The timing of the Academy Schools' Update has been aimed at coinciding with the publication of the Academies Financial Handbook and the Academies Accounts Direction.
3. Today’s schedule
10:00 Chairman’s introduction Louise Bridgett, Director
10:05 Update on the Academies Accounts Direction (‘AAD’) Katie Skea, Director
10:20 Update on the Academies Financial Handbook Darren Perry, Director
10:45 Reporting and monitoring: You and your trustees Darren Perry, Director
11:00 Break
11:30 Due Diligence Louise Bridgett, Director
11:50 Assessing going concern Katie Skea, Director
12:05 Cyber Security Richard Wilding, Head of
Cyber Security
12:25 Lunch
4. Update on the Academies
Accounts Direction (‘AAD’)
Katie Skea, Director
5. Introduction
• Latest AAD applicable for periods
ending 31/8/18, (published May 2018)
• In overview, very few changes.
• Changes seen are generally
clarifications and expansions of
information – mainly for ESFA benefit
and transparency and to address issue
areas. Some changes are in responses
to new Acts and Regulations.
6. Accounts submission deadlines
- Accounts must be reported to the ESFA 4 months after the accounting
period end.
- No change where accounting period ends on 31/8/18 – due date still
31/12/18 (and no change to reporting required).
- AAD clarifies that this may be relevant to academy trusts that have
become inactive.
7. Inactive academy trusts
- Trusts where its entire operations have transferred to another trust,
(rebrokerage) and/or where operations have formally ceased which
triggers the termination of the funding agreement.
- In such cases, it may be appropriate to shorten the accounting
reference date. (Accounting reference date cannot be lengthened to
be after 31/8).
Operations transferred to
another MAT. Termination
of funding agreement.
31 March 2018 30 June 2018
Accounting period
end date shortened
31 October 2018
Accounts need to
be filed with ESFA
AAR to be filed
with ESFA
21 January 2019
INACTIVE CONSIDER DISSOLUTION
Accounts to be
filed with
Companies
House
31 March 2019
8. www.website.com
Inactive academy trusts (cont’d)
- Accounts need to be submitted to the ESFA
4 months after the accounting period end
date. AAR is still needed too.
- Once an inactive academy has submitted
accounts and AAR, it has fulfilled its
reporting obligations to the ESFA.
- Although inactive, the company will
continue to exist. Trustees have
responsibility for considering the dissolution
of the Trust. (See Companies House for
further info).
9. SORP Information Bulletin 1 changes
- Funds analysis:
- No change to the composition of this analysis but a
comparative for the prior period is now needed.
- Where the current and prior periods have both been 12 months
long, a further analysis of the combined position is now needed.
- “Analysis of net assets between funds” - also requires a
comparative.
- Expenditure on raising funds analysis – now to be analysed
between direct and support costs.
10. Funds note: combined current and prior year
analysis
Balance at 1
September
2016 £'000
Income
£'000
Expenditure
£'000
Gains,
losses
and
transfers
£'000
Balance at
31 August
2018 £'000
Restricted general funds
GAG 100 8,800 8,477- 10- 413
Start up grant 50 50- - -
Pupil premium - 170 170- - -
Other - 597 546- - 51
150 9,567 9,243- 10- 464
Restricted fixed asset funds
Transfer on conversion 9,218 - 673- - 8,545
DfE/ESFA capital grants - 824 738- 86
Assets purchased since conversion 3,060 - 246- 748 3,562
12,278 824 919- 10 12,193
Restricted pension funds
Pension reserve 694- - 80- 639- 1,413-
-
Unrestricted funds
Unrestricted general funds 30 279 31- - 278
Total funds 11,764 10,670 10,273- 639- 11,522
11. www.website.com
Capital grants for church
academy trusts
- Last year the AAD raised the issue of whether
church academy trusts should recognise a fixed
asset on the balance sheet for land and buildings
where there is a mere license to occupy.
- This was a question of: who controls the asset?
- Most concluded that control was retained by the
church and derecognised the asset and
recognised notional rental charges and donations
and prepayments/deferred income.
- This has led to further issues e.g. expenditure
incurred on church land/buildings and how to
account for capital grants received?
12. How do you account for capital grants at church
schools?
- Capital grants should be recognised when received and entitlement passes
– as normal.
- Where the expenditure is undertaken by the academy – there is a choice:
1) Recognise an asset: “site improvements” (analogous to “leasehold
improvements” for lessees); or
2) Expend to the SOFA (additional note required)
- Where the expenditure is undertaken by the church, there should be a
corresponding grant expenditure to match against the donation income in the
SOFA.
- Sufficient narrative disclosures needed: accounting policies and notes to the
accounts.
13. 13
Apprenticeship levy
- Introduced from 6 April 2017.
- Employers with pay bills over £3m per annum must
pay the levy ~ 0.5% of pay bills subject to a £15,000
allowance.
- Funds paid are held by government and can be
drawn down for training/assessing apprentices.
Must be used within 24 months.
- Previously separately disclosed within the staff cost
note, now to be included within “social security
costs.”
- Levy funded training received in the year is to be
shown as notional income and notional expenditure
in the SOFA.
- 10% top up funding should also be recognised in this
way.
14. Related party transactions
- Related party disclosures now need to be separately split
between income and expenditure transactions.
- Disclosures should confirm:
- That transactions were conducted in accordance with the
requirements of the AFH and the trust’s financial regulations
and procurement procedures.
- Where expenditure exceeds £2,500, the element above £2,500
has been provided at no more than cost and that a statement
of assurance has been obtained from the related party to
confirm this.
15. www.website.com
Fixed assets
- In order to align with the AAR, the fixed
asset note has been revised to include the
following categories:
- Land and buildings (analysed between
freehold and leasehold)
- Furniture and fixtures
- Plant and equipment
- Assets under construction (if applicable)
The note analysis now also
differentiates between asset
“acquisitions” and “additions”.
16. Teaching Schools and School Centred Initial
Teacher Training
- The status of the teaching school or SCITT needs to be determined –
does it have a separate legal identity or is it part of the academy trust?
- If the former – need to consider whether there is any control by the
academy trust re potential consolidation?
- If the latter, separate note disclosures are required to show how
incomes have been applied, (which are also needed on the face of the
SOFA) and funds brought and carried forward.
- GAG cannot be used for teaching school principals.
17. - ESFA has analysed irregularity within
academy trust accounts and noted the
following common themes:
- Lack of prior approval for finance
leases.
- No statement of assurance for
connected party transactions.
- Connected party transactions not at
cost.
- Non-contractual severance
payments made without required
approvals.
- Weak internal controls.
Regularity
18. Regularity
- Other more occasional regularity issues that have been
spotted for focus by accounting officer and reporting
accountant are:
- Use of public funds for personal benefit
- Lack of appropriate authorisation for expenditure
- Inappropriate procurement processes (including breaches of
relevant EU thresholds)
- Inappropriate authorisation – Chair of governors acting beyond
their powers
- Irregular expenditure e.g. excessive gifts, alcohol
19. www.website.com
Trustees Report – additional
sections required
- Requirement to include information on trade union
facility time – in order to comply with The Trade
Union (Facility Time Publication Requirements).
- Where an academy trust has more than 49 FTE
employees for any 7 months within the reporting
period, 4 tables must be published:
1) Number of relevant union officials;
2) % of time (in bands) that these employees spend on
facility time;
3) % of pay bill that these employees spend on facility
time
4) % of paid trade union activities out of total paid
facility time.
- This information is required for the year ended 31
March 2018 and must also be published on your
websites before 31 July 2018.
20. Trustees Report – additional sections required
- Requirement to include information on fund raising
practises in order to comply with the Charities (Protection
and Social Investment) Act 2016.
- This should include:
- Approach to fund raising
- Work with and oversight of any commercial/professional fund
raisers
- Monitoring of fund raising carried out on the trust’s behalf
- Fund raising complaints
- Protection of the public (including vulnerable people) from
unreasonable intrusive or persistent fund raising approaches
and undue pressure to donate.
22. Academies Financial Handbook 2018
• Published 9 June 2018
• Effective from 1 September 2018
• Not too many changes. But continued
“evolution”….
• Summary of changes in AFH 2018
pages 6 and 7
23. Academies Financial Handbook 2018
• Foreword by Lord Agnew – main comments:
• Reinforces aim of the AFH being to provide a framework to balance
• financial management and governance REQUIREMENTS against
• FREEDOMS for schools to establish procedures that best suit their circumstances
• Highlights ROLES AND RESPONSIBILITIES
• Specifically Trustees, CEO’s, and CFO’s
• Get it right and the EFSA will leave you alone….
• Role of Chair of Trustees is particularly important
• Highlights need for key financial and governance requirements
• having rigorous procedures for preparing and monitoring financial plans
• delivering effective operational controls
• maintaining a system of internal scrutiny to remain compliant
• A need for constant challenge of deployment of resources – leads to improved educational
outcomes…
24. Academies Financial Handbook 2018
• Foreword by Lord Agnew – main comments (cont.):
• Delegated authorities
• autonomy is good…..
• …..but in event of challenge, decisions made must withstand public scrutiny
• Role of external auditor is key
• generally standards are good
• but where concerns are identified, Boards should act in a “timely and constructive manner”
Changes in the 2018 AFH aim to pick up on these key themes -
especially the role of Boards in terms of OVERSIGHT and
CHALLENGE
25. www.website.com
Main change 1: Governance
• Secretary of State can now make directions
prohibiting individuals from taking part in
academy trust management – this could prevent
an individual from acting as a member, trustee
or executive leader of a trust
e.g. where an individual is subject to a caution or
conviction, or has engaged in poor conduct,
the Secretary of State may consider that the
individual is unsuitable to take part in the
management of a school
• ESFA may refer trusts to the Charity
Commission for investigation to ensure that
individuals, in particular the trustees, act in
compliance with their legal duties
26. Main change 2: Trustees
• 2017 AFH went in to some detail comparing Members v. Trustees. 2018 AFH
continues this….
• Clarification that trustees of the academy trust are both charity trustees and
company directors – but AFH refers to them as trustees
• However, in some academy trusts, such as church academies, those on the
board are known instead as ‘directors’. In church academies, the term ‘trustees’
is reserved for those on the board of the separate trust that owns the land.
• New statement that trustees should focus on the three core functions of
governance:
• ensuring clarity of vision, ethos and strategic direction
• holding executive leaders to account for the educational performance of the
organisation and its pupils, and the performance management of staff
• overseeing and ensuring effective financial performance
• trustees must comply with trust’s charitable objects, with company and charity
law, and with their funding agreement
27. Main change 2 (cont.): Trustees
• And whilst the role of a trustee remains unchanged, the
AFH2018 has further clarified their duties
• AFH now states that trustees must apply the highest standards
of governance and take full responsibility of their duties, and
must ensure “….regularity and propriety in use of trust’s funds,
and achieve economy, efficiency and effectiveness – the three
key elements of value for money”.
• The chair of trustees - responsible for ensuring the effective
functioning of the board and setting professional standards of
governance
• ESFA will help chairs and their boards to do this if required
28. www.website.com
Main change 3: Members
• Definition of role of members is largely unchanged
from AFH 2017.
• But AFH 2018 expands on need for separation
between members and trustees (reminder - members
should be “eyes on and hands off” – they are not
responsible for trust’s business, and therefore
preference is for majority of members to be
independent of board of trustees)
• If governance of the trust by the trustees becomes
“dysfunctional”, there was previously a requirement
for the members to ensure that “..the board has plans
to address the issues”.
• AFH 2018 goes on to state “…or remove the board or
individual trustees and reappoint trustees with the
skills necessary for governance.”
29. Main change 4: Board meetings
• Boards are still required to meet at least three times a year. But the
AFH2018 has added requirement for additional reporting if the board
meets less than six times a year – based on the need to maintain “robust
oversight”
• where boards meet less than six times a year, they must describe in the
governance statement in the accounts how it maintained effective
oversight of funds with fewer than six meetings
30. 30
Main change 5: robust cash
management/budgeting
• New requirement that trust must manage its cash
management position “robustly”, and avoid becoming
overdrawn. Previously this was a “should”….
• It may be required to report to ESFA on the cash position
where there are concerns on financial management
• Budget setting – wording has been strengthened to promote
better governance
• Board must ensure rigour and scrutiny in budget management
• Board must ensure budgets forecasts are compiled accurately based on
realistic assumptions – for current year and beyond
• The trust must prepare monthly management accounts setting out its
financial performance and position – including variance reports and cash
flow forecasts
• Management accounts must be shared with chair of trustees monthly, and
other trustees at least six times a year. Board must ensure appropriate
action is being taken to maintain financial viability and address variances
• Trust must select KPIs and measure performance against
them regularly, and analyse in Trustees Report in financial
statements
31. Main change 6: Executive pay
• Builds upon requirements of AFH 2017. AFH 2018 states that board must ensure its
decisions about levels of executive pay follow a robust, evidence-based process, and are
reflective of the individual’s roles and responsibilities
• Reminder about gender pay gap reporting
• In particular, the board must ensure its approach to pay is transparent, proportionate and
justifiable, including:
• Process – procedure for determining executive pay should be agreed in advance and documented
• Independence – decisions should reflect independence and objective scrutiny and avoid conflicts of
interest
• Decision-making – factors in determining pay should be clear, including demonstrating whether
performance conditions and degree of challenge in the role have been taken in to account
• Proportionality – pay should be defensible relative to the public sector market
• Documentation – record rationale and process. Why is level of agreed pay VFM?
• A basic presumption that non-teaching pay should not increase at a faster rate than that of teachers
• Beware of challenge from ESFA – particularly in poorly financially managed trusts
32. www.website.com
Main change 7: Internal scrutiny
• No change in requirement for trusts to have a committee to
provide assurance to the board over suitability of, and
compliance with, its financial systems and controls, and to ensure
that risks are adequately identified and managed
• Income over £50 million – must have dedicated audit committee
• Income < £50 million – may combine functions of audit committee
within another committee
• Committee must agree programme of work
• Trusts must confirm in governance statement in accounts how it
has implemented programme of risk review and checking of
controls
• Findings of programme of work must be made available to all
trustees promptly
33. Main change 8: related party transactions
• ESFA have always been interested in transactions with related parties
• With some exceptions, a trust must pay no more than “cost” for goods or services
provided by related parties
• Terminology has been changed from “connected party” to “related party”. But no change
in definition of who/what a related party is
• Wef from 1 April 2019, trusts must report in advance – on ESFA online form – all
transactions with related parties to the ESFA
• ESFA approval is required in advance where RPTs exceed pre-set limits
• the contract exceeds £20,000.
• a contract of any value that would take the total value of contracts with the related party beyond £20,000.
• a contract of any value if there have been contracts exceeding £20,000 individually or cumulatively with the
related party in the same financial year ending 31 August.
34. • Trusts must also obtain ESFA’s approval for
transactions with related parties that are novel,
contentious and/or repercussive:
• Novel transactions are those of which the
academy trust has no experience, or are
outside its range of normal business.
• Contentious transactions are those that
might cause criticism of the trust by
Parliament, the public or the media.
• Repercussive transactions are those
likely to cause pressure on other trusts to
take a similar approach and hence have
wider financial implications
• For the purposes of reporting to, and approval
by, ESFA, transactions with related parties do
not include salaries and other payments made
by the trust to a person under a contract of
employment through the trust’s payroll.
Main change 8: related party
transactions (cont.)
35. Main change 9: audit findings
• The AFH now states that “the audit process can support trusts by
helping identify key areas that may require improvement”
• Boards must ensure that there is appropriate, reasonable and timely
response by the trust to any findings by auditor
• Boards must ensure that there is appropriate, reasonable and timely
response by the trust to any findings by auditor to strengthen systems
and controls
36. www.website.com
Main change 10: financial returns
• The ESFA sends letters to trusts’ Accounting Officers/CEOs
which cover issues pertinent to their role and the ESFA’s
findings, the latest of which (3/18) was setting out deadlines
for returns and taking a firmer stance on non-compliance
• AFH2018 now states that where information is not received by
the deadline, or not of acceptable quality, the ESFA may
conduct investigations to collect it. The ESFA may then deduct
the cost of the investigations from the trust’s recurrent funding,
and may publish names of late-returners
39. Reporting and monitoring
• Fundamentals
• KPIs
• Management v trustees
• Budget reporting
• Stress-testing and resilience
40. www.website.com
Reporting and monitoring fundamentals
• Understand your activities
• Required resources – revenue and
capital?
• Identify your break even position
• Cost base – discretionary and non
discretionary?
• Certainty of income – funding gap?
• Get to grips with cash flows
• Timing and amounts?
41. Reporting and monitoring fundamentals
• Budgets and forecasts
• Management tools
• Assumptions and sensitivities
• Revenue and capital expenditure
• Cash flow – to avoid overdraft position
• In-year reporting
• How are we doing against budget/forecast?
• Action required – reforecast, discretionary costs?
• Cash flow v income and expenditure (beware grants)
42. Why have KPIs?
• Setting and measuring targets
• Best use of resources
• AAD requirement for Trustees
Report
Management
• Achievements and performance
• Financial and non financial
Reporting
• Engagement with staff and
stakeholders
• Transparency and openness
Communication
43. 43
Same picture, different angles
Trustees
Reporting and
monitoring
Management
Operational
- Manage
- Control
- Report
Governance
- Challenge
- Sustainability
- Assurance
44. What do management need?
• Useful and timely data
• Restricted and unrestricted reservesManage
• Allocate responsibility
• Regular routines, reviewsControl
•Operational v strategic
•Transparency v excessive detail
•“Dashboards”
Report
45. Trustees and good financial governance
Strategy
Reporting
Control environment
46. 46
Communication tips
Time to digest
“Less is more”
Pictures, numbers and narrative
Beware jargon
“Follow the story”
47. • “There is no such thing as stupid
question…”
• “….only stupid answers!”
• The Emperor’s new clothes?
Trustee challenge is crucial to good
governance
48. Useful questions for trustees to ask
• What are the sensitivities in the budget/ forecast?
• What is our break even point?
• What are our short and long term positions?Challenge
• How are we doing against budget?
• What are the red flags?
• What due diligence have we done?
• What do we have in reserve?
Sustainability
• Have previous budgets and forecasts been reliable?
• Do explanations from management stack up, are they
consistent?
• Number and size of adjustments between
management and statutory accounts?
Assurance
49. www.website.com
• 3 year forecasts required by 30 July
• Ensure trusts are planning ahead
• Simplified, high level data
• Explain assumptions
Budget Forecast Return
50. 3 year budgets
Link to existing plans and projections
DFE Technical Note expectations
• What is missing?
• NLW and NMW assumptions
• Non-staff expenditure
Dealing with deficits
51. Stress-testing: how resilient are you?
• Current headroom?
• How to increase/improve?
• Risk mitigation opportunities?
What
combination of
risks causes the
biggest problem?
• Check your calculations?
• Designated reserves for
future plans?
What if you seem
to have plenty of
headroom?
53. To cover today…
• What is due diligence
• When is it required
• What does the process involve
• Who will be involved
• Focus on financial DD
• What will it cost
• What does the output look like
• How we can help
54. What is due diligence?
Due diligence is an investigation into the background, financial position,
operations, legal and contractual obligations of another trust or school
prior to joining together.
The aim is to provide clarity and evidence to enable Boards to make
informed decisions about whether the proposed step is viable and in the
best interests of their school or MAT
Heads ruling Hearts
55. www.website.com
When is it required?
Some form of DD will be required where:
• A MAT is accepting a new school
• A school is looking to join a MAT, either on
conversion or by moving MAT
• Two or more MATs or SATs are looking to
merge
Plan timing
56. What does the process involve?
That depends! DD is a spectrum from a light touch to full and detailed
Not unlike buying a car. Will you:
• Check you like the colour and kick the tyres?
Or
• Get a full RAC inspection undertaken?
57. What does the process involve
Appropriate level of DD will depend on the circumstances and risks
Plan scope of DD at outset
58. 58
What will DD cover
Overall it will include the following areas:
• Ethos and culture
• Educational
• Finance
• Estates and IT
• HR
• Legal
• Governance and Regulatory
• Capacity to deal with expansion
59. Who will be involved
Teamwork, including
• In house staff in areas of expertise
• Board members
• Accountants
• Lawyers
• Buildings surveyors / specialists
• HR advisors
60. Focus on financial DD
Key
assumptions
Will include student
numbers, staff roll etc
Historic
financials
Cash flow
forecasts
Include sensitivity analysis
on key assumptions Budgets
Financial
commitments
Will include lease
commitments, supply
contracts etc
Capital
expenditure
61. Focus on financial DD
Other areas that may be covered by financial DD include:
• Review of Board minutes for issues
• Review of audit feedback for existing MATs
• Review of policies and processes and checks to ensure these are
being applied
• Ofsted reports
• Staff terms and conditions
• Finance team structure
Consider financial
implications of coming
together
62. www.website.com
Output
For key areas, a formal document for consideration
by the Board
• Records key findings and conclusions
• Evidence of decision making process
• Opportunity to discuss findings and ask
questions
But it should be the culmination of a process, with
no surprises
63. Costs
• Work done in house – time costs / opportunity costs
• External input will incur fees
• Consider structuring it in stages, so costs are incremental as process
progresses
Check funding available
64. 64
How we can help
• Discuss strategy at outset – sounding board
• Help scope DD project depending on
circumstances and risks
• Undertake financial DD
• Help interpret and assess the findings
65. www.website.com
Summary
• Scope the work required
• Agree who will do what, when
• Allow sufficient time
• Manage costs
• Take on board the results
• Use the work to help the coming together
69. www.website.com
Technical answer:
“An entity is a going concern unless
management either intends to liquidate the entity
or to cease trading, or has no realistic alternative
to do so”.
Practical answer:
“Will the school be able to pay its liabilities as
they fall due?”
Is our school sustainable?
What is going concern?
70. What is the school’s responsibility?
The board of trustees must make appropriate enquiries to be satisfied that
the trust has adequate resources to continue in operational existence for the
foreseeable future.
71. 71
What does that mean in practice?
Review future financial forecasts for at least the next
3 years and assessing the robustness of these
forecasts (possibly from past experience);
Understand significant changes from current
performance/position to future forecasts – are these
changes likely? Are the quantified changes
accurate?
What are the key assumptions over key income &
cost lines? How sensitive are these assumptions?
(Including reviewing future demographics and
expected pupil numbers).
72. Review cash flow forecasts, probably 3-5 years out. Having enough cash on
a month-by-month basis is actually more important to financial health than
making future surpluses – though they do ordinarily go hand in hand.
Reviewing the reserves position – can future anticipated shortfalls be
absorbed by carried forward reserves?
What does that mean in practice?
73. www.website.com
Forecasts should, as a minimum, cover
restricted income funds and any unrestricted
funds.
Forecasts should be whole-MAT (where
applicable) as GC judgement is at the Trust
level. Forecasts can (should?) be done at
member school level & then consolidated.
Can use unrestricted funds to top-up restricted
income deficits, but how long is this
sustainable?
Points to consider
74. Points to consider
Employer pension charges should be modelled on a cash basis. Some
local authority schemes now over 20% Ers’ contributions – what happens
if contribution rates rise further?
Actuarial movements on the LA scheme are not cash flow items.
Depreciation is not a cash flow item.
75. 75
Timing & frequency of forecasts?
Budgets & forecasts should be on every
finance committee agenda as a standing
item.
Level of detail & frequency of full re-forecast
dependant upon the sensitivities &
headroom required. The tighter things are,
the more closely forecasting should be
monitored.
76. When times get rough…
What cost savings can be made with lowest impact upon core
provision?
Can courses be streamlined (e.g. by only offering 1 syllabus to GCSE)?
Can procurement savings be made by pooling between schools or by
running reverse auctions?
Can more income be generated from use of assets/facilities? Catering;
hall/pitch hire etc. Watch out for tax implications.
Can we raise more unrestricted income e.g. from alumni programmes?
77. www.website.com
ESFA approach
The ESFA will offer some level of emergency
repayable cash advances to cover critical one-off
short-term issues (e.g. if month end payroll risks
going unpaid).
The sooner needs are identified & flagged to the
ESFA, the better. Need to present a clear path to
repayment.
If a clear path to repayment can’t be demonstrated,
or the ESFA view is that there is fundamentally
poor cash management, expect FNtI and/or
commissioner intervention.
ESFA will no longer issue letters of support where
funding over & above contractual level will/may be
required.
78. What is the auditors responsibility?
The auditor’s responsibility is to review & challenge the school’s
process for determining going concern.
It is not the auditor’s role to prepare forecasts or sensitivity analysis.
79. 79
Audit report implications
Providing the school can demonstrate that it
reasonably expects to be able to pay all of
its debts as and when they fall due for a
period of at least 12 months from the date of
signing the financial statements, the
accounts are prepared on the ‘going
concern’ basis.
This broadly means that no adjustments or
specific disclosures will be required in the
accounts.
80. Audit report implications
Going concern may be marginal - for example where contingent on conditions
outside the school’s control such as pupil recruitment, DfE decisions, LA
pension scheme funding obligations etc. In such a scenario, the governors
need to clearly explain the existence and nature of the uncertainty in the
financial statements through the ‘going concern’ sections of the Governors’
Report and the accounting policies.
The narrative in each area should also explain governors’ plans for dealing
with the issue together with their reasoned conclusions for continuing to apply
the going concern basis of preparation. The note needs to explain clearly the
existence and nature of the uncertainty and the governors’ plans for dealing
with them.
Providing the auditor agrees with this analysis and commentary, the audit
opinion will be unqualified but will draw attention to the disclosures made.
81. www.website.com
If an trust does not expect to be able to continue in
an operational capacity – for example because there
is no alternative but to close or because the academy
will join a MAT, the accounts will be prepared on a
basis other than going concern, (formerly referred to
as a ‘break up basis ’).
As well as including different narrative disclosures,
the amounts in the accounts will need to be included
at ‘recoverable amounts’, (amounts expected to be
actually received or paid at short notice), which may
be different from current carrying values. It’s likely
that all assets and liabilities will also become ‘current’
items.
Audit report implications
82. Summary
• Well over half of academy trusts are expected
to report a deficit in 2017/18. Deficits quickly
translate into potential going concern
problems unless there are substantial levels
of existing liquid reserves.
• Trusts should be addressing this issue now as
part of the budgeting process. 3 year
forecasting should now be the norm as this is
the direction that the ESFA is taking.
• Going concern can be complex and multi-
layered – the more marginal things are, the
more time consuming it becomes.
• Don’t leave it too late!
84. What happens in an internet minute?
16m
text
messages
4.1m
videos viewed
342,000
apps
downloaded
46,200
posts
uploaded
452,000
tweets
990,000
swipes
156,000
emails
40,000
hours listened
50
‘voice-first’
devices shipped
120
new accounts
created
15,000
GIFs sent via
messenger
1.8m
snaps created
3.5m
searches
751,522
spent online
900,000
logins
70,017
hours watched
85. Who are the hackers?
• There are very few of the stereotype young
people.
• But they are very prevalent in coffee shops and
places where there is free ‘open’ Wi-Fi.
• Most ‘hackers’ are professional criminal groups
who use the proceeds of crime to buy and sell
drugs as well as people trafficking and other
crimes.
• These hackers are so good that they offer
services on the dark web that include SLA’s and
even a complaints escalation procedure
86. Cyber Crime is growing
• Cyber criminals have huge technical
know-how. Far superior to most
legitimate organisations.
• Organisations are often oblivious to the
threat that results from their lack of
cyber security.
• A entity doesn’t have to have a
transactional website to be vulnerable.
• Many entities possess intellectual
property that has significant financial
value to cyber criminals
87. The attraction?
Traditional Crime
Present at the crime scene
One offence at a time
High risk / Low reward
Local enquiries
Victim reports to Police
Cyber Crime
Not present at the scene
Multiple offences at the same
time
Low risk / High rewards
International enquiries
Victim reputation
88. 88
Current risks and threats
Current examples:
• An Audit Commission report mentioned that
schools suffered significant fraudulent activity.
£2.33M in 2013/4
• In 2017 Schools have been receiving cold calls
from fraudsters claiming to be from the
“Department of Education” rather than the
“Department for Education”.
• Claim is that guidance forms need to be sent to
the Head. These contained ransomware.
89. 89
Current risks and threats cont.
Current examples:
• Schools are often targeted with phishing scams.
• Unlike the old version of phishing modern
campaigns are ‘supercharged’ utilising artificial
intelligence.
• Theft of information, bank details or delivery of
ransomware are often the end result..
• Be aware of Computer Software Service Fraud.
• Do not allow remote access to your computer.
91. Ransomware continues to dominate
Some facts and figures…
Ransomware attacks to businesses
accounted for 41% of reported cyber
crime in 2016
Email phishing is currently the #1
ransomware vehicle in 2017
Webroot report (2017) placed NotPetya
as the #1 ransomware strain, followed
by WannaCry and Locky
So what is it..?
93. What we are seeing
• insider threat
• social engineering - leading to
scams
• phishing attacks
• CEO spoofing
• ransomware
• viruses
• fraud
• computer service fraud
• grooming
• identity theft
• revenge porn/sextortion
• DDOS attacks
• dating/romance fraud
• bullying
• pension fraud
• hacking
• online extremism/hate
crime
• stalking
94. Cyber Essentials
• Self-assessment questionnaire for the company to complete
• Covers 5 key areas/71 questions
• We provide upfront assistance (1.5 days needed) to support
how to complete and progress
• It is submitted via a secure portal for us to assess
• Basic vulnerability scan performed
• Assessor feedback provided
• Once successful can use the Cyber Essentials logo for 12m
• Limited insurance provided/can help reduce further cyber
insurance
95. Cyber Essentials PLUS
• We audit and test the 5 key control areas
• Includes detailed vulnerability and limited penetration
testing
• A report is then issued
• Once successful can use the Cyber Essentials PLUS
logo for 12m
• Can help to reduce cyber insurance further
96. 96
General Data Protection
Regulations 2018
• What is GDPR?
• What are the consequences – 2 levels?
Higher of up to 20m Euro’s/4% of global
turnover
Higher of up to10m Euro’s/2% of global
turnover
• What should I do?
97. IASME (Information Assurance for Small and Medium Enterprises)
• IASME +GDPR – two levels standard and gold
• 180 questions (including those in Cyber Essentials)
• Includes GDPR specific questions
• Akin to ISO27001
• A report is then issued
• Once successful can use the IASME logo for 12m
98. We can also help with.
• Training. People are your greatest asset and
also the first and sometimes only line of defence.
• Vulnerability assessment services evaluate the
security controls within your organisation
including processes, guidelines and standards,
security processes and incident management.
• Penetration testing evaluate the security of your
organisations systems by simulating real attacks.
• Information Assurance review of the inherent risk
profile related to the organisation, technology,
delivery channel and external environment.
99.
100. 100
Around the office and home
The explosion of IOT devices:
• Every device that connects to the
internet presents a risk.
• These include smart TV’s, IP
cameras and app controlled heating
thermostats.
• More importantly don’t forget personal
devices and children's toys!
• Now for the fun stuff!
So, what are we going to look at in this session?
Financial information – mostly, though not exclusively
- fundamentals – to get an information system that works for you
KPIs – why useful for a charity
Look at differences in information for management v trustees
Reserves policies – a specific aspect of reporting and monitoring
- what should drive your reserves policy
- Stress testing - how do you know whether your organisation can cope with surprises and challenges?
Getting reporting and monitoring right is about making it work for your organisation. Yes, there are common themes and approaches but making it fit for purposes means making sure you understand how your organisation works
What are your activities – what do you have to deliver, to whom , when and how?
Where does your income come from – do you have
Management tools not aspirational statements
Sensitivity analysis on key assumptions
Don’t forget capital expenditure
Management tools not aspirational statements
Sensitivity analysis on key assumptions
Don’t forget capital expenditure
Do you need to revisit your risk appetite or your strategic plan?
At one level it’s about uncovering any ‘dealbreakers’ and although this happens on occasion it’s not the norm. However, all the information gathering and sharing should help make the process of joining together smoother, enabling potential bumps in the road to be addressed at an early stage.
Re timing, no point starting detailed DD and incurring costs until there is broad agreement as to cultural, educational and strategic fit, which may take some time. But don’t leave it to be an afterthought, or the danger is that whatever is found in the DD process it will be difficult for parties to pull out. DD can be done in stages through the process.
The DD that a MAT would undertake on a small primary looking to join will be different in scope to that undertaken on a MAT by a school looking to join, or by MATs looking to merge as the risks will be very different.
So a mix of areas, requiring the input of a multi disciplinary team. Some will be in house, and some may require the input of external specialists
As MATs have grown and developed their own in house capabilities , work of external specialists has typically become more focussed to manage costs as effectively as possible
Process starts with historic financials, but focus is very much on the future. Importance of cash flow forecasts will vary depending on level of cash reserves, can be key.
Need to ensure differentiating between accounting surplus deficit and cash flows – not the same thing. Level of work on the different areas needs to be agreed in the scope, eg for pupil numbers can just check looks sensible and that income forecasts link appropriately, including lagged funding, or can undertake more detailed work checking pupil numbers back to supporting evidence.
Work can be extensive, full blown DD of this nature less common than in the early days. The coming together is likely to result in changes over time, through restructuring, centralising of services and need to ensure the impact of the combination is realistically reflected in the projections
For the financial DD, costs can be anywhere from less than £1,000 for a desktop review of a small primary, to £8k or £9k for a full, detailed report.
Although the responsibility is legally that of the Trustees, the detailed work is normally done by the CFO or equivalent title
What are appropriate enquiries? We’ll come on to these on the next slides.
Adequate resources – implies that some level of headroom is present.
Foreseeable future – at least one year from the date of approval of the financial statements. In practice, schools should probably be looking 3-5 years ahead in line with 3-year budget forecasts now required by the ESFA.
Although the responsibility is legally that of the Trustees, the detailed work is normally done by the CFO or equivalent title
What are appropriate enquiries? We’ll come on to these on the next slides.
Adequate resources – implies that some level of headroom is present.
Foreseeable future – at least one year from the date of approval of the financial statements. In practice, schools should probably be looking 3-5 years ahead in line with 3-year budget forecasts now required by the ESFA.
I’ve seen at least one school that hired out its car park at weekends for motorcycle training.
Alumni programmes not widely used in UK state schools, but some are looking at this.
Experience is that ESFA will not risk a payroll going unpaid, but that’s not something that should be relied upon as part of a strategy! Lender of last resort.
Letters of support were forthcoming a few years ago, but ESFA policy is now not to issue.
I’ve seen at least one school that hired out its car park at weekends for motorcycle training.
Alumni programmes not widely used in UK state schools, but some are looking at this.
Use bank robbery as a comparison
Highlight the main signs to look for
NotPetya as the number one ransomware strain of 2017 after it infected hundreds of thousands of devices across more than 100 countries within just a few days.
The attack was also ranked highly as it was engineered specifically to damage critical infrastructure, affecting national organisations as well as companies.
WannaCry was ranked second by Webroot, having also infected hundreds or thousands of devices around the world by utilising the EternalBlue exploit. - NHS
Up and running from scratch in 60 minutes
“There are only two types of companies: Those that have been hacked and those that will be hacked.”
Robert S. Mueller, III, Director FBI made this famous quote but almost by the time he made the quote it was out of date – it should be…
‘There are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.’