Agenda item

Members present considered a report of the Consortium Treasurer which provided details on important governance documents required for conformance with Global Internal Audit Standards effective in the UK public sector from 1 April 2025. A copy of the report marked ‘Agenda Item 4’ is filed with these notes.

i.          It was explained that Leicestershire County Council (LCC), as the servicing authority, provided ESPO’s internal audit function and that the report outlined work undertaken under the revised global standards implemented in April 2025, with adaptations for UK public sector and local government requirements. Three governance documents were required for conformance, and equivalents would be produced by the Heads of Internal Audit at each of the consortium members, though the ones discussed were specific to ESPO.

ii.          The first document presented was the Internal Audit Charter, found at Appendix 1 of the report. Although not a new requirement, the updated standards required some changes. A template from the Chartered Institute of Internal Auditors had been used to help produce it. Changes were summarised, including the requirement for a mandate, though this mandate already existed under the Accounts and Audit Regulations 2015, and references had been updated to include the new Code of Practice discussed later in the meeting.

iii.          The second document was the Code of Practice for the Governance of Internal Audit in Local Government. It reflected the new global standards but included specific expectations for local government, noting differences such as the absence of a board and reliance on elected members. The Code set out the authority of the internal audit function, its independence, and clarified the role of the Finance and Audit Subcommittee in providing oversight.

iv.          A self‑assessment for ESPO had been produced and placed in Appendix 2, concluding generally good compliance with some required improvements graded from important to minor. Officers had tentatively agreed to these, and further discussions were expected with ESPO’s Director and Leadership Team. It was explained that timelines were tight, as the actions needed to be completed to support the annual report scheduled for October 2026. Conformance with the code would also need to be reported in the Annual Governance Statement and the annual internal audit report.

v.          The third document was an Internal Audit Strategy, a new requirement under the updated standards. Much of its content was internal to the Audit Team. A two‑year timeframe had been adopted due to uncertainties over the coming years, with the strategy placed in Appendix 3. Officers concluded by noting that some actions remained in progress and sought delegated authority to make changes, bringing back only those that were significant.

vi.          Discussion moved to the draft audit strategy, particularly the priority around improving the use of AI. Current use across the team was inconsistent, with only a few auditors using it frequently. External guidance, internal KPIs, and a previous external quality assessment had shaped the list of priorities. The team aimed to embed AI appropriately while ensuring appropriate controls. ESPO relied on LCC’s AI governance policies and mandatory training. Only base‑level AI tools (such as Copilot) were being used, and staff had been reminded to check outputs to guard against errors, and more controls might be required as AI use expanded to ensure corporate policy compliance.

vii.          Members requested for assurance that, if AI was to become an ongoing strategic aim, a report should be produced explaining the chosen targets and how AI use would be monitored. Concerns were also expressed about AI not always being sufficiently detail oriented for audit work. Officers noted that the strategy had been designed with the County Council in mind, as it was more advanced in its application of AI, and ESPO was therefore working to align itself with that progress. Furthermore, AI governance arrangements had already been audited at the County Council with good assurance. As AI became embedded in operational systems, auditors would ensure appropriate human oversight before decisions were accepted

RESOLVED:

Members present noted the contents of the report and the recommendations set out therein, as follows:

a)    Noted the work undertaken to develop the three GIAS UK (Public Sector) governance documents.

b)    Agreed a delegation to the Consortium Treasurer to make any necessary minor changes to each document.

c)     A report on the use of AI explaining chosen targets and how AI use would be monitored to be brought to a future meeting of the Sub-Committee.