The internal audit report provides substantial assurance that controls are operating effectively for SAP application controls at East Sussex County Council. One agreed action from a previous audit around fully documenting change requests using an improved template remains outstanding. Otherwise, previous actions have been implemented, including updating guidance on restricted user roles, implementing access reviews, and documenting the change request process.