As in previous years, the changes have not been sweeping, but there are areas that academy trusts need to be mindful of and keep in their fields of vision going forwards.

Digital and Technology Standards

Section 1.16 of the ATH 2024 states:

“Trusts should refer to the DfE’s digital and technology standards, which were developed to support trusts in making more informed decisions about technology.”

The DfE’s Digital and technology standards, which were initially released in 2022 and updated in 2024, outline the standards that schools and colleges should (not must) aspire to meet when renewing and upgrading their digital infrastructure. The standards provide guidance that should see the education sector move towards having corporate levels of IT systems.

These standards are designed to assist schools, colleges, and educational institutions in creating secure, efficient, and sustainable digital environments. These standards can help them implement technology systems that enhance learning, strengthen security, and optimize operational workflows.

There are several key areas outlined in the standards for building a secure and effective digital environment in the education sector with the key areas outlined below:

• Institutions must ensure they have a reliable, scalable infrastructure with robust networks, secure Wi-Fi, and strong cybersecurity measures in place.
  
• Regular backups and disaster recovery plans are essential, and institutions should provide appropriate devices, standardized software, and secure them with updates and antivirus protection.
  
• Cloud based solutions and unified platforms are recommended for efficiency, and data management must comply with data protection regulations and use analytics to guide decisions.
  
• Cybersecurity awareness and regulatory compliance are crucial, with regular system checks in place, and educational establishments should choose reputable, sustainable vendors and offer IT support and training.
  
• The standard also covers digital inclusion to ensure that all students have access to affordable, accessible, and remote learning tools.

Managing reserves

There is a new emphasis that trust reserves policies include a clear plan for managing reserves. Section 2.8 of the Academy Trust Handbook states that the board of trustees must:

• Ensure that financial plans are prepared and monitored, satisfying itself that the trust remains a going concern and financially sustainable.
  
• Take a longer term view of the trust’s financial plans consistent with the requirement to submit three-year budget forecasts to ESFA.
• Set a policy for holding reserves, and explain it in its annual report, including a clear plan for managing reserves.

It is now even more important for trustees to challenge the assumptions underlying budgets, ensuring these are monitored throughout the year to identify potential issues early on. There is a responsibility for Trustees to decide the level of reserves to hold, which may vary each year depending on the objectives and plans they have for the future of their trust. Guidance is available via the QR code below, however in summary a robust reserves policy would set out:

• The minimum level of reserves the trust expects to hold.
• How funds will be managed until project delivery.
• The process for confirming the trust’s strategic and investment priorities.
• The plan for any long-term projects that will require substantial capital.
• The process for using reserves to balance in-year budgets.
• What steps the trust will take to manage risks around any pension fund deficit.
• Plans and timeframes for reviewing the policy

gov.uk/government/publications/academy-trust-financial-management-good-practice-guides/academy-trust-reserves

There is a requirement for academy trusts to disclose their reserves policy in their annual financial statements, and there is also a requirement for academies to comment in the budget forecast return (BFR) their plans for surplus funds, regardless of whether they are high or low. It is therefore important to ensure the plans disclosed in the BFR correlate to the narrative included in the reserves policy.

Management of school estates

The handbook extends the list of examples where a Notice to Improve (NtI) can be raised to include the management of the school estate. Such a notice would be invoked if trustees and the executive are seen as “ failing to manage their school estate and maintain it in a safe working condition strategically and effectively ”.

The government website provides vast information on what is considered good estate management. Fundamentally it is important that trusts have agreed and documented procedures in place. The Good Estate Management for Schools guidance provides support providing practical tools to assess current practices and offers ideas for improvement.

One document the government may review to evaluate a trusts estate management is the trustees report and governance statement within the financial statements. Section 2.42 of the Accounts Direction states that, as part of the value for money statement, a trust needs to explain how funding is used to ensure the trust estate is safe, well maintained and complies with regulations.

Other sources of evidence that could be reviewed are a trust’s Ofsted inspection report, relating to the school environment and culture around safeguarding, and also the internal auditors report, where trustees have decided to include estates management within the scope of the internal auditor’s work.

The Government previously collected information around estates management through the Financial Management and Governance self-assessment form, but having reviewed the recent release of the form, this is no longer the case.

Cyber Security Standards

Cyber attacks can have serious operational and financial consequences for schools and other educational establishments. Such attacks usually involve deliberate, unauthorized attempts to access, alter, or damage data and digital systems which may result in:

• Safeguarding concerns following the compromise of sensitive personal information
  
• Negative effects on student performance
  
• Major data breaches
  
• Deep and long-lasting disruption
  
• Financial losses
  
• Damage to reputation

As a result, academy trusts are expected to take appropriate action to meet the DfE’s cyber security standards. The 2024 handbook outlines that trusts must be aware of the risk of cybercrime, put in place proportionate controls and take appropriate action where a cyber security incident has occurred.

The standards are too detailed to go into for the purposes of this article, but the main areas covered by the standards are:

• Network standards – the protection and security of all networks
  
• Account standards – managing access needs and protection of accounts
  
• Data protection standards – back up procedures and protection of information covered by data protection regulations
  
• Cyber attack standards - how a cyber attack is dealt with and what disaster and recovery plans are in place.

If an academy is unfortunate enough to be the subject of a ransom cyber-attack then ESFA permission is needed before such a ransom payment can be made.

Finance leases

Academies have always been able to enter into operating leases, with the exception of land and building leases; however, from 1 September 2024 academies will also be able to take out finance leases, without the need to approach the ESFA for prior approval (where the lease category appears on the DfE approved list). Below is a link to the page where that list can be found:

gov.uk/government/publications/leasing-for-academy-trusts/changes-to-leasing-agreements-for-academy-trusts