Audit Committee - 26 September 2025

The Audit Committee confirmed that there were no declarations of interest and, on the motion of Councillor Candy and seconded by Councillor Yelland, formally approved the minutes of the previous meeting held on 4 July 2025, authorising the Chairman’s signature. The Interim Head of Finance presented the External Auditor’s Progress Report, noting that Grant Thornton is in its second year of a five‑year contract to audit both the Council and its Pension Fund. The report highlighted progress on the financial‑statement audit, the management‑override‑of‑controls testing, and ongoing work with subsidiary auditors, with a final opinion expected before the statutory 28 February deadline. A significant value‑for‑money risk was identified for the Dedicated Schools Grant, and the Committee noted red‑rated IT audit findings concerning super‑user access and segregation of duties in Oracle, for which remedial work is under way.

The Chief Internal Auditor delivered the internal‑audit update, outlining a six‑month rolling audit plan aligned to the Council’s eight strategic risks, new global standards and the CDT framework. The Committee was informed that the plan remains on track despite a temporary reduction in audit staff, and that the outstanding cyber‑security action from April 2024 has been implemented through firewall protection, automated patching and a new operating procedure. Internal audit also supports subsidiary entities such as Corserv and Cornwall Housing Limited, reporting to their respective audit and risk committees, and has improved the Power BI dashboard used to display performance data, although members suggested clearer target‑vs‑achievement indicators. Both outstanding Dedicated Schools Grant management actions have been granted extensions.

The Counter‑Fraud and Internal Audit Team report was presented, confirming that the Council continues to meet its Section 151 obligations under the Local Government Act 1972 and maintains a zero‑tolerance stance on fraud, bribery and corruption. The report introduced the new “Failure to Prevent” offence under the Economic Crime and Corporate Transparency Act and described planned improvements to prevention procedures. The Committee discussed the use of data‑matching exercises and early‑stage AI tools for fraud detection, noting current limitations related to data governance and evidential reliability. While measuring fraud risk with KPIs remains challenging, work is underway to develop more robust fraud‑related performance metrics.

Finally, the Assurance Manager’s annual report on the use of powers under the Regulation of Investigatory Powers Act (RIPA) was considered. The report confirmed that two investigatory powers were exercised in the past year—one for non‑RIPA surveillance of online tobacco sales and one RIPA‑authorised fly‑tipping investigation—and that all applications were logged, gate‑kept and formally cancelled where appropriate. The Committee noted the continued monitoring of social‑media activity, regular training on surveillance boundaries, and the upcoming bi‑annual training session. On the motion of Councillor La Borde, seconded by Councillor Boase, the Committee resolved to take assurance that the Council’s use of RIPA powers complied with statutory guidance. The next IPCO inspection is expected between late 2026 and early 2027, with advance notice of four to six weeks.