Statement of internal control
Scope of responsibility
Respectively as Accounting Officer, and Chair of the Trustee Board, we have joint responsibility for maintaining a sound system of internal control that supports the achievement of Citizens Advice’s policies, aims and objectives, whilst safeguarding the funds and assets for which the Accounting Officer is personally responsible, in accordance with the responsibilities assigned in Government Accounting and the Management Statement agreed with the DTI. The Accounting Officer is accountable to the Performance Review and Audit Committee, the Trustee Board and the DTI for managing the risk of Citizens Advice.
The purpose of the system of internal control
The system of internal control is designed to manage risk to a reasonable level rather than to eliminate the risk of failure to achieve policies, aims and objectives. It can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of Citizens Advice’s policies, aims and objectives, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically. The system of internal control has been in place in Citizens Advice for the year ended 31 March 2006 and up to the date of approval of the annual report and accounts, and accords with Treasury guidance.
Capacity to handle risk
Citizens Advice has a structured risk management process and responsibility lies with the Executive Board for the identification, assessment and management of the risks in their respective areas of business, supported by department managers.
Managers receive guidance, support and training from the Planning and Performance Team who ensure that the process is properly communicated, applied, controlled, reviewed and reported.
The risk and control framework
The Risk Management Strategy explains the organisation’s approach to risk management; provides risk definitions; raises awareness of the principles and benefits involved in the risk management process; identifies the main reporting procedures and promotes good risk management practice within Citizens Advice.
The Trustee Board has approved the Risk Management Strategy and reviews the Risk Register. Citizens Advice has identified high level and operational level risks. The high-level risks are reviewed by the Executive Board, Performance Review and Audit Committee and Trustee Board. Operational level risks are managed by senior managers and monitored by the Planning and Performance Team who have the ability to escalate issues to the high level risk register.
Risks are identified and evaluated in the following ways:
- Executive Board risk management workshops are held.
- Risks are added to the register from a variety of sources: projects, referrals from committees, structured discussions, workshops, training, and internal audit.
- Periodic reviews are performed by each risk owner in order to assess the likelihood and impact, relevance of risks, current strategies applied and the strength of the strategies. The residual risk is identified and action plans are created to further mitigate risk.
- Clearly documented financial and management procedures and guidelines.
- A Performance Review and Audit Committee.
- An Internal Audit function.
- Comprehensive budgeting systems and financial reporting which indicate financial performance against the budget and forecast, which are reviewed and agreed by the Performance Review and Audit Committee and the Trustee Board.
Citizens Advice has a balanced approach to ‘risk taking’ and adopts an active approach to the mitigation of risk. In the annual review of the high-level risk register it was noted that 46 per cent (2005: 22 per cent) of net risks were high, 27 per cent medium (2005: 53 per cent), and 27 per cent low (2005: 25 per cent).
The most significant increase of risk faced by Citizens Advice relate to the reduction in grant-in-aid funding from the DTI and the impact that this will have on our ability to drive our strategies forward and deliver sustainable outcomes. To mitigate this, Citizens Advice is running a savings programme to identify efficiencies, and activities that can be reduced or remodelled. Staff are fully informed and involved in this work.
The five main categories of risk that are monitored are:
- Citizens Advice people
- the bureaux network
- operating effectiveness (including financial)
- our impact on society
Risk management now forms an integral part in the project management and fundraising processes within Citizens Advice. Risk management is also embedded into the governance process. As part of the internal audit process auditors conduct departmental risk mapping exercises where they discuss with managers the risks identified in their area of business and how these have been mitigated.
Review of effectiveness
Citizens Advice has engaged BDO Stoy Hayward to provide the current programme of internal audits. The auditors operate to standards defined in the Government Internal Audit Manual.
The internal auditors report regularly on internal audit activity within Citizens Advice. The work of the internal auditors is informed by an analysis of the risks to which the organisation is exposed and annual audit plans are based on this analysis. These are endorsed by the Executive Board, Performance Review and Audit Committee and the Trustee Board. A database of all audit recommendations is held and progress is monitored by the Performance Review and Audit Committee, which meets six times a year. The Internal Auditors’ annual report includes their independent opinion on the adequacy and effectiveness of the system of internal control.
The Accounting Officer has responsibility for reviewing the effectiveness of the system of internal control. The review of the effectiveness of the system of internal control is informed by the work of the internal auditors and comments made by the external auditors in their management letter and other reports. A plan to address weaknesses and ensure continuous improvement of the system is in place.
DAVID HARKER OBE Chief Executive
THE REVD. HILARY WATKINS Chair
26 July 2006