Corporate governance report
Directors’ report
The Directors’ report provides information on the senior leadership of the CPS, including membership of the key governance bodies. It additionally reports on information security, including personal data related incidents that have been reported to the Information Commissioner’s Office (ICO).
Membership of boards and committees
April 2023 – March 2024 | Meetings | ||
|---|---|---|---|
Members | CPS Board | Audit and Risk Assurance Committee | Nominations, Leadership and Remuneration Committee |
Non-Executive Board Members | |||
| Simon Jeffreys Non-Executive Board Member | 7/8 | 4/4 CHAIR | – |
| Mark Hammond Non-Executive Board Member (to 2 July 2023) | 2/2 | 1/2 | – |
| Monica Burch Non-Executive Board Member | 8/8 CHAIR | – | 4/4 |
| Dr Subo Shanmuganathan Non-Executive Board Member | 7/8 | 2/4 | – |
| Kathryn Stone OBE Non-Executive Board Member | 5/8 | – | 1/2 CHAIR |
| Independent ARAC Members | |||
| Michael Dunn Non-Executive ARAC Member | – | 3/4 | – |
| Deborah Harris Non-Executive ARAC Member | – | 4/4 | – |
| Executive Board Members | |||
| Sir Max Hill KC Director of Public Prosecutions (to 31 October 2023) | 4/4 | 2/3 | 2/2 |
| Stephen Parkinson Director of Public Prosecutions (from 1 November 2023) | 4/4 | 1/1 | 2/2 |
| Rebecca Lawrence Chief Executive Officer (to 17 November 2023) | – | – | – |
| Sue Hemming Interim Chief Executive Office (to 30 April 2023) Director of Legal Services (to June 2023) 1 | 0/2 | 1/2 | – |
April 2023 – March 2024 | Meetings |
|---|---|
CPS Executive Group | |
| Stephen Parkinson Director of Public Prosecutions (from 1 November 2023) | 5/5 |
| Sir Max Hill KC Director of Public Prosecutions (to 31 October 2023) | 6/6 |
| Rebecca Lawerence Chief Executive Officer (to 17 Nov 2023) 1 | – |
| Gregor McGill Lead Director Legal Services from 01 May 2023. Previously Director of Legal Services 2 | 9/11 |
| Sue Hemming Interim Chief Executive Office (to 30 April 2023) Director of Legal Services (to 30 June 2023) 1 | 1/3 |
| Mark Gray Chief Digital and Information Officer (to 3 July 2023) | 3/3 |
| Dawn Brodrick Lead Director Corporate Services from 01 May 2023. Previously Chief People Officer 1 2 | 10/11 |
| Baljit Ubhey Director of Strategy and Policy | 11/11 |
| Steve Buckingham Chief Finance Officer | 10/11 |
| Sandra McKay Director of Communications (to 14 August 2023) | 3/3 |
| Grace Ononiwu Director of Legal Services | 10/11 |
| Tristan Bradshaw Interim Director Operational Change & Delivery | 9/11 |
| Mike Browne Interim Director of Communications (from 10 July 2023) | 7/8 |
| Matthew Cain Interim Chief Digital & Information Officer (from 26 June 2023) | 8/8 |
- Rebecca Lawrence was absent from the start of the Financial Year until 17 November 2023, and as a consequence the interim Chief Executive Officer took up the Additional Accounting Officer role until 30 April 2023. The Lead Director Corporate Services took up the Additional Accounting Officer role from 20 November 2023.
- Dawn Brodrick and Greg McGill were appointed Lead Director, Corporate Services and Lead Director, Legal Services respectively on 01 May 2023. They provided support at Board meetings.
Security and information assurance
The CPS adopts the security principles outlined in the Government Functional Standard (GOVS007). We report our adherence to the standard to the Cabinet Office every year in the Departmental Security Health Check (DSHC) and we are evaluated against the ‘Minimum Security Standards’ for Cyber, Incident Management, Personnel and Physical. In 2023, the Cabinet Office found that our overall rating was 100% compliant with the GOVS007 Standards (99.1% in 2022).
We work closely with the business to ensure all projects and programmes have suitable technical and organisational controls in place to maintain and enhance compliance with Data Protection principles and to protect individual rights. We work collegiately with specialist colleagues to support innovation whilst ensuring ‘security and privacy by design’, consulting the Regulator when necessary.
Our Knowledge & Information Management processes and procedures are well defined and embedded in all aspects of the department’s operational activity.
Cyber security
Our Cyber Security Team proactively leads the CPS’ identification of and response to cyber security threats and vulnerabilities.
An ongoing scheme of penetration testing has been implemented for internally developed digital solutions, alongside stress testing of our wider digital estate. This combination provides assurance that technological development balances delivery with security, identifying issues requiring mitigation before they become active incidents. Collaboration with our third-party providers and suppliers ensures that similar activities take place on their systems, to provide assurance and mitigate any vicarious threat.
The latter is dovetailed with enhancements to our supplier assurance processes, including the implementation of agreed onboarding guidance frameworks, streamlining the supplier acquisition process by making cyber requirements overt and simple, and removing ad-hoc decision making.
Our incident response capabilities are being strengthened through our ongoing acquisition of a new SOC/SIEM solution, which will bring monitoring, detection, alerting and remedial action directly within our control. Our new Cyber Threat Intelligence (CTI) programme aims to exploit these opportunities, by highlighting active exploits including zero-day attacks and vulnerabilities in real time, drawing upon a diverse range of source data to maximise value.
In 2023, we suffered one cyber-attack on the CPS’ website, which is managed by a third-party organisation. The attack was stopped within two hours and our website functionality was restored the same day. No CPS managed systems were targeted, and therefore no personal data was compromised.
We continue to actively engage with the wider security community across government, including membership of the National Cyber Security Centre’s Security Working Group (SWG) and chairing the Legal Sector’s SWG. Knowledge sharing is a key ambition of this engagement, and through close collaboration with the wider Civil Service, we ensure our approach is in line with wider governmental thinking and the Cyber Strategy.
Our Cyber Security Education Training and Awareness programme has been enhanced via a new, iterative strategy designed to streamline activity, enhance efficiency and maximise learning both for our people and the cyber training team, facilitating continuous improvement driven by evidence and data.
In summary, our holistic approach to cyber security — from fostering a culture of collective responsibility, implementing cutting-edge training programs, establishing rigorous governance over data and cyber risk, and successfully repelling over 10,000 cyber-attacks monthly — demonstrates our commitment to safeguarding all our key assets – our systems, data, and people – against the evolving landscape of cyber threats.
Operational security
The Operational Security Team (OST) continues to work with the business to ensure the rigorous application of security standards, as outlined in the GovS007 Functional Standard.
Locally based ‘Security & Information Managers (SIMs)’ have now been embedded across the department and provide a direct link with the OST who are responsible for their professional development. Local compliance with government security standards is reported annually to OST through our Security & Information Assurance Framework, which is aligned to the GovS007 minimum standards. This, in turn, forms the basis of our Departmental Security Health Check report to the Cabinet Office. The CPS’ performance in the DSHC remains of an extremely high standard; our results continue to improve year on year and our performance remains above average when compared with many other government departments.
This year we have undertaken 1,558 DBS clearances and 777 National Security Vetting clearances. Steps taken to further improve our performance include implementing a policy for sharing and transferring clearances held by UKSV to enable the faster onboarding of staff and contractors.
Business continuity
The CPS’ Business Continuity (BC) capabilities and resilience remain consistently strong, and their effectiveness are regularly tested.
In February 2024, we undertook an exercise to evaluate the Gold and Silver Teams’ (i.e. CPS’ Executive Group, HQ Directors and Deputy Directors) response to a targeted attack on the CPS and Criminal Justice Service across several CPS Areas. The exercise had a specific focus on the response and recovery aspects of the incident. The CPS has also participated in several cross-government exercises.
We review our BC plans as part of the testing regime or following a ‘live’ incident.
General Data Protection Regulation (GDPR) and Data Protection Act 2018
At the CPS we actively promote a security and information assurance culture across all aspects of our business – frontline operations, supply chain and third-party suppliers – through our operational and digital change and product development. Security and information assurance is an inherent responsibility of every member of staff and our contractors. To maintain this awareness the CPS runs an annual mandatory training programme. This bespoke training is updated each year to reflect organisational changes and user needs; in 2023 it included specific guidance on records management and retention aligned to the lifting of the Moratorium on Destruction (imposed during the Independent Inquiry into Child Sexual Abuse (IICSA)). The compliance rate for the 2023 training was 99%.
We continue to strengthen our data protection processes to maintain the integrity of the information we hold and remain compliant with relevant legislation. This year we reviewed our overarching ‘Data Protection Policy’, and our data protection policies and guidance are regularly reviewed by the Security and Information Assurance Division’s Policy Review Board. The Information Governance Group (IGG) retains overall responsibility for information assurance across the CPS; it reviews all proposed policy changes which involve significant differences in approach or where performance sits outside our risk tolerance.
Information assurance is well embedded across the CPS and has reached a level of maturity that ensures data protection impact assessments are integral to the development of new products and services. New and existing systems reflect data protection ‘by design and default’. Bespoke training is regularly provided to all Information Asset Owners to ensure consistent local management of key assets.
We continue to raise awareness of UK GDPR and DPA 2018 legal requirements and support cross-functional projects, especially in the AI and Innovation area. We intend examining the Data Sharing Agreement (DSA) process, to make it more efficient in the project delivery cycle. The CPS is aware of the potential changes that the Data Protection and Digital Information Bill might cause and participates in cross-government groups to ensure that the services we offer, and our data quality are not disrupted or compromised during any change.
The significant increases in the level of ‘Rights’ and Freedom of Information requests reflects a continued interest in the CPS’ work and how we managed the personal data entrusted to us. Whilst the nature of FOI requests was varied, many related to CPS policies or specific cases – both recent and historic.
Information assurance and compliance
The CPS compliance rate statistics for information requests are as follows:
| Freedom of Information Requests (FOIs) | 01 April 2023 to | 01 April 2022 to |
|---|---|---|
| Number received | 892 | 740 |
| Number responded within deadline (either 20 working days or PIT extension) | 812 | 648 |
| Compliance rate | 91% | 88% |
| Rights of Access Requests (ROARs) | 01 April 2023 to | 01 April 2022 to |
|---|---|---|
| Number received | 562 | 495 |
| Number responded to within deadline | 480 | 450 |
| Compliance rate | 85% | 91% |
| GDPR rights requests | 01 April 2023 to | 01 April 2022 to |
|---|---|---|
| Number received | 36 | 12 |
| Number responded to within deadline | 35 | 12 |
| Compliance rate | 97% | 100% |
CPS legacy case records for national interest
Under the Public Records Act 1958 public records bodies must select and transfer records for permanent preservation within statutory timeframes to The National Archives (TNA). The transition to a ‘20-year rule’ in 2013, means TNA should receive two years’ worth of CPS records each year until 2023.
The CPS currently transfers selected criminal case records to TNA. In the main these transfers are made on a ‘closed basis’ due to the sensitivities of the cases and the impact that release into the public domain could have on an individual’s physical or mental health.
The following table shows the CPS transfer position for the reporting year.
CPS Year | Transferred to TNA | Starting piece number | Ending piece number | Total number of pieces | Total number of |
|---|---|---|---|---|---|
CPS 1997 | January 2023 | 17,366 | 17,754 | 389 | 21 |
CPS 1998 | September 2023 | 17,755 | 18,585 | 831 | 26 |
CPS 1999 | November 2023 | 18,586 | 19,178 | 593 | 17 |
CPS 2000 | Ready, | 19,179 | 19,538 | 360 | 15 |
CPS 2001 | Ready, | 19,539 | 20,405 | 866 | 14 |
CPS 2002 | Selections made; |
|
|
| 11 |
CPS 2003 | Selections made; |
|
|
| 10 |
Personal data-related incidents
A summary of personal data-related incidents formally reported to the Information Commissioner’s Office (ICO) in 2023-24 is set out below.
Personal data incidents reported to the ICO in 2023-24:
| Date of incident (month) | Nature of incident | Nature of data involved | Number of people potentially affected | |
|---|---|---|---|---|
| April to June 2023 | None | None | 0 | None |
| July to September 2023 | None | None | 0 | None |
| October to December 2023 | 1 Data Handling Losses | Archived Case Files | 1 | Operational Security Notified and Breaches reported to the ICO. |
| January to March 2024 | None | None | 0 | None |
A summary of personal data incidents in 2023-24 is set out below.
Total personal data incidents in 2023-24:
| Category | Total reported in 2023-24 | Explanatory note |
|---|---|---|
| Data Handling Losses | 49 (76) | In all 49 of these incidents the data loss was very minor and recovered. |
| Unauthorised disclosure | 2,154 (2,445) | In 2,150 of these incidents, the data loss was very minor or retained within the criminal justice profession, who are bound to professional standards of data protection. |
| Lost/Stolen ICT Equipment | 34 (34) | In 30 of these incidents the devices were successfully deactivated; given the specific circumstances of the remaining four incidents, deactivation was not required. All devices were encrypted to the government standard; therefore, no CPS data was compromised. |
Statement of the Accounting Officer’s responsibilities
Under the Government Resources and Accounts Act 2000, HM Treasury has directed the CPS to prepare, for each financial year, accounts detailing the resources acquired, held or disposed of during the year and the use of resources by the Department during the year. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of the CPS and of its income and expenditure, Statement of Financial Position and cash flows for the financial year.
In preparing the accounts, the Accounting Officer is required to comply with the requirements of the Government Financial Reporting Manual and in particular to:
- observe the Accounts Direction issued by HM Treasury, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis;
- make judgements and estimates on a reasonable basis;
- state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed, and disclose and explain any material departures in the accounts;
- prepare the accounts on a going concern basis.
HM Treasury has appointed the Director of Public Prosecutions as Accounting Officer of the Department, and the Director of Public Prosecutions has appointed the Lead Director, Corporate Services as an Additional Accounting Officer. This appointment does not detract from the Director of Public Prosecutions’ overall responsibility as Accounting Officer for the Department’s accounts.
The responsibilities of an Accounting Officer, including responsibility for the propriety and regularity of the public finances for which the Accounting Officer is answerable, for keeping proper records and for safeguarding the CPS’ assets, are set out in Managing Public Money published by HM Treasury.
The Accounting Officer confirms that he has taken all the steps that he ought to have taken to make himself aware of any relevant audit information and to establish that the CPS’ auditors are aware of that information. So far as he is aware, there is no relevant audit information of which the auditors are unaware.
The Accounting Officer confirms that the Annual Report and Accounts as a whole is fair, balanced and understandable and he takes personal responsibility for the Annual Report and the judgements required for determining that it is fair, balanced and understandable.
Governance statement
This Governance Statement sets out the CPS’ governance, risk and assurance management and internal control framework and how, during 2023-24, we managed the significant risks to the achievement of our strategic objectives. We ensure that robust governance arrangements are in place to promote high performance and safeguard probity and regularity. The CPS is a Non-Ministerial Department that is not subject to the protocol on enhanced departmental boards but has sought to comply as far as possible with the practices set out in Cabinet Office’s and HM Treasury’s Corporate Governance Code of Good Practice. Details of attendance at the CPS’ boards and committees are given in the Directors’ report on pages 71 to 72.
Governance framework

The CPS Board
The primary function of the CPS Board is to agree the strategic direction and priorities for the CPS, and to provide a forum for constructive challenge on proposals and the implementation of decisions by the Executive Group. The Board plays a key role in ensuring that the CPS is equipped to provide a professional, efficient and high-quality service.
The Cabinet Office’s and HM Treasury’s Corporate Governance Code of Good Practice provides guidance on Board composition and remit. The role of the Board continues to be one that provides oversight of strategy and an assessment of delivery. The Board also has a role in the oversight of the talent and culture of the CPS, it monitors performance and outputs and provides leadership to the organisation.
Audit and Risk Assurance Committee (ARAC)
ARAC is accountable to the CPS Board. It has delegated responsibility and authority for advising the Board on key elements of effectiveness linked to risk management, assurance management and the framework of internal control. The ARAC also reviews the comprehensiveness and reliability of assurances provided by internal audit, external audit, and the Executive Group, and challenges where necessary when gaps in processes are identified and where weaknesses are exposed.
Nominations, Leadership and Remuneration Committee (NLRC)
NLRC is accountable to the CPS Board. It has delegated responsibility and authority for advising the Board on key elements of effectiveness linked to organisational culture and leadership strategies. This includes ensuring that leadership strategies and senior organisational design are fit for purpose and that there are robust systems in place to identify and develop senior leaders from diverse talent pools, draw up appropriate workforce and succession plans, and scrutinise incentive structures.
Executive Group (EG)
EG comprises the most senior members of CPS staff. It oversees the CPS’ overall performance and delivery and focuses on strategic leadership, management, direction, and ensuring the most effective prioritisation of resources. EG, as the executive management team of the CPS, informs and acts on decisions taken by the DPP and takes collective decisions on key corporate issues affecting the CPS.
Risk management
Risk management practices comply with the requirements of the Orange Book’s 5 principles. These principles are underpinned by processes designed to enhance our ability to identify and manage our risks across all levels. Our comprehensive management of risk allows us to inform business decisions, supports effective use of resources, and strengthens contingency planning.
Effective governance of the process allows for escalation and reporting of risk to appropriate tiers of management including the Finance, Performance and Risk Group, Executive Group, Audit, Risk & Assurance Committee, and the Board. Additionally, the Integrated Internal Audit programme and work of HM Crown Prosecution Service Inspectorate is informed by regular review of our strategic risk register to ensure adequate coverage of all key areas of risk.
During 2023-24, the CPS continued to strengthen its risk management framework and carried out the following key activities:
- CPS Executive Group reviewed and refreshed the Strategic Risk Register, ensuring that it remains current and adequately reflects the biggest areas of risk to the CPS’ strategic objectives.
- In the process EG re-assessed and updated CPS risk appetite and tolerance thresholds in line with updated guidance from HM Treasury, which set firm thresholds that help the CPS both focus attention on those risks close to or exceeding our organisational risk appetite while keeping control of its risk environment.
- All senior civil servants have undertaken specific mandatory training aimed at improving their understanding of and management of risk at all levels.
- In-depth reviews of risk returns are carried out quarterly, as well as regular deep dives into specific areas on a rolling basis. These activities measure the key risk themes coming from each CPS Area and Directorate and allow the Executive team to monitor the risk landscape at both a corporate and operational level.
- Papers going to Executive Group are tagged by key area of risk, allowing us to track the amount of our Executive Group’s attention dedicated to each area of strategic risk
Roles and responsibilities
The CPS Board has overall responsibility for our risk appetite, determining the amount and type of risk that we are willing to take to meet our strategic objectives.
The Director of Public Prosecutions is accountable to Parliament for ensuring that all risks are managed effectively. On his behalf, the Chief Finance Officer and the Risk Management Team coordinate the deployment of risk management arrangements, ensure consistency of approach, and periodically report the top risks to the Executive Group, Audit and Risk Assurance Committee and the Board.
Ownership of risk registers is assigned to relevant senior managers, and individual risks are owned by the most appropriate team or individual.
Corporate performance, including current risk and financial metrics, is reviewed monthly by the Finance, Performance and Risk Group, with a formal review of the top risks presented to the Executive Group on a quarterly basis to agree the required controls and mitigating actions required to reduce risks to within tolerance levels and to consider emerging issues.
The Audit and Risk Assurance Committee, which meets quarterly, provides oversight of all strategic risks, reviewing the status and the progress of mitigations identified by the risk owners.
The Board formally reviews key risks, and the risk landscape is used to inform the business strategy and the audit programmes to aid management in the delivery of business objectives.
Individual risks are assessed using approved Orange Book methodology and viewed through the lens of our risk appetite and tolerance statements. Any risk that falls outside of these pre-defined and agreed limits is given extra focus to ensure it returns to an acceptable risk score as quickly as possible.

CPS Risk themes:
- Capacity People & Resources
- Prosecution Casework
- Digital Technology
- Economic/Financial/Market
- Efficiency/Performance
- Fraud
- Governance & Assurance
- Health & Safety
- Law & Regulations
- Projects & Change
- Security & Information Management
- Service to Victims & Witnesses
- Service Delivery (other)
- Stakeholder Expectations (reputation)
Supply Chain Management
Our principal risks
Our risks are different to last year; therefore we have not indicated a direction of travel.
| Risk Theme | Risk Description | Key Activities to Manage Our Risk |
|---|---|---|
| Security | CPS data is lost or becomes inaccessible due to poor organisation of storage and retention policies. This could adversely impact the CPS’ operational performance and impede us in our statutory reporting obligations |
|
| Security | Information is disclosed that should not have been, resulting in damage to or collapse of a case, harm or threats of harm coming to witnesses and victims, and reputational damage to the CPS. |
|
| Security | Cyber security is compromised by cyber attack by criminals or foreign powers, leading to interference in our criminal justice system, loss of data and/or reputational damage. |
|
| Victims | Victims of rape and sexual offences lack trust in the CPS and wider criminal justice system to serve justice because the pace of change does not permit sufficient time to rigorously test and review proposed key changes |
|
| Victims | CPS performance is considered to be sub optimal with continuing scrutiny of rape and domestic abuse prosecutions. |
|
| Victims | CPS performance and outcomes for Victims – including casework improvement, support for victims, volumes of RASSO cases going to court, and the recruitment of specialist resource, digital capacity and capability and the success of Operation Soteria – does not improve in line with public expectations, leading to negative media coverage, a loss of public and stakeholder confidence, and significant reputational damage. |
|
| Operational Performance | There is a risk that there will be a worsening of performance and deterioration in standards of case preparation due to the impact of backlogs, the timeliness of decision-making, and ongoing pressures on operational teams. |
|
| Operational Performance | With declining criminal Bar capacity and insufficient sitting days, there will be inadequate coverage of hearings to allow for cases to be held as promptly as possible. |
|
| People | Recruitment: The CPS is not able to attract and recruit the required talent from the external market and require further investment to secure a robust internally grown resourcing pipeline. |
|
| People | Deployment: The CPS is unable to respond in an agile way to deploy people with the right skills to support CPS strategic casework priorities |
|
| People | Well-being: The CPS culture does not promote wellbeing and support people to thrive. |
|
| Corporate | The CPS does not maintain a trusted and effective relationship with the police and other strategic partners to achieve its strategic goals in successfully influencing cross-CJS change. | In 2023-24 we continue work to build the CPS’ organisational capability to work effectively with its partners and mitigate this risk. Activities this year are split into three areas: Capability
Targeted support for a specific sector
Targeted support for a specific issue
|
| Corporate | Multiple change projects taking place simultaneously may lead to change fatigue within the organisation, as well as competing priorities |
|
| Corporate | A Spending Review, new DPP and General Election are all coming close together, which risks significant changes to CPS’ strategic priorities and direction for which we are unprepared |
|
| Corporate | Risk of the CPS having insufficient funding, leading to breach of control totals, loss of reputation, tighter HMT controls, and/ or poorer justice outcomes |
|
| Corporate | Risk of the CPS having restricted access to its estate due to GPA underperformance, and wider impacts on value for money and IFRS 16 (leases) |
|
Identifying and managing conflicts of interest
The Civil Service Management Code sets out standards of propriety expected of civil servants in respect of external interests. The CPS has a policy in place for the declaration and management of interests for all staff, which includes declaration of any interests that may give rise to a conflict or perceived conflict of interest and adheres to the requirements of the Code.
In addition to the established processes in place for managing interests, an annual audit exercise takes place which requires all staff to make a declaration of any private, personal, or financial interests or, for those in SCS and equivalent grades and senior employees in a Commercial role, to make a nil declaration. Where a conflict or perceived conflict of interest arises, these will be recorded, considered assessed and managed by appropriate senior managers with the support of Risk and HR practitioners.
Business appointments
In compliance with business appointment rules, the CPS is transparent in the advice given to individual applications for senior staff, including special advisers. There was one SCS leaver in 2023-24 who required a BAR application and/or conditions set.
His Majesty’s Crown Prosecution Service Inspectorate
His Majesty’s Crown Prosecution Service Inspectorate inspects the Crown Prosecution Service and the Serious Fraud Office. It provides independently assessed evidence to help drive improvement and build public confidence in the prosecution process.
HMCPSI priorities for inspection are set out in an annual Business Plan and it reports annually to the Attorney General on the performance of the CPS, in addition to other individual and thematic inspection reports.
During 2023-24, HMCPSI completed nine inspections which are summarised below. The full responses from the CPS to the reports are available online at https://www.cps.gov.uk/publication/inspectorate-responses.
The effectiveness of Crown Prosecution Service policy and guidance for the handling of cases involving the National Referral Mechanism, 25 July 2023
Overall, the Inspectorate found our guidance to be effective and extensive. The report also commended the ongoing commitment by the CPS Strategy and Policy Directorate and Directorate of Legal Services Team, to proactively ensure the development of national policy and on-going revision to reflect changes, as a result of changing case law and legislation. It acknowledges the CPS’ commitment to ensuring Areas are kept up to date with the latest developments in county lines and modern slavery. There is also recognition of our close working relationships with Criminal Justice System colleagues to ensure our policies are aligned and complement each other, with a commitment to improve processes where possible.
There are four recommendations to address which relate solely to the CPS.
The Handling of Complaints, 23 August 2023
This report provides clear evidence that progress has been made since the last inspection on this issue and we are pleased that this has been recognised. HMCPSI has identified good practices and strengths (particularly in relation to putting things right/acknowledging mistakes, providing information on escalation, and appropriate empathy) and has made some positive findings on timeliness of responses. However, despite these elements and an overall improvement in the overall quality of our handling of complaints, the report has identified there is still much to do.
We welcome the findings and accept the recommendations. We will use these to continue to make improvements to both the quality and timeliness of our handling of complaints. We note that there are some aspects of our guidance, training, and use of data that could be improved to help us achieve this. We will give thorough consideration to the best way of implementing the recommendations.
There are five recommendations for the CPS to address.
Area Inspection Programme 2021-22 Composite Report, 21 September 2023
The report brings together the findings of inspections carried out across all 14 CPS Areas over the past two years to assess the quality of volume casework in magistrates’ court, Crown Court and rape and serious sexual offences (RASSO) teams.
This report acknowledges that good prosecutorial decisions are being made across the CPS in all case types, with the Code for Crown Prosecutors properly applied and the most appropriate charges selected. Further, it recognises the positive response the CPS has made in respect of RASSO casework over recent years.
Whilst this is encouraging, we recognise that performance needs to be consistent across all casework strands and regions, and we have more to do to improve the quality of case analysis and strategy, and disclosure decision-making.
As the report outlines, each Area inspection has been subject to a separate inspection report and work is ongoing to address areas for improvement. More widely, the CPS is currently running a 12-month programme to improve our approach to case strategy, during which we will be implementing ambitious change across five key areas:
- Culture
- Engagement with investigators
- Standards and training
- Roles and responsibilities
- Digital tools
CPS Induction Processes, 1 November 2023
The report notes the induction provided to new prosecutors is effective and equips them with the skills and knowledge to be able to carry out their roles. HMCPSI has identified good practices and strengths, particularly commending the buddy system and the supportive environment created by managers and colleagues that enables new starters to develop; and the overall induction training provided.
The report identified five issues to address.
Follow-up inspection: Custody Time Limits, 30 November 2023
The report recognises that we treat CTLs as a priority and continue to monitor and check these cases, even as the volume has increased to over 10,000 custody cases. It also acknowledges the ongoing challenges in managing CTLs due to the impacts of the pandemic and Bar action.
Despite the challenges, HMCPSI note there is still improvement to be made in fully embedding our monitoring system. It recommends that by 31 December 2023, we must embed the consistent use and updating of the CTL case progression log, (including recording the weekly assurance review on the case management system (CMS)) in all cases. By 31 March 2024 we must also have developed a system of assurance to evidence improvement and monitor compliance with CTL policies.
Meeting the needs of victims in the criminal justice system: An inspection of how well the police, the Crown Prosecution Service and the Probation Service support victims of crime, 19 December 2023
The report acknowledges that the police, the CPS and the Probation Service recognise the importance of meeting the needs of victims. The report also found examples of good communication both between the three bodies and with victims, as well as examples of good victim care. However, the report is clear that many victims do not receive a good quality service from the three agencies inspected.
The CPS agrees with the report’s assertion that improving victims’ experience of the criminal justice system is vital. The CPS’ Victim Transformation Programme, which is referenced in the report, aims to transform the service the CPS provides to every victim of crime. This will include the establishment of clear service standards for CPS victim communication and processes to ensure these measures are met consistently. Our ambition is for victims to feel informed, supported and empowered by the CPS.
We also want victims to experience a more joined-up service from the criminal justice system as a whole. The joint inspection report is clear that cross-justice system collaboration needs to improve, especially in terms of information sharing and communication. The CPS will continue to work closely with the Police and our other criminal justice partners to provide victims with a better quality of service, especially as we develop and implement the Victim Transformation Programme. It is important that we do not inadvertently create a more complex system for victims to navigate.
Interim findings report: Joint Case Building by the Police and Crown Prosecution Service, 25 January 2024
The relationship between the CPS and the Police is critical to the efficient and effective pursuit of justice and the functioning of the criminal justice system. The CPS very much welcomes the Criminal Justice Joint Inspection’s work examining this and the helpful pointers the early findings contained in the interim report highlight. In due course, we look forward seeing and considering the findings of phase 2 of the inspection and the recommendations that may arise out of that.
The CPS values highly its working relationship with policing. The interim report alludes to issues which are known and are already under joint consideration by both agencies, often through joint governance meetings, but we recognise that more work needs to be done to build on and improve culture, communication, and partnership.
Work has commenced through the Joint (Police and the CPS) Operational Improvement Board (JOIB) to explore the development of shared performance metrics, recognising that Policing and the CPS have separate statutory responsibilities, so (where possible) both can pursue shared success measures.
There are no recommendations/issues to address from the interim report. Publication of the full report is anticipated for June/July 2024.
Criminal Justice Joint Inspection (CJJI) – Efficiency spotlight report: The impact of recruitment and retention on the criminal justice system, 15 February 2024
The report identified two areas of focus for all agencies. The CPS provides its responses below and will continue to work with CJS partners to drive improvements.
1. All agencies should invest more in understanding why staff leave. The reasons will be different and varied across different roles and locations within each agency as well as across the CJS. Agencies should use this information to inform future changes to improve recruitment and retention and ensure that the right support and incentives are in place to retain staff.
CPS Response: Work had already begun on this area prior to the inspection, and we are pleased to confirm that our updated employee leaver questionnaire is in place with a new process on exit interviews to follow shortly as part of our new, dedicated retention strategy.
2. All agencies should regularly review caseloads, capacity, capability, and productivity. This will help to ensure there is adequate supervision and support for staff across the CJS.
Inspection of Crown Prosecution Service actions in the Valdo Calocane case, 25 March 2024
The report found that overall, we had met our obligations to the bereaved families under the Victims’ Code of Practice and the Bereaved Family Scheme. There was one recommendation for the CPS to undertake a review of guidance relating to victims’ engagement.
Commercial arrangements
The CPS Commercial Policy sets out the governance procedures and protocols for all commercial activity, ensuring we can demonstrate compliance with Public Contract Regulations (2015), Cabinet Office, Central Data and Digital office spend controls and delegated authority limits.
Our Policy and Governance team have supported implementation of the Policy across the CPS including the roll out of a comprehensive training program which commenced during FY 2021‑22, and which has continued throughout FY’s 2022-23 and 2023-24.
Commercial Policy is under-pinned by a robust approval framework with commercial board gateway meetings (weekly) which assure all commercial activity (through the Define, Procure and Manage phases of the Commercial lifecycle). The introduction of strategic sourcing specialisms has enabled early engagement with the business to identify and understand their current (and where appropriate) future needs, generating a better understanding of requirements and supporting the construction of a Commercial Pipeline, which is published (for market awareness) through our portal and refreshed on a quarterly basis.
The Commercial Function is integral to corporate governance and risk management, supporting the drafting and submission of Business Cases through Investment and Spend Approval processes, ensuring Commercial Risks are identified and evaluated at the planning activity phase to enable the right mitigation to be implemented and monitored throughout the commercial lifecycle.
The commercial function is represented on internal governance boards to provide commercial insight and oversight, ensuring that compliance is assessed and evaluated and to ensure competitive tension is achieved (making the opportunity sufficiently attractive to the market to secure the most advantageous value for money outcomes).
We are undertaking rigorous and comprehensive delivery market capability assessments (make versus buy evaluations), performing more frequent (and more effective) pre-market engagement to assess what can be performed and/or delivered (together with more accurate should cost modelling to understand the likely economic and financial implications). We continue to perform proactive contract management on our gold and silver tier arrangements in line with the Government Commercial Function Standards.
We have also provided our team invaluable insight by harnessing our prosecution colleagues’ experiences to bring some of the complex crimes to life. This had a real impact on our commercial team as it highlighted how important the work, they are doing with our supply chain is to ensure vulnerable workers are protected and exploitation is eradicated.
The new National Procurement Regulations are being implemented (legislation) in Q3 FY 2024-25, (Reform Go Live date proposal is 28/10/2024) with the 6-month implementation period expected to commence in the last week in April. The team are currently undertaking a comprehensive training program and updating our processes, procedures, protocols and systems to ensure that we are able to operate compliantly with the requirements of the new regime.
Review of effectiveness
The Accounting Officer has responsibility for reviewing the effectiveness of the system of internal control in the CPS.
His review is informed by the work of Internal Audit and members of EG, which has responsibility for the development and maintenance of the internal control framework, and comments and recommendations made by the external auditors in their annual management letter and other reports.
The Lead Director, Corporate Services has acted as the Additional Accounting Officer of the CPS during this period.
Assurance audits
The CPS uses the Government Internal Audit Agency (GIAA) to provide objective insight aimed at helping achieve better outcomes and value for money for the public. In 2023-24 GIAA assessed the overall level of assurance in the CPS as a whole to be ‘moderate’. This reflects that some improvements were identified to further enhance the adequacy and effectiveness of the framework of governance, risk management and control.
Internal Audit use a four-point scale in assessing the level of assurance:
| Substantial | The framework of governance, risk management and control is adequate and effective. | |
|---|---|---|
| Moderate | Some improvements are required to enhance the adequacy and effectiveness of the framework of governance, risk management and control. | |
| Limited | There are significant weaknesses in the framework of governance, risk management and control such that it could be or could become inadequate and ineffective. | |
| Unsatisfactory | There are fundamental weaknesses in the framework of governance, risk management and control such that it is inadequate and ineffective or is likely to fail. |
The following table represents the high-level outcomes achieved for each of the areas audited during 2023-24:
Area of inspection | Outcome from review of effectiveness | Date report finalised |
|---|---|---|
Digital Supplier Disaggregation | LIMITED | May 2023 |
Freedom of Information | MODERATE | August 2023 |
Records Management | MODERATE | January 2024 |
Prosecution Costs | MODERATE | April 2024 |
Risk Management | MODERATE | April 2024 |
Interim Staff Expenditure | LIMITED | April 2024 |
Witness Expenses | SUBSTANTIAL | April 2024 |
Governance | MODERATE | April 2024 |
Based on the above, it is concluded that there were some limited weaknesses in the CPS’ governance and control framework that affected achievement of its strategic objectives in 2023‑24, but that these can be rectified through actioning GIAA’s recommendations.
Advisory audits
As well as the above assurance audits, the GIAA also conducted one advisory audit during 2023‑24. Advisory audits involve GIAA working together with subject matter experts from across the CPS in an advisory role and are not subject to an opinion. The advisory audit carried out in 2023‑24 was in respect of Productivity & Efficiency, with the report being issued in April 2024.