The Audit and Governance Committee of Surrey County Council met on 11 March 2026 to review the external audit plan for the Surrey Pension Fund, discuss the council's use of the Regulation of Investigatory Powers Act (RIPA), and consider the internal audit progress report and future strategy. Key decisions included approving the 2025-26 Surrey Pension Fund preliminary external audit plan and delegating decisions on audit fee variations. The committee also noted the council's compliance with RIPA and endorsed a new approach to redacting members' home addresses from public records.

External Audit Plan for Surrey Pension Fund

The committee received an update on the preliminary external audit plan for the 2025-26 Surrey Pension Fund Statement of Accounts. Hassan from EY presented the provisional audit plan, highlighting identified risk areas, materiality levels, and the audit scope and responsibilities. The plan aims for audit completion by the end of November. A specific fee for the triennial valuation was noted, which involves additional testing of membership data submitted to the actuary. The committee was assured that climate-related and sustainability risks are included in the pension fund's investment strategy statement. The committee approved the 2025-26 Surrey Pension Fund preliminary external audit plan and delegated decisions regarding audit fee variations to the directors of pensions, in consultation with the chairman of the Pension Fund Committee.

Use of the Regulation of Investigatory Powers Act (RIPA)

Amanda from the council's legal team presented a report on the council's use and compliance with the Regulation of Investigatory Powers Act (RIPA). The report detailed that RIPA was used for one authorisation in 2025, involving directed surveillance and the use of a covert intelligence source. An external inspection by the Investigatory Powers Commissioners Office (IPCO) found the council to be compliant, with suggestions for minor improvements to the RIPA policy, which have been acted upon. The committee noted the council's covert investigative tools and the safeguards in place to ensure their lawful and proportionate use.

Internal Audit Progress Report and Strategy

The committee reviewed the internal audit progress report for Quarter 3 of 2025-26, which indicated overwhelmingly positive opinions on audits completed, with a significant number of these relating to the schools audit program. David, Head of Internal Audit, highlighted that while most audits received reasonable assurance, two had partial assurance opinions. One of these, concerning the customer relations team in the pension fund, is showing positive progress during a follow-up review. The report also noted an increase in cybersecurity audits due to current risks.

The committee then considered the internal audit strategy and annual audit plan for 2026-27. The plan maintains the same number of audit days as the previous year, with a focus on cybersecurity and supporting the Local Government Reorganisation (LGR) process. The strategy outlines the approach to delivering assurance and producing the plan, with the appendix detailing specific planned activities. The committee was informed that Russ, the Chief Internal Auditor, is now a Surrey County Council employee, marking a step towards bringing the internal audit service in-house following the review of the Orbis arrangement. The plan is expected to be fluid due to the ongoing LGR process, with a focus on maintaining a robust control environment for Surrey County Council during its final year. The committee approved the internal audit strategy, the internal audit and corporate fraud plan, and the internal audit charter.

Risk Management Update

David presented an update on risk management, noting a review by internal audit that concluded with substantial assurance and no recommendations for improvement. He highlighted work on the District and Local Government Reorganisation (D and LGR) process, stating that risk management has responded effectively so far, with a shift towards increased collaboration and joint working with other councils. The report also mentioned ongoing review of key strategic risks with the Corporate Leadership Team (CLT) and noted the global implications of the escalation of conflict in the Middle East, which will be monitored for potential impacts on Surrey County Council. The committee noted the update on risk management.

Ethical Standards Annual Review

Asma presented the annual report on ethical standards for 2025-26, detailing activity related to the member code of conduct, including training for new members and seven by-elections. The report indicated 22 complaints were received regarding councillors, with one proceeding to a member code of conduct panel. The committee was asked to endorse a new approach to the automatic redaction of members' home addresses from public records, which was agreed. The report also confirmed no additional dispensations were granted, apart from a general one for local government reorganisation, and listed gifts, hospitality, and attendance at meetings. The committee noted the report and endorsed the new approach to the publication of members' home address details.