The Audit Committee of Cornwall Council were scheduled to meet on 26 September 2025 to discuss the external auditor's update report, internal audit and counter fraud performance, and the Regulation of Investigatory Powers Act. The committee was also scheduled to review the minutes from the meeting held on 4 July 2025.

External Auditor's Update

The Audit Committee was scheduled to review the External Auditor's Progress Report for Cornwall Council and receive a sectoral update. According to the report pack, Grant Thornton had been appointed as the external auditors of Cornwall Council and the Cornwall Pension Fund.

The Progress Report was expected to focus on:

• Work to give an opinion on the council's financial statements for 2024/25
• Work on assessing the council's value for money (VFM) arrangements
• Other areas of external audit work
• Sectoral update

The report noted the key roles of the External Auditor are to give an opinion on the council's financial statements, and to assess value-for-money arrangements.

The significant risks identified in the 2024/25 audit plan were:

• Valuation of land and buildings, including council dwellings
• Valuation of net pension fund liability
• Management override of control
• Consolidation of group accounts
• Fraud in revenue recognition (rebutted for the council and so only relevant for the group)

The report also included an overview of results from an assessment of the Information Technology (IT) environment and controls, which included identifying risks from IT related business process controls relevant to the financial audit. The IT systems reviewed were Oracle Fusion, Altair, and Active Directory.

The report also included sector updates on:

• Lessons from 2023/24 auditors' annual reports
• Financial Instruments in Local Government Accounts
• Other structural changes
• Local government financial sustainability
• The Spending Review
• Fair Funding Review 2.0
• Public procurement
• Keeping fit for the future
• Keeping the leisure estate fit for the future
• Asylum seekers update

Internal Audit and Counter Fraud Performance

The Audit Committee was scheduled to receive an update on the performance of the Internal Audit and Counter Fraud Teams.

The report included the following recommendations:

1. That the Committee takes assurance from the work of the Internal Audit and Counter Fraud Teams and the performance and progress against the 2025/26 Audit programme.
2. That the Committee takes assurance from the progress being made by management in implementing the Agreed Management Actions arising from Internal Audit reviews.
3. That the Committee approves the Internal Audit Plan from October 2025 and approach to programming.
4. The Committee makes observations and requests clarifications as required.

As of 31 August 2025, the audit plan was reported to be largely on target for delivery by 31 March 2026, though some reviews may need to be prioritised due to a reduction in planned resources while vacancies are filled. Audits not completed in year due to resourcing will be rolled forward into 2026/27. Client feedback scores and the implementation of Agreed Management Actions were reported to be above target levels.

In terms of Counter Fraud, there are currently five measures that are used to report on the performance. For the two with targets, the performance indicator in respect of responding to Freedom of Information cases that require digital information to be provided and requests for Rights of Access, Rectification and Erasure (RARE) have been exceeded.

The report also presented the 6-month Internal Audit rolling Plan from October 2025 for approval by the Audit Committee.

Key changes to the Audit Plan from April 2025 include specific Information Systems (IS) reviews on cyber infrastructure, third party access to data and systems, and major incident/crisis management. Additional reviews were also added for health and safety, insurance, environmental and social governance, and Cornwall Fire & Rescue Service (CFRS) inspection and action plan, and CFRS payroll and expenses.

Counter Fraud Risk Update

The Audit Committee was scheduled to discuss how Cornwall Council is managing its fraud risks, including any risks of exposure under the new 'Failure to Prevent Fraud Offence' defined in the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

The report stated that Cornwall Council has a zero tolerance approach towards fraud, bribery and corruption, and that preventing fraud, bribery and corruption is a responsibility for all officers and Members and is a controllable risk.

The report also detailed the Council's fraud detection, prevention, and deterrence activities, including:

• Governance and deterrence measures, such as vetting procedures, codes of conduct, and assurance frameworks.
• Prevention activities, such as training and awareness programs, collaboration with other agencies, and proactive counter fraud reviews.
• Detection methods, such as data matching initiatives and data analytics.
• Enforcement responses, such as disciplinary action, legal proceedings, and fraud recovery efforts.

Regulation of Investigatory Powers Act

The Audit Committee was scheduled to receive an annual update on the use of powers granted to the council under the Regulation of Investigatory Powers Act 2000 (RIPA).

The report set out the RIPA and non-RIPA activity which has been undertaken during the Investigatory Powers Commissioner's Office (IPCO) reporting year, 1 January – 31 December 2024, and covers RIPA more generally.

The report stated that in the last year, 1 January 2024 – 31 December 2024, the council undertook surveillance on two occasions. The first time the powers were used was for a non-RIPA surveillance and related to online tobacco sales, the second time was a RIPA application which related to fly tipping and was authorised by a Justice of the Peace. Both of these applications are now cancelled.