Audit and Risk Committee Assurance Report - February 2026
Meeting: Trust Board – Public Meeting
Date: 11 February 2026
Report Title: Audit and Risk Committee Assurance Report
Agenda Item: PUB26/02/5.3
Committee Date: 12 November 2025
Meeting Chair: George Lynn, Non-Executive Director and Committee Chair
Meeting quorate: YES
Purpose: Assurance
| Link to EEAST’s Strategic Missions: | |
|---|---|
| Patient Mission | X |
| Partnership Mission | X |
| People Mission | X |
| Productivity Mission | X |
Summary of Items considered at the meeting:
| Issue | Consideration | Resolution / Outcome | Assurance |
|---|---|---|---|
| Directorate Risk Register Deep-dive: Finance | Overview of risk register for Finance | There are 7 risks on the risk register – all scoring residual priority less than 15 Financial performance (12), Valid staff data not provided in a timely/accurate manner – manual systems (12), QCIP delivery 25/26 (9), Tax compliance (9), Fraudulent working when sick (4), Cash balances & flows not managed (9), Implementing Internal Audit recommendations (9). Reviewed risk register analysis & noted the related commentaries. | Substantial |
| BAF & Risk Management Update | Review of Strategic Risks and BAF Framework, Corporate Risk Register & Risk KPIs | Noted further changes to the BAF since the last meeting. Recognised that this remains work in progress. Noted that the BAF development needs to be driven by the respective committees before the ARC can provide oversight assurance on its workings. Noted that we will also discuss this in the later item on governance. | Reasonable |
| Sub-Group Assurance Report: CRG | Report on levels of assurance provided in areas reported to CRG at its last meeting (October 2025) | Noted that three groups reported – Risk Management Group, Information Governance Group & Data Quality & Security Group. There were three areas for escalation to AC identified by CRG: a) Need to be proactive in identifying emerging risks and alignment with board/committee agenda’s. b) Continued high SARS compliance (90%) & training to 93%. c) High assurance around data security. FOI compliance rates improving but still a risk of ICO enforcement. | Reasonable |
| Attestation of Trust Seal Q1, Q2 & Q3 (to date 2025-26 | Report detailing the instances when the Trust Seal had been used during Q1, Q2 & Q3 (to date) 2025-26 | We noted that there had been four occasions when the seal had been attested – all property transfer related | Substantial |
| Gift, Hospitality Register & declarations of Interest update Q1& Q2 2025-26 | Report to ARC to review gifts & hospitality received in Q1 & Q2 2025-26 | Noted items listed in the register. The most expensive covered eight firms spending £24k in total to sponsor Stars of East Awards. | Reasonable |
| Regulatory Compliance Monitoring Process | Update on system developments to ensure safety, quality & accountability arrangement with Regulatory Bodies | Noted that the responsibility for processing CQC, Ofsted & HSE compliance now sits in one directorate. Digital platform to be developed for completion March 2026. | Reasonable |
| Independent Governance Review | Receive an external independent review on the Governance arrangements and assurance across EEAST | Review noted the Board’s desire to improve governance arrangements. Noted the development needs identified and the planned programme over 90 days to provide a set of prioritised recommendations. | Limited |
| Risks, Assurance & Executive Accountability | Note on ELT approved statement on Executive Responsibility for Trust Risk Registers & the BAF. | Noted that Executive Directors have been designated as Senior Responsible Officers (SRO) for their directorate & BAF risks. The aim is to: Enable risk awareness to support Committee & Board Agendas, and Strengthen directorate risk management discipline | Limited |
| Information Governance & Data Security Protection Toolkit (DSPT) updates | Update on the Trust’s current position with respect to: Digital Security Protection Tool compliance, Subject Access Requests compliance and, FOI Request compliance | Noted: 2024-25 CAF-DSPT – “Approaching Standards”, 2025-26 CAF-DSPT released few changes from previous year – baseline submission 3/12/25. IG breaches at 22/mth judged to be low level breaches with average of 2 pm. reported to ICO. IG training compliance is stable at 93%. SAR Compliance in last 10 months – 90%. FOI compliance for last 3 months over 70%. Noted further follow-on meeting with ICO in October – awaiting formal written response. | Reasonable |
| Treasury Management Policy – Annual Review | Trust is required to review & update Treasury Management Policy on an annual basis | Noted the proposed amendments to the policy and approved the policy | Substantial |
| Charitable Funds Annual Report & Accounts 2024-25 | ARC has a delegated role in reviewing the Charitable Funds annual accounts and recommending the Board to approve as Trustee. | Reviewed the Charitable Funds Annual Accounts and recommended adoption by Board | Reasonable |
| Financial Management - Losses and special payments | Quarterly Report on compliance with HM Treasury 2023 publication “Managing Public Money” – (July - September 2025). | Noted 11 losses & ex-gratia payments (July-September 2025) totalling £203.2k. YTD 2025-26 £321.3k | Reasonable |
| Financial Management - Tenders & Waivers | Report on Tenders and Waivers Qtr 2 (July– September 2025) | Noted the Trust waivered £562,919 of non-pay period in Q2 (amounting to 10 in total). Noted support for procurement team to continue to reduce levels of retrospective tenders. | Reasonable |
| Modern Slavery – monitoring of breaches | EEAST Modern Slavery Statement approved by Board 9 July 2025. ARC to monitor breaches | Noted that no breaches of modern slavery regulations have been reported within the trust suppliers or wider supply chain | Reasonable |
| Counter Fraud progress | Update on Counter Fraud team since May 2025 meeting, | Noted continuing progress in managing fraud across EEAST. There are currently 16 open investigations, 12 new referrals and 3 have been closed since the last report. Noted the increased instances of staff fraudulently working whilst signed off sick. This behavioural issue was referred to People Committee for consideration | Reasonable |
| Internal Audit Progress Report 2025-26 | RSM (new internal auditors) provided report on their IA work (since July 2025) for 2025-26. | Noted RSM’s first finalised report on Freedom to Speak Up. Noted update on Rolling Hours fieldwork and wider IA issues across the NHS. | Reasonable |
Matters for escalation or referral:
| Issue | Resolution | Reason |
|---|---|---|
| Increased instances of staff fraudulently working whilst signed off sick | People Committee | Behavioural issue with staff needs to be considered |
