Part 4: Financial management and oversight
Financial management and oversight arrangements which independent training providers must have in place.
4.1. The independent training provider’s (ITP’s) management team is responsible for maintaining robust oversight of their publicly funded delivery and for financial affairs, stewardship of assets and proper and effective use of resources to maximise outcomes for learners.
4.2. Sound governance, robust financial and risk management, clear internal frameworks, and strong assurance processes are basic control principles which can be achieved through a tiered approach, including:
- clearly communicated policies, procedures, structures, and training of staff
- internal controls which include appropriate supervision and checks by managers
- a clear plan for all aspects of budgetary management
- risk management procedures
- internal review, including internal audit
- external audit
4.3. Clear lines of leadership, including a clearly identified person/role responsible for financial matters creates clarity and accountability. For ITPs, the person could be a chief financial officer, a finance director, finance manager, or the business owner in smaller organisations. The person should have skills and knowledge, consistent with the delivery of publicly funded training, appropriate qualifications, and membership of professional bodies depending upon the type and size of organisation.
4.4. ITPs should plan carefully to ensure they can effectively deliver the public funding they have received. Planning should include:
- ensuring that financial plans are prepared and monitored, satisfying itself that the organisation has sufficient cashflows to operate, remains a going concern and is financially sustainable
- taking a longer-term view of financial planning consistent with the length of contracts to deliver training
- setting accurate and realistic budgets and ensuring rigour and scrutiny in budget management, including considering lessons learned from budgeting in previous years
- monitoring the budget. This should include preparing regular management accounts, preparing forecasts, reviewing and addressing variances between actual and budgeted income/expenditure, measuring performance against key financial indicators, understanding potential liabilities such as VAT, and acting quickly when any financial performance issues are identified
4.5. The remainder of part 4 below outlines financial management and oversight arrangements and how they apply to ITPs depending upon their funding group.
| More than £8 million | More than £1 million up to £8 million | More than £100,000 up to £1 million | Up to £100,000 |
|---|---|---|---|
| Required | Required | Required | Required |
4.6. To submit annual accounts, approved by the board, to ESFA within the timescales set out in the table below, using submission methods determined by ESFA and following any published ESFA guidance outlining the criteria required for the accounts.
Time to submit accounts to ESFA after ITP’s year-end
| Period in which the ITP’s accounting year commences | More than £8 million | More than £1 million up to £8 million | More than £100,000 up to £1 million | Up to £100,000 |
|---|---|---|---|---|
| 1 August 2024 to 31 July 2025 | Within 7 months[1] | Within 9 months | Within 9 months | Within 9 months |
| 1 August 2025 to 31 July 2026 | Within 5 months[1] | Within 7 months | Within 7 months | Within 9 months |
| On or after 1 August 2026 | Within 5 months | Within 5 months | Within 5 months | Within 9 months |
4.7. To protect learners and to be able to support ITPs, it is important that ESFA knows as early as possible about the actual financial health of ITPs via their annual accounts. The current deadlines, which align with statutory filing deadlines required by Companies House or the Charity Commission, often mean it is too late for ESFA to identify financial risks or make effective decisions to help. Earlier submission will also enable ESFA to make better informed decisions about future funding allocations.
4.8. As set out in the table above, most ITPs[2] will be required to submit annual accounts to ESFA within 5 months of their year-end. This will achieve earlier clarity over the ITP’s latest annual financial performance and position, a strong feature of sound financial management. It will also align with the 5-month deadline colleges and higher education institutions have to submit accounts to ESFA and the Office for Students respectively. However, ESFA is aware that this could impact on existing business and audit cycles, particularly for ITPs with group structures. Therefore, ESFA will phase in earlier submission of accounts over a period of time as set out in the table above.
| More than £8 million | More than £1 million up to £8 million | More than £100,000 up to £1 million | Up to £100,000 |
|---|---|---|---|
| Required | Required | Required | Discretionary |
4.9. To maintain a rolling cash flow forecast, which sets out the expected financial position for the organisation for the next 12 months. This will enable ITPs to plan and budget for changes in income and manage funding cycles. Additionally, some ITPs will be required to submit a more detailed forecast to ESFA from time to time as per the financial forecast guidance; those ITPs in scope will be notified individually by DfE/ESFA.
| More than £8 million | More than £1 million up to £8 million | More than £100,000 up to £1 million | Up to £100,000 |
|---|---|---|---|
| Required | Required | Required | Required |
4.10. To submit financial health records as required by DfE/ESFA.
4.11.ESFA monitors the financial health of ITPs it allocates funding to. This enables ESFA to support ITPs which encounter financial problems and helps prevent public funds from being allocated to ITPs which might not be able to deliver the contracted level of provision.
4.12. ITPs must inform DfE/ESFA of any financial difficulties that could impact upon contract delivery, as well as following contractual requirements to inform DfE/ESFA of any change of name, ownership, control, or investment structure.
| More than £8 million | More than £1 million up to £8 million | More than £100,000 up to £1 million | Up to £100,000 |
|---|---|---|---|
| Required | Required | Recommended | Discretionary |
4.13. To have a counter fraud and error policy and procedures, including mechanisms to report suspected fraud and error to DfE/ESFA, and to provide training to all staff working on DfE/ESFA-funded contracts on fraud awareness/indicators. Ideally, the policy and procedures should be a standalone document, but could be part of wider operational documents an ITP may already have.
4.14. ITPs must be aware of the risks of fraud, theft and irregularity and mitigate them by establishing proportionate controls. ITPs must take appropriate action where fraud and error, theft or irregularity is suspected or identified. For further advice see the Action Fraud website.
4.15. ITPs must also be aware of the risks from cybercrime, establish proportionate controls and take appropriate action where a cyber security incident has occurred.
4.16. DfE/ESFA supports the National Crime Agency’s recommendation not to encourage, endorse, or condone the payment of ransom demands. Payment of ransoms has no guarantee of restoring access or services and is likely to result in repeat incidents.
4.17. Fraud is a serious threat to ITPs and prevention is the first line of defence. It is important that ITPs also have sufficient measures to protect themselves and public funds against the threat of fraud.
4.18. What to include in a counter fraud and error policy:
- how the ITP assesses the risk of fraud and error
- which areas of the ITP are potentially vulnerable to fraud and error
- a list of potential fraud and error indicators
- details of how the ITP raises awareness of fraud and error internally, how they aim to prevent and detect fraud and error, and how they investigate and sanction suspected internal and external fraud and error
- how the ITP tests its internal systems to assess robustness against fraud and error.
- a list of policies, procedures, and prevention methods, the ITP has to help counter fraud and error
- a list of responsibilities for named job roles relating to counter fraud and error.
- definitions of fraud, bribery and corruption as set out in UK Law
4.19. ITPs must notify DfE/ESFA as soon as possible, of any instances of fraud or suspected fraud, theft and/or irregularity linked to DfE/ESFA-funded delivery.
| More than £8 million | More than £1 million up to £8 million | More than £100,000 up to £1 million | Up to £100,000 |
|---|---|---|---|
| Required | Required | Recommended | Discretionary |
4.20. To have risk management policies and procedures, which are updated on a regular basis. These would include:
- a risk management policy – outlining the overall strategy for managing risk
- a risk register – listing and ranking current and potential future risks. Consider impact versus likelihood and potential mitigations
- a business continuity policy – outlining how learning delivery can continue in exceptional circumstances
- a conflict of interest policy – covering how the organisation manages conflicts of interest between their contracted delivery of DfE/ESFA funding and any other interests they or individuals in the organisation and their related parties might have
4.21. Ideally, the policies would be standalone documents but could be part of a wider operational manual used by the ITP.
4.22. ITPs can help protect themselves and public funds from financial and other risks by having mechanisms to identify, prevent, mitigate, record and deal with risks that may arise. It is also important to have business continuity plans to ensure, wherever possible, learning can continue to take place in changing circumstances.
| More than £8 million | More than £1 million up to £8 million | More than £100,000 up to £1 million | Up to £100,000 |
|---|---|---|---|
| Required | Required | Required | Discretionary[3] |
4.23. To have a whistleblowing policy that is readily accessible to all employees, who carry out any work related to DfE/ESFA-funded delivery. The policy must include details of how to make a disclosure directly to DfE/ESFA, including a reference to ESFA’s guidance (How ESFA handles whistleblowing disclosures) or a link to the document. The policy could be organisation wide or specific to DfE/ESFA-funded delivery. Ideally the policy should be a standalone document but could be part of a wider suite of documents an ITP might already have.
4.24. What to include in a whistleblowing policy:
- how to make an internal whistleblowing disclosure
- details of how the ITP deals with a whistleblowing disclosure, including timescales for doing so
- how the person making the disclosure will be protected
- a link to the document titled Whistleblowing for Employees on the GOV.UK website
- a link explaining how to make direct disclosures to the ESFA
- a link to the Protect website (formerly ‘Public Concern at Work’), which is a whistleblowing charity that advises and supports individuals and organisations
[1] May apply for an extension to the submission date of up to 2 more months.
[2] ITPs which only contract with DfE to deliver Skills Bootcamps are exempt from submitting accounts annually to DFE / ESFA, as DfE has alternative arrangements for assessing providers’ financial health.
[3] Whilst these ITPs are not required under the handbook to have all the features described in paragraphs 4.23 and 4.24, they must have whistleblowing procedures as set out in their contracts of service / funding agreement.