audit committee- 27 November 2024

Location Held in the P/CEO’s Office, London Road Campus and through Teams
Date 27th November 2023
Time 5.30 pm
Minutes Membership Prof J. Barratt and M. Hartland (in attendance by Teams),

R. Harrison, R. Sartain, M. Thompson and C. Sharp.
Prof J. Barratt (in attendance by Teams), R. Harrison, R. Sartain, M. Thompson and C. Sharp.
In Attendance Members of the Senior Leadership Team:
P. Partridge, Executive Director of Finance (EDoF)
J. Staniforth, Principal/CEO

Clerk to the Board:
T. Cottee

A Prichard, Governor, observer as part of Induction, prior to joining the Committee as a member from December 2024.


In attendance for the meeting by Teams:
L. Glover, Director, Validera, College Internal Audit Service (IAS)
M. Munro, Audit Manager, Bishop Flemming, College Financial Statement Audit Service (FSAS)
Apologies None.

Prior to the meeting, the P/CEO provided a risk management briefing on risks on the following Strategic Risks –

    • Board 1 – Risk of disruption to learning from strike action
    • FBO 11 - Teacher and Non-Teacher Pay Awards exceed planned/affordable increases: 2024-25

The risk briefing provided –

    • The context leading to the decision by the NEU to take strike action against the government’s decision not to extend funding to pay for the agreed 5.5% pay award for teachers to sixth form colleges.
    • The college would be affected by the strike action, taking place on 28 November and 3 &4 December 2024.
    • The college’s current budgeted position regarding pay awards and the impact on the budget of paying the 5.5% pay uplift agreed by the government to teachers and support staff.
    • The factors which could reduce or mitigate the financial impact of affording an unfunded pay award on the college and its financial health score.
    • Mitigating actions being taken by the college as a result of the strike action to manage the risk to -
      • disruption to student learning as a result of the strike action
      • the college’s reputation and impact on recruitment
      • manage the risk to staff cohesion and engagement
    • There was a possibility that OFSTED could visit the college during strike action.

L. Glover joined the meeting.

29/24.  Election of Chair

Having been proposed by M. Thompson and seconded by R. Sartain, it was

Resolved:  That C. Sharp be appointed Chair of the Committee.

C. Sharp in the Chair

30/24.  Declarations of Interest

There were no pecuniary declarations of interest.

31/24.  Draft Minutes of the Meeting Held 12 June 2024 (Appendix, Agenda Item 3)

The Minutes of the meeting held on 12 June 2024, were agreed as a true record. 

32/24.  Draft Audit Committee Workplan 2024 - 2025 (Appendix, Agenda Item 5)

The Committee undertook a review of the key reports to be considered by the Committee for 2024 - 2025 (previously circulated).  The Committee agreed that the Draft Workplan presented a balanced and thorough programme of work, that reflected the Committee’s Terms of Reference.

Resolved:  That the Annual Timetable of Standard Business for the Audit Committee 2024 – 2025, be approved.

33/24.  Reports from Internal Audit Service (Appendices a - div, Agenda item 7)

Mr Glover presented the following reports (all previously circulated) –

  1. Internal Audit Service Annual Report

The annual internal audit report summarised the outcomes of the reviews conducted on the college’s framework of governance, risk management and control to assist the Governing Body in making its annual governance statement.

The annual programme of internal audit work plan was based on the IAS Audit Needs Assessment and the resulting Internal Audit Strategy; refreshed annually in consultation with management and the Committee.  For 2023 – 2024, the Committee had approved the following reviews:

      • Corporate Governance
      • Performance Management
      • Counter Fraud Health Check
      • Student Records
      • Campus Management (Security)
      • IT Cyber Security
      • Information Governance

The 2023 – 2024 Annual Audit Plan approved by the Committee had been for 40 audit days and individual reviews had been delivered within this budget.  After the strategy had been approved, management had requested that the Student Records review be postponed; five unused days had been carried forward to 2024 - 2025.  During the year, the IAS was also asked to assist the college with an Annex G Grant Certification for Taking Teaching Further funding.

Therefore, during the year, the service had conducted the seven reviews; three receiving Substantial Assurance, four attracting Adequate Assurance and no reviews attracted Limited or No Assurance. 

The reviews undertaken had not resulted in any urgent recommendations and there were no areas reviewed by internal audit where it was assessed that the effectiveness of some of the internal control arrangements provided ‘limited' or 'no assurance’. 

Based on the work performed, the IAS offered its conclusion as to the adequacy and effectiveness (or inadequacy and ineffectiveness) of the college’s risk management, governance and control processes.  Overall, in the opinion of the IAS, based on the reviews performed during the year, Shrewsbury Colleges Group had:

    • adequate and effective risk management.
    • adequate and effective governance; and
    • adequate and effective control processes.

As the report was designed to assist the Governing Body in making its annual governance statement and complete its Annual Report to Board, the Committee was of the view that it had received sufficient assurance on the adequacy of the college’s controls and this be reflected in the Committee’s Draft Annual Report to Board.  

Resolved: That the report be noted and the Audit Committee Draft Annual Report to the Board be revised accordingly.

  1.  Internal Audit Strategy 2024/25 – 2025/26

Mr Glover presented the draft Internal Audit Strategy 2024/25 – 2025/26.

The report set out –

      • The key findings of the Audit Needs Assessment (ANA), following discussions with key college personnel and the Audit Committee Chair.
      • The Service’s approach to the development of the Strategy.
      • The Internal Audit Strategy.

The following were noted:

    • The college was implementing a new finance system and would need to ensure compliance with the new Procurement Act going forward.
    • The college was undertaking a number of capital projects comprising of LEP and LSIF funding. Procurement and contract management for these projects were outsourced.
    • Partnership working arrangements were in place with Telford College and the NHS for provision of Health & Social Care work placements.
    • The approach to the review of Student Records had been discussed with the Vice Principal – Quality, Apprenticeships & Information, arriving at an agreed proposed schedule of work. An appropriately experienced auditor would undertake the audit, to provide the best value to the college.

Having reviewed the Draft Strategy, the Committee:

Resolved: RECOMMENDED TO BOARD that the Internal Audit Strategy be recommended for approval.

ACTION:  REPORT TO BOARD 09 December 2024

  1. Follow Up of Audit Recommendations

The IAS reconciled the Trackers to the internal audit reports and were able to confirm that the correct Assurance Level and number of recommendations had been recorded for all audits.  The IAS was also able to provide adequate assurance over the monitoring and implementation of recommendations.

In response to questions on follow up recommendations regarding the audit on the HR System functionality, the P/CEO acknowledged that, whilst the system did not meet all the college’s current needs, particularly with respect to staff recruitment, the college would not yet look to replace it.  Going forward, any replacement to the system would incur costs with respect to procurement, investment in staff training and roll-out.

The Audit provided Adequate Assurance.

  1. Assurance Review – Performance Management

This review was to give assurance that the Performance Data regarding the college’s strategic objectives was presented to the Senior Leadership Team and the Governing Body so as enable members to effectively discharge their responsibilities in this area.  

Areas of good practice identified included:

      • Management information was generated consistently.
      • Key Performance Indicators (KPIs) were reviewed on a biannual basis.
      • Clearly defined roles of reporting.
      • Strategic Plan action plan was regularly updated.

The Audit provided Substantial Assurance.

  1. Assurance Review - Campus Management

This review was to give assurance that the college had in place sufficient controls to manage the risk of threats to student and staff safety and security through the effective management of access to the college’s campuses.

Areas of goof practice identified included:

      • Staff, students, and visitors observed as adhering to lanyard protocols.
      • Lockdown procedure practice in place, with a ‘lesson learnt’ approach.

The Review had promoted several recommendations, with respect to –

    • Security Policy and Procedural.
    • Keyholder Logs review & Alarm code updates.
    • Visual prompts at London Road.
    • Access controls to Welsh Bridge buildings.
    • CCTV service and maintenance contract.

Management had responded to the recommendations and the Audit provided Adequate Assurance.

  1. Assurance Review – IT & Cyber

This Review was to give assurance that the college had accurately identified and sufficiently managed risks relating to poor information security and mitigating the risks of a material Data Breach or a successful malicious cyber-attack. 

The IAS noted the following areas of good practice:

      • Responsibility for IT has been clearly documented.
      • Set up of firewalls, web filtering and anti-malware software.
      • Cyber Security Training.
      • External Assurance of Firewall Rules.
      • User Access Controls.
      • MFA for remote access.

Recommendations had been made with respect to –

    • Phishing Tests.
    • Documentation of Processes.
    • Up to Date Password Guidance.

Management had responded to the recommendations and the Audit had received Substantial Assurance.

  1. Assurance Review – Information Governance

This Review was to give assurance that the college had accurately identified and sufficiently managed risks relating to poor information security and mitigating the risks of a material Data Breach.

The audit testing performed confirmed that the controls stated within the Register were in place and operating effectively.  Therefore, the Committee was assured over the accuracy of the Risk Register entry and scoring.

The IAS noted the following areas of good practice:

      • Clear policies surrounding the Colleges legal responsibilities for data handling.
      • Data asset tracking and process activity monitoring.
      • Destruction of hard and soft data.
      • DSAR process.
      • Privacy notices are clear and concise.
      • Staff training.

Recommendations had been made with respect to –

      • Good data protection principles reminders.
      • Verification of requesters of information.
      • Data auditing.

Management had responded to the recommendations and the Audit had received Adequate Assurance.

Resolved: That the reports be noted.

 

M. Munro joined the meeting.

34/24.  Financial Statement Auditors (FSA) Report – Draft Financial Statements for Year Ended 31 July 2024 (Appendices Agenda Items 6)

Mr Munro presented the following reports –

Financial Statements for the Year Ended 31 July 2024

Mr Munro presented the Draft Financial Statements for the Year Ended 31 July 2024 (previously circulated) which, having been substantially audited, indicated a ‘clean’ unqualified audit opinion in terms of both truth and fairness and regularity.  He thanked the EDoF, Finance Manager and Team for their co-operation and for providing high quality information.

Mr Munro explained that no adjustments had been identified that impacted the outturn other than minor disclosure arrangements agreed with management, which should provide a high degree of assurance to the Committee.  Mr Munro explained that, based on the work done to date, the auditors were proposing an unmodified opinion.  The anticipated regularity assurance opinion would also be unmodified.

Key Issues for Discussion

The Committee reviewed the key issues that affected the audit and the preparation of the Financial Statements.

Mr Munro advised that there was nothing adverse in the discussion report (previously circulated).  He explained the report’s contents, as follows –

      • The work was substantially complete and there were currently no matters of which the auditors were aware of that would require modification of the audit opinion;
      • As a result of the investment made by both parties, the audit had proceeded very smoothly, with very few issues. The FS auditors had appreciated the efforts made in preparing a high quality, complete audit file of information in accordance with the originally agreed timetable.
      • The FS auditors had reviewed the controls that operated within the college and had identified a few minor areas of risk. Best practice recommendations had been provided.
      • Audit findings – the commentary was explained to the Committee’s satisfaction;
      • Audit findings against other risks. The specific risks highlighted were:
        • Management override of controls
        • Revenue recognition.

No material errors had been identified.

      • The heightened risks highlighted:
        • Pension assumptions.
        • Capital projects.

No material errors had been identified.

      • Going Concern – The auditors considered that the Board’s Going Concern assessment was reasonable and therefore the accounts had been appropriately prepared on the going concern basis. The college had evidenced it had sufficient mechanisms in place to effectively manage cash flow. In addition, the college had not breached any covenants, which provided additional assurance to the Committee;
      • No matters in relation to fraud or breaches in relation to laws and regulations had been identified;
      • The Letter of Representation and final version of the Financial Statements would be signed at the Board meeting on 09 December 2024;
      • Regarding fees and non-audit services, the Committee noted the Statement to the effect that the auditors were independent of the college and provided no other services.

Resolved:  That the Audit Findings for Shrewsbury Colleges Group for the year Ending 31 July 2024, be accepted.

Going Concern Assessment

The EDoF presented a report (previously circulated) providing the Committee with assurance regarding the status of the college as a going concern.  The draft year end accounts, 2024 - 2025 financial plan and year to date operating outcomes demonstrated continuing good financial health.

The latest weekly cashflow forecast for the year illustrated a sound ongoing cashflow position with no period of pressure on cashflows.  Having received this report and the assurances of the Financial Statement auditors, the Committee was of the view that the college had in place adequate mitigating actions in place to ensure cash fluidity at this time during 2025.

Resolved: That, having considered the draft Financial Statements, the reports of the Executive Director of Finance and Financial Statements auditors, the Committee thanked Mr Munro and his Team for producing a comprehensive report and to the Finance Manager and his Team for their support and

Resolved:  RECOMMENDED TO BOARD that

  1. the Committee considered the Shrewsbury Colleges Group to be a going concern; and
  2. the audit findings and draft year-end financial statements 31 July 2024, be recommended to the Board for approval.

ACTION:  REPORT TO BOARD 09 December 2024

Mr Glover and Mr Munro left the meeting at this point. 

The Committee took the opportunity to thank them for their work.

35/24.  Audit Committee Draft Annual Report 2023 - 2024 (Appendix, Agenda Item 8)

The Committee Chair submitted the Audit Committee Draft Annual Report and advised that the report would be referred to the Board for approval prior to submission to the ESFA. 

The purpose of the Annual Report was to submit to the Governing Body a précis of the activities of the Audit Committee for the Year 1 August 2023 to 31 July 2024 and had been produced in accordance with the guidance set out in the Joint Audit Code of Practice (JACOP) and Education & Skills Funding Agency (ESFA) Guidance ‘The Scope of Work of Audit Committees and Internal Auditors in College Corporations’..  The Committee’s Terms of Reference (previously circulated) remained compliant with Code of Practice requirements.

The Annual Report to the Board provided -

      • a summary of the work of the Committee during 2023 - 2024, including any significant issues arising up to the date of preparation of the report;
      • any significant matters of internal control included in the management letters and reports from auditors or other assurance providers;
      • the Committee’s view on its own effectiveness and how it had fulfilled its terms of reference; and
      • the Committee’s opinion on the adequacy and effectiveness of the college’s audit arrangements, its framework of governance, risk management and control and its processes for securing economy, efficiency and effectiveness.

The Committee, having reviewed the Draft Report, asked for several minor revisions and the sections on the Internal Audit Service and Financial Statements Audit be supplemented to reflect the updates to the IAS Annual Report (Min. No. 33/24) and the Draft Financial Statements 2023 – 2024 (Min. No. 34/24), as these reports had provided further assurance to the Committee on the integrity of the college’s control systems.

Resolved:  That the Draft Annual Audit Report for Audit be agreed and, subject to the further amendments requested, be RECOMMENDED TO BOARD for approval.

ACTION:  REPORT TO BOARD 09 December 2024

36/24.  Whistleblowing, Irregularity & Fraud – Annual Statement of Declaration of Incidents 2023 – 2024 and Policy Review (Appendices, Agenda Item 9)

The Committee considered a report from the Clerk (previously circulated) presenting a Declaration that no incidents of Fraud, Corruption or Whistleblowing had been reported to the Clerk’s Office during 2023 – 2024, in accordance with Financial Procedures.

The Committee had reviewed the college’s Whistleblowing Policy at its meeting on 23 November 2023 and it remained appropriate to the college.

An appropriate reminder of the college’s expectations of staff and the policies and procedures in place to protect the college regarding bribery and corruption and support whistleblowing would be placed in the college internal newsletter ‘In The Loop‘.

Resolved:  That the Committee received the Statement of the Clerk regarding Incidents of Whistleblowing and Fraud 2023 – 2024 and AGREED that the annual reminder regarding the College’s Anti-Bribery arrangements be sent to all staff.

ACTION:  Annual reminder be submitted for inclusion I next edition of ‘In the Loop’

37/24.  Audit Recommendation Tracking Report (Appendix Agenda Item 11)

The Committee reviewed the Audit Recommendation Tracking Report (previously circulated), noting progress of recommendations against target achievement dates and seeking assurance where actions had not met target dates.

38/24.  Risk Register and Board Assurance Framework (Appendix, Agenda Item 10)

The Committee reviewed the 2024 – 2025 Risk Register and Board Assurance Framework (previously circulated).

The EDF explained the risks identified and mitigating actions being undertaken.  Whilst no risks were rated ‘red’, the strategic risk (Planned defunding of AGQs) remained ‘high amber’ as the SLT considered this to be the most significant risk at this point. 

The Committee concluded that the risks have been appropriately identified and the management actions reported were effectively mitigating these risks.

      • Board 13 (Risk that campuses are not sufficient to meet demand: teaching/workshop space is systematically or significantly insufficient to meet demand by more than 2 groups of students in any year) and FBO 25 (Refurbishment or Building projects disrupt teaching and learning or materially exceed budget). At the previous meeting, the EDoF had explained the mitigating actions being taken to reduce the risk of project overrun. In response to questions, the EDoF and P/CEO provided an update on the challenges the college faced in securing sufficient funding to develop major capital projects to improve capacity at the college and improve existing buildings. some of which now required urgent investment. 
      • With respect to the recent and increasing instances of flooding in the town, the P/CEO observed that the college now had in place sufficient actions to mitigate the impact of flooding on the English Bridge Campus. However, risks of disruption to travel caused by inclement weather remained a risk and the college had a limited ability to mitigate against this.

Resolved:  RECOMMENDED TO BOARD that the Risk Register be approved.

ACTION:  REPORT TO BOARD

39/24.  Irregularity and Fraud

None reported. 

40/24.  Risk

The Committee agreed that the risks relevant to the Committee have been appropriately identified and the management actions reported were effectively mitigating these risks.

41/24.  Governance Pack – Compliance Audits Against ‘The Scope of Work of Audit Committees and Internal Auditors in College Corporations’ and ACOP 2024

The Clerk had undertaken a compliance audit against the Department of Education Guidance ‘The scope of work of audit committees and internal auditors in college corporations’ and the Post 16 Audit Code of Practice 2024 (ACOP) Compliance Audit against Section on the Audit Committee (previously circulated).  The college and Committee arrangements were in full compliance.

42/24.  Date of Next Meeting – Wednesday, 12 March 2025 from 5.30 p.m.

43/24.  Performance Review of Internal Audit Service and Financial Statements Auditors (Confidential Appendix, Agenda Item 15)

 The Committee reviewed and confirmed the conclusions of a confidential report with respect to the performance monitoring of the Internal Audit Service and the Financial Statements auditors during 2023 – 2024 (previously circulated).  The EDoF agreed to feedback additional comments made by the Committee.

The meeting concluded at 7.08 p.m.