Scottish Commission for Public Audit 20 June 2018
The agenda for the day:
Decision on Taking Business in Private, Audit Scotland Annual Report and Accounts for the Year to 31 March 2018.
Decision on Taking Business in Private
Decision on Taking Business in Private
Welcome to the first meeting in 2018 of the Scottish Commission for Public Audit. As always, I ask that all members and witnesses keep questions and answers concise and to the point. I also ask that everyone ensures that their electronic devices are switched to silent mode. We have apologies from Jenny Marra.
Agenda item 1 is consideration of a decision on whether to take item 3 in private. Do members agree to take that item in private?
Members indicated agreement.
Audit Scotland Annual Report and Accounts for the Year to 31 March 2018
Audit Scotland Annual Report and Accounts for the Year to 31 March 2018
Agenda item 2 is evidence on Audit Scotland’s annual report and accounts for the year to 31 March 2018. Members have a copy of the annual report and accounts in their meeting papers.
I welcome to the meeting Ian Leitch, who is the chair of Audit Scotland’s board. He is accompanied by Caroline Gardner, who is the Auditor General for Scotland and, from Audit Scotland, Diane McGiffen, who is the chief operating officer, and Stuart Dennis, who is the corporate finance manager.
I invite Ian Leitch, and then the Auditor General, to make short, introductory statements of no more than a couple of minutes.
Ian Leitch (Audit Scotland)
Thank you, chair. Good morning, members. As you know, our role as a board is to oversee the exercise of all Audit Scotland’s functions. Audit Scotland supports the Accounts Commission and the Auditor General in their roles of providing independent assurance to the people of Scotland that public money is spent properly and provides value for money. Audit Scotland must also demonstrate the same things in managing its finances prudently.
As you will see from this year’s annual report, we have managed to deliver £2.4 million in efficiencies, cost reductions and additional income against a target of £1.8 million. That was 9.6 per cent of our total expenditure budget. Most savings came from revised external firms’ audit contracts, staffing costs following organisational changes and reduced consultancy expenditure and training costs.
In 2017-18, Audit Scotland spent £25.6 million on services for the Auditor General and the Accounts Commission. Of those costs, £18 million was recovered through charges to audit bodies and from other income. The balance of £7.6 million net operating expenditure and the net finance costs of £0.9 million were met from direct funding provided by the Scottish Parliament, on the recommendation of the commission. That sum of £8.5 million was £0.6 million below the estimate—budget—for the year.
The board has met eight times during the year. Its committees—the audit committee and the remuneration and human resources committee—met nine times in all. I am very grateful for the support of fellow board members. This year, we welcomed Dr Graham Sharp as the new chair of the Accounts Commission, who was appointed by ministers. I thank Ronnie Hinds, who is the vice-chair, for carrying out that role on an acting basis.
Caroline Gardner (Auditor General for Scotland)
This is a time of significant change for public bodies, with new challenges and demands on public audit. We are responding by investing in our people and strengthening our audit quality regime. The focus on audit quality reflects the risks associated with increasing pressures on audited bodies and the cost reductions that we have achieved through the most recent round of audit appointments.
We have set up two new teams—the appointments and assurance team and the professional support team. One of the first tasks of the appointments and assurance team was to develop a new audit quality framework that combines the highest professional and ethical standards, with strengthened arrangements for internal quality reviews, external quality reviews commissioned from the Institute of Chartered Accountants of Scotland and enhanced reporting on audit quality to me, the Accounts Commission, the Audit Scotland audit committee and the public. We consider that that is the most rigorous approach of any public audit agency in the United Kingdom.
The new professional support team works closely with the appointments and assurance team to provide guidance, advice and support to auditors. We are represented on and engage with a wide range of UK and international professional bodies and audit agencies, allowing us to influence professional standards and share good practice.
We have maintained our focus on the implementation and impact of Scotland’s new financial powers. That is a critical area, where Scotland’s overall budget will be far more closely tied to the performance of the Scottish economy, with much more volatility and uncertainty than in the past, and therefore there is a greater need to ensure financial sustainability.
As always, we will do our best to answer the commission’s questions.
Thank you for that. We will open up the session to questioning; I will ask the first question.
Staff costs represent around 67 per cent of Audit Scotland’s budget. Obviously, anything that affects staff terms and conditions can have a fairly profound effect on that budget. On page 10 of the annual report, Audit Scotland stated that it has
“implemented a new strategic approach to managing and developing people”.
That is a recurring theme in the report. On page 56, Audit Scotland reported that it has
“developed a new, simpler and more flexible approach to pay, reward, career progression and how we resource the audit work.”
Will you give some background information on and explanations of the new strategic approach and identify the expected outcomes and improvements?
I will kick off on that and then ask Diane McGiffen to pick up on how we are doing that.
That is a really important issue for us. As the commission knows, we can carry out our work only by having the appropriately skilled and qualified staff to do it, and we quite rightly work within the constraints of the Scottish Government’s pay policy, which means that we have to work hard to ensure that we can recruit and retain staff who are also in demand by professional accountancy firms and public bodies more widely. That means that we have to think about our overall reward package, the way we develop people, and the way we shape jobs to make them attractive to people now and for the longer term.
Diane McGiffen has been leading on that work. I ask her to talk members through how we do that.
Diane McGiffen (Audit Scotland)
We have worked with colleagues in Audit Scotland for around three years to build and redesign how we organise work and create career progression, and on how we handle promotion and development, and therefore how we can recruit in the external market and internally when we come to do that.
We have organised our job roles into three job families. There are proposals for colleagues to progress within those job families and to use the career development gates process in order to make a case that they are able to take on additional work or for the business to decide that it has opportunities and would like to invite people to gain new experiences and broaden their opportunities. For the first time, we have a single structure of job families for the whole organisation that includes people who work on financial audits, best-value audits and performance audits, and our corporate support services team. Therefore, everyone can see clearly how they work together in the different parts of the business.
Taking quite a hard look at how the previous systems that we used worked or did not work for us was key. We found that internal and external recruitment and promotion opportunities caused quite a lot of dissatisfaction for colleagues, as there was a time-consuming process, and it was felt that the feedback process could be improved for candidates. We have turned that around, and we use internal recruitment and professional development, and our annual process of recording conversations to promote professional and technical development, which we call 3D. We use all of that to enable everyone in the organisation to build a portfolio of their experience and to be able to make a case for moving to do different things and expand their skills and experience.
Our investment in professional training and professional development underpins all of that. Our graduate trainee scheme fits into that model, but it also has the goal of delivering professionally qualified auditors at the end of it.
We are looking to enhance the sense of everyone working for one organisation rather than on individual projects or outputs for the business. That has gone really well for us. It enables us to offer in the jobs market something that is attractive and simple and to give people a clearer idea of career progression. That is because all those changes have been linked to a much simpler pay model that has simple incremental steps.
As a business, we try to ensure that we offer flexible employment opportunities, a rich development and career training environment and the great experience that comes from working for an organisation that is able to look across the whole public sector and produce reports and outputs that can help to make a difference to public services. In the external recruitment market, that approach is successfully attracting applicants to come and work with us. As you know from our need to expand to meet the responsibilities of the new financial powers, attracting new people is one of the things that we need to do well this year.
That sounds good. I have had a look at your retention levels, but the approach does not seem to have had a huge impact on them yet.
The retention levels this year are a combination of a number of factors. They include some fixed-term contracts that came to an end, some retirements and some student placements that came to an end. I will have to take my specs off to see this, but I think that the underlying resignations were 18, which is about 6 per cent of the turnover.
We examine all departures from the organisation to understand what is happening. We need some turnover to help with organisational rejuvenation. We discuss departures with individuals and managers to ensure that we pick up any signals that things are not going well. The turnover rate that is published in the annual report is similar to last year’s. The underlying picture includes a number of people whose departure from the organisation would be known or planned.
Information technology skills are important going forward and at the moment. They are difficult to secure across the public sector. How are you handling that?
You are absolutely right. That is the case for everybody, including us. We have been building a strong team. We have been focusing on investing in and developing the people who work with us and diversifying the number of posts that we have in IT. We have introduced some new systems in IT to bring greater resilience to the team. We have a senior manager on call 24/7. That rotates around a pool of three people. We have also brought in some external expertise.
We have been considering the benchmarking of pay in IT services and have had a discussion with the remuneration committee about the potential to recruit in a slightly different market for the skills that we need if necessary. So far, we have been able to develop our own people and source specific skills for short-term needs when we have them. We have also used a variety of external benchmarking. The strategic plan around our digital strategy is consistently focused on improving the security of our own digital services. We have built the skills of the team behind that. However, we are very aware that, should we need to recruit in the external market, that would be quite difficult.
Is there a specific audit qualification in IT? Being able to carry out an IT audit is a specialised skill.
The short answer is yes. There are a variety of things, but I would need to get better-equipped people than me to give you the detail. Some of those skills are in our organisation.
Beyond that, it is increasingly the case that our auditors need to be skilled in digital matters. In the past, we had a small number of computer auditors who would go and examine the computer systems and the controls around them. We still have those people, but our digital strategy recognises that more and more public services are provided digitally and that auditors need to be able to understand what that means for the risks that they audit and when they need to bring in specialist expertise.
Our digital strategy is about what we audit, how we audit it and what skills that we need to do that. That involves a long-term investment programme, but we do not think that it will change the need to keep developing those skills for the future.
Good morning. I would like to ask you about the process for prompt follow-up when risks and areas for improvement are identified in an audit. Can you explain how quickly you follow those up and why prompt follow-up has been identified as a priority for 2018-19?
Can you refer me to the page that you are looking at, so we can focus on it?
I do not have the page in front of me at the minute.09:45
It operates in two ways. First, all of the audit work that we do is based on a proper understanding of the risks in the specific audited body. There are some risks that the auditor has to assume in planning their audit work, and a key one of those is the risk of material misstatements in the financial statements themselves.
Beyond that, everybody will have different risks. There are specific risks that we need to think about with regard to the new social security agency because of the scale of payments involved, the people affected and the importance of the payments to people’s lives. The risks that are associated with things such as the common agricultural policy futures programme IT system are quite different from those and are closer to the sort of area that Mr Beattie was just asking about.
In that context, the starting point of the auditor’s work every year is to make sure that they understand the organisation that they are auditing, what the risks are likely to be and what that means for the audit work that they carry out.
In Audit Scotland, our internal and external auditors go through a similar process. It is informed, to an extent, by our approach to risk management as a board, which is to make sure that we understand it. The process is obviously also designed to test that understanding and make sure that we have not missed things and that our response to a risk is the right one.
That feeds directly into the internal audit programme that is agreed by our audit committee with our internal auditors, and the results are reported back. We have quite a rigorous and transparent system in which the internal auditors’ recommendations are reported back to the audit committee of the board on a regular cycle, together with updates from the management team on what progress we have made and what is still outstanding. The internal auditors do an annual report that provides assurance to the audit committee and the board that the process is working well, and that recommendations have not been lost as a result of that. There is a parallel between the two, but the process operates very rigorously within Audit Scotland.
Does the fact that it has been identified as a priority for improvement suggest that there was a weakness before?
No. I think that that is referring to the audit work that we do on audited bodies. It is a recognition of the fact that there are increasing pressures on audited bodies as financial pressures continue to affect them and demand continues to rise.
We are seeing new areas of pressure, such as the new financial powers and, potentially, the UK’s withdrawal from the European Union. Therefore the need to ensure that we focus on the most important risks is rising in priority each year.
Diane McGiffen might want to add to that.
On the audit work that we do, the approach is also about how we discuss priorities within teams and how we prioritise resources, and about enabling us to do that a bit more quickly than we might have done in the past, which requires us internally to have good information about how we are deploying everyone. It is a continuous, on-going improvement process. We are always asking ourselves how we can get better at doing this. This year we are saying that we really think that there is something in this for us to focus on.
Good morning. On page 19 of the annual report, Audit Scotland states that a priority for 2018-19 is to “streamline” your audit work. However, on page 36, you state that fee income from audited budgets exceeded budget by £0.7 million due to additional work that was undertaken by in-house teams and external audit firms.
Can you explain how audit work might be streamlined in 2018-19, given the experience of 2017-18, when additional work was undertaken by in-house teams and external audit firms?
I will kick off, if I may, on the reference to streamlining on page 19, and then I will ask Diane McGiffen and Stuart Dennis to pick up from there.
In a sense, this follows on directly from the question that Rona Mackay just asked. The expectations on us and the range of things that we are required to do are expanding, with new financial powers, increasing pressures and EU withdrawal all in the mix. We are conscious that we need to make sure that we prioritise the audit work that we do in individual audited bodies.
One benefit of the public audit system in Scotland is that we are able to benchmark the approaches that the Audit Scotland teams take with those that are taken by the various firms that carry out audit work on my behalf and that of the Accounts Commission.
There are some differences in the audit methodologies and the approaches that are taken. There is scope for making sure that people are carrying out that risk assessment and planning process and that it really drives through the audit work that they do—that they are clear about why they are carrying out each piece of audit work and that they are not carrying out audit work that is not related to the risks and priorities in that body.
There is a balance to be struck. We clearly need to make sure that we have a wider view of the body and that our antennae are open for other problems that we should follow up, but there is scope to streamline the audit approach in some areas and, more particularly, its application in individual bodies. Beyond that, we carry out the work that is required in an individual body when particular risks arise.
In our model, there is always scope for appointed auditors and audited bodies to agree additional fees for additional audit work. That is not necessarily the same as saying that the audit was not streamlined. In a particular year, an audited body may be dealing with something for which it would like additional audit coverage, and it would agree an additional fee for that.
We are trying to do two things at the same time: we are making sure that our core audit provides risk-based coverage while being streamlined in terms of costs and how we are delivering it, and we are also giving auditors the ability to agree additional fees, if necessary, for additional work that is beyond the scope of what they were planning to do.
I will hand over to Stuart Dennis in a moment to tell you more about the additional fees that we generated in the past year. We monitor the situation closely and know what additional fees are being agreed between auditors and audited bodies. We follow that closely so that we can form a view about whether it is appropriate, but there is scope for the auditor on the ground to agree something locally.
As a commission, we are seeking assurances that Audit Scotland has sufficient resources, reasonable plans and realistic budgets in place to complete the planned audits.
We can absolutely give you that assurance.
The other thing to add to what Diane McGiffen has said is that, as well as having the ability to agree additional fees, if we think that additional audit work is required we can, effectively, impose an additional fee. One of the reasons why income was above budget last year was that additional fees were required for the work that we carried out at the Scottish Police Authority, for example, where a range of problems emerged during the audit planning process, and in the audit of the European agricultural funds. The problems that arose from the limits of the ability of the CAP futures IT system to do what was required meant that additional audit work was required to fulfil the EU’s requirements.
We have that safeguard that we can impose an additional fee when required, but you have my assurance that we have the resources that we need to fulfil our responsibilities, with the support of this commission and the additional resources that you have approved for us over the past couple of years.
Stuart Dennis (Audit Scotland)
I can add a small amount. As the Auditor General said, a lot of the income came from the additional complexities around the European agricultural fund. We have a core indicative fee for what we are expecting to audit, but complex issues sometimes arise. One example was Aberdeen City Council, which had a corporate bond. That was a unique area, so the council agreed an additional fee for that with the audit firm. There are specific areas across the board for which an additional fee will be charged for extra work.
On the issue of local government, Audit Scotland states on page 36 of its annual report that £0.4 million of additional fee income was raised due to—as you have said—
“complexity and additional work within the local government sector”.
In its budget proposal for 2018-19, considered by the commission in January 2018, Audit Scotland provided for a minimal increase of £18,000 in the fee income that it estimates as being receivable from the local government sector. Are you satisfied that the complexities and matters requiring additional work and fees in 2017-18 have been resolved and that the budget proposal for 2018-19 remains realistic, particularly in relation to the local government sector?
It is certainly realistic overall. As the commission knows, we have refined the approach that we take to recovering our income through fees. Three-quarters of it comes through fees to audited bodies and about a quarter comes through the funds that are approved by this commission. With the board’s support and encouragement, we have moved to a position where we now plan each year’s budget on a sector-based basis and then reconcile that at the end of the year. Within local government and the other sectors that pay for their audit, there is always the ability for additional fees to be raised, where the work merits that, and that is one of the mechanisms that we use for balancing income and expenditure by sector. The complexities tend to arise at the level of an individual body, rather than the sector as a whole, and that body will pay for the work that is required as a result of that, but we now monitor and report the sector balance in that way. It is something that the board has been keen to encourage, and I know that the commission has shown an interest in it as well.
You have repeatedly advised us that audited bodies require certainty in respect of the cost of the audit. The additional work that was carried out in 2017-18 appears to have been unplanned and unbudgeted, so I think that the commission would like to seek an assurance that the additional costs in 2017-18 will not keep recurring.
It may be helpful if we were to set out for you what is covered in the audit that we set the budget around, and the opportunities and need that we have as we deliver the audit to adjust fees as necessary. We try to keep that to a minimum, but I am afraid that it will always be necessary in some cases, because we have to recover the costs of additional work that is required. In the years that Stuart Dennis outlined, we had particular issues with the European agricultural funds audit. We are taking stock on the planning for those audits for next year, to see whether there were any systemic issues or whether they were one-off issues.
Prior to the start of the audit year every November we consult the Accounts Commission, in relation to local government, and the Auditor General, in relation to health and central Government, in order to take stock of the fee levels that we propose for those audits, and we will use the intelligence that we have from the year in practice to see what we are recommending. There will always be some departure from the budget that we set. That is unavoidable and it would not be right for me to assure you otherwise, but perhaps after the meeting we could give you a breakdown in greater detail of exactly what that was. Please be assured that we will examine all of that as we set fees for the autumn.
There is a dynamic process for preparing the budget that comes to you, preparing the audit fees budget and discussing everything with stakeholders. It is an iterative process that goes on all the time, but on some individual audits that is not possible, because events will have happened that we have to respond to.
Are there ever occasions when unexpected increases in costs are a real issue for local government?
No. The point that I would like to add to what Diane McGiffen has outlined for you is that the audit fees for the body are set on the assumption that they have in place good systems of internal control, that they are able to prepare their financial statements and that those financial statements do not undergo significant change between the time when they are provided to the auditor and the end of the audit. In most cases, that assumption is sound and we are able to deliver the audit for the fee that is set out in the plan. However, in the case of the SPA over the past three or four years, we have seen real problems with some elements of the financial statements and a lot of additional work has been required to get them to the point where they can be audited and can be queried by the auditors.
Those are the sorts of circumstances where additional work is carried out, so an additional fee is required to recover the costs. If the audited body has in place robust systems and strong approaches to producing its financial statement, we deliver the audit for the amount of the fee that was originally planned. A lot of that variation is in the control of the audited bodies. It is a small number of audits and a small proportion of our overall costs, but we have made that more transparent and we are happy to give you a breakdown of the figures, if that would be useful to the commission.
That breakdown would be very useful.10:00
I mention for the record that I am a member of the Institute of Chartered Accountants of Scotland and used to be a KPMG partner.
Professional training represents a significant investment not just in money, but in time when staff are not available to do their professional work. On page 10, you state that Audit Scotland has
“worked with ... graduate trainees to improve the trainee scheme”,
but on page 23 you show that there has been a decrease in the number of trainees achieving exam success, from a peak of 92.7 per cent in 2015-16 to 88 per cent in 2017-18, and on page 36 you say that training and recruitment costs were £0.1 million “less than budget”.
What actions are being taken to identify the reasons for the recent decrease in exam performance by trainees? How will it be addressed? Why was the training budget underspent? Can that be linked to the reduction in exam success?
Our trainee scheme is a very important part of our overall workforce planning and is part of the overall approach that Diane McGiffen outlined earlier in the meeting. It is worth being clear to start with that our success rate is still very high for professional examinations. ICAS has no concerns, and we discuss the matter with it regularly. Because of the numbers of students that we have going through, quite a small number can have a significant-looking impact on the pass rate. I ask Diane to talk you through the approach that we are taking to the trainee scheme, and the action that we are taking.
I am very happy to do so. We began training in the ICAS scheme in 2010, and 38 trainees qualified across the 2010 to 2014 intakes. It takes about four years to qualify. I add, just to give you a sense of scale, that our total intake since we began is 92 trainees.
The 2016 intake of eight trainees got their exam results in January 2018, and 100 per cent of that cohort passed at the first attempt. In any year, we have people at different stages of training. The 2015 intake of 11 trainees sat various examinations last year and there were four examination failures. Those were single failures of a part of the exam, and they are all being resat. Two of the trainees have already passed, I think, and two are resitting in the current year, 2018-19.
We monitor the exam results closely and support the students closely, and we discuss the results with ICAS and with managers. ICAS believes that we have a good training scheme, and we have—as the Auditor General said—very strong results. What you see each year is a snapshot of people at different stages, but please be assured that we look at the matter very closely. We celebrate all the passes with our colleagues and we provide support to help them to get through to the next stage if, unfortunately, they have been unsuccessful.
The overall percentages vary each year because, if the numbers are relatively small, they can adjust the overall figure. Typically, 30 to 40 exams are sat in a year, but it depends on the numbers and the stages that people are at.
As we say in the annual report, over the past year we have been working with the cohort of trainees—who are a key part of our workforce—to understand how they would like the scheme and the support that we provide to work for them: we have had some brilliant initiatives this year that have gone very well. A cohort of trainees who have been developing their training skills have delivered training to the next cohort about what it is like as a trainee to do final-year accounts, for example. That has been really successful both for the people delivering the training, who have experienced something that will stand them in good stead when they are in front of audit committees and so on, and for the trainees who, when they face that experience for the first time, will have heard from and been coached directly by their peers about how to go about it and what to do. We are continually enriching the scheme, which is very important.
We look closely at the exam results. We understand the process for, and experience of, every single person, and we have in place plans for every one of them. The position at the end of the year is not a concern in its own right.
I know that that was a detailed answer, but I know that the issue is important to the commission—it is important to us—but I wanted to give you an insight into the level at which we manage the graduate trainee scheme.
Maybe you could bring a trainee to the commission, to enrich their experience—if that is what it would do for them. [Laughter.]
We currently bring trainees to the Public Audit and Post-legislative Scrutiny Committee.
How do you reward exam success?
Our scheme has a cash payment for first-time exam passes. As part of our recent pay and reward negotiations, we have increased the amount. I am slightly sad to say that that is, I think, the first time in 14 years that we have done that. Although it is a small token, it is valued by trainees.
What are the consequences of not passing first time?
There is support to try again and discussions about how the course and work are going. If there were repeated failures to progress, we would have a conversation about whether it was the right career choice for the person.
Do you have people in that circumstance?
Occasionally, we do.
Generally, do you get people through?
Generally, yes—we get people through. I would need to go back to check the data, but my sense is that we pick up in the first year or so if the scheme is not working for someone.
Page 22 of your report says that you have
“carried out an efficiency review of performance management and how we use our time.”
What was the outcome of that review? What improvement actions have been identified? I know that we routinely ask you about that topic, but will you fill us in on the position?
I am happy to do so. The outcome of this year’s reviews is that there is a need to integrate our time-recording systems. Our systems are fit for purpose, but they operate on two different packages, which means that there is a cost to us to process and bring together the information. The time-recording systems exist in that form for good historical reasons, but it is time to move on. Following the review, we have been working to develop an implementation plan. We will report back to the audit committee and the board this year.
We are looking to draw together our systems. There is a heap of IT complexity behind the issue, which I am happy to talk about.
You might lose me entirely. [Laughter.]
Working through how the different systems work together now, how we future proof and how we manage data are tricky issues to resolve, but we have a way forward and we are working on its implementation. As I said, we will discuss the issue with the audit committee, which is, similarly, interested in that area.
Will the process give you an indication of how to measure improvement?
Yes. We have loads of data, and the new approach will make it much easier for individuals to extract data for managers to use, and for everyone to know in real time how we are working and so on. At the moment, that is more difficult to do than it should be. As I said, the systems are fit for purpose and they give us good data, but they require more work than we want to put into them. Better options are available.
Will that mainly be achieved through IT?
Yes—although there will be a mix of things. It is partly an IT project, and it is partly a culture change project—as is the case for all IT projects—in order to simplify time-recording codes and so on behind the scenes. We have a good project team working on it and we have had lots of dialogue in the business about it. We have clear agreement about the goal and we are working on the implementation plan.
I will take a different tack. On page 34, you report that, in 2017-18,
“273 new issues of concern”
were raised, that “Twenty-seven of those items” arose
“as prescribed persons under the Public Interest Disclosure Act 1998”.
and that “prescribed persons” are sometimes “referred to as ‘whistleblowers’”. That is quite an increase on previous years. Could you expand on that? In general, how are “new issues of concern” dealt with?
We take very seriously those contacts from members of the public—we sometimes get them from MSPs and others—because they are an important way for us to keep our feelers out there about what is going on in an individual audited body. If we receive a number of complaints about a council or health board, that alerts us to the possibility that the auditor might want to have a closer look at it.
Because of that, and because of the range of issues that such contacts from members of the public can cover, over the past few years we have concentrated on fine tuning the approach that we use to handle them, on making sure that it is properly resourced, and that we are very clear about what we can and cannot look at. Some things are not within our area of responsibility, in which case we try to signpost the concerned person to somebody who can help them. In cases in which we can deal with the issue that has been raised, we felt that we could do that more quickly and more satisfactorily than we had done it in the past, so the procedure is on our website and is very closely monitored by the management team and the audit committee.
A range of issues of concern about audited bodies can be raised, from concerns about how decisions have been made to sell or buy local assets, to concerns about whether to continue or reduce public services, or about how a contract was let. The issues that are raised vary a great deal. We produce a very detailed annual report on complaints handling that provides more information on the subject, but the key feature is variation.
From an operational point of view, we provide an opportunity for people to raise concerns—which can come from a number of sources—through our website, as the Auditor General said, through auditors or through correspondence. We have a small team who handle all correspondence. They document it, review it and share the information from it. Every Monday, all the members of the leadership team in Audit Scotland get an email that documents any changes in the correspondence and how those have been handled, along with the responses that have been issued, the relevant timescales and whether those have been met. Those are discussed actively with teams in relation to the audited bodies concerned and the use of public money. A variety of actions might follow that, and we track and manage them all.
This year, there have been some changes. In the past, there have been years in which a particular sector or a particular topic has featured more strongly in correspondence or in concerns that members of the public have raised. This year, no pattern is particularly dominant; it is simply the case that there has been a volume increase across a number of fronts.
My next question was going to be whether there is a recurring theme in the new issues of concern that have been raised.
There is nothing that is particularly distinctive compared with previous years, except in some isolated cases. The team produce an annual report for the audit committee and the board, and we look systemically at which issues come up and why they come up. This year, there have been volume increases, but no new issues for us to deal with.
Has the increase, which is significant, resulted in additional audit work for you?
On occasion, it has resulted in additional work. Sometimes, an issue of concern will be raised when we are already actively auditing an area, so investigation of that will be folded into work that is already planned.
So, there has been nothing terribly surprising this year—no issue has stood out. There has just been a general upsurge.
Some of the issues that were raised with us were issues on which an audit was already being carried out and reported on in public, and some correspondents simply wished to contribute to our knowledge base.
Does anyone else want to comment?10:15
If we look at the new issues of concern, we can see that the trend over the past couple of years has been downwards, but there is a lot of variation from year to year. A couple of years ago, we received an awful lot of correspondence about one particular issue in the west of Scotland. It showed up in the numbers, but it did not require additional audit work because we were already looking at it.
On the whole, the issues tend be quite small in the overall scheme of what we do, although they are clearly important to the people who contact us. The amount of extra work by the audit team that is needed to resolve the issues does not blow the budget, because we plan to do some of that work anyway; we do our best to accommodate the extra work. Only if the issue is very significant do we need to consider whether there is a requirement to ask the audited body for an additional fee if there has been a failure on its part, or to reallocate resources within the audit plan to deal with the issue. However, that is unusual.
Do you have a total of the revenues and the assets in all the financial audits that you perform? That would give us an idea of the scale. You might not know the answer to that, so you can perhaps tell us later.
I can give you an indication of the total. However, as you know, one of the challenges is that lots of related party transactions are included. The overall expenditure is more than £40 billion, at the moment. On the assets and liabilities, about three years ago we tried to produce an estimate of what a balance sheet for Scotland would like look. I think that we came up with a figure of about £120 billion of assets and liabilities. However, I would need to come back to you on what is included in and excluded from that figure.
I am not asking you to do a lot of work. It would just be good to get a feel for the size of the clientele.
I can refer you back to the figure that we produced three or four years ago. The £40 billion expenditure figure is the more robust one. That is the overall devolved budget that is spent in Scotland.
That is what Audit Scotland audits.
That is what is audited on behalf of me, as the Auditor General, and the Accounts Commission for local government. As you know, we appoint firms of auditors to do about a third of the work.
Yes: they do a third.
On the financial statements, you have a process for dealing with complaints. Page 34 of the report says that one complaint
“about a recruitment campaign ... was upheld.”
I will not ask about the details of that complaint, but what action has been taken to ensure that the circumstances that resulted in that upheld complaint have been addressed and will not recur?
We got that matter wrong. During a recruitment campaign, we were informed of a candidate’s additional support needs in advance. However, on the day, we failed to take those needs into account and the candidate complained to us. We investigated what had happened and apologised to them. We have tightened our procedures to ensure that that does not happen again.
If someone complains and is not happy, what can they do?
We respond through our complaints process. We have a complaints procedure for people who wish to complain about our work and the actions that we have taken. That process has within it levels that you would expect—including, where necessary, a review by a member of the board. If the complainant is not happy, they can complain to the Scottish Public Services Ombudsman, which has happened, on occasion.
Has that happened recently?
I think that there was one referral to the ombudsman during 2017-18, but the ombudsman concluded that we had handled the complaint properly and was not minded to investigate it further.
During the past year, a member remarked in the chamber that they did not know about something because the auditors had not raised it. I read in the newspaper recently that a chief executive at an employment tribunal had said that they did not know about something because the auditors had not raised it. We will set aside the rights and wrongs of the specific cases. I am sure that your reports, engagement and contracts all make clear the responsibilities of the auditors and the responsibilities of management, but do you need to do more to make boards and chief executives or other senior people aware of their and your responsibilities?
We have been reflecting on that issue over the past few months for reasons that you will understand. In many ways, it is difficult to know what more we can do. As Bill Bowman said, in the letters of appointment to the firms, it is very clear what their responsibilities are. The Accounts Commission and I produce a statement—“Public audit in Scotland”—which makes clear our responsibilities and the responsibilities of boards and those who are charged with governance. That runs through the “Code of audit practice”, the annual audit plan and the annual audit report. The annual audit report is a full-form document that accompanies the financial statements to the audit committee and the board at the end of each year, and is then published on our website as well as being available through the audit committee papers.
In the case of national health service bodies and central Government bodies, all those documents—the financial statements and the annual audit reports—are laid in Parliament: they are public documents. We try to be clear about what people’s responsibilities are. Most such documents are laid in Parliament by the Government. For the NHS, they are sent to the Scottish Government health directorate for laying; I assume that the directorate has a process for reviewing them for any significant items and for taking action where it needs too. We engage with it regularly about our concerns.
As members of the Public Audit and Post-Legislative Scrutiny Committee, Bill Bowman and Colin Beattie know that we have reported on a number of those issues through the formal statutory section 22 process, as well. I struggle to know what else we can do to ensure that people who are charged with governance take that responsibility seriously, but it is obviously a concern if that is not happening routinely.
There is always a risk that blaming you becomes a standard response. What you describe is fair enough, but it sounds a little bit passive compared with recording your concerns with the bodies when you meet them face to face to do your planning or your closure.
I assure you that that happens routinely. Our auditors meet the audited body’s director of finance and his or her team regularly, particularly at the planning stage and during the final accounts period. Because the annual audit report is a public document, there is a process of reviewing the draft of it to ensure that any comments that they have are taken into account, so there should be no surprises in it.
The auditors routinely attend audit committees across the public sector and present their findings to them. There is a concern that, in some instances, an audit committee is unwilling or unable to fulfil its responsibilities in the way that you and I would expect it to. The auditors will continue to engage with it and make as clearly as they can the points about the issues that such a committee needs to be sighted on.
The most persuasive levers that we have are, first, that we report in public, and secondly the role of the parliamentary Public Audit and Post-Legislative Scrutiny Committee, which is very much focused on following up the issues. However, we have been reflecting on what it means that some of those statements have been made over the past few months.
Pay for senior staff is a matter of public interest. I note that, on page 54 of the annual report, Audit Scotland reports that the highest-paid member of Audit Scotland is paid 3.4 times the median remuneration paid to Audit Scotland staff. Do you have any idea how that compares to the wider public sector?
We think that it is not atypical for the wider public sector and is probably quite low, but not for reasons for which we can take much credit, to be frank. There are two reasons for that. One is that my salary is set not by Audit Scotland but by the Parliament—I am an office-holder of Parliament—and that sets the context for our pay overall. Secondly, we have fewer low-paid staff than many public bodies. Most of our staff are professionally qualified accountants and we do not have many staff in close-to-living-wage roles. The ratio tends to be smaller than it would be for a council or a health board for those reasons rather than reasons to do with our pay policy.
Is there anything that you want to add to that, Diane?
No. That is fair. The ratio has stayed in a pretty similar area over time; it has not shifted much. We are an accredited Scottish living wage employer and we have extended Scottish living wage provisions to contracts that we let for cleaning services, for example, and built them into the contracts.
We are conscious of the low-pay agenda and we actively discuss it with the Public and Commercial Services Union, our trade union, every year. The figures have been pretty stable over time. The composition of our workforce is dissimilar to that of large public sector bodies, which makes direct comparisons difficult.
Thank you for your comments.
A comparison between Audit Scotland’s budget proposal for 2017-18 and the actual expenditure on page 80 of the annual report and accounts shows that Audit Scotland significantly underspent on a number of budget lines, with the exception of fees and expenses to appointed audit firms, other accommodation costs and staff recruitment. Obviously, we welcome any cost savings, but are those underspends recurring and will they form the basis of future budget proposals?
I do not think that we had a significant underspend at all in the year. I think that our overall underspend was about £0.6 million, of which £0.2 million was to do with the pension adjustments that we are required to make at the end of the financial year and about £0.4 million was due to a limited number of underspends. Rather than mislead the commission, I ask Stuart Dennis to keep me straight on what made up the £0.4 million underspend.
Principally, it would have been made up of training and consultancy costs, which we have a budget for and which is where the management contingency is. We saved there.
A big reduction from 2016-17 is shown on page 80. In 2016-17, we had the national fraud initiative, which costs around £190,000. We did not have that in 2017-18, but it is in the budget for 2018-19. We need to have a budget allocation for that every two years.
There are significant drops in things such as training and, to get down to the nitty-gritty, stationery and printing.
Schedule 4 on page 80 shows the actuals for 2017-18 and 2016-17. There are some differences between the two years. That is partly to do with our continuing drive to generate efficiencies where we can do so without affecting the quality of the work. As Stuart Dennis said, between 2017 and 2018, the £200,000 that is required for the national fraud initiative, which is a biennial exercise, was taken out. That shows up in legal and other professional fees. The differences are actual to actual between 2016-17 and 2017-18.
I would like to whip through one or two items that stick out for me in the report. Page 12 mentions a new audit quality framework. Would it be possible to get a copy of that? I am not going to interrogate you about it but, out of interest, can members see it?
Of course. That has been a big area of investment for us this year. We will happily let you have a copy of the framework and a copy of the annual audit quality report that we publish.
Perfect. On page 11 of the report, you say that you have
“implemented a new approach to auditing Best Value”.
Out of interest, would it be possible to get details of that, as well?
Page 36 mentions
“reduced consultancy expenditure and training costs”.
We have talked about training costs. There has been a significant drop in them. What drove the drop in consultancy expenditure? How have you been able to accommodate that?
The consultancy expenditure is a budget that we maintain because of the range of topics that our performance audit programme in particular can cover. We need to ensure that we have the professional expertise to carry out our work, and sometimes that means bringing in specialist support to help us. However, we can bring in that support in other ways. For example, we have had a significant number of secondments from other public bodies to help us with that. The commission will see a trade-off between agency and secondment costs versus consultancy costs. That is part of what happened there.
I refer to the cash-equivalent transfer value at 31 March 2018, on page 54. You can tell me if I have got this wrong, but does that imply that some of the people who are mentioned are reaching their pension cap?
Yes, it does.
Indeed, one has exceeded it.
Are there any implications for employment?10:30
There are implications for an individual’s personal tax affairs. As commission members will know, over the past few years, the UK Government has introduced both a lifetime allowance limit and an annual allowance limit. A number of people who are employed across the public sector and who are in or are reaching their mid-50s are likely to be breaching those caps, which were introduced at a high level—I think they were initially £1.8 million—and have gradually been reduced to a point at which they are now about £1 million.
Therefore, the implications are for the tax liabilities of the individuals themselves, and will need to be met by them. As the Public Audit and Post-legislative Scrutiny Committee has discussed, there is at least a risk that it will affect future career decisions that individuals take. However, I can only speak for myself and say that, in my personal circumstances, my role is a privilege and I fully intend to see out the end of my term of office.
We are relieved.
Thank you, chair.
I turn to page 56 of the annual report. I am looking at the staff report and the information under gender balance. Overall, the balance is slightly in favour of the female side, which is fine. However, there seems to be a huge disparity under management.
The disparity is that, in a management team of four, three of us are women and one is a man.
That puts into perspective the fact that it is a small team.
Page 59 deals with early retiral and severance. You have an on-going voluntary early release arrangement.
We do not have an on-going voluntary release arrangement. We have a policy for voluntary severance and, each year, the board considers whether there is a business case for making a voluntary severance scheme available within the terms of that policy. As we say in the report, last year, five members of staff left under that policy. However, it is not a standing scheme—it is not available unless the board agrees that there is a business case for it.
Is it the case that the board will periodically go out to the staff and say that, for a limited period, voluntary release is available?
We expect the Auditor General and the chief operating officer to advise us if there is a particular issue. For example, if two offices are merged into one, issues will arise at the new office location, such as duplication of front-office staff. We will look at that and, if we see a case for it, we will approve a scheme for that year. However, each year, we have to be satisfied before we will give the green light. If there is no case, there will not be a scheme.
The Auditor General has been looking at the business case for early or voluntary release in other public bodies. In this case, the total cost was £156,000.
The total cost for five departures was £156,000. The policy that we have is that, in order for there to be a business case for an individual to go, as well as the savings from the post that is being released, we have to generate savings of 25 per cent that will continue into the future. There is both a scheme that applies overall and a business case for invoking it in a particular year. Individual applications are then judged against that criterion to make sure that it is good value for money for the public purse and that the governance stands up.
Diane McGiffen might want to add to that.
Every year, we produce a governance report for the remuneration committee to track the delivery of savings from previous departures under the early release scheme. It is an annual feature of that committee’s governance of staffing matters in the business.
Turning to page 70 of the annual report, I have a couple of quick questions. Will you remind me what “intangible assets” are? I know that I ask you that every year.
You do ask me every year, chair, and every year I tell you that they are software licences, which we are required to capture in that way.
Of course they are. Moving down, there is a section on current assets. Within that, you have prepayments of £508,000. What are those?
I will bring in Stuart Dennis. Will you point us to the exact page reference, chair?
It is note 9 on page 70, on current assets. There has been quite a significant increase in current assets, or receivables, at least.
I think it will be to do with the way in which we bill audited bodies for their audit fees and pay the firms for the work that they have carried out. There is a work-in-progress calculation, which always tries to match the amount of work that we have billed and the amount we have paid for with the point in the financial year at which the accounts are prepared.
It is about timing.
Exactly. In effect, there is a mix of prepayments and accruals.
Let us move on to current liabilities, which is the next item on that page. Deferred income is £585,000.
That would be the same. It is where we have invoiced—
It is the other side.
Yes, but in advance.
The final question that we want to ask is about internal audit. Audit Scotland has internal auditors—are they in-house or are they bought in?
We have just appointed BDO LLP for a three-year term. Diane McGiffen can tell you more about that.
The chair of the audit committee, Heather Logan, leads on that matter with the audit committee and supports the board. Through the procurement register, we put out to tender this year for internal audit services and BDO was appointed for three years. It made a submission to us and we are maintaining our level of investment in internal audit at about the same level as in previous years. There is a full three-year programme of work that is broken down by year. That is fully discussed with the audit committee, as are the terms of reference for each individual piece of work. The work is reported to the audit committee and shared with the external auditors, as are all the audit committee papers.
Can you remind me how much it costs?
I think that it is about £27,000 or £29,000.
It is £27,000.
Is that £27,000 a year?
Let us go back to the ICAS reports. Perhaps I missed it in the papers, but could you say a little bit more about what ICAS does?
Yes. In a sense, it goes back to the chair’s short question about the quality framework and the annual audit quality reports. We recognised that there are increasing risks in audited bodies, given the financial pressures that they are under, and that our recent appointment round had, again, generated price and cost savings in the firms that we use and the benchmarking that we do with our own teams. At that point, we had appointed ICAS for a period of six years to carry out reviews of the financial statement audits that were carried out by our in-house teams, which had been very helpful to us in providing assurance and in identifying areas in which we could improve our audit approach.
I was conscious that that gave us only a partial view across the work that is carried out on behalf of me and the Audit Commission and that there was no direct external review of the financial statements audit work that was carried out by the firms that we appoint. The Financial Reporting Council, the Institute of Chartered Accountants in England and Wales and ICAS regulate those firms in different ways, but it is very unlikely that they would look at any of the audits that the firms carry out on our behalf. The review of the performance audit and best-value audit work was done by means of peer review with the other audit agencies.
As part of the new audit quality framework, we have put in place a clear understanding of the role of hot reviews and cold reviews under the international standard on quality control. We have also put in place an ICAS contract that covers all the audit work and all the audit providers over the five-year term of the appointments. The annual audit quality report pulls all that together with other sources of assurance around elements of the International Auditing and Assurance Standards Board’s quality framework, primarily to provide me, the Audit Commission and the board with assurance about the quality of audit work but also as part of the accountability to the SCPA and more widely.
Who selects the files that ICAS reviews?
That is absolutely clear—it is not you deciding, “We won’t do this one this year.”
Absolutely—it is ICAS’s decision. That was very much part of the approach that we put out to tender. ICAS won the tender, but whoever won would have had full freedom to choose whichever audits they thought appropriate.
The question of quality is a matter that the board, and I in particular, have taken an interest in. The question that we all asked was whether the very competitive nature of the quotes that we received was to the detriment of the quality that we were going to get. That is why we spent so much time on the tender. Some of the information that we were given is set out in the audit quality annual report, which you have asked for.
We are conscious, against the background of other matters elsewhere in the commercial world, of the need to be on top of the issue of quality and to ensure an independent element of it. You can be assured that your board is very much alert to that issue.
Does the review focus on internal work, not just contracted-out work?
It covers all the audit work—
All of it.
Sixty-five per cent of it is in-house, so internal work is obviously very important. We have done that for longer—I believe since about 2010. The shift is that it is now being done on a common basis across all the audit work.
Are the details in the audit quality annual report?
You have previously published information on EU withdrawal, and you have mentioned a couple of times this morning its potential implications. In one of your reports, you said that all public bodies are likely to face capacity issues, to some extent, as they try to manage the implications of EU withdrawal and maintain business as usual. Does that apply to Audit Scotland?
It does. We have had to think hard about what EU withdrawal means for our work, for the bodies that we audit and for us. We have built on the approach that we have taken to the new financial powers by developing a small team of people whose job is to do the thinking, the research and the understanding but then to work with colleagues in all the audits to help them think about what withdrawal means for their particular audits.
We are in a good place with this year’s audit planning guidance. We have been clear with auditors that the likely effects are going to be on funding, the workforce and regulation and that they will apply differently in different audited bodies. As part of the planning process that we discussed earlier, the auditors should be thinking about and discussing that with the bodies that they audit.
Internally, we are thinking about what EU withdrawal means for the seven or so staff that we have who are from other EU countries, who will have concerns about their future ability to live and work in Scotland. We are making sure that we support them. We are also doing the best that we can, given the level of uncertainty that we all face, to think about what EU withdrawal might mean in terms of additional audit work for the Scottish Government or for bodies that are particularly affected by it. However, at the moment, lacking a crystal ball, we are having to just make sure that our plans are resilient and can respond to different scenarios, depending on what happens over the next nine months or so.
Thank you. It is clearly a challenge.
Members have no other questions. Does the Auditor General or the chair of the board have anything to add before we wind up?
Just my thanks.
Thank you very much for attending the committee.10:43 Meeting suspended.
10:44 On resuming—
I welcome to the meeting Steven Cunningham, a partner, and Jillian So, the audit manager, from Alexander Sloan. Are there any comments that you would like to make before we open our questioning?
Steven Cunningham (Alexander Sloan)
Good morning, chair. I apologise for our late arrival. I confirm that we have received all the information and explanations that will allow us to undertake our audit for the year that ended on 31 March 2018. I also confirm that there were no limitations on the scope of our audit work.
I will give you a brief overview of our work. Alexander Sloan was appointed to carry out the external audit of the 2018 financial statements of Audit Scotland. During the year, we attended all audit committee meetings of Audit Scotland. We attended Audit Scotland offices to carry out interim audit work in February and the final audit work was carried out in May. Our work was carried out in accordance with international standards for auditing.
We reviewed all internal audit reports during the year and held discussions with the internal auditor. As I have mentioned, we received all the information and the explanations that were required to carry out our work, and our audit was completed without any problems.
In accordance with our tender and quality control procedures, the audit file and accounts have also been subject to a second partner audit review.
On the basis of our audit work, we form an opinion on whether the accounts give a true and fair view, whether they have been prepared in accordance with international financial reporting standards—as interpreted and adapted by the financial reporting manual—and to confirm that they have been properly prepared in accordance with the Public Finance and Accountability (Scotland) Act 2000 and directions by Scottish ministers.
Being satisfied with the audit evidence, we signed our audit report on 12 June. Our audit report is unmodified—that is, we are satisfied that the accounts give a true and fair view and are in accordance with the legislation and the accounting rules. There are no significant matters to bring to the attention of the commission or other readers of the accounts.
Thank you—that answers my first question. How does Alexander Sloan assure itself that the internal audit process that is undertaken is robust and in accordance with the appropriate standards?
We attend all the audit committee meetings with the internal auditor. Prior to those meetings, we are also in attendance at a private closed session at which the internal auditor is present. We hold discussions about and review all the papers that are presented to the committee. On the basis of that, we make a decision on whether we are satisfied with the internal audit work that has been carried out and on whether there are any implications for the external audit.
What about the internal audit programme?
We get to see the internal audit programme and have the opportunity to comment on it if we consider that there are any areas missing that should be in the programme.
You are satisfied that the process is robust.
Yes, I am.
Do you receive internal audit reports?
Yes, we receive all the reports in the audit year, which we review to identify whether there are any audit implications.
There is nothing of concern of which you are aware.
No, nothing that would cause any concern for the audit of the financial statements.
I want to clarify an issue that you more or less covered in your opening statement. In your report to those charged with governance and in your report to the audit committee of Audit Scotland, did you raise any matters that the commission should be aware of?
No. No matters arose in our audit work that we consider that the commission should be aware of.
Was there anything in your own side notes that you wanted to keep a record of in case such actions were repeated?
No. Once we have carried out the audit work, we have a closing meeting that is attended by the chief operating officer and the director of audit. That is the vehicle through which we would clarify matters, but there were no matters of any significance that we needed to bring to the board of Audit Scotland or to you.
We rely greatly on what you say. There are highly technical accounting requirements on pension costs and the calculation of liabilities. Are you satisfied with all the disclosures in the accounts?
Yes. We spend a lot of time in the audit looking over and considering the assumptions and making sure that they are reasonable before they go into the final accounts.
I may have missed this, but do you disclose the materiality level?
No, we do not do that as a practice.
You do not. Can you tell us what it is?
I do not have that figure, but I will get a note of that to you if you want.
Were you here earlier to hear that Audit Scotland audits about £120 billion of assets?
Are you comfortable in auditing the auditor of that huge amount?
Yes, we are. We believe that we have in place all the procedure to carry out an efficient audit.
Just an efficient audit?
Sorry—an efficient and effective audit.
Audit Scotland has included in its accounts £1.6 million of income that relates to work that is completed but not yet charged to audited bodies. Are you satisfied that that calculation is robust?
A prime focus of the audit is the work-in-progress calculation. We spend a lot of time on reviewing the calculation—we look at it from the angle of the agreed fees, the proportion of work carried out and how the calculation is done to make sure that we are happy with it.
Do members have any other questions?
Nothing other than the usual question about whether there is anything else that we should know.
No, there is nothing further.
Do you have any other comments to make before I wind up?
I have no other comments to make, thank you.
In that case, I thank you for your attendance.10:50 Meeting continued in private until 11:17.