The Governance, Audit, Risk Management and Standards Committee was scheduled to review progress reports from the Internal Audit and Corporate Anti-Fraud Team, as well as updates on the Council's Corporate and Resources Directorate Risk Registers. The committee was also due to consider the Treasury Management Strategy for 2025/26.

Internal Audit and Corporate Anti-Fraud Team Progress Report

The committee was scheduled to receive an information report detailing the progress of the Internal Audit and Corporate Anti-Fraud Team (CAFT) for the period ending 31 December 2024. The report, prepared by Sharon Daniels, Strategic Director of Finance, was intended to allow the committee to fulfil its terms of reference regarding the oversight of internal audit performance.

According to the report, as of 31 December 2024, Internal Audit had completed 40% of its 2024/25 annual plan, which was below the target of 67.5%. However, with the recent filling of two vacant auditor posts, the service anticipated meeting the full-year target of 90%. Management had agreed to implement 100% of the 21 recommendations made to improve internal controls, exceeding the 95% target.

The Corporate Anti-Fraud Team (CAFT) was reported to be meeting or exceeding all but one of its team targets. The sole target behind schedule related to risk-assessing referrals within five days, attributed to a vacancy that was filled in January 2025. This was expected to improve performance against that target by year-end.

The report highlighted key financial benefits arising from CAFT investigations, including an estimated £837,250 in savings or avoidance of loss from tenancy fraud, £458,305 from internal/employee fraud, £127,900 from Right to Buy fraud, and £114,101 from social care fraud. The National Fraud Initiative (NFI) had also resulted in estimated savings/avoidance of loss of £411,071.

The report also detailed the assurance levels of various audit reviews. Notably, a Limited assurance report was issued for Children's Placements, citing control issues related to monitoring, record-keeping, and provider invoicing. A Limited assurance report was also issued for Highways Reactive/Planned Maintenance, identifying weaknesses in processes, record-keeping, and system integration. A No assurance report was given for School PFI, attributing control issues to a lack of corporate resource for contract monitoring.

The committee was recommended to note the progress report and the associated internal audit report and action plan.

Corporate Risk Register Update

The committee was scheduled to review the Council's Corporate Risk Register for the second quarter of 2024/25, as updated by control and risk owners and reviewed by the Corporate Leadership Team (CLT). The report, also from Sharon Daniels, Strategic Director of Finance, indicated that contingency planning action plans had been introduced for red-rated risks.

As of Q2 2024/25, there were fifteen open risks on the register, with four rated RED and eleven rated AMBER. No GREEN rated open risks were identified. Thirteen risks remained stable since the previous quarter, with one increasing in significance.

The most significant RED risks identified were:

• Failure to meet the demand for adult social care within the budget set out in the Medium Term Financial Strategy (MTFS).
• Failure to fulfil the Council’s Health & Safety (H&S) duties.
• Housing not delivering on health and safety statutory duties and regulatory requirements.
• A major cybersecurity incident affecting the Council or an external supplier, resulting in service failure and a significant breach of the Data Protection Act.

A new risk, Failure to respond sufficiently to the outcomes of the Grenfell Tower Public Inquiry Phase 2, was added and rated AMBER. Two risks, Industrial relations climate impacts delivery of services and transformation and Lack of Strategic Leadership Capacity, were closed.

Resources Directorate Risk Register Update

An information report was scheduled to present the Resources Directorate Risk Register for the third quarter of 2024/25. This report, also from Sharon Daniels, Strategic Director of Finance, detailed the risks managed by the Resources Directorate.

As of Q3 2024/25, there were nine open risks on the register: one RED, five AMBER, and three GREEN. All risks had remained stable since the previous quarter.

The single RED risk identified was:

• A significant and successful cyber-attack on the Council’s systems. This risk was rated RED C2 (Medium Likelihood – Critical Impact) but was expected to reduce to AMBER by the end of the financial year due to ongoing actions and contingency planning.

Other key AMBER risks included:

• Loss of access to critical data services and significant failure to recover data.
• Failure to prevent and/or detect significant fraud at the Directorate level.

Review of Treasury Management Strategy 2025/26

The committee was also scheduled to review the Treasury Management Strategy for the upcoming financial year. This report, from the Strategic Director of Finance, would outline the council's approach to managing its financial investments and borrowing.

Statement of Accounts 2023/24 - Audited

The committee was due to receive the audited Statement of Accounts for 2023/24. This would follow the external auditors' review and would include any audit adjustments made. The report from the Strategic Director of Finance would also provide an update on the 2023/24 audit.

Minutes of Previous Meeting

The minutes of the previous meeting held on 26 November 2024 were scheduled for confirmation. These minutes noted discussions on the Treasury Management Mid-Year Report 2024/25, the use of the Urgency Procedure, the audited Statement of Accounts for 2022/23 and an update on the 2023/24 audit, and the Annual Complaints and Ombudsman report.

Public Questions, Petitions, and Deputations

The agenda also included standard items for noting any public questions received, any petitions submitted, and any deputations.

Exclusion of the Press and Public

An item was scheduled for the exclusion of the press and public to discuss Appendices 2 and 3 of the Internal Audit and Corporate Anti-Fraud Team Progress Report, which contained information relating to the financial or business affairs of any particular person.