The Audit Committee meeting on 12 November 2025 focused on the progress of the external audit for the 2024-25 financial year, the council's fraud update, and the annual review of risk management. Key decisions included noting the progress of the external audit, which anticipates a disclaimed opinion due to ongoing issues with prior year balances, and approving the next steps for updating the council's risk management approach to a more digital and quarterly framework. The committee also received an update on fraud investigations and prevention activities.

Update on the External Audit and the Report of the External Auditor

The committee received an update on the 2024-25 external audit from Ernst & Young (EY). Alicia Atto, Chief Accountant, and Ben Lazarus from EY presented the report, which indicated that the audit is broadly on track for completion within the statutory deadlines. However, due to previous disclaimed opinions in 2022/23 and 2023/24, EY anticipates issuing a disclaimed audit opinion for 2024-25 as well. This is primarily due to the inability to gain full assurance over brought-forward balances from previous years.

Key points discussed included:

• Audit Opinion: EY anticipates issuing a disclaimed opinion for the 2024-25 accounts. This is a continuation of the situation from previous years due to the ongoing challenges in rebuilding assurance over prior year balances.
• Value for Money (VfM): A significant weakness was identified in the council's arrangements concerning governance, specifically in monitoring and ensuring appropriate standards, particularly in relation to legislative and regulatory requirements. This stemmed from a critical C3 grading received in February 2025 from the Housing Regulator, indicating serious failings in delivering consumer standards. The council is implementing a plan to address these concerns, including monthly meetings with the regulator, an improvement tracker, and a move to a rolling five-year programme for stock condition surveys.
• Audit Differences: Several uncorrected misstatements were noted, including those related to pension liabilities and creditors. Corrected misstatements included issues with the classification of Property, Plant and Equipment, and disclosure errors in notes relating to officers' remuneration and exit packages.
• Areas of Audit Focus: EY highlighted ongoing work in areas such as the valuation of land and buildings, investment properties, and Housing Revenue Account (HRA) properties. The valuation of HRA properties remains a concern due to unresolved issues with prior year balances and accounting treatment of additions.
• Fees: The scale fee for 2024/25 has increased significantly compared to previous years, and EY expects to charge additional fees reflecting what they consider to be additional work. These fee requests are subject to arbitration by the Public Sector Audit Appointments (PSAA).
• Local Audit Update: The committee was informed about proposed reforms to the local audit system, including the establishment of a Local Audit Office (LAO) to simplify and coordinate the system.

The committee noted the progress of the audit, considered the draft Audit Results Report, and approved delegated authority to the Chair to sign the 2024-25 Accounts and the Letter of Representation upon completion of the audit.

Progress on Governance Arrangements

Paul Giuliotti, Director of Financial Services, presented an update on the progress of the internal audit plan for 2025/26.

• Audit Plan Progress: Six months into the plan, 21 out of 59 planned audits have been completed, with a further 16 in progress. The council is considered to be on track to complete the planned work.
• Overdue Recommendations: Two Priority 1 recommendations from previous years remain overdue:
  • Storage of Deeds and Contracts: This issue has been ongoing for some time. While a budget is approved, identifying suitable legally trained resources willing to undertake the work in a challenging environment has been difficult. The directors for Valuation and Law and Governance are working with the archives to scan documents to mitigate risk.
  • Use of Fleet Vehicles: A single policy on fleet management is still under review by HR and the Legal team. Recommendations are in train, but some are complex and require multiple levels of review.
• Business Continuity Planning (BCP): Councillor Hedges raised concerns about BCP testing, noting that only half of services had been tested. The audit manager acknowledged this and stated that while BCPs are in place, testing is ongoing and prioritised based on risk. Cyber security is a key focus, with recent exercises conducted.
• St John Bosco College School: An audit on this school identified issues with procurement processes and outstanding purchase orders. The Director of Business and Operations is working on implementing clearer procedures, training, and a central procurement team.

The committee noted the progress against the audit plan and the status of overdue recommendations.

Fraud Update 2025/26

Kevin Holland, Assistant Director of Fraud Risk, provided an update on fraud investigations and prevention activities undertaken by the South West London Fraud Partnership (SWLFP).

• Fraud Risk: The fraud risk remains significant, with an increase in fraud driven by need rather than greed, exacerbated by the current financial climate. AI is noted as a growing challenge, being used by both fraudsters and the council for detection.
• Key Objectives and Targets: The report highlighted progress against key objectives, including the recovery of properties through tenancy fraud investigations and verification visits to temporary accommodation.
• Temporary Accommodation: This is a new area of focus due to rising costs and demand. Verification visits are being conducted to ensure genuine need and address instances of abuse.
• Artificial Intelligence (AI): The use of AI in fraud detection and prevention was discussed, with acknowledgement of its dual role as a tool for both fraudsters and the council. The council's membership in the Government Counter Fraud Profession (GCFP) provides access to up-to-date information on trends and techniques.
• Data Analytics and Cleansing: Continued development in data analytics and cleansing is essential for fraud prevention and detection. Notional savings have been identified through data matches, including blue badges and waiting lists linked to deceased individuals.
• Grant Process: Councillor Hedges raised concerns about the checks in place to ensure grants are used properly, particularly with an increasing number of grant pots and larger sums of money. It was suggested that this be taken back to the Grants Committee for initial review.
• South West London Fraud Partnership (SWLFP): The audit of the SWLFP by Mazars found procedures to be satisfactory, with recommendations focusing on updating the partnership agreement and addressing long-open cases.

The committee noted the fraud progress report and the review of activity completed during 2025/26.

Annual Review of Risk Management

Paul Giuliotti, Director of Financial Services, presented the annual review of the council's risk management approach.

• Proposed Changes: The council is proposing a shift from a largely manual, biannual risk management process to a more dynamic, digital, and quarterly framework. This aims to improve oversight, transparency, and reporting.
• Digital Transformation: A key outcome is the planned transition to a digital risk management platform, likely SharePoint-based, to streamline reporting and escalation. This will replace manual forms with linked spreadsheets and enable real-time updates.
• Three-Tier Escalation Model: A clearer escalation pathway is proposed, with service-level risks reviewed at divisional level, departmental risks escalated to senior management teams, and strategic risks reviewed by the Governance Board.
• Member and Officer Engagement: The review included engagement with Audit Committee Chairs, Executive Directors, and Members. There is a recognised need for more training and feedback on how risks relate to organisational objectives.
• Next Steps: The committee was recommended to approve the next steps for updating the Risk Management Approach, which include developing the digital solution, procuring training, and producing a revised strategy for approval in March/April 2026.

The committee approved the next steps for updating the council's Risk Management Approach.

The meeting concluded with Councillor Worrall thanking all attendees for their contributions and acknowledging the significant amount of work involved in preparing the reports.