Audit code of practice

In March 2017 the updated Post-16 Audit Code of Practice (ACOP) was issued. Whilst the ACOP contained few changes from the previous version (the 'JACOP'), with many funding, governance and structural changes within the sector, it is a good opportunity to take stock of the roles and responsibilities of audit committees and how they can best fulfil them.

The main responsibilities of college corporations remain set out in the Articles of Government and financial memorandum/funding agreement and the role of audit committees in helping to ensure they are met is vital. Boards continue to look to audit committees to provide assurance with regard to risk management, internal control governance and the college’s use of resources (value for money), as well as to provide advice and insight to support the Board in fulfilling its objectives. The ACOP sets out specific requirements for audit committees.

The new post-16 ACOP – what’s new?

The ACOP is applicable for periods commencing on or after 1 August 2016 and has been updated to reflect the Machinery of Government changes, including the transfer of the SFA into the Department for Education. Consequently it is no longer called the ‘Joint’ Audit Code of Practice.

It also includes a new annex highlighting regularity concerns that colleges may wish to consider. These cover governance and management issues and some of the examples of indications of regularity concerns given in the ACOP include:

  • weaknesses in the corporation’s approach to holding management to account;
  • ineffective implementation of policies and procedures; and
  • ineffective management structure including lack of control processes.

The ACOP no longer includes a regularity self-assessment questionnaire for colleges to consider and complete and provide to their external auditor as part of the regularity assurance planning, however an updated version of the questionnaire is expected to be issued separately.

What is the role of further education audit committees?

The role of audit committees remains unchanged in the new ACOP. These roles and responsibilities include that audit committees must:

  • assess and provide the corporation with an opinion on the adequacy and effectiveness of the corporation’s assurance arrangements, framework of governance, risk management and control processes for the effective and efficient use of resources, solvency of the institution and safeguarding of its assets.

If an audit committee is going to carry out this duty effectively then it is imperative that it understands the assurance that the board requires.

Following the area review process, many colleges are changing their approach to working with others, including increased collaboration with other institutions, be it through formal merger, joint venture companies or other routes. Other major developments in the sector include the reforms to apprenticeships. These changes will have an impact on the risk profile, significantly in some cases, and the corporation and audit committee will need to carefully reconsider both what assurances are required and how these will be obtained.

In recent years we have seen a number colleges develop a Board Assurance Framework, enabling them to make informed judgements over what assurances they need to support the college’s annual opinion on the ‘effective and efficient use of resources, the solvency of the institution and the safeguarding of their assets. Further guidance in this area is set out in our document ‘Board assurance: A toolkit for further education colleges’.

  • Monitor, within agreed timescales, the implementation of recommendations arising from any reports of audit and assurance providers.

As highlighted in our recent report ‘Further education high priority management actions’, based on our experience the most common high priority management actions raised by our internal audit teams are in respect of funding eligibility and learner data. With continued challenges for colleges, including real terms reductions in like for like core funding, prompt resolution of such matters is key to ensuring the decisions made and funding obtained are based on reliable information.

  • Oversee the corporation’s policies on fraud irregularity and whistleblowing.

Audit committees must also take appropriate steps with regard to all allegations and instances of fraud and irregularity including proper, proportionate and independent investigation.

It is critical that governors, and particularly the audit committee, provide appropriate challenge with regard to fraud risks. The natures of risks are continually developing with, for example, cyber-crime becoming increasingly prevalent. If the relevant risks are not identified then it is likely that the controls in place will not mitigate the risk and any assurance sought by the audit committee will therefore be mis-directed.

  • Produce an annual report for the corporation summarising the committee’s activities relating to the financial year under review.

The audit committee’s annual report is an important part of the evidence required by the corporation before signing off its annual statement of corporate governance and internal control. Our document 'Audit committees: Fulfilling annual reporting requirements’ sets out further consideration of what audit committees need to do to ensure that the work they undertake in compiling this is effective.