Transparency data

RSH ARAC minutes - 25 April 2024 (accessible version)

Updated 24 October 2024

Applies to England

Public minutes of of the Audit and Risk Assurance Committee meeting

on Monday 25 April 2024 at 10.00am
MSTeams

8. Remote and virtual participation

8.1 Any member may validly participate in a meeting through the medium of conference telephone, video conferencing or similar form of communication equipment, provided that all persons participating in the meeting are able to hear and speak to each other throughout such meeting, or relevant part thereof. A member so participating shall be deemed to be present in person at the meeting and shall accordingly be counted in a quorum and entitled to vote.

8.2 A meeting shall be deemed to take place where the largest group of those members participating is assembled or, if there is no group which is larger than any other group, where the Chair of the meeting is.

Members

  • Liz Butler - Chair
  • Richard Hughes
  • Kalpesh Brahmbhatt

In attendance

  • Fiona MacGregor - Chief Executive
  • Jonathan Walters - Deputy Chief Executive and Accounting Officer
  • Richard Peden - Director, Finance and Corporate Services
  • Emma Tarran - Senior Assistant Director Head of Legal and Company Secretary
  • John O’Mahony - Assistant Director Corporate Services (for item 9)
  • James Dunbar - Head of Finance (for items 6 and 7)
  • Sandy Pacek - Head of Corporate Services (for item 9)
  • Mike Newbury - Audit Director NAO
  • Richard Smith - Engagement Manager NAO
  • Jenny Obee - Engagement Lead, Government Internal Audit Agency
  • Nigel Dawbney-Fisher - Government Internal Audit Agency
  • Kashif Zaman - Department of Levelling up, Housing and Communities

Minutes

  • Simon Turner - Senior Solicitor

1. Welcome and apologies

01/04/24 The Chair welcomed everyone to the meeting. There were apologies from Lisa Harvey (GIAA), and Jenny Obee (GIAA).

2. Declarations of Interest

02/04/24 There were no new declarations of interest.

3. Minutes of the last meeting

03/04/24 The minutes from 15 January 2024 were approved, subject to one small change.

4. Matters Arising

07/01/24 NAO completion report: Members noted that the wording had been amended to clarify the position, as requested at the last meeting of ARAC.

16/01/24 Fees setting model audit: Members noted that the terms of reference for the audit of fees setting had been finalised.

18/01/24 2024-25 internal audit plan: Governance: JO confirmed she would update members later in the meeting.

25/01/24 In-depth assurance – fee charging: Noted that this item has been completed.

11/11/23 NAO Audit plan: MN gave an update to members. It is intended that a “lessons learned” exercise will be carried out, and should be completed by the end of May 2024.

18/11/23 Strategic Risk Register: Board teach-in on risk appetite and tolerance - to be arranged after the strategic management meeting w/c 29/04/24 (RBP).

5. NAO Update

04/04/24 MN introduced this item.

07/04/24 MN reported that the NAO work on the interim audit is underway, and on schedule to meet the August 2024 time line for completion of the financial statement. RS mentioned that there was no issue this year for changing the accounting system, and the change in the payroll system had been tested in good time.

08/04/24 RBP asked about NAO charges and cost recovery. MN said that NAO cost recovery was not yet full cost recovery. NAO is looking to improve efficiencies, will keep the regulator appraised, and will not charge more than it needs to. FM asked MN if the regulator could have some anonymised comparisons for NAO work for other organisations – that could give some assurance. MN noted this as an action point for the future.

09/04/24 The Chair welcomed the interim work being carried out by NAO and said that it will be good to have a regular cycle established for the NAO work. The audit planning report 2023-24 was noted.

6. Annual procurement report

10/04/24 RBP introduced the report. He gave an overview of the scheme of financial delegations and procurement activity at the regulator. The Committee noted the updates, and the Chair thanked RBP for the report.

7. Annual fraud report

11/04/24 JD introduced the report. The regulator’s Counter Fraud, Bribery and Corruption Policy and Response Plan were adopted in February 2022. RSH’s Counter Fraud, Bribery and Corruption Strategy requires that ARAC is updated annually in relation to Fraud, Bribery and Corruption. JD explained the regulator’s risk assessment for fraud, bribery and corruption. Cyber fraud is recognised as the most significant risk. JD detailed the key controls to guard against cyber fraud and third party influence on regulatory decisions. JD went through the Annual Plan as set out in the report.

12/04/24 KB asked if the regulator seeks assurances regarding business continuity from service providers in the event of a cyber attack. RBP confirmed that that is a consideration to be addressed as part of any procurement exercise, and the regulator has information security requirements for service providers. The regulator recognises that it is likely that it will be subject to a cyber attack at some point, and it is not a question of “if there is an attack”, but “when”.

13/04/24 The Chair asked if a scoring of 2 was on the low side for the cyber security risk score. JD responded that the score represented the likelihood of a successful cyber attack. A score of 2 suggests such an attack is less likely to succeed in light of mitigations.

8. Internal audit reports

14/04/24 NDF introduced the Progress Report dated April 2024, including the finalised audit plan. NDF anticipated that the annual opinion will be positive – this will be presented to the June ARAC meeting.

15/04/24 JO explained that in the most recent internal audit, the regulator had asked GIAA to provide assurance around whether the quality assurance processes for for-profit RPs’ judgements adhere to its guidance and are consistent with those applied to not-for-profit RPs. JO summarised the report prepared by GIAA. GIAA is satisfied that the regulatory requirements for all types of providers are clearly defined in ‘Regulating the Standards’, published on Gov.uk. GIAA confirmed that this is reflected in the Regulator’s governance and assurance processes relating to regulatory decisions, and its internal guidance. JO reported that GIAA is satisfied that there are strong quality assurance processes in place in relation to regulatory assessments and judgements and that these are operating effectively in relation to For-profits RPs. GIAA found that the regulatory processes, including QC and QA processes had been followed as prescribed in the Regulator’s guidance. GIAA made one recommendation: senior decision makers, the Board, and staff involved with for-profit assessments should be provided with periodic briefings and training on how the for-profit sub-sector is developing and any specific potential regulatory considerations. GIAA provided a substantial assurance opinion for this review.

16/04/24 JO also summarised the terms of the GIAA audit regarding the regulator’s fee setting model. GIAA provided a substantial assurance opinion for this review. The GIAA audit found that the proposed fee setting model is equitable to PRP and LARP providers and does not involve cross subsidy between the two categories. GIAA was also satisfied that the proposed model aligns with the revised fee setting principles contained in the fee consultation. GIAA have confirmed that the fee setting principles have been revised, and the proposed fees have been set, in accordance with s117 of the Housing and Regeneration Act 2008, as amended by s4 of the Social Housing (Regulation) Act 2023. As a result of these findings GIAA made no recommendations in respect of the fee setting review.

17/04/24 RP said he was happy to confirm that both the Secretary of State and Treasury have recently approved the proposed fees setting model.

9. Strategic Risk Register

18/04/24 JOM and SP introduced this item. JOM asked members to note the planned Executive Team review of SRR next week, following which there will be a further report to ARAC. JOM highlighted changes to some of the risk controls and scores, and summarised the key points as set out in the report.

10. ARAC self-assessment

19/04/24 The Chair gave a summary of the ARAC self-assessment. Scores for the ARAC self-assessment were mostly satisfactory or good. The Chair will circulate the full report to members.

11. Forward Planner

26/01/24 RBP confirmed that the draft Annual Report and Accounts will be brought to ARAC for the June meeting. Members noted the items on the Forward Planner.

12. Any other business

20/04/24 There was no other business.

Date of next meeting: 17 June 2024