At the 16 June 2025 meeting of Lincolnshire County Council’s Audit Committee, the sheer scale of the council’s operations came into focus: over £1.36 billion in expenditure in 2024/25, a £670 million property estate, £1.56 billion in pension liabilities, and more than 335,000 hard copy records appraised as part of ongoing governance work.

Amid this vast organisational footprint, Conservative members Cllr Ian Carrington and Cllr Richard Davies pressed officers on issues of control, accountability, and future risk, bringing their usual rigour to this key meeting of oversight.

🧾 Internal Audit: Governance “Adequate” – But Councillors Push on Risk Depth

The Annual Audit Opinion rated the council’s control environment as “adequate”, with no “no assurance” audits issued during the yearYet Cllr Carrington raised sharp questions:

  • He asked whether LCC still ranked in the top 10% of councils for risk maturity—a status it had held as of 2022. Officers were unable to confirm the current ranking, prompting a request for the benchmark to be updated.
  • He challenged contract oversight outside approved systems, which an internal audit confirmed was a legacy compliance issue now being addressed.

Cllr Davies focused on performance assurance, urging that inconsistencies between reports be resolved to allow the committee to “compare apples with apples.” He stressed the importance of clear formats across audits, governance, and financial reports.

🛡️ Fraud and Cybersecurity: Fighting Modern Threats with Old Tools?

LCC’s top five fraud risks remain procurement, payroll, adult care, property misuse, and cyber-enabled crime. With an organisation of LCC’s size, even small-scale frauds can add up. Cllr Davies asked:

  • When will actual recoveries be reported back?
  • Could members get a “macro-level insight” into cumulative impact and learning?

Cllr Carrington raised concerns about AI-facilitated fraud, especially deepfakes and forged documents in care services. Officers acknowledged this as an emerging risk and confirmed that the council’s cyber team is working with the audit team to develop countermeasures.

🧾 Information Governance: Transparency, Breaches and ICO Watchdogs

The Information Assurance Report revealed:

  • 384 security incidents (up 10%); 332 due to human error
  • Two serious data breaches were reported to the Information Commissioner’s Office (ICO)
  • ICO’s January 2025 audit rated LCC as providing “reasonable assurance”—level 3 of 4.

Cllr Davies:

  • Asked for benchmarks with other councils to assess LCC’s performance (officers admitted data is scarce due to underreporting sector-wide)
  • Sought a timeline for clearing paper backlogs from the historic records programme

Cllr Carrington:

  • Queried third-party compliance, especially around care data. Officers confirmed LCC retains responsibility even when processing is outsourced.

📊 External Audit Plan: Big Numbers, Bigger Scrutiny

External auditors KPMG confirmed:

  • £27 million materiality threshold
  • £670m in land/buildings, £114m investment property, £1.56bn pension liabilities
  • New lease accounting rules (IFRS 16) are expected to significantly shift asset reporting.

Cllr Davies pressed the auditors on whether sector-level risks (e.g. national pension volatility or past whistleblower claims) were actively considered in the audit approach. KPMG confirmed such risks were included in their flexible planning model.

📋 Annual Governance Statement: “Most Unremarkable” Yet?

Officers praised the 2024/25 governance statement as “probably the most unremarkable we’ve had”—a nod to stable performance. However, both Davies and Carrington inquired whether issues such as procurement transparency breaches and PCI compliance should be flagged more prominently.

🏁 Final Word: Conservative Scrutiny in Practice

As the committee approved all items, Cllrs Davies and Carrington’s role stood out: forensic in detail, constructive in tone, and focused on ensuring a council of LCC’s size and complexity doesn’t drift into complacency.

Their questions weren’t just procedural—they were about futureproofing the council, embracing tech safely, and being honest about the gaps that remain.