Statement on the system of internal control
The purpose of the system of internal control
Capacity to handle risk
The risk and control framework
Review of effectiveness
Scope of responsibility
as Accounting Officer, and Chair of the Trustee Board, we have joint responsibility for maintaining a sound system of internal control that supports the achievement of Citizens Advice policies, aims and objectives, whilst safeguarding the funds and assets for which the Accounting Officer is personally responsible, in accordance with the responsibilities assigned in Government Accounting and the Management Statement agreed with the DTI. The Accounting Officer is accountable to the Performance Review and Audit Committee, the Trustee Board and the Department of Trade and Industry for managing the risks facing Citizens Advice.
2. The purpose
of the system of internal control
of internal control is designed to manage risk to a reasonable level rather than to eliminate the risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of Citizens Advice policies, aims and objectives, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically.
of internal control has been in place in Citizens Advice for the year ended 31 March 2005 and up to the date of approval of the annual report and accounts, and accords with Treasury guidance.
Back to top
3. Capacity to
has a structured risk management process and responsibility lies with the Executive Board. The head of each department takes ownership for the identification, assessment and management of the risks in their respective areas of business.
Managers receive guidance, support and training from the Planning and Performance Team who ensure that the process is properly communicated, applied, controlled, reviewed and reported.
Back to top
4. The risk and
Management Strategy explains the organisation’s approach to risk management; provides risk definitions; raises awareness of the principles and benefits involved in the risk management process; identifies the main reporting procedures and promotes good risk management practice within Citizens Advice.
The Trustee Board has approved the Risk Management Strategy and reviews the Risk Register. Citizens Advice has identified high level and operational level risks. High-level risks are reviewed by the Executive Board,Performance Review and Audit Committee and Trustee Board.
PRAC who are independent to management, call for external assessments of the organisation's risks from the external and internal audit companies. These companies provide benchmarks and comparisons with other voluntary sector organisations and advise on best practice.
Operational level risks are managed by senior managers and monitored by the Planning and Performance Team who have the ability to escalate issues to the high level risk register.
Risks are identified and evaluated in the following ways:
Board risk management workshops are held
› risks are added to the register from a variety of sources including projects, referrals from committees, structured discussions, workshops, training, and internal audit
› periodic reviews are performed by each risk owner in terms of likelihood and impact, relevance of risks, current strategies applied and the strength of the strategies. The residual risk is identified and action plans are created to further mitigate risk
› clearly documented financial and management procedures and guidelines
› a Performance Review and Audit Committee
› an Internal Audit function
› comprehensive budgeting systems and financial reporting which indicate financial performance against the budget and forecast, which are reviewed and agreed by the Performance Review and Audit Committee and the Trustee Board.
The most significant risks for Citizens Advice
relate to the Citizens Advice pension fund
deficit, uncertainty with Citizens Advice future
DTI grant in aid funding levels, risks associated
with the achievement of key strategic
objectives, and the potential future risks
associated with the strategic partnership
contract with Hewlett Packard ending in 2008.
The five main categories of risk that are
› Bureaux network
› Operating effectiveness (including financial)
› Impact on society
Citizens Advice has a balanced approach to‘risk taking’ and adopts an
active approach to
the mitigation of risk. In the annual review of
the high-level risk register it was noted that
22% of net risks were high, 53% medium, and
Risk management now forms an integral part
in the project management and fundraising
processes within Citizens Advice. Risk
management is also embedded into the
governance process. As part of the internal
audit process, auditors conduct departmental
risk mapping exercises where they discuss with
managers the risks identified in their area of
business and how these have been mitigated.
Back to top
5. Review of effectiveness
has engaged BDO Stoy Hayward
to undertake the current programme of
internal audits. The auditors operate to
standards defined in the Government Internal
The internal auditors report regularly on
internal audit activity within Citizens Advice.
The work of the internal auditors is informed
by an analysis of the risk to which the
organisation is exposed and annual audit plans
are based on this analysis. These are endorsed
by the Executive Board, Performance Review
and Audit Committee and the Trustee Board.
A database of all audit recommendations is
held and progress is monitored by the
Performance Review and Audit Committee,
which meets six times a year.
The internal auditors’ annual report includes
their independent opinion on the adequacy
and effectiveness of the system of
The Accounting Officer has responsibility for
reviewing the effectiveness of the system of
internal control. The review of the effectiveness
of the system of internal control is informed
by the work of the internal auditors and the
managers within Citizens Advice who have
responsibility for the development and
maintenance of the internal control
framework, and comments made by the
external auditors in their management
letter and other reports. A plan to address
weaknesses and ensure continuous
improvement of the system is in place.
Chief Executive and Accounting Officer
Rev. Hilary Watkins