Minutes of the East Durham College Audit and Risk Committee Meeting held on 28th March 2024

R Harrison (chair), J Bromiley, M Curry, D Hartis (independent member)

S. Duncan, Principal and CEO

J. Mitchelson, Vice Principal Finance and Business Planning

M. Gaze, (External Reviewer) 

S. Pritchard, (External Clerk)

Observing

M Gaze, (External Reviewer 

Apologies were received from C Tomlinson and G Edmunds.

As no auditors were in attendance at the meeting it was confirmed that no private session was required.

The chair invited the committee to disclose any interests which related to the items proposed to be discussed on the agenda.  There were no interests declared. 

The minutes of the previous meeting of the Audit and Risk Committee held on 16 November 2023 were approved as a correct record.

There were no matters arising that had not already been actioned or did not form part of the agenda for the meeting. 

The Vice Principal Finance and Business Planning confirmed the content of the internal audit plan to the committee and explained how it reflected College priorities.  She agreed to circulate the three year programme and confirmed that it would be kept under review.  

A member noted how the internal audit programme tied in to the strategic risks register and queried how curriculum reform as the highest strategic risk, might be audited to provide assurance to the committee.  

The Principal agreed to consider this further with the CLG and come back to the committee with a proposed approach, perhaps around curriculum planning.

A member highlighted the committee’s expectation that Wylie Bissett provide auditors competent in cyber security such that the internal audit could provide what the committee, the Board and the CLG require in terms of assurance.

It was noted that Wylie Bisset would attend the June committee meeting and present the procurement report to the committee together with management responses.  In the meantime the Vice Principal Finance and Business Planning provided an interim verbal update and confirmed that the report provided substantial assurance and demonstrated the positive impact of the actions taken since the year-end audit as well as highlighting further actions to be addressed.

The verbal update was noted.

Action: Principal to propose an approach to auditing curriculum reform as the highest current strategic risk to the college

The Vice Principal Finance and Business Planning and the Principal updated the committee on the discussions between RSM and the College to agree an additional fee for the previous external audit and to discuss lessons learned.  The chair sought confirmation that the parties were clear on how to effectively address the lessons learned and the Vice Principal explained why she was confident that this was the case.  The constructive response from RSM to the discussion was noted.  The committee noted a member’s similarly challenging audit experience in a different sector.  

The committee noted that the college would tender for external audit after Easter.  The chair queried if the timeframe would create any challenges for the next audit and it was confirmed that there were no concerns in this regard in light of the changes in and experience of the finance team.  A member asked what the market was currently like for external audit and it was confirmed that the college was confident that it would receive one or more tender submissions.

The verbal update was noted.

The reports and minutes were confidential for reasons of commercial sensitivity as the documents contain current financial information.

The committee recommended the statutory accounts for approval to the Board, subject to the amendments required to provide a final version. 

The Clerk requested for the key changes to be highlighted on the final set of accounts so the board can clearly identify the changes. 

The committee recommended the letter of engagement for approval to the Board to be signed by the chair

The Vice Principal Finance and Business Planning presented the report and highlighted the progress being made against criteria for Cyber Essentials, the attempted DDOS attacks on the College, and confirmed that all KPIs were on track for cyber security measures and that less than 5% of security vulnerabilities were identified.

The committee discussed the planned failover testing next week and the rigour with which the IT team had tested systems to have a reasonable level of confidence that the test would be successful and confirmed there was a contingency plan in place if it was not.  

It was confirmed that the upgrading of all devices was within planned budgets.

The Vice Principal agreed to provide further information to the committee on:

• the number of attempted DDOS attacks the college has experienced compared to the total number on the JANET network and its number of users
• how the college’s addresses cyber security risk with regard to ‘bring your own device’ and virtual private networks.

The report was noted.

Action: Vice Principal Finance and Business Planning to follow up on action points on cyber security

The Vice Principal Finance and Business Planning presented the report and highlighted that:

• the finance team has undergone training on IR35 requirements and how it applies to procurement regulations
• there were no breaches to report between November 2023 and February 2024
• there were 5 waivers which had each been approved by the Vice Principal relating to capital spend 

The committee noted that update training would be provided when IR35 related legislation changes, the reasoning for each of the waivers, and shared insight on IR35 experiences from other sectors.  The committee received assurance that all actions relating to waivers had been carried out within the timeframes stated in the report.

The report was noted.

The Principal presented the report and confirmed that curriculum and qualification reform remained the biggest risk to the college.  Issues with Higher Technical Qualifications and Lifelong Learning were discussed in particular and the committee noted the challenges with the DfE’s approach and the accreditation process with the OfS.

A member queried what other colleges are doing and it was noted that the College was exploring options for working with a third party. The committee discussed the merits of the AoC seeking to lobby the Labour shadow education team to highlight the challenges with the DfE’s approach.

The committee noted that staff recruitment and retention risk had decreased but that this would be likely to increase unless the College could make progress on a proposed pay award.  The interplay between risks relating to staff and student retention, and staff and 24/25 budget setting were discussed, particularly in light of progress on a pay award and changes in funding methodology and clawback for T-levels compared to traditional 16-18 courses.  The committee noted the CLG’s intentions to carefully manage all income streams and controllable expenditure and to budget accurately for the next financial year.

The independent member was updated on the proposal around pay structures in light of increases in the National Living Wage this year, which had been brought to the February board meeting, and the need to better align with competitors on pay.

The chair queried the stated risk appetite for financial health and funding and it was agreed that this would be corrected to ‘low’.

The independent member queried whether there were health and safety risks associated with the estates risk and it was confirmed that there was nothing at a reportable level and an update was provided on the actions of the Health and Safety Manager.  It was agreed that the outcomes of the H&S audits would be fed back to the committee if they highlighted areas of concern.

The committee noted how useful the strategic risk register was in demonstrating to the committee and to the board the CLG’s active management of risk.  With regard to the detailed risk register the committee asked that further consideration was given to 5 risks where the net and gross risk scores remained the same even after the college’s mitigating actions.

The report was noted.

Action: Vice Principal Finance and Business Planning to update the committee on 5 risks in the detailed risk register where the college’s mitigation strategy did not impact on net risk score.

The Principal presented the report to the Committee and it was noted that the college has minimal sub-contracting and no concerns with its one subcontractor’s ability to deliver under its subcontract.  The committee noted that the College awaits confirmation from the DfE that it does not have to undertake an internal audit on subcontracting owing to its success in meeting the subcontracting standard.

The Vice Principal Finance and Business Planning assured the committee that subcontracting formed a very small part of the college’s budget and that she had no concerns.

The report was noted

The chair reminded the committee that the update was provided in light of the information not being shared at the December meeting, in order to provide assurance that financial regulations were not breached and that this would be picked up in future reports.  The committee noted that the college has introduced a register that will form part of its annual governance reporting to provide greater assurance going forward.

The update was noted.

The committee noted progress against outstanding actions.

Action: The Vice Principal Finance and Business Planning to arrange for the committee to be updated following the failover testing next week.

There was no other business and therefore the chair brought the meeting to a close.