Audit Committee Minutes 4 June 2025

Audit Committee Minutes 4 June 2025

Corporation and Committee Minutes

Minutes of a meeting of the board of Leicester College Corporation:

Held on 4 June 2025

Present: Zubair Limbada (Chair), Neil McDougall, Tom Wilson, Roger Merchant*, Vipal Karavadra

In Attendance: Louise Hazel (Director of Governance and Policy), Jane Parkinson (Acting CFO), Lisa Smith (RSM), Mark Dawson (KPMG), Matt Widdowson, (Governance and Policy Officer), Shabir Ismail (Acting Principal and CEO (item 11))

* By MS Teams

  1. Declaration of Interest

    • 1.1 There were no declarations of interest.

  2. Apologies for absence

    • 2.1 Apologies were received from Louisa Poole.

  3. Minutes and matters arising from the meeting held on 19 March 2025

    • 3.1 There were no declarations of interest.

      • 3.1.1 6.1.7: IT disaster recovery: off site backup: There was no timescale for this. This had been incorporated into the risk register. There were costs associated with implementing this and it was still being looked into.

    • 3.2 The Minutes of 19 March 2025 were agreed as an accurate record and approved subject to the amendment requested under 4.2.8.

    • 3.3 The Confidential Minutes of 19 March 2025 were agreed as an accurate record and approved.

    • 3.4 Action Record

      • 3.4.1 It was good to see that some of the notes from meeting minutes had been incorporated into the action records.

        • 3.4.1.1 It was good to see that some of the notes from meeting minutes had been incorporated into the action records.

        • 3.4.1.2 The issue around the fire risk assessment of the Pastry Kitchen at FPC A Block had been on the action record for a while. This was an urgent matter. Was the College assured that students and staff could exit the kitchen in the event of a fire? This matter was currently with the City Council. The College was assured that there was means of escape and this issue was just around the risk assessment.

        • 3.4.1.3 The impact of apprentices reaching their end point and incurring a cost to the College: The response to this action had raised an interesting point around quantifying the financial impact as the risk was that the College would underclaim rather than overclaim. This would be included in a further review of Apprenticeships which would look at End Point Assessments (EPAs). Previously, the College had continued to work with apprentices rather than them having a break in learning. It had been a matter of how the apprenticeships had been delivered rather than any issues around quality.

          • 3.4.1.3.1 Had the issue around apprenticeships been due to the Covid-19 pandemic? The College had claimed everything that it had been entitled to claim. It had just been a case of the College incurring a cost which was not subsequently funded. It had been a deliberate decision to continue to support apprentices through the pandemic, and a similar choice had been made by other colleges.

          • 3.4.1.3.2 There had also been issues with engineering and gas apprentices. This had been due to a delay in refurbishments leading to apprentices not receiving the training on time.

    • 3.5 Governors noted the Action Record

  4. Risk Management Progress Report

    • 4.1 The Director of Governance and Policy presented an update on Risk Management. The following points were highlighted.

      • 4.1.1 The main change highlighted related to risk 1. Following discussion, the ELT proposed that the risk score on this be increased. The rationale for this was that following extensive work to introduce a quality dashboard and data being scrutinised at performance review meetings which take place every 6 weeks, more information was known about the potential achievement outturn. The NARs were now also available and had gone up and thr College was tracking below NARs for some provision.

      • 4.1.2 Overall attendance remained below College targets in some areas, especially for EPYP, T-Level and adult provision (82.2%), although Apprenticeships show stronger attendance at 93%.

      • 4.1.3 The College’s predicted achievement rates for this year were not expected to increase and might decline. Predicted achievement was also not robust and this was being reviewed for next year.

      • 4.1.4 The Quality team was reviewing the way it works enable earlier identification of issues and intervention eg deep dive process to pick up and the structure was being reviewed.

      • 4.1.5 Under risk 2, leadership changes had been added.

      • 4.1.6 There was no change to other risk levels.

    • 4.2 Governors made the following comments.

      • 4.2.1 Risk 1: The likelihood for the residual risk was higher than it had been for the inherent risk. There should not be a post-mitigation score higher than a pre-mitigation score. Noted; this would be amended.4.2.1.1 Reference 7.2.1 related to the risk register and was on the agenda for this meeting.

      • 4.2.2 There was nothing about attendance in the risk management update. This would be added to this and the 2025/26 risk register..

      • 4.2.3 The Audit Committee needed to have good communication with the other committees. To see Risk 1 suddenly rising had been unexpected.

      • 4.2.4 There had been discussions between the Chair of the Audit Committee and the Director of Governance and Policy about including a lead committee in the risk register. Committees could then have their risks as a standing agenda item to assess whether they are satisfied with the mitigations. This change would be actioned.

      • 4.2.5 There were no governors who sat on both the Audit Committee and the CSQI Committee. It was important to ensure overlap with all committees except for the Finance and General Purposes Committee. It was anticipated that a member of the Audit Committee would be joining the CSQI Committee.

      • 4.2.6 There should be consideration of what the escalation process would be if a risk were to rapidly go off track. As non-executive committees, the gap between meetings meant that there might be timing issues. There may be the option to make the chair aware so that they could decide whether to call an extraordinary meeting, perhaps on Teams. Noted.

      • 4.2.7 Risk 3: Capital expenditure had been assigned to purchasing new servers so that the College could achieve Cyber Essentials+ (CE+). How had the College managed to achieve CE+ without patching the servers? The College had achieved CE+ and there was still work underway on improving the server infrastructure. Further details would be sought from the Director of IT.

      • 4.2.8 There appeared to be two different numbers for the percentage of USB drives that had been blocked. USB drives had been blocked for all but a couple of programme areas within CAPA, and a longer-term solution was being looked at for next year. The minutes would be corrected to reflect this.

    • 4.3 Governors noted the update on risk management

  5. Risk Managment 2025/26

    • 5.1 RSM Briefing: Emerging Risk Radar

      • 5.1.1 Governors made the following comments.

        • 5.1.1.1 This had been useful to read. The presentations on pages eight and nine had been particularly helpful.

        • 5.1.1.2 The direction of travel for the ‘Most Prevalent’ risks was consistent. There were a few ‘Keep Monitoring’ risks which were not on the risk register. Some of the ‘Worth Watching’ risks were interesting. Noted.

      • 5.1.2 Governors noted the Emerging Risk Radar.

    • 5.2 Risk Management 2025/26

      • 5.2.1 The Director of Governance and Policy presented a paper on Risk Management for 2025/26. The following points were highlighted.

        • 5.2.1.1 There were no major changes to the Risk Management Policy.

        • 5.2.1.2 The current Risk 1 had been separated out into two risks as there had not previously been a clear enough distinction between delivery and development:

          • 5.2.1.2.1 New Risk 1 (inability to maintain and build quality of provision): a minimal appetite was suggested for this.

          • 5.2.1.2.2 New Risk 2 (inability to capitalise on opportunities arising from curriculum reform, funding changes and alignment with national and local priority sectors, limiting strategic growth and relevance): An open risk appetite was suggested for this.

        • 5.2.1.3 Risk 3 placed more emphasis on a flexible workforce.

        • 5.2.1.4 Some of the emerging risks highlighted by RSM’s report had been considered for inclusion, such as power outages, pandemics, and the use of technology for fraudulent purposes.

        • 5.2.1.5 There was still scope to amend this further.

      • 5.2.2 Governors made the following comments

        • 5.2.2.1 There may need to be further conversations around the appetite for Risk 1. The College should always strive to be the best it can be leading to needing a more adverse risk appetite. Alternatively, a more risk adverse appetite might stifle innovation as staff would be motivated to just carry on as they had done previously. It would be important to have the Corporation’s view on this, particularly with regards to the College’s mission and what kind of students were taken on in the future.

        • 5.2.2.2 Where was attendance? This had been included in Risk 1 but could be made clearer.

        • 5.2.2.3 The next iteration of the risk register would need to take account of the new Strategic Plan.

        • 5.2.2.4 The Internal Auditor’s view:

          • 5.2.2.4.1 The Internal Auditor had found that a lot of their clients had been pulling together dashboards which had revealed underlying data quality issues.

          • 5.2.2.4.2 Most of their clients were now assigning risks to individual committees and ensuring that there was a feedback loop to the Audit Committee.

          • 5.2.2.4.3 16-19 attendance had been a growing issue.

          • 5.2.2.4.4 It would be important to ensure that risk management was kept fluid and able to adapt to change throughout the year.

        • 5.2.2.5 The External Auditor’s view:

          • 5.2.2.5.1 The risk register was fine in terms of how risks had been articulated and there was nothing significant missing. However, risk registers needed to be live documents which were kept flexible.

          • 5.2.2.5.2 The External Auditor had found that many of their other clients had a lot more risks rated as red. It was unusual to see risks rated as low as they were here.

          • 5.2.2.5.3 There was no risk listed which related to governance capacity and while there did not need to be a separate risk, it could affect the ability to deliver strategic objectives.

        • 5.2.2.6 Historically, every risk had been rated as red which made conversations about risk appetite irrelevant and meant that there had been some reluctance to address any of the risks. Noted.

        • 5.2.2.7 Could the auditors provide any examples of escalation processes? This would be looked into.

        • 5.2.2.8 Was the appetite statement and policy consistent with the terms of reference around the role of the Audit Committee in line with what was set out in the Policy? Noted.

        • 5.2.2.9 Was it necessary to list every risk in section 5 of the Risk Appetite when these were already set out in the Risk Register? This section could be removed.

        • 5.2.2.10 The Risk Assessment Map had been a very useful tool for governors. Noted.

      • 5.2.3. Governors agreed to recommend the Risk Appetite Statement, Risk Assurance Map and Risk Register to Corporation for approval subject to the suggested amendments.

  6. Internal Audit Plan for 2025/26

    • 6.1 The Internal Auditor presented the Internal Audit Plan for 2025/26. The following points were highlighted.

      • 6.1.1 Discussions had taken place with the Acting Principal and Director of Governance and Policy to identify key risk areas within, both the College and across the wider sector.

      • 6.1.2 There would be a review following on from the external review of governance which was due to take place in 2025/26.

      • 6.1.3 The College Financial Handbook would be reviewed, and controls would be looked at to ensure that they complied with the requirements.

      • 6.1.4 There would be a risk deep dive into safeguarding. Although there were no concerns in this area, it was recognised that the implications of any failures could be significant.

      • 6.1.5 There would be a specific review of the apprenticeship EPA process.

      • 6.1.6 There would be a review of the Fraud Policy, training, and reporting processes in light of the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

      • 6.1.7 The usual Follow-up process would take place.

    • 6.2 Governors made the following comments.

      • 6.2.1 The table on pages seven and eight were not clear. It was not obvious which headings apprenticeships and safeguarding fell under. The Internal Auditor would make this clearer.

      • 6.2.2 Mental Health and Wellbeing had not been reviewed for some time. Although it had been reviewed in 2021/22 there were different issues now. This did not appear on the risk register but governors could request a review. It would be better to wait until after the forthcoming Staff Culture Survey to find out if anything in particular was highlighted.

    • 6.3 Governors approved the Internal Audit Plan for 2025/26.

  7. Internal Audit Reports

    • 7.1 Governance

      • 7.1.1 The Internal Auditor presented the findings of the internal audit of governance. The following points were highlighted.

        • 7.1.1.1 This had been a light-touch review of governance.

        • 7.1.1.2 Five committees had been reviewed, and no areas of concern had been identified. There were no management actions.

      • 7.1.2 Governors noted the internal audit of governance and approved the recommended risk rating of: Green.

    • 7.2 ESFA Funding Rule Compliance

      • 7.2.1 The Internal Auditor presented the findings of the internal audit of ESFA Funding Rule Compliance. The following points were highlighted.

        • 7.2.1.1 30 16-19 students had been reviewed split evenly between study programmes and T Levels.

        • 7.2.1.2 There had been an underclaim issue with T Levels which had affected a lot of providers. This related to a T Level student’s hours not having been adjusted correctly after they withdrew in the second year. The DfE had not been aware of this issue until they had been notified by the Internal Auditor.

        • 7.2.1.3 There had been nine learners who did not have an industry placement recorded correctly in their ILR. While this would not have a funding impact, it did mean that, if an industry placement did not take place, the students could not be completed as a T Level learner.

        • 7.2.1.4 There had been an issue with two study programme students not having their core aims recorded correctly.

        • 7.2.1.5 Errors had been found in the recording of grades for one English student and one maths student.

      • 7.2.2 Governors made the following comments.

        • 7.2.2.1 How did the Internal Auditor feel about the College’s processes for recording industry placements for T Level students? Learners had two years to complete a T Level, and if the College was waiting until the second year to start planning an industry placement, then they would be on the back foot. While the placement itself could take place the most appropriate time for the student and employer, the early planning of placements would reduce the risk. This had been acknowledged by the College’s management.

        • 7.2.2.2 T Level industry placements in some areas had been deliberately put back to avoid the risk of losing students to employers at an early stage in their studies. There was no problem with placements taking place later in their studies, it was just a case of early planning being required.

        • 7.2.2.3 What lessons had been learned from this review? A lot of these issues were being addressed including PDSAT checking. There were other areas which needed more monitoring such as timetabling as a different approach would be taken next year.

        • 7.2.2.4 How often were PDSATs run? They should be run once a month, although this was not written into the contract.

        • 7.2.2.5 It might be worth the Internal Auditor discussing running PDSATs with the College management.

      • 7.2.3 Governors noted the internal audit of ESFA Funding Rule Compliance and approved the recommended risk rating of: Amber.

    • 7.3 Follow up

      • 7.3.1 The Internal Auditor presented the Follow Up Report. The following points were highlighted.

        • 7.3.1.1 This report concluded this year’s work.

        • 7.3.1.2 13 actions were followed-up on. Seven had been successfully implemented; five had been partially implemented; and one had not been implemented.

      • 7.3.2 Governors made the following comments.

        • 7.3.2.1 There was an error in the table on page six with the final column not equalling the sum. This would be corrected.

        • 7.3.2.2 In relation to the ongoing actions, was there a similar delay in full implementation elsewhere? Weaknesses in control and process were always identified for Additional Learning Support. In this instance they specifically related to the City Skills Centre cohort. For IT disaster recovery, it was recognised that it always took a long time to work across several departments to identify single points of failure.

        • 7.3.2.3 It would be helpful to include the original date for which the management action was due so that the Audit Committee could see how long an issue had been outstanding for. Noted.

        • 7.3.2.4 It should be noted that the Audit Committee were disappointed with the results of this Follow-up report. It should have been rated as green, but it was not. Noted.

      • 7.3.3 Governors noted the Follow Up Report and approved the recommended risk rating of: Amber.

  8. Audit and Accounting Requirements

    • 8.1. The Interim Chief Financial Officer presented the Audit and Accounting Requirements including the Framework for Auditors and Reporting Accounts, the College Accounts Direction, and the Financial Handbook. The following points were highlighted.

      • 8.1.1 The Framework replaced the Post-16 Audit Code of Practice. There were no changes that were significant to the College.

      • 8.1.2 There were some minor changes to the wording of the Accounts Direction including disclosures around the Teacher Pension Scheme and bursaries.

      • 8.1.3 As yet, there had not been an updated Financial Handbook.

    • 8.2 Governors made the following comments.

      • 8.2.1 Page 19 of the emerging issues document included some good points which should be captured in the College Financial Handbook. Noted.

    • 8.3 Governors noted the Audit and Accounting Requirements.

  9. FE commissioner report: Annual report

    • 9.1 The External Auditor presented the External Audit Strategy Document for Year Ending 31 July 2025. The following points were highlighted.

      • 9.1.1 The approach was similar to previous years:

        • 9.1.1.1 There was no change in scope or auditing standard. There were only minor changes to the Accounts Direction.

        • 9.1.1.2 There were the same risks as previous years including pension scheme provision, revenue recognition around adult and apprenticeship provision, and management override and controls which were a presumed risk.

        • 9.1.1.3 Going Concern will still be included as an elevated risk. This has reduced from last year as there was no expectation of similar risks around the bank covenant, although the external environment remained challenging for both the sector and the wider economy.

        • 9.1.1.4 There would be no change to the approach to materiality.

      • 9.1.2 Appendix A outlined that there would be consistency in the external audit team.

      • 9.1.3 Confirmation of independence had been included in Appendix C.

      • 9.1.4 Appendix E included some headlines around forthcoming changes to FRS102 and FEHE SORP.

      • 9.1.5 The initial planning meeting had taken place, and the auditors were in a good position heading towards the end of the year.

    • 9.2 Governors made the following comments.

      • 9.2.1 Could reverse stress testing be applied? The External Auditor was not sure that this could be done at the College as the margins were already quite tight. Therefore, the model did not need to be that sophisticated.

      • 9.2.2 When did the tender for external audit need to go out? The Director of Governance and Policy would confirm this.

      • 9.2.3 Were there any significant changes to SORP being proposed? The biggest changes for FE would be around leases, but Leicester College only had a small number of these. The revenue standard was not expected to change significantly.

      • 9.2.4 The risk of the College getting into financial difficulty had reduced, although governors should not be complacent. This risk to Going Concern had been heightened last year due to issues with the bank covenant. This would continue to be monitored.

      • 9.2.5 There needed to be a link between the Finance and General Purposes Committee and Corporation around Going Concern. It was good practice to provide an explicit statement to Corporation.

    • 9.3 Governors approved the External Audit Strategy for Year Ending 31 July 2025.

  10. FE Commissioner’s Report

    • 10.1 The Director of Governance and Policy presented the FE Commissioner’s Report on Weston College. The following points were highlighted.

      • 10.1.1 This report had caused a lot of concern in the FE sector. Leicester College did not have any of the issues highlighted by the FE Commissioner.

    • 10.2 Governors made the following comments.

      • 10.2.1 This may have a case of a small group of individuals being trusted to make decisions without any oversight.

      • 10.2.2 It was amazing that this had not been picked up in the annual accounts or by auditors. The numbers involved were staggering.

      • 10.2.3 There may have been an issue stemming from governors’ length of service. How often did Leicester College ask governors to stay on for additional terms of office? The Search and Governance Committee had made decisions based on it being more of a risk to have certain vacancies. The reasons for asking governors to stay on were recorded and the committee acknowledged that it was not ideal.

      • 10.2.4 The Office for Students (OfS) had a process whereby Internal Auditors could notify them of any concerns. Was this the direction which FE was heading in? Internal Audit was not a mandatory element for FE. From what was happening in the academy sector, it would not be surprising if this changed in the future. There might also be changes which might require colleges to submit a report of internal scrutiny to the DfE throughout the year.

    • 10.3 Governors noted the FE Commissioner’s Report.

      Shabir Ismail joined the meeting.

  11. Confidential Item - Whistleblowing

    Shabir Ismail left the meeting.

  12. Terms of Reference and Workplan 2025/26

    • 12.1 The Director of Governance and Policy presented the Committee Terms of Reference and a Workplan for 2025/26. The following points were highlighted.

      • 12.1.1 There were no changes to the ToR other than removing references to the ESFA.

      • 12.1.2 There would be two confidential meetings next year: a November meeting with the External Auditors, and a March 2026 meeting with the Internal Auditors.

    • 12.2 Governors approved the Terms of Reference and the Workplan for 2025/26.

  13. Economic Crime and Corporate Transparancey Act: Failure to Prevent Fraud Offence

    • 13.1 The Chair provided an update on the Economic Crime and Corporate Transparency Act (ECCTA). The following points were highlighted.

      • 13.1.1 ECCTA introduced a new offence of failure to prevent fraud. Under this offence relevant organisations, “may be criminally liable where an employee, agent, subsidiary, or other ‘associated person’ commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place.”

      • 13.1.2 It would be sensible to review the Fraud Policy and Checklist in-line with ECCTA. This could be provided to the next meeting of the Audit Committee.

      • 13.1.3 The new offence would come into force in September 2025. The meeting schedule for the Audit Committee did not line up with this date but it might be worth considering whether something should be in place before September. This could be done by email if necessary or at the full Corporation meeting in June 2025. Noted.

      • 13.1.4 There were six principles listed which should be circulated to Audit Committee members. Was it possible that the College could self-assess against these principles? This would be done.

    • 13.2 Governors noted the update on the Economic Crime and Corporate Transparency Act.

  14. Dates and Times of Future Meetings

    • 24 September 2025

    • 19 November 2025

    • 18 March 2026

    • 3 June 2026