HomePublicationsAnnual reportsCitizens Advice annual report 2006/2007Statement of internal control

Scope of responsibility

Respectively as accounting officer, and chair of the Trustee Board, we have joint responsibility for maintaining a sound system of internal control that supports the achievement of Citizens Advice’s policies, aims and objectives, whilst safeguarding the funds and assets for which the Accounting Officer is personally responsible, in accordance with the responsibilities assigned in Government Accounting and the Management Statement agreed with the DTI. The accounting officer is accountable to the Performance Review and Audit Committee, the Trustee Board and the DTI for managing the risk of Citizens Advice.

The purpose of the system of internal control

The system of internal control is designed to manage risk to a reasonable level rather than to eliminate the risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of Citizens Advice’s policies, aims and objectives, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically. The system of internal control has been in place in Citizens Advice for the year ended 31 March 2007 and up to the date of approval of the annual report and accounts, and accords with Treasury guidance.

Capacity to handle risk

Citizens Advice has a structured risk management process and responsibility lies with the Executive Board for the identification, assessment and management of the risks.

The risk and control framework

The Risk Management Strategy:

• explains the organisation’s approach to risk management

• provides risk definitions

• raises awareness of the principles and benefits involved in the risk management process

• identifies the main reporting procedures and promotes good risk management practice within Citizens Advice.

The Trustee Board has approved the Risk Management Strategy and reviews the Risk Register. Citizens Advice has identified high level and operational level risks. The high-level risks are reviewed by the Executive Board, Performance Review and Audit Committee and Trustee Board.

Operational level risks are managed by senior managers and monitored by the Finance Team which has the authority to escalate issues to the high level risk register.

Risks are identified and evaluated in the following ways:

• Executive Board risk management workshops are held.

• Periodic reviews are performed by each risk owner in order to assess the likelihood and impact, relevance of risks, current strategies applied and the strength of the strategies. The residual risk is identified and action plans are created to further mitigate risk.

• Clearly documented financial and management procedures and guidelines.

• A Performance Review and Audit Committee.

• An Internal Audit function.

• Comprehensive budgeting systems and financial reporting which indicate financial performance against the budget and forecast, which are reviewed and agreed by the Performance Review and Audit Committee and the Trustee Board.

Citizens Advice has a balanced approach to ‘risk taking’ and adopts an active approach to the mitigation of risk. In the annual review of the high level risk register it was noted that 40 percent (2006: 46 percent) of net risks were high, 40 percent medium (2006: 27 percent), and 20 percent low (2006: 27 percent).

The most significant risk increases faced by Citizens Advice have been identified by the Trustee Board and relate to the following:

• Failure to adapt to changes in user-demand and stakeholder expectations.

• Risk of not meeting the financial pressure of pension obligations.

• Premises and/or staff become ineffective due to the effects of terrorist attack or pandemic.

• The reputation of the service is adversely affected.

• Inadequate financial strength threatens the delivery of the service.

• The benefits expected from the How and where we work and accommodation strategy not realised.

• Delivering IT services – risk of breakdown of relationship with IT partners and/or failure of systems.

• The network weakens as a result of inadequate bureaux management and/or funding issues.

• Outcomes of the divisional review may lead to lack of continuity, low morale and mismanagement of operations.

• The change programme fails to deliver.

Citizens Advice manages risk by focusing on strategic objectives and taking a balanced scorecard perspective.

Review of effectiveness

Citizens Advice has engaged BDO Stoy Hayward to provide the current programme of internal audits. The auditors operate to standards defined in the Government Internal Audit Manual.

The internal auditors report regularly on internal audit activity within Citizens Advice. The work of the internal auditors is informed by an analysis of the risks to which the organisation is exposed and annual audit plans are based on this analysis. These are endorsed by the Executive Board, Performance Review and Audit Committee and the Trustee Board. A database of all audit recommendations is held and progress is monitored by the Performance Review and Audit Committee, who meet six times a year. The internal auditors’ annual report includes their independent opinion on the adequacy and effectiveness of the system of internal control.

The accounting officer has responsibility for reviewing the effectiveness of the system of internal control. The review of the effectiveness of the system of internal control is informed by the work of the internal auditors and comments made by the external auditors in their management letter and other reports. A plan to address weaknesses and ensure continuous improvement of the system is in place.

David Harker OBE
Chief Executive

The Revd. Hilary Watkins
Chair

25 July 2007

  Back to top