Agenda and minutes

To take any questions or statements from members of the Public.

No questions or statements were received from Members of the Public.

To receive declarations of any Disclosable Pecuniary Interests or other registrable or non-registrable interests from Members in respect of any item to be considered at the meeting.

No declarations of any Disclosable Pecuniary Interests or other registrable or non-registrable interests were declared by Members with respect to any item to be considered at the meeting.

The Committee is asked to confirm as a true record the Minutes of the Meeting of the Committee held on the 17 July 2025 (attached) and to authorise the Chair to sign them.

The Committee confirmed as a true record the Minutes of the Meeting of the Committee held on 17 July 2025 and authorised the Chair to sign them.

This report presents the Committee with its annual Work Programme.

The Committee received a report presenting its annual Work Programme.

The following matters were considered:

a)            Proposed Changes. The Chair highlighted that the footnotes in the report highlight any changes to the work programme and provide explanation as to why the changes have occurred.

b)            Code of Corporate Governance. A Member of the Committee asked when theCode of Corporate Governance will be received by the Committee, since it has been removed from the work programme for the November 2025 Committee Meeting. The Chair directed Members attention tofootnote 10, where it sets out that the Code of Corporate Governance Annual Review report will be received by Committee at their February meeting and explains that it has been moved due to resource constraints on the Corporate Governance Team, who are currently working on the Community Governance Review.

Following consideration, the Committee unanimously resolved to:

(1)      Note and agree the ongoing Work Programme as presented in Section 2.

This report provides an update on the progress of the ICT Strategy following a question from a member of the committee at the July meeting.

The Committee received a report providing an update on the progress of the ICT Strategy following the request from members at the July meeting.

The following matters were considered:

a)            Desktops. A Member of the Committee asked what proportion of the Council are using desktops and if there is any risk associated with desktops which are not reported in the update. The Head of ICT responded to explain that the Council has very few desktops, and that there is currently a programme of work to provide small form factor desktops for specialist use such as the print room, with these units being joined to the Council’s Microsoft 365 tenant and managed and deployed with Windows 11.

b)            Local Government Reorganisation. A Member of the Committee asked what actions are being taken to ensure EEBC’s IT changes are aligned with other local authorities in preparation for Local Government Reorganisation in Surrey. The Head of ICT explained that every month the Surrey Chief Officers group meets to discuss LGR and potential ways of working in the future. This provides the opportunity to securely share information that is not feeing into the official request for information programme. There is a dedicated resource for this programme at EEBC. The Head of ICT explained that it is too early to understand what the new unitary authority will look like from an ICT point of view and that most local authorities in Surrey are taking a keep the lights on approach to the ongoing support and development of the current IT systems.

c)            Revised Timeline. The Chair raised that the report shows that only 60% of this year’s objectives have been delivered due to delays and reprioritisation. The Chair asked what specific actions are in place to accelerate progress and what is the revised timeline to deliver the remaining objectives. The Head of ICT explained that there has been significant work undertaken to remove out of support servers and hardware in the last six months. The Head of ICT stated that it is likely that the percentage of completion will sit at 70% for the next Committee update and that the IT Health Check remediations are well developed and the telephony piece, which represents a significant part of the planned objectives for this year, has been assigned a specific member of the ICT team to prioritise and progress.

d)            Citrix. A Member of the Committee asked why the Council has not moved away from the citrix environment. The Head of ICT explained that at this moment in time the intention is to stay with citrix. He shared that conversations with the other districts and boroughs have shown that most are still using citrix environments, so to move away to an alternative platform would be overly complex at this time. He highlighted that the ICT team are looking at alternatives as the Council may have need to change. He stated that there may be a change in model of use of the citrix environment, potentially moving to  ...  view the full minutes text for item 18.

The appendix to this report provides an overview of the council’s performance with respect to its ongoing annual plan actions from 2024-25, key performance indicators, corporate risks, committee risks, and annual governance statement actions.

The appendix to the report provided an overview of the council’s performance with respect to its ongoing annual plan actions from 2024-25, key performance indicators, corporate risks, committee risks, and annual governance statement actions.

The following matters were considered:

a)            Update to report. The Corporate Governance & Strategy Manager informed the Committee that there is an action at the beginning of appendix 1 regarding the implementation of the homelessness and rough sleeper strategy, which has now been completed since the report was published.

b)            Car Park Revenue. A Member of the Committee asked if the contract change regarding app used for car parking payments, still make the use of an app provider the best solution financially for the Council. The Member also asked if different providers have been investigated so we are aligned with other Surrey districts and boroughs. The Corporate Governance & Strategy Manager confirmed that Ringo is still the best solution for both the Council and for users of the Council’s car parks. He explained that despite the contract change, there will be absolutely no change for the users of the app and car parks. He informed the Committee that the Council continues to offer a full range of options across the town centre car parks, of paying cash, card, or Ringo, and there are associated costs with each payment method, from the maintenance of machines, cash collection costs, to credit or debit card transaction fees for Ringo. He raised that the Council does pay a small percentage transaction fee for Ringo, but there are no other associated costs, so it is still the best option.

c)            Debit Card Fees. A Member of the Committee raised that they did not believe there should be transaction fees for debit cards. The Chief Accountant explained that the person using the credit or debit card doesn’t get charged, but the person taking the payment does get charged. The Council are charged firstly by the company processing the debit card payment and then there is also a charge to the acquiring bank, who is getting the money off the person who used their card. Any mention of fees for using debit cards, it is the Council and not the Ringo user who is paying.

Following consideration, the Committee unanimously resolved to:

(1)      Note and comment on the performance and risk information located at Appendix 1.

This report presents the forecast revenue outturn position for the current financial year 2025/26, as at Quarter 1 (30 June).

The Committee received a report presenting the forecast revenue outturn position for the current financial year 2025/26, as at Quarter 1 (30 June).

The following matters were considered:

a)            Budget overspend. A Member of the Committee asked if the report was forecasting year end to be a £485k overspend or whether that is the current position and the overspend will be even more. The Member also asked for clarification as to how the overspend will be dealt with other than just using reserves. The Director of Corporate Services (S151) confirmed that when the finance team do the budget forecast, it is for the year end position. He explained that this will be reviewed in the Q2 report scheduled to come to Committee in November. He recognised that there is a structural challenge in the Council’s housing budget with regard to the demand for temporary accommodation and the impact on the Council’s finances. He acknowledged that this is a wider issue, being felt and dealt with across the country. He informed the Committee that whilst the Council is fortunate to have healthy reserves, the aim is to not dip into reserves as that would not be sustainable. He continued to explain that this structural issue has been addressed in the Medium-Term Financial Strategy, and it is understood that if it is not adequately addressed it will continue into the next financial year.

b)            Housing and homelessness budget. A Member of the Committee asked if there was an increase compared to last year’s budget for homelessness. The Director of Corporate Services (S151) explained that the homelessness budget is based on a temporary accommodation (TA)  demand of 70, meaning as soon as we are over that number, the Council does not have the budget and is overspending. He explained to the Committee that there needs to be a budget set that ensures that services aren’t subject to failure every year and also recognises that services are doing their utmost to be able to manage to structural issue. The Member asked why the TA figure is set at 70 when it has been seen for years that the actual TA figure is much higher and therefore the budget should be set higher. The Director of Corporate Services (S151) informed the Committee that for 2026/27 the budget will be higher and that is what has been reported on.

·                     Councillor Bridger proposed a motion to add an additional recommendation to;

‘Agree to write to the Chair of Strategy and Resources and express concerns regarding the historically low Housing and Homelessness budget and Temporary Accommodation figure and seek assurance that it will be addressed and corrected in the upcoming budget.’

Councillor Neale seconded the motion.

The Committee unanimously agreed the motion and addition of a fourth recommendation to the report.

c)            S&R and C&W. A Member of the Committee asked for clarification as to whether Strategy and Resources are the right committee to write to when Community and Wellbeing Committee deal with homelessness.  ...  view the full minutes text for item 20.

This report presents the capital monitoring position at Quarter 1 for the current financial year 2025/26.

The Committee received a report presenting the capital monitoring position at Quarter 1 for the current financial year 2025/26.

The following matters were considered:

a)            CIL funds. A Member of the Committee asked if the Council hold all the CIL funds that have been promised and invoiced. The Chief Accountant explained that the table in 7.2 sets out the current CIL funds that are held by the Council, and it shows invoices outstanding as of June the 30^th 2025. She informed the Committee that the reason some invoices are outstanding is because developers are allowed to pay over two or three instalments. This is normally the case with big developments because the amount of CIL due is a significant sum. The Chief Accountant explained that the Council has a good recovery rate for CIL, mainly due to there being lots of legislation governing it, so there is not a lot of outstanding debt over 12 months old. The Member asked if there have been any developers who have defaulted on their CIL payments. The Chief Accountant agreed to check with the Developer Contributions Officer and let the Member know following the meeting.

Following consideration, the Committee unanimously resolved to:

(1)      Receive the capital monitoring position at quarter 1, as set out in the report:

(2)      Note the progress of capital projects as set out in Appendix 1.

To present a report on the management responses to the External Auditor’s recommendations as requested at the March 2025 A&S committee.

The Committee received a report presenting the management responses to the External Auditor’s recommendations as requested at the March 2025 A&S committee.

The following matters were considered:

Councillor Lawrence gave a verbal statement to the Committee.

a)             Publishing Urgent Decisions. The Chief Executive acknowledged  that there had been confusion on occasion regarding the publishing of urgent decisions and that often the delay had been caused by human error, where the initiating officer believed the authorising officer would publish the decision and vice versa. The Strategic Leadership team have taken notice of that issue and clarified the urgent decision process so it is clear what process should be followed and to ensure that the same mistakes aren’t made in the future. She also highlighted that there is a difference between an urgent decision and an urgent matter, which may take the form of a late paper being added to an agenda following publication.

b)             Report changes. The Chair asked what changes have been made to the report in comparison to the one presented to the Committee in July. The Director of Corporate Services (S151) explained that both reports reaffirm SLT’s commitment to transparency. He highlighted that there is an explanation in the report regarding the use of exempt items and ensuring items are only made exempt where legally necessary and all other reports are discussed and received in public. He informed the Committee that both reports reference the LGA peer review and the external audit findings and make clear that any issues raised will be revisited in the next audit cycle.  The September report includes additional reflections and actions following further internal consideration and recognises the discussions that happened at the Audit and Scrutiny Committee in July.  The September report highlights that restricted reports and agenda items are placed at the end of the agenda, to minimise disruption to public attendees and viewers and to ensure that all of the agenda that can be discussed in public is held in the public session. The September report has added a comment about regular catch ups with external auditors throughout the year, which have been scheduled to ensure timely communication on key matters. The September report also acknowledges the rationale for exempt items and recognises that sometimes it isn’t always clear as to why an item is exempt, so it is the intention and plan going forwards to ensure that it is always made clear why an item is exempt, both to Councillors and Members of the Public. The September report also welcomes external audit to commence a review of historic exempt reports for assurance and refers to training session for councillors and staff on the decision-making process. The September report also acknowledges that the issue under review should have been flagged earlier to auditors and confirms that regular meetings have now been scheduled to prevent reoccurrence. The Chair thanked officers and raised that this report is the response of a valid check and challenge from the committee.

c)             Restricted reports. A  ...  view the full minutes text for item 22.

The purpose of this paper is to provide an overview of the alternative options considered in commissioning an external assessor to undertake the pending independent assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector.

The Committee received a paper providing an overview of the alternative options considered in commissioning an external assessor to undertake the pending independent assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector.

The following matters were considered:

a)            Audit Manager. The Internal Auditor explained that there has been a change in audit manager for the Council and introduced the new audit manager. The Chair expressed their thanks to Jo Barrett for all their work as of audit manager for the Council.

b)            Artificial Intelligence (AI). A Member of the Committee asked what the internal auditors’ initial thought about opportunities to use AI, as mentioned in appendix one, and if it would save time and potentially reduce the costs of doing audits or allow for greater insights and depths for exploration. The Internal Auditor explained that AI is still in its infancy when it comes to audits and it must be approached with caution, as there are big issues and risks around the sharing and exposing of data. She explained that once there is confidence in it, it can be developed and embedded into processes correctly and should bring efficiency and greater depth within audits.

c)            Best practice. The Chair asked if there are any best practice guidelines on AI from the audit sector which could be shared with Members. The Internal Auditor agreed to look into AI best practice and provide a response to Members following the meeting.

Following consideration, the Committee unanimously resolved to:

(1)      Note the arrangements for the pending external assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector.

This report provides the Audit & Scrutiny Committee with the Internal Audit Charter 2025/26 (Revised).

The Committee received a report providing the Internal Audit Charter 2025/26 (Revised).

The following matters were considered:

a)            Standard document. The Vice Chair asked if the Charter is a standard generic document. The Internal Auditor explained that it is a generically produced document for all partners. It is based on the requirements as set out within the global internal audit standards. It has been tailored where required for specific references and terminology, such as the Audit and Scrutiny Committee and Strategic Leadership Team.

Following consideration, the Committee unanimously resolved to:

(1)      Approve the Internal Audit Charter 2025/26 (Revised) as set out in Appendix 1.

The purpose of this report is to provide the Audit and Scrutiny Committee with the Internal Audit Strategy 2025–2028.

The Committee received a report providing the Internal Audit Strategy 2025–2028.

The following matters were considered:

a)            Questionnaire responses. A Member of the Committee raised that the number of respondents in Appendix B seems low and asked if there was any reason for that. The Internal Auditor responded to explain that the questionnaire was sent out, and then a reminder was sent, and these were the only responses received. The Internal Auditor raised that the response could have been low due to cybersecurity and people’s hesitancy to open attachments to emails or documents and also pressures and demands on people’s time.

·                     The Chair proposed the recommendation is corrected to say 2028 instead of 2208.

Councillor Bridger seconded the motion.

The Committee unanimously agreed the motion and the recommendation was amended.

Following consideration, the Committee unanimously resolved to:

(1)      Note the Internal Audit Strategy 2025-2028.

This report provides the Audit & Scrutiny Committee with the Internal Audit Plan for 2025-26 (Q3/4).

The Committee received a report providing the Internal Audit Plan for 2025-26 (Q3/4).

The following matters were considered:

a)            Cybersecurity Audit. A Member of the Committee raised that there are two follow up items highlighted for Q4, on Information Governance and IT Cyber Security (training and awareness), on pages 178 and 179 respectively, that relate to 2023. The Member raised that for both they received a limited assurance opinion and asked why they are scheduled for Q4. The Internal Auditor explained that these are follow up audits and full audits of these areas were completed in 2022/23 and 2023/24, which resulted in limited assurance opinions. She explained that as with all audits, there will have been a series of management actions that would have individually had a timescale for implementing, which need to be followed up on and reviewed to ensure internal audit are satisfied that all management actions have been implemented, validated, and functioning as intended. The Head of ICT confirmed that the proposed timing of the follow up audit gives the appropriate time to ensure that all management actions have been covered off sufficiently.

Following consideration, the Committee unanimously resolved to:

(1)      To provide input to and approve the Internal Audit Plan 2025-26 (Q3/4) as set out in Appendix 1.

Progress report on ICT Audit Actions.

The Committee received a report on the Progress of the ICT Audit Actions.

The following matters were considered:

a)            Cybersecurity training. A Member of the Committee asked why the target for cybersecurity training completion wasn’t 100%, as the targets currently sit at 90% for internal staff and 80% for Councillors. The Head of ICT informed the Committee that a new platform, Boxphish, is being used to deliver the cybersecurity training. This new platform enables both ICT and HR teams to monitor training completion levels across the organisation and automatically issues reminders to the staff who have not completed the training within the designated time frame and in case of persistent non participation ICT will work with HR to determine appropriate sanctions. Based on HR’s guidance and organisational policy, the original target of 90% completion was set to ensure broad coverage, whilst acknowledging that some staff may be on long term leave or otherwise unable to complete the training within the given time frame. The campaign that ICT have now launched for the staff is directed at all staff who use a computer or an electronic device that could be vulnerable to cyber threats, taking, ICT remain confident that the box fish system can achieve a 99% completion rate. The Head of ICT raised that limited engagement was received from Members in the past in regard to cybersecurity training and that informed the target of 80% completion. He explained that ICT remain confident that Boxphish will deliver a more engaging experience and the training is shorter, more relevant, and tailored to the needs of both staff and Members. There is ongoing work between ICT, Comms, and Democratic Services to deploy the training to Councillors and the first wave of training should be received by Members in the coming weeks.

b)            Uptake of Training. A Member of the Committee raised that when the previous training email was received by Councillors, it was deleted by some who believed it could be spam or phishing.

Following consideration, the Committee unanimously resolved to:

(1)      Note the most recent progress that has been made on the remaining ICT audit actions as set out in Appendix 1.

As required by the Global Internal Audit Standards in UK Public Sector this report presents the Internal Audit Progress Report (August) 2025-26. The report provides the Audit and Scrutiny Committee with an overview of internal audit activity and assurance work completed in accordance with the approved audit plan and provides an overview of key updates relevant to the discharge of the committee’s role in relation to internal audit.

As required by the Global Internal Audit Standards in UK Public Sector this report presents the Internal Audit Progress Report (August) 2025-26. The Committee received a report providing an overview of internal audit activity and assurance work completed in accordance with the approved audit plan and provides an overview of key updates relevant to the discharge of the committee’s role in relation to internal audit.

The following matters were considered:

Councillor Lawrence made a verbal statement to the Committee.

a)            Staff Turnover. The Internal Auditor explained that due to a higher level of staff turnover, there may be a slight delay with the delivering of some audit reviews, during the onboarding process for new staff. The Internal Auditor reassured Members that they remained confident that the audit plan will be sufficiently delivered by the end of the year, in time for the annual conclusion to be presented to the Committee.

b)            Food Safety Standards. A Member of the Committee asked what happens if the Council does not complete the outstanding food safety inspections. The Member expressed concern about the impact on residents and the Council and feelings of security over the restaurants and establishments where they are purchasing food in the borough. The Corporate Governance and Strategy Manager explained that the consequences of failure to adhere to the Food Law Code of Practice could be ministerial direction, however, there is an escalation procedure established prior to this in which the Food Standards Agency engage with the authority in question at a lower level with a view to assist in the resolution of resourcing or operational difficulty causing the loss of alignment with the code.

c)            Playground Maintenance. The Chair asked for the management actions on playground maintenance to be shared with the Committee as soon as possible. The Internal Auditor explained that the list of management actions are not reported in detail unless they are high priority actions that become overdue, and then they will be included in appendix 1. The Internal Auditor explained that they are broadly satisfied that appropriate management actions have been identified to be implemented, which will manage any risks identified through their reviews. Management actions are then followed up through the action tracking within section 11. The Chair asked for clarification as to when the management actions are scheduled to be completed. The Internal Auditor explained that specific dates aren’t put against individual management actions in the summary, but playground maintenance management actions will be internally tracked as to whether they are completed in accordance with target dates and then any actions that become overdue will feature in future progress reports in the overdue column, and any high priority management actions that become overdue will then be listed appropriately in appendix 1, until such time as the actions have been implemented.

d)            Playground inspections. The Vice Chair raised that for two of the 19 sites internal auditors could find no evidence of the annual independent inspection. The Vice Chair asked if these will be followed  ...  view the full minutes text for item 28.