Agenda item

The purpose of this report is to provide an update on Internal Audit activity since the last report to the Pension Board on 12^th December 2025.

The Head of Audit & Assurance introduced the report to the Board and highlighted the following areas.

·  The report provides an update on progress in delivering the programme of work since the last update report presented to the Pension Board. It includes information on audits issued and in progress and summarises the Assurance Level assigned to each internal audit review.

·  The Pensions Payroll audit was assigned a “Reasonable” Assurance rating, where the systems of internal control were found to be satisfactory.

·  The Transfers Out audit was assigned a “Reasonable” Assurance rating, where again the systems of internal control were found to be satisfactory and no high priority findings were reported.

·  i-Connect System Access Controls: Audit Update - It is pleasing to note that no significant issues have been identified, and the audit is currently expected to conclude with a Level 4 - Substantial Assurance rating.

·  Business Continuity Planning: Audit Update - This review is progressing well, with a number of potential findings identified for discussion. These findings will form the basis of early engagement with management at the start of fieldwork in March 2026.

·  Monitoring Contributions: Audit Update - The audit brief for Monitoring Contributions has been issued, and initial scoping meetings have been completed. We have arranged discussions with the key contacts for this review, which will take place w/c 2^nd March 2026. These discussions should allow us to gain the necessary understanding to progress the audit with a target completion for the end of March 2026.

·  2026-27 Internal Audit Plan: Our planning process for 2026/27 is complete and the draft Internal Audit Plan has been produced following presentation to the APF Management Team.

The Chair asked how any actions are followed up and recorded as complete.

The Head of Audit & Assurance replied that clear completion dates and officer responsibility are assigned and that they will report back on these implementations.

Alison Wyatt asked why there are variances between admin and payroll records.

The Pensions Operations Manager replied that Altair supply the software for both systems, but they are run separately. She added that a manual role is still required for some elements of the process. She explained that an enhanced software model was due to be in place later in the year.

Helen Ball asked if consideration had been given to bringing forward the audits related to Cyber Security.

The Audit Manager replied that the plan has been discussed with the Management Team and the timescale agreed due to resourcing issues.

The Head of Audit & Assurance added that this area had last been reviewed in 2023 and that the officers concerned already have a lot of work ongoing that requires their time.

The Audit Manager stated that some elements of Cyber Security are included in the ongoing Business Continuity Planning audit.

James Young referred to the Transfers Out audit and asked if a counter fraud risk assessment had been carried out previously.

The Governance & Risk Advisor advised that a counter fraud risk assessment had not been carried out, but the Fund were planning to complete one this year.

The Board RESOLVED to;

i) Note the report and the outcomes of the Internal Audit work carried out on behalf of the Avon Pension Fund (APF).

ii) Approve the 2026/27 Internal Audit Plan.