Following the busy period of preparing the year end financial statements and filing the Academies Returns with the ESFA, now seems a good time to update on various matters that affect the Academies sector.
National non-domestic rates claims
Claims for national non-domestic rates (NNDR) for the 2017 to 2018 financial year should be completed via the online claim form by 31 March 2018. The claim form can be found here.
Trusts with more 250 or more employees
- Gender pay gap reporting: Trusts are required to publish their gender pay gap data on their website and the government’s online gender pay gap reporting service. This must be done no later than 30 March 2018.
- Apprenticeship target: From April 2019, Trusts will be required to report the number of people they employed as new apprentices between April 2018 and March 2019. Regulations require public bodies with 250 or more staff to aim to employ at least 2.3% of their headcount in England as new apprentices between April 2017 and March 2021.
The ESFA recently wrote to the Chairs of Single Academy Trusts where a Trust employee was paid a salary in excess of £150k and asked for rationale for this level of pay. The ESFA will also be shortly writing to MATs where this applies too.
The ESFA are likely to challenge such remuneration where educational performance declines and where senior pay increases at a rate faster than that of the teachers’. It is therefore vital that a trust’s executives and its board of trustees can feel confident that the level of pay set is appropriate and in line with the educational performance and efficiency of the Trust. They should also ensure that the process for setting pay is robust and transparent.
Making Tax Digital – VAT
Making Tax Digital is on its way for VAT periods beginning on or after 1 April 2019. All taxpayers who are VAT registered will only be able to submit the figures from accounting software or specially enabled spreadsheets. If you are currently using one of the accounting software packages, you should check what the provider is doing to upgrade to the MTD compatible software and what they will be charging for this. It may be time to consider changing providers or outsourcing the preparation of the VAT returns. Further information can be found here.
On 25 May 2018 the General Data Protection Regulation (GDPR) will come into force. This is a significant shake up of data protection and means that any organisation processing or controlling personal data in the European Union must comply with the legislation. Brexit doesn’t change this reality.
GDPR should be seen as an opportunity to carry out an audit of the existing data protection processes to identify and remove bad practices and inappropriate procedures. It’s vital that Trusts are already taking steps to ensure they are GDPR compliant from 25 May, which also involves ensuring entities along your data supply chain are compliant.
Compliance with returns
The ESFA is taking a firmer stance on non-compliance with submission deadlines and will publish a list of those Trusts who are late, or do not submit, two or more of the annual financial returns, including the financial statements and management letter. The first list, covering the 2017/18 academic year, will be published in September 2018 and future lists will be published every September.
Lord Agnew recently wrote to all Chairs of Academy Trusts in England to highlight, amongst other things, the importance of ensuring that your Trust’s governance contacts details are up to date. Where a member, trustee or accounting officer changes, the ESFA must be notified via the governance section of EduBase within 14 days
A copy of Lord Agnew’s full letter can be found here.
Business continuity plans
The demise of Carillion Plc, a key supplier of services, has highlighted the need to have robust business continuity plans in place. We recommend Trusts take the opportunity to review their current business continuity plans and ensure it is sufficiently detailed to minimise the level of disruption in the event of a disaster. The plan should cover a range of scenarios and may include (but not limited to): accident on premises; widespread illness; loss of premises; loss of communications; cyber-attacks; loss of key staff; fraud; and loss of supplier.
Cyber fraud is increasing in volume and scale and unfortunately schools are not exempt from being targeted. A common fraud occurs when a fraudster contacts a member of staff with responsibility for authorising financial transfers and requests for a one off, typically urgent, bank transfer. Contact is by email and from a similar email address to the one the headteacher would use. These small differences are often hard to spot and can result in substantial financial losses for the school.
There are things that can be done to protect against cyber fraud:
- Any urgent payment requests from the headteacher should be confirmed verbally. Often a fraudster will target when they know the headteacher is unavailable, such as on holiday, and where this is the case payment should not be made.
- Emails (and letters) from a supplier requesting a change of bank details should be confirmed verbally with your usual contact using your usual telephone number. Do not use the telephone number on the change of details request.
- Do not open attachments or click on links from unknown sources. For a link, hover your mouse pointer over the link to reveal it’s true destination. Beware if this is different from the email text.
- Ensure your anti-virus software is up to date. Malware can be used to remotely access accounts packages and edit existing beneficiaries. The payment file created by the accounts package will then use the fraudsters amended accounts details, rather than the genuine supplier or staff details.
- Ransomware is becoming more common. One way to protect yourself from such an attack is to take regular backups stored remotely from your computer or network.
We recommend that Trusts carry out a fraud risk assessment to determine the Trust’s level of fraud exposure. Training should be given to all staff to ensure that they are aware of the risks, which will minimise the opportunity for frauds to be successful.
More advice and information can be found at the National Cyber Security Center’s website: Cyber Essentials.
If you have any concerns over anything mentioned above, please contact Alex Bottom or your audit manager who will be happy to help.