Issue - meetings

This report provides the Audit & Scrutiny Committee with the Internal Audit Plan for 2025-26 (Q3/4).

The Committee received a report providing the Internal Audit Plan for 2025-26 (Q3/4).

The following matters were considered:

a)            Cybersecurity Audit. A Member of the Committee raised that there are two follow up items highlighted for Q4, on Information Governance and IT Cyber Security (training and awareness), on pages 178 and 179 respectively, that relate to 2023. The Member raised that for both they received a limited assurance opinion and asked why they are scheduled for Q4. The Internal Auditor explained that these are follow up audits and full audits of these areas were completed in 2022/23 and 2023/24, which resulted in limited assurance opinions. She explained that as with all audits, there will have been a series of management actions that would have individually had a timescale for implementing, which need to be followed up on and reviewed to ensure internal audit are satisfied that all management actions have been implemented, validated, and functioning as intended. The Head of ICT confirmed that the proposed timing of the follow up audit gives the appropriate time to ensure that all management actions have been covered off sufficiently.

Following consideration, the Committee unanimously resolved to:

(1)      To provide input to and approve the Internal Audit Plan 2025-26 (Q3/4) as set out in Appendix 1.