Audit and Risk Assurance Committee minutes: 13 June 2023
Updated 26 November 2024
Applies to England
Present
Martin Spencer, Chair
Jo Moran, Board member
Laura Wyld, Board member
Ian Looker, Co-opted member
Also in attendance
Amanda Spielman, His Majesty’s Chief Inspector (HMCI), Accounting Officer
Matthew Coffey, Chief Operating Officer (COO)
Louise Grainger, Director, Finance, Planning and Commercial
Board Secretary
Chris Jones, Director, Strategy and Engagement (item 11)
Head of Strategy (items 9 & 11)
Hassan Rohimun, EY
Tony Smith, Government Internal Audit Agency (GIAA)
Ivan Cheary, GIAA
Colin Wilcox, National Audit Office (NAO)
Status
Approved at the ARAC meeting 14 September 2023.
1. Chair’s introduction, declarations of interest, minutes, actions and matters arising
Apologies were received from Robert Garnett.
Following Chris Hanvey’s departure from the audit and risk assurance committee, Jon Yates has agreed to sit on the committee.
The minutes of the last meeting were approved as a correct record subject to an amendment to the wording at paragraph 5.2.
Laura Wyld declared that she has started an associate relationship with AGL Communication consultancy.
2. Verbal report from HMCI
HMCI provided an update on continuing discussions with the Department for Education (DfE) on various policy priorities and the announcement on 12 June outlining changes to improve aspects of our work with schools.
3. Progress against audit recommendations
The committee reviewed progress made on implementing audit recommendations. At the end of April, 18 management actions had been completed since the last report to ARAC and 4 were reported as on track.
4. Internal audit progress report
There are no proposed changes to the 2023-24 audit plan other than a management request to postpone the inspection services engagement from quarter 2 to quarter 3, to ensure alignment with the revised timescales for the programme.
5. Issued internal audit report
GIAA reported a substantial opinion in respect of the transition from Cygnum to New Applications audit with no recommendations for action. The review found that the transition away from Cygnum is being well-managed with effective governance and effective risk management arrangements in place.
6. Annual opinion
Based on the work carried out during the financial year 2022-23, a substantial opinion was provided by the Head of Internal Audit affirming that overall Ofsted’s framework of governance, risk management and control in 2022-23 was adequate and effective.
The is the fourth consecutive year that Ofsted has been provided with a substantial opinion. GIAA commented that the trend over recent years is that around only 10% of government departments receive a substantial rating and in 2021-22 Ofsted was the only non-ministerial department to receive that rating.
The committee commended HMCI, COO, the Director, Finance, Planning and Commercial and Ofsted staff for this significant achievement.
Action: Chair to provide a comment for the internal staff update on behalf of ARAC recognising this achievement.
7. External audit
The audit completion report was presented. Members noted that the audit was due to be completed in early July 2022. The auditors did not identify any issues and expect to recommend to the Comptroller and Auditor General that he should certify the financial statements with an unqualified audit opinion. The external auditors commended Ofsted’s financial management and controls system.
The external auditors thanked the Director of Finance, Planning and Commercial and all of Ofsted’s finance team for their full cooperation and assistance throughout the audit process.
8. Value for money and insight work
The committee noted the NAO value for money update report.
9. Annual Report and Accounts
The committee reviewed the draft Annual Report and Accounts. The committee was content to recommend that the board approve the Annual Report and Accounts 2022-23 prior to certification of Ofsted’s Accounting Officer, subject to:
- a review of the forewords when available. The forewords are usually written close to publication to take account of the latest context
- minor amendments to wording in the complaints section
Action: Committee secretary to circulate the foreword to the Annual report and Accounts.
10. Draft Annual Report of the ARAC
The committee reviewed its draft annual report, which provided an overview of ARAC’s activity during the financial year 2022-23.
The committee agreed that the report should only cover the year to March 2023, however, requested that the chair’s foreword should include a brief acknowledgement of the recent public debate about Ofsted. Subject to this update the committee was content for the report to be submitted to the board.
11. Risk report
The committee supported the proposal to have a workshop to review the strategic risks in the autumn. A summary of these discussions will inform a wider discussion on strategic risks with HMCI and the Executive Board.
The board requested a light touch analysis of the residual risk ratings for discussion at the next board meeting. NAO described Ofsted’s approach to risk as strong and the annual audit opinion found that Ofsted’s strategic risk management arrangements are systematic and robust, as is the process for reporting, review and challenge of risks. ARAC noted that whilst discussions about the format and presentation of the register are interesting, the primary purpose of risk registers is to provoke discussion, encourage scrutiny and agree actions, and this should be the focus.
It was noted that this was Chris Jones’ last ARAC meeting. Chris was thanked for the advice and support he had provided to the committee over the years.
12. Finance update
The committee noted the financial update.
13. Annual information assurance and cyber security report
The committee received an annual briefing on information and cyber security in Ofsted. Of note, was the following:
- Ofsted achieved Cyber Essentials Plus re-certification in December 2022
- Government Security Group (GSG) feedback for the 2022-2023 Departmental Security Health Check (DSHC) gave assurance that Ofsted continues to exceed the minimum standards required for cyber, personnel and incident management. Our average mandatory scores also exceeded other cross-government returns across each of these areas
- analysis of Ofsted’s return for the Government Security Functional Standard GovS 007 showed that we exceeded the standard and were above the Government average
The committee was assured that Ofsted continues to actively manage its information and cyber security risks and that there are appropriate mitigations in place.
14. AOB
There was no other business.