Internal financial controls and Regulatory Standards

Context
Governing Body Statement
External Auditor’s Opinion
Matters of Governance Interest
Appendix 1 Sample Statement on Internal Financial Controls
Appendix 2 Sample Auditor’s Report on Corporate Governance Matters

Context

Our Regulatory Framework sets out the Regulatory Standards of Governance & Financial Management that all Registered Social Landlords (“RSLs”) must comply with.

To comply with Regulatory Standards, each RSL should have effective financial controls and procedures in place to identify, control and mitigate risks and have an internal audit function with an annual programme. The Governing Body is responsible for implementing an effective internal audit strategy and a system of internal financial controls.

This Advisory Guidance continues the guidance we first issued in 2014 and builds on good practice guidance previously issued by the Scottish Federation of Housing Associations (“SFHA”). The Advisory Guidance recommends that RSLs include both a Statement of Internal Financial Controls (“SIFC”) and A Report on Corporate Governance Matters (“ARCGM”) in audited accounts. The SIFC and ARCGM provide a significant level of assurance that the Governing Body has reviewed the effectiveness of the internal financial controls and the auditors have provided an independent opinion of this review.

There is no requirement under the current Regulatory Framework for RSLs to include a SIFC and ARCGM in audited accounts. This Advisory Guidance is intended to ensure the continuation of the consistent approach to including the SIFC and ARCGM in RSL audited accounts.

Governing Body Statement

This is a formal statement called the Statement of Internal Financial Controls (“SIFC”) and is included within the annual audited accounts. The Governing Body has discretion to use their own wording or use the sample wording in Appendix 1. As a minimum, the SIFC should include the following:

an acknowledgement of the Governing Body’s responsibility for the RSL’s system of internal financial control;
a description of the key procedures involved i.e. the specific high-level procedures used by the RSL and the process by which the Governing Body reviews the effectiveness of the system of internal financial control;
confirmation that the Governing Body has reviewed the effectiveness of the system of internal financial control and identified weaknesses that have resulted in material loss, contingencies or uncertainties which need to be disclosed in the audited accounts;
an explanation that the system can only provide reasonable and not absolute assurance against material loss or misstatement;
disclose any non-compliance with these requirements and the associated reasons for the non-compliance.

The SIFC should cover the period that the audited accounts refer to and comment on material events or developments which have occurred between the accounting period end and the date the audited accounts are signed.

For RSLs who are the parent of a group, the SIFC should be in respect of the group, including unregistered subsidiaries. A separate statement is required for each RSL in the group.

External Auditor’s Opinion

The role of the external auditor is to give an independent opinion on the RSL’s audited accounts and the Governing Body’s annual SIFC. This formal opinion on the SIFC is called the Auditor’s Report on Corporate Governance Matters (“ARCGM”).

This opinion should make it clear that this opinion is in addition to and separate from the external audit of the financial statements.

External auditors have the discretion to use their own wording in the ARCGM or use the sample wording in Appendix 2.

As a minimum, the external auditor’s opinion on the SIFC should include an opinion on whether or not:

the Governing Body has complied with the Regulatory Standards in relation to internal financial controls, and;
the SIFC is consistent with what the external auditors found during their audit work.

Matters of Governance Interest

Under International Standard on Auditing 260 “Communication with those charged with governance”, auditors are required to communicate matters of governance interest from the audit and discuss the implications of those issues with those charged with governance, in this case the Governing Body of the RSL.

The output and outcome from such discussions are relevant when it comes to demonstrating that the RSL has complied with Regulatory Standards. RSLs should send us a copy of communications from auditors on matters of governance interest along with the management letter and response.

Appendix 1 Sample Statement on Internal Financial Controls

The Governing Body acknowledges its ultimate responsibility for ensuring that the RSL has in place a system of controls that is appropriate for the business environment in which it operates. These controls are designed to give reasonable assurance with respect to:

the reliability of financial information used within the RSL, or for publication;
the maintenance of proper accounting records;
the safeguarding of assets against unauthorised use or disposition.

It is the Governing Body’s responsibility to establish and maintain the systems of internal financial control. Such systems can only provide reasonable and not absolute assurance against material financial misstatement or loss. Key elements of the Association’s systems include ensuring that:

formal policies and procedures are in place, including the ongoing documentation of key system and rules in relation to the delegation of authority, which allow the monitoring of controls and restrict the unauthorised use of the Association’s assets;
experienced and suitably qualified staff take responsibility for important business functions and annual appraisal procedures have been established to maintain standards of performance;
forecasts and budgets are prepared which allow the management team and the Governing Body to monitor the key business risks, financial objectives and progress being made towards achieving the financial plans set for the year and for the medium term;
quarterly financial management reports are prepared promptly, providing relevant, reliable and up-to-date financial and other information, with significant variances from budget being investigated as appropriate;
Regulatory returns are prepared, authorised and submitted promptly to the relevant regulatory bodies;
all significant new initiatives, major commitments and investment projects are subject to formal authorisation procedures, through the Governing Body;
the Audit Committee/Governing Body received reports from management and from external and internal auditors, to provide reasonable assurance that control procedures are in place and are being followed and that a general review of the major risks facing the Association is undertaken;
formal procedures have been established for instituting appropriate action to correct any weaknesses identified through internal or external audit reports.

The Governing Body has reviewed the effectiveness of the system of internal financial control in existence in the Association for the year ended <INSERT DATE>. No weaknesses were found in internal financial controls which resulted in material losses, contingencies or uncertainties which require disclosure in the financial statements or in the auditor’s report on the financial statements.

Appendix 2 Sample Auditor’s Report on Corporate Governance Matters

REPORT BY THE AUDITORS TO THE MEMBERS OF <RSL NAME> ON CORPORATE GOVERNANCE MATTERS

In addition to our audit of the Financial Statements, we have reviewed your statement on Page <NUMBER> concerning the Association’s compliance with the information required by the Regulatory Standards in respect of internal financial controls contained within the publication “Our Regulatory Framework” and associated Advisory Guidance which are issued by the Scottish Housing Regulator.

Basis of Opinion

We carried out our review having regard to the requirements to corporate governance matters within Bulletin <REFERENCE> issued by the Financial Reporting Council. The Bulletin does not require us to review the effectiveness of the Association’s procedures for ensuring compliance with the guidance notes, nor to investigate the appropriateness of the reason given for non-compliance.

Opinion

In our opinion the Statement on Internal Financial Control on page <NUMBER> has provided the disclosures required by the relevant Regulatory Standards within the publication “Our Regulatory Framework” and associated Advisory Guidance issued by the Scottish Housing Regulator in respect of internal financial controls and is consistent with the information which came to our attention as a result of our audit work on the Financial Statements.

Through enquiry of certain members of the Management Committee and Officers of the Association and examination of relevant documents, we have satisfied ourselves that the Management Committee’s Statement on Internal Financial Control appropriately reflects the association’s compliance with the information required by the relevant Regulatory Standards in respect of internal financial controls contained within the publication “Our Regulatory Framework” and associated Advisory Guidance issued by the Scottish Housing Regulator in respect of internal financial controls.