The Governance, Risk and Audit Committee of North Norfolk District Council met on 9 September 2025 to consider a range of topics, including the council's annual governance statement, financial statements, and cyber risk management policy. The committee was also scheduled to review the corporate risk register and procurement exemptions register. The meeting was also set to include updates on outstanding audit recommendations and the committee's work programme.

Annual Governance Statement 2024/25 and Local Code of Corporate Governance

The committee was scheduled to consider the council's Annual Governance Statement for 2024/25 and Local Code of Corporate Governance.

The Annual Governance Statement presented the council's vision as centred around putting North Norfolk and its communities first, with the environment and communities at the heart of everything it does. It stated that good governance remained essential to the council's ability to deliver its vision and achieve its aims set out in its Corporate Plan 2023-2027. The statement covered governance arrangements and systems in place to ensure continuous improvement and compliance with good governance principles embedded within the Local Code of Corporate Governance.

The report noted that the council had been through a challenging year with increasing demand for services and increasing pressure on budgets. However, it reported that there had not been any significant governance issues identified during the annual review and that governance arrangements remained fit for purpose. Areas of improvement identified included reviewing and updating governance arrangements within planning as part of the implementation of the Planning Improvement Plan, and continuing to review partnership and contract management arrangements.

The Local Code of Corporate Governance outlined how good governance supports the council through enabling the council to achieve its objectives in an open and accountable way, ensuring decisions are sound and lawful, taking into account local people's needs and priorities, and giving the public confidence in the work it does.

Draft Financial Statements 2024 - 2025

The committee was scheduled to consider the draft Financial Statements for 2024/2025.

The Statement of Accounts set out the council's income and expenditure for the year, and its financial position at 31 March 2025. It included the Expenditure and Funding Analysis, Comprehensive Income and Expenditure Statement, Movement in Reserves Statement, Balance Sheet, Cash Flow Statement and Collection Fund.

The Narrative Report provided information about the council, its main objectives and strategies, and the principal risks it faces. It also provided a commentary on how the council has used its resources to the desired outcomes.

The report noted that there was still considerable uncertainty around future years' funding forecasts and that this position would not improve until the outcome from the Fair Funding Review and the review of the Local Retention of Business Rates were concluded.

Monitoring Officer's Annual Report 2024 - 2025

The committee was scheduled to review and note the Monitoring Officer's Report.

The Monitoring Officer's Annual Report summarised the more important matters arising from the Monitoring Officer's work for the council from 1 April 2024 to 31 March 2025 and commented on other current issues.

The report outlined the Monitoring Officer's duties, including maintaining a lawful position for the council, reporting findings of maladministration, maintaining the register of members' interests, investigating misconduct, providing advice to town and parish councils, and promoting high standards of conduct.

The report noted that there were no reported unlawful decisions, maladministration, or serious data breaches during 2024/25, and no reports were required under Section 5(2) of the Local Government and Housing Act 1989. It also noted that a review of the Constitution progressed during 2024/25, including updates required by the new Procurement Act¹.

Cyber Risk Management Policy

The committee was asked to review and approve the Cyber Risk Management Policy.

The Cyber Risk Management Policy outlined the framework for identifying, assessing, and mitigating cyber risks to ensure the security and resilience of North Norfolk District Council against evolving cyber threats. It defined responsibilities for cyber risk management, ensured compliance with legal and regulatory requirements and supported the goal of maintaining public trust and operational resilience.

The policy applied to all employees, elected members, contractors, and third-party vendors who access IT infrastructure, data, or digital assets owned or managed by North Norfolk District Council. It encompassed all forms of cyber risk, including but not limited to ransomware, phishing, denial-of-service attacks, insider threats, and data breaches.

Corporate Risk Register

The committee was scheduled to receive and comment on the Corporate Risk Register. The registers for May and August 2025 were attached.

The Corporate Risk Register detailed the significant risks the council faces, including financial risks.

The highest risks were all ones where, among other factors, having sufficient funding in place was critical to reducing the level of risk. These included delivery of Net Zero targets, and the delivery of the Domestic Food Waste Collection.

The Corporate Leadership Team proposed the inclusion of CR043 - Introduction of Domestic Food Waste Collection. The introduction of mandatory weekly food waste collections, as required under the amended Environment Act 2021 and aligned with the Simpler Recycling reforms, presented a corporate risk to North Norfolk District Council.

The Corporate Leadership Team proposed the inclusion CR044 - Cyber risk. This reflected the increasing threats posed by cyber-attacks, data breaches, and system outages across the local government sector.

Procurement Exemptions Register

The committee was scheduled to receive the Procurement Exemptions Register for the period 21 May to 26 August 2025.

No exemptions were granted during this period.

Governance, Risk and Audit Committee Work Programme

The committee was scheduled to review the Governance, Risk & Audit Committee Work Programme.

The work programme listed the topics to be discussed at future meetings of the committee.