Guidance

Funding assurance review: step by step process

Updated 4 September 2024

Applies to England

Summary    

This document presents an overview of the Education and Skills Funding Agency’s (ESFA) Corporate, Assurance and Restructuring Directorate’s approach for funding assurance reviews.

The focus of the assurance approach is on learners returned in providers’ individualised learner records (ILR) and funded under recurrent funding grants and contracts allocated awarded by the Department for Education (DfE) and from employers’ apprenticeship service accounts. 

Who this publication is for

This guidance is for all providers that return ILR data and others, who wish to understand the funding assurance review process. It relates to all funding provision which is subject to ESFA audits.

Main points

Funding assurance reviews comprise 3 key steps:

• planning
• fieldwork
• reporting

They may be performed by an ESFA auditor or appointed external firm.

This document supports, and should be read in conjunction with, the ESFA Post-16 funding assurance review guidance.

Throughout this document the process flows ‘funding assurance review’ will be termed ‘audit’.

Although specific steps are defined within this document, the process steps may flow differently depending on the provider type or auditor, but the overall purpose of the process remains the same, that is, to gain assurance over the funding paid to providers.

Part 1: Audit procedure - planning

This section sets out the steps and actions taken in the weeks leading up to the start of fieldwork. It prescribes what action is required by the ESFA and the provider. These activities should ensure a smooth progression up to the fieldwork phase. Where this is not achieved, audit delays are likely. It is key that effective planning takes place to ensure the efficient and effective delivery of the audit.

Planning process: step by step

The planning process comprises:

Step 1: Notification of the audit between two-and four-weeks before it starts. The ESFA may appoint an external audit firm (hereinafter also referred to as “auditor”) to conduct the audit. The provider will be notified by ESFA initially, then by the audit firm. The notification period commences at the point of auditor contact.

Step 2: A confirmation letter is sent by the auditor to the provider, setting out the scope of the audit, including funding streams.

Step 3: The provider must complete a controls questionnaire and return it by the agreed deadline. New providers will complete a new provider questionnaire, and existing providers will complete an internal controls questionnaire. Any queries from the auditor will be raised during the audit.

Step 4: The auditor will use the ILR to produce the main sample and suite of provider data self-assessment toolkit(PDSAT) reports.

Step 5: The auditor will analyse PDSAT reports to identify any potential issues.

Step 6: Are there queries? If yes, move to step 7. If no, move to step 9.

Step 7: The auditor will send the PDSAT reports data and queries to the provider with agreed deadlines for responses. These may also be sent later with the learner sample.

Step 8: The auditor will identify any further PDSAT samples. PDSAT issues may not be resolved at this point, so may be actioned later.

Step 9: The auditor will share the learner sample with the provider, one to two weeks before the audit starts (the PDSAT sample may be sent later). Normal practice is to provide one week’s notice, but this can be negotiated dependent on, for example, audit complexity, subcontracting or management systems used.

Step 10: Evidence requirements. A conversation on evidence expectations between auditor and provider is recommended. This can occur at any point after the confirmation letter and before the fieldwork, at either the request of the provider or auditor.

Step 11: Move to Part 2: Audit procedure - fieldwork.

Part 2: Audit procedure - fieldwork

This section defines the steps and actions taken from the first day of fieldwork up to confirmation that no further testing and data corrections are required. It prescribes what action is required by the ESFA and the provider. These actions are required to ensure that the audit outcome is right. Where this is not achieved, delays to the audit timescales are likely.

Fieldwork process: step by step

The fieldwork process comprises:

Step 12: Await audit start date.

Step 13: The provider ensures that all evidence and appropriate staff are available for start date of the audit.

Step 14: Audit fieldwork commences. Regular written feedback (daily recommended) and updates throughout audit.

Step 15: The auditor will provide formal interim feedback at the end of fieldwork period, to enable the provider to respond to findings. This will be in the form of a face-to-face meeting on-site or via video conferencing, as well as written feedback. This will allow time for the provider to obtain additional evidence and to formally respond to audit findings. The auditor will discuss findings with the provider to reach an agreed position on findings, errors and ILR amendments.

Step 16: The provider should respond to the auditor feedback within five working days.

Step 17: The auditor will review any additional evidence.

Step 18: Are there funding errors? Non-provision of evidence is likely to lead to an error, with possible funding impacts. At this point, and only in exceptional circumstances, extrapolation of errors may be used where errors cannot be ring-fenced through the provider’s self-audit. This must be approved by ESFA. If yes, move to step 19. If no, move to Part 3: Audit procedure - reporting.

Step 19: The provider and auditor will discuss the nature of the error and determine the scope of provider self-audits (also known as one-hundred percent checks).

Step 20: The auditor will require self-audits for the provider to be completed by the agreed deadline. Depending on the volume, this could be between one and 3 weeks. This will focus on learners outside the sample but in the population.

Step 21: The provider will conduct their own self-audit on the defined sub-populations and report back to the auditor.

Step 22: The auditor will test a sample of the self-audit population to gain assurance on the accuracy of the provider’s self-audit. The provider will supply evidence specifically for the purpose of the test in question. If auditor’s tests identify errors, the self-audit process will be repeated until assurance is gained.

The auditor will calculate value of all in-year and prior year errors. The auditor will discuss and agree errors and ILR amendments and any recovery with the provider. ESFA will calculate the value of prior year error and all recovery relating to external audit firm action. Providers may have taken this action earlier.

Step 23: The auditor will determine the value of recovery, which cannot be recovered via the ILR. The auditor will discuss and agree errors and ILR amendments and any recovery with the provider. ESFA will calculate the value of prior year error and all recovery relating to external audit firm action. Providers may have taken this action earlier.

Step 24: Data correction: Provider will be informed of any ILR data amendments to be undertaken, or other remedial action in the agreed time scale.

Step 25: Move to Part 3: Audit procedure - reporting.

Part 3: Audit procedure - reporting  

This section defines the steps and actions taken after fieldwork, to report and conclude the audit. It prescribes what action is required by the ESFA and the provider. These actions are required to ensure all findings and outcomes are accurate, and agreed by all parties, before the audit is closed. Where this is not achieved, delays to the audit are likely. It is key that each step is performed to ensure the right conclusion and action plan for use by end users of the reports, such as ESFA, DfE, or the provider.

Reporting process: step by step

The reporting process comprises:

Step 26: The auditor will confirm that all testing complete.

Step 27: Is there a need for reconciliation exercise? If yes, move to step 28. If no, move to step 29.

Step 28: Reconciliation exercise (performed by the auditor): Comparison of data movements resulting from data amendments. This is between the ILR used for the assurance review and the final R14 ILR return that forms the basis of the final funding claims, where applicable. Further testing may occur on material changes.

Step 29 Formal closure meeting: The auditor will discuss with the provider the findings of the audit, self-audits, conclusions, recovery, reconciliation (if applicable) and recommendations.

Step 30: The auditor will ensure any ILR amendments or remedial action has been undertaken. This process can be completed at any point by the provider, but the auditor will validate completion at this point.

Step 31: The auditor will issue final written feedback or a draft report. The timelines for the auditor action will depend on the volume and complexity of action required. The auditor and provider will determine the appropriate timelines for implementing agreed actions.

Step 32: The provider will formally respond to recommendations and errors, or draft report, if applicable within the agreed deadline. The timelines for the provider action will depend on the volume and complexity of the action required. The auditor and provider will determine the appropriate timelines for implementing agreed actions.

Step 33: The auditor will issue the final report.

Step 34: The ESFA will calculate the recovery and process a Recovery form to recover errors not recovered via the ILR. The auditor and provider will determine and agree the timelines for action, depending on the volume and complexity of the action required. ESFA’s contract manager will discuss repayment plans with the provider to determine which offset option to take, to recover the value of the recovery identified.

Step 35: End of process.