The Audit and Governance Committee of West Northamptonshire Council was scheduled to review the external quality assessment of the internal audit service, consider the proposed internal audit plan for the upcoming year, and examine the strategic risk register. The committee was also set to receive an update on the Regulation of Investigatory Powers Act 2000 (RIPA) and review its work programme.

Internal Audit – External Quality Assessment

The committee was scheduled to be informed of the results of the recent external quality assessment (EQA) of the internal audit service. This assessment, undertaken in January/February 2026, concluded that the internal audit service generally conforms with the Global Internal Audit Standards (GIAS). An action plan is to be developed to address the recommendations made in the report and to move towards full conformance with GIAS. The report highlighted that the internal audit service is managed by Adrian Ward, Head of Audit and Risk Management, supported by Scott Peasland, Internal Audit Manager, and a team of five internal audit staff, complemented by staff in Governance and Risk, and specialists in Counter Fraud. The EQA report noted that while many aspects of the service compare favourably within the sector, greater alignment is required regarding the recognition of each client's risk appetite and the reflection of inherent and residual risk in internal audit planning.

Internal Audit Plan 2026/27

The committee was asked to consider and approve the proposed internal audit plan for 2026/27. This plan has been developed using a risk-based approach, following the principles set out in Global Internal Audit Standards (GIAS). The areas included in the plan are derived from the audit universe, taking into account factors such as gross financial impact, inherent risk, cumulative audit knowledge, other inspection or assurance work, and consultation with senior management. Auditable areas not included in the 2026/27 plan will be reassessed in future planning processes. The plan outlines the allocation of audit days across various directorates and audit details, with work for quarters 3 and 4 shown as indicative, subject to a mid-year review to ensure relevance in light of emerging risks. The total available audit days, including in-house and externally provided work, are detailed, with the plan based on the full staffing establishment of the in-house team.

Internal Audit Progress

This report was scheduled to provide an update on the work delivered by the Audit & Risk Management Service and progress against the 2025-26 internal audit plan up to 28 February 2026. It was noted that the audit plan had been adjusted following the removal of several planned audits. The report was expected to detail the progress of various audits, including those for Harpole Primary School, the Capital Scheme for a New Mortuary Facility, the Veolia Environmental Services Contract (Northampton), and Income Processing / Accounts Receivable. Assurance opinions and organisational impacts were to be provided for each. The report also included a summary of the implementation status of recommendations made by Internal Audit, detailing the number of completed, not due/extended, and overdue recommendations, with a breakdown of overdue recommendations by classification (Essential, Important, Standard).

Strategic Risk Register

The committee was scheduled to consider the refreshed Strategic Risk Register as at 26 February 2026. This refresh involved a change in format to better reflect the current significant risks and threats facing the Council, in accordance with the guidance within the Risk Management Strategy. The strategy, updated in January 2025, outlines a clear approach to risk management, including the identification and mitigation of threats and consideration of opportunities, with a consistent council-wide approach and the establishment of a 'risk appetite'. Risks are assessed based on likelihood and impact, both at gross (inherent) and current (net) levels, using a 'traffic light' scoring system. The refreshed register includes 14 high-level significant risks, with specific additions and removals noted. The report detailed movements in residual risk scores from Q3 25/26 to February 2026, with justifications provided for these changes. A Risk Map showing these movements was also to be presented.

Regulation of Investigatory Powers Act 2000 (RIPA) Update

An update on the Regulation of Investigatory Powers Act 2000 (RIPA) was scheduled to be provided to assist the committee in staying appraised of relevant developments. The report was expected to cover the delivery of in-person RIPA training for officers and an online session for committee members, with a further session for the Executive Leadership Team to be scheduled. A sub-group of the Corporate Enforcement Board will now oversee the practical and operational implementation of guidelines on the use of social media and online research in investigations. The report also highlighted the purchase of a membership for Lawyers in Local Government (LLG), which includes a special interest group with RIPA within its remit, offering wider benefits to the in-house Legal Services team. The report was also to summarise salient points from the Investigatory Powers Commissioners Office (IPCO) Annual Report 2024, noting that while national trends for investigatory powers continue to rise, local authority use remains low, with generally good compliance observed.

Work Programme

The committee was to be provided with an updated work programme for consideration and approval. This programme outlines the scheduled topics for future meetings, including minutes from previous meetings, internal audit plans and progress reports, the annual governance statement, the annual internal audit opinion, the external audit plan, cyber security updates, the strategic risk register, and updates on governance matters, including RIPA. The work programme is subject to evolution, and the committee was invited to highlight any other areas where they might wish to receive further reports.