NFDC Audit Committee - Internal Audit Progress Report

Audit Committee – 13 February 2026

Internal Audit Progress Report 2025-26 (December 25)

Purpose	For Decision
Classification	Public
Executive Summary	In accordance with the Global Internal Audit Standards in UK Public Sector this report presents the Internal Audit Progress Report to 31^st December 2025. The Internal Audit Progress Report, attached as Appendix 1, provides the Audit Committee with an overview and key updates of internal audit activity and assurance work completed in accordance with the approved audit plan.
Recommendation(s)	The Audit Committee are requested to 1. note the Internal Audit Progress Report 2025-26 (December 2025) and 2. approve the proposed changes to the audit plan.
Reasons for recommendation(s)	To keep the Audit Committee appraised of internal audit activity and key updates relevant to the discharge of the Committee’s role in relation to internal audit.
Ward(s)	All Wards
Portfolio Holder(s)	Councillor Jeremy Heron – Finance and Corporate
Strategic Director(s)	Alan Bethune, Strategic Director of Corporate Resources. S151 Officer
Officer Contact	Antony Harvey, Deputy Head of Southern Internal Audit Partnership 07784 265289 antony.harvey@hants.gov.uk

Introduction and background

1. The mandate for internal audit in local government is specified within the Accounts and Audit [England] Regulations 2015, which states:

‘A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.’

2. From 1 April 2025, the ‘standards or guidance’ in relation to internal audit are those laid down in the Global Internal Audit Standards (GIAS), Application Note: Global Internal Audit Standards in the UK Public Sector (Application Note) and the Code of Practice for the Governance of Internal Audit in UK Local Government. The collective requirements shall be referred to as the Global Internal Audit Standards in the UK Public Sector (the Standards).

3. The Southern Internal Audit Partnership have been externally assessed against conformance with the Global Internal Audit Standards in the UK Public Sector which concluded:

‘SIAP has achieved an excellent result of ‘generally achieves’ in this EQA in relation to the GIAS and Application Note. The IIA use the term ‘general achievement’ or ‘general conformance’ to indicate that “internal audit activities were performed in general conformance with the Global Standards.”

Given SIAP’s high level of performance and achievement with the GIAS, I do not make any formal recommendations in this report.

I am delighted to confirm that SIAP fully achieves 46 of the 52 Standards and generally achieves the remaining six Standards. There are no partial conformances, or areas where the team do not conform with any Standards.’

4. In accordance with proper internal audit practices (Global Internal Audit Standards in the UK Public Sector), the Chief Internal Auditor is required to provide a written status report to the Audit Committee, summarising:

o ongoing confirmation or otherwise regarding independence, and impairments [Standard 7.1]

o a summary of significant issues and escalation of matters of importance [Standard 8.1]

o overview and sufficiency of resourcing [Standards 8.2, 10.1, 10.2, and 10.3]

o communication of unresolved issues that fall outside of the Council’s risk tolerance [Standard 11.5]

o update on progress and any changes to the annual audit plan [Standard 9.4]

o internal audit performance measures [Standard 12.2]

o status of ‘live’ internal audit reports and status on the implementation of management actions [Standard 15.2].

5. Appendix A summarises the activities of internal audit for the period to 31^st December 2025. The progress report confirms that 34% of the agreed plan has reached the reporting stages, including six reports that have been finalised since the previous progress update in September 2025, of which two concluded with a Substantial Assurance opinion and four with a Reasonable Assurance opinion. The remaining audits are either in progress or are in the process of being lined up for delivery during the final quarter of the year. There are two proposed plan changes (one addition and one withdrawal) for consideration and approval.

6. The report also provides an update on the Council’s progress with implementing actions that have been agreed following audits, including confirmation that all actions have been completed in respect of seven previous audit review areas. The number of overdue management actions remains low and is consistent with the position previously reported within the September 2025 progress update.

Corporate plan priorities

7. The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements. Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively. The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives.

Options appraisal

8. No alternative options have been considered as this report is a requirement under relevant legislation and standards.

Consultation undertaken

9. This report has been discussed with the Executive Management Team.

Financial and resource implications

10. The audit plan consists of 400 audit days including 18 audit days provided to the New Forest National Park Authority under the current Service Level Agreement. The Council’s budget for 2025-26 reflects these arrangements.

Legal implications

11. The statutory requirement for internal audit in local government is specified within the Accounts and Audit [England] Regulations 2015. Internal audit functions within the UK Public Sector must conform with The Global Internal Audit Standards in the UK Public Sector (the Standards). The Standards require the Chief Internal Auditor to provide a written status report to the Audit Committee providing an overview and key updates of internal audit activity and assurance work completed in accordance with the approved audit plan. This report provides the Audit Committee with the progress report to 31^st December 2025.

Risk assessment

12. The audit needs assessment follows a risk-based audit approach taking cognisance of the Council’s risk register.

13. Failure to deliver an appropriate audit plan would increase the risk of failing within the Council’s service delivery.

14. Failure to complete management actions or to act on the initial findings during the audit process will likely increase the chances of a negative outcome and/or delay required improvements to the Council’s services.