Audit and Risk Committee DRAFT Minutes –September 2025

The members of the Audit and Risk Committee (‘the Committee’), internal audit and external audit attended a private session.

The Chair welcomed the Audit and Risk Committee (‘the Committee’) members and attendees to the formal meeting.

There were apologies from MA.

The minutes of the previous meeting on 23 June 2025 were approved.

The running list of matters arising and audit tracker were provided for the Committee’s information.

RP presented the 2025/26 expenditure to date and proposed changes to the 2025/26 budget. In discussion, the Committee:

• highlighted the treatment of the capital funding requirements, noting the returned funds to the Scottish Government which will be detailed in the 2025/26 Annual Report and Accounts
• considered ongoing recruitment and approved the addition of a new permanent C1 Programme Manager role from February 2026
• noted the longer-term financial resilience planning

The Committee approved the updated 2025/26 budget and the return of £90,600 Public Service Reform savings in-year.

MR presented the revised approach to risk management and thanked those involved in developing its content. In discussion, the Committee:

• considered the overall approach to risk management, emphasising zero tolerance for fraud
• noted the risk maturity assessment anticipated following implementation of the revised risk management approach
• discussed the importance of cyber risk and how it will be presented within the risk register

The Committee noted and approved the paper, subject to amendments, for onward consideration by the Board.

RP presented the revised Annual Report and Accounts. In discussion, the Committee;

• considered the changes and recommendations since the Committee’s review in June 2025
• acknowledged not all final checks have been undertaken by the Deloitte team and therefore minor changes may be still required
• noted the next steps and timelines, in particular: the sign-off dates by Deloitte LLP; approval date by Audit Scotland; and laying of final Annual Report and Accounts with Parliament (and publishing) by the end of October 2025

The Committee approved the draft Annual Report and Accounts to be presented at the upcoming October 2025 Board meeting.

KM introduced the Audit Committee Progress report 2025/26, including the legal procedures review and internal audit service charges. KM confirmed there will be no increase in fees for ESS in the next financial year.

It was agreed at the meeting that the Internal Audit desk management review related to records management will be carried out from January 2026.

External Audit gave a verbal update on the progress of ESS’ annual audit, SJ noted that all work is nearing completion, with recommendations captured in the draft ISA 260.

Marie Fallon

Chair, Audit and Risk Committee
Environmental Standards Scotland

[DATE]