Agenda and minutes

The Chairman advised the Members present that the ESPO Constitution provides that for a quorum there should be at least three Members who were entitled to attend and vote, provided that at that least three of the Member Authorities were represented. As the meeting was inquorate until such a time as Members were present, it would be necessary for the Consortium Secretary to write to all constituent authorities to see their agreement to “decisions” reached in relation to any items considered whilst the meeting was inquorate:

[Item 1 – Minutes of the previous meeting]

[Item 4 – Global Internal Audit Standards in the UK Public Sector – Governance Documents]

[Item 5 – Annual Internal Audit Plan 2026-27]

[Item 6 – Internal Audit Service – Progress Against the 2025-26 Internal Audit Plan]

[Item 7 – Date of next meeting]

[Item 10 – Financial Performance Update – 9 months to December 2025]

[Item 11 – Budget 2026/27]

[Item 12 – Risk Review]

[It was subsequently confirmed that an additional meeting would take place via Teams to enable all constituent authorities to consider the matters set out above.]

The minutes of the meeting held on 8 October 2025 were noted.

The Chairman invited members who wished to do so to declare any interest in respect of items on the agenda for the meeting.

No declarations were made.

There were no urgent items for consideration.

Members present considered a report of the Consortium Treasurer which provided details on important governance documents required for conformance with Global Internal Audit Standards effective in the UK public sector from 1 April 2025. A copy of the report marked ‘Agenda Item 4’ is filed with these notes.

i.          It was explained that Leicestershire County Council (LCC), as the servicing authority, provided ESPO’s internal audit function and that the report outlined work undertaken under the revised global standards implemented in April 2025, with adaptations for UK public sector and local government requirements. Three governance documents were required for conformance, and equivalents would be produced by the Heads of Internal Audit at each of the consortium members, though the ones discussed were specific to ESPO.

ii.          The first document presented was the Internal Audit Charter, found at Appendix 1 of the report. Although not a new requirement, the updated standards required some changes. A template from the Chartered Institute of Internal Auditors had been used to help produce it. Changes were summarised, including the requirement for a mandate, though this mandate already existed under the Accounts and Audit Regulations 2015, and references had been updated to include the new Code of Practice discussed later in the meeting.

iii.          The second document was the Code of Practice for the Governance of Internal Audit in Local Government. It reflected the new global standards but included specific expectations for local government, noting differences such as the absence of a board and reliance on elected members. The Code set out the authority of the internal audit function, its independence, and clarified the role of the Finance and Audit Subcommittee in providing oversight.

iv.          A self‑assessment for ESPO had been produced and placed in Appendix 2, concluding generally good compliance with some required improvements graded from important to minor. Officers had tentatively agreed to these, and further discussions were expected with ESPO’s Director and Leadership Team. It was explained that timelines were tight, as the actions needed to be completed to support the annual report scheduled for October 2026. Conformance with the code would also need to be reported in the Annual Governance Statement and the annual internal audit report.

v.          The third document was an Internal Audit Strategy, a new requirement under the updated standards. Much of its content was internal to the Audit Team. A two‑year timeframe had been adopted due to uncertainties over the coming years, with the strategy placed in Appendix 3. Officers concluded by noting that some actions remained in progress and sought delegated authority to make changes, bringing back only those that were significant.

vi.          Discussion moved to the draft audit strategy, particularly the priority around improving the use of AI. Current use across the team was inconsistent, with only a few auditors using it frequently. External guidance, internal KPIs, and a previous external quality assessment had shaped the list of priorities. The team aimed to embed AI appropriately while ensuring appropriate controls. ESPO relied on LCC’s AI governance policies and mandatory training. Only base‑level AI tools (such as Copilot) were being used, and staff had been reminded to check outputs to guard against errors, and more controls might be required as AI use expanded to ensure corporate policy compliance.

vii.          Members requested for assurance that, if AI was to become an ongoing strategic aim, a report should be produced explaining the chosen targets and how AI use would be monitored. Concerns were also expressed about AI not always being sufficiently detail oriented for audit work. Officers noted that the strategy had been designed with the County  ...  view the full minutes text for item 17.

Members present considered a report of the Consortium Treasurer which sought approval of the ESPO Internal Audit Plan 2026-27. A copy of the report marked ‘Agenda Item 5’ is filed with these notes.

i.          In presenting the report the detailed approach to preparing the annual Internal Audit Plan was explained to Members, who were also reminded that the Sub-Committee was constitutionally required to receive and approve the Plan each year, and that although new internal auditing standards had updated terminology, changing “annual opinion” to “annual conclusion”, the underlying requirement for an overall assessment of governance, risk management, and control remained unchanged.

ii.          The consultation process undertaken in developing the Plan was outlined, which had included engagement with ESPO’s Director and Leadership Team, the Consortium Treasurer and Secretary, Internal Audit staff, and consideration of national developments and emerging risks. Reference was also made to external audit work, assurance mapping, the organisation’s risk register, and the rolling five‑year strategic audit plan. National horizon‑scanning had highlighted cyber security, digital disruption, and geopolitical uncertainty as key risks influencing the final Plan.

iii.          Members were informed that the proposed Plan offered balanced coverage across governance, risk management, and internal control, and included thematic reviews such as cyber security, AI, local government reorganisation, rebates, and counter‑fraud work. An element of contingency had been built in, acknowledging that emerging risks could necessitate adjustments during the year.

iv.          In response to questions, officers confirmed that audits were scheduled to minimise disruption, with interim findings shared with ESPO officers to avoid any surprises. Any revisions to the Plan during the year would be referred back to the Sub-Committee with justification.

v.          A member queried whether an audit of employee wellbeing could be added, noting an increase in stress‑related absence and expressing a desire to understand staff experience more comprehensively. Officers confirmed that a staff survey had recently been completed and would be reported to the Management Committee, and that work was commencing with Public Health on a wellbeing “index” using triangulated data. Both officers and auditors agreed that, once these outputs were available, an internal audit review could be undertaken to provide an independent assessment.

vi.          A further question was raised regarding assurance over ESPO’s data management procedures and the organisation’s capability to use data effectively to support business growth. Officers explained that many relevant controls were already reviewed under the “Key ICT Controls” audit. The Internal Audit Manager offered to provide further detail outside the meeting and noted that recent internal work had been completed on business growth, benchmarking, and value for money assessments, which could complement any additional review that members might request.

vii.          Officers confirmed that the internal audit service retained sufficient capacity to respond to issues as they emerged, including whistleblowing concerns, and that the current Plan provided comprehensive coverage.

RESOLVED:

Members present noted the contents of the report and the recommendations set out therein, as follows:

a)    That the ESPO Internal Audit Plan 2026-27 be approved.

Members requested that recommendations should be added to include the additional request for:

b)    An audit of employee wellbeing, to be scoped following the results of the staff survey and wellbeing indices work.

c)     That information on ESPO’s data management procedures and the organisation’s capability to use data effectively to support business growth be circulated to Members of the Sub-Committee.

Members present considered a report of the Consortium Treasurer which provided a summary of work undertaken by Leicestershire County Council’s Internal Audit Service (LCCIAS) during the period 23 September 2025 to 26 January 2026. A copy of the report marked ‘Agenda Item 6’ is filed with these notes.

1. Members were informed that, although the report was described as routine, it was noted that at this point in the year low throughput could have made it otherwise. Officers were therefore pleased to report positive progress.

2. It was highlighted that the 2025–26 plan incorporated any outstanding work from the previous year. The plan had originally been approved on 12 February 2025. The Sub-Committee was reminded that work continued to transition toward the new Global Internal Audit Standards applicable to the public sector.

3. The assurance levels used in reporting (full, substantial, partial, and little assurance) were briefly referenced. It was explained that any audit receiving partial or little assurance would normally include high importance recommendations, which would be followed up and monitored by the committee. However, it was reported that no high-importance recommendations had been identified to date, nor were any carried forward. Officers noted this as a positive achievement and commended the organisation for maintaining strong controls

4. Members were informed that all prior year work had been closed. For 2025–26, seven final reports had been issued, all with substantial assurance; five advisory pieces had been completed without assurance ratings; five audits were still in progress; and one planned piece of work had been cancelled as no longer relevant. An error in the papers was acknowledged, whereby the term “framework agreements” had been duplicated; the correct entry should have been “loss or reduction in business.”

5. Of the five ongoing audits, one had reached final stage, one draft had been issued to the relevant officer, and one had been reviewed and was progressing as expected. Two remaining audits, IT general controls and reconciliations and balances, were expected to run close to year‑end due to sampling requirements.

6. Regarding the cancelled audit on framework agreements, it was explained that this had been initially proposed due to an external audit finding. However, further review and challenge showed that the finding was inaccurate; appropriate controls existed through exchange of letters and confirmations of awards. Therefore, the internal audit work was deemed unnecessary. Officers noted that if future external auditors raised the issue again, the job would be reinstated.

7. It was confirmed that there were no high importance recommendations, and Members expressed satisfaction with this outcome.

8. Before concluding, officers reported that internal audit reports should be shared with the Consortium Members’ own Heads of Internal Audit to support the sector‑wide approach to relying on other assurance providers. Reports would therefore be shared once formally approved.

RESOLVED:

Members present noted the contents of the report, and the recommendation set out therein, as follows:

a)    Noted the progress update received for the 2025-26 Plan.

b)    Noted that there are no high importance recommendations within the Sub-Committee’s domain.

The next meeting of the Subcommittee is scheduled to take place on DAY & DATE 2024 at 10.30am.

RESOLVED:

It was noted that the next meeting of the Sub-Committee would be held on 7 October 2026, at 10.30am.

The public are likely to be excluded during consideration of the remaining items in accordance with Section 100(A)(4) of the Local Government Act 1972 (Exempt Information).

RESOLVED:

That under Section 100(A) of the Local Government Act 1972 the public be excluded from the meeting for the remaining items of business on the grounds that it would involve the likely disclosure of exempt information as defined in paragraphs 3 and 10 of Schedule 12A of the Act, and, in all circumstances, the public interest of maintaining exemption outweighs the public interest in disclosing the information.

Members present considered a joint report of the Chief Officer of ESPO and the Consortium Treasurer, which provided an update on the financial performance of ESPO for the nine months to December 2025. A copy of the report marked ‘Agenda Item 10’ is filed with these notes.

The exempt report was not for publication as it contained information relating to the financial or business affairs of a particular person (including the authority holding that information).

Arising from discussion, Members discussed and asked questions on the following:

• Expected surplus totals and the financial forecast.
• Product margins and review of product ranges.
• Reduction in variable costs, staffing efficiencies, and reduction in overhead costs.
• International sales and shipping locations.

RESOLVED:

Members present noted the update provided on the financial performance of ESPO for the nine months to December 2025.

Members present considered a joint report of the Chief Officer of ESPO and the Consortium Treasurer, which provided an update on the financial performance of ESPO for the nine months to December 2025. A copy of the report marked ‘Agenda Item 10’ is filed with these notes.

The exempt report was not for publication as it contained information relating to the financial or business affairs of a particular person (including the authority holding that information).

Arising from discussion, Members discussed and asked questions on the following:

• Recognising the fall in pupil numbers nationally and the challenges to the business.
• Reductions on competition and increasing market share.
• Growth areas and targeting based on data.
• Growth in digital supplies.
• Own brand product margins.
• Quality control of products and online product reviews.
• How Members’ dividend was calculated.
• Warehouse capacity and current stock.

RESOLVED:

Members present noted the budget 2026/27 for submission to the Management Committee for approval.

Members present considered a joint report of the Chief Officer of ESPO and the Consortium Treasurer, which provided an overview of ESPO’s risk landscape. A copy of the report marked ‘Agenda Item 12’ is filed with these notes.

The exempt report was not for publication as it contained information relating to the financial or business affairs of a particular person (including the authority holding that information).

Arising from discussion, Members discussed and asked questions on the following:

• There were no changes to the risk profile.
• Global supply change had settled and the risk had been reduced accordingly.

RESOLVED:

Members present noted the overview of ESPO’s risk landscape.