Audit Committee Minutes 23 March 2022

Audit Committee Minutes 23 March 2022

Corporation and Committee Minutes

Minutes of a meeting of the board of Leicester College Corporation:

Held on 23 March 2022

Present: Zubair Limbada (Chair), Anne Frost, Zoe Allman, Tom Wilson

In Attendance: Louise Hazel, Shabir Ismail, Asam Hussain, Mark Dawson, Fayaz Chana, Harshad Taylor, Gail Pringle, Della Sewell

  1. Confidential pre-meeting with auditors - Confidential

  2. Declarations of interest

    • 2.1 The Chair and Zoe Allman declared an interest in any items relating to De Montfort University.

  3. Apologies for absence

    • 3.1 Apologies were received from Roger Merchant and Louisa Poole. The Chair noted the sudden death of Simon Meakin and the Committee took a moment to remember Simon.

  4. Minutes and matters arising from the meeting held on 23 March 2022

    • 4.1 The minutes of the meeting on 23 March 2022 were agreed as an accurate record and approved.

    • 4.2 In relation to point 4.1.7 of the previous minutes, governors asked what the timescale was for appointing external

    • 4.3 The action record was reviewed; most of the actions were still in progress and some had been completed. Governors asked if the risk around mobile phones had been addressed in the recent cyber security audit and what the risk of having unsecure mobile phones was like. The internal auditors confirmed it was not covered in the recent cyber controls audit, the audit had mainly focused on patch management. The Deputy Principal explained that the new Director of IT was looking at the set up around mobile phones. The plan was to reduce them and utilise tools such as Microsoft Teams and 3CX more. A comprehensive update on this would be provided at the next meeting.

  5. Good practice guide for audit committees

    • 5.1 The Director of Governance and Policy presented a paper which provided a good practice guide for Audit Committees. The following points were highlighted:

      • 5.1.1 The good practice guide on the scope of the work of Audit committees and internal auditors was published by the Education and Skills Funding Agency (ESFA).

      • 5.1.2 The Audit Committee was following the guidance. There were a few areas where minor changes would be made, for example refinements to the Committee Annual Report, but there were no major deviations from the good practice set out. Value for money (VFM) was an area which would be picked up in the next round of internal audits.

    • 5.2 The auditors mentioned VFM would be factored into the internal audit plan for next year. It was also mentioned an area which was not looked at by the Audit Committee was the Environmental, Social and Corporate Governance (ESG). The Director of Governance and Policy noted that some information was published on the website and more detail would be provided at the away day. The internal auditors confirmed they had developed a tool to address ESG maturity, this would be included in the planning for next year.

    • 5.3 Governors made the following comments:

      • 5.3.1 The Audit Committee and the internal auditors were working broadly in line with the guide.

      • 5.3.2 In terms of committee papers, could the number for a meeting be reduced? There were 245 pages for this meeting and the committee needed to think about ensuring the most critical items were focused on first. Noted.

      • 5.3.3 Was the Committee comfortable that the College was doing enough on mitigating emerging fraud risks? An annual fraud risk report was due to be presented at the next meeting. The internal auditors mentioned they could also analyse data to help compare and identify any gaps. This would be shared with the College.

    • 5.4 Governors requested a fraud risk report be brought to the next meeting and noted the good practice guide.

  6. Risk management progress report

    • 6.1 The Director of Governance and Policy and Deputy Principal presented the updated Risk Register. The following points were highlighted.

      • 6.1.1 Three risks had been upgraded. These were mainly due there being greater certainty around recruitment and the general pressures in the current environment.

      • 6.1.2 A spring reforecast had been presented to the Finance and General Purposes Committee and the Corporation. The reforecast confirmed the College would not meet its budgeted forecast and the deficit was close to £1m. The financial health score of the College was 170, this was not yet near intervention levels but the risks had been increased due to this situation.

      • 6.1.3 All Covid-19 related risks had been downgraded. This was due to the relaxation of the rules and the small number of infections within the College. The College had measures in place to control these risks by limiting the number of staff coming on site.

      • 6.1.4 The risk around T levels had reduced, the College was the largest T level provider with 263 students. The risk was previously high as this was a new area for the College but it had now been downgraded as recruitment had been progressing well.

    • 6.2 Governors then asked the following questions:

      • 6.2.1 The ultimate risk to the College was not meeting its financial targets. Was there an underpinning risk present or was the issue simply down to lower student numbers? There was no obvious mitigation; more detail on this would be helpful. This depended on what cohort of learners were being discussed but generally it was due to student numbers. In future more explanation would be provided and also further information would be included to inform governors on what the College was doing to mitigate risks.

      • 6.2.2 In relation to risk 11.3, at the Corporation meeting it was mentioned there was difficulty recruiting staff. Why had the risk now been reduced? The reduction related to the current year 2021/22. The College was facing pressures going forward due to pay awards not being aligned with the rate of inflation. For the current year, the College had achieved its planned efficiency measures. For the following year it would need to look at budgets but there was no major risk at this time. The College was struggling to retain staff in some areas and it was looking at pay models moving into the future.

      • 6.2.3 Governors mentioned the reported staff turnover was at 14%; the College needed to be careful and review at which point this would start to impact on quality. Agreed.

      • 6.2.4 In relation to risk 16.3, the triggers for an Ofsted inspection included a serious complaint or a safeguarding incident/flag. What constituted a serious incident or safeguarding flag? An example of a serious incident could be sexual exploitation of a student by a member of staff which the College was not aware of or had failed to act on. Other examples could be a culture of bullying and harassment towards students which the College did not take seriously. If there was an incident which was not deemed serious then the College would have a chance to respond.

      • 6.2.5 If someone reported something to the College, did the College decide how serious it was? Staff were trained to pick up on this and the safeguarding team would also liaise with other agencies including the LADO who could advise further.

    • 6.3 Governors noted the Risk Register.

      Internal audit reports

  7. Whistleblowing incident – confidential

  8. Corporate governance framework

    • 8.1 Asam Hussain presented a report on the Corporate Governance Framework review. The following points were highlighted.

      • 8.1.1 The review confirmed the College had undertaken a self-assessment of its compliance against the Code of Good Governance for English Colleges and had retained evidence to support its reasoning.

      • 8.1.2 No management actions were raised.

    • 8.2 The Chair praised the Governance and Policy team for keeping the records accurate and ensuring the College was compliant with the Code.

    • 8.3 Governors noted the report and agreed the recommended risk rating of green.

  9. Cyber controls

    • 9.1 Asam Hussain presented a report on the cyber controls audit. The following points were highlighted:

      • 9.1.1 The College had achieved Cyber Essentials Plus (CE+) accreditation. This provided an organisation with assurance that its defences would protect against the vast majority of the common cyber-attacks.

      • 9.1.2. A number of controls required strengthening. The review highlighted three medium, and two low priority findings with the view to further enhancing the cyber security control framework.

      • 9.1.3 The three medium priority actions included a lack of detail within the IT incident management process to ensure cyber security incidents were effectively categorised and responded to. There was a risk that staff training was not refreshed to keep up to date with the most recent cyber and data security threats and issues. The patch management standard operating procedure did not include a process for deploying critical or high-risk patches within a specific timeframe and third-party patching responsibilities.

      • 9.1.4 The two low priority actions were in relation to deploying phishing and whaling exercises and increasing awareness of cyber security.

    • 9.2 Governors noted the assurance provided by CE+ asked whether they should be worried about any of the issues raised. The CE+ accreditation provided a good level of assurance and a platform for the Director of IT to build on. The Director of IT highlighted areas of planned work including more frequent short training sessions for staff and students and building awareness of phishing emails. The team was also looking to improve policies and procedures as the College needed to be ready for any incidents. It was looking to partner with a security operations centre to ensure it was protected 365 days of the year. It was aiming to have these actions in place by September 2022.

    • 9.3 In response to a question as to whether the CE+ accreditation had to be renewed annually, the Director of IT confirmed that it did.

    • 9.4 Governors noted the report and agreed to the recommended risk rating of green.

  10. Financial regulations

    • 10.1 Asam Hussain presented a report on the Financial Regulations review. The following points were highlighted.

      • 10.1.1 The testing did not identify any areas of non-compliance with the Financial Regulations in relation to the areas covered.

      • 10.1.2 No management actions were raised.

    • 10.2 Governors noted the report and agreed the recommended risk rating of green

  11. ESFA funding compliance

    • 11.1 Asam Hussain presented a report on the ESFA funding rule compliance audit. The following points were highlighted:

      • 11.1.1 The review had involved sampling 30 post 1 May Apprenticeship learner files. The review confirmed the processes and procedures in relation to the apprenticeship provision were demonstrating compliance with the funding rules. This showed the College had reviewed the funding rules and had made improvements against them since the previous review.

      • 11.1.2 A number of areas of non-compliance were identified which could result in a funding error. These included 16 learners for whom the Off the Job (OTJ) log had been calculated using the incorrect end date. There were also three learners in the sample for whom there was no evidence of an OTJ log. Without evidence that the OTJ requirements were being complied with, there was a risk the learner may not be eligible for funding.

      • 11.1.3 The College had recorded the end dates of the apprenticeship in the ILR as the overall planned end date, however, for all learners who started after 1 August 2019 the end date recorded in the ILR should reflect the planned end date of the practical period. If the overall apprenticeship end date was recorded rather than the end of the practical period, there was a risk of an underclaim if the learner withdrew.

      • 11.1.4 There were three learners in the sample with no evidence that their knowledge, skills and behaviors had been assessed prior to them starting the apprenticeship. If an assessment had not been carried out prior to the start date of the apprenticeship there was a risk that the learners might not be eligible for funding.

      • 11.1.5 Several issues in relation to the PDSAT reports were identified which could also result in funding errors. The majority of the issues had already been identified by the College MIS team. A number of housekeeping issues were also highlighted.

    • 11.2 Governors asked the following questions:

      • 11.2.1 Whether the issues identified would have prevented the College gaining funding? The internal auditors confirmed the issues identified were funding compliance issues. The ESFA would usually review the issues in greater detail and then make a judgement.

      • 11.2.2 Whether these were the same issues as last time? They were not completely the same issues however, some of the issues were similar. The number of issues identified were fewer than last time.

    • 11.3 Governors commented that the report was concerning as this was an area which was previously scrutinised but issues were still being highlighted. The report had shown improvement but it did not really feel like an improvement. The Deputy Principal commented that the report did show some improvement. The calculations around OTJ were very complex and this was a sector issue. The College had lobbied the ESFA as the entire process was complex and it was deterring Small Medium Enterprises (SME) from employing apprentices.

    • 11.4 Governors then asked the following questions:

      • 11.4.1 Several audits had been carried out on this area. How could the College make sure there were improvements? The system was becoming more automated, it would not allow you to progress until you had completed a previous step which should help address some of the issues. The first report carried out was rated red and the next report was amber/red. This report was now amber/green. However, improvement was still needed.

      • 11.4.2 Would an action plan be shared with the committee to show what has been going on? This would be brought to the next meeting.

      • 11.4.3 It was interesting to hear about the complexities of the rules; did the auditors just understand the rules better than the College? Auditors had a scope of work which showed them what to look out for which covered every detail. The most important issue was whether the apprentices existed and in all cases in the sample, they did.

    • 11.5 Governors noted the update, agreed the recommended risk rating of Amber and requested an update at the next meeting.

      • Anne Frost left the meeting

  12. Safeguarding arrangements

    • 12.1 Asam Hussain presented a report on the safeguarding arrangements review. The following points were highlighted:

      • 12.1.1 A questionnaire was distributed amongst staff to identify any areas where the College might be able to improve its support offering.

      • 12.1.2 A number of areas for improvement were identified, including clarifying a number of inconsistencies within the College’s policies, establishing a consistent approach to tutorial provision, documenting a College wellbeing strategy, ensuring all staff completed mandatory training, and ensuring that meeting minutes were attached to CPOMS for future reference. This resulted in the agreement of five ‘low’ priority management actions.

    • 12.2 Governors asked the following questions:

      • 12.2.1 How often the safeguarding training was completed? The training had to be completed every two years. The College was trying to change the culture around safeguarding.

      • 12.2.2 A comment in the report suggested staff mental health was not being looked at, was this affecting the staff morale? The results around staff needed to be looked at but a lot of work on staff mental health had been undertaken.

      • 12.2.3 A comment suggested there was a ‘heavy blame culture at the College.’ In light of the whistleblowing incident, did this raise concerns? It would be helpful to see if there was disparity between support staff and other staff at the College. The Director of Governance and Policy mentioned a staff culture survey would be taking place soon which would provide a wider staff view.

      • 12.2.4 Actions needed to be completed by the end of August 2022 and it would be beneficial to see an update at the next meeting to provide context of what has been happening. Noted.

    • 12.3 Governors noted the report and agreed the recommended risk rating of green.

      External reviews

  13. Matrix assessment

    • 13.1 The Head of Student EDI presented the Matrix Assessment Report. It was mentioned that in order to gain the accreditation the entire College was assessed. The College would be subject to continuous improvement checks every year and then another larger assessment every three years.

    • 13.2 Governors thanked the Head of EDI for the work to achieve the accreditation.

    • 13.3 Governors noted the report and agreed the recommended the risk of green.

  14. Changing the face of FE

    • 14.1 The Director of HR presented the report to the committee. The following points were highlighted:

      • 14.1.1 The project had received funding from the Education Training Foundation (ETF), this was match funded by the College.

      • 14.1.2 The aim was to understand the issues around race within the staff profile and to provide training and support to curriculum staff to enable an effective review of subject resources to ensure they reflected the student profile and wider community.

      • 14.1.3 Black staff were asked to complete a survey and some staff were interviewed. The data was analysed and the findings showed that some staff had experienced overt and covert racism although mainly from students. There were also lost of positive comments.

      • 14.1.4 As an organisation the College needed to work on an approach to anti racism. The findings also showed there were fewer black staff who raised grievances. A strategic group had been created to look at these things. An action plan had been developed and was being led by the Principal.

    • 14.2 Governors then asked the following questions:

      • 14.2.1 Did senior staff have the capacity to mentor staff? There was a plan to look at this, senior staff should give time but reverse mentoring need not become particularly time consuming.

      • 14.2.2 Would this be incorporated into the culture survey? A survey would be carried out in May and which would complement this work.

      • 14.2.3 Surveys needed to have tangible impact and the outcomes needed to be known so that people felt they were being listened to. Agreed; a meeting with the Race Equality Network was being organised as they were helpful in promoting the survey. A staff communication would also be sent out.

    • 14.3 Governors noted the report.

  15. Radiation inspection

    • 15.1 Governors noted the report.

  16. ILR data integrity

    • 16.1 Governors noted the report.

  17. Dates of future meetings

    • 17.1 The next meeting would be held on 8 June 2022.

  18. Any other business - confidential