The Audit and Risk Committee of Islington Council is scheduled to convene on Monday 15 June 2026. The meeting's agenda includes a review of the council's external and internal audit plans, an assessment of principal risks facing the borough, and an update on cyber defence assurance.

External Audit Plan and Strategy

The committee is expected to consider the external auditor's plans for the 2025/26 financial year for both Islington Council and the Islington Pension Fund. KPMG, the external auditor, will present their planned audit approach and scope. The report indicates that the materiality threshold for the council's financial statements has been set at £30 million, with any accounting error or misjudgement exceeding £1.5 million to be reported to the committee. For the Pension Fund, the materiality threshold is £20.4 million, with misstatements over £1.02 million to be reported. The estimated statutory external audit fees are £552,000 for the council and £99,507 for the Pension Fund. The audit fieldwork is scheduled to commence in July 2026, with the audit report expected by 31 January 2027.

Internal Audit Annual Report

The committee is expected to receive the Internal Audit Annual Report for 2025/26. This report outlines the work undertaken by Internal Audit in delivering the 2025/26 audit plan, providing assurance on the council's governance, risk management, and internal control framework. The Chief Audit Executive's conclusion for 2025/26 is Moderate Assurance, indicating that the overall arrangements are adequate but require some improvement. The report details the outcomes of completed reviews, including audits on Landlord duty of care: fire safety (Limited assurance) and Cyber and data security (Moderate assurance). It also summarises high-priority recommendations from audits with limited or no assurance ratings.

Principal Risk Report

The Principal Risk Report for June 2026 is to be presented, detailing the key risks facing Islington Council. This report is aligned with the council's revised Risk Management Strategy, which focuses on 11 principal risks that could prevent the council from achieving its corporate objectives. These risks include Failure to meet corporate and landlord Health & Safety requirements, Capital (incl. New Build) Programme delivery, and Financial Stability and Resilience. The report includes a risk map, links between risks and strategic objectives, and detailed action plans for each risk. The Impact of Climate and Extreme Weather risk is currently rated with a high likelihood and impact, with a target to reduce both.

Cyber Defence Assurance Annual Report

An update on the council's cyber defences is to be provided through the Cyber Defence Assurance Annual Report. This report aims to assure the committee that adequate protections are in place to safeguard the council's IT environment and data. It highlights that phishing attempts remain a significant threat, alongside sophisticated technical attacks. The council has not reported any cyber events to the Information Commissioner's Office (ICO) in the last financial year. The report notes Islington's leading position in cybersecurity among London authorities and mentions the council's early adoption of the Cyber Assessment Framework (CAF), which secured £100,000 in funding. The report's appendix, detailing specific cyber defence measures, is exempt from publication due to its sensitive nature.

Review and Update of RIPA Policy

The committee is asked to consider an updated RIPA Policy Document and Procedural Notes. The Regulation of Investigatory Powers Act 2000 (RIPA) governs the use of directed surveillance and covert human intelligence sources by public authorities, while the Investigatory Powers Act 2016 (IPA) covers access to communications data. The council's policy was last updated in October 2022. The report notes that the Investigatory Powers Commissioner's Office (IPCO) previously expressed satisfaction with the council's compliance and recommended ongoing governance, policy refreshes, and training. The next IPCO inspection is due in 2026. The policy review supports the council's efforts to combat fraudulent activity and safeguard its assets. The appendices containing the updated policy and procedural notes are exempt from publication.

Membership, Terms of Reference and Dates of Meetings

The committee will also consider the membership, terms of reference, and dates of meetings for the Audit and Risk Committee for the municipal year 2026-27. This includes noting the committee's membership, which comprises Labour and Green councillors, along with a co-opted non-voting member, Pardeep Bhatti. The scheduled meeting dates for the upcoming year are also listed.