Minutes:
Officers introduced the item, which included the Internal Audit Charter; Draft Internal Audit Plan 2026/27; and Internal Audit Standards Compliance & Quality Improvement Action Plan.
The Internal Audit Charter set out the purpose, authority, and responsibilities of Internal Audit, as required by the Global Internal Audit Standards. The Charter was unchanged from the previous year, having already been updated last year to conform to the latest global standards. It formalised Internal Audit’s mandate and responsibilities.
Officers highlighted that the Draft Annual Plan 2026/27 was risk-based, highly flexible, and should change throughout the year as risks evolved. It was noted that Internal Audit must be dynamic and respond to emerging risks, service requests, and new areas of assurance need.
The plan included:
- Planned assurance reviews – assessing risk areas and the controls mitigating them.
- Planned advisory reviews – supporting services during change or process redesign.
- Ad hoc advisory work – frequent in 2025/26, including project group participation.
- Grant claim verification – independent checks required for funding.
- Follow?up work – supported by a new automated process under development to connect to Power BI dashboards for visibility across CMT and directors.
Several planned reviews were highlighted, including:
- Project management – ensuring projects had plans and oversight
- Directorate Governance – testing whether governance improvements were embedded in practice across directorates
- Business & Financial Planning – reviewing whether directorates had robust business plans and whether mid?year progress reporting aligns with agreed outcomes
- Spend Control Panels – reviewing the operation of new spend controls, including whether spend was going through the correct routes
- Budget & Savings Monitoring – reviewing budget holder ownership, forecasting quality and confidence, and savings delivery scrutiny.
- Company Governance – reviewing governance for Hillingdon First and the Hillingdon Care Company, ensuring benefits, oversight, and collaborative working remain aligned to corporate expectations.
Members were content that the plan covered a wide and relevant range of topical areas already discussed earlier in the meeting. The Committee approved the Internal Audit Plan 2026/27.
Officers presented the Global Internal Audit Standards. Internal Audit was required to comply with the Global Internal Audit Standards and to discuss annually the purpose and mandate for Internal Audit. Essential conditions reflected the role and responsibility of the Audit Committee.
Officers had self-assessed compliance as generally achieving the standards. Areas marked partially achieved related mostly to evidence not yet available (for example, Audit Committee involvement in future appointments of the Head of Internal Audit which cannot yet be evidenced), and further work to strengthen Internal Audit’s use of technology.
Appendix A set out the roles and responsibilities of CMT and the Audit Committee, as required by the standards. The Committee must review these annually. If the Committee chose not to comply with a required element, Internal Audit must formally disclose non?compliance on an ongoing basis.
Appendix D outlined proposed amendments to the Committee’s Terms of Reference. This was not yet a formal ToR review, but an invitation for Members to commence one if desired. Members indicated they wished the review process to begin, and that amendments should be explored to ensure compliance with best practice.
Members queried the current staffing level. Internal Audit currently had five staff, rising to six next year, against a structure of seven posts. The team was small and junior, by design, to support career development. Benchmarking showed that the team was very good value for money, and Hillingdon delivered more risk?based audits than many other London authorities, despite its relatively small size. Officers stated that they were comfortable that they had sufficient resources to deliver the plan. No consultants or outsourced audit suppliers were currently used.
Officers explained why they proposed removing the ToR that Internal Audit work may be requested “subject to approval of the Leader or Cabinet Member”. Internal Audit’s functional accountability was directly to the Audit Committee. Routing Committee requests through Cabinet Members could compromise perceived independence. Members may contact Internal Audit directly where they require work to be undertaken.
RESOLVED: That the Audit Committee:
- Approved the Internal Audit Annual Plan for 2026/27;
- Noted the purpose and responsibilities of Internal Audit as outlined in the Charter; and
- Noted the Essential Conditions and self-assessment against the Global Internal Audit Standards
Supporting documents:
-
IA2. AC Cover Report for IA Annual Plan, item 193.
PDF 142 KB -
IA2.1 IA Charter (Jan 2026), item 193.
PDF 245 KB
-
IA2.2 Annual IA Plan 2026-27 (V1), item 193.
PDF 384 KB
-
IA2.3 IA Briefing on IA Standards, item 193.
PDF 512 KB