SC 60/26 – Update on Internal Corporate Government Framework Audit – Annex 1

1. Introduction

As part of the Internal Audit Plan for 2025/26, we have undertaken a review of Corporate Governance Framework.

The audit assessed the Authority’s Corporate Governance Framework against the CIPFA Delivering Good Governance in Local Government principles. The review focused on key governance documents and processes, including the Local Code of Governance, Annual Governance Statement, Scheme of Delegation, Standing Orders, and Member Declarations, to confirm they are current, approved, and accessible.

Testing also considered recent developments, such as the appointment of a new Monitoring Officer and findings from a recent external audit, to ensure emerging risks were addressed and responsibilities for oversight and compliance are clearly defined.

We are grateful to Gareth Hale, Solicitor and Monitoring Officer and Vicki Gibbon, Member Services Administrator, for their assistance during the course of the audit.

2. Independence & Impairments

There have been no impairments to internal audit during this review. Internal audit has remained free from all conditions that threaten our ability to carry out responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication.

3. Scope Limitations

There have been no limitations to the scope of internal audit work.

4. Risks

This review has sought to assess the effectiveness of controls in place focusing on those designed to mitigate the following risks to the achievement of service objectives:

• Governance framework documentation is incomplete.
• Members Declarations are not completed or reviewed in accordance with governance guidance.

5. Circulation List

This document has been circulated to the following:

• Nigel Stone – Head of resources (CFO)
• Gareth Hale - Solicitor and Monitoring Officer
• Vicki Gibbon - Member Services Administrator

The Southern Internal Audit Partnership conforms to the IIA’s professional standards and its work is performed in accordance with the International Professional Practices Framework (endorsed by the IIA)

6. Summary Findings

Executive Summary

Areas assessed to be working well/controls are effective.

• The Authority is required to maintain an Annual Governance Statement (AGS), drafted by the Chief Finance Officer, Chief Executive, and Monitoring Officer, and approved by the Resources, Audit and Performance Committee (RAPC) before final sign-off at Full Authority meetings. We reviewed the AGS for 2024/25 and confirmed it includes reference to the comprehensive Local Code of Governance which is aligned to CIPFA/SOLACE principles and provides clear assurance statements in line with CIPFA principles. A review of RAPC meeting minutes and supporting reports evidenced that the AGS was reviewed and approved by RAPC on 2 June 2025 and subsequently by the Full Authority on 16 October 2025, demonstrating compliance with governance requirements.
• Governance responsibilities are supported by a clearly defined Scheme of Delegation and Standing Orders, which are maintained under the ownership of the Monitoring Officer and subject to a scheduled two-year review cycle. Our review confirmed that the Scheme of Delegation was updated and approved by the Full Authority on 27 March 2025, and the Standing Orders were approved on 23 January 2025. Both documents include version control, next review dates (March 2027 and January 2027 respectively), and formal approval evidenced in meeting minutes, providing assurance that these core governance documents are current and compliant.

• Formal governance changes are subject to review by the Executive Board and require sign-off by the Full Authority, with approvals clearly documented in meeting minutes. In addition, all governance documentation is accessible internally via SharePoint and publicly through the Authority’s website, with version control and review dates included on each document, providing assurance of transparency and compliance.
• Member Declarations are issued at induction, renewed annually, and monitored through reminders and follow-up, with most Members’ Declarations being current and published online, although through a review of all declarations, it is noted that one remained dated 2024. A review of published forms and supporting evidence demonstrated that updates for 2025 were processed and uploaded promptly following annual renewals, and examples reviewed showed accurate and complete information. Conversations with the Member Services Administrator and a review of Authority meeting minutes confirmed that declaration renewals for 2025 were distributed during the March Full Authority meeting, with urgent reminders sent in June and escalation to the Monitoring Officer in December 2025. Completed forms are retained and published online. This approach supports compliance with governance requirements and provides assurance that the Authority maintains openness and accountability.

Areas where the framework of governance, risk management and control could be improved.

• Review of the Authority’s governance documentation and Member Declaration arrangements indicated that, although key information is accessible and declaration follow-up is taking place, some elements of supporting structure are less well defined. A central register covering governance documents, their ownership and review cycles is not yet in place, and declaration monitoring currently relies on manual checks, email communication and officer discretion in the absence of documented procedures, tracking tools and set escalation steps. These areas could benefit from further formalisation to strengthen consistency, provide clearer visibility over ongoing requirements and help ensure that oversight remains resilient over time.

Observation – 1 – Governance Documentation and Member Declaration Oversight Priority 3

Review of key governance documents, including the Scheme of Delegation and Standing Orders and Annual Governance Statement showed that these documents have successfully completed the governance approval processes in place, are clearly version-controlled and readily accessible on both SharePoint and the Authority’s website. During this review, it became apparent that there is no central register drawing together all governance documents, their owners, review dates and version histories. Establishing such a register would provide a straightforward mechanism for keeping track of upcoming reviews and would help ensure that visibility across the full suite of governance documentation is consistently maintained.

In relation to Member Declarations, a comparison of current Members against the declarations held confirmed that all except one were up to date, with evidence of follow-up activity by the Member Services Administrator taking place where needed. The review of how declarations are monitored found that this activity is carried out through manual checks supported by email communication. As there is no centralised log or structured tracking tool to record declaration status, renewal dates or the actions taken, it can be more challenging to maintain an overview of compliance, particularly during staff changes or busy periods.

The testing also sought internal guidance describing how the Member declaration process should operate in practice. No written procedures were identified at the time of review. As a result, aspects such as responsibilities, expected timeframes, monitoring steps and escalation protocol are not formally set out, and escalation tends to take place based on officer judgement. Documenting these elements could help ensure the process is applied in a consistent way and reduce reliance on informal knowledge.

Overall, the review confirmed that governance information is accessible through the necessary documentation and that Member Declarations are being monitored and followed up. Introducing a small number of supporting documents and tools—such as a central governance register, a declaration-tracking log, or simple process notes or flowcharts outlining key steps and responsibilities for declaration management —could help to formalise the arrangements already in place. These additions could enhance transparency, support consistency during periods of staff change, and provide further assurance that compliance is monitored and maintained effectively over time.

Risk Limited structure around governance documentation and Member Declaration processes may lead to missed updates or overdue requirements, weakening compliance oversight.

Management Response

Auditor assessment of managements response
The proposed management actions should, once implemented, mitigate the risks.

Appendix A – Definitions of Assurance Opinions, Observations and Management Actions

Assurance Opinion

Substantial: A sound system of governance, risk management and control exist, with internal controls operating effectively and being consistently applied to support the achievement of objectives in the area audited.

Reasonable: There is a generally sound system of governance, risk management and control in place. Some issues, non-compliance or scope for improvement were identified which may put at risk the achievement of objectives in the area audited.

Limited: Significant gaps, weaknesses or non-compliance were identified. Improvement is required to the system of governance, risk management and control to effectively manage risks to the achievement of objectives in the area audited.

No: Immediate action is required to address fundamental gaps, weaknesses or non-compliance identified. The system of governance, risk management and control is inadequate to effectively manage risks to the achievement of objectives in the area audited.

Classification(s)