The Academy Trust Handbook requires all Trusts to ensure effective oversight and monitoring of their internal controls. To do this a programme of Internal Scrutiny must be established to provide independent assurance to the Board that its systems, controls and risk management procedures are operating effectively.
Internal Scrutiny work must focus on:
- Evaluating the suitability of, and level of compliance with, financial and non-financial controls. This includes assessing whether procedures are effective and efficient, and checking whether agreed controls and procedures have been followed.
- Offering advice and insight to the board on how to address weaknesses in financial and non-financial controls.
- Ensuring all categories of risk are adequately identified, reported and managed.
The Internal Scrutineer reports directly to the Audit and Risk Committee of the Trust Board. The planning of the programme of Internal Scrutiny must be a risk-based exercise between the Trust Board, the Audit and Risk Committee and the Internal Scrutineer with input from the Trust’s CEO and CFO. The programme of Internal Scrutiny is informed by the Trust’s Risk Register and the Internal Scrutiny process, in turn, may be used to update the Risk Register. It is beneficial for this to be a cyclical programme of works tailored to the Trust and its risks.
The Audit and Risk Committee may commission the Internal Scrutineer to review a wide range of topics such as: – the list below is not exhaustive.
- Financial Control Systems (a core element in every year)
- Risk Identification and Management
- Financial Governance and Oversight
- Financial Efficiency
- Strategic Financial Planning
- IT Systems
- Cyber Security
- Health & Safety
- Estates Management
- Organisational Culture
- Management Information
- Anti-Fraud Procedures
- Safeguarding
- Human Resources Systems
- Succession Planning
The Internal Scrutineer’s review will be influenced by the risk profile of the Trust, the current position of the financial and non-financial controls and the concerns of the Audit and Risk Committee.
The Internal Scrutineer may wish to break down the organisation by area of operation and assess the risks by considering:
- Monetary value
- Volume of transactions
- Complexity of the system
- Sensitivity of the system
- Stability of the system
- Changes in Senior Management or Strategic Roles
- Potential fraud risks
- The strength of management controls
The Audit and Risk Committee will consider the programme plan, in the form of an action plan, challenge and sign it off. The Internal Scrutineer will report back to the Audit and Risk Committee on their review work. The Academy Trust Handbook does not stipulate how often visits should occur in the year. Trustees will want to ensure appropriate coverage for the Trust’s size and complexity.
1st Pillar recommends at least two visits in the academic year to carry out a review of Financial Controls and one other topic per year. A bigger, more complex Trust, or one that has experienced recent personnel changes or growth, may benefit from additional visits to ensure the Trust Board is fully informed on its risks, and ability to manage them.
The Audit and Risk Committee will appoint one of its members as a direct contact for the Internal Scrutineer. Should any serious weaknesses, including fraud or malpractice be identified during the review process, this will be immediately and directly reported to the Committee contact.
At the end of the academic year, the Internal Scrutineer will amalgamate the work completed into one report, liaising with other Scrutiny providers where appropriate, to summarise the work completed including key findings, recommendations, subsequent actions, management response and overall conclusions. This will be made available to the Audit and Risk Committee at their final meeting of the academic year for approval.
The Trust must submit a copy of this report to the DfE by 31 December each year.
