Audit approach
The Council have commissioned the Shared Internal Audit Service (SIAS) to create and run an audit plan for all of Hertfordshire’s Maintained Schools. As part of our role, SIAS create a Schools Audit Strategy each year, which is agreed with Children’s Services. This page outlines our approach to creating and enacting this plan for the current financial year.
Definition of Internal Audit adopted by the Public Sector Internal Audit Standards (PSIAS):
Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Purpose of auditing schools
Our job as internal auditors is to provide an independent view of the governor oversight, risk management and financial processes in place at your school. Our aim is to support the school and to provide assurance to the Senior Leadership Team and Governors that the school are following best practice. Audits are also required to provide assurance to officers of the Council that schools have robust arrangements in place to meet the requirements set by the DfE, the Local Authority, or through wider legislation (e.g. GDPR). The Section 151 Officer is required to confirm that the Council have a system of audit for schools that gives adequate assurance over their standards of financial management and the regularity and propriety of their spending.
School Audit Strategy (2023/24)
The Schools Audit Strategy includes a requirement to annually establish the effectiveness of financial control, risk management and governance arrangements in a sample of schools. The findings and recommendations from the sample of schools visited will be anonymously included in a theme consolidated report that can be used by all schools to self-assess their practices. The consolidated reports can be found on the Summary Audit Reports page .
Each year SIAS Create a Schools Audit Strategy that outlines the three themed audit reviews that will take place throughout the financial year.
Audit Themes
Theme 1 - Schools Financial Value Standard (SFVS)
Description: Sample of 15 schools to test the effectiveness of controls in respect of the SFVS assurance areas, with a particular focus on financial management.
Scheduled Audit Dates*: April – December 2024
Theme 2 – Payroll
Description: Sample of 6-10 schools (subject to resources available) to be visited to provide assurance that schools have appropriate governance and internal control arrangements in place in respect of payroll. A particular focus would be on schools that have changed HR or Payroll providers and how the transition has been managed to ensure continuation of timely and accurate payments to staff.
Scheduled Audit Dates*: November 2024 – January 2025
Theme 3 – Use of School Premises
Description: Sample of 6-10 schools (subject to resources available) to be visited to provide assurance that there are robust structures in place to manage instances where schools offer multiple provision on site (e.g. nursery, early years etc). The audit will review the effectiveness of managing these activities, the sustainability of the model, their impact on school finances, and governance arrangements.
Scheduled Audit Dates*: January – March 2025
SIAS do take requests for audit from Schools should the Senior Leadership Team or Governors have concerns, or wish to review the current processes in the School. If you would like to be included in the audit topics listed above, please contact sias@hertfordshire.gov.uk to request an audit. This request will need to be made before the audit theme begins. Any requests received are subject to approval from Children’s Services as the owners of the Schools Audit Plan.
Preparing the theme
The audit themes are selected in conjunction with Children’s Services and are designed to review a variety of topics across all Schools in Hertfordshire. The process for preparing the themes and carrying out the audits in schools is as follows:
1. Preparing the theme
- discussions are held with Children’s Services at Hertfordshire County Council to decide on the three topics that make up the Audit Strategy. Audits may extend to non-financial areas, for example safe recruitment.
- as the Schools Audit Strategy includes a requirement to annually establish the effectiveness of financial control, risk management and governance arrangements, the three audit themes are chosen to encompass each element.
- once the audit themes have been approved by Children’s Services Board, SIAS create the audit plan which focusses on the biggest risks to Schools and The Council within each theme. These risks are the basis for the testing that we will complete at each school.
2. Selecting schools
A selection of schools is made for each audit theme. The selection criteria are as follows:
the first schools to be selected are those that have been least recently audited. This is to ensure that all schools are audited over an audit cycle (currently around nine years).
the remaining schools are randomly selected from those Schools that have not been audited in the past three years. We try to ensure that there is a fair distribution of schools across the County within each audit theme.
3. Booking process
the schools that have been selected will usually receive three weeks advanced notice for an audit. SIAS retain the right not to provide notice of the audit visit to maintain the integrity of key evidence, but this will only be the case where absolutely necessary.
- the Auditor completing the audit visit will call the school to confirm the date of the audit with the school and determine whether they want physical visit or a remote audit.
- The school will receive a confirmation email that outlines further details of the audit, including a list of documents required from the school as part of the audit visit.
- If in person, some documentation may need to be sent in advance of the visit, through the secure file transfer platform HertsFX (the auditor can explain how this works if required).
- If done remotely, all documents will need to be emailed to the auditor before an agreed date.
4. The audit
In person audit:
- upon arrival at the School, the auditor will have an initial discussion with the Headteacher (other staff members are welcome) to explain the audit process in more detail. This is especially important if the School have not received an audit visit in a long time.
- the auditor will then spend the majority of the School day in school to review the required evidence.
- the auditor will need to ask questions to relevant staff members in order to fully establish the process in place at the School. These questions are not designed to catch anyone out, but to understand the School’s approach to the areas being audited.
- at the end of the visit the auditor will have a closing meeting with the Headteacher. This is used to describe the initial findings from the audit and allows for the school to provide extra information or clarity over a particular area. This meeting is usually held between the Auditor and the Headteacher, but other members staff or Governors are welcome if the Headteacher thinks this would be useful.
Remote Audit:
- a timeframe will have been agreed between the auditor and headteacher for when they would be available for meetings.
- The auditor will complete testing on the documents during this time
- Once the auditor has compiled queries during their testing, they may set up meetings to consult with the Headteacher or another person, such as the chair of governors or school business manager, who may be able to answer queries.
5. The report
The audit report records the elements of good practice, and areas of improvement highlighted from the audit visit. The report has five main sections:
- Executive summary - this is a descriptive element of the report, which gives an overview of the good practice demonstrated at the school and outlines where processes could be improved. It includes an introduction, which gives a background to the audit, and an overall audit opinion, which describes each individual area of the audit completed at the school.
- Overall assurance level - as part of our report, we give an assurance opinion that provides our overall assessment on the robustness of the control environment in order to achieve the key objectives that have been audited. This is supported by the assurance by risk area table (see below). It is important to note that the overall opinion assesses the overall risk to the School and is not an average of the individual risk areas.
- Assurance by risk area – this is a table that summarises the assurance level (good, satisfactory, limited, or no assurance) for each assurance area reviewed as part of the audit. Assurance areas are the different sections that are covered as part of the overall audit. For example, the SFVS audit is broken down into five sections:
- Recommendations – where findings are identified from our audit testing, recommendations may be raised as part of the audit process and can be included in the report in either the management action plan, or as advisory actions.
- The management action plan is a table at the end of the report that outlines the finding and the associated recommendation where best practice has not been followed. The risk associated with each finding is included within the management action section. This is not a description of what is currently happening at the School, but what could happen if the recommendation is not followed. A response from the School is required to outline what actions the School will take to address the finding, who is responsible for ongoing actions, and the timeframes that these will be completed in.
- In order to reduce the length of reports, we have recently introduced an advisory actions section. These are findings that do not require a formal response from the School, as we deem them to be low risk areas. However, these are included for the School to consider and take appropriate actions as required.
- Definitions – at the bottom of every report, there is a table that outlines the definitions for each of the assurance levels, and the rating of the recommendations (high, medium, low, advisory). The draft report will be sent to the Headteacher for review, and a response to any findings made. Once the draft report has been agreed by the School, it is sent to the Chair of Governors and relevant sub-committees, with the responses to the recommendations included.
- Follow up process
- If the school have received a limited assurance level from the audit, or a high-priority recommendation within their report, SIAS will contact the school as part of an annual follow up cycle to ensure that the recommendations have been effectively implemented. The schools audit follow up annual review is normally scheduled for the Autumn term.