Board minutes and papers - September 2025

7. The Board noted that there are no current open actions for discussion.

Audit and risk committee annual report

8. The Chair invited the Audit and Risk Committee Chair to introduce the paper.

9. The Board discussed the diverse and talented membership of the ARC, and were encouraged to continue to leverage their broad knowledge and understanding where it may support the wider organisation.

10. The Board noted that with the imminent departure of the current ARC Chair, the ARC continues to meet the best practice of having at least one member holding recent finance experience.

11. The Board commended the annual internal audit performance, noting that all outstanding recommendations were addressed before the completion of the cycle by SGIAA colleagues.

12. The Board noted the ongoing effective relationship with the external auditor.

13. The Board noted the update.

Deloitte update - 2024-25 draft annual audit report

14. The Chair invited the Deloitte Senior Partner, to present the draft annual audit report.

15. The Board discussed the overall positive audit report, noting only two highlighted risk areas related to management override and revenue and income accounting, for which no issues were identified. It was highlighted that there were no significant issues to report in terms of the wider scope, despite dealing with potentially volatile financial conditions.

16. The Board noted that improvements have been implemented following the identification of three misstatements corrected by management.

17. The Board expressed gratitude for the professionalism and high standards maintained by both the finance team and wider supporting colleagues at RoS, and Deloitte contacts.

18. The Board were advised that detailed pension data is still to be added and reviewed, delaying the signing to post Board.

19. The Board discussed the approach taken on DDaT and its post-balance sheet ramifications, noting that clarity is being sought on this point though will not affect the published report.

20. The Board discussed the public sector drive to ensure value for money and the approach to agreeing and monitoring savings, noting the view on potential timing of implementing savings was considered useful, given the unpredictability of income.

Annual report and accounts 2024/25 (near final)

21. The Board endorsed the signing and subsequent publication of the Annual Report and Accounts subject to the final audit of the delayed pension data, and noted that, subject to the satisfactory conclusion of work to audit the pension data, a provisional signing date has been arranged for late September, ahead of statutory parliamentary laying.

Audit and risk committee quarterly update

22. The ARC Chair presented the Audit and Risk Committee Update to the Board and highlighted key updates within the paper.

23. The Board emphasised the importance of leveraging the experience of the senior external auditor, noting that ARC are focused on extracting valuable insights from their related risk-specific network. The Board also noted the Committee’s positive experience of having a consistent, experienced lead internal auditor in post.

24. The Board was briefed on exceptions from CS recruitment principles, specifically regarding DDaT, and noted that ARC will keep a watching brief on this area.

25. The Board heard that the DG Corporate joined the August ARC meeting to observe the Board's assurance processes, and provided positive feedback in session.

26. The Board suggested seeking external input on data licensing and compliance, specifically around licensing constraints that may impact RoS' ability to make commercial decisions.

27. The Board noted an upcoming ARC deep dive into RoS’ role in supporting public sector reform, discussing the focus and expected value of the review, and considered how audit and risk functions need to adapt in response to public sector reform and the emerging issues in that space.

28. The Board discussed the public sector reform workstreams, emphasising the importance of accountability and scrutiny and recognising the opportunity for shared learning and the need for a risk-based approach to future finance and operations.

29. The Board noted the need to ensure that any shared services offered as part of PSR represent more efficient and effective solutions for the organisation, with a view to shape the approach to public sector reform around efficiency and effectiveness.

30. The Board emphasised the importance of competency in advisory roles and the need to control the quality of external advisors, discussing the value of stakeholder relationships and where the focus on these should lie in regards to supporting the next corporate plan period.

31. The Board noted the report and formally acknowledged Andrew Harvey's last report as ARC Chair, expressing appreciation for his continually clear updates and strong assurance that the ARC is fulfilling its role effectively.

Board performance monitoring by exception

32. The Chair welcomed the Senior Benefits Analyst and Head of Finance: Financial Management and Finance Business Partnering to the meeting and invited the Board to discuss the exception reporting.

33. The Board noted a minor error in the update paper regarding commercial income, noting that the error had been corrected and the commercial income was on plan.

34. The Board reviewed general progress, noting the work that is being carried out to ensure RoS achieves a breakeven position, despite income risk, and discussed the progress to date in conversion of contingent worker roles to permanent positions.

35. The Board discussed the steady progress in relation to open casework, noting the key factors impacting performance being identified as automation delays, attrition rates in senior grades, and general productivity being mixed across products and applications. The Board noted that mitigations are in place, or under consideration, to seek improvement in these core areas.

36. The Board discussed the need for further progress in automation, incentivisation for colleagues, and short-term interventions to lift productivity where required, noting that People and Change colleagues are considering productivity scrutiny and performance management interventions more widely.

37. The Board reflected on the stretch target progress to date, and anticipated landing position by March 2027, discussing potential interventions and ensuring to maintain realistic targets and managing expectations.

38. The Board discussed the impact of retirements on productivity and the need to rebase plans if necessary, the importance of monitoring initiatives in terms of cost vs benefit, and ensuring that investments in grade shifts are justified.

39. The Board noted the challenges with partial automation and the need for a joint approach to process and automation changes, and the need to consistently demonstrate value.

Annual diversity and inclusion update

40. The Chair invited the Head of Leadership, Culture and Inclusion to the meeting, and invited them to introduce the exception reporting.

41. The Board considered the engagement of disabled colleagues in RoS based on CSPS data, and noted the focus on understanding and addressing this with the knowledge that that disabled people generally have a less favourable experience in real-world scenarios as replicated in the RoS data.

42. The Board noted the work planned to increase participation of colleagues in completing their personal demographic data, emphasising the voluntary nature of this.

42. The Board discussed the progress around Diversity and Inclusion (D&I) and noted the NXD engagement in quarterly D&I groups and the potential for similar approaches in other business areas where this may add value.

43. The Board heard that the Modern Apprenticeship (MA) programme proposal detailed has since been approved, and will support the employment of up to 15 young people, expected to launch in January 2026.

44. The Board recognised RoS’ inclusive approach to the aspects under their control, in response to the Supreme Court ruling on the meaning of sex in the Equality Act, and noted ongoing work to ensure appropriate provision is available in RoS offices including SVP where the landlord is responsible.

44. The Board discussed consideration of wider external benchmarking to understand the organisations overall EDI position relative to other Civil Service bodies and the Scottish census.

45. The Board expressed interest in learning more about measurable outcomes and the prioritisation of diversity initiatives and noted that KPIs and SPA is in place to monitor progress.

46. The Board acknowledged the efforts in leading D&I initiatives and the focus on specific areas for improvement including cultural focus and addressing specific areas with gaps in diversity. NXDs were reminded that Civil Service recruitment principles are based on fair and open competition, so there are limits to the actions that can be taken within the recruitment process in relation to seeking to improve diversity within RoS.

47. The Board agreed to continue to consider broader engagement and benchmarking beyond the organisation's boundaries to continue to enhance D&I initiatives.

KRR by exception & legal risk matrix

48. The Chair invited the new Head of Enterprise Risk Management to the meeting, and invited them to introduce the exception reporting.

49. The Board discussed the workforce misalignment risk, noting that the likelihood score had been reduced to 20. They also considered the usefulness of breaking down risk categories to balance the information provided and agreed that there should be a discipline to add commentary on the latest progress with addressing the highest risk areas into future papers, even where no exceptions are present.

50. The Board expressed satisfaction with the nuanced approach to legal appetite and discussed other areas where similar nuance could be applied, such as wellbeing, recruitment, and financial aspects, noting the aim to develop a real enterprise view across the organisation, looking at risks and trends.

51. The Board noted the increased risk around Cybersecurity in relation to third-party suppliers and heard that the security team have a focus on this area, and awareness around the need to mature this acquisition and monitoring process in the near future. The group noted that a fuller Cyber Security discussion is scheduled for day 2 of the Board.

52. The Board discussed financial health uncertainty and open casework target risks, and the need to continue to provide transparency and manage expectations around these points.

53. The Board was pleased with the progress made on workforce misalignment and the development of the enterprise risk approach. They acknowledged the need to ensure that the framework for model risk is robust, and it was agreed to include an update on this in the next risk paper.

Lunchtime showcase: operational capacity

54. The Board attended an operational capacity showcase focussing on the improvement journey to date, operational excellence and related challenges, and seeking a sustainable future position to support ongoing delivery of our core statutory registration services.

Corporate plan/delivery plan year 5 update

55. The Board agreed that in addition to the deliveries detailed under each theme, PSR contribution and RoS Ventures should also be considered for addition.

56. The Board queried whether continuous improvement should be reflected as a deliverable, or if this should form business as usual work, and were advised that this aligns to the current corporate plan, but that consideration of this wording will be noted for the future iterations.

57. The Board highlighted an error in the table presented, which should show year 4 as March 2026, and Year 5 as March 2027.

58. The Board noted that a substantive update would be presented at the December Board meeting.

Statutory fee review options/proposal

59. The group discussed implementation of the fee review in the context of the upcoming Scottish parliament election, with potential risks and delays highlighted in advance of, and during the election period.

60. The Board noted that any changes, particularly any that introduce or re-introduce fees, would require careful consideration and consultation, especially within the solicitor community.

61. The Board emphasised the need for a clear rationale behind any fee changes, focusing on customer-centric benefits and the affordability of services, and in line with the potential for automation to reduce costs and improve service delivery.

62. The Board noted the statutory fee review as a safety net against inflationary pressures and inefficiencies, and the strategic importance in the context of the next five-year corporate plan period. The importance of aligning fee changes with the broader market and political environment was also discussed.

63. The Board noted the update.

Estates strategy update (SVP)

64. The Chair invited the Head of Procurement and Estates to join the meeting.

65. The Board noted the positive progress to date, however noted that the cost saving measures were not yet concluded to be able to provide a final position.

66. The Board discussed data security and the configuration of the workspace to ensure a secure environment for all parties, noting that a number of different public sector organisations are now sharing the workspace.

67. The Board provided recommendations based on progress to date and proposed next steps.

Board effectiveness pulse survey results

68. The Board discussed the importance of benchmarking and raised the possibility of the considering a future independent external audit of Board Effectiveness.

69. The Board noted that the DG Corporate meets annually with Board NXDs, and separately has the opportunity to attend ARC, to provide her with further external assurance.

70. The Board noted the paper, and were content that the survey results reflected sufficient effectiveness of the group.

NXD skills matrix analysis

71. The Chair introduced the paper and invited the Board to discuss the analysis of the skills matrix, noting the upcoming departure of 2 experienced Board NXDs.

72. The Board highlighted that there are no immediate critical gap in skills, acknowledging the advantage of having a separately constituted ARC with diverse skills that can be called upon as necessary to support the work of the Board.

73. The group noted that an application has been submitted to host a Boardroom apprentice, and discussed the skills and learning opportunities this would provide.

74. The Board suggested consideration of seeking independent perspective, from outwith RoS, where the Board may benefit from more specialised advice.

75. The Board discussed how Board advice would need to evolve in the event that more shared services are used to support RoS' work, or as RoS Ventures develops more commercial business.

Board terms of reference annual review

76. The Board approved the ToR subject to a minor amendment ensuring the advisory nature of the Board is made more prominent in text.

77. The Board discussed the role of EMT as Board members, and noted that it may be beneficial to make clear to NXD Board members which papers have been through prior EMT discussion in advance of Board meetings.

Papers for noting

78. The Board noted the following papers:

• Governance Risk Discussion Tracker
• Headcount story to date
• Medium Term Financial Strategy
• ARC Terms of Reference Annual Review

Open board discussion (day 2 – 09 September 2025)

79. The Chair introduced the unstructured discussion slot to allow conversation on items outwith the formal agenda that are of interest to members. The Board discussed the following topics:

• The group received an update on the ongoing pay deal negotiations.
• The group noted that the 2026 AI Act will place responsibility on boards for AI governance, and were advised that the Information and Assurance Group will beleading on providing necessary assurance on AI compliance.
• The group discussed the importance of operational resilience, particularly in the context of business continuity and key risks and noted the focus on identifying keyprocesses and activities to ensure genuine resilience, with more investment planned over the next year.
• The group acknowledged the work done to facilitate the day 1 showcase, and provided feedback, highlighting the need for clarity in messaging in comparison to Board papers received, and heard that the feedback will be taken into account when considering the design and delivery of future showcases.
• The group encouraged the Executive Management Team to continue supporting D&I initiatives, emphasising the importance of maintaining focus on equality, diversity, and inclusion despite challenges. The group were reassured that the focus on EDI remains strong and that the organisation is committed to being a fair and consistent employer.
• The group discussed the rapid pace of technological change and the need for the organisation to remain agile accordingly. The importance of balancing cost reduction and headcount management whilst staying responsive to technological advancements was emphasised.
• The group received an update on the supporting services review, noting that the team is focused on pilot areas and will take a collaborative approach with service owners, balance progress with other organisational priorities.
• The group shared positive feedback on the DDaT recruitment progress to date, noting that the trajectory looks promising and on track to meet or exceed headcount targets.
• The group noted that future NXD recruitment will be considered in the new calendar year.

Corporate plan 2027-37

80. The Chair invited the Head of Risk and Information Governance to join the meeting.

81. The Board participated in an interactive workshop to carry out an initial prioritisation and refining exercise on the long-list of emerging potential strategic priorities for consideration in shaping the next Corporate Plan.

82. The Board noted that the output from the workshop will provide the basis for further discussion and examination of strategic priorities, to be brought back to the next Board for further discussion, and to be shared more widely with relevant stakeholders, including Parliament and Ministers, to gather feedback and inform plan development.

83. Key areas emerging from discussions included focus on recruitment and skills, diversity, inclusion and culture, stakeholder relationships and communications, security and usability of systems, business resilience, digital developments, Public Service Reform, and financial robustness.

RoS cyber resilience strategy

84. The Chair invited the Head of Cyber Security to join the meeting.

85. The Board discussed the transition from a cyber security strategy to a cyber resilience strategy, emphasising the importance of resilience in the face of potential cyber incidents, and noting that the strategy will be aligned with established frameworks to ensure that appropriate measures are implemented effectively across all relevant areas.

86. The Board noted the high threat landscape and potential systemic risk to the Scottish economy. The integrity of data and the need for a robust framework to assess maturity and identify gaps was agreed.

87. The Board emphasised the need for a clear understanding of the current maturity of the cyber resilience framework and the key areas of focus. The importance of continuous improvement and adapting to the evolving threat landscape was highlighted.

88. The Board discussed the importance of defining critical infrastructure and the potential benefits that could be realised if considering being recognised as part of the Critical National Infrastructure (CNI), noting that discussions with the Scottish Government Resilience Team to understand the process for being recognised as part of the CNI would be undertaken. The use of the Cyber Assurance Framework (CAF) and its alignment with other frameworks was also considered.

89. The group agreed on the importance of people and culture in the cyber resilience strategy, with a focus on training and awareness. The weakest link in cyber security was identified as human error, and the strategy aims to address this through continuous training and up-skilling.

90. The Board discussed the potential risks associated with third-party suppliers and the need for a risk-based approach to ensure sufficient audits and assurance of their cyber resilience.

91. The Board agreed on the need for a robust backup and recovery plan, with regular testing to ensure data integrity and the ability to recover from incidents, emphasising the importance of prioritising critical systems and ensuring their resilience.

92. The Board agreed on the need for a multi-year strategy that evolves with the changing threat landscape.

93. The Board discussed the importance of understanding the cost implications of the cyber resilience strategy and the need for a budget to support its implementation. The potential for additional income to invest in cyber resilience was highlighted.

94. The Board noted that the next update will provide clarity on the understanding of the threshold for being considered as part of the CNI and to update on any third-party chain understanding and key suppliers.

95. The group agreed to consider the potential quantum cost of the cyber resilience strategy and to work through the fee review to understand the cost implications.

96. The Board agreed on the need for a clear and concise reporting structure to the Board, to be considered to ensure the information shared is timey, however also value-adding. The group noted that the December Board update will include summary level report on the current state of cyber resilience, including key metrics and areas of focus.

Action

Keeper and Director of Digital, Data and Technology to establish a mutually beneficial process and cadence for cyber reporting to NXDs, in order to share a strategic level of information, and to allow input to NXDs to shape strategy progress, and considering how counterpart organisations report accordingly.

Proposed approach to board paper distribution

97. The Chair invited the Technical Product Manager to join the meeting.

98. The Board discussed the current approach to board paper distribution, noting potential areas of security risk and weakness.

99. The group acknowledged the need for a solution that balances cyber security with usability. It was noted that external suppliers and software solutions were considered but deemed too complex and costly, and instead proposed to leverage existing M365 capabilities, such as RoS email, SharePoint, and OneDrive, for viewing and annotating documents, as a future trial solution.

100. The Board emphasised the importance of proper security practices, including the responsibility of individuals to safeguard sensitive information.

101. The Board endorsed the proposal to use the existing 365 framework, with a pilot to be conducted to ensure accessibility on various devices, including Mac’s. The group noted that clear supporting use policies will be required to supplement any changes, and that any proposed exception to the agreed processes would require careful consideration and formal approval.

102. The group acknowledged the need to accommodate different preferences, such as the use of RoS devices versus personal devices, and the importance of ensuring that new NXDs accept the proposed approach.

103. The group agreed to set up Board members in the first instance, ahead of extending the approach to ARC colleagues, with a pilot involving all Board members to ensure a comprehensive solution is achieved. The group emphasised the need for clear communication and support to help members adapt to the new approach.

Action

Director of Digital, Data and Technology to oversee EE work with Board NXDs on needs in line with agreed proposals, with a view to a new solution being in place for use at the December Board, ahead of wider implementation with ARC colleagues.

Reflections from departing NXDs

104. ARC Non-Executive Directors joined the meeting via Teams to participate in a leaving presentation, and to hear reflections from departing NXDs.

105. The Chair acknowledged NXDs’ Andrew Harvey and Andrew Miller’s last Board meeting with RoS, as their tenure comes to an end, and praised them for their significant contributions and positive impact on the organisation.

106. Departing NXDs reflected on the positive shift they have viewed in Board culture in past years, the effectiveness of the EMT, and expressed gratitude for the opportunity to learn and grow within the organisation. The organisation’s progress in diversity and inclusion was highlighted, with a call for continued efforts to maintain positive culture and embed stakeholder relationships.

107. The Board were encouraged to continue to improve communication practices and leverage the skills of NXD colleagues for the wider benefit or the organisation. NXD’s thanked EMT and wider RoS colleagues for their dedicated support whilst in role.

108. The Board thanked the departing NXDs for their dedication and impact in the shaping of RoS over the period in their respective roles, with best wishes for their future endeavours.

Items to be delegated to ARC

109. No items were delegated to the Audit and Risk Committee.

110. The Board noted that a dedicated cyber resilience risk discussion will take place at the January Corporate Plan and Risk Workshop, to consider future ARC assurance required in this space.

Board observer feedback

111. The Chair invited Tracy Mcintyre, Director of People and Operational Services, to provide Board observer feedback.

112. The Board noted the following points from the observer feedback:

• The meeting featured robust debate and constructive challenge, with teamwork and collaboration featuring prominently throughout the discussions. There was a continued focus on learning from external scrutiny and incorporating insights from external stakeholders where relevant.
• Feedback was positive regarding internal assurance processes, as well as the Board’s commitment to diversity, inclusion, and organisational core values. Reflections from the showcase session were acknowledged, with plans to consider and act on feedback received in consideration of any such future sessions.
• Discussions emphasised the focus on future strategic direction, cyber security, operational resilience, and reaffirmed the importance of placing customer needs at the centre of decision-making.

Close

113. The Keeper thanked attendees for their attendance and participation in the meeting, sharing an additional thanks to the departing NXDs for their valuable service.

Date of next meeting

114. The Board noted that the next BAU Board meeting will take place on 09 December 2025 in Meadowbank House, Edinburgh.

Board papers September 2025

If you would like any of these papers in an accessible format, contact us with your preferences.