A green text on a black background AI-generated content may be incorrect.

Date: 2 April 2026 ,Internal Audit Progress Report 2025/26
A black and white logo Description automatically generated
 

 

A blue and white triangle pattern Description automatically generated


 

A blue and white triangle pattern Description automatically generated

CONTENTS

3           Background

3           Internal audit progress

3           Follow up of agreed actions

4           Appendix A: Internal audit work in 2025/26

5           Appendix B: Audit opinions and priorities for actions

            

            

            

            

            

            

 

 

 

 

 

 

 

 

 

 

 

 

            

Background

1            Internal audit provides independent and objective assurance and advice on an organisation’s operations. It helps the organisation to achieve its overall objectives by bringing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of risk management, control and governance processes.

2            The work of internal audit is governed by the Accounts and Audit Regulations 2015 and relevant professional standards. These include the Global Internal Audit Standards and the Application Note: Global Internal Audit Standards in the UK Public Sector.  

3            The internal audit programme of work was approved by the Pensions Board on 3 April 2025. In accordance with relevant professional standards, the Head of Internal Audit is required to report progress against the internal audit plan (the work programme) and to identify any emerging issues which need to be brought to the attention of the Pensions Board. 

4            The purpose of this report is to update members on the internal audit activity since that meeting, and to the 20 March 2026.

Internal audit progress

5            Information on the internal audit reviews are included in appendix A.

6            One audit on Income has reached fieldwork completed stage. A closing meeting where all findings were discussed was held with officers on 19 March 2026. We are working towards issuing a draft report before Easter and agreeing a final report shortly after issue.

7            Our definitions for action priorities and overall assurance levels are included in Appendix B.

 

Follow up of agreed actions

8            Actions agreed with services as a result of internal audit work will be followed up to ensure that any identified issues are addressed.

9            At the time of writing this report, there are no matters to raise with members.

 

APPENDIX A: Internal audit work in 2025/26

Final reports issued

Audit

Reported to Committee

Opinion

Maintenance of ICT controls

October 2025

Substantial Assurance

Risk Management

January 2026

Substantial Assurance

 

In progress and planned audits

Audit

Status

Income (Contributions)

Fieldwork completed

The role of the governing body

Q1 2026/2027

 

 

 

 

 

 

 

 

 

 

 

Further explanation of audit progress status

Status

Further explanation

Planning

We are working with officers to define and agree the scope and timing of the internal audit work.

Fieldwork in progress

A specification has been issued and agreed with officers which includes target dates for key work deadlines. Fieldwork has started.

Fieldwork completed

Fieldwork has been completed. Closing meetings to discuss findings are taking place and/or the audit is subject to internal quality assurance review.

Draft report issued

A report with findings has been shared with officers. Appropriately focused actions with deadlines for completion need to be provided by officers before an agreed final report can be issued. 

 

APPENDIX B: Audit opinions and priorities for actions

Audit opinions

Audit work is based on sampling transactions to test the operation of systems. It cannot guarantee the elimination of fraud or error. Our opinion is based on the risks we identify at the time of the audit. Our overall audit opinion is based on four grades of opinion, as set out below.

 

Opinion

Assessment of internal control

Substantial assurance

Overall, good management of risk with few weaknesses identified. An effective control environment is in operation but there is scope for further improvement in the areas identified.

Reasonable assurance

Overall, satisfactory management of risk with a number of weaknesses identified. An acceptable control environment is in operation but there are a number of improvements that could be made.

Limited assurance

Overall, poor management of risk with significant control weaknesses in key areas and major improvements required before an effective control environment will be in operation.

No assurance

Overall, there is a fundamental failure in control and risks are not being effectively

Priorities for findings

Critical

A fundamental system weakness, which presents unacceptable risk to the system objectives and requires urgent attention by management.

Significant

A significant system weakness, whose impact or frequency presents risks to the system objectives, which needs to be addressed by management.

Moderate

The system objectives are not exposed to significant risk, but the issue merits attention by management.

Opportunity

There is an opportunity for improvement in efficiency or outcomes, but the system objectives are not exposed to risk.

*There are circumstances when it is not appropriate to give an opinion/assurance level on completed work, for example on project, investigations and other targeted support, consultancy, grant certification and follow up work. In these instances a ‘No opinion’ will be given.