Crown Prosecution Service Annual Report and Resource Accounts 2011 - 2012

Governance Statement

1. Introduction

This Statement sets out for our staff and stakeholders the basis on which the Crown Prosecution Service (CPS) has been established; the way in which it is governed and managed; and how it is accountable for what it does. The CPS was established in 1986 by the Prosecution of Offences Act 1985 as an independent authority to prosecute criminal cases investigated by the police in England and Wales[1].

In undertaking its role, the CPS:

• advises the police and other investigators during the early stages of investigations;
• determines the appropriate charges in more serious or complex cases;
• keeps all cases under continuous review and decides which cases should be prosecuted;
• prepares cases for prosecution and prosecutes cases using in-house advocates, self-employed advocates or agents to present cases in court, and
• provides information and assistance to victims and prosecution witnesses.

In discharging its role, the CPS is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money is safeguarded and properly accounted for, and used economically, and effectively. I have ensured that the Department has proper arrangements for the governance of its affairs and for facilitating the effective exercise of its functions, including arrangements for the management of risk.

CPS strives to secure continuous improvement in the way in which its functions are delivered and has comprehensive systems in place to monitor and manage performance.

2. The purpose of the governance framework

The governance framework comprises the systems and processes, culture and values, by which the CPS is directed and controlled and the activities through which it serves its stakeholders and the public. It enables the Department to monitor the achievement of its strategic objectives and to consider whether those objectives have led to the delivery of appropriate, cost effective prosecutions as part of the wider criminal justice system.

The framework is designed to drive performance, delivering efficiency and effectiveness in the delivery of a vital public service and to manage risk to a reasonable level. It cannot eliminate all risk and therefore provides a reasonable but not absolute assurance of effectiveness.

3. The DPP and Chief Executive

The CPS is headed by the Director of Public Prosecutions (DPP). The DPP, Keir Starmer QC, who was appointed on 1 November 2008, is the permanent secretary and Accounting Officer for the CPS.

The DPP oversees prosecutions, legal issues and sets legal policy across the organisation. The DPP is superintended by the Attorney General who is accountable to Parliament for the work of the CPS.

The Chief Executive of the CPS is Peter Lewis. He was appointed on 15 January 2007 and is an additional Accounting Officer, responsible for running the business on a day-to-day basis, and for human resources, finance, business information systems, operations, and criminal justice policy, allowing the DPP to concentrate on casework, associated legal issues and legal policy.

The Chief Operating Officer is Mike Kennedy. He has accountability for overall operational delivery, and is responsible for the performance of Areas and Casework Groups. Supported by the Head of Operations, his is the key role that links the operational and headquarters arms of the Service.

4. The CPS Board

The CPS Board, chaired by the DPP, is collectively responsible for the delivery of the CPS’s public service outcomes and the wider contribution it makes to the Criminal Justice System.

The Board meets regularly to co-ordinate activity across the organisation, driving and monitoring performance and making strategic decisions about operational, resource, communications and other administrative matters. Board members meet formally with other senior managers, corporately and in their directorates, to steer and lead on strategically important areas of work.

The role of the Board is to:

• Demonstrate visible and effective leadership across the organisation to inspire confidence in staff, CJS and other stakeholders and the public;
• Determine and communicate the Vision, strategic objectives, direction and priorities of the CPS;
• Ensure effective allocation and management of the CPS’s resources;
• Set the CPS's risk appetite and have ownership of the Corporate Risk Register; and
• Ensure the CPS is a high-performing, streamlined, prosecution service focused on quality and respected for its professionalism.

In 2011-12 the Board set itself five priorities:

1. Identifying and managing the strategic challenges and risks to the organisation;
2. Delivering effective digital working across the CJS by April 2012;
3. Driving up the Employee Engagement Index (EEI);
4. Ensuring delivery against our Core Quality Standards and performance improvement across all other key indicators;
5. Ensuring effective allocation and management of the CPS's staff and financial resources.

The Board is satisfied that it achieved its priorities in all areas save the improvement in employee engagement as measured by the EEI.

In 2011-12, the CPS developed a new People Strategy to ensure the CPS recruits, retains and develops highly skilled and committed staff engaged in delivering an efficient and high quality public prosecutions service for the future. The three-year Strategy was developed by staff and managers and was launched on 2nd November 2011. The 2011 People Survey results for the CPS Employee Engagement Index (EEI) score reduced by 3% to 49%, supporting the need for the CPS to arrest and reverse this decline through the new People Strategy.

During 2011-12 the Board structure remained unchanged, with the membership comprising the DPP Chief Executive, Chief Operating Officer, Finance Director and Non-Executive Directors (NEDs).

The membership of the CPS Board and individuals' attendance during 2011-12 were as follows:

Board Member	Title	Attendance (out of 5 meetings)	Notes
Keir Starmer QC	DPP - Chair	5
Peter Lewis	Chief Executive	5
Mike Kennedy	Chief Operating Officer	5
Paul Staff	Director Finance	5
Doreen Langston	Non-executive Director - Chair of the Audit and Risk Committee	4
Rob Sykes	Non-executive Director	4	Left after the March 2012 meeting
Derek Manuel	Non-executive Director - Chair of the Nominations and Governance Committee	4 of 4	Joined the Board in June 2011
Alan Jenkins	Non-executive Director	3 of 4	Joined the Board in June 2011

The appointment and termination of staff who are members of the CPS Board, excluding the NEDs, who are not employed by the CPS, is undertaken in accordance with the Civil Service Management Code. Where appropriate their remuneration, details of which can be found in the Remuneration Report, is determined by reference to the Senior Salaries Review Body. In the rare event of members holding company directorships or having any significant interests that conflict with their management responsibilities, these are declared and a record kept by the secretariat. No specific action was required at Board level due to a declaration of interest in 2011-12.

5. Committees of the Board

The Board has four formal sub-committees, which play key roles in the governance of the CPS:

• an Audit and Risk Committee which is responsible for providing advice and assurance to the Accounting Officer and the Board on the adequacy and effectiveness of internal control and risk management. It also oversees internal and external audit arrangements which cover all areas of CPS's work, including both financial and non-financial systems. It has four members: an external Non-Executive Board member Chair appointed by the DPP through a process of fair and open competition, and three further external, nonexecutive members; The membership of the Audit and Risk Committee during 2011-12 was as follows:

Board Member	Title
Doreen Langston	Non-Executive Chair
Richard Szadziewski	Non-Executive Member
Alan Jenkins	Non-Executive Member
Caroline Johnstone	Non-Executive Member
Sarah Brown (until June 2011)	Non-Executive Member

• a Nominations and Governance Committee which has delegated responsibility and authority for advising the Board on key elements of effectiveness, including ensuring that there are satisfactory systems for identifying and developing leadership and high potential, scrutinising the incentive structure and succession planning for the Board and senior leadership of the CPS, and scrutinising governance arrangements. It has specific decision making responsibility in respect of payments to executives and senior management. The membership of the Nominations and Governance Committee during 2011-12 was as follows:

Board Member	Title
Derek Manuel	Non-Executive Chair
Keir Starmer QC	DPP
Peter Lewis	Chief Executive
Mike Kennedy	Chief Operating Officer
Mark Summerfield	Director of Human Resources

• the Directors' Group which is made up of the most senior members of Headquarters staff and is responsible to the CPS Board for refining and delivering the CPS strategy, collective delivery of the strategic objectives; CPS core quality standards and efficiency supporting the operational delivery of CPS business. The membership of the DG during 2011-12 was as follows:

Board Member	Title	Notes
Peter Lewis	Chief Executive - Chair
Keir Starmer QC	DPP
Mike Kennedy	Chief Operating Officer
Nick Hunt	Director of Strategy & Policy
Adrian Foster	Head of Operations
Paul Staff	Director Finance
David Jones	Chief Information Officer
Alison Levitt	Principal Legal Advisor
Mark Summerfield	Director of Human Resources
Dale Simon/td>	Director Equality & Diversity
Pam Teare	Head of Communications	Last meeting April 2011
Joanna Millington	Head of Communications	First meeting September 2011

• the Chief Crown Prosecutors Group which is made up of CPS's most senior prosecutors and is responsible to the Directors' Group for operational delivery; delivery of core quality standards and efficiency in front line operations; engagement and influence of key stakeholders; and feedback to the Directors' Group, through the Chief Operating Officer, on strategic operational proposals. The membership of the CCPG during 2011-12 was as follows:

CCPG Member	Position/Role
Mike Kennedy	Chief Operating Officer - Chair
Jim Brisbane	CCP Wales
Ken Caley	CCP Eastern
Roger Coe-Salazar	CCP South East
Adrian Foster	Head of Operations
Martin Goldman	CCP Yorkshire
Peter Swain	CCP CPS Direct
Nick Hawkins	CCP Wessex
Sue Hemming	Head of Special Crime and Counter Terrorism Division
Barry Hughes	CCP South West
Harry Ireland	CCP West Midlands
Nazir Afzal	CCP North West
Alun Milford	Head of Organised Crime Division
Greg McGill/Grace Ononiwu	Legal Directors, CPS London
Alison Saunders	CCP London
Baljit Ubhey	CCP Thames & Chiltern
Sue Patten	Central Fraud Group
Judith Walker	CCP East Midlands
Paul Whittaker	CCP Merseyside & Cheshire
Wendy Williams	CCP North East
Simon Clements	Head of Welfare, Rural and Health Division

The Board met five times over the course of the year. The Directors' Group met six times. The Chief Crown Prosecutors Group met eight times. The Audit Committee ² four times and the first meeting of the Nominations and Governance Committee was held in March 2012.

Agendas were commensurate with the terms of reference for each level of the corporate governance.

6. Account of Corporate Governance

Each year the Board conducts an annual review of its effectiveness. This year's Review highlighted the following areas where it was felt that added value to Board effectiveness could be achieved:

• Adopt the key corporate governance principles suggested in the Cabinet Office's 'Corporate Governance Code' where appropriate;
• The re-designation of the established Audit Committee to an Audit and Risk Committee inline with the 'Corporate Governance Code';
• The Audit Committee to be strengthened through the addition of one further Non-Executive Board Member;
• The Board should add to its non-executive complement, to ensure that it has the right breadth of skills to deliver the Service's agreed priorities;
• The Board should agree a standing agenda that focuses on the four transformation programmes that underpin the Vision.

Action was taken against each of these headings across the course of the year. Notably Board capability was significantly enhanced by the recruitment of two new Non-Executive Board Members in July 2011 with significant private sector experience and skills in human resources and business improvement. One of these appointments took up membership of the Audit and Risk Committee, in accordance with our internal Review of Board effectiveness.

Since the internal Review, Board agendas have been standardised along the lines suggested.

After the publication of the revised Code of Good Practice for Corporate Governance in July 2011 the CPS Board considered its level of compliance at its September meeting. The CPS is not a department of government subject to the Protocol on enhanced departmental boards but has sought to adopt the practices set out in the Code of Good Practice wherever relevant and practical.

The Board was satisfied with its compliance in the following areas:

• Frequency of meetings;
• Ratio of executives to non-executives;
• Its focus on performance and delivery as part of its strategic leadership, for example, by the use of management information and performance databank evidence; through the introduction of a corporate Scorecard and accompanying assurance report, and Area weighted Core Quality Standards Monitoring dashboard and associated escalation process for poorer performers to come before the Board to discuss performance improvement and;
• The organisation of agendas around the Service's strategic objectives: Quality, Efficiency, T3/Digital Working and People;
• Transparency in communication of outcomes and Terms Of Reference of all corporate governance groups via the CPS website and internal Infonet;
• Ownership and management of risk as a regular agenda item;
• Non-Executive Board Member expertise – commercial/public sector;
• Delivery against reporting obligations; and
• Independent scrutiny via Capability Review self-assessment in January/February 2012.

The following changes were made in order to produce compliance:

• The Audit Committee was renamed the Audit and Risk Committee;
• A Nominations and Governance Committee was established;
• The Board introduced changes to work as a single entity with less presentation from executive Board members and more presentation from staff;
• It has assumed greater focus on strategic clarity and direction setting by being engaged with issues at an earlier stage of development and conducting two planning meetings in July 2011 and January 2012;
• Board agendas now contain routine consideration of reputational issues;
• A Non-Executive Board Member section is now included in the Annual Report; and
• The Board Secretariat has created a Board Operating Framework in accordance with good practice.

The CPS does not have a Secretary of State as Board Chair as advocated by the Code of Good Practice because of the statutory arrangements in place between the Director of Public Prosecutions and the Attorney General.

As a department not subject to the Protocol on enhanced departmental boards the CPS does not have a Lead Non-Executive Board Member. Instead it delegates thematic lead responsibilities to its Non-Executive Board Members, for example, human resources, business development, quality, and audit. A Non-Executive Board Member chairs the Audit and Risk Committee and the Nominations and Governance Committee. This is a proportionate and effective way of utilising the Non-Executive Board Member cadre.

Ensuring that the police and CPS, as the prosecution team, manage unused material in accordance with the statutory disclosure requirements has presented difficulties in some instances. It has been identified as a risk to successful outcomes and a small number of cases in which failures occurred have attracted media attention. An inquiry by Sir Christopher Rose into one such case highlighted particular issues that arise when undercover police officers are deployed. Other cases have demonstrated the difficulties in complying. Training on how to manage cases involving undercover officers has been developed and is being delivered to managers and lawyers. This training, and wider training on disclosure across the service, together with the mandated use of a new regime for disclosure management documents in complex cases, will assist the management of disclosure of unused material where the volume of material is substantial, particularly by utilising the use of electronic search terms to identify relevant and disclosable material.

7. CPS Corporate Risks

The Corporate Risk Register is aligned with the four strategic objectives of the CPS. The risks reflect the consequences of a significant reduction in resources across the criminal justice system over the current Spending Review period, and identify how we should engage with our criminal justice partners to face these challenges. The CPS Board is responsible for ensuring that there are appropriate risk management arrangements and that corporate risks are properly managed and includes a risk management champion. The Directors' Group, on behalf of the Board, undertakes regular and detailed oversight of the risk management capability and the management of key corporate risks. All corporate risk owners are Board or Directors Group Members.

• Quality ††
  • Fulfilling commitments to victims and witnesses;
  ††
  • The application of Core Quality Standards;
  ††
  • Engagement with and relevance to local communities;
  ††
  • Engagement with and influence on key stakeholders;
  ††
  • Our ability to respond effectively to changing patterns of crime;
  ††
  • Our ability to protect information;
• Efficiency
• Financial control and procurement;
††
• Ability and capacity of criminal justice partners to support us in delivering change;
• Digitisation
• Ability to continue to deliver the T3 programme, modernise processes and achieve cultural change;
• People
• Performance management;
• Engagement and motivation;
• Talent management.

The Directors' Group and the Board regularly monitor the risks through the corporate risk register and take mitigating action when necessary.

During the year no ministerial directions were given to the CPS.

8. HMCPSI

Her Majesty's Crown Prosecution Service Inspectorate (HMCPSI) is an independent statutory body reporting to the Attorney General, whose primary function is to promote the effectiveness, efficiency and value for money of the bodies it inspects.

HMCPSI priorities for inspection are set out in an annual Business Plan and it reports annually to the Attorney on the performance of the CPS in addition to other individual and thematic inspection reports.

The CPS takes account of HMCPSI's findings and seeks to ensure that its recommendations are implemented as appropriate.

9. Internal Audit

CPS has an in-house Internal Audit function that carries out a programme of work across the full range of CPS's activities.

Following completion of the programme for 2011-12 the Head of Internal Audit (HIA) reported his findings to the Audit and Risk Committee and gave his opinion on the system of internal control operating in CPS during the year, taking account of the work of his team and other sources of information, such as reviews by other assurance providers, including HMCPSI, and management's own Certificates of Assurance.

The HIA concluded that, generally, there are sound arrangements in place to ensure that the aims and objectives of the CPS are achieved and that controls within the major enabling and delivery systems had been maintained. However, he gave a limited assurance on the handling of unused material in light of Sir Christopher Rose's report into the Ratcliffe-on-Soar case, which is discussed above.

Notwithstanding this issue, he gave a positive overall assurance on the basis that:

• An appropriate governance and management structure in which roles, responsibilities are well defined, including ownership of key risks, comprehensive policies and good practice procedures is in place;
• CPS has clearly defined aims and objectives;
• Management's oversight of performance (including quality and budgets) and systems was sustained, reinforcing accountabilities and maintaining the established systems.

10. T3

The Government has set an ambition for the Criminal Justice System (CJS) to be able to exchange information digitally by April 2012. This target is the first stage in delivering a fully digital CJS. Digital working in the CJS will require changes in approach and culture of all those that work within it, including the police, the courts, the self employed bar and defence practitioners. The CPS is leading the transformation programme across the CJS.

Given the number of different agencies that are part of the CJS, as well as the various technologies and investment cycles governing these agencies and the different priorities and pressures for each, impressive progress has been made towards the common goal.

The CPS Board fully recognised the challenge faced by the department and the risks to effective service delivery that inevitably arose from such major innovation. The risks have been mitigated through the activities of comprehensive programme management and governance structures headed by the CPS Chief Executive.

The Board has overseen the delivery of the programme and regularly reviewed and challenged progress. I am pleased that these actions have been effective, service delivery has been maintained and the programme has been successful so far.

11. Introduction of the Streamlined Process

The Streamlined Process was introduced in 2008 by the CPS and the Association of Chief Police Officers. It was designed to reduce the amount of paperwork and thereby police officers' time spent in the preparation of cases dealt with in magistrates' courts, by giving officers guidance on how to build case files proportionate to the needs of a case.

In November 2011 NAO published a value for money report on the introduction of the Streamlined Process. It found that although the initiative held the promise of cutting police paperwork, saving money and freeing officers up for other tasks, without reducing the effectiveness of courts, there were wide differences between individual police forces in how far they were complying with the guidance and a lack of awareness among police officers about what to include in prosecution files.

The review found although the Streamlined Process had not yet achieved its full potential value for money, it had not had a negative impact on the progression of cases through the magistrates' courts.

The report recommended that when government departments design initiatives, they must bear in mind the powers of the national and local bodies that will be driving the initiatives forward and the relationships between those bodies.

12. SIRO Annual Assessment of Information Risk Management

The Data Handling Review (DHR), which incorporates written input from Information Asset Owners (IAOs), provides an annual assessment of information risk. This assessment supports the SIRO's written report to the Accounting Officer which in turn forms the basis of his assessment of information risk contained in this Governance Statement.

The written input from IAOs and the SIRO's report are key components of the reporting and audit process which ensures compliance with the DHR, legislation, HMG policy and other relevant guidance on information risk management.

In June 2011 the CPS formally reported to the Cabinet Office performance against the Security Policy Framework (SPF), Information Assurance Maturity Model (IAMM) and third party supplier (Logica) for its business critical system. A further assessment against the recently updated SPF (V7.0) mandatory requirements was carried out in January – March 2012.

During the last year CPS Information Risk Management governance arrangements have been improved and embedded as follows:

• Security, Information Assurance, Information Management and Information Skills policies have been put in place;
• Personnel Vetting, IT Security, and Information Handling arrangements with the Bar have been updated;
• Protecting Information e-learning has been given to all staff, with further training for Level E and above;
• Information Management Advisors (IMA’s) have received further training.

There have been three breaches of the Data Protection Act (DPA) that have been reported to the Information Commissioner's Office (ICO) during this period. In each instance the breach occurred as a result of the inadvertent disclosure of personal details to an unintended recipient. To date, the ICO has not yet made a decision on any of the reported incidents.

The breaches occurred as isolated incidents in different CPS Areas. As part of the ICO breach reporting process we provided a full account of the breach, mitigating action, details of any disciplinary action taken, full details on policies, practices and procedures in place and training undertaken by employees on the DPA.

The SIRO issued a Gateway notice (Sept 11) to Chief Crown Prosecutors (CCPs) and HQ Directors, advising them to ensure robust procedures were in place to prevent any future unauthorised disclosure of casework material, and that their staff are aware of their responsibilities.

Overall, CPS Information Risk Management within CPS is considered to be moderate. Whilst having previously been assessed as Good, it was felt that the recent breaches, whilst isolated incidents, should be reflected in the overall rating.

13. Reporting of Personal Data Related Incidents

Incidents, the disclosure of which would in itself create an unacceptable risk of harm, may be excluded in accordance with the exemptions contained in the Freedom of Information Act 2000 or may be subject to the limitations of the other UK information legislation.

Table 1: Summary Of Protected Personal Data Related Incidents Formally Reported To the Information Commissioner's Office in 2011 – 12

Three incidents were reported to the Information Commissioner.

1. Total Included Data Loss Incidents
   • Category Type I: Loss of inadequately protected electronic equipment, devices or paper documents from secured Government premises = 2 incidents
   • Category Type II: Loss of inadequately protected electronic equipment, devices or paper documents from outside secured Government premises = 7 incidents
   • Category Type III: Insecure disposal of inadequately protected electronic equipment, devices or paper documents = 0 incidents
   • Category Type IV: Unauthorised disclosure = 11 incidents
   • Category Type V: Other = 3 incidents
   • Total = 23 incidents
2. Lost/Stolen Blackberries = 4 incidents
3. Lost/Stolen Laptops = 0 incidents

Explanatory Note: The CPS handles approximately a million cases each year. Each case file makes several journeys, including to external solicitors and barristers. The CPS maintains standing guidance on data handling procedures and issues Gateway notices to remind staff of their obligations.

Included – 23 personal data incidents have been included as losses for the purposes of this report. The majority of these incidents involved poor handling of the data leading to inadvertent unauthorised disclosure to others.

Excluded - 30 incidents have been excluded from the report because the loss was very minor concerning a limited amount of personal data.

Lost/Stolen Laptops/Blackberries: The Laptops and Blackberries were all encrypted to the government standard.

14. Summary and conclusion

The governance framework has been in place at CPS for the year ended 31 March 2012 and up to the date of approval of the Annual Report and Accounts.

As Accounting Officer, I have reviewed the effectiveness of governance and control systems in the CPS. In discharging this responsibility I have been informed by the work of the internal auditors and the executive managers in the department who have responsibility for the development and maintenance of the governance and control framework, and comments made by the external auditors in their management letter and other reports.

In reviewing the effectiveness of the system of governance I have also been advised by the Board, the Audit and Risk Committee and the Directors' Group, and I am assured of plans to address weaknesses and ensure continuous improvement of the controls currently in place.

Assurance on the adequacy of the governance, management and controls has been provided by:

Independent

• The Audit Committee through feedback by its Chair (a Board member) and by review of the minutes of Audit Committee meetings and of the Committee's Annual Report.
• The Head of Internal Audit who provides an independent opinion on the adequacy and effectiveness of the department's system of internal control, and an opinion on significant control issues;
• The HM Crown Prosecution Service Inspectorate who provide an independent review of business efficiency and effectiveness;

Management

• The HQ Directors and Group Chairs completing a Certificate of Assurance that provides a specific and personal assurance based on a self assessment of the reliability of their key business systems and activities throughout the year;
• The Information Assurance Maturity Model (IAMM) and Major Supplier 3rd Party Assurance assessments;

Processes

• The results of the CQSM assessments and validation measures being discussed in quarterly APR meetings which are led by the Chief Operating Officer and held with CCPs and ABMs;
• Case auditors who are aligned to Areas and Casework Groups to provide support, training and advice on counsel fee and prosecution cost issues;

Alignment

• The alignment of the CQSM and APR performance framework with that of HMCPSI;
• Validation of Certificates of Assurance (CoA) when it is determined which HMCPSI Area Effectiveness reports have been published that cover the period in question.

 

Keir Starmer QC
Director of Public Prosecutions
22 June 2012

[1] From 1 January 2010, following the merger with Revenue and Customs Prosecutions Office, the CPS assumed prosecutorial responsibility for all cases investigated by the Serious & Organised Crime Agency, UK Border Agency and Her Majesty’s Revenue & Customs. From 1 September 2011 the prosecution function of the Department for Environment, Food and Rural Affairs (DEFRA) merged with the CPS. From 1 April 2012 the prosecution functions of the Department for Work and Pensions and Department of Health were assigned to the CPS.

[2] Renamed the Audit and Risk Committee to take account of the Code of Good Practice in February 2012.