RSH ARAC minutes - 19 January 2026 (accessible version)
Published 10 July 2026
Applies to England
Public minutes of the Audit and Risk Assurance Committee meeting
on Monday 19 January 2026 at 09:00 MSTeams meeting
8 - Remote and virtual participation
8.1 - Any member may validly participate in a meeting through the medium of conference telephone, video conferencing or similar form of communication equipment, provided that all persons participating in the meeting are able to hear and speak to each other throughout such meeting, or relevant part thereof. A member so participating shall be deemed to be present in person at the meeting and shall accordingly be counted in a quorum and entitled to vote.
8.2 - A meeting shall be deemed to take place where the largest group of those members participating is assembled or, if there is no group which is larger than any other group, where the Chair of the meeting is.
Members
- John Liver (JL) - Chair
- David Cassidy (DC)
In attendance
- Bernadette Conroy (BC) Chair, RSH Board (observing)
- Shayne Coulson (SC) MHCLG Policy Lead: Affordable Housing, Regulation and Investment
- Kate Dodsworth (KD) Chief of Regulatory Engagement
- James Dunbar (JD) Head of Finance
- Lisa Harvey (LH) Audit Manager, Government Internal Audit Agency (GIAA)
- Fiona MacGregor (FM) Chief Executive and Accounting Officer
- Jenny Obee (JO) Engagement Lead, Government Internal Audit Agency (GIAA)
- Sandy Pacek (SP) Head of Corporate Services (for agenda item 11 and workshop)
- Geoff Smyth (GS) Board Member (for agenda item 6)
- Richard Smith (RS) NAO, Engagement Manager
- Emma Tarran (ERT) Senior Assistant Director Head of Legal and Company Secretary
- Jonathan Walters (JW) Deputy Chief Executive
Minutes
- Christine Kitchen
Workshop attendance
- Deborah Gregory (DG) Board Member (for workshops)
- Chan Kataria (CKa) Board Member (for workshops)
1. Welcome and apologies
01/01/26 - The Chair welcomed everyone to the meeting. There were apologies from Kalpesh Brahmbhatt (KB), member. There were apologies from the Director of Finance and Corporate Services, Richard Peden. Bernadette Conroy (BC) was attending as an observer and Geoff Smyth (GS) had been asked to join for the discussion on the IT transition audit report, because of his role in that project. Members of the Board had also been invited to join the workshop sessions at the end of formal business.
2. Declarations of Interest
02/01/26 - There were no new declarations of interest.
3. Minutes of the last meeting
03/01/26 - The minutes from 17 November 2025 were APPROVED.
4. Matters Arising
04/01/26 - The matters arising were discussed and the matters arising document will be updated for the April meeting.
07/01/25 - NAO completion report: NAO confirmed in their completion report that they do not need to report on the accrual of legal fees in subsequent audit reports. ACTION COMPLETED.
11/04/15 - NAO planning report action: NAO committed to bring a summary of actions agreed with the finance team to the April meeting. Action: NAO
13/07/25 - internal audit gap analysis: report to April meeting. Action: RSH
13/10/25 - Journal sign off: ACTION COMPLETED, update included in Finance update.
07/10/25 - 2026-27 internal audit plan: final plan after agreement to April meeting. Action: GIAA/ RSH
04/10/25 and 31-25/10/25 - forward plan of deep dives: management to consider and agree topics for rest of 2026. Action: RSH
5. Forward Planner
05/01/26 - Members NOTED the forward planner – action NOTED to add topics for in depth assurance topics. Post meeting note: JL has asked that the in-depth assurance workshop on the regulation of LARPs is brought back for a further discussion to the April meeting. Action: FM/JW CK
6. GIAA Progress report
06/01/26 - LH introduced the report and reported Q4 audits are on-track for completion by year end, despite delays to the start of some of the audits. She advised that part 1 of the HR audit (Operations) is due to complete shortly and I&E casework procedures field work has started. Subject to agreement with Management, the draft ToR for part 2 of HR audit (capacity and workforce planning) and ToR for new regulatory processes and assurance will be finalised and the audit work will begin.
07/01/26 - DC questioned the number of audits remaining in Q4 and whether this was just this year. JW confirmed this has been an unusual year, and whilst not ideal, the nature of the two complex (HR and I&E) audits, it was important that the ToR for these were right, hence they have been delayed while the ToR are OFFICIAL SENSITIVE - COMMERCIAL finalised. FM added that we also brought forward some of the 2026-27 audits into this year which has exacerbated this situation but is unlikely to happen in 2026-27. In response to JL’s query on resources to deal with the delays, assurance was given that we do have resources, and getting the ToRs right will help ensure that our resources are deployed to best effect.
08/01/26 - The GIAA recommendations on audits with open and overdue/extended actions were discussed and JO re-iterated the decision to no longer report on overdue actions where they have been extended but gave assurance these will still be monitored. GIAA have had management responses and are content actions are being managed, and the report at agenda item 11 provided management updates on the open actions from five audits. Action: JW
09/01/26 - Action updates:
- IT controls: will be discussed as part of the audit report.
- Capacity and capability and Resourcing and resilience: the actions from these two audits are progressing through work on the people plan.
- Registrations: some of these actions have been overtaken by strategic discussions and will be addressed in line with the discussion document and changes to standards. We should be able to close this down, whilst accepting that there will be longer term actions as part of the regulatory construct work. KD confirmed that the less strategic actions will be closed off shortly.
- Safe Harbours: will be closed as per extended date.
0/01/26 - JL and DC welcomed the updates. JL requested that there is an update provided to the next meeting setting out the “tactical vs strategic” actions and the approach being taken to address these, with approval from GIAA. DC agreed that a more refined update in the context of key workstreams will be helpful. Action: JW
11/01/26 - JL thanked GIAA for the supplemental documents and asked for some more information in respect of the ALB proportionate approach to audits. LH explained this approach was aimed at smaller organisations offering a fixed 100-day set audit plan that would provide a moderate level of assurance as the highest grade. Currently the RSH is at a similar level of audit days, but the flexible approach to the audit plan does allow more tailored audits and higher levels of assurance where applicable. She offered to provide more information if ARAC wished, but this is at a trialling stage for the GIAA, so there is not much evidence available now. JL asked for views from management on this approach and FM said that we could discuss this further with GIAA, however the bespoke approach we currently have is working well and there is evidence that some of the audits have proven to trigger strategic thinking for management and ARAC. Also, we would not be content with just a moderate assurance rating. She agreed to discuss further with GIAA and update ARAC in April. Action: FM/JW/ GIAA
IT Transition
12/01/26 - GS joined the meeting for this discussion. JL thanked GIAA for a good report. LH confirmed that this was an advisory audit and therefore no assurance grade will be provided, but its findings and recommendations will be considered as part of the overall assurances for the RSH. JL invited management to comment on the areas flagged in the report.
13/01/26 JW acknowledged the findings of the report but pointed out that we have a good record elsewhere of successful project management, so ARAC should not take this as evidence of wider problems with our project management function. There was also acceptance from management that the project was not a simple lift and shift as originally planned and the findings in the report were fair.
14/01/26
15/01/26 - JW committed to providing the April ARAC meeting with a report on the internal and department’s lessons learned exercises and GIAA offered to conduct a review of progress made, should we require them to do so. JL thanked GIAA for their reports. GS left the meeting. Action: JW
7. NAO update
15/01/26 - RS provided a verbal update and advised that we have a new Engagement Director, Susan Clark. JL asked that an introductory call is arranged between him and Susan as soon as possible. POST MEETING NOTE: call arranged for 10 February 2026.
16/01/26 - RS advised that the review of the new fraud and revenue recognition risk last year, had gone well and as a result the risk level will be reduced for 2026-27. The other two risk areas, which are standard (Management override and Defined Benefit pension scheme), will remain in scope. In addition, the upgrade to the SAP system will impact the RSH accounts and will be reflected in the audit plan report to the April ARAC. JL thanked RS and JD.
8. Finance Governance report
17/01/26 - JD presented this as the standard report. He highlighted the following areas:
- IT asset depreciation: new laptops depreciation extended from 3 to 4 years.
- SAP: JD advised that a manual check will be conducted at regular intervals.
9. Procurement Policy
18/01/26 - JD presented the revised draft policy to provide ARAC with an enhanced overview before the policy is signed off. The review was conducted in line with the new procurement rules and includes our learning from the last 4 years. Members noted the various areas in the paper and JD mentioned the conflict of-interest point, making clear that any conflicts of interests raised in respect of procurements, will be recorded on the RSH DoI register. He also advised the policy will now facilitate enhanced reporting to ARAC on the strategic supplier and contract management process. ARAC NOTED the revised draft procurement policy.
10. Civil Service Pension transfers
19/01/26 - JD gave members a verbal update.
11. Strategic Risk Register (SRR)
20/01/26 - SP joined the meeting and presented the paper for the regular review of the SRR by ARAC. The register shows the changes to risks in Q3 none of which are material or impact the scores. The digital risk is being reviewed separately by the DDAT project board. Members discussed the SRR and specifically capacity and capabilities, stakeholder expectations. It was agreed that we need to return to what we do about “above appetite” risks and our tolerance levels and this could be discussed in the scheduled risk workshop. We need to consider if we can be more nuanced on appetite within a category; It was agreed that the executive would take away and explore more in-depth the question of organisational trade-offs in relation to risk appetite statements, and report back to ARAC. Conversations on risk tolerance will follow. Action: RET
12. Internal Audit Actions
21/01/26 - The paper was NOTED and had been discussed as part of the GIAA report and recommendations.
13. Any other business
22/01/26 - None were raised. JL thanked everyone for their input to the discussions and closed the formal meeting.