We use some essential cookies to make this website work.
We’d like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services.
You can change your cookie settings at any time.
Find information and services
Search for a department and find out what the government is doing
Departments, agencies and public bodies
News stories, speeches, letters and notices
Detailed guidance, regulations and rules
Reports, analysis and official statistics
Consultations and strategy
Data, Freedom of Information releases and corporate reports
Updated 6 April 2022
© Crown copyright 2022
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected].
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/post-16-audit-code-of-practice/post-16-audit-code-of-practice-2021-to-2022-web-accessible-version
Assurance and accountability requirements for post-16 providers, including further education and sixth-form college corporations.
The Post-16 Audit Code of Practice (the ‘Code’) sets out a common standard for the provision of assurance in relation to the funding of post-16 providers. It sets out:
The Code, together with any supplementary bulletins, should be read alongside any grant funding agreement or contract setting out conditions of funding issued by the Education and Skills Funding Agency (ESFA) or any other funder, including the Mayoral Combined Authorities (MCAs) and Greater London Authority (GLA).
For further education and sixth-form college corporations[footnote 1] this edition has been produced for financial periods commencing on or after 1 August 2021 and the funding year 2021 to 2022. For independent training providers and special post-16 institutions this edition has been produced for the funding year and accounting year 2021 to 2022. The provisions of this document apply to the periods stated above, but will remain in force unless updated or replaced.
ESFA published a supplementary bulletin to the CAD 2020 to 2021 and the Post-16 Audit Code of Practice 2020 to 2021 which addressed the impacts of COVID-19 and remains extant. ESFA does not intend to issue a further supplementary bulletin for the year 2021 to 2022.
This document is intended for use by the following organisations, and their respective auditors / reporting accountants, whether they are funded directly by ESFA or by one of the Mayoral Combined Authorities (MCAs) or the Greater London Authority (GLA):
Further education and sixth-form college corporations are entities that operate one or more colleges. They have the legal status of statutory corporations and exempt charities. A college is a charitable activity undertaken by its corporation; it does not have a separate legal entity distinct from that of its corporation.
Requirements in this guidance for college corporations apply equally to institutions designated under Section 28 of the Further and Higher Education Act 1992 (as amended) as being in the further education sector.
Academy trusts with post-16 provision (including any sixth-form colleges which have converted to academy status) are not covered by this publication and should refer to the Academy Trust Handbook and the Academies Accounts Direction. Further education and sixth-form college corporations that are registered with the Office for Students (OfS) are obliged to follow this Code, the College Accounts Direction, the OfS terms and conditions of funding, and the OfS Accounts Direction as detailed in paragraph 100. Higher Education Institutes that are part-funded by ESFA should also follow the OfS’ requirements.
ESFA, LAs, MCAs and the GLA fund young people’s education, apprenticeships and adult skills, and all have a duty to demonstrate that they:
ESFA is an executive agency of the Department for Education and acts as the agent of the Secretary of State. ESFA’s accounting officer is accountable to Parliament for how ESFA uses its funds. This Code sets out how ESFA obtains assurance from providers to meet this duty. It also sets out how MCAs and the GLA obtain assurance over devolved adult education funding from the DfE.
What has changed in this edition?
We use the terms ‘must’ and ‘should’ in this document:
Corporations and their auditors can ask ESFA questions via an on-line enquiry form. Questions about devolved adult education funding should be directed to the relevant MCA or the GLA.
We are grateful to the individuals and organisations that have made suggestions or observations about this document.
1: ESFA requires assurance over aspects of provider activity. The assurance requirements depend upon the provider type and the nature of the relationship between the provider and ESFA. In all cases, ESFA will require assurance that a provider has established entitlement to its funds by delivering learning in accordance with the terms of their funding agreement or contract (“use of funds”). ESFA’s assurance requirements cover more than use of funds for certain types of provider – see table 1.
Table 1: assurance requirements
2: In cases where ESFA has a direct funding agreement or contractual relationship with providers, it will obtain its necessary assurance directly as follows:
Table 2: Assurance obtained by ESFA:
3: Reflecting the Secretary of State for Education’s role as principal charitable regulator, part 2 of this document sets out the assurance framework for further education and sixth-form college corporations. Part 3 sets out the assurance framework for external auditors / reporting accountants of those institutions.
4: An independent training provider (ITP) is an organisation which delivers education and training and includes a range of legal entities, most of which are subject to regulation under the Companies Act 2006 and/or the Charities Act 2011.
5: Special post-16 institutions (SPIs) educate young people with complex special educational needs. SPIs do not have a distinctive definition in law.
6: ESFA contracts with ITPs and SPIs to deliver education and training services. Additionally, some providers of adult education may contract with one or more of the relevant MCAs and/or GLA. These contracts set out in detail the requirements on the ITP and SPI for service delivery. It is the responsibility of each provider or institution to comply with relevant legislation reflecting their underlying legal status (for example, company, partnership or charity). Part 4 of this document sets out certain financial reporting and audit requirements which must be followed by ITPs. ESFA’s and/or the MCA/GLA’s relationship with ITPs and SPIs is contractual not regulatory, and this is reflected in the assurance arrangements.
7: Table 3 sets out how ESFA obtains assurance indirectly on providers, through the work of OfS, LAs, MCAs and GLA.
Table 3: Assurance obtained by OfS, LAs, MCAs and GLA and provided to ESFA
8: There are a small number of specific arrangements, including:
9: Providers receive funding under grant funding agreements and other types of contract with ESFA. These agreements and contracts require providers to comply with ESFA’s funding rules, maintain individualised learner records (ILRs) and submit ILR data returns to ESFA in support of their funding claims. They also provide for ESFA to conduct funding assurance and other ad hoc reviews.
10: ESFA obtains direct assurance over providers’ funding grants through individualised learner record (ILR) data returns. ESFA conducts a programme of funding monitoring and data validation, which involves data analysis and the identification of providers’ ILR data anomalies. ESFA informs providers of the ILR data anomalies and explains how to correct any errors.
11: ESFA also obtains direct assurance through a programme of funding assurance reviews (“funding audits”), based on a random and risk-based sample of providers, which provides sector-wide assurance over funding claimed and under which ESFA will recover any overclaimed funding. In particular, the random sample facilitates the estimation of funding errors in respect of post-16 funding recognised in ESFA’s annual accounts. In addition to the direct assurance performed by ESFA, MCAs/GLA will adopt their own processes for any additional assurance and/or validation checks relating to specific contracting requirements and local flexibilities agreed as part of devolution. Assurance requirements about subcontracting are published separately. Providers may sub-contract the delivery of ESFA funded learning, provided they comply with the sub-contracting requirements set out in ESFA’s funding rules.
12: Providers that receive devolved adult education funding should note that MCAs and the GLA will have their own subcontracting assurance requirements. Providers should refer to guidance published by the relevant MCA/GLA.
13: External auditors of ESFA-funded providers engaged in subcontracted provision should note the specific assurance activities in this area that require providers to comply with the funding agreement annual subcontracting assurance clause. This clause requires certain lead providers to obtain an independent report that provides assurance on the arrangements in place to manage and control their subcontractors. This report must be provided to the audit committee to be referred to in their annual report.
14: The source responsibilities of further education and sixth-form college corporations and governors stem from:
15: General responsibilities of corporations are set out in their instrument and articles of government, and conditions of funding are set out in grant funding agreements and contracts with ESFA. Further responsibilities are set out within:
16: Corporations should be familiar with these documents and their requirements. A good source of advice on the legal and regulatory framework applying to corporations is the Department for Education’s governance guide.
17: The instrument and articles of government complement the duties of governors as charity trustees. Under Sections 22 and 33L of the Further and Higher Education Act 1992 (as amended) corporations may change their articles, although any change is subject to the limitations set out in the Act and charity law.
18: The articles set out the corporation’s responsibilities, which must include the effective and efficient use of resources, its solvency[footnote 4], and the safeguarding of its assets. The articles must prohibit the corporation from making changes to the articles that would result in the body ceasing to be a charity.
19: The board of any designated institution that has the legal character of a limited company must consider the additional statutory obligations set out in the Companies Act 2006 (as amended) and other company law and regulation, including the duties of governors as company directors, which will exist in addition to their duties as charitable trustees and under the funding agreement and the legal and regularity framework for colleges.
20: Corporations receive funding under grant funding agreements and contracts with ESFA. These set out in detail the requirements placed on, and responsibilities of, corporations, and that any mandatory requirements of this Code form a condition of funding. For a complete picture of ESFA’s assurance requirements, the Code should be read alongside ESFA’s grant funding agreements and contracts. Some corporations also receive funding under grant funding agreements and contracts with MCAs or the GLA in respect of devolved adult education funding, which also require compliance with this Code.
21: It is a condition of funding and this Code that corporations must establish an audit committee.
22: The audit committee must advise the corporation on the adequacy and effectiveness of the corporation’s assurance framework. The audit committee must play a robust role in good stewardship and risk management and should refer to ESFA’s guidance on the scope of work of audit committees and internal auditors in college corporations. In addition, the audit committee advises and supports the corporation in explaining, in its annual accounts, the measures taken to ensure it has fulfilled its statutory and regulatory responsibilities. The College Accounts Direction sets out ESFA’s specific requirements including the required information to be included in the corporation’s statement of corporate governance and internal control.
23: The corporation must set out terms of reference for the audit committee. These should reflect accepted good practice for the audit committees of publicly funded organisations[footnote 5] and as a minimum must set out:
24: Audit committees must include individuals with an appropriate mix of skills and experience to allow the committee to discharge its duties effectively. Collectively, members of the committee should have recent, relevant experience in risk management, finance, and assurance. The abilities of the membership of the audit committee should reflect the needs of the corporation and should extend to expertise in all relevant financial and non-financial areas. Audit committees will be most effective when they are staffed by individuals who are prepared to support, challenge, and warn the board of governors.
25: In addition, the audit committee must:
The annual report to the corporation must be submitted to the corporation before the statement of corporate governance and internal control in the annual accounts is signed.
26: Audit committees should take a holistic view with all aspects and systems, financial and non-financial, being in scope depending on their impact and effect on the corporation. In addition to the mandatory responsibilities of an audit committee outlined above, as best practice audit committees may also oversee additional matters such as data breaches, GDPR issues and health and safety incidents.
27: The audit committee should meet at least three times a year. Where three meetings were not held, an explanation (such as when it was not possible to achieve a quorum) must be provided within the audit committee’s annual report.
28: The corporation does not routinely need to notify ESFA of a change in auditor at the expiry of their agreed term in office. However, the audit committee must notify ESFA immediately of the resignation of external auditors mid-term, or in the rare circumstance where the corporation removes the external auditors, before the expiry of their term of office. Where auditors have resigned, other than at the end of their agreed term, the audit committee must copy to ESFA an explanation from the auditors. Where the corporation elects to remove the auditors, the audit committee must notify ESFA of these reasons.
29: The audit committee must ensure that there is a policy in place for regular retendering of the external audit service. The audit committee should consider the quality of the audit service required as well as the price. Corporations should ensure that the external audit contract is put out to tender at least every 5 years, though for the avoidance of doubt this does not necessarily require a different firm of auditors to be appointed.
30: Although corporations are not required to commission internal auditors, having an internal audit service in place, which may be supplemented by specialists in particular areas, is likely to assist audit committees in ensuring they have effectively discharged the requirements above.
31:Parliament’s interest is that recipients of public funds apply and account for those funds properly and use them economically, efficiently and effectively. The Comptroller and Auditor General (C&AG), as Head of the National Audit Office, is ESFA’s external auditor.
32: The C&AG has the right under the Further and Higher Education Act 1992 (as amended) to inspect the annual accounts of any corporation that receives funding, and the right to carry out value for money investigations. The C&AG is selective in its use of inspection rights and where practical will rely on the work of ESFA’s assurance processes.
33: Corporations that are also funded by MCAs or the GLA in respect of adult education should note that these authorities will have their own internal and external auditors. Corporations should refer to their contracts or grant agreements with those authorities to understand the requirements of those authorities concerning audit access.
34: Corporations are required to prepare accounts in accordance with ESFA’s College Accounts Direction. They are also required to appoint an external auditor to audit those accounts. Corporations must allow the external auditor unrestricted access to all records, information and assets, which the auditor considers necessary to fulfil their responsibilities.
35: Regularity and propriety are discussed within HM Treasury’s ‘Managing Public Money’ (MPM)[footnote 8]. MPM sets out that ESFA’s accounting officer has a personal responsibility for safeguarding the public funds for which they are accountable, and for ensuring regularity and propriety in the handling of these funds. There are similar responsibilities attaching to MCAs and the GLA.
36: Corporations receive significant amounts of public funding from ESFA each year. Some also receive funding from MCAs or the GLA for the provision of devolved adult education. This framework sets out how ESFA’s accounting officer, and their equivalent in the MCAs or GLA, seeks to obtain assurance over the regularity and propriety of public funds to satisfy their responsibility.
37: MPM defines regularity as the requirement that ‘resource consumption should accord with the relevant legislation, the relevant delegated authority and this document’. For corporations, this encompasses legislation (for example, the Further and Higher Education Act 1992 (as amended) and the Charities Act 2011), but also conditions of funding and other guidance issued by ESFA.
38: Propriety is a related concept concerned with standards of conduct, behaviour and corporate governance. MPM defines propriety as the requirement that ‘patterns of resource consumption should respect Parliament’s intentions, conventions and control procedures’.
39: Propriety is less prescriptively defined but includes matters such as fairness, integrity, avoiding the use of public office to achieve private gain, even-handedness in the appointment of staff, open competition in the letting of contracts and avoidance of waste and extravagance. There are no definitive guidelines for propriety – coming to a professional judgement, reflecting the high standard expected in organisations receiving public funding, is required.
40: Corporations must publish a statement of regularity, propriety and compliance within their annual accounts. The format of this statement is set out in the College Accounts Direction, and requires disclosure of any identified material irregularity, impropriety or funding non-compliance.
41: Corporations should ensure that any references in their final signed statement to instances of material irregularity, impropriety or funding non-compliance are consistent with any findings from the work of the reporting accountant.
42: To form their conclusion the corporation must ensure that it is working within the boundaries of regularity and propriety. This work should be performed throughout the year as part of their oversight of internal control processes, which may include:
43: The following tests may be useful for the corporation to consider when determining whether a transaction is regular and proper:
44: The corporation can also draw comfort from the work of the audit committee and internal auditor (if applicable) which provides a process for independent checking of internal control processes.
45: It is for the corporation to determine if further work is necessary at year-end to evidence their statement of regularity, propriety and compliance. If proper internal control processes have been adequately documented and have operated during the year, there should be no need for significant additional scrutiny.
46: ESFA publishes a regularity self-assessment questionnaire (RSAQ) to provide clarity of the accountability framework, key considerations and the type of evidence corporations may need to provide to their reporting accountant. This must be prepared annually to support corporations in drafting their statement of regularity, propriety and compliance. Corporations must provide a copy of their completed RSAQ to the reporting accountant, signed by the accounting officer and chair of governors.
47: The corporation must be able to support their statement of regularity, propriety and compliance. This includes responses given in the RSAQ that the corporation completes and discloses to the reporting accountant. Although specific documentation is not prescribed, the accounting officer should retain a record of work undertaken throughout the year. This is to provide support for the sign-off at year-end and to assist with any reporting accountant queries.
48: Where there is a change of accounting officer during the year, or up to the date of signing the declaration, it is the responsibility of the new accounting officer to be satisfied that they can support their signing of the statement. This will be achieved through discussions between the new accounting officer and the corporation, the internal auditor (if applicable), the senior leadership team and, where possible, the previous accounting officer, who should provide a statement to the corporation on regularity, propriety and compliance covering the reporting period up until their date of departure, alongside all relevant working papers, minutes and reports during the period covered by the statement.
49: ESFA’s College Accounts Direction emphasises that in respect of business combinations, the chair and accounting officer of the receiving entity are responsible for signing off, and submitting to ESFA, audited accounts of any dissolving corporation. Similarly, the receiving corporation’s accounting officer needs to be satisfied that they can support their signing of the statement of regularity, propriety and compliance.
50: The legal definition of fraud as defined in the Fraud Act 2006 is: ‘The making of a false representation or failing to disclose relevant information, or the abuse of position, in order to make a financial gain or misappropriate assets.’
51: It is the responsibility of the corporation, as set out in grant funding agreements and contracts with ESFA (and, where relevant, with MCAs and the GLA), to establish and maintain an adequate system of internal control, to ensure compliance, and to prevent and detect irregularities and suspected fraud (including theft, bribery and corruption). To achieve this a corporation must establish and keep up to date an effective and proportionate counter fraud strategy, which sets out the approach to raising awareness, prevention, detection, investigation and sanction (including seeking redress where appropriate) of suspected fraud.
52: In developing a counter fraud strategy, corporations should consider the nature of the threat faced. The non-exhaustive list below contains the main components, and the anti-fraud checklist at Annex D offers a possible framework:
53: Corporations must have procedures in place to ensure any suspected or discovered instance of fraud, cybercrime, theft, bribery, corruption, irregularity, major weakness or breakdown in the accounting or other control framework are identifiable. Where identified, corporations must inform the chair of the audit committee, external auditors and internal auditors (if applicable) as soon as practically possible. ESFA, and any other relevant funding provider, must also be informed as soon as possible when the fraud, or suspected fraud, is significant.
54: Significant fraud is usually where there is one or more of the following factors (though this list is not exhaustive):
55: Fraud, by its inherent nature of deception to result in financial or personal gain, means that the transaction must be irregular and improper. The accounting officer must include any significant fraud in their statement of regularity, propriety and compliance.
56: Fraud, including any suspected or attempted fraud, should be reported to Action Fraud to help identify systematic risks potentially affecting whole sectors (for example cybercrime). Action Fraud monitors the cost of fraud across the UK and has been set up to provide a single point of reporting and information for individuals and organisations.
57: ESFA reserves the right to conduct investigatory work in respect of any provider when there are reasonable grounds to believe that fraud or other financial irregularity has taken place. If such a provider is also funded by another public authority, then ESFA and that authority will cooperate to determine which authority will lead the investigation.
58: It is a condition of funding by both ESFA and MCAs/GLA that corporations appoint an external auditor to audit their annual accounts. ESFA requires external auditors appointed by corporations to comply with the requirements of Part 42 of the Companies Act 2006, namely a firm or individual holding membership of a relevant supervisory body and allowed to carry out audits under the rules of that body.
59: Corporations must also appoint a reporting accountant to provide an assurance report on regularity each financial year. The reporting accountant must be the same as the external auditor. The external auditor/reporting accountant will adhere to relevant professional standards in performing their work.
60: External auditors will present their findings annually at a meeting of the board of governors, which, at the discretion of the corporation, may be a joint meeting with the audit committee.
61: Corporations should note the Financial Reporting Council’s Revised Ethical Standard issued in December 2019, and particularly section 5C, which states that a firm providing external audit may not provide internal audit services to the same client or to a significant affiliate of such a client.
62: In carrying out their work external auditors and reporting accountants will apply the following principles:
63: The external auditor must audit the annual accounts in accordance with relevant legal and regulatory requirements and International Standards on Auditing (UK).
64: The external auditor must provide an opinion on whether the annual accounts, in all material respects, give a true and fair view and have been prepared in accordance with the Statement of Recommended Practice: Accounting for Further and Higher Education.
65: The external auditor must report by exception whether, in their opinion:
66: The external auditor has a professional duty to consider the strategic report and the corporation’s statement of corporate governance and internal control. The auditor is required to take appropriate action under auditing standards if the statements made are materially inconsistent with the audited financial statements or any information is apparently materially misstated based on, or materially inconsistent with, their knowledge of the corporation, acquired in the course of performing the audit, and report accordingly.
67: ESFA, and where applicable the relevant MCA/GLA, will notify both corporations and their auditors of the value of the college’s main funding grants through funds’ payments statements, generated through the individualised learner record (ILR) returns, to be included as income within the corporation’s annual accounts. Responsibility for the accuracy of funding claims remains with the corporation.
68: Where the external auditor is unable to provide an unmodified audit opinion or where they wish to use an alternative form of wording, or where the external auditor intends to include an emphasis of matter paragraph or material uncertainty relating to going concern, they must communicate this to the corporation as soon as practically possible.
69: External auditors are required to communicate matters arising from the audit with those charged with governance. This must be in the form of a written report (“management letter”), prepared in accordance with ISA (UK) 260 Communication with Those Charged with Governance and ISA (UK) 700, Forming an Opinion and Reporting on Financial Statements. Auditors are required to communicate:
70: External auditors are required to report:
71: The management letter should also cover:
72: The management letter must also report on the regularity assurance engagement.
73: The reporting accountant must perform the engagement to provide limited assurance. Limited assurance engagements are framed in a ‘negative’ sense and are those concluding whether, based on the procedures performed and evidence obtained, nothing has arisen that suggests information is materially misstated[footnote 9].
74: For corporations, the reporting accountant provides limited assurance that expenditure and income have been applied to purposes intended by Parliament and financial transactions conform to the authorities that govern them.
75: The reporting accountant must set out any material matters within their assurance report on regularity, which must also encompass any findings concerning propriety. Any other findings arising from the engagement should be set out in their management letter to the corporation.
76: The reporting accountant’s assurance report on regularity refers to the authorities that govern the corporation. Understanding the framework of authorities relevant to the conduct of the activities of a corporation will assist the reporting accountant in planning their work and identifying risk of potential material irregularities in the annual accounts.
77: The reporting accountant should have regard to the Financial Reporting Council’s Statement of Recommended Practice, Practice Note 10, Audits of Financial Statements of Public Sector Bodies in the United Kingdom (PN10). This sets out a general framework for obtaining reasonable assurance over regularity. The regularity assurance framework for corporations seeks limited assurance, and therefore PN10 does not strictly apply. It does, however, remain a useful reference for:
78: Much of the work required to understand the activities and relevant framework of authorities will already have been considered in the audit of the annual accounts[footnote 10] .
79: In making their assurance report on regularity, the reporting accountant will need to further understand and assess how the corporation has interpreted the framework of authorities in its own context, and the systems, procedures and controls that have been put in place to ensure compliance.
80: The corporation’s statement of regularity, propriety and compliance, and regularity self-assessment questionnaire, should inform the reporting accountant’s work by demonstrating how the requirements are met.
81: In planning their testing, the reporting accountant should refer to Practice Note (PN) 10, which sets out the general framework for obtaining assurance over regularity and International Standard on Assurance Engagements (ISAE) 3000, which set out some specific considerations for limited assurance engagements.
82: It will typically be most efficient to undertake regularity work in conjunction with, and at the same time as, the audit of the annual accounts.
83: Regularity testing of the ILR return is not excluded from the reporting accountants’ work. However, the reporting accountant may rely on the work they have undertaken on ESFA funding body grants and contracts in the financial statements audit to address the likelihood of relevant material irregularities in respect of funding generated through the ILR.
84: The regularity and propriety work must include all corporation expenditure and income received, regardless of source. This includes any subsidiaries or joint venture arrangements. Reporting accountants will conduct their work on the subsidiary/joint venture in accordance with the framework of authorities that govern the subsidiary/joint venture. For example, if the subsidiary is a company, then Companies Act 2006 and any legislation or regulations relating to its operations will be applicable. If the reporting accountant identifies any matters of a regularity, propriety or compliance nature involving a subsidiary or joint venture, they must report these to the corporation and also report them to ESFA.
85: Reporting accountants must notify the corporation and ESFA if potential regularity or propriety matters that could affect ILR returns and associated claims come to their attention during their work. They should also notify the relevant MCA/GLA if devolved adult education funding is concerned.
86: Where the reporting accountant has specific concerns over the regularity or propriety of income and expenditure at a corporation, they may, exceptionally, write to ESFA (and the MCA/GLA when relevant) and ask for a summary of any relevant matters, for example fraud and whistleblowing (if such information is not reasonably available from the corporation).
87: The reporting accountant should consider whether they can rely on the work of a third party (such as internal auditors, if applicable), who has undertaken assurance reviews relevant to the objective of the regularity assurance engagement. It is a matter of professional judgement how much reliance the reporting accountant places on this work.
88: ESFA does not require reporting accountants to maintain separate files in respect of the audit of the annual accounts and their regularity work. As mentioned above, they can incorporate regularity sampling into the audit of the annual accounts. However, they will need to clearly document their regularity assurance work, including the objectives, methods, results / findings and conclusions for the testing, which underpins their assurance report on regularity.
89: Annex E sets out the required format of the reporting accountant’s assurance report on regularity, including the format of the limited assurance conclusion.
90: The scope of the limited assurance engagement is set out at paragraphs 73 to 80 above.
91: Where the reporting accountant identifies potential irregularities or instances of impropriety, these should be discussed with the corporation’s finance team in the first instance. Potential regularity exceptions should be considered individually and in aggregate in terms of whether they represent a material irregularity, by either value or nature. Any such issues that cannot be resolved satisfactorily with the finance team should be escalated to the accounting officer and the audit committee or board. Since propriety goes beyond considerations of compliance with a framework of authorities to include conduct and behaviour, it is not readily susceptible to objective verification. Further, where issues of propriety arise then the assessment of materiality may need to be further considered. Whilst a transaction leading to a personal or private benefit may be deemed to be material by nature, regardless of value, there may be more scrutiny, if the benefit is received by a senior member of staff or governor as impropriety on the part of corporation leaders may be indicative of endemic problems. Consequently, considerable professional judgement and discretion will be required in both forming a view as to whether or not there is a material issue be addressed and how such an issue should be escalated or reported.
92: When the reporting accountant concludes that there are matters of material irregularity or impropriety, by virtue of value or nature, either individually or in aggregate of transactions underlying the annual accounts, this will lead to a modified assurance report on regularity, including full disclosure of those matters in that report. If this constitutes a matter of material significance[footnote 11], then it must be reported to ESFA.
93: Where irregularity or impropriety is identified, but the reporting accountant concludes it is not material, by virtue of value or nature, either individually or in aggregate, or does not relate to transactions underlying the annual accounts, the issue must be reported in the reporting accountant’s management letter.
94: Where the reporting accountant is unable to provide a report on regularity or where they wish to use an alternative form of wording, they must communicate this to the accounting officer, the chair of the corporation, the chair of the audit committee, and ESFA as soon as is practical.
95: The reporting accountant must consider the impact of any regularity or propriety issue on their audit of the annual accounts.
96: In the absence of an alternative assurance standard, the Code draws on some of the principles set out in PN10 even though the further education sector is not specifically within scope.
97: PN10 (Part 2: paragraphs 31 to 40) sets out that the auditor’s assessment of what is material is a matter of judgement and includes both quantitative (value) and qualitative (nature) considerations. Materiality affects both the way in which the auditor plans and designs the audit work on regularity and propriety, and how the auditor evaluates and reports the results of that work. The assessment of materiality at the planning stage for regularity and propriety may be different to that applied for the audit of the financial statements as a whole.
98: Materiality is relevant when planning and performing the assurance engagement, including when determining the nature, timing and extent of procedures, and when evaluating whether the subject matter information is free of misstatement.
99: The materiality level applied for the testing of transactions in terms of whether they are regular, proper or have been used in accordance with the contractual terms and conditions of grant, may also differ to that applied to the annual accounts.
100: Corporations that are registered with the Office for Students (OfS) are obliged to follow the requirements of the extant OfS Accounts Direction, as well as those set out in this document. OfS-registered corporations, and their auditors, should take note of the requirements set out in the OfS Accounts Direction. It should be stressed that the OfS requirement to provide an audit opinion on use of funds as set out in the OfS Accounts Direction does not remove the requirement for the reporting accountant to provide a report on regularity as set out in Annex E of this document.
101: Fraud, by its inherent nature of deception to result in financial or personal gain, means that any such transactions must be irregular and improper. Identified fraud that is significant (paragraph 54) or material will lead to a modified assurance report on regularity, including full disclosure of those matters in that report.
102: For the avoidance of doubt, the additional requirement to report fraud as a breach of regularity does not alter, reduce or replace the standard reporting requirements for fraud including the Proceeds of Crime Act 2002 (POCA). Auditors / reporting accountants should consider the Practice Note 12 (Revised) on Money Laundering – Guidance for Auditors on UK Legislation issued by the Auditing Practices Board and which covers an auditors statutory reporting obligations under POCA.
103: The duties of the external auditor/reporting accountant must be clearly set out in an engagement letter in accordance with ISA 210 (Revised 2016). Annex A sets out standard clauses, covering the external audit of the accounts and the regularity assurance review, that must be included within the letter of engagement between the corporation and the external auditor/reporting accountant. These clauses include details of the arrangement for the regularity assurance engagement, which allows ESFA and any other funding authority to draw assurance from the report on regularity.
104: Annex B sets out standard terms of reference for the regularity assurance engagement. These terms outline the responsibilities of the corporation, reporting accountant and ESFA in relation to the engagement, and the duty of care owed by the reporting accountant.
105: Colleges registered with the OfS and their auditors will need to build both a “use of funds” and “regularity” aspect into their letters of engagement (paragraph 100).
106: Where the corporation and/or external auditor/reporting accountant want to use an alternative form of words, they must agree this with ESFA.
107: There is no expectation that ESFA will sign the engagement letter.
108: ITPs must meet any statutory responsibilities they have in relation to financial accounts, audit, and other legal, financial and governance requirements. Legislation and guidance most common to ITPs is summarised in paragraphs 111 to 121.
109: ITPs receive funding under grant funding agreements and contracts with ESFA. These set out in detail the requirements placed on and responsibilities of ITPs, and that any mandatory requirements of this Code form a condition of funding. For a complete picture of ESFA’s assurance requirements, the Code should be read alongside ESFA’s grant funding agreements and contracts. Some ITPs also receive funding under grant funding agreements and contracts with MCAs or the GLA in respect of devolved adult education funding, which also require compliance with this Code.
110: All ITPs may be subject to a funding audit by ESFA in respect of funds received (paragraphs 9 to 13).
111: Private limited companies, companies limited by guarantee, limited liability partnerships, and community interest companies have a statutory responsibility under the Companies Act to file their annual financial accounts with Companies House within 9 months of their financial year end (unless stated otherwise). Public limited companies must meet the same requirement within 6 months of their financial year end under the Act.
112: Under the Charities, Act all registered incorporated charities (and registered unincorporated charities with a gross income exceeding £25,000 in that financial year) must file their financial accounts and their trustees annual report with the Charities Commission within 10 months of their financial year end.
113: Other legal entities should ensure they comply with their statutory requirements, as set out in their incorporation documents or other relevant legislation.
114: Private limited companies, companies limited by guarantee, and community interest companies have a statutory responsibility under the Companies Act to appoint external auditors to audit their annual financial accounts unless they meet two of the three criteria defined in the Companies Act Section 382(3).
115: Limited liability partnerships are also required to have their accounts audited unless they meet the criteria as defined in the Companies Act.
116: All public limited companies require external audit.
117: Charitable organisations may be required to have an external audit or an independent examination depending on their size. The criteria for determining whether a charity requires an audit is set out in the Charities Act 2011.
118: Other legal entities should ensure they comply with their relevant statutory requirements in respect of external audit, where applicable.
119: In addition to the audit of the financial statements, providers with subcontracted provision of over £100k are required to obtain an independent report covering the arrangements in place to manage and control subcontractors in accordance with paragraph 13.
120: Private limited companies and companies limited by guarantee should be aware of all of the information they need to provide by law in their annual directors’ report as set out in The Companies (Miscellaneous Reporting) Regulations 2018. They should also familiarise themselves with the UK Corporate Governance Code published by the Financial Reporting Council in July 2018.
121: Public limited companies are subject to these requirements and in addition are by law required to have a qualified company secretary, have at least two directors, and hold an annual general meeting.
The following paragraphs must be included in the letter of engagement between the corporation and their external auditor/reporting accountant.
This letter establishes an agreement between [name of audit firm] and the corporation in relation to the audit of, and reporting on, the corporation’s annual report and financial statements (annual accounts).
We shall conduct our audit of the corporation’s annual accounts in accordance with the latest International Standards of Auditing (UK) issued by the Financial Reporting Council (‘ISAs’) and in full compliance with any instructions, guidance or frameworks issued by ESFA, and where relevant any issued by Mayoral Combined Authorities or the Greater London Authority in respect of devolved adult education funding, including those within the extant College Accounts Direction.
We have a professional responsibility to report, if the annual accounts do not comply in any material respect with applicable accounting standards and the requirements of the accounts direction, unless in our opinion non-compliance is justified in the circumstances. In determining if departure is justified, we will consider whether:
We shall report to ESFA, and when applicable the relevant devolved authority, as soon as practically possible, any significant fraud or major weakness or breakdown in the accounting or other control framework, of which we become aware, subject only to the requirements of the Proceeds of Crime Act 2002.
Where we as auditors conclude that we must resign from the engagement before the expiry of the term of office, we will provide the corporation with a statement of circumstances that we consider should be brought to its attention, which the corporation will send to ESFA.
Where we cease to hold office in any circumstance, we will provide ESFA with details of any matters, which would normally be noted in the professional enquiry letter to successor auditors under the ICAEW professional requirements, where such matters exist.
The Secretary of State for Education, acting through ESFA, has prescribed standard terms of reference for regularity assurance engagements. These are included within Part B of the Post-16 Audit Code of Practice.
We will perform our regularity assurance review and report to ESFA and, if applicable the relevant devolved authority, in accordance with those standard terms of reference.
The Secretary of State, acting through ESFA, will not be required to sign this engagement letter.
The following are the pre-agreed terms of reference on which the Secretary of State for Education, acting through ESFA, engages the reporting accountant to perform a limited assurance engagement on regularity in connection with the corporation.
ESFA accepts that an agreement between it, the corporation and its reporting accountant on these terms is formed when the reporting accountant signs its assurance report on regularity and this is submitted to ESFA or the relevant devolved authority.
ESFA is not required to sign anything. The Code and extant College Accounts Direction provide the framework and reporting requirements for the statement of regularity, propriety and compliance. The large number of corporations in scope of this engagement make it impractical to have an engagement letter with each individual reporting accountant. Standard terms of reference are therefore in place.
Amendments to these standard terms may only be considered in exceptional circumstances and require ESFA’s approval. Amendments may cause delay to the reporting accountant’s work leading to late submission of the related report and consequent breaches of funding conditions.
The corporation is required to submit to ESFA an assurance report on regularity signed by a reporting accountant, which provides limited assurance, as part of its annual report and financial statements (annual accounts). This report will address any issues of irregularity and impropriety. These terms of engagement set out the basis on which the reporting accountant will sign the assurance report on regularity.
The corporation is responsible for:
The corporation’s accounts shall meet the requirement of the extant College Accounts Direction to include the reporting accountant’s assurance report on regularity.
The corporation will make available all records, correspondence, information and explanations that the reporting accountant considers necessary to enable the reporting accountant to perform their work. The reporting accountant will request, and the corporation shall provide:
The corporation, ESFA and where applicable the relevant devolved authority, accept that the ability of the reporting accountant to perform their work effectively depends upon the corporation providing full and free access to financial and other records. The corporation shall obtain any such records held by a third party and ensure they are made available to the reporting accountant.
The reporting accountant accepts that, whether or not the corporation meets its obligations, there remains an obligation on the reporting accountant to ESFA to perform its work with reasonable care. The failure by the corporation to meet its obligations may cause the reporting accountant to modify its conclusion or be unable to provide a conclusion.
The reporting accountant will use professional judgement and take account of the particular circumstances of the corporation to determine the scope of work to support the conclusion in accordance with the Post-16 Audit Code of Practice (the Code).
The reporting accountant may communicate with ESFA as part of the planning and delivery of the regularity engagement where they believe there is a specific issue with a corporation.
The mandatory report that the reporting accountant will provide, on the assumption that the reporting accountant is able to report in that form, is included in the Code.
The reporting accountant’s report is prepared on the following basis:
The reporting accountant will perform the engagement with reasonable skill and care and accepts responsibility to the corporation and ESFA, for losses, damages, costs or expenses (‘losses’) caused by its breach of contract, negligence or wilful default, subject to the following provisions:
The corporation and ESFA agree that they will not bring any claims or proceedings against any individual partners, members, directors or employees of the reporting accountant. This clause is intended to benefit such partners, members, directors and employees who may enforce this clause pursuant to the Contracts (Rights of Third Parties) Act 1999 (‘the Act’). Notwithstanding any benefits or rights conferred by this agreement on any third party by virtue of the Act, the parties to this agreement may agree to vary or rescind this agreement without any third party’s consent. Other than as expressly provided in these terms, the Act is excluded.
Any claims, whether in contract, negligence or otherwise, must be formally commenced within 2 years after the party bringing the claim becomes aware (or ought reasonably to have become aware) of the facts which give rise to the action, and in any event no later than six years after the relevant report was issued (or, if no report was issued, when the reporting accountant accepted the engagement in writing). This expressly overrides any statutory provision which would otherwise apply.
The reporting accountant’s fees, together with VAT and out-of-pocket expenses, will be agreed with, and billed to, the corporation. ESFA is not liable to pay these fees.
The reporting accountant will investigate all complaints. ESFA or the corporation has the right to take any complaint to the professional supervisory body governing the reporting accountant.
The reporting accountant will not be prevented or restricted by virtue of the reporting accountant’s relationship with the corporation or ESFA, including anything in these terms of engagement, from providing services to other clients. The reporting accountant’s standard internal procedures are designed to ensure that confidential information communicated during the course of an assignment will be maintained confidentially.
If ESFA receives a request under the Freedom of Information Act 2000 for the disclosure of confidential information, it will inform the corporation promptly of such request and ensure that any representations made by the corporation, or reporting accountant, are fully taken into account when it responds to the request. However, the decision to release information rests with ESFA.
Amendment to these standard terms of engagement may only be considered in very rare circumstances. All additions, amendments and variations to these terms of engagement shall be binding only if in writing and signed by the duly authorised representatives of the parties. These terms do not affect any separate agreement in writing between the corporation and the reporting accountant.
This agreement shall be governed by, interpreted, and construed in accordance with English law.
The corporation, ESFA, and the reporting accountant irrevocably agree that the courts of England shall have exclusive jurisdiction to settle any dispute (including claims for set-off and counterclaims) which may arise on any basis in connection with the validity, effect, interpretation or performance of, or the legal relationship established by this agreement or otherwise arising in connection with this agreement.
This annex sets out some of the characteristics of providers where we have identified regularity concerns. Corporations and their auditors may wish to consider these areas when assessing compliance. This list is not exhaustive and is given as guidance only.
Good governance is important in delivering a high-quality service and ensuring accountability. The corporation is responsible for good governance. Regularity concerns can arise where there is indication of:
Effective management is needed if a corporation is to deliver a quality service through day-to-day operations. Regularity concerns can arise where there is indication of:
It is important to remain vigilant to risks, which, if they crystallise, result in regularity issues. Useful resources for further consideration include:
Fraud occurs in every sector and providers need to be aware of the potential for it to occur.
EFSA has published indicators of potential fraud: education providers, which provides information for academies, colleges, private training providers and employer providers in receipt of ESFA funding to help them identify potential fraud.
The 10 questions below are intended to help providers review their arrangements for preventing, detecting and dealing with fraud should it occur. Arrangements will vary according to the size, structure and complexity of the provider.
In accordance with the terms of our engagement letter dated [x] and further to the requirements and conditions of funding in ESFA’s grant funding agreements and contracts, or those of any other public funder, we have carried out an engagement to obtain limited assurance about whether anything has come to our attention that would suggest, in all material respects, the expenditure disbursed and income received by [name of corporation] during the period 1 August 20XX to 31 July 20XX10 have not been applied to the purposes identified by Parliament and the financial transactions do not conform to the authorities which govern them.
The framework that has been applied is set out in the Post-16 Audit Code of Practice (the Code) issued by ESFA and in any relevant conditions of funding concerning adult education notified by a relevant funder.
This report is made solely to the corporation of [name of corporation] and ESFA in accordance with the terms of our engagement letter. Our work has been undertaken so that we might state to the corporation of [name of corporation] and ESFA those matters we are required to state in a report and for no other purpose. To the fullest extent permitted by law, we do not accept, or assume, responsibility to anyone other than the corporation of [name of corporation] and ESFA for our work, for this report, or for the conclusion we have formed.
The corporation of [name of corporation] is responsible, under the requirements of the Further & Higher Education Act 1992, subsequent legislation and related regulations and guidance, for ensuring that expenditure disbursed, and income received, are applied for the purposes intended by Parliament, and the financial transactions conform to the authorities that govern them.
Our responsibilities for this engagement are established in the United Kingdom by our profession’s ethical guidance and are to obtain limited assurance and report in accordance with our engagement letter and the requirements of the Code. We report to you whether anything has come to our attention in carrying out our work which suggests that in all material respects, expenditure disbursed and income received, during the period 1 August 20XX to 31 July 20XX have not been applied to purposes intended by Parliament or that the financial transactions do not conform to the authorities which govern them.
We conducted our engagement in accordance with the Code issued by ESFA. We performed a limited assurance engagement as defined in that framework.
The objective of a limited assurance engagement is to perform such procedures as to obtain information and explanations in order to provide us with sufficient appropriate evidence to express a negative conclusion on regularity and propriety.
A limited assurance engagement is more limited in scope than a reasonable assurance engagement and consequently does not enable us to obtain assurance that we would become aware of all significant matters that might be identified in a reasonable assurance engagement. Accordingly, we do not express a positive opinion. Our engagement includes examination, on a test basis, of evidence relevant to the regularity and propriety of the corporation’s income and expenditure.
The work undertaken to draw to our conclusion includes:
In the course of our work, [except for the matters listed below] nothing has come to our attention which suggests that in all material respects, the expenditure disbursed and income received during the period 1 August 20XX to 31 July 202XX[footnote 13] has not been applied to purposes intended by Parliament, that the financial transactions do not conform to the authorities that govern them nor have been improper.
Including all institutions which are designated under Section 28 of the Further and Higher Education Act 1992. ↩
The Seven Principles of Public Life provide further guidance. ↩
The exchange of assurance statements will cover assurance over non-ringfenced AEB. Additional requirements may be put in place in respect of AEB ringfenced for the purposes of the National Skills Fund. ↩ ↩2 ↩3
Corporations should be mindful of the insolvency regime for further education bodies. ↩
HM Treasury’s audit committee handbook may be a useful reference point. ↩
Corporations should consider whether staff-governor members of an audit committee meet good practice standards of independence and objectivity. ↩
Corporations should refer to the whistleblowing requirements set out in their funding agreements. ↩
Since corporations are not central government bodies, MPM does not apply to them in its entirety. However, as bodies that are substantially publicly funded, corporations are covered by a number of the themes set out in MPM. ↩
See International Standard on Assurance Engagements (ISAE) 3000 Revised, Assurance Engagements Other than Audits or Reviews of Historical Financial Information. ↩
See International Standard on Auditing (UK) 315 and International Standard on Auditing (UK) 250A. ↩
As defined in: Matters of Material Significance reportable to UK charity regulators. ↩
Amend dates as necessary to reflect extended period or short period accounts. ↩
Amend dates as necessary to reflect extended period or short period accounts. ↩
Don’t include personal or financial information like your National Insurance number or credit card details.
To help us improve GOV.UK, we’d like to know more about your visit today. We’ll send you a link to a feedback form. It will take only 2 minutes to fill in. Don’t worry we won’t send you spam or share your email address with anyone.
- Virtual Delivery
- Human Capital
- Assurance Services
- Research & Benchmarking
- Innovation Solutions
- Financial Solutions
- Private Sector
- Retail & Consumer Products
- Real Estate & Construction
- Private Equity
- Natural Resources
- Manufacturing & Distribution
- Life Sciences
- Industry 4.0
- Government Contracting
- Gaming, Hospitality & Leisure
- Financial Institutions & Specialty Finance
- Assest management
- Public Sector
- Third Sector
- Private Sector
- About Us
- Industry Updates