Draft Audit and Risk Committee Minutes –November 2024

The members of the Audit and Risk Committee (‘the Committee’), internal audit and external audit attended a private session.

The Deputy Chair welcomed the Committee members and attendees to the meeting. There were apologies from Marie Fallon and Charlotte Lowe.

There were no declarations of interest.

The minutes of the meeting on 2 September 2024 were approved by the Committee.

The minutes of the meeting on 23 September 2024 were approved by the Committee subject to the inclusion of additional information concerning Committee feedback on external audit’s ISA 260 report.

Action: to include additional information in the minute of the meeting of 23 September 2024.

RP presented the running list of matters arising. The Committee requested to see the Corporate Services and Communications (CSC) Team’s risk register relating to cyber risk. The Committee also noted that a follow up meeting to consider the Information and Technology Services (iTECS) response to cyber security questions took place on 30 September 2024.

Action: to share the CSC risk register relating to cyber risk.

RP presented the budget and expenditure update for the financial year 2024/25. In discussion the Committee:

• recommended that the sections on judicial review provision and legal advice should be separated
• considered the impact of staff-related underspend on operational delivery
• approved the in-year return of £100,000 to the Scottish Government (SG) in January 2025 for recommendation to the Board

RL updated the Committee on the move to the new Oracle finance system, noting that while this had largely been successful, the team continues to work through minor issues relating to transactions and reporting. RP confirmed in answer to MS that there was no management override of controls.

RP presented an early draft of the 2025/26 ESS budget modelling a potential 3% reduction in funding and taking into account anticipated increases to pay award and employer national insurance contributions.

In discussion, the Committee noted that following the draft budget announcement on 4 December 2024, the final ESS draft budget will be revised and brought back to the Committee for consideration and approval on 20 January 2025. The Committee agreed that the budget should remain flexible and cautious.

Action: to bring the final draft budget to Committee on 20 January 2025 for consideration and approval.

RP presented the updated risk register. In discussion, the Committee:

• requested that all outstanding action target dates are updated with status of completed or overdue
• considered the risk relating to the SG iTECS process for backing up ESS’ documents, and noted that ESS has its own mitigations in place to reduce the impact
• noted potential additional scrutiny duties and future considerations regarding resourcing and associated risks
• approved the risk register subject to recommended updates

Action: to amend the action target dates and status of risks on the risk register.

The Committee also noted that the risk register will be reviewed in full during ESS’ Strategic Plan review and made recommendations including:

• differentiation between mitigation actions taken to improve versus maintain risk position
• differentiation between ongoing and ad hoc risks
• removal of longstanding risks within appetite
• to improve the dynamism of the register

RP presented an update on progress against ESS’ performance and management indicators (PMI) for the first six months of 2024/25, highlighting:

• an increase in social media following, representations and consultation responses
• all service standards being met
• indicators where the definition does not fully capture performance in that area

The Committee noted that the final figures would be reported to the Committee in April 2025 for inclusion in ESS’ annual report and accounts, including the first instance of reporting the long-term outcome. Furthermore, following the ongoing internal audit review of ESS’ PMIs, this feedback will be taken into consideration during ESS’ Strategic Plan review.

RP presented the updated forward work plan. The Committee noted the plan and agreed to postpone its self-assessment and development session to April 2025. For future planning, the Committee recommended:

• including key dependencies and direction of travel of project schedules in reports
• aligning risk to budget planning priorities and linking to National Performance Indicators

RP presented the audit action tracker. The Committee noted that none of the actions on the tracker were listed as high priority, and recommended this is reviewed on several key actions particularly those relating to Finance review processes.

Action: to update the tracker to show high priority actions and recommendations.

IB presented the internal audit and assurance progress report, noting that new internal audit standards will go live in January 2025 and, while this is still being assessed by the internal audit team, this will require updates to the SG’s Audit Committee Handbook. Internal Audit will be subject to a quality assessment in September 2025 to ensure that they are meeting these new standards.

The Committee noted that a new memorandum of understanding (MOU) will be drafted and circulated to members.

Action: to share the new internal audit MOU/framework with the Committee.

On Public Services Reform planning IB noted that the SG Audit Committee are considering assurance in this respect. The Committee requested an update on this.

Action: to share the Public Service Reform planning assurance when available.

RZ provided a verbal update on the external audit process highlighting pieces of work already undertaken with the ESS Team and planning work which will be presented to the Committee in April 2025. The Committee requested that the external audit team share relevant papers for members’ information and learning.

Action: to share relevant papers for Committee members’ information.

There was no other business.

Morag Sheppard

Deputy Chair, Environmental Standards Scotland Audit and Risk Committee

[DATE]