Shrewsbury Colleges Group

Minutes of the Meeting of the Audit Committee - 14 June 2023

Group Minutes of the Audit Committee
Location Held in Room S.5, Severn Building, Welsh Bridge Campus, Shrewsbury and via remote access through Teams
Date 14th June 23
Time 5.43p.m.
Minutes Membership Members of the Senior Leadership Team:
M. Brown, Vice Principal, Quality, Apprenticeships & Information (VP – Q,A & I) – present for pre-meeting briefing
P. Partridge, Executive Director of Finance (EDoF)
J. Staniforth, Principal/CEO

Clerk to the Board:
T. Cottee
In Attendance L. Glover, Director of Audit, Haines Watts, College Internal Audit Service (IAS)

In attendance for meeting by Teams:
M. Munro, College Financial Statements Auditors
Apologies None.

Prior to the meeting, the Vice Principal, Quality, Apprenticeships & Information gave an update on the key challenges and risks facing the college with respect to IT, cyber security and IT business continuity. He explained the mitigations implemented by the college to manage risks to provide assurance to the Committee.

He explained –

      • the Risk Landscape facing the college and sector and that the main threats remained ransomware and phishing activities.
      • the role of the Joint Information Systems Committee (JISC) in the sector.
      • the main vulnerabilities facing the college and the mitigating actions being taken, including-
        • All servers were patched daily.
        • Online filtering tools and intercept software were used in the college.
        • Two-step Multi Factor Authentication (MFA) was enforced for remote access to servers.
        • Staff training, emphasising vigilance and awareness, were ongoing.
        • The implementation of robust data inventory procedures.
        • Business Continuity Plans and Disaster Recovery Plans were in place.

R. Harrison, together with another governor, had recently met with the VP and the IT Manager. He reported on the visit and that he had received assurance on the college’s Business Continuity Plans and Disaster Recovery Plans.

The VP was thanked for providing a clear and comprehensive presentation.

After discussing the points raised by the VP, the Committee concluded that the presentation offered sufficient assurance.

M. Munro joined the meeting by remote access through Teams. M. Brown left the meeting.

09/23. Declarations of Interest

There were no declarations of interest.

10/23. Draft Minutes of the Meeting Held 15 March 2023 (Appendix, Agenda Item 3)

The Minutes of the meeting held on 15 March 2023, were agreed as a true record, subject to the following amendments –

That the Executive Director of Finance be referred to as ‘EDoF’ not ‘EDF’.

11/23. Reports from Internal Audit Service (Appendix, Agenda item 4)

Mr Glover presented the following report (previously circulated) –

Internal Audit Progress Report - 2022/23 – June 2023

      • HW Controls & Assurance Ltd announced its new brand, Validera, on 1 April 2023; Mr Glover assured the Committee that the underlying legal entity, ownership and delivery team remained unchanged.
      • There had been no amendments to the Internal Audit Strategy approved by the Committee at its last meeting (Audit Min. No. 29/22 refers).
      • The Committee was signposted to development updates posted by the IAS on its LinkedIn site:
        • Subcontracting Standard Audit Requirements
        • DfE Keeping Children Safe in Education
        • Grant Management
        • Office for National Statistics (ONS) Reclassification
        • 16-19 Funding for Academic Year 23/24
        • Managing Public Money implications of ONS reclassification (March 2023)
        • DfE Board Diversity guidance (April 2023)

The Committee reviewed progress against the Audit Plan and that it was expected that all reviews would be completed in accordance with the agreed schedule and within the budgeted days.

Resolved: That the report be noted.

Wellbeing and Support

The college’s Risk Register included risk QSC6 ‘Risk that support for students who have personal issues is not effective’. The audit testing performed confirmed that the controls stated within the Register were in place and operating effectively, with the Audit providing ‘Substantial Assurance’.

The auditors had areas of good practice regarding –

      • Training provided for all staff.
      • Mental Health and Wellbeing support was actively signposted.
      • The college’s Student Assistance Programme (SAP) provided 24-hour support to students.
      • Support through external partnerships was available for students including Kooth and BEAM.
      • FIKA, a mental health fitness platform (App) was utilised.

In response to a question from the P/CEO, Mr Glover confirmed that the audit had not revealed any gaps or deficits; indeed, the experienced auditor, who had conducted similar audits at a number of other colleges had been very impressed with the college’s arrangements.

The Mental Health and Wellbeing Operational Plan would be revisited to ensure key activities had been completed and progress would be reported to the Quality, Standards and Curriculum Committee.

Internal Audit Report – HR System Functionality and Utilisation

The college had purchased the MHR iTrent system in April 2017, including core HR, payroll and web recruitment, with subsequent modules being added in 2020 and in 2022/23.

The audit had included an online evaluation which identified that some respondees were not satisfied with certain elements of the platform. In addition, limitations on how the platform was used in the recruitment process had been raised by Management.

The Audit provided Adequate Assurance.

The P/CEO explained that the recommendations in the report, including that functionality of certain aspects be reviewed, had confirmed what the college already knew operationally.

In response to questions, the P/CEO assured the Committee that the report recommendations did not present a strategic risk, as the college had sound systems in place regarding staff recruitment and payroll.

Notwithstanding the assurance from the P/CEO that there was no strategic risk, the Committee discussed the operational concerns raised by platform users. The P/CEO had requested the IAS to communicate with other colleges who also used the same system, to identify process efficiencies.

Resolved: That the reports be noted.

12/23 Financial Statement Auditors (FSA) Report (Appendix Agenda Item 5)

The Committee Chair welcomed Mr Munro to the meeting.

Mr Munro introduced the Financial Statement Auditor Audit Plan and Report (previously circulated) for the year ended 31 July 2023, which provided an overview of the nature and scope of the audit work and key aspects of the audit.

The Audit Plan set out -

      • Bishop Fleming’s understanding of the principal business issues relating to the college and the overall impact on the audit approach – financial position and Going Concern;
      • The company’s risk-based approach;
      • Risks identified. These risks included –
        • Management override of controls;
        • Fraud in income recognition; and
        • Pension assumptions.
      • Revisions to auditing standards and how they would affect the audit. The revised standards also required the auditors to gain an understanding of the IT environment that was relevant to the financial statements;
      • The company’s approach to materiality and regularity assurance;
      • The Team;
      • Fees; and
      • Communications of audit matters with the Committee.

Mr Munro drew the Committee’s attention to the further education sector accounting and audit update, particularly the Office for National Statistics (ONS) announcement that it had reclassified colleges into the central government sector and they were now subject to the framework for financial management of public money set out in ‘Managing Public Money’ (MPM) published by HM Treasury. The auditors would be conducting enhanced procedures in relation to these specific requirements.

Mr Munro also explained that the Education & Skills Funding Agency (ESFA) would develop a new College Financial Handbook to provide a more comprehensive framework for colleges. In the meantime, the ESFA had issued ‘bite sized’ guides on a range of topics and he commended them to the Committee.

Mr Munro explained that he had discussed the new requirements with the EDoF and the college’s Finance Team who were aware of the changes and the need to gain approval for certain types of transactions. The EDoF explained that, given the college had no borrowings, the short-term implications of the new requirements were likely to be limited. He also confirmed that the college had submitted the required MPM Return by the required deadline and that the college’s Financial Regulations, revised to cover the implications of the reclassification, would be submitted to the July Board meeting.

Resolved: That the External Audit Plan and Strategy BE RECOMMENDED TO BOARD. ACTION: Report to Board

13/23. Risk Register and Board Assurance Framework (Appendix, Agenda Item 6)

The Committee reviewed the 2022 – 2023 Risk Register and Board Assurance Framework (previously circulated).

The EDoF explained the risks identified and mitigating actions being undertaken.

      • Whilst no risks were rated ‘red’, the strategic risk recently added to the Register (FBO 26 – Planned defunding of AGQs) remained ‘high amber’ as the government had announced the defunding of a broader range of advance general qualifications than originally announced.
      • Regarding the risk of significant under recruitment of planned 16-18 learner numbers in 2023 - 2024, the Register had been updated to include the risk mitigation previously reported to the Committee (Min. No. 04/23 refers). The college was modelling against expected enrolments for the next academic year and the consequent impact on funding.

The P/CEO explained that the risk of the adverse financial impact of significant under recruitment of planned 16 – 18 learner numbers had materialised for 2023-24. The college focus was on improving recruitment for September 2023, which would determine funding in 2024-25. In response to questions, the P/CEO provided a verbal update on the arrangements the college had put in place to maximise applications, and the number of potential enrolments to date.

The Committee concluded that the risks have been appropriately identified and the management actions reported were effectively mitigating these risks.

Resolved: RECOMMENDED TO BOARD that the Risk Register be approved.

ACTION: Report to Board

14/23. Audit Recommendation Tracking Report (Appendix Agenda Item 7)

The Committee reviewed the Audit Recommendation Tracking Report (previously circulated).

The Committee noted that the renewal of credit card holder declarations had been completed by the revised date, in line with expectations.

15/23. Irregularity and Fraud

None reported.

16/23. Committee Self-Assessment 2022 - 2023 (Appendix, Agenda Item 9)

At the end of the 2022 - 2023 governance cycle, the Board and each committee were invited to complete an evaluation exercise. These would inform the Board’s self-assessment return and improvement action plan 2023 – 2024.

The Committee Chair had considered the Committee’s performance during 2022 – 2023 and completed the evaluation, which the Committee reviewed and agreed.

The Committee concluded that –

    • Despite having the ability to dispense with the services of Internal Auditors, the Committee had recommended that this service be continued as an appropriate mechanism to review and manage risk and provide assurance to the Board.
    • The Committee provided an Annual Report to the Board on the effectiveness of the College’s in line with the requirement in the Joint Audit Code of Practice for the Audit Committee to produce an annual report on the adequacy and effectiveness of the college’s assurance framework.
    • The Committee, through requiring pre-meeting briefings on strategic risks and requiring assurance on mitigations taken by the college, provided continual challenge in respect of the timely management of risks and highlighted the need for mitigating actions to be properly recorded and updated on the risk report it received at each meeting.
    • Committee members had individually followed up on assurance; for example, with respect to IT business continuity.
    • The Committee’s terms of Reference continued to reflect the requirements its key responsibilities as set out in the Post-16 Audit Code of Practice.

17/23. Risk

The Committee agreed that the risks relevant to the Committee have been appropriately identified and the management actions reported were effectively mitigating these risks.

18/23. Governance Pack (Appendix)

The Committee reviewed the Governance Pack Report (previously circulated).

The Report advised of the amendments made to the 2023 editions of the Post 16 Audit Code of Practice and College Accounts Direction and that the Financial Reporting Council was consulting on some updates to the Corporate Governance Code.

19/23. Date of Next Meeting – Wednesday, 22 November 2023 from 5.30 p.m. (date to be confirmed on Board approval of Draft Board Calendar 2023/24).

The meeting concluded at 7.17 p.m.