Sources of assurance

4.1 As noted in paragraph 2.3 above, the annual review process is an important aspect of the work undertaken each year to assess the effectiveness of the council’s governance arrangements and systems of internal control and establish the evidence base to inform the Annual Governance Statement. As such, various elements and mechanisms, and roles and responsibilities, are key to this process. These sources of assurance are listed below:

1) Compliance with the CIPFA Position Statement: Audit Committees in Local Authorities (2018).

2) Compliance with the CIPFA Statement on the role of the Head of Internal Audit in public service organisations (2019).

3) Compliance with the CIPFA Statement on the role of the Chief Financial Officer in Local Government (2016).

4) Compliance with the CIPFA Code of Practice on Managing the Risk of Fraud and Corruption (2014).

5) Compliance with the Public Sector Internal Audit Standards (PSIAS).

6) Chief Officers year-end good governance assurance certificates and checklists.

7) Arm’s length external organisations (ALEOs) year-end good governance assurance certificates and checklists.

8) Annual review and update of the local code of governance review programme (i.e. the Strategic Governance Framework).

9) The Annual Audit Report (AAR) process undertaken by the external auditors, together with the national approach to auditing Best Value through thematic audit work.

10) Findings from other audit, scrutiny, or inspection bodies in relation to service specific assessments.

11) The role of the council’s senior management team structure of meetings in respect of good governance, assurance, and continuous improvement.

Assessment of assurance

4.2 Each of the assurance sources listed in paragraph 4.1 has undergone a review and assessment process to ensure the information reported in the Annual Governance Statement reflects the most up to date position and provides the relevant assurances in respect of the council’s governance arrangements and system of internal control. A summary of these assurance assessments is noted in paragraph 4.3 below at points (1) to (11).

4.3 While individually each of these 11 sources of assurance are supported by separate processes and arrangements, collectively they provide an evidence base that is aligned in support of the one council approach that underpins implementation of The Plan for North Lanarkshire. As such, where improvements have been made during the year, or found to be required moving forward, these are highlighted within each item.

1) Compliance with the CIPFA Position Statement: Audit Committees in Local Authorities (2018). In this respect the activities and functions of the council’s Audit and Scrutiny Panel are required to reflect the standards set out in the CIPFA Statement.

The Strategic Governance Framework sets out the evidence in this respect and confirms that during 2024/25 the purpose of the Audit and Scrutiny Panel, as set out in the Scheme of Administration (December 2024), reflects the standards set out in the CIPFA Statement in that its role is to “provide independent assurance to the council and those charged with governance on the adequacy of the council's risk management framework and internal control environment”.

The Scheme of Administration confirms that the Audit and Scrutiny Panel is responsible for “providing an independent review of the council's governance, risk management, performance, and control frameworks, and overseeing the financial reporting and annual governance processes. It oversees the council's internal and external audit arrangements, helping to ensure efficient and effective assurance arrangements are in place. It also undertakes the scrutiny function within the council’s governance framework and undertakes in-depth examination of particular areas of policy and/or service delivery with a view to making recommendations for improvement.”

The Scheme of Administration also sets out the Audit and Scrutiny Panel’s specific duties in relation to the Annual Governance Statement which is to “review the Annual Governance Statement prior to approval and consider whether it properly reflects the risk environment and supporting assurances, taking into account Internal Audit’s opinion on the overall adequacy and effectiveness of the council’s framework of governance, risk management and control.”

During 2024/25, the Audit and Scrutiny Panel held its meetings as scheduled once every cycle, with a special meeting held at the end of June 2024 and the end of October 2024 to support the council in discharging its duties in respect of the year-end Annual Accounts. A summary of agenda items considered by the Audit and Scrutiny Panel during the year is contained in the extract below.

Summary of Audit and Scrutiny Panel agenda items during 2024/25

• Internal Audit - four progress reports covering 17 audit assignments undertaken from the audit plan which resulted in 38 recommendations, four follow up reports of actions previously agreed by management in response to audit recommendations, two follow up in-depth reports from Chief Officers in relation to audits (on school fund compliance and duplicate payments), two reports on the National Fraud Initiative, the Internal Audit Strategy, Internal Audit Charter, Internal Audit annual plan, and Internal Audit annual report and audit opinion.
• Risk management - four risk management updates in respect of the Corporate Risk Register, with one report providing the updated Corporate Risk Register for 2024/25. Two of these reports provided an updated summary of key risks from service risk registers to enable Elected Members to have sight of those risks with the highest residual risk scores.
• Financial management - one report in relation to the unaudited Annual Accounts for 2023/24 and one in relation to the audited Annual Accounts for 2023/24.
• External audit - with reports in relation to the Audit Scotland annual audit plan, the council’s Annual Audit Report (AAR) and accompanying year-end statements, and an outcome report from the Best Value thematic audit.
• Scrutiny - five reports arising from Panel member led scrutiny (in relation to the Community Boards, digital broadband, corporate insurance, the Scottish Housing Quality Standard (SHQS) / Energy Efficiency Standards for Social Housing (EESSH), and school IT assets age and maintenance), four quarterly performance assurance review reports providing a composite summary of all performance reports considered by the council committees in the previous cycle, an annual update in relation to the scrutiny work programme, an update on the new national approach to auditing Best Value, three reports providing an update in relation to aspects of the frameworks supporting The Plan for North Lanarkshire and Programme of Work (i.e. the Strategic Governance Framework, Quality Assurance annual review, and the corresponding Annual Position Statement for the frameworks), and the Annual Governance Statement for 2023/24.

A self-evaluation of the Audit and Scrutiny Panel was undertaken in 2023 and the resultant outcome report and improvement plan was approved by the Panel in November 2023. This followed an Internal Audit review in 2021 which recommended that the Audit and Scrutiny Panel should, in line with good practice, periodically undertake a self-evaluation of how effectively it is discharging its role.

The improvement plan set out two areas for improvement which have been implemented during 2024/25. The improvement plan also noted that the Audit and Scrutiny Panel agreed to continue to evaluate the effectiveness of the Panel in discharging its duties - in line with the principles set out in CIPFAs Position Statement: Audit Committees in Local Authorities (2018), the supporting Audit Committees Practical Guidance for Local Authorities (2018) document, and the Best Value Guidance (2020). As such, a follow up self-evaluation is scheduled to be undertaken during 2025/26.

In December 2023, the Council meeting formally agreed one of the improvement actions (arising from the self-evaluation) in respect of amending the governance arrangements and removing the scope for substitute members to attend Audit and Scrutiny Panel meetings given the importance of Panel members having appropriate training, knowledge, and understanding and recognising the role that consistency of involvement has in terms of ensuring ongoing Panel effectiveness. This improvement action aims to ensure that Members attending Panel meetings have appropriate training, knowledge, and understanding of the work of the Panel and that this is enhanced over time through ongoing and consistent involvement in the Panel’s business.

2) Compliance with the CIPFA Statement on the role of the Head of Internal Audit in public service organisations (2019).

To enable the Chief Officer (Audit and Risk) to fulfil the role in this respect, the council’s senior management team is required to ensure they “set out how the framework of assurance supports the Annual Governance Statement and identify internal audit’s role within it”. This assurance is provided through the Strategic Governance Framework which sets out the role of Internal Audit and depicts in a diagram the steps in the annual review process which informs the content of the Annual Governance Statement. The Strategic Governance Framework undergoes a review and refresh exercise each year to ensure it remains up to date in reflecting the council’s governance arrangements and it is reviewed and endorsed annually by the council’s senior management team.

In line with the CIPFA statement, the Chief Officer (Audit and Risk) has also provided an annual opinion for 2024/25 on the “overall adequacy and effectiveness of the organisation’s framework of governance, risk management, and control” through the Internal Audit annual report. In line with the Public Sector Internal Audit Standards (PSIAS), and the council’s Internal Audit Charter, the council’s senior management team (through both the Business Management Team and Corporate Management Team) considered and noted the Internal Audit annual report and opinion for 2024/25 from the Chief Officer (Audit and Risk) on 5th June 2025 and 13th June 2025 respectively. This presented an independent and objective assurance as to the adequacy and effectiveness of governance, internal control, and risk management arrangements within the council and stated:

• “The annual opinion is unqualified and states that reasonable assurance can be placed on the council’s governance, risk management, and internal control arrangements” for 2024/25.
• “There is generally an overall sound system of governance, risk management and internal control in place. While some issues, non-compliance or scope for improvement were identified, individually these do not significantly impair the council’s system of internal control.”

The CIPFA Statement considers the annual opinion from Internal Audit to be the most important output and one of the main sources of objective assurance that the Chief Executive and the council’s senior management team has to support the Annual Governance Statement. The annual Internal Audit opinion is set out in more detail in paragraph 4.3 (5) below.

During 2023/24, an External Quality Assurance Review (EQAR) of the council’s Internal Audit function assessed compliance with the Public Sector Internal Audit Standards (PSIAS). An important element of the PSIAS is a requirement for an independent EQAR to be conducted at least once every five years and reported to key stakeholders including senior management and an audit committee; the results of the latest EQAR were reported to the Audit and Scrutiny Panel in May 2024. This includes an action plan with findings, responses, and planned actions that have been agreed by Internal Audit management for implementation during 2024/25 - the annual Internal Audit report for 2024/25 provides an update on progress in this respect.

3) Compliance with the CIPFA Statement on the role of the Chief Financial Officer in Local Government (2016). It is specified in this CIPFA Statement that the Annual Governance Statement is required to “address the authority’s arrangements for financial and internal control and for managing risk”.

This is addressed through the external auditors’ annual audit of the financial statements which is undertaken as part of the audit of the Annual Accounts.

The extent of the council’s compliance in this respect (and the role of the Chief Financial Officer therein) is further demonstrated through the self-evaluation exercise undertaken in early 2025 (noted in paragraph 3.9) which concluded that the council’s financial management practices comply with all aspects of the CIPFA Financial Management Code. The self-evaluation also confirmed that the council’s Chief Financial Officer operates in a way that is consistent with the CIPFA Statement.

In addition, the external auditors Annual Audit Report (AAR) in October 2024 has continued to report positively on the council’s approach to financial management and financial sustainability.

4) Compliance with the CIPFA Code of Practice on Managing the Risk of Fraud and Corruption (2014). This statement looks for compliance in terms of developing a strategy and identifying the risks.

The Strategic Governance Framework sets out the evidence in this respect and shows that the council has a number of policies and procedures in place which are kept under review and regularly updated as required. The key policies and procedures are listed below:

• Counter Fraud Policy - following a review of the council’s anti-fraud arrangements, an updated Counter Fraud Policy was approved by the Policy and Strategy Committee in September 2023. This sets out the council’s expectations (that extend to all individuals and organisations with whom it deals) in terms of acting honestly and with integrity and in safeguarding public resources.
• Whistleblowing Procedure - an annual review process is in place in respect of the use of the procedure and to identify any amendments required to the procedure. An updated Whistleblowing Procedure was approved by the Policy and Strategy Committee in March 2024, and the outcome of the latest annual review is scheduled to be reported to committee later in 2025.
• Gifts and Hospitality and Conflicts of Interest procedures for employees - guidance in this respect was first incorporated into the Employee Code of Conduct in 2018 and updates to this document have continued to reiterate employee responsibilities in this respect; this includes the most recent update to the Employee Code of Conduct in February 2025. The year-end review process is well established whereby Chief Officers are required to submit their up to date Service Registers annually (as part of the Chief Officer’s Assurance Certificate and Checklist process) for independent review and reporting to the council’s senior management team. The 2024/25 review of Registers found no significant trends or issues of concern that required to be reported to the senior management team.
• Code of Conduct for Chief Officers - the latest update in this respect was approved by the Policy and Strategy Committee in June 2024. The Code of Conduct for Chief Officers provides a framework within which Chief Officers of the council are expected to undertake their duties in a manner which meets the required standards for good governance.
• Councillors Code of Conduct - this is approved by the Scottish Parliament and issued by Scottish Ministers. The Standards Commission for Scotland is responsible for the enforcement of the code of conduct. It also has responsibility for issuing guidance to assist local authorities and councillors about the code of conduct and also for hearing complaints about a councillor. The latest code and relevant guidance was published in December 2021 and was shared with new and returning Elected Members following the local government elections in May 2022 with training provided on the content; this Code of Conduct is available from the council’s website.
• Information Security Policy - the latest update in this respect was approved by the Policy and Strategy Committee in June 2023. A review was undertaken on this policy in March 2025 and the updated policy now incorporates both information security and cyber security to reflect the importance of cyber security in the council’s daily operations and strategic approach to service delivery as defined in both the Digital and IT Strategy and The Plan for North Lanarkshire. As the council takes a digital by default approach to service delivery and much information is now in a digital format, this incorporates cyber threats that must be mitigated and managed to protect the council’s information and IT assets. An updated Information and Cyber Security Policy was considered by the Data Governance Board in March 2025, with the updated policy scheduled to be submitted to committee in cycle 3 of 2025.
• Cyber security - a joint review and assessment was undertaken in 2022/23 (between Internal Audit and Business and Digital) using a structured format (with templates and guidance created by the National Audit Office, National Cyber Security Centre (NCSC), and the Scottish Government). This assessment - categorised as reasonable assurance - determined the council has robust and effective information governance arrangements, duly recognises the risks associated with cyber security threats, and operates arrangements commensurate with the good practice recommended by bodies such as the National Audit Office. The outcome from this review was reported to the Audit and Scrutiny Panel in February 2023.
• Risk Management - the identification of risks is carried out in line with the council’s Risk Management Strategy (which was updated in March 2023) and through the risk for serious organised crime, fraud, and corruption which sits within the Corporate Risk Register. The Chief Officer The Chief Officer (Legal and Democratic) - the council’s Monitoring Officer - is the identified lead for this specific risk.

In addition, the council actively seeks to detect fraudulent activity through participating in the National Fraud Initiative (NFI). This is a comprehensive data matching exercise between public bodies to highlight potential frauds and errors. Internal Audit plan and co-ordinate the submission of data and investigation of matches identified. The latest reports in respect of the progress made in the follow up of matches were reported to the Audit and Scrutiny Panel in May 2024 and October 2024.

The CIPFA statement also requires responsibility to be acknowledged. In this respect the Internal Audit annual report 2024/25 from the Chief Officer (Audit and Risk) specifies that Internal Audit “has responsibility for investigating alleged frauds and irregularities brought to our attention in accordance with the Council’s Counter Fraud Policy. Where detailed work is carried out, the findings are reported to the Chief Executive and the relevant Chief Officer, with details of the work presented to the [Audit and Scrutiny] Panel in line with the Internal Audit Charter.”

The Internal Audit annual report 2024/25 from the Chief Officer (Audit and Risk) has confirmed that “One fraud investigation was undertaken during 2024-25. This … related to school funds and involved a report of missing monies. During the investigation, a member of staff confessed to taking funds on several occasions for personal use, and the audit work concluded that there was clear evidence that fraud had been committed. Appropriate action was taken under the Council’s Discipline Policy and the member of staff involved resigned prior to the disciplinary hearing. In line with the Council's Corporate Fraud Policy, this matter was referred to Police Scotland for further consideration, and details of the fraud were also reported to Audit Scotland.”

As reported in the Internal Audit annual report 2024/25 from the Chief Officer (Audit and Risk), reviews of the council’s (a) anti-fraud arrangements and (b) information governance arrangements were scheduled for 2024/25 but were deferred to 2025/26 due to resource pressures.

5) Compliance with the Public Sector Internal Audit Standards (PSIAS).

As reported in the Internal Audit annual report for 2024/25, since their introduction in 2013, the Public Sector Internal Audit Standards (PSIAS) have been mandatory for Internal Audit functions. To ensure compliance with the PSIAS, the Chief Officer (Audit and Risk) is required to develop and maintain a Quality Assurance and Improvement Programme (QAIP) which includes periodic internal assessments, and an independent External Quality Assessment (EQA) to be undertaken at least every five years.

During 2024/25, internal monitoring and assessment confirmed that Internal Audit continued to operate in accordance with the PSIAS. The most recent independent EQA was undertaken by Stirling Council in 2024 and confirmed that Internal Audit fully conformed with the PSIAS. This was reported to the Audit and Scrutiny Panel in May 2024. Both the self-assessment and EQA highlighted some areas for improvement and consideration, and these are highlighted in the QAIP action plan in the 2024/25 Internal Audit annual report.

From April 2025, the PSIAS was replaced by the Global Internal Audit Standards (GIAS). The introduction of the GIAS will require a revision to the current internal audit methodology and working practices, and a gap analysis exercise is currently being undertaken to determine the actions to be taken to ensure compliance. Similar to the PSIAS, compliance with the GIAS will also be subject to ongoing internal review and periodic self-assessment. The GIAS also require an EQA on a five-yearly basis, with the next assessment due to be undertaken in 2028/29.

As reported in the Internal Audit annual report for 2024/25, Internal Audit is an independent, objective assurance and advisory function designed to add value and improve the council’s operations. It helps the council accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of the council’s risk management, internal control, and governance processes.

• The purpose, mandate, authority and responsibilities of the council’s Internal Audit function are outlined in the Internal Audit Charter, the most recent version of which was approved by the Audit and Scrutiny Panel in May 2025. Internal Audit reports its outputs regularly throughout the year to the Panel in accordance with the Internal Audit Charter. The Panel also approves Internal Audit’s annual audit plan and monitors the performance of the function.
• Internal Audit aims to provide a high quality and customer focused service which is responsive and flexible, consistent with best professional practice, focuses on areas that matter, uses resources efficiently and effectively, and is seen by stakeholders as adding value and making a vibrant and relevant contribution to the council.
• Internal Audit’s primary objectives are:

- To examine and evaluate internal control systems and governance arrangements within the council.

- To provide assurance to Elected Members and senior officers on the adequacy and robustness of these systems.

- To assist the Audit and Scrutiny Panel, Elected Members, and officers of the council in the effective discharge of their responsibilities.

• It should be noted that the presence of an effective Internal Audit function contributes towards, but is not a substitute for, effective control. It is primarily the responsibility of management to establish internal controls so that the council’s activities are conducted in an efficient and well-ordered manner, to ensure that management policies and directives are adhered to, and that assets and records are safeguarded.
• The council’s internal audit arrangements are consistent with the CIPFA Statement on the role of the Head of Internal Audit in public service organisations (2019).

Internal Audit activity is planned to enable the Chief Officer (Audit and Risk) to provide an independent annual opinion on the adequacy and effectiveness of internal controls within the authority, including the systems designed to achieve the corporate objectives of the council and those that manage the material risks faced by the authority.

• In the Internal Audit annual report for 2024/25, the Chief Officer (Audit and Risk) provides an overview of the activities of the Internal Audit section for the year 2024/25. This includes highlights of issues arising from Internal Audit activity during the year and an extract in this respect is set out in the table below.

Extract from the Internal Audit annual report for 2024/25, June 2025

In the Internal Audit annual report for 2024/25, presented to the Chief Executive and both the Business Management Team and Corporate Management Team in June 2025, the Chief Officer (Audit and Risk) provides an overview of Internal Audit activity against the 2024/25 Annual Plan and includes details of when each assignment was reported to the Audit and Scrutiny Panel (where not yet formally reported, status and expected dates are given). Key issues arising from Internal Audit outputs are highlighted in the Internal Audit Progress report presented to each meeting of the Panel.

In the Internal Audit annual report for 2024/25, the Chief Officer (Audit and Risk) also highlights issues arising from Internal Audit activity during the year; an extract from this report is noted below.

Audit issues 2024/25

The nature of audit assignments is such that most Internal Audit reports identify some weaknesses or areas where scope for improvement exists, and during 2024/25, a number of recommendations were made to address such areas identified from the audit work undertaken.

The vast majority of audits undertaken during the year received opinions of either Reasonable or Substantial Assurance, and there are no issues arising from these audits which require to be highlighted. However, there are issues (listed below) that while they could be significant to the control environment in the individual system or areas audited, they are considered not material enough to have a significant impact on the Chief Officer (Audit and Risk) overall opinion on the adequacy of the council’s control environment.

• The 2023/24 annual report discussed reports on the Housing and Corporate Property Maintenance Contract and the whistleblowing allegations received by Audit Scotland, which resulted in a number of high priority recommendations for management to address. Audit work during 2024/25 concluded that significant progress had been made in implementing the recommendations in both reports, with some aspects being fully implemented. Internal Audit will continue to monitor progress with the remaining recommendations, and further substantive audit work on the operation of the new contract arrangements is planned for 2025/26.
• One audit during 2024/25 provided Limited Assurance, and this was in relation to arrangements for managing school funds. The control environment around school funds has been subject to repeated audit activity regarding anomalies and discrepancies, and this audit highlighted that previously agreed control measures had not been fully implemented. Following this audit, an unplanned review was undertaken to review a potential school fund discrepancy. Although on this occasion, no financial loss or misappropriation was discovered, the audit highlighted a number of weaknesses in the recording, reconciling, and banking of school fund income and expenditure.
• In response to this work, Education senior management presented a report to the Audit and Scrutiny Panel in February 2025, detailing actions taken to address the weaknesses identified and additional measures to further enhance the control environment. Progress with these actions will be monitored by Internal Audit.
• One fraud investigation was undertaken during 2024/25. This also related to school funds and involved a report of missing monies. During the investigation, a member of staff confessed to taking funds on several occasions for personal use, and the audit work concluded that there was clear evidence that fraud had been committed. Appropriate action was taken under the council’s Discipline Policy and the member of staff involved resigned prior to the disciplinary hearing. In line with the council's Corporate Fraud Policy, this matter was referred to Police Scotland for further consideration, and details of the fraud were also reported to Audit Scotland.

Traditionally, the Annual Governance Statement outlined issues identified during the Internal Audit programme of work for the previous year and included an update providing details of the actions taken to address each issue. In the annual opinion provided by the Chief Officer (Audit and Risk) for 2023/24, there were no issues that required the Chief Officer to qualify their opinion. A small number of areas were highlighted which were noted would continue to be the focus of future audit coverage during 2023/24. As such, the extract above from the Internal Audit annual report for 2024/25 sets out the latest position in this respect.

6) Chief Officers year-end good governance assurance certificates and checklists. This requires Chief Officers to review various aspects within their service areas and advise of any specific issues which require to be identified in the Annual Governance Statement.

Through this process Chief Officers have reviewed the effectiveness of governance arrangements during the year within their area of responsibility by completing a Certificate of Assurance and updating a Checklist to support the preparation of the council’s statements on corporate governance and internal financial control for the year ending 31 March 2025.

Following a review of the 14 certificates and checklists completed for 2024/25, Chief Officers have confirmed corporate governance arrangements and financial controls in their area of responsibility have been, and are, working well and there are (in their opinion) no significant matters arising which would require to be raised specifically in the Annual Governance Statement.

7) Arm’s length external organisations (ALEOs) year-end good governance assurance certificates and checklists. This requires the Chief Executive or Senior Representative of each ALEO to review various aspects within their service areas and advise of any specific issues which require to be identified in the Annual Governance Statement.

Through this process the council’s three arm’s length external organisations (ALEOs) have also reviewed the effectiveness of governance arrangements during the year within their organisation by completing a Certificate of Assurance and updating a Checklist to support the preparation of the council’s statements on corporate governance and internal financial control for the year ending 31 March 2025.

In this respect, the Chief Executive or Senior Representative for each ALEO has confirmed corporate governance arrangements and financial controls in their organisation have been, and are, working well and there are (in their opinion) no significant matters arising which would require to be raised specifically in the council’s Annual Governance Statement.

In setting its budget on 15th February 2024, the Council requested that the remaining ALEOs (Fusion Assets Limited, Routes to Work Limited, and North Lanarkshire Properties LLP) be formally reviewed, with their contributions to the council’s strategic priorities and The Plan for North Lanarkshire, both now and in the future, assessed. This review was undertaken during 2024/25 with the outcome and next steps reported to the Policy and Strategy Committee in March 2025.

8) Annual review and update of the local code of governance review programme (i.e. the Strategic Governance Framework).

The council’s local code of governance brings the principles of good governance together with legislative requirements and management processes by which the council is directed and controlled and through which it is accountable to, engages with, and leads the local community. Taking into account the local environment within which the council operates, this aims to ensure the council is able to effectively pursue the long-term ambition set out in The Plan for North Lanarkshire, while ensuring this is underpinned with control and the management of risk, and:

• Resources are directed in accordance with agreed policies and according to priorities and in line with corporate project management procedures.
• There is sound and inclusive decision making.
• There is clear accountability for the use of those resources in achieving defined outcomes for service users and local communities.

The council’s local code of governance is set out in the Strategic Governance Framework which is one of inter-related strategic frameworks that aim to maintain a corporate one place one plan one council approach. These frameworks are key to evaluating the success of The Plan for North Lanarkshire and assessing delivery of the Programme of Work, while ensuring each stage of delivery towards achieving the overall vision is appropriately aligned, planned, guided, implemented, monitored, and governed.

As such, the Strategic Governance Framework:

• Gathers together all existing governance arrangements into a list of elements and mechanisms that demonstrates the council’s compliance with the 7 principles, 21 sub-principles, and 91 behaviours and actions contained within the CIPFA Framework. By collating all existing elements and mechanisms (produced by the respective Chief Officer) into the one local code for annual review, assessment, assurance, and reporting purposes, the Strategic Governance Framework and its Review Programme provides an efficient mechanism through which the annual review can be undertaken. This also ensures appropriate oversight and governance of The Plan for North Lanarkshire and supporting Programme of Work and enables the council to monitor the delivery of its ambitions while ensuring arrangements for corporate governance, risk management, and internal financial controls are sound. A summary of the current position regarding the elements and mechanisms in the Strategic Governance Framework review programme is set out in the table below.
• Sets out the role of the Chief Officers and the council’s senior management team and its structure of meetings, Elected Members, and the Audit and Scrutiny Panel who are responsible for determining and implementing the council’s governance arrangements, ensuring the local code is assessed on an annual basis to ensure ongoing effectiveness and compliance, and identifying any improvement actions and/or future planned developments required in relation to the council’s key governance arrangements and continuous improvement activity.
• Comprises a diagram that depicts the steps in the annual review process which ensures that the council’s governance arrangements are regularly assessed for ongoing effectiveness within the context of The Plan for North Lanarkshire and provides evidence to inform the content of the Annual Governance Statement.
• Remains under review through the annual review process whereby each of the elements and mechanisms in the review programme are examined and updated as required to reflect the relevant documentation and hyperlinks, as well as the review timeframe and date of next update.
• Is supported by an annual assessment of the current position of the elements and mechanisms in the review programme to ensure they remain timely and effective in supporting delivery of The Plan for North Lanarkshire. This involves assigning a corresponding RAG status to provide a method by which to identify and prioritise items requiring to be reviewed and updated further. The latest position following the 2024/25 year-end review identified no Red elements or mechanisms, one Amber, and the rest were Green. For the one assessed as Amber (i.e. employee engagement and wellbeing), there is a commitment by the respective Chief Officer to ensure an update is undertaken during 2025/26.

Summary of the latest position regarding the elements and mechanisms in the Strategic Governance Framework review programme

• The council’s long-term strategic ambition and priorities in The Plan for North Lanarkshire and ensuring the vision therein - for inclusive growth and prosperity for all (to bring equal benefits and a fairer distribution of wealth to all North Lanarkshire’s people and communities) - is embedded throughout policy statements agreed by the council, as well as strategic and financial decision making, strategy and policy development, everyday service delivery activities, and corporate governance approaches across the organisation.
• Six inter-related strategic frameworks (Policy, Governance, Performance, Self-Evaluation, Project Management, and Demonstrating Improved Outcomes for Communities) ensure a one council corporate approach to evaluating the success of The Plan for North Lanarkshire and assessing delivery of the Programme of Work (while ensuring each stage of delivery towards achieving the overall ambitions is appropriately aligned, planned, guided, implemented, monitored, and governed). To ensure these frameworks remain fit for purpose, and aligned to The Plan for North Lanarkshire and Programme of Work, all are on a regular review and refresh programme.
• A strategic planning process is in place through the Programme of Work which is framed within the context of the local demographic, social, and economic profile that shaped The Plan for North Lanarkshire. While stabilising the strategic direction of the council, the Programme of Work allows for appropriate flexibility in the operational delivery of many complex inter-connected programmes, projects, and plans to ensure a dedicated focus on transformational change, and delivering services that improve the lives of local people. A supporting governance framework and annual review process enables a recurring, dynamic, and cohesive approach to the ongoing development of the Programme of Work and ensures it remains current, relevant, and deliverable.
• A Strategic Policy Framework sits beside the Programme of Work in the strategic planning process to ensure that strategy and policy remain connected to delivery in order to collectively facilitate a co-ordinated approach to identifying the resources and working practices needed to support delivery of the long-term vision.
• Standing Orders allow the council to delegate decision making to committees, sub-committees, or officers and which set out the rules that apply to the running and operation of council and committee meetings.
• A Scheme of Administration sets out functions, terms of reference, and powers of the council and its committees and sub-committees which is aligned to the organisational structure to facilitate decision making in line with the council’s strategy.
• A Scheme of Delegation to Officers sets out the functions delegated to the Chief Officers of the council, including making reference to any Officer listed as being provided with a delegation is, de facto, deemed to hold a politically restricted post (in accordance with legislation).
• Financial Regulations and a Scheme of Financial Delegation in place, as an integral part of the council’s framework of internal financial controls, are designed to ensure effective stewardship of council funds. Compliance with these regulations ensures that public money is safeguarded and properly accounted for, and all financial transactions are undertaken in a manner which demonstrates openness, transparency, and integrity. The Financial Regulations form a key part of the overarching Financial Strategy and the corporate governance arrangements of the council.
• The well-established Financial Strategy provides the overarching framework that establishes the financial strategies and policies to ensure effective financial governance, planning, and management and, as such, sets out the responsibility for safeguarding public funds within the council. It also sets out the role and responsibilities of the Chief Financial Officer, in line with the corresponding CIPFA Statement (2016). The strategies and policies covered by the Financial Strategy include the Capital Strategy, Treasury Management Strategy, Revenue Budget Strategy, the Medium-Term Financial Plan, and the Financial Regulations and Scheme of Financial Delegation.
• The Risk Management Strategy sets out a clear direction for how the council will identify, assess, and manage the risks faced in providing high quality public services and delivering The Plan for North Lanarkshire. The strategy is intended to ensure that the council is risk aware rather than risk averse and that the management of risk is embedded in the council’s policies, procedures, culture, and practices. It is designed to ensure that key decisions are taken with an understanding of risks and their effective control.
• Risk management arrangements are well established and form an important element of good corporate governance. These are designed to ensure that the council operates systematic and logical processes for managing risks within a comprehensive framework, ensuring that identified risks are managed consistently, effectively, efficiently, and coherently across the organisation. These arrangements include maintenance of a Corporate Risk Register, Service Risk Registers, Project Risk Registers, and regular oversight of the council’s risk management arrangements and management of key corporate risks by the Audit and Scrutiny Panel and Corporate Management Team, and other governing bodies as required. A Programme Uncertainty Level Status Evaluation (PULSE) assessment process was introduced during 2024 to support the risk management arrangements for delivery of the Programme of Work.
• Codes of Conduct for Elected Members, Chief Officers, and Employees provide frameworks within which individuals are expected to undertake their duties in a manner which meets the required standards for good governance. This includes ensuring declarations of interests, and declarations for conflicts of interest and gifts and hospitality, are appropriately (and regularly) made and published.
• Ensuring legislative obligations are fulfilled through the statutory officer roles, i.e. the posts of head of paid service, monitoring officer, chief financial officer (section 95 officer), and the chief social work officer.
• The Counter Fraud Policy sets out the council’s expectations (that extends to all individuals and organisations with whom it deals) in terms of acting honestly and with integrity and in safeguarding public resources.
• The Whistleblowing Procedure (Public Interests Disclosure) provides a mechanism for employees of the council, and other workers within the council, to report a concern about serious wrongdoing within the council and to do so with security and in confidence.
• The senior management team structure comprises a Business Management Team (to monitor the efficient and effective operation of the council and ensure pursuit of the long-term vision set out in The Plan for North Lanarkshire is underpinned with the relevant assurances and controls in terms of corporate governance, risk management, and financial management), and a Corporate Management Team (to ensure strategic oversight, direction, and a one council approach in terms of delivery of the vision through the Programme of Work). This is supported by a meetings structure comprising service Senior Management Teams focussing on the operational delivery of service remits, and an Operational Management Team to cascade the context, deliverables, and accountabilities and ensure consistency of message in terms of the long-term vision and day to day delivery through the Programme of Work. All Chief Officers are members of the Corporate Management Team; this includes those Chief Officers who hold a statutory officer role.
• The activities and functions of the council’s Audit and Scrutiny Panel comply with the standards set out in CIPFAs Position Statement: Audit Committees in Local Authorities (2018). The Panel’s purpose is to provide independent assurance to the council and those charged with governance on the adequacy of the council's risk management framework and internal control environment.
• The Strategic Performance Framework sets out performance measurement at three levels in order to collectively provide an overview of performance (over time and compared to targets) to help understand the impact of council activities on improving services and outcomes for the people and communities of North Lanarkshire. These measures also allow for day-to-day activities, and progress towards achieving the long-term vision set out in The Plan for North Lanarkshire, to be regularly monitored, reported, assessed, and scrutinised.
• Formal reporting arrangements are in place through an annual Performance Reporting Schedule that comprises Chief Officer reviews at service committees and service specific reporting to meet both business and statutory obligations; this is underpinned by five non-negotiable standards that support regular performance assurance reviews.
• Comprehensive revenue budget and capital expenditure guidelines along with well-established processes and systems ensure regular monitoring and reporting, as well as oversight and scrutiny through the council’s senior management team structure of meetings and Elected Members at committee.
• A range of programme and project Boards and working groups are aligned to the delivery and governance requirements for specific Programme of Work items, e.g. Strategic Capital Delivery Group, six Strategic Programme of Work Boards, and Hub Delivery Programme Board.
• The Data Governance Board maintains strategic oversight and implementation of the council’s approach to data governance to secure relevant assurances that effective arrangements are in place for the safe and secure collection, storage, use, and sharing of data. This includes safeguarding personal data and promoting data quality in accordance with legislative, regulatory, and corporate governance requirements. Responsibilities also include developing and overseeing the implementation of data strategies, policies, procedures, and standards (including the Data Protection Policy, Information and Cyber Security Policy, Payment Card Industry Data Security Policy, Records and Information Management Policy, and the Acceptable Use of ICT Policy), as well as directing continuous improvement in data governance and compliance, overseeing the work and progress of the Data Management and Compliance Group, and ensuring appropriate monitoring and assurance arrangements are in place across the council and its arm’s length external organisations.
• The Information and Cyber Security Policy includes cyber security and aims to protect the council’s information systems and physical assets including supporting processes, networks, and equipment. This is essential to ensure the council can continue to operate and successfully deliver its functions, while finding the right balance between the benefits and risks to the processing of information.
• Publicly available complaints and freedom of information procedures are in place with management, monitoring, and performance reporting arrangements.
• A range of employment and other policies, and associated guidance documents and forms, promote and support ethical behaviour and standards of conduct by employees.
• An employee Performance Review and Development (PRD) process is in place and access to a range of training and development programmes and opportunities is available through LearnNL for both employees and Elected Members.
• Strategic Workforce Plans, supported by service specific workforce plans, identify the actions required to address workforce gaps and set out detailed service level actions to address the risks and issues facing the current workforce and identify the gaps in terms of fulfilling service provision and delivering on priorities and the long-term vision now and in the future.
• Independent and objective assurances are provided by Internal Audit whose function is designed to add value and improve the council’s operations. The Internal Audit function operates within the Public Sector Internal Audit Standards (PSIAS) and the council’s Internal Audit Charter. The service undertakes an annual programme of work approved by the Audit and Scrutiny Panel which is based on the Internal Audit Annual Plan. This plan is risk based and is periodically updated to reflect evolving issues and changes.
• Independent and objective assurances are provided by the external auditors through the Annual Audit Report (AAR) process and other audit, inspection, and regulatory bodies.

The annual review and update of the Strategic Governance Framework is reviewed and endorsed each year by the council’s senior management team (through both the Business Management Team and Corporate Management Team) in line with their respective governance, strategic oversight, assurance, and continuous improvement roles in respect of the council’s governance arrangements and delivery of The Plan for North Lanarkshire.

The Strategic Governance Framework, and its accompanying review programme, have been recognised as an area of good practice in the latest three annual Internal Audits on Corporate Governance. As reported to the Audit and Scrutiny Panel in August 2024, the most recent Internal Audit considered that the “council’s corporate governance arrangements in relation to self-assessment are adequate and operating effectively” and therefore this audit was assessed as providing “substantial assurance”.

9) The Annual Audit Report (AAR) process undertaken by the external auditors, together with the national approach to auditing Best Value through thematic audit work.

Published in May 2019, the North Lanarkshire Best Value Assurance Report (BVAR) comprised eight recommendations for action by the council. Various updates have been provided to committee since, and the external auditors Annual Audit Report (AAR) has provided updates every year in terms of completed recommendations. The Annual Audit Report (AAR) in October 2023 reported that all eight recommendations had been fully implemented and were now complete.

As reported to the Audit and Scrutiny Panel, a new national approach to auditing Best Value came into effect as part of the external auditor appointments for the five-year term from 2022/23. This approach is twofold and means that:

• Auditing Best Value is integrated within the wider scope of the external auditor’s annual audit work which is reported in their Annual Audit Report (AAR). This includes risk-based and follow up audit work on Best Value related recommendations from previous audit reports as well as reflecting on council reporting against priorities and in terms of the use of the Local Government Benchmarking Framework (LGBF).
• Thematic Best Value audit work is undertaken each year by the external auditor as per the Accounts Commission’s requirements to provide assurance on areas of risk / interest across councils as at a defined point in time, thus enabling comparisons across Scotland. This means that each year the council undergoes an assessment of particular aspects of Best Value in order to provide the Accounts Commission with the relevant assurances in terms of performance and the quality of services to the public.

Since the new approach was implemented, the various outcome reports (listed below) have been able to be viewed through the Policy and Strategy Committee and/or the Audit and Scrutiny Panel:

Annual Audit Report (AAR)

• 2022/23 report to Audit and Scrutiny Panel in October 2023.
• 2023/24 report to Audit and Scrutiny Panel in October 2024.

Thematic report

• The council’s 2022/23 outcome report on the theme in respect of the leadership of the development of new strategic priorities was presented to the Audit and Scrutiny Panel in October 2023 and the Policy and Strategy Committee in December 2023. The report for the council in this respect identified three areas for improvement which have since been implemented and signed off by the external auditors, these focussed on strategic planning feedback, community engagement, and Elected Members training and development.
• The council’s 2023/24 outcome report on the theme for workforce innovation (specifically how the council is responding to current workforce challenges through building capacity, increasing productivity, and innovation) was presented to the Audit and Scrutiny Panel in August 2024 and the Policy and Strategy Committee in September 2024. The report for the council in this respect identified three areas for improvement which are being progressed during 2025/26, these focussed on acting on staff feedback, flexible and hybrid working policies, and data in respect of the temporary workforce.

The external auditors latest Annual Audit Report (AAR), reported to the Audit and Scrutiny Panel in October 2024, presented key matters arising from each of the main areas of work undertaken by the external auditor. This included the audit of the financial statements and issues relating to the council’s financial management and financial sustainability, vision leadership and governance, best value arrangements, and the use of resources to improve outcomes. The report contained the external auditor’s audit opinion on the 2023/24 financial statements as well as a number of issues where action was required during the audit process and/or scope for further improvement existed. The report also contained a small number of audit recommendations (summarised below) and management responses, including planned actions, responsible officers, and timescales - which are all scheduled to be implemented by March 2026. Progress in terms of implementing these actions is monitored by Internal Audit and reported to the Audit and Scrutiny Panel.

2023/24 Annual Audit Report (AAR) recommendations

• Management of assets - management should establish a process to ensure assets replaced are appropriately removed from the asset register and accounted for as a disposal appropriately.
• Statutory override - the council should proactively work with CIPFA and the wider local government sector to arrive at appropriate solution for the implementation of accounting for infrastructure assets.
• Reinforced autoclave aerated concrete (RAAC) - for those properties where RAAC has been identified, the council should determine a more accurate measure of the level of impairment in line with the requirement of accounting standards.
• Continuity and security of IT operations - the council should ensure there is appropriate oversight of its continuity and security of IT operations and ensure the necessary assurances are obtained for externally hosted systems.
• Public performance reporting - the council should improve its public performance reporting to provide its citizens and communities with a clear summary of performance.

2023/24 recommendations from the BV thematic report

• Acting on staff feedback - as the council develops its staff engagement approach, it should ensure that as well as providing information to staff on council decisions, it also incorporates the views of staff and trade unions to support transparent decision making, and evidence how it is acting on findings from the Summer 2024 roadshow sessions.
• Hybrid working policy - the council should continue to monitor the impact of its hybrid working approach. It should continually assess the impact of increasing the number of office days, in terms of performance, staff wellbeing, and recruitment and retention.
• Temporary workforce - the council should include data reporting on its temporary workforce as part of published workforce data, and once available it should include data on agency workers.

A key area of improvement implemented by the council during 2024/25 was to ensure ongoing best value in terms of managing risk and ensuring business continuity plans (including civil contingencies and emergency plans) are in place to allow an effective and appropriate response to planned and unplanned events and circumstances. This followed an Internal Audit review undertaken on Business Continuity Planning in September 2022 which identified a number of recommendations for action. A subsequent Internal Audit was undertaken on Business Continuity Planning which was reported to the Audit and Scrutiny Panel in May 2025 which included an update on the progress made in implementing the previous audit’s recommendations and made new recommendations, including the need to better align business continuity and disaster recovery which is scheduled to be implemented during 2025/26. This aligns to the review of the council’s arrangements in respect of Business Continuity and ICT Disaster Recovery which was included in the external auditors Annual Audit Report for 2023/24 (reported to the Audit and Scrutiny Panel in October 2024).

10) Findings from other audit, scrutiny, or inspection bodies in relation to service specific assessments.

A dedicated page on the council’s website provides a central location for reporting on findings and recommendations from all national audits and inspections. This continues to be kept up to date as and when new reports become available nationally. Inspection reports published during 2024/25 include the following:

• Scottish Housing Regulator annual assurance statement 2023/24 - August 2024.
• Scottish Housing Regulator annual landlord report 2023/24 - November 2024.

11) The role of the council’s senior management team structure of meetings in respect of good governance, assurance, and continuous improvement.

The council recognises that a crucial aspect in delivering good governance is the way in which it is applied as the ethos of good governance cannot be achieved by structures, rules, and procedures alone. Effectively, good governance needs to be embedded within the council and its culture and the need for, and value of, good governance must be explicit. As such, any references that require to be made to any one of the frameworks supporting The Plan for North Lanarkshire does so in a consistent manner to ensure completeness and to continue to raise awareness of the role of good governance in delivering the strategic ambition.

The role of, and need for, good governance is also reiterated in the Guidance accompanying the Report Template which requires to be used for all council internal reporting purposes.

Following implementation of a single integrated corporate forum for all Chief Officers in April 2021, a subsequent self-evaluation exercise in 2022 to review the effectiveness of the revised arrangements led to new arrangements in respect of the council’s senior management team and its supporting structure of meetings being developed and implemented from January 2023. This comprises four aspects, as follows:

(a) A Business Management Team whose role is “To monitor the efficient and effective operation of the council” and to secure the relevant assurances that “the council is able to effectively pursue the long-term ambition set out in The Plan for North Lanarkshire by ensuring this is underpinned with the relevant assurances and controls in terms of corporate governance [including performance, legal, and HR matters], risk management, and financial management." This means the Business Management Team role is that of assurance, not directing or monitoring delivery unless the ongoing assessment of assurance requires improvement in this respect. A four weekly Business Management Team meeting is held which comprises standing agenda items for finance, governance, risk, performance, and human resources and further demonstrates the ongoing commitment to ensuring corporate governance arrangements are in place and remain effective.

Reflecting the changes to the council’s senior management team structure as outlined in the annual governance update report to committee in September 2024, the Chief Executive, Depute Chief Executive, Section 95 Officer, and Monitoring Officer are members of the Business Management Team as well as the Chief Officers of Audit and Risk, People Resources, and Strategy and Engagement.

(b) A Corporate Management Team whose role is “To consider the strategic context and environment within which the council is operating, understand the position of the organisation, and consider the future direction. To consider the implementation of strategic decisions at a council wide level and the impact on the delivery of The Plan for North Lanarkshire and Programme of Work. To agree the one council approach required in order to deliver on the council’s priorities (in partnership where required) in line with the strategic direction and monitor the delivery of the Programme of Work.” This means the Corporate Management Team role has a focus on improvement over time in delivering the council’s strategic priorities through the Programme of Work.

The Chief Executive, Depute Chief Executive, and all other Chief Officers are members of the Corporate Management Team.

Both the Business Management Team and the Corporate Management Team input to the annual Strategic Governance Framework review process and to the review of the evidence that informs the Annual Governance Statement - with a view to ensuring the council’s governance arrangements and systems of internal controls remain effective and to identify any improvement activity or future developments required to support continuous improvement. This ongoing commitment from the Business Management Team and the Corporate Management Team ensures that good governance is supported from the top of the organisation.

(c) Four Service Management Teams (SMTs) - the annual governance update report in September 2024 reiterated the four service groupings which were originally established in September 2018, and which have continued to operate effectively since, i.e. Chief Executive’s services, Enterprise and Communities, Education and Families, and Adult Health and Social Care.

The focus for these four SMTs is to manage the operational delivery of service remits. They are also required to consider the implementation of strategic and corporate decisions at a service and/or service grouping level and to consider the context within which the service / service grouping is operating and ensure decisions made in terms of operational delivery are in line with good governance and support the successful delivery of the Programme of Work and The Plan for North Lanarkshire.

(d) Operational Management Team (OMT) - formally established in April 2021, this forum comprises all senior managers and head teachers across the council. It operates under the principles of engage, develop, support, and inform to connect managers and enable them to strengthen and support their teams to deliver on the Programme of Work in line with The Plan for North Lanarkshire. The OMT aims to provide a collaborative forum for discussions on the practical aspects of delivering the Programme of Work. This group is not a decision making body; it is an information sharing forum. Its focus is on providing opportunities to share and discuss significant strategic and corporate developments, and potential integrations and opportunities, with the wider operational management team environment across the council.