Prior to the meeting of the Audit Committee, the EDF gave a presentation to the Audit Committee members and other invited governors on the risk management of the English Bridge Campus building project and how the emerging associated risks were being mitigated.
The building project was being undertaken to improve facilities for students at the campus, specifically -
- To improve the quality and use of space on the ground floor of the campus
- Provide a modern Learning Resource Centre (LRC)/Independent study space with natural light
- Provide suitable and improved space for A Level Drama together with appropriate breakout and workshop space
- Expand and improve catering facilities and student social space
- Provide DDA compliant access to the lower ground floor teaching and exams spaces
- Improve the entrance area and welcome of the campus.
To mitigate the risk that the design did not meet stakeholder needs, a project working group of key stakeholders had been established and consultation and progress updates continued. A detailed feasibility study had been undertaken to ensure that the design was affordable and feasible within the challenging timeframe for delivery. Disruption to students caused by construction was a major consideration, so the feasibility study had considered build sequence and timeframes to mitigate noise and impact on students’ learning first, then to reduce any other impacts. Following shortlisting, the successful contractor was required to provide a detailed project programme that minimised impact on students and ensured timely completion.
The highest risk was that, due to the challenging delivery deadline of 23 September 2022, the project would not be completed to the planned timeframe. To mitigate this risk, the project initiated in December 2021, with the demolition phase undertaken during the Easter 2022 holiday to enable completion over the summer. However, the EDF explained that the risk remained that the contractor failed to meet the deadline due to labour or materials shortages.
In response to a question seeking assurance that the project would not exceed planned costs, the EDF explained that the initial feasibility study had been used to set cost expectation and ensure affordability and that contingency and provisional sum allowances had also been built into tender process to allow for unforeseen costs. For example, the final price allowed for weekend and out of normal hours working to meet the agreed project plan. Whilst quantity surveyor and project management expertise had been used to establish fixed prices for fit out work, an inherent risk remained of project overrun on the furniture and fit out element.
Governors requested an opportunity to visit the campus to view the completed project. The first Board meeting of the year was scheduled for mid-October, and the P/CEO indicated it may be possible to hold that meeting at the Campus.
The EDF was thanked for providing a clear and comprehensive presentation.
At this point, the presentation concluded and B. Greenaway and G. Mills left the meeting.
C. Parkes, College Internal Audit Service (IAS), joined the meeting.
M. Munro, College Financial Statements Audit Service (FSA), joined the meeting.
11/22. Declarations of Interest
There were no declarations of interest.
12/22. Draft Minutes of the Meeting Held 16 March 2022 (Appendix Agenda Item 3)
The Minutes of the meeting held on 16 March 2022, were agreed as a true record.
13/22. Internal Audit Reports (Appendices Agenda items 5a – 5d)
Ms Parkes presented the following reports –
Assurance Review of GDPR Compliance (previously circulated)
The review assessed compliance with the key GDPR elements of Privacy Impact Assessments, Data Subject rights (e.g., right to be forgotten), Data Classification and Asset management, Data Security & Breach Management, Governance & Consent and Data Controllers & Processors.
The Review had concluded that –
- Compliance with Data Protection by Design was evidenced by the completion of Data Protection Impact Assessments.
- Whilst data protection awareness training and briefings were in place, training on induction and refresher training should be mandated by policy.
- Where the college relied on legitimate interests for processing personal data, Legitimate Interests Assessments (LIA) should be carried out.
- Good practice identified included logging of data requests, using linked documents, which provided a clear and easy to follow record of the progress of each request. Individual privacy notices were in place specific to different categories of data subject.
- With 3 routine recommendations, the Report had given Substantial Assurance.
Resolved: That the report be noted.
Follow Up Review (previously circulated)
The follow up review considered whether management action in response to recommendations from IAS reports over the contract period, had addressed the control issues identified. 21 recommendations had been implemented, 6 were outstanding and 1 considered and not implemented. The high level of implemented recommendations gave the Committee assurance that management were invested in addressing control issues raised by the IAS.
Outstanding Audit Reports – Progress
Two IAS Reports were still to be reported to the Committee. The Health & Safety Report indicated Reasonable Assurance and the Bursary Report indicated Substantial Assurance. These reports, together with the Annual Report, would be presented to the meeting of the Committee in November 2022.
The Committee thanked Ms Parkes for the reports and for attending the meeting.
Ms Parkes left the meeting.
14/11 Financial Statement Auditors (FSA) Report (Appendix Agenda Item 5)
The Committee Chair welcomed Mr Munro to his first meeting.
Mr Munro introduced the Financial Statement Auditor Audit Plan and Report (previously circulated) for the year ended 30 July 2022, which provided an overview of the nature of the audit work and key aspects of the audit.
To enable an effective audit in the first year of the Contract, Bishop Fleming (BF) had been in contact with the previous auditors, Grant Thornton and would review their files.
The Audit Plan set out -
- Bishop Fleming’s understanding of the principal business issues relating to Shrewsbury Colleges Group and the overall impact on the audit approach – financial position and Going Concern;
- The company’s risk-based approach;
- Risks identified. These risks included –
- Management override of controls;
- Fraud in income recognition; and
- Pension assumptions.
- The company’s approach to materiality and regularity assurance;
- The Team;
- Fees; and
- Communications of audit matters with the Committee.
Mr Munro also referred to the report section that covered areas of the auditor risk assessment and that Bishop Fleming was required to make enquiries under accounting standards which included meeting auditing standards on going concern and estimates.
Resolved: That the External Audit Plan and Strategy BE RECOMMENDED TO BOARD.
ACTION: Report to Board
15/22. Risk Register and Board Assurance Framework (Appendix Agenda Item 6)
The Committee reviewed the 2021 – 2022 Risk Register and Board Assurance Framework (previously circulated).
The EDF explained the risks identified and mitigating actions being undertaken –
- Regarding the risk of significant under recruitment of planned 16-18 learner numbers in 2022 - 2023, the Register had been updated to include the risk mitigation previously reported to governors. The college was modelling against expected enrolments for 2022 – 2023 and the consequent impact on funding for 2023 – 2024.
- Regarding the risk of failure to deliver planned Adult Education Budget (AEB) allocation resulting in clawback of funding &/or material financial underperformance against budget, the EDF explained that the financial forecast had anticipated clawback, which was reported in the Management Accounts commentary sent to all governors.
The P/CEO invited the Committee to consider the Register and raise through the Clerk any particular risk issues they wished to be the subject of future pre-meeting presentations to all governors. The Committee also agreed that it would be helpful going forward, if the IAS and FSA attended the committee pre-meeting presentations, to receive assurance on the college’s risk assessment ‘culture’.
The Committee concluded that the risks had been appropriately identified and the management actions reported were effectively mitigating these risks.
Resolved: That it be RECOMMENDED TO BOARD that the Risk Register, as amended, be approved.
ACTION: REPORT TO BOARD
16/22. Audit Recommendation Tracking Report (Appendix Agenda Item 7)
The Committee received the Audit Recommendation Tracking Report (previously circulated).
In response to a question from the Committee Chair, referencing a recent cyber penetration test conducted at the college, the EDF confirmed that, going forward, penetration testing would be undertaken annually.
The EDF explained that the recommendations arising from the most recent IAS reports would be included in future reports.
17/22. Post-16 Audit Code of Practice 2022 (Appendix Agenda Item 8)
The report (previously circulated) set out the changes in the Post-16 Audit Code of Practice 2021 – 2022, which applied to all financial periods commencing on or after 1 August 2021, and the funding year 2021 to 2022.
The Committee reviewed the changes and sought assurance that the necessary procedures were in place to meet the Code’s requirements and noted particularly the changes, as they affected the work of college audit committees, were:
- The reference to the Education and Skills Funding Agency’s (ESFA’s) Guidance on the scope of work of audit committees and internal auditors in college corporations (paragraph 22).
- The clarification that college corporations did not need to inform ESFA in instances where there had been a routine change of auditors (paragraph 28).
The ESFA had issued the College Accounts Direction for 2021-22 (CAD) which set out the financial reporting requirements for further education and sixth-form college corporations for the financial year ending 31 July 2022. The Direction had introduced 2 new requirements in the statement of corporate governance and internal control:
- a report on activities undertaken over the year to develop governors and clerks/governance professionals. The Committee had been advised at its previous meeting (Min No 06/22 refers) that the planning and monitoring of governors’ training and development was undertaken by the Search & Governance Committee, which received an assurance report at every meeting. The Committee Governance Pack included development resources for the Committee Chair and the role and issues for 2022 for the Audit Committee (previously circulated). The Governor Development Programme Learning Platform, provided by FutureLearn, also had discrete modules on Audit & Risk; and
- a report on whether the corporation had conducted/ commissioned an internal or external review of governance and confirmation that the corporation had conducted an annual self-assessment of governance and, if applicable, that an external governance review (required every 3 years) had taken place. The External Review three-yearly cycle falls due between 2021-2022 and 2023- 2024. The Clerk had received email clarification from the ETF that the college’s pilot review of December 2021, had counted in this context.
18/22. Irregularity and Fraud
19/22. Committee Self-Assessment 2021 - 2022 (Appendix No. 12)
At the end of the 2021 - 2022 governance cycle, the Board and each committee were invited to complete an evaluation exercise. These would inform the Board’s self-assessment return and improvement action plan 2022 – 2023.
The Committee considered the Committee’s performance during 2021 – 2022 and completed the evaluation. The Evaluation also included an assessment of how effectively the Committee had carried out its responsibilities and a compliance audit against the Audit and Accountability Annexe to the Foundation Code of Government. The Committee concluded that –
- Despite having the ability to dispense with the services of Internal Auditors, the Committee had recommended that this service be continued as an appropriate mechanism to review and manage risk and provide assurance to the Board.
- The Committee provided an Annual Report to the Board on the effectiveness of the College’s in line with the requirement in the Joint Audit Code of Practice for the Audit Committee to produce an annual report on the adequacy and effectiveness of the college’s assurance framework.
- The Committee provided continual challenge in respect of the timely management of risks and highlighted the need for mitigating actions to be properly recorded and updated on the risk report it received at each meeting.
- To further improve the Committee’s effectiveness, it was agreed that:
- meeting face-to-face going forward would provide an opportunity for members to get to know each other.
- the IAS and FSA be invited to attend pre-meeting risk briefings
- co-option of a committee member with accountancy skills should be considered going forward.
- The Committee’s Terms of Reference reflected the purpose, remit and role of the Committee and were compliant with the latest requirements set out in the Audit Code of Practice.
The Committee agreed that the risks relevant to the Committee have been appropriately identified and the management actions reported were effectively mitigating these risks.
21/22. Date of Next Meeting – Wednesday, 23 November 2022 from 5.30 p.m.
The meeting concluded at 6.15 p.m.