Scope
Reference
IA Tender 2025
Description
2.1 This brief is for the provision of internal audit services to deliver third line assurance within the Trust's overall Board Assurance Framework.
2.2 The Framework assumes up to three internal audits per calendar year, organised around a five year planning cycle. The focus of internal audits will be reviewed and refined annually by Trustees, informed by the Trust's risk profile.
2.3 It is expected that:
- persistent high risk areas will be subject to annual scrutiny, particularly in areas where risks are constantly evolving. It is expected that cyber security will fall into this category. This means that potential providers must be able to demonstrate competence to audit in this area, either directly or via a partner.
- at least one audit each year will focus on an aspect of financial or HR management, as the areas carrying the highest ongoing risk to the Trust.
- other areas will be audited on a five yearly cycle.
An example plan is set out in the accompanying Board Assurance Framework. Whilst this plan provides starting assumptions for each year's scrutiny schedule, Trustees may adjust it in light of changing risk profiles. In some circumstances, this could mean combining the audit time available to conduct (say) one deeper audit into a particular business area rather than two short audits in different areas.
For reasons of budget and practicality, it is expected that proposed annual cyber security audits will focus on specific areas of cyber risk such as: patch/vulnerability management; access controls; incident management planning and response; resilience planning; staff training and testing.
2.4 Providers will be expected to:
- work with the Chief Operating Officer to produce an annual audit schedule for approval by Trustees in December of each year. (The audit period for each year will be 1 Jan - 31 Dec)
- produce written scope of works for each intended audit and work with the NSAT business lead for relevant areas to request and gather the audit material needed (including arranging any meetings/visits where relevant).
- produce written reports for each audit undertaken and the annual scrutiny summary report for the Trust's Annual Report and Accounts.
- attend the Audit & Risk Committee at least annually to report directly to Trustees on recent audit reports. These dates will be booked at the start of each year.
2.5 The overall approach will be informed by the Trust's Risk Management Policy (attached to this brief). The Trust maintains its risk register via the "Every" online system. The Trust will take a risk-based approach to setting the scope for each audit.
2.6 On a day to day basis, internal auditors will work with the Trust's Chief Operating Officer and/or Chief Finance Officer to facilitate audit processes. Audit reports will be to Trustees (and the Chair of the Audit & Risk committee in particular).
2.7 The Trust's annual budget for internal audit is £11k (exc VAT). The contract for will be for three years (1 January 2026 - 31 December2028), cancellable with the provision of six months' notice on either side.
3. Response
3.1 Responses are sought from potential partners to this brief. Written responses should include:
- details of experience of undertaking internal audit/scrutiny in general, with reference to any experience in the academy sector in particular.
- an outline of proposed audit methodologies.
- the experience and/or qualifications of lead personnel who may be undertaking audits (including how specialist expertise will be secured to meet the range of audit requirements in the Trust's likely internal audit cycle).
- examples of reporting format, including the form of recommendation.
- any proposals for tracking and closing recommendations from audits.
- names and contact details of two client referees able to provide information about their experience of working with the provider.
3.2 Responses should provide a fixed annual cost for the duration of the three year contract with a description of what is included. Any potential additional charges should be referenced.
Total value (estimated)
- £33,000 excluding VAT
- £39,600 including VAT
Below the relevant threshold
Contract dates (estimated)
- 1 January 2026 to 31 December 2028
- 3 years
Options
The right to additional purchases while the contract is valid.
It may be possible that additional audits (beyond those specified) could be commissioned within the three year period if risk analysis indicated it would be prudent to do so.
Main procurement category
Services
CPV classifications
- 79212200 - Internal audit services
Contract locations
- UKC - North East (England)
- UKD - North West (England)
- UKE - Yorkshire and the Humber
- UKF - East Midlands (England)
- UKG - West Midlands (England)
- UKH - East of England
- UKI - London
- UKJ - South East (England)
- UKK - South West (England)
Participation
This procurement is reserved for
UK suppliers
Particular suitability
Small and medium-sized enterprises (SME)
Submission
Enquiry deadline
12 September 2025, 5:00pm
Tender submission deadline
29 September 2025, 10:00am
Submission address and any special instructions
Details for submission will be posted at www.nsat.org.uk/internalaudit
[Responses should be send by email to paddisonchild@nsat.org.uk]
Tenders may be submitted electronically
Yes
Award criteria
Responses will be considered on the information contained within or obtained by the Trust as a direct result of this tender process. Evaluation will be based on:
- relevance of the proposed audit methodology and delivery model to the Trust's context;
- the skills and experience of the key personnel delivering the audit programme;
- the presentation; and
- overall value for money.
Procedure
Procedure type
Below threshold - open competition
Documents
Associated tender documents
Tender Specification NSAT IA 2025.docx
The Trust's Strategy is available at: https://www.nsat.org.uk/our-trust/our-strategy
The Trust's Board Assurance Framework is also available on request.
Contracting authority
NORTHERN STAR ACADEMIES TRUST
- Companies House: 07553531
- Public Procurement Organisation Number: PQNM-9476-ZWYJ
77 Gargrave Road
Skipton
BD23 1QN
United Kingdom
Contact name: Peter Addison-Child, Chief Operating Officer
Email: paddisonchild@nsat.org.uk
Website: http://www.nsat.org.uk
Region: UKE22 - North Yorkshire CC
Organisation type: Public authority - sub-central government