Prior to the meeting, Committee members received a Briefing from the Finance Director (FD) on proposals to revise the College’s Board Assurance Framework, Risk Ratings and Appetite for Risk. The FD explained that the current College Risk Register followed a traditional and generally accepted format and that it had been some time since the Board had reviewed and considered its appetite for risk and the associated scoring and RAG rating used. He also explained that there was currently no formally documented approach to assessing probability and that the current Assurance levels did not include the revised impact and probability scores – only the RAG rating.
The Board members present considered a proposed alternative approach and method of presentation, including revised definitions about how impact should be assessed and proposed revised definitions about how probability should be assessed.
22/19. Election of Chair
Having been proposed by R. Sartain and seconded by C. Sharp, it was
Resolved: That Nigel Merchant be appointed Chair of the Committee.
N. Merchant in the Chair.
23/19. Declarations of Interest
There were no declarations of interest.
24/19. Draft Minutes of the Meeting Held 06 June 2019 (Appendix No. 4)
The Minutes of the meeting held on 06 June 2019, were agreed and signed as a true record. It was noted that R. Sartain was present for the pre-meeting Briefing and that the date of the first meeting for the 2019 – 2020 Academic Year had been amended from 25 September 2019, to 27 November 2019.
25/19. Draft Audit Committee Workplan 2019 - 2020 (Appendix 5)
The Committee undertook a review of the Key Reports to be considered by the Committee for 2019 - 2020 (previously circulated). The Chair of the Committee requested that Clerk and FD consider moving some items from the June 2020 meeting to the March 2020 meeting, to preserve a balance of items.
That the Annual Timetable of Standard Business for the Audit Committee 2019 – 2020, be approved, subject to consideration of the balance of items to be considered at the March and June 2020 meetings.
26/19. Internal Audit Reports (Appendices Nos. 6a – 6diii)
Ms Parkes presented the following reports –
Follow-Up Review (September 2019) (previously circulated).
The follow up review considered whether the management actions taken in respect of priority 1 and 2 recommendations arising from the internal audit reviews conducted had been implemented.
- 6 reviews had been undertaken. At the time of the review,
- 25 – actions implemented; and
- 5 – actions outstanding.
The key issues identified as outstanding were in relation to payroll and payments and the College still needed to review the arrangements for checking to ensure there were no IR35 issues for any suppliers being set up. Ms Parkes reported that these outstanding recommendations had been presented to the Audit Committee and revised implementation dates agreed, which the Committee accepted as assurance.
Internal Audit Annual Report 2018 – 2019 (previously circulated).
The annual internal audit report summarised the outcomes of the reviews carried out on the College’s framework of governance, risk management and control and designed to assist the Governing Body in making its annual governance statement.
The approved 2018 - 2019 Annual Audit Plan had been for 35 days of internal audit coverage in the year. However, during the year, the review of Network Controls had been cancelled and the IAS had conducted a review on the T Level Grant Certification in addition to the work agreed in the Annual Plan; meaning that the Service conducted 32 days of work. All of the other planned work had been carried out and the reports issued.
The Committee reviewed –
- The assurance reviews undertaken;
- Number of recommendations made – there being no urgent recommendations;
- And the performance and quality assurance indicators used to measure the performance of the IAS in delivering the Annual Plan.
The Report concluded that the Internal Audit Service was satisfied that sufficient internal audit work had been undertaken to allow it to draw a positive conclusion as to the adequacy and effectiveness of Shrewsbury Colleges Group’s risk management, control and governance processes. In the Service’s opinion, Shrewsbury Colleges Group had adequate and effective management, control and governance processes in place to manage the achievement of their objectives.
That the report be noted.
Audit Strategy 2019 – 2020 and Annual Internal Audit Plan (previously circulated).
The Draft Audit Plan for 2019 – 2020, had been developed by carrying out an updated audit risk assessment to ensure that the planned coverage for the year was focussed on the key audit risk and that coverage would enable a robust annual Head of Internal Audit Opinion to be provided.
The Committee acknowledged that the year ahead would continue to be challenging for education providers both in terms of funding and in maintaining quality provision. The Committee analysed the key risk areas which would require consideration when planning internal audit coverage, including –
- Brexit – stress-testing against uncertainty;
- Data Protection Act (DPA) 2018 – how data is held and protected; and
- Cybercrime – defence against increasingly sophisticated attempts to disrupt and deny services.
In considering these risks, the Chair sought assurance that all affected College staff had been made aware of securing Settled Status. With respect to the DPA, the Chair sought assurance on how the College protected data shared with others such as funding bodes. The FD provided assurance that data transfer was managed through secure portals. A Review of Cyber Security would be undertaken for 2020 – 2021.
The Committee challenged why no Contingency Audits had been planned for the year. It was explained that contingency had been built into the Plan should the need for audits of this nature be required.
In accordance with Audit Committee Terms of Reference, the Internal Audit Strategy and Plan was required to be recommended to Board.
RECOMMENDED TO BOARD the Internal Audit Strategy and Plan. ACTION: ITEM TO BOARD
Assurance Review of Financial Business Planning (previously circulated).
The review had considered the approach to Business Planning, including the use of assumptions and sensitivity analysis. It had considered how the different functions within the College contribute to this process, ensuring the production of coherent and viable plans.
The review concluded that the College had a two-year rolling financial plan, an approved annual budget and Financial Regulations in place and had made a number of minor recommendations to ensure a standardised and consistent approach across the College and thus had Reasonable Assurance. The Committee sought assurance that the users of the 4cast system understood how to use it correctly.
That the report be noted.
Assurance Review of GDPR Compliance (previously circulated)
The review had assessed compliance with the key [EU] GDPR elements and had concluded that the Group could provide evidence that it was moving towards compliance with the GDPR, however, some areas required additional work to increase compliance and thus had Reasonable Assurance. The FD provided assurance that the College had a clear CCTV Policy and that GDPR Impact Assessments would be completed by the required implementation date.
The Committee discussed the appropriateness of the appointment of the Group Vice Principal – Information & Strategic Development as Data Protection Officer to ensure that there was no conflict of interest and accepted that the College would consider alternative arrangements should a personal conflict of interest arise. The Clerk provided assurance that all governors signed a Privacy Notice on appointment and the report be amended to reflect this.
That the report be noted.
Compliance Review of Sub-Contractor Controls (previously circulated)
The review had assessed and confirmed the College’s sub-contracting arrangements. The Committee noted with pleasure that the College has good arrangements in place to manage and monitor its subcontracted provision.
- The College undertook regular risk management profiles for each provider;
- Signed contracts and contract addendums were held for all current providers and thus had Substantial Assurance.
The Committee acknowledged that the College only sub-contracted with partners who provided value to students and employers.
That the report be noted.
27/19. External Audit Reports (Appendices No. 7)
Mr Devitt presented the following reports –
Financial Statements for the Year Ended 31 July 2019
The external auditors from Grant Thornton (GT) presented the Financial Statements for the Year Ended 31 July 2019 (previously circulated). The Draft Financial Statements for the year ended 31 July 2019, had been audited by the Financial Statements auditors who indicated a ‘clean’ unqualified audit opinion in terms of both truth and fairness and regularity, although a number of minor amendments were still required.
Going Concern Assessment
The Finance Director advised the Committee that governors were required to assess the College’s going concern and that the auditors needed to be satisfied that the assessment was robust. The Committee accordingly reviewed a list of considerations and the responding management comments in order to make their assessment, including a paper (previously circulated) that set out the weekly cash-flow forecast for the financial year 2019 - 2020, based on the budget and actual cash movements and forecasts for the year to date. In addition, the paper provided a two year monthly cash-flow forecast based on the 2019 - 2020 and 2020 - 2021 years financial plan and budget approved by the Board in July 2019. The Committee agreed that the paper indicated that the College had sufficient resources to meet the going concern requirement.
The Committee thanked the Finance Manager and Team for their hard work in assisting the Financial Statements Auditors.
That, having considered the draft Financial Statements, the report of the Finance Director and Financial Statements auditors and the reports on going concern, the Committee RECOMMENDED TO BOARD that
- the Committee considered the Shrewsbury Colleges Group to be a going concern; and
- the audit findings and draft year-end financial statements 31 July 2019, be recommended to the Board for approval. ACTION: REPORT TO BOARD
The Audit Findings for Shrewsbury Colleges Group
The Committee considered the report of the College’s Financial Statements’ Auditor, Grant Thornton (GT) (previously circulated), highlighting the key matters arising from its audit of the Shrewsbury Colleges Group) financial statements for the year ended 31 July 2019.
Mr Devitt advised that there was nothing adverse in the findings and that there was very little outstanding in terms of work to do. He explained the report’s contents, as follows –
- The work was substantially complete and there were currently no matters of which Grant Thornton were aware of that would require modification of the audit opinion, subject to minor outstanding matters;
- Audit findings – significant risks – the commentary was explained to the Committee’s satisfaction;
- Audit findings against other risks;
- Going Concern – Grant Thornton considered that the Board’s Going Concern assessment was reasonable and therefore the accounts have been appropriately prepared on the going concern basis;
- No matters in relation to fraud or breaches in relation to laws and regulations had been identified;
- The Letter of Representation (previously circulated) was brought to the Committee’s attention, which would be signed at the Board meeting in December 2019;
- Regarding fees and non-audit services, the Committee noted the Statement to the effect that Grant Thornton was independent of the College and provided no other services.
In conclusion, Grant Thornton anticipated that it would provide the College with an unmodified audit report.
The Finance Director explained that recommendations arising from the Report would be included in the Recommendation tracking report going forward.
The Committee AGREED to hold the meeting of the Audit Committee that would consider the Financial Statements for the year ended 31 July 2020, in early December 2020, to assist in the preparation of the reports.
That the Audit Findings for Shrewsbury Colleges Group for the year Ending 31 July 2019, be accepted.
28/19. Audit Committee Draft Annual Report 2016/17 (Appendix No. 8)
The Chair submitted his Draft Annual Report and advised that the report would be referred to the Board for approval, subject to acceptance by the Committee.
The purpose of the Annual Report was to submit to Board a précis of the activities of the Audit Committee in an annual report for the Year 1 August 2018 to 31 July 2019 and had been produced in accordance with the model as set out in the guidance on the Joint Audit Code of Practice.
The Annual Report to the Board provided -
- a summary of the work of the Committee during the financial year under review, including any significant issues arising up to the date of preparation of the Report;
- any significant matters of internal control included in the management letters and reports from auditors or other assurance providers;
- the Committee’s view on its own effectiveness and how it had fulfilled its terms of reference; and
- the Committee’s opinion on the adequacy and effectiveness of the College’s audit arrangements, its framework of governance, risk management and control and its processes for securing economy, efficiency and effectiveness.
The Committee noted that appointment of Mr Sharp as a co-opted committee member and Mr Harry, to meet the membership requirements. Mr Devitt requested that the Draft Report be amended to refer to the work of the FS audit undertaken with respect to the Financial Statements for the year-ended 31 July 2019.
That the Draft Annual Audit Report for Audit be agreed and, subject to the further amendment requested be RECOMMENDED TO BOARD for approval. ACTION: REPORT TO BOARD
29/19. Whistleblowing, Irregularity & Fraud – Annual Statement of Declaration of Incidents 2018 – 2019 and Policy (Appendix No. 9)
The Committee considered a report from the Clerk (previously circulated) presenting a Declaration that no incidents of Fraud, Corruption or Whistleblowing had been reported to the Clerk’s Office during 2018 – 2019, in accordance with Financial Procedures.
That the Committee RECEIVED the Statement of the Clerk regarding Incidents of Whistleblowing and Fraud 2018 – 2019 and AGREED that the annual reminder regarding the College’s Anti-Bribery arrangements be sent to all staff.
30/19. Risk Register and Board Assurance Framework (Appendix No. 10)
The Committee reviewed (previously circulated) the Risk Register and Board Assurance Framework (BAF) – November 2019 Update. In updating the Risk register a number of risks previously tracked had been reviewed and removed as no longer appropriate or requiring monitoring.
At this point, the Committee discussed the pre-meeting presentation on proposals to revise the College’s Board Assurance Framework, Risk Ratings and Appetite for Risk.
Having considered the proposals and the risk needs of the Board, the Committee AGREED that –
- the proposed risk impact and probability descriptors shown would reflect the Board’s risk appetite; and
- the proposed scoring mechanism and RAG presentation, proposed format of presentation and proposed reporting arrangements to the Board and Audit Committee would provide assurance to the Board on the robustness of the College’s risk management arrangements and a robust Board Assurance Framework. It requested that the revised approach be presented to the Committee at its next meeting in March 2020.
The Finance Director explained the risks identified and mitigating actions being undertaken. The Committee concluded that it considered the risks to have been appropriately identified and the management actions reported were effectively mitigating these risks.
That it be recommended to Board that:
- the Risk Register and Board Assurance Framework (BAF) – November 2019 Update, be approved; and
- the carrying-forward of risks for the 2019 – 2020 Risk Register and BAF, be approved, subject to the revised approach being considered at the March 2020 Audit Committee meeting. ACTION: REPORT TO BOARD
31/19. Audit Recommendation Tracking Report (Appendix No. 11)
The Committee reviewed and noted the Audit Recommendation Tracking Report (previously circulated).
The FD reported that the additional items arise from the latest audit reports. Regarding the recommendation that a six-monthly disaster recovery test be carried out with respect to Payroll, the Committee challenged the FD for assurance that procedures were robust, considering there had been no tests conducted to date. The FD advised that the Group Vice-Principal, Human Resources & Development had ensured there was resilience in the Team with respect to knowledge and ability to deal with a failure of Payroll systems and had documented proportionate procedures for disaster recovery, such as referring to previous months’ payments, that mitigated the requirement for testing. The Finance Director offered to discuss the revised procedures with R. Sartain, as part of his planned 1-2-1 with the governor.
That the report be noted.
32/19. Irregularity and Fraud
The FD took the opportunity at this point to advise the Committee of an incident of fraud that had been investigated and remedied. The Committee noted that the College’s Fraud and Irregularities Policy had been amended slightly since the last Statement in November 2018, to include the Group Vice-Principal, Human Resource Development as an officer to whom incidents of suspected fraud, bribery or corruption could be reported.
33/19. Date of Next Meeting – Wednesday, 18 March 2019 @ 6.00 p.m. Venue – Principal/CEO’s Office, Welsh Bridge Campus.
The meeting concluded at 7.56 p.m.