| Citizens Advice annual report and accounts 2004/05 contents | ‹ Previous | Next › |
Statement on the system of internal control |
2.
The purpose of the system of internal control
4.
The risk and control framework
Respectively as Accounting Officer, and Chair of the Trustee Board, we have joint responsibility for maintaining a sound system of internal control that supports the achievement of Citizens Advice policies, aims and objectives, whilst safeguarding the funds and assets for which the Accounting Officer is personally responsible, in accordance with the responsibilities assigned in Government Accounting and the Management Statement agreed with the DTI. The Accounting Officer is accountable to the Performance Review and Audit Committee, the Trustee Board and the Department of Trade and Industry for managing the risks facing Citizens Advice.
The system of internal control is designed to manage risk to a reasonable level rather than to eliminate the risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of Citizens Advice policies, aims and objectives, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically.
The system of internal control has been in place in Citizens Advice for the year ended 31 March 2005 and up to the date of approval of the annual report and accounts, and accords with Treasury guidance.
Citizens Advice has a structured risk management process and responsibility lies with the Executive Board. The head of each department takes ownership for the identification, assessment and management of the risks in their respective areas of business.
Managers receive guidance, support and training from the Planning and Performance Team who ensure that the process is properly communicated, applied, controlled, reviewed and reported.
The Risk Management Strategy explains the organisation’s approach to risk management; provides risk definitions; raises awareness of the principles and benefits involved in the risk management process; identifies the main reporting procedures and promotes good risk management practice within Citizens Advice.
The Trustee Board has approved the Risk Management Strategy and reviews the Risk Register. Citizens Advice has identified high level and operational level risks. High-level risks are reviewed by the Executive Board,Performance Review and Audit Committee and Trustee Board.
PRAC who are independent to management, call for external assessments of the organisation's risks from the external and internal audit companies. These companies provide benchmarks and comparisons with other voluntary sector organisations and advise on best practice.
Operational level risks are managed by senior managers and monitored by the Planning and Performance Team who have the ability to escalate issues to the high level risk register.
Risks are identified and evaluated in the following ways:
› Executive
Board risk management workshops are held
› risks are added to the register from a variety of sources including projects, referrals from committees, structured discussions, workshops, training, and internal audit
› periodic reviews are performed by each risk owner in terms of likelihood and impact, relevance of risks, current strategies applied and the strength of the strategies. The residual risk is identified and action plans are created to further mitigate risk
› clearly documented financial and management procedures and guidelines
› a Performance Review and Audit Committee
› an Internal Audit function
› comprehensive budgeting systems and financial reporting which indicate financial performance against the budget and forecast, which are reviewed and agreed by the Performance Review and Audit Committee and the Trustee Board.
The most significant risks for Citizens Advice relate to the Citizens Advice pension fund deficit, uncertainty with Citizens Advice future DTI grant in aid funding levels, risks associated with the achievement of key strategic objectives, and the potential future risks associated with the strategic partnership contract with Hewlett Packard ending in 2008.
The five main categories of risk that are monitored are:
› Citizens
Advice people
› Bureaux network
› Operating effectiveness (including financial)
› Impact on society
› Strategy
Citizens Advice has a balanced approach to‘risk taking’ and adopts an
active approach to
the mitigation of risk. In the annual review of
the high-level risk register it was noted that
22% of net risks were high, 53% medium, and
25% low.
Risk management now forms an integral part
in the project management and fundraising
processes within Citizens Advice. Risk
management is also embedded into the
governance process. As part of the internal
audit process, auditors conduct departmental
risk mapping exercises where they discuss with
managers the risks identified in their area of
business and how these have been mitigated.
Citizens Advice has engaged BDO Stoy Hayward to undertake the current programme of internal audits. The auditors operate to standards defined in the Government Internal Audit Manual.
The internal auditors report regularly on internal audit activity within Citizens Advice. The work of the internal auditors is informed by an analysis of the risk to which the organisation is exposed and annual audit plans are based on this analysis. These are endorsed by the Executive Board, Performance Review and Audit Committee and the Trustee Board. A database of all audit recommendations is held and progress is monitored by the Performance Review and Audit Committee, which meets six times a year.
The internal auditors’ annual report includes their independent opinion on the adequacy and effectiveness of the system of internal control.
The Accounting Officer has responsibility for reviewing the effectiveness of the system of internal control. The review of the effectiveness of the system of internal control is informed by the work of the internal auditors and the managers within Citizens Advice who have responsibility for the development and maintenance of the internal control framework, and comments made by the external auditors in their management letter and other reports. A plan to address weaknesses and ensure continuous improvement of the system is in place.
David
Harker OBE |
The
Rev. Hilary Watkins |
| Citizens Advice annual report and accounts 2004/05 contents | ‹ Previous | Next › |