The Audit, Governance and Standards Committee met on Monday to discuss cyber security, internal and external audits, and the establishment of sub-committees. The committee was also scheduled to have a governance conversation with Darren Summers, Strategic Director of Integrated Health and Care. Finally, the committee was expected to review and agree on a work programme for 2025-26.

Governance Conversation: Strategic Director of Integrated Health and Care

The committee was scheduled to hear from Darren Summers, Strategic Director of Integrated Health and Care, about the role of his directorate, key delivery outcomes, budget performance, key risks, and governance challenges.

The Integrated Health and Care Directorate includes joint commissioning for the council and health, contract management, ICT systems support, partnership delivery and sustainability, ICB safeguarding, and ICB planning performance and business support teams. For 2025-26, the directorate is responsible for delivering council delivery plan outcomes and key performance indicators (KPIs) are in development to evidence impact. The directorate manages a pooled budget between Southwark Council and the ICB for integrated community-based health and care services, with a total allocation of £57.6m for 2025-26. Key risks include government cost reduction requirements for the ICB and financial pressures faced by both adults' social care and health.

Cyber Security and Third-Party Supply Chain Management Update

The committee was scheduled to discuss actions taken in response to a BDO Audit, and to note the appointment of a new Head of Cyber Security.

A report was prepared that provided an update on work done to address findings identified in the BDO Cyber Security Audit from August 2024. Progress includes:

• Drafted a 2025-2027 Cyber Security Strategy
• Completed the Criminal Justice Secure Mail (CJSM) 349-question security questionnaire
• Addressed BDO Audit findings, with cyber awareness training pending
• Maintained compliance with Payment Process Audit (PCI DSS)
• Drafted and shared security policies
• Selected Risk Ledger application to manage third-party due diligence
• Scheduled a Pen Test for mid-June for PSN Code of Connection (CoCo) compliance
• Conducted a Tabletop Incident Response Workshop on 3 April 2025

The report also noted that the council is using the central government Cyber Security Framework and has adopted the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF).

The report included updates on the status of BDO recommendations, including:

• Completed a review and update of admin accounts
• Deployed anti-virus software for all council laptops
• Ongoing progress on cyber-security e-learning through Learning Pool, with completion required by the end of July 2025
• Implemented regular phishing exercises, to be deployed after user awareness training in August 2025
• Completed a Cyber Incident Response (IR) plan after a workshop in April 2025
• In progress: strengthening cybersecurity governance framework with a draft Cyber Security Strategy and ISO/IEC 27001-aligned policy framework
• Completed an Admin Account Policy with Privileged Access Management Policy and Password Policy approved and published

A BDO Third Party Supply Chain Audit was started on 4 March and a report was received 12 May 2025.

Internal Audit Progress Report June 2025 and Draft Annual Report and Statement of Assurance

The committee was scheduled to note update reports and the draft annual report and statement of assurance for 2024-25.

The report included progress against the 2024-25 internal audit plans and details the work undertaken by internal audit for the council. The report also summarised the effectiveness of controls in place for the full year.

The report included the internal audit progress report, a supplementary report on follow-up status details, the internal audit schools annual summary report, and the internal audit annual report and annual statement of assurance (draft).

The internal audit progress report included summaries of reports finalised since the last meeting, including:

• Budget Monitoring & Reporting
• Council Tax
• Deputyships and Appointeeships
• Enforcement
• Housing Rents
• Mayor’s Office and Expenses
• Service Charges - Leaseholders
• IT – Shared Technology Service (STS) Financial Management
• Substance Misuse
• Supported Families Grant Claim – Quarter Four
• Suspense Accounts Management
• TMO – Gloucester Grove
• Traded Services

The internal audit schools annual summary report for 2024-25 summarised the outcomes of the school audit programme, highlighting common themes and comparing them to previous reports.

External Audit Plan & Strategy for Southwark Council 2024-25

The committee was scheduled to note the external audit plan for 2024-25 for both Southwark Council and the Southwark Pension Fund.

The purpose of the report was to provide an overview of the risk assessment and planned audit approach for the statutory audit of the council and the pension fund for those charged with governance.

The audit plan for Southwark Council identified the following significant audit risks:

• Valuation of council dwellings
• Management override of controls
• Valuation of post retirement benefit obligations

The audit plan also identified the following higher assessed audit risks:

• Valuation of investment properties
• Adoption of IFRS 16¹

The audit plan for the Southwark Pension Fund identified the following significant risks:

• Management override of controls
• An inappropriate amount is estimated for the value of directly held investment property

The audit plan also identified the following other audit risks:

• Level 1, level 2 and level 3 investments are not complete, do not exist or are not accurately recorded
• Valuation of Level 1, 2 and other Level 3 investments is misstated

Corporate Anti-Fraud Team and Special Investigations Team Year End Report 2024-25

The committee was scheduled to note the Corporate Anti-Fraud Team (CAFT) and the Special Investigations Team (SIT) Year End Report 2024-25.

The report summarised the work of the CAFT and SIT from 1 April 2024 to 31 March 2025 to prevent, detect, and respond to fraud, bribery, and corruption.

During the reporting period, the majority of referrals involved isolated incidents, typically relating to staff conduct, email scams and council tax support.

CAFT investigations included corporate anti-fraud, homelessness and housing waiting lists, Right to Buy (RTB), and blue badge fraud.

SIT activities included housing tenancy counter fraud activity, reactive referrals, verification caseload, and outcomes.

The report also included transparency data and information on the National Fraud Initiative (NFI).

Establishment of Membership of Audit, Governance and Standards Sub-Committees for 2025-26

The committee was scheduled to appoint members and chairs to the audit, governance and standards (standards) sub-committee and the audit, governance and standards (civic awards) sub-committee.

The standards sub-committee considers complaints of misconduct against elected councillors and co-opted members. The civic awards sub-committee considers civic awards.

Member Development Framework

The committee was scheduled to note the intended approach to developing a new Member Development Program to achieve Local Government Association (LGA) Councillor Development Charter Status and the creation of a Member Development Steering Group.

A report was prepared that proposed the development of a comprehensive, multi-year Member Development Programme, which will include a refreshed approach to member induction and will focus on continuous development throughout the electoral cycle.

The report noted that a Training Needs Analysis (TNA) was shared with all members to gather detailed feedback on development priorities. The top three requested topics for learning modules were:

• Handling Difficult Conversations
• Influencing Skills
• Working With Officers

The report also outlined a draft of the proposed Member Development Programme and a draft cabinet induction programme.

A Member Development Strategy was created to provide a clear framework to support the development of this work.

A cross-party Member Development Steering Group was established to ensure broad representation and ownership of the programme.

In Year Review of Work Programme 2025-26: June 2025

The committee was scheduled to note and agree the proposed work programme for 2025-26 and to note the change of committee date from Monday 2 February 2026 to Tuesday 3 February 2026.

The report included the proposed work programme for 2025-26, grouped in line with the committee's functions, and the committee's terms of reference.