The Derbyshire County Council Audit Committee met on 16 September 2025 to discuss corporate risk management, the strategic risk register, the effectiveness of internal controls, and the Derbyshire Pension Fund audit. The committee reviewed the strategic risk register, identifying risks needing further assurance, and noted the plan for Executive Director attendance at future meetings. The committee also reviewed and approved the updated Whistleblowing Policy.

Strategic Risk Management

The committee reviewed the council's strategic risk management approach, including the Strategic Risk Register 2025-26 Quarter 1 and the Corporate Risk Management - The Strategic Context report.

The Strategic Risk Register contains the most significant risks to the council that are subject to active monitoring and control. According to the report, twelve risks are currently over target, meaning that not all identified risk management controls are in place or working effectively. These risks include:

• The County Council not operating within the level of funding available
• Failure to manage contracts across the county council
• Failure to understand or respond adequately to new or changing legislation and regulation
• Safeguarding of adults at risk
• Inability to meet Placement sufficiency Duty
• Failure to adapt to climate change
• Failure to deliver critical services in emergency situations
• Failure to respond to emergency situations
• Maintenance of property assets
• Failure to maintain highways assets
• Failure to maintain countryside sites and waterways
• Information governance and data security

The committee identified risks on which it required further assurance or reassurance. The new interim Director of Digital, John Allen, will attend the next Audit Committee on 2 December 2025 to update on progress with information governance, the Digital risk register and risk management of digital risks.

The committee noted the programme for Executive Director attendance at Audit Committee to update the committee on progress with risk management in their departments:

• 2 December 2025 - Alison Noble, Interim Executive Director of Children's Services
• 27 January 2026 - Chris Henning, Executive Director of Place
• 17 March 2026 - Joe O'Sullivan, Executive Director of Corporate Services & Transformation; Simon Stevens, Executive Director of Adult Social Care & Health; and Ellie Houlston, Director of Public Health

The committee also considered other areas of risk where it would like a deeper understanding and assurance about risk management. The relevant officers will be invited to present at a later meeting.

Review of Internal Control System

The committee reviewed the Review of the Effectiveness of the System of Internal Control report. The report advised the Committee of the Accounts and Audit (England) Regulations 2015 and the requirement to review the system of internal control.

The Audit Committee is responsible for reviewing the Annual Governance Statement, reviewing, and approving other aspects of the Council's governance framework and for approving, monitoring and reviewing the outcome of audit activity throughout the Authority. It is, therefore, the appropriate committee of the County Council to consider the outcomes of this review of the effectiveness of the system of internal control.

The system of internal control helps to promote the economic, efficient and effective use of public money, safeguards the Council's assets and interests, and controls the way the Council accounts to, engages with and leads its community, formulates its priorities and objectives, and delivers services in a way that meets those objectives.

The committee considered the information provided in the report as evidence of the effective operation of the internal control system and noted that the Council is complying with the requirements of the Accounts and Audit Regulations 2015.

Derbyshire Pension Fund Audit Progress

The committee received a report from Daniel Watson, External Audit, presenting Mazars' Audit Strategy Memorandum for Derbyshire Pension Fund for the year ending 31 March 2025. The Derbyshire Pension Fund Audit Progress Report summarised the audit approach, including the significant audit risks and areas of key judgement that had been identified, and provided details of their audit team. As it was a fundamental requirement that an auditor was independent of an audited entity, the section of the report titled 'Confirmation of our independence' summarised the considerations and conclusions on their independence as auditors.

Mazars' audit procedures are now substantially complete. They are working with management to finalise the treatment misstatements identified and have a small number of procedures outstanding at the date of this report. Draft accounts were received from the Fund on 24 June 2025 and were of a good quality. The working papers to support the financial statements were provided in a timely manner and have assisted the audit to progress satisfactorily.

Whistleblowing Policy Update

The committee approved the updated Whistleblowing Policy.