at the end of Quarter 3 (Q3) of the 2025/26 financial year. A significant cyber security incident, detected on 24 November 2025, impacted the availability of some performance data for Q3. Despite this, 71% of Key Performance Indicators (KPIs) were on track to meet their year-end targets, with 19% at risk and 7% off-track. Areas of achievement highlighted included positive provisional GCSE results for disadvantaged pupils and those with Special Educational Needs (SEN), and the successful launch of the Community Equality Strategy. However, pressures were noted in areas such as high-cost placements for children in care and the ongoing demand for Temporary Accommodation (TA). The committee was also informed about the ongoing recovery from the cyber incident, with over 90% of digital systems back online.

Q3 Finance Monitor

The Q3 financial monitoring report revealed a projected overspend of £4.634 million on the General Fund, primarily driven by increased demand and costs associated with Temporary Accommodation and Children's Social Care placements. The Housing Revenue Account (HRA) also forecast an overspend of £2.1 million. These overspends were partially offset by underspends in Environment and Communities, largely due to increased income from parking and reduced waste disposal costs. The report detailed significant inflationary pressures, particularly on contracts, exceeding budgeted amounts. The cyber incident severely impacted the Council's ability to conduct detailed financial monitoring, leading to a risk-based approach for Q3 reporting, with a roll-forward of Q2 figures in many areas. The capital programme showed a projected underspend of £53.918 million for the General Fund, largely due to project delays, including those related to the Seymour Leisure Centre and Marylebone Library, and the reprofiling of budgets for Temporary Accommodation acquisitions.

Progress Report and Sector Update

Grant Thornton, the Council's external auditor, provided an update on their progress. They reported that work on the financial statements for previous years was complete. For the 2025/26 financial year, audit planning was delayed due to the cyber incident, but an audit plan was expected by the end of March 2026. The fieldwork for the 2025/26 audit was scheduled to commence in late June 2026, with the Auditor's Report anticipated by the end of November 2026. Sector updates highlighted the ongoing challenges in local audit following the backstop legislation, the importance of the proposed Local Audit Office, and the implications of the Fair Funding Review for local government finance. Concerns were also raised regarding the escalating costs and pressures within Special Educational Needs and Disabilities (SEND) services nationally.

Ethical Standards Report

The annual report on ethical standards detailed the arrangements in place to maintain high ethical standards across the Council. The Standards Committee had met twice, with three independent persons providing impartial advice on councillor misconduct complaints. The Member/Officer Protocol had been updated to strengthen guidance on response times, communication, and the role of Ward Councillors. Over the reporting period, four formal complaints were received against Councillors, none of which were escalated to a formal hearing as no breach of the Code of Conduct was found. The report also provided data on staff disciplinary, grievance, and whistleblowing cases, indicating that the number of disciplinary cases had slightly decreased compared to the previous year and that there was no evidence of systemic weaknesses or widespread unethical conduct. The Council maintained its 'Leading' rating in the Home Office-backed self-assessment scorecard for tackling modern slavery in its supply chains.

Internal Audit Progress Report

The Internal Audit Progress Report covered the period from April 2025 to January 2026. Five audits had been finalised, with four receiving satisfactory assurance and one, Odhams Walk TMO, receiving limited assurance due to identified weaknesses in financial and governance arrangements. Three further audits were in draft, awaiting management responses. Good progress was noted in the implementation of audit recommendations, with 99% of recommendations fully or partially implemented. The report also detailed audits in progress and those scheduled for the upcoming quarter, noting potential delays due to the cyber incident.

Internal Audit Plan 2026/27

The committee reviewed the draft Internal Audit Plan for 2026/27. This plan is developed using a '3 plus 9' approach, with the first three months planned in detail and the remaining nine months remaining flexible to adapt to emerging risks. The plan identifies key risk areas across the Council, including financial sustainability, safeguarding, climate change, and IT security, and outlines potential audits for the upcoming year. The committee was asked to comment on the proposed audit work and identify any specific audits for consideration. The Strategic Audit Plan for 2025-2028 was also presented, outlining persistent risks and themes to be covered over a three-year period.

Attendees:

• Councillor Paul Fisher
• Councillor Regan Hook (Deputy Cabinet Member - Public Protection and Animal Welfare Champion)
• Mark Maidment - Independent Person
• Councillor Patricia McAllister (Deputy Cabinet Member - Public and Mental Health)
• Councillor Ian Rowley
• Councillor Aziz Toki (Chair of Licensing)

Documents:

• Agenda frontsheet 24th-Feb-2026 18.30 Audit and Performance Committee
• Minutes - APC - 24 November 2025
• APC Work Programme - Appendix 1 - 2026-27 Work Programme
• APC Work Programme - Appendix 2 - TOR
• APC Work Programme - Appendix 3 - Action Tracker
• Public reports pack 24th-Feb-2026 18.30 Audit and Performance Committee
• Q3 Performance Report
• Q3 Financial Monitor 2025-26
• WCC Audit and Performance Committee progress and sector update Feb 2026
• Ethical Governance Report
• WCC AP - IA Progress Report - February 2026
• WCC - Internal Audit Plan 2026-27 - AP February 2026
• Appendix 1 - Draft Internal Audit Plan 2026-27 as at February 2026
• Appendix 2 - IA Strategic Plan 2025-2028
• APC Work Programme Report - 24 February 2026