The Audit and Risk Committee of Islington Council is scheduled to convene on Monday 15 June 2026. The meeting's agenda includes a review of the committee's membership and terms of reference, a verbal financial update, and discussions on the external and internal audit plans for the upcoming year. Other key items for consideration are the principal risk report, the annual governance statement, and reports on cyber defence assurance and the review of the RIPA policy.

Membership, Terms of Reference and Dates of Meetings

The committee is set to review its membership, terms of reference, and scheduled meeting dates for the municipal year 2026-27. This includes noting the current membership, which comprises Labour and Green councillors, along with co-opted members. The terms of reference outline the committee's role in providing assurance on the council's governance, risk management, and internal control framework, overseeing audit arrangements, and reviewing financial and governance reporting. The scheduled meeting dates for the year are also to be confirmed.

Verbal Financial Update

A verbal update on the council's financial position is scheduled to be provided. This will offer a real-time overview of the current financial status, which may include information on expenditure, income, and any significant financial developments since the last formal report.

External Audit Plan and Strategy for the Year Ending 31 March 2026

The committee will consider the external auditor's plans for the 2025/26 audit of Islington Council and the Islington Pension Fund. This includes an overview of the planned audit approach and scope, with KPMG LLP outlining their materiality levels for both the council and the pension fund. The report details the estimated statutory external audit fees and highlights the legal responsibilities of the council in keeping adequate accounting records and preparing an annual Statement of Accounts. The external audit plan also addresses significant risks, such as the valuation of land and buildings, post-retirement benefit obligations, and the potential for management override of controls.

Internal Audit Annual Report

This report will provide an overview of the work undertaken by Internal Audit in delivering the 2025/26 Internal Audit Plan. It aims to assure the committee that the council has a sound framework for governance, risk management, and internal control. The report includes the Chief Audit Executive's annual conclusion, which for 2025/26 is Moderate Assurance, indicating that while arrangements are adequate, some improvement is required. The report details the outcomes of completed audits, high-priority recommendations, and follow-up activities to ensure recommendations are implemented.

Principal Risk Report

The committee will review the council's principal risks as at June 2026, presented in line with a revised Risk Management Strategy. This report identifies 11 principal risks facing Islington, ranging from health and safety compliance and capital programme delivery to financial stability, safeguarding, and cyber security. Each risk is accompanied by an action plan detailing steps to mitigate it and achieve target risk scores, reflecting the council's risk appetite. The report includes a risk map illustrating the likelihood and impact of each risk.

Annual Governance Statement

The committee is scheduled to review the Annual Governance Statement. This statement provides assurance on the effectiveness of the council's governance, risk management, and internal control framework. It is a key document for demonstrating accountability and transparency in the council's operations.

Cyber Defence Assurance Annual Report

This report provides an annual update on the council's cybersecurity posture, detailing the security of its IT environment and the protections in place to safeguard operations and data. It highlights the ongoing commitment to cybersecurity, the challenges posed by phishing attempts and the evolving threat landscape, including the impact of Artificial Intelligence. The report notes that no cyber events were reported to the Information Commissioner's Office (ICO) in the last financial year and outlines the council's robust technical systems, training, and awareness programmes. The report also mentions the council's early adoption of the Cyber Assessment Framework (CAF), which secured £100,000 in funding.

Review and Update of RIPA Policy

The committee will review and consider the updated RIPA Policy Document and Procedural Notes. These documents provide guidance on the lawful use of directed surveillance and access to communications data by the council under the Regulation of Investigatory Powers Act 2000 (RIPA) and the Investigatory Powers Act 2016 (IPA). The report notes that the Investigatory Powers Commissioner's Office (IPCO) previously inspected the council's compliance and found it satisfactory, with a recommendation for ongoing internal governance and policy refreshes. The next IPCO inspection is due in 2026. The policy review is also a requirement under the Covert Surveillance and Property Interference Code of Practice.