Audit and Governance Committee - Wednesday 18 March 2026, 6:00pm - Folkestone & Hythe webcasting

Audit and Governance Committee
Wednesday, 18th March 2026 at 6:00pm 

Agenda

Slides

Transcript

Map

Resources

Forums

Speakers

Votes

 

Welcome to Folkestone and Hythe District Council's Webcast Player.

 

UPDATE - PLEASE NOTE, MEETINGS OF THE JOINT TRANSPORTATION BOARD AND FOLKESTONE AND HYTHE DISTRICT AND PARISH COUNCILS' JOINT COMMITTEE WILL BE STREAMED LIVE TO YOUTUBE AT: bit.ly/YouTubeMeetings


The webcast should start automatically for you, and you can jump to specific points of interest within the meeting by selecting the agenda point or the speaker that you are interested in, simply by clicking the tabs above this message. You can also view any presentations used in the meeting by clicking the presentations tab. We hope you find the webcast interesting and informative.

 

Please note, although officers can be heard when they are speaking at meetings, they will not be filmed.

 

At the conclusion of a meeting, the webcast can take time to 'archive'.  You will not be able to view the webcast until the archiving process is complete.  This is usually within 24 hours of the meeting.

Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
Share this agenda point
  1. Webcast Finished

to this evening's Ordered Governance Committee meeting.
Thank you so much for coming along.
The Committee Services will confirm webcast has started.
Correct? Wonderful.
And before I read my little notice,
I do want to welcome Councillor Paul Thomas.
Very great to have you here. Thank you for joining.
In the meantime, just a quick read -through of some areas here.
Good evening. Welcome to the meeting of Ordered Governance.
This meeting will be webcast live to the internet.
For those who do not wish to be recorded or filmed,
you will need to leave the chamber.
For members, officers, and others speaking at the meeting,
it is important that the microphones are used
so viewers on the webcast and others in the room
may hear you.
Excuse me.
Would anyone with a mobile phone please switch it to silence
as they can be distracting?
I would like to remind members
that although we have strong opinions on matter
under consideration, it is important to treat members,
officers, and public speakers with respect.

1 Apologies for Absence

Moving on to apologies for absence. We've received one apology this evening chair from

2 Declarations of Interest

Councillor McShane. Thank you very much. And as for the next item of minutes, we'd like
to consider and prove as a correct record the minutes of the meeting held on the 29th
of January 2026. Could I have a proposal? Thank you, Councillor Cawd for you in the
Seconder? Thank you, Councillor Wing. And to vote by show of hands.
Settled. Do I need to sign this?

3 Minutes

Wonderful. So far, so good. First item in terms of discussion points, we have...
Oh, I beg your pardon, I got so excited.
I've got a declaration of interest, there we go.
Declaration of interest, thank you, Gemma.
Do any members have any declaration of interest to share?
Councillor Wigg.
Thank you, Chair, just to see a direct talk with Tunes.
Thank you, and that was also an interest
that I should share as chairman of opportunity tests.
Councillor Thomas.
Yeah, I'm also a director of opportunity tests.
Thank you so much.
It's quite an important one, thank you everybody.
Let's move on.

4 Quarterly Code of Conduct Complaints Update

Urgent item of business.
So we have an urgent item of business,

11 Urgent Item of Business - Statement of Accounts 2025/26 Audit Plan

the statement of accounts 2526 audit plan.
Grant Thornton will present the 2526 audit plan
and timelines.
This item will be introduced by Grant Thornton,
I believe by Jonathan.
And following the introduction,
we will then have a discussion.
The recommendations are as follows and for the benefit of the minutes.
So for the urgent item of business, the following recommendations are proposed for the minutes.
Number one, the Grant Thornton audit plan for 2526 will be received and noted.
Number two, the Grant Thornton letter of audit timeline for 2526 be received and noted.
Number three, the final audit findings, ISA 260 report for 2425 be received and noted.
and number four, management's responses to informing the audit risk assessment for folks
in higher through 2526 be approved. And with that, I will share to you the gentleman. Thank
you.
Thank you, Chair. So the urgent item of business before you presents a number of specific items
relating to the Council's external audit of its financial statements. This can be found
in the two supplements to the main agenda pack. The purpose of the items brought before
you are to outline the audit plan, so the grant forms and audit plan for 25 -26, which
they will talk to after my introduction. Further, they have brought a letter highlighting the
proposed changes in timelines for the completion of the audit for 25 -26, and finally, the final
audit, the final report for 24 -25, statements of accounts, are brought for you. With those
having been approved by this committee in January 2026 and formally signed in February
2026. That's the statement of the Council 2425. Management have also responded to a
number of audit planning questions from the auditors, and those are outlined in management's
responses to informing the audit risk assessment for folks in the High of 2526. And these responses
are for your approval of the A &G committee.
And obviously for the purposes of minutes,
there are those four recommendations
as the chair has highlighted.
First being obviously the audit plan being received and noted.
I won't go through all four of them,
but those are the four recommendations for approval.
And I'm happy to take any questions
that you might have on the substantive body of the report
items before you.
However, in the meantime, I'll hand it over to Grant Thorne
who will take you through the actual audit plan directly.
Thank you.
Thank you, Chair.
So I will kick off with a letter to Alan, which is the first part of it,
and then Kieran will pick up the audit plan.
So in the covering letter, and we've sent this to all audit clients,
and what we set out is the timeframes that MHCLG have imposed
in terms of when audited accounts need to be submitted.
You'll recall for 24 -5, we completed the audit at the end of January. The deadline for all
24 -5 audits was the end of February. They are bringing that forward for 25 -6 to the
end of January 27, and then permanently from 26 -7 to the 30th of November 2027. So Grant
I've often considered this in the round because we audit 36 or 37 % of all local authorities
and we've taken the view that it would be impossible to hit the 30th of November 27
without having a dry run because an audit is an ongoing thing and if we left everything
to the 31st of January 27, the chances of us being able to deliver everything to the
of November 27 are quite remote. So what we have done is take the view that we need to
have a dry run and we need to complete everything by the 30th of November, which is ultimately
the sort of permanent deadline going forward. So it's a good discipline for all parties.
So we have had a discussion with council officers and have taken into account the fact that
there's a sort of systems change happening in terms of the council. So that's going to
make aspects of the 25 -6 audit more challenging in terms of capacity, responsibilities, etc.
But we've set out a timeframe here to deliver 30th of November, 2026.
Now because the statutory deadline is 31st of January, I think we're sort of pondering.
we must finish the work by 30th of November from our perspective, but if the
audit committee is the week after, it's not a disaster,
it would be the year after. So we're obviously in discussion with management about
what the right timing of that audit committee will be, but in principle we're
expecting to complete all of our work within that time frame. Now that puts
responsibilities on us and it puts responsibilities on management, and I
I think it's fair to say that because of the well -documented challenges in the whole system
and the fact that approximately 40 % of all audits nationally are disclaimed due to the
backstop legislation, MHCLG are very, very keen to recover that position.
In fact, every single disclaimed authority has to have an action plan as to how they
get back to full assurance, which has to be submitted to MHCLG by July.
So that's obviously a challenge for those authorities in that position.
And so there is no real scope for delay in any of these things anymore.
We've really got to deliver that.
Obviously, you're in a good position to start with because you've got an unqualified opinion
brought forward and obviously I think the accounts process has gone well in the last
couple of years, but we've probably all got to, we've got to, all of us collectively be
slightly sharper so that we can sort of hit an end of November timeframe.
As I said, this letter has gone out to all of our local authorities and we're obviously
discussing that with all of them, but in essence, we need to bring the whole thing in this time
timeframe. If I pass on to Kieran now to talk about the plan, we'll perhaps take questions
or both after, Chair, if that's okay. So I'll pass on to Kieran now.
Thank you, Chair. I'll present the audit plan for the 2526 external audit. I'll take the
report as read. It will highlight some elements for members' attention.
On page 6 of our report, we've set out the significant risks for the audit. The first
risk is management override of controls. This is a presumed risk under auditing standards
for all entities, in particular the risk around journals,
management estimates, and transactions
outside the normal course of business.
There is also, under ISO 240, a presumed risk
of fraud and error in revenue recognition.
As per page seven of our report, we've
rebutted this risk for the audit and do not
deem it to be a sick risk for the council and the group
due to the lack of incentives and opportunities
for management to manipulate revenue.
Likewise, under practise note 10,
we're required to consider the risk that expenditure is
misstated due to improper recognition.
We do not consider this to be a significant risk for the audit due to, again, a lack of
incentive and opportunity for management to manipulate expenditure.
On pages 9 to 10 of our report, we've set out the significant risk around valuation
of property, plant, and equipment, council dwellings, surplus assets, and valuation of
investment properties, and on page 11, the valuation of the defined benefit pension liability.
We consider these to be significant risks to the audit due to the size of the values
involved.
the significant judgments applied in determining these figures, and the sensitivity of these
estimates to change.
We have also identified level three financial assets and liabilities as significant risk.
This is due to level three assets and liabilities in that they have a lack of observable inputs
and therefore represent a significant estimate by management, and as such, we deem that to
be a significant risk.
This is set on page 12 of our report.
On page 13, we've set out a new significant risk for 2526.
This is the data migration and new system implementation
arising from the council's transition from the e -financial
to technology one general ledger system.
To address this risk, we've engaged our IT audit team
to complete detailed testing and evaluate the design
and implementation of the controls around the new system
and the data migration.
We also have identified two other risks,
which is the accounting treatment
for the Princess Parade AUC write -off.
This is due to the material nature of the cost
and the complexity around the accounting treatment
And also the impairment of the Otipool Park work in progress.
This is due to, again, the scale and complexity of the scheme.
These have been set out on pages 16 and 17 of our report.
On page 18 of the plan, we've set out our approach
to materiality.
Materiality has been determined at 2 .5 % of the prior year gross
expenditure.
We've set a lower materiality threshold
for senior officer remuneration and exit packages
due to the heightened public interest
and scrutiny in these balances, which
we've set at 20K per officer.
This is consistent with our approach in the prior year.
And then finally, I'd direct members
to page 23 of the audit plan.
Here we've set out the interim work we have planned to undertake.
Due to the earlier backstop, to ensure
that we can meet this deadline, we've
brought forward the areas of testing
to be completed ahead of the publication of the draught
accounts.
And the sections we're looking to test
have been detailed in the report.
The work in this area is currently ongoing.
I'll stop there, and we can take any questions
on the plan or the audit timeline?
Just want to go for any questions.
Councillor, Councillor Thomas.
Yeah, thank you.
You said on page 13 of your report about the new financial system,
that that is included in Appendix 4 of the risk management policy going forward.
So there's no difference between those two there.
Their couch is the same, aren't they?
And the output of those is the same for the new financial system.
We're not saying anything different in your report to what we've got in our own appendix 4.
Thank you.
I might be able to take that one.
Thank you, Chair. It's more an observation. I mean, when you start talking about this
backstop, I've been on this committee a number of years now. I know what it probably was
a few years ago. And I'm really happy that you've certainly taken it by the horn. I have
reasonable confidence, I'm sure you have as well, it will be achieved. But am I right
in saying so? For this financial year, we're in now, we're going to do almost like a test
to see how it goes, but if you do miss it,
it's not a major problem because you'll have
a few more months to, then to see where.
Thank you, Councillor, I think that's a good question.
You're right in terms of the backstorm legislation.
There's a further two months to work with.
The question will be, of course, how we approach that
and how the Council wants to approach that.
I mean clearly we're not going to die in a ditch over a few days here and there, but
the reality is if we were, say, coming back to the audit committee on the end of January,
either, there's only two reasons why that could happen.
Either our resource and collapse is completely, and we can't resource the audit, or we find
so many significant issues, or I suppose, have a lack of resource, but so many significant
issues that all it drags on until the end of the journey, in which case there will be
a significant fee overrun. Now I think none of us want any of that. We want to finish
at the end of November. So there is the capacity, in theory, to go beyond, but clearly what
we're trying to do with the dry run, looking at it from a national perspective, is to make
sure we can definitely, definitely meet the statutory deadline of the year after. So that
will be our ambition. But you're right to point out that technically there is a two
month window.
And how does the officers feel about you feel, especially with the new IT system coming in,
I've realised it's a hell of a lot of work for you.
Are you reasonably confident, looking at Mr Tim Prater?
Thank you, we are reasonably confident, obviously we are engaging with the auditors specifically
on this we're looking at, as you'll note from their audit plan, doing some work ahead of
time. So, you know, dealing with, for example, some of the samples earlier on that we would
normally do so. It's probably worth bearing in mind that obviously with the 24 -25 audit,
which we've just been through, actually substantively quite a lot of the work was done certainly
by sort of early December. There were some things that we needed to sort of finalise.
So that gave us a good level of confidence.
Obviously, there are challenges this year specifically with the new finance system coming in,
so that will cause some challenges.
However, we are engaging with the auditors regularly.
We discuss timelines.
The point of the plan that we've gone through with them and the timelines is to ensure
that we are able to meet the end of November timeline.
Councillor Thomas.
Yes, thank you, Chair.
Just in terms of the new risks that you've identified, on there you've got the accounting
treatment of Princes Parade AUC write -off.
In the audit procedure, you talk about confirming the 2034 -25 audit item on there, and then
re -performing the accounting entries to verify the write -off has been posted to the appropriate reserve.
What actually prompted that risk to be identified?
And do you envisage at this moment in time any issues associated with how that was treated?
Thank you.
So obviously, Prince's Parade has been an issue the Council have been wrestling with for some time,
as you all aware, and obviously incurred significant capital expenditure on for a period of time.
So it has been sitting as it's under construction for a couple of years.
The discussion we had with management in 24 -5 had the decision to end that scheme,
taken place to be reflected in the 24 -5 accounts.
And that was our challenge question.
Management provided us with a detailed paper
talking about why they were not going to
incur a write -off in 24 -5,
and we accepted that position.
Now, we'd expect the write -off to happen in 25 -6.
From an accounting point of view,
there are potentially some options
as to how that works through.
So it's that re -performance that we're going to do.
Obviously management will need to consider
the precise accounting they're going to do
in the 25, six accounts as they come up to prepare them.
So that's what we all look at.
So the re -performance is literally
are we happy that the entries have been posted
to the right accounts, the right reserves,
the right, et cetera.
So there's a set of processes to go through.
So that's why, and it's a significant amount of money,
so it's quite important it's accounted for correctly.
Any more for any more?
All right.
Thanks so much for your time and the volume of work in the pack.
It's an exceptional document.
Just to remind myself of what we need to do next is to recommend a note
on all things at once.
Yeah. So should I show of hands?
Oh, the proposer, Councillor Godfrey, thank you.
Okay, seconder?
Councillor Walker.
By a show of hands?
Thank you.
Wonderful, moving us on then to item five,
the quarterly Code of Conduct complaints updates.
This report provides an update to the Committee

4 Quarterly Code of Conduct Complaints Update

on Member Code of Conduct complaints received
during quarter three of 25 -26,
which is the first of October to the 31st of December, 2025.
This item will be introduced by Euan Green and following that we will then open it up
for discussion. Euan.
Thank you, Chair. So, members, evening. This is the normal quarterly report you see before
you. Section 2 of the report lets you know that there were five complaints made by the
members of the public in the period and these were generally under the heading of public
statements including social media, website, internet and email comment. Within that in
section 2 .3 you can see that none of these were taken to the investigation stage, but
I think I should at last reiterate that does not mean that these were not taken seriously
and they're not important for people who are making the complaints. And as part of the
decision notice that goes out on some of these in particular, I would have provided guide
and notes saying there'd be guidance provided
to an elected member on certain issues
if I thought that was necessary.
So it doesn't mean that there wasn't some follow -up action
that we could be tracking.
And it's as simple as that, yeah, thank you.
Thank you, and just then to open up for a discussion
for any questions.
Nothing to add, all counts as satisfied.
Wonderful, then in which case,
I believe the recommendation is to note.
Oh, sorry, if I turn the page out, I'll help, wouldn't it?
Thank you so much.
So the recommendation therefore to receive a note report AUG 2519.
Any proposal?
Councillor Wayne.
Seconded by Councillor Thomas.
And now we'll go to vote by show of hands.
Thank you so much.

5 Quarterly Internal Audit Update Report - East Kent Audit Partnership

Moving us on to Item 6, the quarterly internal audit update report from East Kent Audit Partnerships.
This report, Item 6, includes the summary of the work of the East Kent Audit Partnership,
or ECAP, since the last Audit and Governance Committee meeting, together with details of
performance to 31st December 2025. This item will be introduced by Christine Parker, Head
of Audit. Final introduction, we will then have a short discussion. Thank you.
Oh, Chris. You've told me that before. Thank you. Chris, thank you for joining us.
Thank you, Chair. The report before you on page 19 is the regular internal audit update
report showing the work that's been completed since the last committee meeting. You will
You will find on page 23 that the summary of reports, there have been five completed within the period
and all coming out at substantial assurance and no high recommendations.
Therefore, there's nothing there to concern the Committee at this time.
Moving on to page 28, this shows the follow -ups that have been completed in the period
and there were six completed and they were all coming out at substantial assurance.
So again, there's no areas to worry or concern the members coming from that piece of work.
And then on page 33, this shows the audit plan as it was at the end of December 25.
So the target percentage for completion at that time was 75%, and Folsom was coming out at 66 at that time, so just slightly behind.
And just to move you up to more current figures for February, as shown now, are just above 80%.
So that's moving in the right direction for that.
So, those are the main points and we'll be pleased to take any questions you may have.
Thank you.
Thank you so much.
And if I could just slip a note in first before we open up for questions.
I don't think the numbers quite do justice of how well the work is going and especially
on the table of 3 .1, the substantial work that has been done since point A and point
B I think is to be applauded and a great effort by officers all around.
So, thank you for that.
In terms of opening up for discussion, we are only going to start.
Councillor WYNDHAM.
Thank you, Chair.
On page 24 in section 2 .1 .2, the peer review panel has highlighted two possible
possible problems, weak areas. One of the lone working policy, I seem to remember this
one keeps coming back to its committee about this lone working policy. It says it's just
waiting ratification. I just wonder if there's any, has it been ratified or anything, or
can anybody, or I'm happy to take it, come back some other time.
Any officer back to the comment? Jonathan.
Yes, perhaps come back to his committee at some point just to confirm it.
Because I've just sort of seemed to remember reading about that for a while now, but it's just...
Oh, it's in hand, that's fair enough.
And everyone's... it's a bit of a more than unusual one, I suppose.
It's development across all partners, for adults with co -occurring conditions, IED2 conditions.
I mean, I understand that's a lot more complicated, because obviously you're working with other councils and so is that correct?
Could you just direct me to go to that one?
Yes, that's in the same section.
It's section 2 .1 .2.
In the second paragraph, about halfway down, it talks about the peer review panel.
I'm happy to receive information about that later if that's easier.
Christine, if you can support.
Through you, Chair.
Yes, I undertook this audit, unusually.
So it was well timed and it was badly timed
in a lot of respects because we had,
the council had just undertaken the peer review with,
as it says, and both of those pieces of work
were already quite mature, they just needed to be ratified
and brought back, so obviously we're gonna confirm the date
when that's happened, but both of those areas
for development, as you're rightly saying,
this was kind of a new thing since the last time
the policy was written, so those other co -occurring
conditions is a new sort of consideration of risk when going through the policy.
So it was all in hand to give you that assurance and it just needed to be ratified and brought
back and adopted.
So obviously next time we come to look at this, I'm sure it will have been by then.
That would be brilliant.
Thank you.
That's all.
Thanks, Chair.
Councillor Thomas.
Yeah, thank you, Chair.
Just in terms of Appendix 3, acknowledging the amount of work that has been done, the
table there, so 350 days original plan 231 completed, which is as you showed 66%.
At the end of quarter three we should have been closer to 262.
Is there a reason why that 30 -odd days discrepancy and has it had an, is it going to have an impact,
is that recoverable in the final quarter?
Thank you.
Thank you, Chair. Yes, thank you for the question. Largely due to the vacancy that we were carrying from September,
and also, unusually, because the smoothing of the days across the four partners is usually more equal,
but we're at 108 % at Dover. We're a little bit ahead at one of the other partners.
Overall, across all the partners, as at the end of last week, we're at 90%.
So to answer your question, the team, we've got two weeks to go and the team are focusing very much on work here
and also at Fanit, which was also at the similar percentage to Folkestone.
But yeah, across the partnership we're at 90%, we should get to quite high 90s within the next couple of weeks.
We have brought some resources in, but we kind of managed that with the section 151s that we have had a vacancy.
There will be a saving, also returned to the authorities because of the fact that we had a vacancy.
So we'll carry those days over and hopefully catch up in the new year if we don't deliver them all by the 31st of March. Thank you
Council when we're raising a handle
Thank you questions counsellors and thank you for the volume work offices and a the work and be the reporting of the work
The recommendations are as follows.
To receive and note the report AUG 2523, to note the results of the work carried out by
the East Kent Audit Partnership, and could I invite a proposer to say so.
Councillor Walker and a seconder.
Councillor Wing, thank you so much and a vote by show of hands.
Thank you.

6 Risk Management Policy & Strategy/Corporate Risk Register

Moving us on to item number 7, risk management policy and strategy corporate risk register.
This report presents an updated risk management policy and strategy, last viewed by the committee
in March 2025.
It also presents an overview of the corporate risk register, giving the committee oversight
of changing and emerging risks as appropriate.
This item will be introduced by Jonathan Hicks, Governor Performance and Risk Manager.
Then we'll wait in the open for discussion after.
I have included a summary review at Appendix 3 which is on page 8 of the period.
The page is on page 8 of the period.
The cover report also has a few points of it.
After Appendix 3 is submitted.
Mostly this reflects the role of the important role you have in insurance and this unit of the district services.
I have included a summary read at Appendix 3, which is on page 83.
If you just want to read quickly a little bit.
The three pages are on the left.
It gets out to you how they manage the environment we work within,
the types of issues we cover, how they manage, and exploring the system that we use.
In addition, the report includes the regular uploads, and that's easier.
Perhaps if you look at the Appendix 2, at page 885, that gives you your familiar page
and the dashboard.
And we note that we are still monitoring
13 lists, but we have projected speed,
so in search, a number of highlights
that we still have, and we're still
wondering how they're doing.
And we also note that we have really broad
and other platform changes that are
close to 10 or 12, and reflect
So what should we do?
I think it's high risk.
We scroll down to page 86 and have you have a look at that report.
You'll note also that we've monitored what was the risk
and then registered as being off target.
And we have a bit of explanation there.
I think it's high risk.
This is not the kind of API we're looking for.
And the main report, I've covered this in the cover, but if you go back to the main report, I've put a table in there for you to see.
It sets out a little bit more detail around those highest risks, to give you an idea of what we're doing in the discussion, and some details around the new risks of the impact.
One is to do with the whole process.
And although this is being managed as a project,
and it was kind of saying this was a step,
it is perfectly fine.
I personally, in my experience,
the ability of the ability to begin with here,
which we have selected on this project,
currently is controlled using the design page
of the Cuts panel.
It's not too volatile.
That's the details of the report, so we're asking you to review and read the team's edition.
It's a good thing that you're here.
And that's it for this session.
Thank you very much.
Thank you so much, Jonathan.
An exceptional bit of work.
I'm very grateful for the effort put in.
I had two quick questions myself, first of all.
I don't know whether my first question is, I suppose, let me ask them and see how far
I get. The question around LGR for me, it was ranked as likely, not very likely. Am
I reading the terminology, the semantics of likely? Is it likely to happen or is it likely,
how disruptive, is it likely to have a disruption to the council? What is the definition of
likelihood that we use or maybe just a terminology thing.
And two, just curious on FOCA, why it was FOCA
that was put in and not the wider levelling up project
as an entirety.
Was there any logic there?
Thank you.
before we close.
Okay, remind me.
So we've assessed that.
And you can express to yourself there are some bludgeoning
and some like descriptors.
They are very dominant.
But you've seen the recognizability of the CMT.
That's a perfect example.
We did three transition work.
And we've done a lot of work.
And we've done a lot of work.
And we've done a lot of work.
And we've done a lot of work.
Any other councillors have any questions?
Councillor Thomas.
Thank you, Chair.
I've got a couple of questions, actually.
So C1, cyber threat, it says there that essentials, sorry, cyber essentials certification,
targeted for completion and completing 36 action points.
Recognising the risk score is high, are we actually on plan, bearing in mind,
we haven't got very much longer before that,
before the end of that timeframe.
So the first question is, are we on track
for getting that certification, and therefore,
what impact will that have on the RISC school,
having achieved that?
So are we there, and what impact will that have?
And then the second one on, my second question on that
is C7, carbon neutral by 2030.
So the key action is implement newly approved
carbon action plan with clear achievable steps.
So again, my question there is,
is that fully funded to allow the delivery of action plan?
And as a consequence of doing the work associated
with understanding where we are,
what have we learned from not delivering
on some of the actions from the immediate past.
My two questions, thank you.
Thank you.
Sorry to say, this one here, the Prime Minister's
and the Prime Minister's panel in the world
have been very clear.
The deadline we put down is what we were aiming for
rather than what we expected.
I think what we're trying to show you is we've got all these actions to do.
Upon completion, though, we've got to work on something that's going to help.
And that was that one.
Still one that's coming to the village line.
One of the things that I've been wondering, unlike the first one,
is whether the government, by itself, has taken to a challenge.
Can I come back on the new financial system?
Part of the actions there is comprehensive confidence testing, user accepted testing.
What level have you set in terms of how staff have passed the confidence testing?
Have you said you'd need 95 % completion at a certain level?
because systems such as this are notorious, aren't they,
for overrunning and then other issues
that may not necessarily be seen during its development.
So I just wonder if you could just expand on that slightly.
Thank you.
Thank you, sir.
Thank you, Mr. Thomas, for the question.
In terms of confidence,
So certainly when it comes to the finance system now,
this is something obviously the external auditors
will be testing as part of their work
on our 25, 26 accounts.
So obviously what we're doing is we're doing a migration
obviously of our data.
We're transferring a number of years worth
of financial data into the new system.
And then operation, you'll be using that new system
from the new financial year,
i .e. from 1st of April of this year.
What we have to do and what we have,
The one thing that the audiences are particularly keen on
is about data migration.
That's one of the biggest areas,
and that's something that obviously
they're gonna be testing in detail.
What we're doing is we are,
obviously we're migrating the data,
but then we're having to do reconciliations,
because the key thing, the key risk
is about complete accuracy of that data.
So that's something that we're keen on doing.
We're actually performing testing
as we're sort of loading data into the new system,
ensuring it's both complete and accurate.
And that's effectively, that's a test we have to do
of 100 % of the population.
it's not a case of we can get a confidence level.
We need that data to be accurate.
So obviously we need to be both complete and accurate.
And those are the tests that we are performing
to make sure that the data that goes in
is a direct copy of the existing data.
I do have a supplementary chair for me.
So how is legacy data going to be managed then
in terms of the things you don't,
you choose not to transfer over?
Again, I'm just mindful of where we were
with our planning system a while ago
when we made some changes to that
and legacy data was held in a slightly different way
to the live data.
So I just want to know how that was gonna be managed.
Thank you.
Thank you, Chair, and thank you,
Councillor Thomas, for the follow -up question.
So yes, I mean, so what we're doing is we're splitting it
into obviously the more current data.
We're taking it across a number of financial years
worth of data into the new system
so that'll be readily accessible,
certainly could be covering certainly the 25, 26 year
and also the 24, 25 year.
Now obviously the audit has been signed off for that,
but we may still get questions on data,
for example through FOIs and the like.
We are retaining all of the rest of the data.
It'll be held in the system anyway,
but just not as a, not as, it is in the same format
in terms of the ledger and directly accessible.
So really an archive.
So we're actually creating an archive
which will have all of the sort of historical data
plus the attachments.
going back for the seven years, which is obviously as required for audit requirements.
So we've considered obviously those two elements and we've got the historical data available.
Thank you, Councillor Thomas.
Any further questions?
I value that a lot, yes.
Thank you. Just one more thing, if I may.
Under C3 sports and leisure provision,
that's marked as risk score nine,
and then develop and implement a new leisure strategy,
which we've already kicked around
at one of our previous meetings in OSC.
The question I have really centres around the fact that
you know, that strategy hasn't been through due process yet.
Part of that is very dependent upon a third -party grant that we've given
and that third -party delivering a significant piece of work between now and the summer,
which are very tight timescales, and that potentially impacts other work that we are proposing
with regard to Hyde Pool, for example.
So again, there's a lot of interaction there,
some of which is directly in our control,
but the hard swimming pool bit isn't really,
I mean, we're handing that over,
but it is such a key part of that.
And I just wonder, you know, does that risk score
accurately reflect that particular piece
where we're not in direct control
of the first part of that strategy?
Thank you.
.
Just following on from that, I think it's a good point you're raising, Councillor Thomas,
and I think on reflection we could probably reframe that, the way that risk is written,
to reflect more accurately some of the projects within the approach to leisure strategy that
we're taking at the moment, because obviously the leisure strategy itself is the other piece
what's ongoing. So take that on board and we can reframe that, rephrase that I think.
Thank you very much. Thank you and Jonathan. Any other final questions?
Okay, thank you. In which case, the recommendations are to receive a note to report
AUG 2522. The Audit and Governance Committee notes the updated risk management policy and strategy
at Appendix 1 and the Audit and Governance Committee reviews the corporate risk register
overview in appendix 4 and makes the necessary recommendations regarding the council's management
of risks. With those in mind, can I invite the proposer? Councillor Thomas and a seconder?
Councillor Walker. And we vote by show of hands. Thank you so much. Our next item is

7 Internal Audit Charter and Draft Internal Audit Plan 2026-27

the internal audit charter and draught internal audit plan 26 -27. And introduced by Christine,
In 2019, the report will include an audit charter for the East Kent Audit Partnership,
which sets out the overarching vision aimed at a strategy for the internal audit service,
together with the draught plan of work for the forthcoming 12 months of approval.
Following the introduction, we will have a discussion.
Christy.
Thank you, Chair.
Thank you for the introduction.
It's very important for the Committee to be aware of the audit charter and the protocol
that sits behind the internal audit service that we provide.
So page 90, paragraph two of the report
introduces the charter and now the charter and mandate.
So we've responded, this time we've presented it
with any changes since the last time the committee approved it
with any of those changes shown in red text for their ease.
So you can see that it doesn't change a great deal.
We've responded to the new global internal audit standards.
those are the changes I have reflected, and the proposal is once again to ask the committee
to approve the audit charter and mandate for the next three years, given that if there
were any other significant changes in that time, we'd of course present it alongside
the plan again. So if the committee are content, then I appreciate, and I'm not ignoring the
fact that it would take us past LGR, but obviously we need to sort of set that set. We'll present
it again for another three years and see where we are.
So that's the plan.
And clearly, the charter itself is very much
the why and the how of what we are doing,
and it sets out how we're going to deliver
the service to you.
And I think then we can move on to paragraph three
in the report, which is really a big piece of introduction
of how we derive the what we're going to look at
in the next 12 months.
So again, for the committee, we're talking about
a risk -based plan.
We certainly haven't got resources
to look at everything every year.
So we will consider effectively all the areas of activity
we could possibly carry out a review,
and that will become our audit universe.
Love some jargon, I thought I'd throw some in for you.
So we look at our audit universe
and all the entities within the universe.
We score a risk, and then we'll create a risk profile.
Overlaid to that, we will consider
your corporate risk register.
My colleague goes out and speaks to all the heads of service
So we're talking about what new systems are coming in,
what key people are leaving,
what experience is likely to leave,
what other legislation is coming in,
any other big changes happening in each of those service areas
that might consider to be new risks.
We clearly work closely with the risk register.
You have a very mature process here,
and that informs the audit plan.
We don't just look inward.
We look at the profession's risk in focus report.
And of course, this is not only just a global report now, it's across all sectors.
You won't be surprised to learn, we've just been talking about it, this is in paragraph
3 .3, that cybersecurity remains the number one top threat.
And clearly, I mean, we're talking about all the things that we're doing in terms of cyber
essentials, and you'll see at the next meeting, members, we have just completed a piece of
on cybersecurity third -party risks.
So again, another piece of work that comes
into the supply chain.
And this was a question I believe members asked
after the presentation at our last meeting
about what other threats are there
with other people providing our software
and other aspects to our network.
So we've completed a piece of work.
You'll be pleased to see that at the next meeting.
So clearly we will have put a provision
of doing some more IT work in next year's plan.
And then moving through the other top five risks
from the risk in focus, you can see that we have considered
those things and how we are planning to respond to them
in the draught plan.
The rest of the report, members, is really there
for context, again, the standards tell me that I have
a duty of care to get you to a position next July
where you are in a position to sign off
your annual governance statement.
Internal audit, of course, is only one source
of assurance for you, and there are lovely definitions
and standards that we follow, but the words adequate
and sufficient and enough aren't defined.
But you as a committee need to be assured that the work
that we will undertake will get you to a position
where you feel you've had adequate and enough
and sufficient assurance to sign that statement.
So with that in mind, we have obviously performed
a little bit of benchmarking, just like benchmarking
to give you a context of what other audit plans look like,
But it ends with paragraph five of me recommending this plan of 350 days to you.
So final part for me, Annex B, page 117 starts with the four -year effectively cycle of anything we could look at.
Again, commending members, we're only asking you to approve the next 12 months work.
We're showing the full four -year plan so you can see that we could potentially get through a lot of those audits in that cycle.
but at the foot of that table there is a list of audits
that fall outside of the cycle.
Very happy to take any questions, members,
and of course I'll just finally say it is a plan
if during the year we have obviously discussed with CLT
about LGR and any projects that are being undertaken,
if during the year there is a need to take our eye away
from some assurance work to do something
that supports the council in another way.
We're always keen to use the best,
get the best value from internal logic resources.
So any changes to the plan would be reported
back to committee.
So happy to take any questions, thank you.
Thank you so much, Christine.
Very helpful run through.
To open up to the room for any discussion
with anybody who'd like to ask.
Councillor Wang.
Thank you, Chair, and thank you very good, Paul.
Obviously number four of the current high risk
the microeconomic and the geopolitical uncertainty at the moment is very much
from everybody's brain. It seems to change every time you turn on the news.
I can understand how difficult it is for you to remember and it's good to
know you are monitoring it. I mean we've talked quite a bit about the backstop and
the change of dates and the new IT system are a bit doubt to know. Is that
something also on your sort of radar a bit as well because obviously as we
heard, but by the beginning of the meeting, if we miss this backstop, it is quite possibly
detrimental to the Council. Is that something on your radar as well?
Thank you, Chair. I mean, clearly the work of internal audit is to complement and not
duplicate the work of external audit, but naturally we'd be considering more risk. I
think our focus, we have actually two areas of business continuity, disaster recovery
in emergency planning in the plan.
And I would propose that we run the sort of IT element
of that against the corporate element of that.
So anything that's gonna knock you off target,
we want to know and test the controls
for how the council will respond.
So I think that's a bit broader than your question,
but certainly that's built into the plan.
In fact, effectively we've got 20 days
for that kind of work this year.
Thank you.
Councillor Thomas.
Thank you, Chair.
My first comment actually is procedural.
So recommendation two says approve,
but not direct the audit plan.
So why?
That's my question.
And secondly, at the end of Annex B,
there's reviews falling outside of the four year cycle.
The first of those is local code of corporate governance,
which is actually the next item on the agenda.
So my question associated with that is,
If they're not dealt with here, where are those reviews dealt with, and how were they selected?
How were those not included?
Is that just purely a timetabling issue, or was there some other means
of selecting those rather than the ones that are in the list?
Thank you, Chair.
Thank you very much.
To answer the question about the resolution,
it's partly historical.
It, bearing in mind, take the same report for authorities.
It doesn't appear elsewhere any longer.
It did use to the not direct part.
And it is, it's origination, it's the source
comes from the standards in terms of the committee,
the responsibility for the committee is to comment
and feed into the audit plan.
It's definitely brought to you as a draught for your input.
However, in terms of if the committee were minded to say,
we don't want you to work on any of these areas,
we only want you to work on this area,
you would be seen to be directing the audit plan.
So the section 151 officer has the responsibility
to provide a continuous audit.
and that's the local government statute part.
So it's very deep in there, and that's its origin.
I hope that helps.
And in terms of which audits haven't been selected
that are, if you like, overdue from the four -year cycle,
it is a profile of risk and available resources,
so both of those things.
So being that the local code of corporate governance
is very present and very effective,
we will have last looked at that.
It most likely would have been substantial,
probably with not any high recommendations.
And so it's something that we can push back in the cycle.
Thank you.
Any questions?
Council's had to think.
I did have a question myself, partly inspired by Council Thomas
on how and why things are allocated in the next 12 months.
And it looks like, again, I appreciate it.
It's probably a bit of a cross -reference between the substantial
and the time since the last audit.
Why do new things get put into the next 12 months?
What is there to audit on new things
and would it not be more valuable to audit them
in year two onwards after they're no longer new?
So there are new line items in the NXP,
review of new finances to the bidding review debtors.
They all get preferential treatment this year,
yet they don't exist.
So I was curious, is that again procedural sort of thing?
Thank you.
Thank you very much, Chair, for the question.
I think they're new to the audit universe, new to the audit plan rather than new areas
of activities per se.
Some of those things will have been around for a while, we just haven't actually audited
them yet.
I understand.
Okay, thank you.
But yeah, in terms of the profiling of these, when we come to allocate the quarter to undertake
the work, when we come to agree the scope of work, these are the discussions that we'll
be having in the management team to say, well, actually, some higher risk given the geopolitical,
the other kind of things that we're just saying.
Even since writing this report,
the world has changed somewhat.
So we will obviously take those.
It is a plan, and we can bend it and shape it a little bit,
whereas as emerging risks come along.
But it's hopefully profiled in a scientific way,
but there will be other factors that we're feeding.
Thank you.
Thank you for that.
What a context.
Any other questions, fellas?
Okay, thank you so much.
which case we will move on to our recommendations for this item which says the members approved to
adopt the internal audit charter and mandate for the delivery of the internal audit service for the
next three years. The members approve, but not direct, the council's internal audit plan for 26 -27.
Can I invite a proposal please? Councillor Thomas. And a seconder? Councillor Wing. Thank you so much.
Let's vote by show of hands.
Thank you for that.

8 Local Code of Corporate Governance

So, local code of corporate governments governance,
I beg your pardon, this report recommends the approval
of a local code of corporate governance for 26 -27.
This item will be introduced by Euan Green
and following that we will have a discussion on the matter.
Thank you.
Thank you.
So, this is the code that is before you every year
for the given as per the committees or delegations.
And it really sets out the framework,
the government's framework,
that guides how the council delivers its business.
So the code is derived from SIPFAR and SOLACE
and SIPFAR guidance that supports this.
And you can see outlined in the report in section two
of the main report, the seven core principles.
And of course the appendix, which is the code itself,
gives these principles and then gives much more detail into how that manifests itself
into how we do things in the council on a daily basis.
And this is not a piece of work that is reported back on and reviewed with performance data.
Rather, performance and outputs from the council are received across various committees and
cabinet in various reports, like the annual accounts, for example, and corporate action
plans and reports. So it's before you just, as a committee, to agree tonight that we adopt
this for 26 -27. Thank you.
Thank you. Any questions in the room to kick us off? Councillor Lane.
Thank you, Chair. Referring to page 132 under section G, implementing a good practise of
transparency, reporting and delivery of effective accountability. On section nine, it talks
about whistleblowing. We talked about this in the earlier session or the training beforehand
about whistleblowing and how would being members, I mean, how would the expected member to whistleblow
I know some industries have a private firm which you can go to and be it anonymously
whistleblowing.
I mean, I'm just concerned that some of you might be concerned about their job or something
if they're whistleblowing on their management.
If they've got to go to another manager or something, you know, they could be concerned.
If you've got any procedures in place where an amenity is maintained, basically what I'm
getting at.
Thank you, Councillor Ringan.
Yes, it's a good question.
We have a very well established
whistleblowing policy and process in the council.
Staff are given annual training on it as well.
And it absolutely has,
it's first and foremost about safeguarding,
integrity of the process and safeguarding
the person who is whistleblowing.
So anonymity, for example, is part of that process.
And it's a process I think that's probably adopted
by all councils in terms of what we've put in place.
So I have no concerns that staff don't know what the policy is, how to use it if they
have to and how we then use it as a management team if we ever have to.
And I'm very happy to say I haven't had to since I've been involved.
Christine, thank you.
Thank you, Chair.
We have a whistle -blowing hotline number for anybody to call and it's 01304 872 198 and
and that will come to me and you can leave a message
and we can deal with it from there.
So there is an advertised number for whistleblowing
in the way that you described that can be used.
That'd be quite interesting to communicate that
perhaps to all the members of the council.
Absolutely.
Thank you, Councillor Wayne.
Any other questions?
I had one myself in just terms of the volume of principles and behaviours, just in a quick
count, there's 64 behaviours across seven areas. How realistic is it that everyone will
demonstrate all 64? I'm guessing there's various people maybe more appropriate for various
areas but it just feels like there's quite a lot and I just like is that operationally
realistic that that will all be upheld?
I think that really we take this on a corporate basis so that's how the council will you know
underpins how the council operates and the governance we have in place so we'd expect
all these principles and standards to be met across all services, all delivery but of course
some will be more involved than others in that respect.
So, again, it's not a case of checking off each principle
and each of the statements there against any one individual,
it's more about the corporate approach
and how we're performing.
And if there were any issues,
they would be brought out in various audit reports,
for example.
Thank you.
Still don't write 64 of them, that's a personal point.
Any more questions for Councillors?
Okay, all right, thank you very much.
Therefore, the recommendations on this item are to receive
a note, AUG 2518, and to adopt the local code
of corporate governments appended.
And could I invite a proposal, please?
Councillor Walker, and a seconder?
Councillor Thomas.
And let's have a vote by show of hands.
Thank you very much.

9 Annual Report - Maintaining Ethical Standards

Moving us on to our next item, annual report on maintaining ethical standards.
This annual report to the Audit and Performance Committee is submitted in accordance with
the Committee's terms of reference as follows.
To receive an annual report on the District Council's ethical governance arrangements,
one of the roles of the Council's Monitoring Officer is to advance good governance and
ensure the highest standards of ethical behaviour are maintained through the effective discharge
of their statutory duties. Therefore, this item will be introduced by Euan Green.
And again, following that, we'll have a short discussion. Thank you, Euan.
So, the agenda has been well structured.
This is a very good example of who we're reporting back under the Code of Governance.
And this report for you gives you...
And it's slightly early because of the way the meetings have landed.
But we've got the number of complaints in the year set out there in section 2, and you
can see the number of complaints.
And there was a significant increase, but I think it's fair to say that was attributed
to one or two complaints being submitted by individuals on the same issue.
And that accounts for a significant number in terms of that spike there.
Again, the Register of Interests and Gifts and Hospitalities, covered in Section 3, and
all of that information is available publicly on the website as well, so we published that
for members of the public to see, which I think is a very important part of this.
And then just picking up on the last question we had about whistleblowing, just confirming
there have been no instances of whistleblowing in 2526. So I think a fairly positive report
in terms of giving you an update of the annual report, sorry, on maintaining ethical standards.
Thank you.
Thank you, Ewan. Let's open up for discussion and any questions from the room.
Councillor Thomas.
Yeah, thank you, Chair. Just in terms of item 3, Register of Interest and Gift and Hospitality,
Is that ever audited to make sure that the information that is presented is accurate?
Thank you.
Yes, I think the answer is part of the audit plan.
Just a short question from me.
Would it be appropriate to also have under 2 .4 the number of complaints against the number of people
just to contextualise whether they are like common or repeat complainers.
I think that's the wrong word to put it. I think you know what I mean.
I don't think I would like to be naming individuals.
No, no, no.
So, and I think, I know the point you're making, I'm not certain because what the benefit of bringing that in would be,
But certainly, I'm happy to look at it.
And I think what I would suggest,
maybe if I can take that away and look at other media
as good practise and I can see how they're doing it.
Yeah, I'd rather advocate for names.
I definitely don't agree.
But I just, you know, based on the data of the report
at face value, it does look like, you know,
nearly six times as many complaints.
But I don't think that's an accurate reflection
of what has happened.
and, yeah, I was just kind of curious on the level of appropriateness. Otherwise, any more
thoughts in the room or questions? Wonderful. In which case, our recommendations on this
item are to receive a note report, AUG 2521, and could I please invite a proposer? Councillor

10 Annual Report to the Audit and Governance Committee

Our final item of the evening brings us to the annual report to the Audit and Governance
Committee.
This report summarises the achievements of the Audit and Governance Committee against
the terms of reference for the period of the 1st of April, 2025 to the 31st of March, 26.
In detail, the impact that it has made on the overall system of internal control in
operation.
This item will be introduced by Ewan Green.
Thanks, Ewan.
Thank you, Jim.
And very briefly, I mean, it is what it is.
I think it's a very good record,
just demonstrating to you as members
and to the public watching on this one,
the wide range of subjects that you as a committee
have considered throughout the year.
In the report, it's a reminder of the terms of reference
for the committee.
And in previous years, some of these annual reports
are fairly standard because you have a number
of recurring reports and issues that you cover,
as per your tender reference.
However, I think it's more to me just to remind ourselves
that this year we added in a significant piece
on cybersecurity, which I think was something
the committee asked for on the back
of some of the previous risk discussions.
And I guess there's not much more to say
on that one, Chair, thank you.
Thank you, you, and then for the final time
to open up any questions.
All right. The report speaks for itself, Ewan. Thank you so much for your time on it. The
recommendations for it are to receive a note report, AUG 2520, and can I please have a
proposal?
Councillor Walker, I'm a seconder of Councillor Godfrey. Therefore, let's have a fight by
a show of hands. Fantastic. There we are, a seamless committee meeting, after all. Gemma,
is that everything? Should we close the meeting? Thank you, everyone, so much for your time.
your attendance and have a good evening. Thank you.