The Audit and Governance Committee of West Northamptonshire Council met on Wednesday 11 March 2026 to review the internal audit service's external quality assessment, approve the internal audit plan for the upcoming year, and discuss progress on ongoing audits and the strategic risk register. Key decisions included the approval of the 2026/27 internal audit plan and noting the conclusion that the internal audit service generally conforms with Global Internal Audit Standards.

Internal Audit – External Quality Assessment

The committee received the results of the external quality assessment (EQA) of the internal audit service, which was conducted in January and February 2026. The assessment concluded that the internal audit service generally conforms with the Global Internal Audit Standards (GIAS) in the UK Public Sector. This was considered a positive outcome, particularly given the service's recent resourcing challenges and the implementation of new global standards. The report highlighted several recommendations for enhancement, focusing on improving the alignment between internal audit planning and risk management processes, strengthening the articulation of recommendations and opinions in line with risk impact definitions, and enhancing the Quality Assurance and Improvement Programme (QAIP). Adrian Ward, Head of Audit and Risk Management, noted that an action plan would be developed to address these recommendations and move towards full conformance.

Internal Audit Plan 2026/27

The committee considered and approved the proposed internal audit plan for 2026/27. The plan was developed using a risk-based approach, incorporating assessments of financial impact, inherent risk, cumulative audit knowledge, and consultation with senior management. The plan includes contingency capacity to address unforeseen issues. Members raised questions regarding the deliverability of the plan given recent staff departures and requested a check of annual leave calculations. The Head of Audit and Risk Management confirmed the plan's flexibility and the possibility of adjustments. The plan was approved, with the understanding that the new Head of Audit would take forward its implementation.

Internal Audit Progress

An update was provided on the work delivered by the Audit & Risk Management Service up to 28 February 2026. This included progress against the amended 2025-26 internal audit plan. The report detailed several completed audits, including those for Harpole Primary School (Limited Assurance), the New Mortuary Facility (Reasonable Assurance), the Veolia Environmental Services Contract (Reasonable Assurance), and the Income Processing / Accounts Receivable audit (Substantial Assurance). The committee noted the findings and recommendations from these audits. A significant portion of the discussion focused on the Actions Tracker, which summarises the implementation status of outstanding recommendations. Concerns were raised about the number of overdue recommendations, particularly those classified as Essential and Important, with specific attention drawn to overdue recommendations from the General Ledger – Control & Suspense Accounts audit and the Call Care audit. The committee requested confirmation on whether any Government Procurement Cards (GPCs) had been removed due to non-compliance.

Strategic Risk Register

The committee considered the refreshed Strategic Risk Register as at 26 February 2026. The register had undergone a format change to better reflect current significant risks and threats, with a focus on ensuring mitigating actions have relevant implementation dates. Two new risks were added: SR20 (Anglian Water - Water supply and foul water drainage) and SR21 (Non-delivery of Statutory duties for Adult Social Care). Two risks were removed as they were no longer considered corporate-level risks: SR04 (Availability of affordable rental accommodation) and SR09 (NCT - relationships management). The report detailed movements in residual risk scores for several strategic risks, including SR01 (Data Management including Cyber Security) and SR14 (Financial Sustainability), with justifications provided for these changes. The committee was informed that an options appraisal was underway to evaluate integrated systems for risk management.

Regulation of Investigatory Powers Act 2000 (RIPA) Update

An update was provided on RIPA matters. This included information on recent RIPA training delivered to officers and committee members, the establishment of a sub-group to oversee online investigations, and the purchase of a membership for Lawyers in Local Government (LLG), which includes access to a special interest group covering RIPA. The report also summarised key points from the Investigatory Powers Commissioners Office (IPCO) Annual Report 2024, noting the generally low levels of RIPA use by local authorities and the importance of diligent record-keeping and regular training. West Northamptonshire Council (WNC) has addressed the key advice points for safe use of investigatory powers.

Work Programme

The committee reviewed and approved the updated work programme for the Audit and Governance Committee. The programme outlines the topics to be discussed at future meetings, including the Internal Audit Plan, Annual Governance Statement, Internal Audit Progress reports, and updates on Cyber Security and the Strategic Risk Register. A member requested that Direct awards and waivers contract be added to the work programme, which was agreed.