What are the requirements?
The Academies Financial Handbook (“AFH 2020”) sets out the requirements around when academy trusts are required to have a separate audit and risk committee. This is when an academy trust’s annual income is in excess of £50million per year.
But as most academy trusts do not reach this threshold it’s your board’s decision as to whether to combine the audit and risk committee with another committee, most often the finance committee.
There are considerations around both combining and separating the risk & audit committee.
If you do combine committees, ensure that the terms of reference include the responsibilities for audit and risk. Also remember that employees should not take part as members of the committee when you make decisions regarding audit, they should only attend to provide information.
Increase in the focus of risk and audit
Over the past few months, we have seen an increase in the level of work that needs to be completed by the audit and risk committee:
- The AFH 2020 clarified that the internal scrutiny programme should be driven by the risk register which must be reviewed at least annually, but we would recommend that this happens more regularly following feedback from your internal scrutiny reviews.
- The internal scrutiny programme should cover financial and non-financial review areas.
- The AFH 2020 also increased the number of musts that an audit committee has to complete.
- The committee’s oversight must also cover constituent academies, which can be a big job depending on the size of your trust.
So, is now the time to separate your audit & risk committee?
No one wants to spend all their time in meetings, but with the increased work associated with the risk and audit committee we are getting to a point where the level of monitoring and discussion required needs it’s own time rather than being an add on to an already important and full on finance committee.
If you do decide to separate the audit & risk committee, try to streamline the meetings as far as you can. Here are a few ideas:
- focus on the top five risks on your register and consider commissioning your internal auditor to review these in your annual internal scrutiny programme. Don’t be afraid to adjust your risk register over time – it should be a dynamic document
- ensure you have overarching oversight of the risk process and internal scrutiny programme, but delegate the review of topic specific risk to the relevant committees
- make sure that all of your audit reports are circulated before the meeting so you can monitor effectively the recommendations and actions
- Ask you internal or external auditors to attend your meetings so you can directly resolve any queries, and discuss remedial actions when required
The additional focus on risk and scrutiny can feel like a drain on your resources but managed well it can allow trustees to have real assurance on the control framework within their academy trust.