Committee Members and Attendees
Minutes of the Audit and Risk Committee Meeting held on Monday 4 September 2023, 14:00 – 16:00 via Microsoft Teams
Committee Members:
Marie Fallon (MF), Chair
Richard Dixon (RD)
Neil Oakley (NO)
Morag Sheppard (MS), Observing
Attendees:
ESS Team
Rebecca Peppiette (RP), Head of Corporate Services and Communications
Charlotte Lowe (CL), Governance Lead
Internal Audit (IA)
Iain Burns (IB), Lead Senior Internal Audit Manager
External Audit (EA)
Muhammad Fadhil (MFad), Manager, Deloitte LLP
Apologies:
Mark Roberts (MR), CEO
Rebecca Liu (RL), Interim Finance and Accountancy Advisor
Douglas Falconer (DF), Senior Internal Audit Manager, Scottish Government
1. Private Session
Members of the Committee, Internal Audit and External Audit attended a private session.
2. Welcome
The Chair welcomed the Committee and attendees to the meeting. The Chair extended a particularly warm welcome to Morag Sheppard who joined the meeting as an observer, ahead of being officially appointed to the Audit and Risk Committee by the Chair of the Board.
There were apologies from Mark Roberts, Douglas Falconer and Rebecca Liu.
There were no declarations of interests.
The Chair provided an update from the previous meeting of the Audit Chairs Network, which included topics such as: relations and ways of working with internal auditors; cyber security and fraud risks; and audit committee effectiveness. The Chair agreed to circulate useful resources from the meeting for information.
3. Minutes and matters arising
The Committee approved the minutes from the previous meeting.
On the matters arising, the Chair agreed to meet with RP and MR to scope a deep dive into service level agreements and third party contracts, and circulate an update on this before the December Committee meeting.
4. Finance
RP provided an update on in-year expenditure, and both the 2023/24 and 2024/25 budgets. RP noted that the Board agreed revisions to the budget, including a £150,000 in-year budget return to the Scottish Government and updated staffing proposals, at its August 2023 meeting.
The Committee also noted progress and next steps on the external audit of ESS’ annual report and accounts. In discussion, the Committee:
- recommended reinstating the budget for judicial review to its original value, as this may be used at any point during the financial year
- considered potential impacts associated with reduced working hours following the Scottish Government’s proposed pay award, which ESS analogues to
- sought further details on the outlook of financial pressures across the public sector in Scotland
5. Risk management and assurance
CL introduced the updated risk register, highlighting that due to revisions to risk appetite and scoring, only one residual risk score now sits outwith ESS’ risk appetite.
The Committee noted overlap across some of the risks and recommended that the ESS team:
- amend current risk descriptions to ensure existing risks are distinct and map across to public sector themes and ESS’ Strategic Plan
- consider the inclusion of new risks relating to regulation and compliance, such as health and safety in hybrid working
- consider the scoring of and actions planned against the risk relating to business continuity and cyber security
- take an external view regarding financial pressures and consider the potential impact should public authorities be subsequently unable to deliver on environmental duties
The Committee also considered the role of Board Champions in relation to equality and diversity and cyber security.
6. Governance
The Chair presented the paper on the Committee’s self-assessment, introducing a report, produced by external governance advisor Eleanor Ryan of Glen Shuraig Consulting, which analysed the Committee’s responses to a self-assessment questionnaire. The Committee:
- noted the positive conclusions of the report and minor areas for improvement
- considered seeking specific input from MR, regarding the Committee’s support to the Accountable Officer
- agreed next steps for exploring lessons learned
7. Internal Audit
IB presented the internal audit’s progress report and the draft terms of reference for the review of ESS’ Strategy and Analysis function, highlighting:
- the draft terms of reference have been agreed with the accountable officer, with the review postponed from quarter two to quarter three
- planning for the cyber security review, scheduled for quarter four, would be carried out in the next two months
- common discussion themes across public sector organisations and the offices of digital assurance sand portfolio, project and programme assurance
On the draft terms of reference, the Committee discussed:
- the risks around prioritisation and added value outputs, and whether the balance between speed of delivery and quality could be explored further
- gaining assurance on pieces of work carried out externally through commissions and expert advice
- the schedule for internal audit reviews, updated to align with ESS’ internal workplan, and the process for reporting changes to the Committee
8. External Audit
MFad provided an update on external audit, reporting that, aside from some minor outstanding matters, the audit of the annual report and accounts is near completion. The Committee noted the next steps, which include a meeting between Deloitte and the ESS team to finalise the accounts, and a presentation of the final auditor’s report to the Committee on 4 October.
RP thanked MFad and the team for their support throughout the audit process.
9. Forward plan for next meetings
RP presented the Committee’s forward plan for future meetings. The Committee noted that although the plan is based on the Scottish Government’s Audit and Assurance Handbook, timings can be felxible to meet the needs of the Committee. The Committee also agreed to consider the reporting schedule of ESS’ Performance and Management Indicators at its next meeting.
10. Any other business
The Chair noted that an agenda for the Committee’s development session would be circulated in advance of the next meeting. MFad agreed to share Deloitte’s resources on continuing professional development.
Minutes approved
Marie Fallon
Chair, Audit and Risk Committee, Environmental Standards Scotland
4 December 2023