Internal Scrutiny has long been viewed as a statutory requirement for academy trusts. But as the education landscape becomes increasingly complex, trusts are beginning to recognise that effective Internal Scrutiny can deliver far more than compliance alone. That was the main message from our recent webinar, Internal Scrutiny 2026/27: Emerging Trends and Building a Strategic Audit Programme.
Bringing together Internal Scrutiny specialists Andrya Norris (Internal Scrutiny Service Lead), Katherine Baird (Internal Scrutiny Consultant) and Noor Zafar (Senior Internal Scrutineer), the interactive session explored how trusts can develop smarter, more strategic assurance programmes that strengthen governance, improve decision-making and build organisational resilience. The discussion reflected a sector facing significant financial pressure, growing operational complexity and an increasingly interconnected risk landscape and how Internal Scrutiny must evolve alongside it.
The Operating Environment has Fundamentally Changed
Opening the discussion, Andrya explained that academy trusts are operating in a very different environment to just a few years ago.
“The context that trusts are operating in has fundamentally changed. We're seeing increasing scale, complexity and financial pressure across the sector, which means that boards can no longer rely on detailed oversight of individual areas in the same way they may have done previously.”
As trusts grow, diversify and face mounting financial and operational pressures, traditional audit programmes built around fixed cycles are becoming less effective.
Instead, Andrya argued that Internal Scrutiny should begin with a simple question: Where are our greatest risks today?
“The starting point needs to be the trust risk register because that's what reflects where the real pressures and priorities are.”
Rather than working through a pre-set schedule of reviews, trusts should use their risk register to identify where assurance will deliver the greatest value. That means focusing on high-impact risks, emerging challenges and areas where independent assurance is currently limited.
Just as importantly, Internal Scrutiny should move beyond checking whether controls exist.
“It also moves the focus on from just thinking about whether the controls exist to whether they're actually working in practice and whether they're giving trustees confidence to make decisions.”
This creates a much more relevant assurance programme that supports the board in making confident, informed decisions.
The Risk Register Should Drive the Audit Plan
One of the webinar's strongest themes was the importance of treating the risk register as the foundation of Internal Scrutiny planning. Following the interactive polling during the live webinar, Katherine explained that too many organisations still treat the risk register as an administrative exercise rather than a strategic tool.
“Risk registers should be a key starting point when selecting your Internal Scrutiny reviews. It shouldn't simply just be seen as a list of rotating topics from a standard programme that you can select from, but as a live working document that reflects your trust objectives, priorities and changing risk landscape.”
She encouraged trusts to ask searching questions before building their programme:
- What are our highest-rated risks?
- Which risks have changed over the last year?
- Where is independent assurance currently limited?
- Are our current controls still effective?
By asking these questions first, trusts can develop programmes that are proportionate, personalised and aligned to their own priorities rather than relying on generic annual cycles.
Good Risk Management Isn't About Paperwork
The conversation naturally progressed into what good risk management looks like in practice.
“Good risk management, in my view, is defined by how well it's being embedded in decision making, not by simply how well it's being documented.”
Noor explained that effective organisations don't simply record risks - they actively use them to shape strategic planning, operational delivery and everyday management decisions.
Central to this is a clearly defined risk appetite that enables trusts to prioritise effectively. Without it, decision-making can become subjective.
Equally important is the willingness to challenge assumptions. Rather than simply confirming that controls exist, trusts should regularly analyse whether those controls are genuinely reducing risk or whether they are simply documenting mitigation activity.
“t's not just about the volume of documentation that is available; it's about evidence of informed decision-making underpinned by genuine risk intelligence.”
Today's Risks are Increasingly Interconnected
Another important discussion focused on how the academy sector's risk profile continues to evolve. Financial sustainability remains a significant concern, but the conversation has shifted beyond simply balancing budgets.
“It's no longer just about whether trusts are in deficit. It's about whether they can make sustainable decisions in a constrained environment.” - Andrya Norris
Alongside financial pressures, trusts are experiencing rapidly increasing SEND demand, growing expectations around value for money, workforce recruitment and retention challenges, expanding cyber security risks and the governance implications of emerging technologies such as artificial intelligence.
As trusts become larger and more geographically dispersed, maintaining consistency, accountability and effective operating models becomes increasingly challenging. Rather than existing independently, these risks often reinforce one another.
Make The Risk Register a Living Management Tool
If Internal Scrutiny is to remain relevant, trusts also need to rethink how they use their risk registers throughout the year. Rather than updating risks termly or annually, Katherine argued they should become part of everyday governance.
“It should be a live document that reflects what is actually happening across your organisation right now, with updates made as circumstances change and new risks emerge.”
Andrya highlighted the importance of linking Internal Scrutiny findings back into the risk register, ensuring boards consider whether reviews should alter risk ratings, mitigating actions or control effectiveness. This creates a continuous feedback loop between assurance, governance and decision-making.
Internal Scrutiny Should be a Strategic Partnership
The webinar also challenged traditional perceptions of Internal Scrutiny providers. Instead of acting purely as compliance auditors, providers should become trusted strategic partners. While independent assurance remains fundamental, providers should also celebrate strengths, identify opportunities for improvement and offer practical recommendations informed by sector-wide experience. Internal Scrutiny becomes more than an auditor.
“At its best, it also acts as a trusted critical friend to our clients.” - Noor Zafar
Helping Boards Make Better Decisions
For Katherine, the greatest value of Internal Scrutiny lies not in producing reports, but in improving board conversations. Effective Internal Scrutiny helps trustees understand not only what is happening across the trust, but why it matters and where they should focus their attention. Recommendations should be practical, proportionate and evidence-based, often involving small improvements that collectively strengthen governance rather than wholesale organisational change.
As Katherine concluded:
“Effective governance isn't simply about knowing that the controls exist, but having that confidence that they're working well in practice, that the risks have been regularly overseen and monitored, and that the trust is well placed to achieve its objectives.”
Looking Ahead to 2026/27
As academy trusts continue to navigate financial uncertainty, technological change and increasing operational complexity, Internal Scrutiny should no longer be viewed as an annual compliance exercise. Instead, it has the potential to become an integral part of how trusts understand risk, strengthen governance and support strategic decision-making.
At School Business Services, our Internal Scrutiny team works with academy trusts across the country to develop risk-based programmes that reflect each trust's priorities, operating model and stage of growth. Rather than taking a one-size-fits-all approach, we work with trusts to build programmes that provide meaningful assurance where it matters most.
To support trusts planning for the 2026/27 academic year, we've expanded our Internal Scrutiny programme with a comprehensive range of review options across governance, finance, estates, safeguarding, HR and payroll, information technology, and business continuity planning.
View 2026/27 Internal Scrutiny reviews
Whether you're refreshing your current programme or building a new one, our flexible review options enable you to create a bespoke Internal Scrutiny plan that aligns with your risk register and provides your board with meaningful, independent assurance throughout the year.
To find out more about our 2026/27 Internal Scrutiny programme, or to discuss which reviews would best support your trust's priorities, contact the School Business Services team today.
Get sector Insights delivered straight to your inbox.
Subscribe to to the SBS Blog and never miss an update.