Audit and Accountability Committee - 31 July 2025
Attendees:
Audit & Accountability Committee
Elizabeth Humphreys (Chair)
John McCroskie (JMcC) (via MS Teams)
Kate Thomson (KT)
Lena Collins (LC)
Michelle Wailes (MW)
Robert Scott (RS)
Police Investigations and Review Commissioner
Irina Wilkie Head of Communications (observer) (IW)
Jennifer Fisher Executive Assistant (Secretariat) (JLF)
Laura Paton Commissioner (LP)
Phil Chapman Director of Operations (PC)
Sharon Smit Head of Corporate Services / Accountable Officer (SS)
SG Directorate of Internal Audit and Assurance
Iain Burns Lead Senior Internal Audit Manager, SG Internal Audit Division (IB)
Welcome, Introductions, Apologies and Declarations
Welcome and Introductions
The Chair opened the meeting by welcoming all attendees and formally introduced Kate Thomson as a co-opted member of the PIRC Audit and Accountability Committee (AAC).
Apologies
Apologies were received from Brian Battison, Audit Manager, Audit Scotland.
Declarations
Members made no declarations of interest.
Minutes and Actions arising from previous meeting.
Minutes
The minutes of the May 2025 meeting were approved as an accurate record of the meeting.
Action Log
The action log was reviewed – all concluded actions were removed from the working log.
Notice of any instance of Actual, Suspected or Alleged Fraud
SS confirmed that no incidents of actual, suspected or alleged fraud were reported during Quarter 1 (Q1) of 2025/2026.
Members noted the update provided.
The Chair requested that where no reportable instances have occurred within the quarter, this is noted on the report cover circulated to members in advance of meetings. A verbal update can be given at the meeting should the position have changed.
PIRC Policy Documents
Draft – PIRC Whistleblowing Policy
SS briefed members on the current draft of the PIRC Whistleblowing Policy, circulated in advance of the meeting. It was noted that the policy remains under review by the Senior Leadership Team (SLT), with further amendments and updates under active consideration. SS confirmed that the finalised version of the policy would be shared with members once available.
During discussion of Section 3 – Procedures for Raising a Whistleblowing concern – KT sought clarification on what ‘other’ agencies PIRC may notify in circumstances other than, where a criminal offence is suspected, which would obviously be directed to COPFS. PC proposed that any agencies listed as Prescribed Persons on appendix 3, could be contacted where appropriate.
SS agreed to review the wording of the relevant paragraph and provide an additional example illustrating when concerns might be escalated to another prescribed organisation.
KT further noted that the current draft of the policy does not reference the role of the AAC Chair. SS acknowledged this oversight and agreed to incorporate additional detail regarding the AAC Chair’s role and responsibilities in relation to the whistleblowing process.
LP advised that the SLT had held detailed discussion regarding the role and responsibilities of the Internal Whistleblowing Officer (IWO). It was confirmed that designated staff members had been identified to undertake both the IWO and Deputy IWO roles. Arrangements are being made to secure appropriate training to support these appointments.
Members approved the policy in principle.
PIRC Policies – Renewal Schedule
SS provided members with an overview of the PIRC Policies Renewal Schedule circulated in advance of the meeting, highlighting the range of policies currently under consideration and the ongoing review programme led by the PIRC Policy Review Group. SS noted that the full policy list is reviewed at each meeting, with an explanation recorded for any policies falling outside scheduled renewal timescales. Each policy, when under review, is assessed to determine whether an annual or bi-annual review cycle is appropriate.
JMcC noted that there is currently no PIRC policy in respect of Artificial Intelligence and queried whether one might be forthcoming. In response, SS confirmed that an ‘AI Guidance for staff’ briefing paper is scheduled for review at the August 2025 SLT meeting.
The Chair noted that not all policies listed within the renewal schedule are shared with AAC members for review and/or approval and requested that the table be amended to clearly indicate which policies should receive AAC endorsement.
SS offered sight of any policies of interest to members.
MW further opined that it would be appropriate for the AAC to review and approve all policies referenced within the PIRC Annual Report initially. SS confirmed that a full set of policies provided to External Auditors, as part of their audit, would be shared with members.
Members noted the updates provided.
External Audit – Accountable Officer
PIRC Annual Audit 2024/2025
SS provided members with a verbal update regarding the audit of PIRC’s Annual Accounts for 2024/2025, which is scheduled to commence in September 2025. SS confirmed that the audit is currently in its information-gathering stage.
SS noted that audited accounts will be available for review at the November 2025 AAC meeting.
PIRC Annual Report 2024/2025
SS noted that a draft of the PIRC Annual Report 2024/2025 was circulated to members on 29 July 2025, via email. Members were invited to submit any comments or proposed amendments to SS by 15 August 2025, ahead of the report being finalised and submitted for audit. SS noted that, as in previous years, all feedback received will be collated into a centralised table for circulation. SS will confirm to members comments that are to be accepted / rejected.
LP informed members that she is currently preparing the Commissioner’s Foreword for inclusion in the Annual Report.
PIRC Business Case – verbal update
SS advised that the Business Case had been submitted to the SG Sponsor Team and is currently under consideration. The Sponsor Team has requested additional clarification and data to inform their review. The Chair asked that the submitted business case be shared with members (for information only).
External Audit 2023/2024 – Recommendations
SS advised members that the 2023/2024 external audit included a recommendation to undertake a ‘Best Value’ review. SS confirmed that this is currently ongoing and may form part of the ongoing Strategic Review going forward.
Members noted the updates provided.
Internal Audit 2024/2025 – Accountable Officer
PIRC Internal Audit Log 2024/2025
SS provided members with an overview of the Internal Audit Log for 2024/2025 circulated in advance of the meeting. SS highlighted the following.
2 outstanding actions (Health and Safety: Management of Occupational Road Risk)
KT noted an inaccuracy in the target implementation date for Action 111, and requested that it be corrected to read 18/03/2026.
MW queried whether SG Internal Audit Division would verify the 2024/2025 Internal Audit actions during this year’s audit cycle. SS advised that this has not yet been formally agreed and advised that she intends to discuss the matter further with IB.
The Chair requested that verification of the 2024/2025 Internal Audit actions be mandated, as part of the 2025/2026 audit programme and that members are advised of the outcome of any discussions.
Members noted the update provided.
Business Continuity – Head of Corporate Services
Business Continuity Test event report
SS presented the Business Continuity Test report (circulated in advance), outlining the exercise conducted on 24 June 2025, via MS Teams.
The simulation centred on a cyberattack scenario, designed to assess staff understanding of cybersecurity protocols and test organisational response to system disruption.
The exercise demonstrated strong staff engagement and awareness, while also providing valuable insights into current preparedness levels. Several areas for targeted improvement were identified.
Members noted the update provided.
Finance – Accountable Officer
8.1 Draft PIRC Management Accounts to June 2025
8.2 2025/2026 Budget Report
SS summarised the draft Management Accounts for the period ending June 2025 (circulated in advance), and highlighted the following.
Grant in Aid (GIA) drawn down is £147k less than budget year-to-date, due to delays in both the pay award process and the public inquiry.
Staff costs are £56.5k under spent due to the pay award costs being budgeted from April 2025 but the increase had not yet been agreed. Once backdated payments are made, this variance is expected to be resolved.
Running costs are £10k overspent, attributable to the timing of accommodation invoice processing.
Legal fee underspend was noted, linked to delays in the Sheku Bayoh Public Inquiry.
Additionally, SS provided members with an update on ongoing SG Main Pay negotiations outlining the current status and key developments relevant to PIRC. Further updates will be shared as discussions progress and formal outcomes become available.
KF highlighted positive trends across key staffing indicators, including an increase in staff numbers, improved attendance, and a reduction in turnover. However, concern was raised regarding a rise in flexi-leave balances and limited progress in reducing outstanding annual leave, both of which were identified as potential risks to staff wellbeing and organisational effectiveness.
SS advised that, as the annual leave year runs from 1 February to 31 January, the current reporting period (April–June 2025) does not include leave scheduled during the July and August peak holiday period. Members should therefore expect a notable reduction in leave balances in the next reporting cycle.
In relation to flexi-time accuracy, SS reported that concerns had been raised with SG regarding accurate recording of flexi within Oracle. To address this, training was delivered in July to all staff and managers, focusing on correct recording and approval procedures to follow. Staff and managers were also asked to review entries from the previous three months to ensure accuracy.
PC and SS confirmed that managers actively promote the regular use of both annual and flexi leave, with this message consistently reinforced within staff communications.
Members noted the update provided.
Commissioner’s update
LD provided a summary of the Commissioner’s update report (circulated in advance), highlighting the following:
Sheku Bayoh Public Inquiry
No further developments have been reported beyond those contained within the circulated report. PIRC continues to await the Chair’s decision regarding the recusal application submitted by the Scottish Police Federation. A further update will be provided as soon as a formal response is received.
Meeting with the Cabinet Secretary for Justice and Home Affairs
Discussions focused on escalating workload demands on PIRC, emphasising the operational pressures created by increased volume and complexity across core functions.
Meeting with Deputy Crown Agent
Discussions around the year to date increase in death investigations being referred, and the associated resourcing challenges.
Criminal Justice Committee’s pre-budget scrutiny 2026/2027
PIRC are invited to provide views to the committee by 9 September 2025. The call for views is considered well-timed given the growing demand and workload pressures currently facing the organisation.
Further consideration will be given to a response after the outcome of the Business Case is known.
Members noted the updates provided.
Internal Audit 2025/2026 - SG Internal Audit Division
Proposed Internal Audit Action Plan 2025/2026
Internal Audit Charter 2025/2026
IB presented the proposed Internal Audit Plan for 2025/2026. The planned activity will enable SG Internal Audit Division to provide an Annual Assurance Opinion on PIRC’s governance, risk management and internal control, at the end of the fiscal year.
Two internal audits are scheduled for the period, both focus on Corporate Systems – specifically the functionality and reporting within Oracle Cloud. The first audit will examine reporting and monitoring of staff leave, including flexi-leave. The second will review payment processes.
RS requested that members be engaged earlier in the audit scheduling process for the next fiscal year – to allow for greater input into audit priorities and ensure alignment with the committee’s oversight responsibilities.
The Chair expressed her gratitude for the interim arrangements in place and formally thanked SS and IB for their input. Assurance was taken from the details set out in the circulated papers and the supporting narrative provided during the meeting.
The chair confirmed that members were content to approve the audit proposal in light of the circumstances, while noting that this approach was not typical practice. She also endorsed the identified areas of audit focus, recognising the rationale provided and the importance of reviewing high-risk aspects of the Oracle system.
Members approved the proposed plan.
Any other business
The Chair formally extended her thanks to PC for the work undertaken in compiling the departmental performance reports and the update paper relating to the Strategic Review.
Risk Management Workshop
Richard Mackie, RSM UK, led an interactive risk-focused workshop around key risk management themes;
Risk Management refresher – reinforcing shared understanding of PIRC’s risk framework
Risk Reporting and Interpretation – clarifying the AAC’s assurance role in evaluation and escalating risk
Strategic Risk Development - facilitated workshop discussion on emerging themes derived from the spring 2025 risk radar and questionnaire feedback
Outlined next steps regarding update to the strategic risk register and continued AAC engagement.
Members reviewed the following:
Definitions and escalation protocols for operational, corporate and strategic risks.
Risk categorisation by cause, consequence, mitigation and assurance.
Horizon-scanned emerging risks across eight thematic domains; societal, environmental, technological, economic, governance, people, regulatory and commercial.
Members discussed priority issues including;
Sustainability of long term funding
Digital alignment with SG strategies
Staffing capacity and well-being
Stakeholder confidence and public transparency
Board fitness and governance culture
AAC members reviewed and refined PIRC’s strategic risk areas, assessing them for:
Relevance to strategic objectives
Coverage of emerging threats
Alignment with PIRC’s evolving operating context
Risks requiring updates or escalation were identified, with the following agreed:
Populate updated strategic risk register post-workshop
Revisit appetite statement ahead of Q4
Embed revised risks into the Board Assurance Framework
A revised PIRC Risk Register will be circulated to members once available.