The Audit Committee of Tower Hamlets Council met on Thursday 12 March 2026 to review the council's financial reporting, risk management, and internal audit plans. Key discussions included the external auditor's disclaimed opinion on the 2024/25 financial statements, significant weaknesses identified in governance and contract management, and the progress of the action plan to address these issues. The committee also reviewed the internal audit plan for 2026-27 and the corporate code of governance.

Annual Report and Audit Results Reports

Ernst & Young LLP (EY), the council's external auditor, presented their final Auditor's Annual Report and Audit Results Report for the year ending 31 March 2025. EY issued a disclaimed opinion on the financial statements, citing significant weaknesses in the council's arrangements for statutory financial reporting, risk management, internal control, contract management, and the effectiveness of its internal investigation processes. These weaknesses were largely attributed to the legacy of historic audit delays and unresolved issues, as well as ongoing capacity constraints within the council and the finance team. EY noted that while some improvements have been made, the pace of response has not matched the scale of the challenges, leaving the council exposed to further risks.

EY also highlighted ten significant weaknesses in the council's value for money arrangements, including issues with the Annual Governance Statement, the capacity of the 'Golden Triangle' (Chief Executive, Section 151 Officer, and Monitoring Officer), and the effectiveness of the Audit Committee itself. Recommendations were made for the council to critically assess the assurance level provided by the Head of Internal Audit, commission a further independent review of the internal audit function, ensure the Annual Governance Statement accurately reflects the scale of issues faced, and review the Audit Committee's membership and training.

Specific concerns were raised regarding the council's procurement waiver process, with internal audit identifying a lack of a central database, insufficient monitoring, and a lack of reporting to cabinet. EY also noted that the council's process for conducting internal investigations was not clear, leading to inconsistency in approach and conclusions. The council's response indicated that a new Section 151 Officer had been appointed and that work was underway to address these issues, including a review of the investigations team and policies, and the establishment of a new corporate oversight board.

Progress Update on Action Plan Delivery in Response to External Recommendations

The council presented its progress update on the Mobilisation Action Plan, which addresses the external auditor's statutory recommendations and significant weaknesses. The plan is structured around four workstreams: Financial Management & Accountability, Audit, Investigations & Assurance, Procurement & Contract Management, and BVI, Core Services & Capacity.

Progress varies across the workstreams, with Financial Management & Accountability reported as 33% complete, Audit, Investigations & Assurance at 20%, Procurement & Contract Management at 84%, and BVI, Core Services & Capacity at 47%. A key risk identified is securing and sustaining sufficient delivery capacity, which the council is mitigating through an allocation of £4.5 million over three years. New roles are being established, including a Compliance Director for Audit, Investigations & Assurance, and a dedicated Programme Director for the overall programme.

Specific progress includes the recruitment of experienced professionals to the finance team, a refreshed closure of accounts timetable, and improved interim audit walkthroughs. The Annual Governance Statement is now being drafted by the Strategic Director of Change and Improvement to ensure transparency and impartiality. In procurement, new contract management templates and tools have been developed, and a Procurement Waivers Power App has been launched. Training programmes for contract management are ongoing, with over 800 attendees.

Regarding Social Housing, the council has secured approval for the Housing Revenue Account (HRA) business case and funding. Monthly meetings with the Housing Regulator are underway, and good progress is being made in areas of compliance, including fire risk assessments and decent homes investment. The insourcing of housing management services is noted as a driver for meeting new Consumer Standards.

For the 'Golden Triangle', a new Section 151 Officer has joined the organisation.

Internal Audit and Anti-Fraud Progress Report

David Dobbs, Head of Internal Audit, Anti-Fraud and Risk, presented the progress update for 2025-26. He highlighted that 52% of audits (excluding schools) had achieved 'reasonable' or 'substantial' assurance. However, concerns were raised about the number of outstanding management actions, particularly historic ones, and the limited assurance ratings in areas such as VAT management, IR35 Off Payroll working, and GDPR. EY's feedback included a recommendation for all recommendations to be followed up, regardless of their assurance rating, and for changes to the Internal Audit Plan to be approved by the Audit Committee.

Risk Management – Corporate Risk Register & Deep Dive

The committee reviewed the updated Corporate Risk Register, which remains at 13 corporate risks, with one escalated and one relegated within the Housing & Regeneration Directorate. The introduction of risk appetite levels into the framework was discussed, with different categories of risk assigned varying appetite levels. A significant new risk, HRHOH0002, concerning the rapidly increasing cost of temporary accommodation due to demand from homeless residents and the shrinking private rented sector, was highlighted. This risk has cross-directorate implications and poses financial, reputational, and legislative risks. The committee also reviewed a deep dive into the Children's Directorate's risk register, noting improvements in the safeguarding risk rating but also discussing concerns around SEND demand and budget constraints.

Internal Audit Plan and Charter 2026-27

David Dobbs presented the proposed Internal Audit and Anti-Fraud Plan and Internal Audit Charter for 2026-27. The plan is risk-based and designed to support the council's ambitions and address government statutory intervention and external auditor recommendations. It will remain flexible to accommodate evolving risks. The plan includes 42 audit assignments and 20 school audits, supported by two new posts following a successful growth bid. The updated Internal Audit Charter reflects the requirements of new Global Standards and defines the purpose, authority, and responsibilities of the Internal Audit function.

Corporate Code of Governance Update

Jonathan Lloyd, Strategic Director, Change & Improvement, presented the updated Corporate Code of Governance for 2025-26. The code has been improved to be more explicit around the CIPFA/SOLACE framework and is reviewed annually to reflect changes in governance policies. The report noted the government's directions following a Best Value Inspection, requiring improvement in scrutiny, leadership, decision-making processes, and culture change. The committee discussed the wording of the code, particularly the use of robust and the implications of the Secretary of State's minded to statement regarding potential increased powers for envoys. Amendments were agreed to delegate revisions to an officer, specifically the Section 151 Officer, subject to consultation with the Chair.

Audit Committee Annual Report

David Dobbs presented the draft Annual Report of the Audit Committee for 2025-26. The report outlines the committee's compliance with the CIPFA position statement, its discharge of responsibilities, and an assessment of its performance. The report acknowledges significant weaknesses identified by EY in the Audit Committee's arrangements, which are subject to an ongoing action plan. Recommendations from EY include mandatory training for committee members, a review of committee membership for independence and skills, annual reporting to Full Council, and strengthened oversight of recommendations. The committee discussed the need for more granular detail in reports and agreed to note the report with suggested amendments.

Audit Committee Work Plan

The committee reviewed and noted the work plan for 2025-26, with discussions on specific agenda items for upcoming meetings.

Any Other Business

The committee agreed to exclude the press and public for the remainder of the meeting to consider exempt information related to fraud investigations.

The meeting concluded with the committee agreeing to note the reports and recommendations presented, with a commitment to ongoing improvement and oversight of the council's governance and financial arrangements.