Academy Trust Internal Scrutiny Services Guide 2026
Academy trust internal scrutiny services provide independent oversight of financial and non-financial controls, risk management, and governance procedures as required by the Academy Trust Handbook. These services help trusts identify weaknesses, ensure compliance, and strengthen operational effectiveness through systematic review programmes tailored to the education sector’s unique needs.
The Academy Trust Handbook makes it clear: all academy trusts must have a programme of internal scrutiny. But what does that actually mean in practice?
Internal scrutiny isn’t just another compliance box to tick. It’s independent assurance that the financial and non-financial controls at a trust are working as they should. The board gets objective insight into whether risk management procedures are effective and where vulnerabilities might exist.
According to GOV.UK guidance on internal scrutiny in academy trusts, this requirement applies regardless of trust size. Whether operating a single academy or managing multiple schools, trusts need robust internal control frameworks that ensure delegated financial authorities are respected and risks are properly managed.
What Internal Scrutiny Actually Covers
Internal scrutiny services examine both financial and non-financial areas. The Academy Trust Handbook requires that trusts establish sound internal control, risk management and assurance processes.
Financial controls typically include procurement procedures, payroll processes, budget monitoring, and expenditure authorization. Non-financial areas cover governance arrangements, safeguarding compliance, data protection, and health and safety procedures.
Here’s the thing though—the programme must be risk-led. That means focusing scrutiny efforts where the greatest risks exist rather than applying a one-size-fits-all approach.
| Scrutiny Area | What It Examines | Why It Matters |
|---|---|---|
| Financial Controls | Procurement, payroll, budgets, expenditure | Prevents fraud, waste, and financial mismanagement |
| Governance | Board effectiveness, decision-making, policies | Ensures accountability and strategic oversight |
| Risk Management | Risk registers, mitigation plans, monitoring | Identifies vulnerabilities before they become problems |
| Compliance | Regulatory requirements, statutory obligations | Avoids intervention and reputational damage |
| Operational Efficiency | Processes, systems, resource allocation | Improves value for money and effectiveness |
Who Provides Internal Scrutiny Services
Trusts have several options for delivering their internal scrutiny programme. Some use external providers who specialize in education sector audits. Others establish internal audit functions, particularly larger multi-academy trusts.
External providers bring sector expertise and independent perspective. UHY Hacker Young notes that academy trusts are increasingly viewing internal scrutiny as a strategic enabler, particularly as growth stretches financial systems.
Common issues identified from DfE’s assurance work in 2024 to 2025 included trusts failing to submit accounts on time, often because they were in intervention or undergoing closure processes.
Professional services firms, local authority trading companies, and specialist education consultancies all offer internal scrutiny services. The key is finding a provider who understands the education sector’s unique challenges and regulatory environment.
Get Internal Scrutiny Working Properly
Internal scrutiny in academy trusts often becomes inconsistent when responsibilities, controls, and reporting lines aren’t clearly defined. Acumon is a London-founded firm with offices in West London, working with charities, regulated organisations, and multi-entity structures across the UK and internationally. Internal scrutiny is delivered within a wider audit, risk, and governance context, with attention to how controls and processes operate in practice.
Make Internal Scrutiny Clear and Defensible
Acumon supports academy trusts with internal scrutiny that fits into wider oversight and governance:
- Internal scrutiny and assurance across key risk areas
- Review of controls, processes, and governance structures
- Support around reporting and oversight processes
- Experience with organisations operating across multiple entities
If internal scrutiny is not providing clear oversight, contact Acumon and address it early.
Building an Effective Scrutiny Programme
A strong internal scrutiny programme starts with a comprehensive risk assessment. What are the highest-risk areas for the trust? Where have problems occurred before? What keeps trustees awake at night?
From there, the programme should map out which areas will be reviewed, when, and how deeply. The Academy Trust Handbook doesn’t prescribe a specific number of visits or reports, but the programme must be proportionate to the trust’s size and complexity.
Look—some areas need annual review. Others might be examined every two or three years depending on risk levels and previous findings. The programme should be flexible enough to respond to emerging risks or concerns.
What a Typical Review Involves
Internal scrutiny reviews generally follow a structured methodology. The scrutineer will examine documentation, test transactions, interview staff, and assess whether controls are operating as designed.
They’re not looking to catch people out. The goal is identifying where controls could be stronger, where processes are inefficient, and where risks aren’t being managed effectively.
Reports should be clear and actionable. Findings need context, recommendations must be practical, and management responses should indicate how issues will be addressed.
Common Areas of Focus
While programmes should be risk-based and tailored to each trust, certain areas come up repeatedly in internal scrutiny work.
Procurement and purchasing controls are consistently high-priority. Are purchase orders being raised? Are quotes being obtained? Is there proper segregation of duties between ordering and authorizing payments?
Payroll processes receive close attention. The largest expenditure for most trusts is staff costs, so getting payroll right matters enormously. Scrutiny examines whether changes are properly authorized, new starters are correctly set up, and leavers are removed promptly.
But here’s where it gets interesting. Non-financial areas are equally important. Governance effectiveness, safeguarding compliance, data protection practices, and health and safety procedures all require scrutiny.
Risk Management Procedures
The Academy Trust Handbook requires trusts to have sound risk management procedures. Internal scrutiny should assess whether risk registers are comprehensive, regularly reviewed, and actually used in decision-making.
Are risks properly assessed for likelihood and impact? Have mitigation strategies been developed? Is someone accountable for each risk? These aren’t academic questions—they’re about whether the trust truly understands and manages its vulnerabilities.
Making Scrutiny Add Real Value
Done well, internal scrutiny moves beyond compliance to become genuinely valuable. It should help trusts operate more efficiently, make better decisions, and achieve their educational objectives more effectively.
That means recommendations need to be practical and proportionate. There’s no point suggesting gold-plated controls that would consume excessive time and resources. The goal is reasonable assurance, not absolute certainty.
Reports should also highlight areas of good practice. What’s working well? Where are controls particularly strong? Positive feedback matters—it recognizes good work and identifies practices that could be replicated elsewhere in the trust.
| Traditional Approach | Value-Added Approach |
|---|---|
| Checkbox compliance exercise | Strategic risk management tool |
| Focuses only on problems | Recognizes strengths and weaknesses |
| Generic recommendations | Tailored, practical solutions |
| Annual point-in-time review | Ongoing assurance throughout year |
| Report sits on shelf | Drives continuous improvement |
Integration with Broader Assurance
Internal scrutiny doesn’t exist in isolation. It’s one part of a broader assurance framework that includes external audit, risk management processes, and day-to-day management controls.
The external auditor focuses primarily on whether financial statements give a true and fair view. Internal scrutiny can go deeper into operational effectiveness and non-financial controls.
Smart trusts ensure their internal scrutiny programme complements rather than duplicates external audit work. The two should coordinate to provide comprehensive assurance without unnecessary overlap.
Measuring Effectiveness
How do you know if internal scrutiny is working? Several indicators can help assess effectiveness.
Are significant control weaknesses being identified before they cause problems? Is management acting on recommendations promptly? Has the trust avoided intervention from the Department for Education?
The board should regularly review the internal scrutiny programme itself. Is it covering the right areas? Is the level of work proportionate? Are reports clear and useful?
Real talk: if internal scrutiny reports are consistently finding zero issues, that’s probably a red flag. Either controls are genuinely perfect (unlikely) or the scrutiny isn’t penetrating deeply enough.
Future Developments
The regulatory environment for academy trusts continues to evolve. ICAEW has highlighted the importance of strong governance, with new provisions around internal controls reporting coming into effect in 2026 for certain organizations.
While these specific provisions apply to listed companies under the UK Corporate Governance Code, they reflect broader expectations around control frameworks that may influence academy sector practices over time.
Trusts should stay alert to changes in the Academy Trust Handbook and guidance from the Department for Education. Internal scrutiny programmes need to adapt as requirements and best practices develop.
Taking Internal Scrutiny Seriously
Internal scrutiny isn’t optional for academy trusts—it’s a handbook requirement. But compliance alone shouldn’t be the goal.
The best trusts treat internal scrutiny as a valuable management tool that strengthens controls, improves efficiency, and supports better decision-making. It’s about building resilience and ensuring the trust can focus on its core purpose: delivering excellent education.
Whether engaging external providers or developing internal capacity, the priority should be creating a programme that’s genuinely useful, proportionate to risk, and focused on continuous improvement rather than fault-finding.
Sound internal scrutiny gives boards confidence that controls are working and provides early warning when they’re not. That peace of mind is worth the investment.
Frequently Asked Questions
The handbook uses the term ‘internal scrutiny’ to distinguish it from the ‘internal audit’ requirements of the Public Sector Internal Audit Standards (PSIAS). However, both provide independent assurance on controls and risk management. Many providers use the terms interchangeably, and the principles are identical.
The handbook doesn’t specify a minimum number of days or visits. The programme should be proportionate to the trust’s size, complexity, and risk profile. A small single-academy trust might need just a few days annually, while a large multi-academy trust could require substantially more. The key is ensuring adequate coverage of high-risk areas.
Generally speaking, this isn’t recommended. Internal scrutiny should be independent and objective. Trustees and governors are responsible for oversight but shouldn’t be checking their own work. Using someone with appropriate expertise who isn’t involved in day-to-day operations provides stronger assurance.
There’s no specific qualification requirement, but scrutineers should have relevant expertise. Many are qualified accountants, internal auditors, or education finance specialists. What matters most is understanding academy trust operations, financial management, and risk-based review methodologies.
Reports typically go to the board of trustees and the audit and risk committee if one exists. Management receives them to develop action plans. According to the handbook, reports should provide independent assurance to the board. Some trusts also share summary findings with members as part of broader accountability.
When significant control weaknesses are found, management should develop corrective action plans promptly. The board needs to monitor implementation closely. If issues are severe enough—particularly around financial management or safeguarding—the trust may need to notify the Department for Education. That said, identifying problems early through internal scrutiny is far better than discovering them through external intervention.
The programme should be reviewed annually as part of planning for the coming year. However, it needs to remain flexible enough to respond to emerging risks or concerns during the year. Significant changes in the trust’s circumstances—such as expansion, leadership changes, or new risks—should trigger a programme review.