Minutes of the East Durham College Audit and Risk Committee Meeting held on 16th November 2023

R. Harrison (Chair), J. Bromiley, M. Curry, S. Duncan, G. Edmunds and D. Hartis (independent member)

D. Everitt, Interim Vice Principal Finance and Business Planning

C. Tomlinson, Vice Principal Curriculum and Performance

H. McCoy, Assistant Principal Performance

S. Pritchard, (External Clerk)

R. Armstrong Audit One, Internal Audit

C. Leece (RSM)

A private discussion of the Committee was held with the internal auditors prior to the arrival of College Officers.

 College Officers joined the meeting.

No conflicts of interest were declared in addition to those on the register of interests.

The minutes of the meeting held on 16 November 2023  were accepted as a true record.

It was agreed that matters arising from minute 547 (internal audit tender) would be discussed under any other business.

Follow Up Report

The Committee noted the report.

Annual Internal Audit Reports

Audit One confirmed that in their opinion, the governance, risk management and control arrangements provide a good level of assurance that the risks identified are managed effectively.  A high level of compliance with the control framework was found to be taking place.  Minor remedial action is required.  It was confirmed this is at a similar level to the previous academic year.

The Chair noted the issues that had been previously discussed in the meeting and in that context no concerns were noted and were comfortable with the opinion received.

The Committee noted the report

Sub-contracting – ESFA

Audit One reminded the committee that the subcontracting standard came into place last year and explained the impact this had on their approach to audit.  It was confirmed that the audit concluded with a substantial level of assurance and one low level finding relating to compliance with the control framework.  The auditor highlighted how impressive this was in light of the new standard and the audits they had undertaken at other colleges.  The VP Curriculum & Quality confirmed that the college had provided all certificates required to the ESFA but were awaiting the outcome.  The committee noted that if the College achieves the subcontracting standard there would be no further obligation for this area to be audited for a further three years but that this would be determined by the ESFA.  The Committee congratulated the College on meeting the new standard.

The Committee noted the report.

GDPR Compliance

Audit One reminded the committee that GDPR has not been subjected to internal audit since 2018.  The committee noted that there was a good level of assurance for the audit but there were a number of findings that required action.  In response to questions the Principal confirmed that in light of the vacancy in the VP Finance and Business Planning role, the DPO role was now held by the Director of ICT Services and that there is now a deputy in place.  Both individuals have carried out recent training and were being supported by Muckle LLP through a retainer for access to training, materials, newsletters and a point of contact for support if there is a subject access request.  She confirmed that a risk assessment had been undertaken prior to appointing the Director of ICT Services to the DPO role which had highlighted that whilst they are a member of the senior management team, they do not manage personal data therefore minimising the risk of a conflict of interest.  The Assistant Principal Quality and Performance explained how the DPO and deputy had received training on the GDPR system and what action to take if a SAR is received.  The Chair noted that the approach had moved on since the audit findings were made.

The Chair highlighted that of the four recommendations, three were past the target implementation date and the other due in December 2023 and queried if the college was on target to meet the target dates or if there was a risk they would need to be revisited.  It was confirmed that the only target that would not be met was for delivering Board training on GDPR as this was now planned for February 2024.

The Committee noted the report.

Accounts Payable

Audit One confirmed that the audit concluded with a reasonable level of assurance with one high grade recommendation and five medium recommendations.  The high grade recommendation focussed on the completion of checks so new supplier changes are authenticated to make sure they are legitimate.  The risk of fraud in such scenarios was discussed and the controls required to mitigate this risk.  In response to a query the Interim VP Finance and Business Planning confirmed that the recommendations had been agreed and the College has undertaken to implement the high recommendation on an immediate basis.

A committee member sought assurance that the recommendations are on track to be implemented immediately as proposed.  The Interim VP Finance and Business Planning confirmed that there was sufficient resource in place to meet the timescales and that the recommendations had been ranked and prioritised according to their importance and that he would highlight the imperative to meet the timescales to relevant staff.

A committee member sought further assurance regarding whether the College has sufficient capacity to get the controls around accounts payable tightened and the Interim VP Finance and Business Planning confirmed the finance team is fully staffed (apart from a backfill required for an internal promotion) and therefore could commit to both implementing the recommendations and adhering to recommended control actions and that this would be overlaid with management checks.

The Committee noted the report.

It was agreed that the committee would receive an interim update on the implementation of these recommendations so that the committee could be assured that the College is making the progress needed given the significance of the issues identified.

The Chair thanked Audit One for their support and the committee noted this was their last meeting.

Rosalind Armstrong left the meeting.

Breaches and Waivers & High Value Orders

The Interim VP presented the report and highlighted that there were three breaches of procurement processes but that the member of staff concerned has now built a closer relationship with the finance team and is following the correct processes to ensure value for money is achieved.  The circumstances of the breaches were discussed.

A committee member asked what levels of training and compliance the college has in complying with financial regulations and whether in the College’s view this was an isolated incident.  The Interim VP Finance & Business Planning confirmed he was not aware of any other instances.  The Assistant Principal Quality and Performance confirmed that college management group had undergone training on a number of subjects including financial training.

A committee member queried whether the financial regulations and related processes were flexible enough to allow teaching staff to deliver services effectively.  The Assistant Principal Quality and Performance confirmed that the procedures were proportionate and there was no impact on staff in following proper procedures.  The approach taken to engaging with the relevant team to ensure compliance was discussed.

The Committee noted the report.

Risk Management

The Principal presented the report and highlighted the movement in the key strategic risks.  It was noted that curriculum and qualification reform is the biggest risk facing the college but that staff recruitment and retention risk has reduced. 

A committee member noted the interconnection between risk and controls and asked that the risk register be reconciled against the recommendations raised by the internal auditors in relation to the control framework. The Principal confirmed that the detailed risk register was mapped against controls and that the College identifies risks that prevent it from achieving its strategic ambitions.  The Principal agreed to check that this is addressed in the strategic objective of financial performance and scrutiny. 

The Chair queried if the scale and complexity of the capital estates programme had now overtaken financial health risk.  The Principal confirmed that the risk was around the speed at which grant monies had to be spent meaning that works had to be undertaken during the academic year which risked impacting upon the student experience and assessment challenges.  The Chair requested that this be made explicit in the final bullet under risk 5, rather than just in paragraph 2.4.

The Committee considered and approved (subject to the revision above) the updated summary of the strategic risks for the College, as determined by the Risk Management Group at their 12 October 2023 meeting and noted that the recommendations made by Audit One regarding risk documentation have been implemented.

Sub-Contract Arrangements (Including annual review of format of contract)

The VP Curriculum and Quality presented the report and explained the approach taken to reviewing the contract this year.  It was confirmed that the College had a budget of £200,000 for subcontracting and procured one provider to deliver across the whole of the non-devolved region. 

The Committee noted the report.

The committee noted the Principal’s prior approval of subcontracted activity for 2023/24.

The committee approved the subcontract for 2023/24.

External Audit

The Chair noted that the committee would usually receive the annual report and accounts at the November committee meeting but that they had not been available at the meeting.  The Chair asked for a further update.  The Interim VP Finance and Business clarified that the finance department has been under-resourced during the audit period and the knowledge and expertise the College had of assembling the financial statements had been reduced.  The College had been delayed in starting the management accounts for period 12.  He confirmed that the College is close to concluding the financial statements, so whilst it had experienced a delay, he anticipated that the Board would have financial statements and a management letter from the external auditors in time for the Board meeting on 14 December 2023.  The Chair noted the circumstances and that matters were on track for the Board meeting. 

It was agreed that the College would consider how the committee could best review the financial statements prior to the December Board meeting so that it could provide the usual recommendation to the Board to approve the financial statements.

Tender for Internal Audit

The Chair reminded management that the committee wished to go out to tender for internal audit services and that the Committee’s position was that an internal audit service continued to be required and that it was important to have an audit opinion each year.  The challenges around this were discussed, in particular the dissatisfaction with remote services.  It was agreed that a tender would be prepared to ensure a competitive process.  The imperative to secure a successful tender for an immediate start was noted. The Clerk queried if a standstill period was required, and it was thought this was not but would be confirmed.

It was agreed that the College would tender immediately for internal audit services and provide a recommendation for appointment to the next committee meeting.