Committee Members and Attendees
DRAFT Minutes of the Audit and Risk Committee Meeting held on Monday 4 December 2023, 14:00-16:00, held at Deloitte LLP, 9 Haymarket Square, Edinburgh, EH3 8RY
SUBJECT TO APPROVAL AT THE 25 MARCH 2024 COMMITTEE MEETING
Marie Fallon (MF), Chair
Richard Dixon (RD)
Neil Oakley (NO)
Morag Sheppard (MS)
ESS Team (Items 2 – 10 only):
Mark Roberts (MR), CEO
Rebecca Peppiette (RP), Head of Corporate Services and Communications
Alasdair Dewar (AD), Business and Finance Manager*
Charlotte Lowe (CL), Governance Lead (Minutes)
External Audit (EA)
Rebbecca McConnachie (RM), Senior Manager, Deloitte LLP
Internal Audit (IA)
Louise Carmichael (LC), Senior Internal Audit Manager*
Douglas Falconer (DF), Internal Audit Manager*
Scottish Government (SG) (Item 7 only)
Laura Wall (LW), iTECS Head of Customer Relationship Management*
Ben Norris (BN), Head of Cyber Defence and Engagement*
Scott Smellie (SS), iTECS Customer Relationship Manager*
Iain Burns, Lead Senior Internal Audit Manager
Muhammad Fadhil, Manager, Deloitte LLP
Kirsty Hair, Assistant Manager, Deloitte LLP
Rebecca Liu, Interim Finance and Accountancy Advisor
*via Microsoft Teams
1. Private session
Members of the Committee, Internal Audit and External Audit attended the private session.
2. Welcome and declarations of interest
The Chair welcomed the Committee and attendees to the meeting. There were apologies from Iain Burns (Internal Audit), Muhammad Fadhil and Kirsty Hair (External Audit) and Rebecca Liu (ESS team).
There were no declarations of interest.
3. Minutes and matters arising
The minutes of the 4 September 2023 and 4 October 2023 meeting were approved.
On the matters arising, RM noted that continuing professional development resources would be shared with the Committee on an ongoing basis.
RP updated the Committee on budget and expenditure, reporting that the 2023/24 budget is currently on target and procurement in relation to ESS’ new accommodation will commence soon.
Noting the inclusion of a new capital figure, in line with International Financial Reporting Standards (IFRS) 16 requirements, the Committee recommended that the sum is clearly reported as a technicality within our corporate documents.
RP also presented the five-year budget profile, highlighting engagement with the Scottish Government and other public bodies regarding longer-term public sector finances. In discussion, the Committee:
- noted the ESS team’s confidence in projections for the 2024/25 budget, given relative certainty relating to staff costs and third-party contracts
- noted that a flexible approach would be taken to staffing, including use of fixed-term contracts and agency staff, in anticipation of future budget pressures
- recommended undertaking additional scenario planning to support the longer-term plans
5. Risk management and assurance
CL presented the updated risk register and reported that the most recent Board-approved version has been published on the ESS website in response to a Freedom of Information request.
The Committee discussed the addition of three new columns relating to interdependent risks, public sector risk themes and ESS’ strategic outcomes. The Committee recommended considering residual scoring where ESS’ controls and actions planned. It was agreed that controls such as proactive transparency can reduce the impact of risks, as well as the likelihood.
RP introduced the scoping paper for a deep dive into third-party contracts, recommending that the review focus on contracts to be relet in 2024. In discussion, the Committee:
- highlighted that the review should consider the strategic fit of the service provided now that ESS is fully operational, rather than the early requirements related to set-up
- recommended incorporating considerations of third parties’ carbon impact and scope 3 emissions into the discussion
- agreed the proposals and next steps, with the review discussion to take place at the Committee’s spring meeting
CL presented the six-monthly update on progress against ESS’ Performance and Management Indicators (PMIs). The Committee noted a rise in complaints compared to 2022/23. Whilst the complaints were not upheld, the Committee noted that further stakeholder engagement to promote and clarify ESS’ remit could mitigate this.
The Committee discussed the approach to reporting PMIs. It was agreed that an update by exception would be provided at its spring meetings, highlighting any PMIs that indicate particularly positive or negative performance, before year-end figures are formally reported to the Board in April/May.
7. Cyber Security
[At this point AD, LW, SS and BN joined the meeting.]
The Chair welcomed members from the Scottish Government iTECS and Cyber Security teams and led introductions.
LW presented information on the services provided by iTECS in relation to cyber security and its digital roadmap. The Committee requested further details on cyber security arrangements, cloud-based and on-premise services, and the assurances provided by iTECS. The Committee agreed to issue a list of questions by correspondence to support next steps in gathering assurances. The Committee thanked LW, SS and BN for their attendance.
[At this point AD, LW, SS and BN left the meeting.]
8. Internal Audit
DF presented Internal Audit’s progress report, noting that fieldwork for the Strategy and Analysis review is nearing completion and that there are no substantive comments to highlight. A draft report will be issued to the Committee before the end of December.
DF introduced the draft terms of reference for the review of ESS’ cyber security governance, scheduled for the final quarter of 2023/24. The Committee agreed the terms of reference, subject to the addition of Board/Committee members and contractors to the ‘staff training and awareness’ item.
9. External Audit
RM provided an update on the audit team and timelines for the 2023/24 annual audit, noting that the external audit plans would be presented at the spring 2024 Committee meeting.
10. Any other business
The Committee agreed minor amendments to the forward meeting dates.
Minutes subject to approval
Chair, Environmental Standards Scotland Audit and Risk Committee