Agenda item

(A report by Mark Harrison, Audit Manager – Lincolnshire County Council)

The Committee received the Internal Audit Progress Report – April 2026, presented by the Head of Internal Audit and Risk, which provided an overview of internal audit activity undertaken during the 2025/26 financial year and reported progress against delivery of the approved Internal Audit Plan.

The Committee was advised that 100% of the Internal Audit Plan for the year had been delivered. The report summarised assurance outcomes, levels of management engagement, implementation of agreed actions, and feedback received from audited services. It was reported that overall feedback from services had been positive, demonstrating constructive engagement and a high level of commitment to implementing recommendations. One instance of poorer feedback had been received in relation to the timeliness of an audit delivered by a co?provider which had been addressed through performance discussions and quality assurance arrangements.

Members noted the range of audits completed during the year, covering areas including grants administration, identification and monitoring of savings, ICT cyber security, risk management, planning, capital budget monitoring and financial resilience. It was confirmed that Internal Audit had continued to provide advisory support alongside assurance work, where appropriate.

During discussion, Members raised several detailed questions on specific findings. Clarification was sought on audit conclusions referring to the absence of a centralised grants register, with concern expressed about how grant information was currently recorded and monitored across the Council. Members also questioned the arrangements for escalation where savings proposals were not delivered to plan, and how such issues were identified and addressed through financial monitoring and governance processes. The Monitoring Officer confirmed that officers monitored the approved budget and that quarterly reports detailing key variances were presented to the Cabinet. He explained that the Council had set a balanced budget for 2026/27 which did not contain a need to identify in year savings and efficiency targets.

Further discussion focused on audit findings highlighting the absence of a central training records system, with Members querying how assurance could be provided over staff training and compliance in the absence of consistent tracking. Members also referred to issues raised within the ICT cyber security audit, including findings relating to threat escalation procedures, remediation timescales and management oversight.

The Head of Internal Audit and Risk explained that assurance opinions were based on a structured risk assessment methodology and internal quality assurance processes. Members noted that final assurance ratings reflected the cumulative impact of findings rather than individual issues and were subject to senior sign?off.

The Committee expressed concern that officers with direct responsibility for the audited operational areas were not always present to respond to technical or service?specific questions. Members emphasised that effective scrutiny depended on having appropriate senior officers in attendance to explain management responses and control arrangements. It was agreed that this matter required further consideration to ensure future meetings were adequately supported.

The Committee concluded that the report demonstrated strong delivery of the Internal Audit Plan and a generally sound assurance position, while also highlighting areas where governance arrangements, documentation and officer engagement needed to be strengthened.

Resolved:

That the Internal Audit Progress Report – April 2026 be noted.