A green text on a black background AI-generated content may be incorrect.

Date: 15 January 2026 ,Internal Audit Progress Report 2025/26
A black and white logo Description automatically generated
 

 

A blue and white triangle pattern Description automatically generated


 

A blue and white triangle pattern Description automatically generated

CONTENTS

3           Background

3           Internal audit progress

3           Follow up of agreed actions

4           Appendix A: Internal audit work in 2025/26

5           Appendix B: Audit opinions and priorities for actions

            

            

            

            

            

            

 

 

 

 

 

 

 

 

 

 

 

 

            

Background

1            Internal audit provides independent and objective assurance and advice on an organisation’s operations. It helps the organisation to achieve its overall objectives by bringing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of risk management, control and governance processes.

2            The work of internal audit is governed by the Accounts and Audit Regulations 2015 and relevant professional standards. These include the Global Internal Audit Standards and the Application Note: Global Internal Audit Standards in the UK Public Sector.  

3            The internal audit programme of work was approved by the Pensions Board on 3 April 2025. In accordance with relevant professional standards, the Head of Internal Audit is required to report progress against the internal audit plan (the work programme) and to identify any emerging issues which need to be brought to the attention of the Pensions Board. 

4            The purpose of this report is to update members on the internal audit activity since that meeting, and to the 24 December 2025.

Internal audit progress

5            Information on the internal audit reviews proposed, currently underway, as well as work finalised in the year to date is included in appendix A.

6            One audit (Risk management) has been finalised since the last Pension Board in October 2025. A full copy of that report is attached as part of the wider papers to this January 2026 Pension Board meeting.  

7            One audit is planned to start in Quarter 4 2025/26.

8            Our definitions for action priorities and overall assurance levels are included in Appendix B.

 

Follow up of agreed actions

9            Actions agreed with services as a result of internal audit work will be followed up to ensure that any identified issues are addressed.

10        At the time of writing this report, there are no matters to raise with members.

 

APPENDIX A: Internal audit work in 2025/26

Final reports issued

Audit

Reported to Committee

Opinion

Maintenance of ICT controls

October 2025

Substantial Assurance

Risk Management

January 2026

Substantial Assurance

 

In progress and planned audits

Audit

Status

Income (Contributions)

To start work January – March 2026

The role of the governing body

To start work April 2026

 

 

APPENDIX B: Audit opinions and priorities for actions

Audit opinions

Audit work is based on sampling transactions to test the operation of systems. It cannot guarantee the elimination of fraud or error. Our opinion is based on the risks we identify at the time of the audit. Our overall audit opinion is based on four grades of opinion, as set out below.

 

Opinion

Assessment of internal control

Substantial assurance

Overall, good management of risk with few weaknesses identified. An effective control environment is in operation but there is scope for further improvement in the areas identified.

Reasonable assurance

Overall, satisfactory management of risk with a number of weaknesses identified. An acceptable control environment is in operation but there are a number of improvements that could be made.

Limited assurance

Overall, poor management of risk with significant control weaknesses in key areas and major improvements required before an effective control environment will be in operation.

No assurance

Overall, there is a fundamental failure in control and risks are not being effectively

Priorities for findings

Critical

A fundamental system weakness, which presents unacceptable risk to the system objectives and requires urgent attention by management.

Significant

A significant system weakness, whose impact or frequency presents risks to the system objectives, which needs to be addressed by management.

Moderate

The system objectives are not exposed to significant risk, but the issue merits attention by management.

Opportunity

There is an opportunity for improvement in efficiency or outcomes, but the system objectives are not exposed to risk.

*There are circumstances when it is not appropriate to give an opinion/assurance level on completed work, for example on project, investigations and other targeted support, consultancy, grant certification and follow up work. In these instances a ‘No opinion’ will be given.