The Audit and Governance Committee of North Northamptonshire Council met on Monday 20 April 2026 to approve the internal audit plan for 2026/27 and the risk management policy and strategy. The committee also received updates on the internal audit progress report and the strategic risk register.

Internal Audit Plan 2026/27 and Charter and Mandate

The committee approved the Internal Audit Plan for 2026/27, along with the Internal Audit Charter and Mandate. A delegation was also approved for the Executive Director of Finance, the section 151 officer, to agree amendments to the internal audit plan in-year, in consultation with the Chair of the Audit and Governance Committee. The Internal Audit Plan outlines the proposed work for the year, focusing on providing assurance over the Council's governance, risk management, and control processes. The Internal Audit Charter and Mandate, which was last reviewed in 2025, was confirmed as remaining fit for purpose.

Risk Management Policy and Strategy

The committee approved the Council's Risk Management Policy and Strategy for 2026/27. This policy sets out how the council will manage its risks across the organisation. Following an annual review, no material changes were proposed to the existing document. The strategy is informed by best practice, including ISO 31000:2018, and outlines the principles and processes for risk management within the council. A new risk management system is being rolled out across the council in 2026/27 to better facilitate and coordinate risk management activities.

Internal Audit Progress Report

Rachel Ashley-Caunt, Chief Internal Auditor, presented an update on the delivery of internal audit activity and the conclusion of the 2025/26 internal audit plan. Eight audit reports had been finalised since the last committee meeting. Key findings included:

• Complaints Management: A moderate assurance opinion was given for compliance, with recommendations to formalise senior management involvement in the ombudsman process and to conduct periodic reviews of remedy payments.
• Emergency Planning: A moderate assurance opinion was given for the control environment and compliance. Recommendations were made regarding training records, the scheduling and tracking of council exercises, and the improvement of the learning tracker for exercises.
• Schools – Financial Governance and Budget Management: A good assurance opinion was given for the control environment. Recommendations were made for the council to strengthen school governance by developing a formal governance framework and providing enhanced training for governors.
• Government Procurement Cards (GPC): A good assurance opinion was given for the control environment. Compliance had improved significantly since the previous year, though further improvement was noted as an area for focus. A recommendation was made for all cardholders to attend VAT training.
• Housing Benefit and Council Tax Support: A moderate assurance opinion was given for the control environment and compliance. Areas for improvement included independent review of payment runs and reconciliations, and addressing issues with the timely recovery of debts due to reminder letters not being activated on the new system. A complete review of the housing benefit overpayment function will be undertaken.
• Bank Reconciliations: A good assurance opinion was given for the control environment. All legacy bank accounts had been closed, and work was ongoing to clear unreconciled items, with a significant reduction noted compared to the previous period.
• Income Processing (Lead Authority Delivery): A substantial assurance opinion was given for the control environment. Controls were found to be operating effectively, with no areas of concern flagged.
• Debt Recovery (Lead Authority Delivery): A good assurance opinion was given for the control environment, and a moderate assurance for compliance. While the control framework was good, there was a substantial increase in very long-term debts and operational challenges persisted.

The committee also noted that 30 actions had been implemented since the last meeting, but 61 recommendations remained overdue.

Strategic Risk Register

Rachel Ashley-Caunt presented an update on the council's Strategic Risk Register. The register details the strategic risks faced by the council in achieving its corporate priorities, along with mitigation actions and current residual risk scores. No material changes had been made to the risk entries since the last update, but several risks were under active review, including those related to SEND reforms and the closure of the 2025/26 accounts. A new risk management system is being rolled out, which will involve a comprehensive review of all risk entries. The committee was provided with the updated register, a risk heat map, and the risk scoring methodology.

Key risks highlighted included:

• Children's Trust Failure: A very high residual risk score (20) was noted for the risk of the Children's Trust failing to deliver to agreed standards, impacting child safeguarding, service quality, and financial stability.
• Unsustainable Finances: A high residual risk score (20) was assigned to the medium-term financial sustainability, with significant budget gaps projected from 2026/27 onwards.
• General Fund Overspend and DSG Deficit: A very high residual risk score (20) was noted for the council's General Fund overspend and the Dedicated Schools Grant deficit.
• Health, Safety and Wellbeing: A very high residual risk score (25) was assigned to the general management of health, safety, and wellbeing risks, with potential for harm to individuals and reputational damage.

The committee noted the update and was assured that the risk management process was effective.