Minutes of the East Durham College Audit and Risk Committee Meeting held on 27th June 2024

R Harrison (chair), J Bromiley, M Curry, D Hartis (independent member), G Edmonds

S. Duncan, Principal and CEO

J. Mitchelson, Vice Principal Finance and Business Planning

S. Harrison, Technical Services 

C. Leece (RSM, External Auditor)

S Brook (Wylie Bisset, Internal Auditor)

J Davison (Acting Clerk)

No apologies were received

The committee discussed positively the speed in which the committee, internal audit and external audit had been updated in relation to the ESFA letter. 

The chair invited the committee to disclose any interests which related to the items proposed to be discussed on the agenda. There were no interests declared. 

The minutes of the previous meeting of the Audit & Risk Committee held on 28 March 2024 were approved as a correct record. 

In relation to external audit, the Vice Principal Finance and Business Planning confirmed that there was one more year to run and a tender exercise would be undertaken next year. 

It was also noted that reports would be more explicit if no further action was required.  

S Brook presented the Internal Audit Procurement Report and explained the formatting of reporting which would be used. This included benchmarking against similar clients. 

S Brook went through the recommendations arising from the tabled report.  There was a recommendation to develop an anti-fraud policy and the approach to addressing the recommendations was outlined. 

The Vice Principal Finance and Business Planning noted that a lot of the findings were from the last audit data set.  There were no new issues raised, findings were the same and being dealt with. 

In particular the anti-fraud policy was changed by a predecessor and was being dealt with. 

The committee queried what actions had been taken in relation to recommendation 1.  The Vice Principal Finance and Business Planning confirmed that training had been undertaken and nothing would be accepted without the relevant paperwork. There had been a significant push on it and the team had made a big effort to get it right.  It was further noted that in relation to the anti-fraud policy, the College was looking to extend training and will prepare the necessary policy.  The committee queried the timeline and approval process for this.  It was confirmed that this would be the next academic year. 

Members of the committee offered assistance with this process. 

The committee noted that the Internal Audit Procurement Report referred to an annual report of the committee and the committee discussed if this would be required.  It was noted that this was good practice but not necessary. 

Action:  Vice Principal Finance and Business Planning to produce annual report.  Committee will agree scope of report. 

S Brook presented the EDC Annual Plan 2024/25. This mapped the proposed areas of internal audit against risks and the three year proposal submitted on engagement. The approval of timelines and areas of consideration are to be confirmed. 

A member of the committee queried what the strategic risks of the College currently are and if they are covered by the plan.  In particular, MIS exams capacity and resource or strategic estates projects. The committee discussed the high risk of qualification reform and curriculum planning.  The committee discussed that curriculum planning would be interesting and would bring in exam planning.  S Brook confirmed that curriculum planning is focused on a lot and relates to delivering best value. 

The committee noted support for including curriculum.  The College has a wide curriculum for a reason as it is the right thing for the learners of the college. 

The EDC Annual Plan 2024/25 was noted.

S Brook presented the report which was overall a positive report.  The College was assessed against cyber security guidance.  Both recommendations have been noted and are being implemented by the College team. 

The committee noted that the proposed implementation date can’t be confirmed as the College is in the hands of JISC.  It was however noted that the internal audit in relation to cyber security had a strong outcome. 

S Brook presented the report and highlighted one low grade recommendation which is the update of policy.  It was noted that this was a brilliant report which listed areas of good practice. 

C Tomlinson noted the recommendation.  Care needed to be taken around how staff survey will be undertaken but this will be considered. 

A member of the committee queried if the strength of the report impacted on risk assessment of student recruitment and retention as this was currently high on the strategic risk report.  C Tomlinson confirmed that this would not mitigate risk as risk is linked to matters outside of the College’s control. 

The committee discussed the risks arising from areas outside of the College’s control. 

C Leece tabled and presented an External Audit Procurement Report. 

It was noted that the External Audit Procurement Report would be circulated following the committee meeting.  C Leece wanted to review materiality as it was possible it would increase for expenditure and reduce for income.  The timetable is to sign off by Christmas which would be subject to the outcome of the ESFA issue.  This should not cause any issues but wanted to flag at this stage. 

C Leece highlighted that the key risks were management override of controls - looking at process; income recognition – going to test learner support; pension scheme – challenge of asset recognition; going concern; change in personnel; and ongoing capital activity.  C Leece wanted to obtain the committee’s view on what the external auditors need to take into account.  The report would be circulated and questions would be taken outside of meeting. 

The chair invited any questions from the committee but there were none arising. 

C Leece noted that the team have been following up on recommendations from last year’s audit so testing should be able to show improvements. 

C Leece also noted that fees would need to increase from £38,000 to £42,500 which represented a 12% increase due to an increase in scale, regulatory requirements, knowledge of hours it would take and inflation.  The fee proposed would cover anticipated testing as part of ESFA issue but may change depending on findings. 

C Leece noted that RSM provide teachers’ pension return but no other services. 

Action:  C Leece to circulate External Audit Procurement Report and questions to be raised directly.  Subject to questions, the committee recommended the audit plan be agreed and recommended to the board.  The report would be added to July board papers and committee were happy to proceed on this basis. 

The Principal presented the report which included the new risk of curriculum reform including exams online.  The accountability framework had been deleted as assurance had been received from DfE colleagues.  Staff retention and recruitment had been moved down due to sickness absence improvement, but teacher retention is significant risk and the College has an aging teacher workforce. 

Financial health has increased but there was a fixed income and rise in costs, by way of example awarding body costs were going up between 5 – 12%. 

The committee queried any update on Office for Students (OfS) registration.  The Principal confirmed the rules had changed and OfS registration was needed which was covered in the report. 

The Principal confirmed that there was one sub-contract with Learning Curve.  The College was taking further work with Learning Curve to reduce risk of clawback and was currently looking at sub-contracting for next academic year. 

In March the College received confirmation that it has met sub-contracting standard and will have an internal audit. 

Vice Principal Finance and Business Planning confirmed training had been undertaken and would be rolled out to all staff and governors. 

S Harrison presented the Cyber Security Report and highlighted that the fail over testing had been completed, Windows 11 implementation was on track and a phishing simulation exercise had been completed with a further exercise to be completed.  The conclusion was that heightened security issues and additional protection from JISC was useful.  In summary, the College is relatively low risk but education is a high risk area. 

The internal audit went well and two recommendations are being implemented. 

The chair queried report circulation.  It was noted that notification would be circulated when documents were added to the papers. 

A committee member confirmed that the report was useful and liked the format. 

A member queried the College position of “bring your own device” and cyber threats.  The committee discussed the measures in place to protect the College. 

The report was noted.

Vice Principal Finance and Business Planning confirmed that there was one item, in relation to floor cleaning.  This was specialist and can only be sourced from one supplier.

This item was noted as confidential. 

There was no other business and therefore the chair brought the meeting to a close.