The report of the Internal Audit Manager is attached.

Contact: Katie Williams (01743) 255637

The Committee received the report of the Internal Audit Manager who explained that risk management was fundamental to the Council’s governance, decision?making, and delivery of priorities, and provided a key mechanism for the Committee to obtain assurance over internal controls and accountability. The Committee’s terms of reference require an annual review of risk management arrangements, which was fulfilled through this internal audit report.

The 2025/26 review covered operational, strategic, and project risks. Although core elements of the framework were in place, the overall assurance opinion was assessed as limited due to weaknesses in compliance with key controls and inconsistencies in risk reporting. Recommendations had been made to strengthen oversight, improve consistency, and enhance assurance processes. Details of the evaluated controls and outcomes were set out in section 6.8 of the report.

During discussion, a member observed that four control objectives had not been achieved and questioned whether “limited” assurance was the appropriate rating, suggesting that the position might indicate an unsatisfactory level of assurance. The Internal Audit Manager clarified that not all objectives were unachieved, as control objectives 2 and 3 had been achieved, whilst 1 and 4 had not. The Internal Audit Manager explained that the balance between limited and reasonable assurance was based on professional judgement, and that an unsatisfactory opinion would apply only if none of the objectives were achieved.

The Chair expressed concern regarding the issues identified, including the leadership board not receiving project risk reports and recommendations from the corporate peer challenge not being reflected in the risk register. It was noted that the Interim Section 151 Officer was reviewing the Council’s approach to risk in order to modernise governance and decision?making structures in line with new boards and forums and to ensure effective cascades of information.

Clarification was sought from internal auditors on whether the improvement activities discussed during the meeting were considered sufficient to enhance the internal control environment. The Internal Audit Manager responded that the improvement programme’s focus on “getting the basics right” represented an appropriate direction, but it was too early to assess the impact, as the processes had not yet had time to embed. She added that the Committee was asking appropriate questions and demonstrating a strong understanding of assurance levels, distinguishing between reassurance from oversight functions and assurance provided through internal audit. Assurance on the improvement plan would be available once internal audit work on its implementation had taken place.

The Chair commented on the annual governance statement, noting that the previous Committee had considered it to lack coherence and clarity. The Chair requested that a draft version be circulated to Committee Members for comment prior to publication, given that the next scheduled meeting was in June. Officers confirmed that a draft would be circulated for review and that the annual governance statement, currently scheduled for July, could be brought to the June meeting if it were ready earlier.

RESOLVED:

To note concern regarding the limited assurance rating for risk management whilst recognising that work was underway to address the identified weaknesses.

To agree to revisit the matter at the June meeting to review progress and improvements in the Council’s risk management arrangements.