Committee Members and Attendees
DRAFT Minutes of the Audit and Risk Committee meeting held on Monday 22 June 2026 from 14:00 – 17:00 via Microsoft Teams
Audit and Risk Committee:
Marie Fallon (MF), Chair
Morag Sheppard (MS)
Chris Spray (CS)
Neil Oakley (NO)
Attendees:
Internal Audit (IA)
David James Reay (DJR), Senior Internal Audit Manager
External Audit (EA)
Phil Mason (PM), Manager, Deloitte LLP
ESS Team
Mark Roberts (MR), Chief Executive
Rebecca Liu (RL), Financial Accountant
Alasdair Dewar (AD), Principal Operations Manager
Calum Ross (CR), In-house Solicitor
Sandy Bendall (SB), Principal Investigations Officer (Item 6)
Alisdair Stapley (AS), Governance Lead
Kirsty Laing (KL), Business Support Officer (Minutes)
Apologies:
Rebecca Peppiette (RP), Head of Corporate Services and Communications
Iain Burns (IB), Lead Senior Internal Audit Manager
Alison Bennett (AB), Senior Data Analyst
Simba Jana (SJ), Director
1. Private session
The members of the Audit and Risk Committee (‘the Committee’), internal audit and external audit attended a private session.
2. Welcome
The Chair welcomed Committee members and attendees to the meeting. MS declared an interest in relation to her position as Acting Chair of the Water Industry Commission for Scotland. Apologies were received from RP, SJ, IB, and AB.
The Chair provided an update on the recent Audit and Risk Chairs’ meeting, highlighting key discussion points and developments in planning for 2027/28.
The Committee formally approved the reappointment of NO as a Co-opted member for a further four-year term.
3. Minutes and matters arising
The minutes of the previous meeting held on 23 March 2026 were approved.
The Committee discussed an action from the March 2026 Audit and Risk Committee meeting regarding a review of the Committee’s Terms of Reference (ToR) and Board Standing Orders. It was agreed that this review, as part of a wider review of Committees, is no longer required at this time.
4. Finance
MR provided an update on 2025/26 expenditure, highlighting the forward five-year expenditure profile, progress in recruitment and developments in procurement. In discussion, the Committee:
- considered the recruitment update and proposed budget forecast in relation to new duties
- noted the importance of maintaining flexibility across teams
- emphasised the need for ongoing monitoring of the impacts of recruitment
The Committee noted the paper and requested a further update on the financial forecast at the September 2026 meeting.
Action: MR to provide update to five-year forecast at September 2026 meeting
5. Risk management and assurance
[SB joined the meeting]
AS presented the Corporate and Cyber Risk Registers, highlighting changes to risk scores and noting areas of increased risk. In discussion, the Committee:
- noted the capacity issues being felt across all parts of ESS
- considered mitigating measures to manage changes within the risk registers
- reviewed actions relating to data storage risk, noting assurance received regarding cloud migration
- highlighted the importance of continued exploration of resourcing and strategic response
The Committee noted the paper, subject to minor amendments.
Action: MR to present a forward work plan on increasing risk areas identified in the Risk Registers
[SB left the meeting]
6. Governance
MR presented the draft Annual Report and Accounts for 2025/26, outlining key updates and next steps. The Committee commended the high quality of the report and provided feedback on areas for minor amendment and review.
The Committee approved the draft for submission to the Board for review by correspondence on 24 June 2026, subject to minor amendments.
Action: MR to facilitate submission of the draft Annual Report and Accounts 2025/26 to the Board for review by correspondence in June 2026.
AS presented the Audit and Risk Committee’s draft annual report to the Board, highlighting key areas of focus and continued engagement with the Scottish Government regarding IT services. The Committee approved the report for submission to the Board via correspondence, subject to minor amendments.
MR presented the Committee’s work programme for the remainder of 2026, highlighting key milestones and a planned development session in November 2026. The Committee noted the updates and discussed potential topics for the session.
Action: MR and the Chair to consider plans for the November 2026 development session and present details to the Committee at the September 2026 meeting.
7. Internal Audit
DJR presented Internal Audit’s annual assurance opinion for 2025/26, summarising key findings. It was noted that overall assurance was substantive, with ESS having robust and well-managed controls. In discussion, the Committee:
- considered Internal Audit’s observation of increasing organisational complexity and associated risks
- highlighted the importance of continuing to develop insights and monitor emerging risks
- noted that the team is maintaining strong governance controls under increasing pressure
The Committee noted the paper.
DJR presented the Internal Audit Progress Report and draft Terms of Reference (ToR), noting key developments and updates to the Internal Audit Charter. In discussion, the Committee:
- highlighted positive feedback on insights and external quality assessment outcomes
- considered progress in updating the draft ToR in relation to new duties
- noted plans for continued collaboration through a phased approach to new duties
The Committee noted the paper and thanked Internal Audit for its continued constructive approach.
8. External Audit
PH provided an update on the progress of ESS annual audit, including timelines for wider scope work and reflections on good practice in the Annual Report and Accounts.
9. AOB
The Committee noted the proposed schedule for Audit and Risk Committee and Board meetings for 2027.
The Committee acknowledged CR’s attendance at his final Committee meeting with ESS and thanked him for his support during his maternity cover role.
Minutes to be approved
Marie Fallon
Chair, Audit and Risk Committee
Environmental Standards Scotland
[DATE]