Skip to main content

Corporate governance report

Directors’ report

The Directors’ report provides information on the senior leadership of the CPS, including membership of the key governance bodies. It additionally reports on information security, including personal data related incidents that have been reported to the Information Commissioner’s Office (ICO).

Membership of boards and committees

April 2023 – March 2024

Meetings

Members

CPS Board

Audit and Risk Assurance Committee

Nominations, Leadership and Remuneration Committee

Non-Executive Board Members

Simon Jeffreys
Non-Executive Board Member

7/8

4/4 CHAIR

Mark Hammond
Non-Executive Board Member
(to 2 July 2023)

2/2

1/2

Monica Burch
Non-Executive Board Member

8/8 CHAIR

4/4

Dr Subo Shanmuganathan
Non-Executive Board Member

7/8

2/4

Kathryn Stone OBE
Non-Executive Board Member

5/8

1/2 CHAIR

Independent ARAC Members
Michael Dunn
Non-Executive ARAC Member

3/4

Deborah Harris
Non-Executive ARAC Member

4/4

Executive Board Members
Sir Max Hill KC
Director of Public Prosecutions
(to 31 October 2023)

4/4

2/3

2/2

Stephen Parkinson
Director of Public Prosecutions
(from 1 November 2023)

4/4

1/1

2/2

Rebecca Lawrence
Chief Executive Officer
(to 17 November 2023)

Sue Hemming
Interim Chief Executive Office
(to 30 April 2023)
Director of Legal
Services (to June 2023) 1

0/2

1/2

April 2023 – March 2024

Meetings

CPS Executive Group

Stephen Parkinson
Director of Public Prosecutions
(from 1 November 2023)

5/5

Sir Max Hill KC
Director of Public Prosecutions
(to 31 October 2023)

6/6

Rebecca Lawerence
Chief Executive Officer
(to 17 Nov 2023) 1

Gregor McGill
Lead Director Legal Services from 01 May 2023.
Previously Director of Legal Services 2

9/11

Sue Hemming
Interim Chief Executive Office (to 30 April 2023)
Director of Legal Services (to 30 June 2023) 1

1/3

Mark Gray
Chief Digital and Information Officer
(to 3 July 2023)

3/3

Dawn Brodrick
Lead Director Corporate Services from 01 May 2023.
Previously Chief People Officer 1 2

10/11

Baljit Ubhey
Director of Strategy and Policy

11/11

Steve Buckingham
Chief Finance Officer

10/11

Sandra McKay
Director of Communications
(to 14 August 2023)

3/3

Grace Ononiwu
Director of Legal Services

10/11

Tristan Bradshaw
Interim Director Operational Change & Delivery

9/11

Mike Browne
Interim Director of Communications
(from 10 July 2023)

7/8

Matthew Cain
Interim Chief Digital & Information Officer
(from 26 June 2023)

8/8

  1. Rebecca Lawrence was absent from the start of the Financial Year until 17 November 2023, and as a consequence the interim Chief Executive Officer took up the Additional Accounting Officer role until 30 April 2023. The Lead Director Corporate Services took up the Additional Accounting Officer role from 20 November 2023.
  2. Dawn Brodrick and Greg McGill were appointed Lead Director, Corporate Services and Lead Director, Legal Services respectively on 01 May 2023. They provided support at Board meetings.

Security and information assurance

The CPS adopts the security principles outlined in the Government Functional Standard (GOVS007). We report our adherence to the standard to the Cabinet Office every year in the Departmental Security Health Check (DSHC) and we are evaluated against the ‘Minimum Security Standards’ for Cyber, Incident Management, Personnel and Physical. In 2023, the Cabinet Office found that our overall rating was 100% compliant with the GOVS007 Standards (99.1% in 2022).

We work closely with the business to ensure all projects and programmes have suitable technical and organisational controls in place to maintain and enhance compliance with Data Protection principles and to protect individual rights. We work collegiately with specialist colleagues to support innovation whilst ensuring ‘security and privacy by design’, consulting the Regulator when necessary.

Our Knowledge & Information Management processes and procedures are well defined and embedded in all aspects of the department’s operational activity.

Cyber security

Our Cyber Security Team proactively leads the CPS’ identification of and response to cyber security threats and vulnerabilities.

An ongoing scheme of penetration testing has been implemented for internally developed digital solutions, alongside stress testing of our wider digital estate. This combination provides assurance that technological development balances delivery with security, identifying issues requiring mitigation before they become active incidents. Collaboration with our third-party providers and suppliers ensures that similar activities take place on their systems, to provide assurance and mitigate any vicarious threat.

The latter is dovetailed with enhancements to our supplier assurance processes, including the implementation of agreed onboarding guidance frameworks, streamlining the supplier acquisition process by making cyber requirements overt and simple, and removing ad-hoc decision making.

Our incident response capabilities are being strengthened through our ongoing acquisition of a new SOC/SIEM solution, which will bring monitoring, detection, alerting and remedial action directly within our control. Our new Cyber Threat Intelligence (CTI) programme aims to exploit these opportunities, by highlighting active exploits including zero-day attacks and vulnerabilities in real time, drawing upon a diverse range of source data to maximise value.

In 2023, we suffered one cyber-attack on the CPS’ website, which is managed by a third-party organisation. The attack was stopped within two hours and our website functionality was restored the same day. No CPS managed systems were targeted, and therefore no personal data was compromised.

We continue to actively engage with the wider security community across government, including membership of the National Cyber Security Centre’s Security Working Group (SWG) and chairing the Legal Sector’s SWG. Knowledge sharing is a key ambition of this engagement, and through close collaboration with the wider Civil Service, we ensure our approach is in line with wider governmental thinking and the Cyber Strategy.

Our Cyber Security Education Training and Awareness programme has been enhanced via a new, iterative strategy designed to streamline activity, enhance efficiency and maximise learning both for our people and the cyber training team, facilitating continuous improvement driven by evidence and data.

In summary, our holistic approach to cyber security — from fostering a culture of collective responsibility, implementing cutting-edge training programs, establishing rigorous governance over data and cyber risk, and successfully repelling over 10,000 cyber-attacks monthly — demonstrates our commitment to safeguarding all our key assets – our systems, data, and people – against the evolving landscape of cyber threats.

Operational security

The Operational Security Team (OST) continues to work with the business to ensure the rigorous application of security standards, as outlined in the GovS007 Functional Standard.

Locally based ‘Security & Information Managers (SIMs)’ have now been embedded across the department and provide a direct link with the OST who are responsible for their professional development. Local compliance with government security standards is reported annually to OST through our Security & Information Assurance Framework, which is aligned to the GovS007 minimum standards. This, in turn, forms the basis of our Departmental Security Health Check report to the Cabinet Office. The CPS’ performance in the DSHC remains of an extremely high standard; our results continue to improve year on year and our performance remains above average when compared with many other government departments.

This year we have undertaken 1,558 DBS clearances and 777 National Security Vetting clearances. Steps taken to further improve our performance include implementing a policy for sharing and transferring clearances held by UKSV to enable the faster onboarding of staff and contractors.

Business continuity

The CPS’ Business Continuity (BC) capabilities and resilience remain consistently strong, and their effectiveness are regularly tested.

In February 2024, we undertook an exercise to evaluate the Gold and Silver Teams’ (i.e. CPS’ Executive Group, HQ Directors and Deputy Directors) response to a targeted attack on the CPS and Criminal Justice Service across several CPS Areas. The exercise had a specific focus on the response and recovery aspects of the incident. The CPS has also participated in several cross-government exercises.

We review our BC plans as part of the testing regime or following a ‘live’ incident.

General Data Protection Regulation (GDPR) and Data Protection Act 2018

At the CPS we actively promote a security and information assurance culture across all aspects of our business – frontline operations, supply chain and third-party suppliers – through our operational and digital change and product development. Security and information assurance is an inherent responsibility of every member of staff and our contractors. To maintain this awareness the CPS runs an annual mandatory training programme. This bespoke training is updated each year to reflect organisational changes and user needs; in 2023 it included specific guidance on records management and retention aligned to the lifting of the Moratorium on Destruction (imposed during the Independent Inquiry into Child Sexual Abuse (IICSA)). The compliance rate for the 2023 training was 99%.

We continue to strengthen our data protection processes to maintain the integrity of the information we hold and remain compliant with relevant legislation. This year we reviewed our overarching ‘Data Protection Policy’, and our data protection policies and guidance are regularly reviewed by the Security and Information Assurance Division’s Policy Review Board. The Information Governance Group (IGG) retains overall responsibility for information assurance across the CPS; it reviews all proposed policy changes which involve significant differences in approach or where performance sits outside our risk tolerance.

Information assurance is well embedded across the CPS and has reached a level of maturity that ensures data protection impact assessments are integral to the development of new products and services. New and existing systems reflect data protection ‘by design and default’. Bespoke training is regularly provided to all Information Asset Owners to ensure consistent local management of key assets.

We continue to raise awareness of UK GDPR and DPA 2018 legal requirements and support cross-functional projects, especially in the AI and Innovation area. We intend examining the Data Sharing Agreement (DSA) process, to make it more efficient in the project delivery cycle. The CPS is aware of the potential changes that the Data Protection and Digital Information Bill might cause and participates in cross-government groups to ensure that the services we offer, and our data quality are not disrupted or compromised during any change.

The significant increases in the level of ‘Rights’ and Freedom of Information requests reflects a continued interest in the CPS’ work and how we managed the personal data entrusted to us. Whilst the nature of FOI requests was varied, many related to CPS policies or specific cases – both recent and historic.

Information assurance and compliance

The CPS compliance rate statistics for information requests are as follows:

Freedom of Information Requests (FOIs)

01 April 2023 to
31 March 2024

01 April 2022 to
31 March 2023

Number received

892

740

Number responded within deadline (either 20 working days or PIT extension)

812

648

Compliance rate

91%

88%

Rights of Access Requests (ROARs)

01 April 2023 to
31 March 2024

01 April 2022 to
31 March 2023

Number received

562

495

Number responded to within deadline

480

450

Compliance rate

85%

91%

GDPR rights requests

01 April 2023 to
31 March 2024

01 April 2022 to
31 March 2023

Number received

36

12

Number responded to within deadline

35

12

Compliance rate

97%

100%

CPS legacy case records for national interest

Under the Public Records Act 1958 public records bodies must select and transfer records for permanent preservation within statutory timeframes to The National Archives (TNA). The transition to a ‘20-year rule’ in 2013, means TNA should receive two years’ worth of CPS records each year until 2023.

The CPS currently transfers selected criminal case records to TNA. In the main these transfers are made on a ‘closed basis’ due to the sensitivities of the cases and the impact that release into the public domain could have on an individual’s physical or mental health.

The following table shows the CPS transfer position for the reporting year.

CPS Year

Transferred to TNA

Starting piece number

Ending piece number

Total number of pieces

Total number of 
criminal case files

CPS 1997

January 2023

17,366

17,754

389

21

CPS 1998

September 2023

17,755

18,585

831

26

CPS 1999

November 2023

18,586

19,178

593

17

CPS 2000

Ready,
due for transfer July 2024

19,179

19,538

360

15

CPS 2001

Ready,
due for transfer December 2024

19,539

20,405

866

14

CPS 2002

Selections made;
preparation work in progress

 

 

 

11

CPS 2003

Selections made;
preparation work to be progressed

 

 

 

10

Personal data-related incidents

A summary of personal data-related incidents formally reported to the Information Commissioner’s Office (ICO) in 2023-24 is set out below.

Personal data incidents reported to the ICO in 2023-24:

Date of incident (month)Nature of incidentNature of data involvedNumber of people potentially affected
April to June 2023NoneNone0None
July to September 2023NoneNone0None
October to December 20231 Data Handling LossesArchived Case Files1Operational Security Notified and Breaches reported to the ICO.
January to March 2024NoneNone0None

A summary of personal data incidents in 2023-24 is set out below.

Total personal data incidents in 2023-24:

Category

Total reported in 2023-24
(Total reported in (2022-23)

Explanatory note
Data Handling Losses

49 (76)

In all 49 of these incidents the data loss was very minor and recovered.
Unauthorised disclosure

2,154 (2,445)

In 2,150 of these incidents, the data loss was very minor or retained within the criminal justice profession, who are bound to professional standards of data protection.
Lost/Stolen ICT Equipment

34 (34)

In 30 of these incidents the devices were successfully deactivated; given the specific circumstances of the remaining four incidents, deactivation was not required. All devices were encrypted to the government standard; therefore, no CPS data was compromised.

Statement of the Accounting Officer’s responsibilities

Under the Government Resources and Accounts Act 2000, HM Treasury has directed the CPS to prepare, for each financial year, accounts detailing the resources acquired, held or disposed of during the year and the use of resources by the Department during the year. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of the CPS and of its income and expenditure, Statement of Financial Position and cash flows for the financial year.

In preparing the accounts, the Accounting Officer is required to comply with the requirements of the Government Financial Reporting Manual and in particular to:

  • observe the Accounts Direction issued by HM Treasury, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis;
  • make judgements and estimates on a reasonable basis;
  • state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed, and disclose and explain any material departures in the accounts;
  • prepare the accounts on a going concern basis.

HM Treasury has appointed the Director of Public Prosecutions as Accounting Officer of the Department, and the Director of Public Prosecutions has appointed the Lead Director, Corporate Services as an Additional Accounting Officer. This appointment does not detract from the Director of Public Prosecutions’ overall responsibility as Accounting Officer for the Department’s accounts.

The responsibilities of an Accounting Officer, including responsibility for the propriety and regularity of the public finances for which the Accounting Officer is answerable, for keeping proper records and for safeguarding the CPS’ assets, are set out in Managing Public Money published by HM Treasury.

The Accounting Officer confirms that he has taken all the steps that he ought to have taken to make himself aware of any relevant audit information and to establish that the CPS’ auditors are aware of that information. So far as he is aware, there is no relevant audit information of which the auditors are unaware.

The Accounting Officer confirms that the Annual Report and Accounts as a whole is fair, balanced and understandable and he takes personal responsibility for the Annual Report and the judgements required for determining that it is fair, balanced and understandable.

Governance statement

This Governance Statement sets out the CPS’ governance, risk and assurance management and internal control framework and how, during 2023-24, we managed the significant risks to the achievement of our strategic objectives. We ensure that robust governance arrangements are in place to promote high performance and safeguard probity and regularity. The CPS is a Non-Ministerial Department that is not subject to the protocol on enhanced departmental boards but has sought to comply as far as possible with the practices set out in Cabinet Office’s and HM Treasury’s Corporate Governance Code of Good Practice. Details of attendance at the CPS’ boards and committees are given in the Directors’ report on pages 71 to 72.

Governance framework

The Governance framework comprises of the CPS Board, chaired by LNEBM, the Audit and Risk Assurance Committee, chaired by a Non-Executive Board Member. the Executive Group, chaired by the DPP. and the Nominations Leadership and Remuneration Committee, chaired by a Non-Executive Board Member.

The CPS Board

The primary function of the CPS Board is to agree the strategic direction and priorities for the CPS, and to provide a forum for constructive challenge on proposals and the implementation of decisions by the Executive Group. The Board plays a key role in ensuring that the CPS is equipped to provide a professional, efficient and high-quality service.

The Cabinet Office’s and HM Treasury’s Corporate Governance Code of Good Practice provides guidance on Board composition and remit. The role of the Board continues to be one that provides oversight of strategy and an assessment of delivery. The Board also has a role in the oversight of the talent and culture of the CPS, it monitors performance and outputs and provides leadership to the organisation.

Audit and Risk Assurance Committee (ARAC)

ARAC is accountable to the CPS Board. It has delegated responsibility and authority for advising the Board on key elements of effectiveness linked to risk management, assurance management and the framework of internal control. The ARAC also reviews the comprehensiveness and reliability of assurances provided by internal audit, external audit, and the Executive Group, and challenges where necessary when gaps in processes are identified and where weaknesses are exposed.

Nominations, Leadership and Remuneration Committee (NLRC)

NLRC is accountable to the CPS Board. It has delegated responsibility and authority for advising the Board on key elements of effectiveness linked to organisational culture and leadership strategies. This includes ensuring that leadership strategies and senior organisational design are fit for purpose and that there are robust systems in place to identify and develop senior leaders from diverse talent pools, draw up appropriate workforce and succession plans, and scrutinise incentive structures.

Executive Group (EG)

EG comprises the most senior members of CPS staff. It oversees the CPS’ overall performance and delivery and focuses on strategic leadership, management, direction, and ensuring the most effective prioritisation of resources. EG, as the executive management team of the CPS, informs and acts on decisions taken by the DPP and takes collective decisions on key corporate issues affecting the CPS.

Risk management

Risk management practices comply with the requirements of the Orange Book’s 5 principles. These principles are underpinned by processes designed to enhance our ability to identify and manage our risks across all levels. Our comprehensive management of risk allows us to inform business decisions, supports effective use of resources, and strengthens contingency planning.

Effective governance of the process allows for escalation and reporting of risk to appropriate tiers of management including the Finance, Performance and Risk Group, Executive Group, Audit, Risk & Assurance Committee, and the Board. Additionally, the Integrated Internal Audit programme and work of HM Crown Prosecution Service Inspectorate is informed by regular review of our strategic risk register to ensure adequate coverage of all key areas of risk.

During 2023-24, the CPS continued to strengthen its risk management framework and carried out the following key activities:

  • CPS Executive Group reviewed and refreshed the Strategic Risk Register, ensuring that it remains current and adequately reflects the biggest areas of risk to the CPS’ strategic objectives.
  • In the process EG re-assessed and updated CPS risk appetite and tolerance thresholds in line with updated guidance from HM Treasury, which set firm thresholds that help the CPS both focus attention on those risks close to or exceeding our organisational risk appetite while keeping control of its risk environment.
  • All senior civil servants have undertaken specific mandatory training aimed at improving their understanding of and management of risk at all levels.
  • In-depth reviews of risk returns are carried out quarterly, as well as regular deep dives into specific areas on a rolling basis. These activities measure the key risk themes coming from each CPS Area and Directorate and allow the Executive team to monitor the risk landscape at both a corporate and operational level.
  • Papers going to Executive Group are tagged by key area of risk, allowing us to track the amount of our Executive Group’s attention dedicated to each area of strategic risk

Roles and responsibilities

The CPS Board has overall responsibility for our risk appetite, determining the amount and type of risk that we are willing to take to meet our strategic objectives.

The Director of Public Prosecutions is accountable to Parliament for ensuring that all risks are managed effectively. On his behalf, the Chief Finance Officer and the Risk Management Team coordinate the deployment of risk management arrangements, ensure consistency of approach, and periodically report the top risks to the Executive Group, Audit and Risk Assurance Committee and the Board.

Ownership of risk registers is assigned to relevant senior managers, and individual risks are owned by the most appropriate team or individual.

Corporate performance, including current risk and financial metrics, is reviewed monthly by the Finance, Performance and Risk Group, with a formal review of the top risks presented to the Executive Group on a quarterly basis to agree the required controls and mitigating actions required to reduce risks to within tolerance levels and to consider emerging issues.

The Audit and Risk Assurance Committee, which meets quarterly, provides oversight of all strategic risks, reviewing the status and the progress of mitigations identified by the risk owners.

The Board formally reviews key risks, and the risk landscape is used to inform the business strategy and the audit programmes to aid management in the delivery of business objectives.

Individual risks are assessed using approved Orange Book methodology and viewed through the lens of our risk appetite and tolerance statements. Any risk that falls outside of these pre-defined and agreed limits is given extra focus to ensure it returns to an acceptable risk score as quickly as possible.

CPS Risk themes:

  • Capacity People & Resources
  • Prosecution Casework
  • Digital Technology
  • Economic/Financial/Market
  • Efficiency/Performance
  • Fraud
  • Governance & Assurance
  • Health & Safety
  • Law & Regulations
  • Projects & Change
  • Security & Information Management
  • Service to Victims & Witnesses
  • Service Delivery (other)
  • Stakeholder Expectations (reputation)
  • Supply Chain Management

     

Our principal risks

Our risks are different to last year; therefore we have not indicated a direction of travel.

Risk ThemeRisk DescriptionKey Activities to Manage Our Risk
SecurityCPS data is lost or becomes inaccessible due to poor organisation of storage and retention policies. This could adversely impact the CPS’ operational performance and impede us in our statutory reporting obligations
  • The CPS has a security baseline that is based on the defence in depth principle. This is based on operational and cyber security controls such as authentication measures, secure architecture, vulnerability management and monitoring/auditing of CPS systems.
  • A continual programme of protective monitoring and threat hunting is performed on the CPS network with helpful updates/advisories from NCSC and GSG on immediate alerts of cyber incidents/ vulnerabilities. We have also implemented a new technology which actively looks for and blocks threats to the CPS domain.
  • All ICT procurement requires that suppliers provide a security-assured service. Further security assurance is sought from suppliers by way of Security Working Groups, and performance and assurance boards.
  • A rolling phishing simulation programme has been implemented and ongoing across to all CPS users. Simulations are actively sent out to all users with the aim of providing education and awareness of current threats and trends the CPS staff face. The successful launch of a Phishing Hub on the intranet now helps provide a consistent source of accurate information and awareness material.
SecurityInformation is disclosed that should not have been, resulting in damage to or collapse of a case, harm or threats of harm coming to witnesses and victims, and reputational damage to the CPS.
  • Improved breach management processes within Areas to respond quickly and notify key partners (policing, defence where relevant) of any issue that arises, to reduce the risk to the data subject.
  • Close collaboration and strengthening relationships with ICO, to reduce the impact on the CPS of any breaches that occur.
  • The Casework App (previously known as Polaris) presents information in a user-friendly way, with intelligent search functionality providing context as well as information. This makes redaction more straightforward, as well as helping Prosecutors process case information in a simpler way – it has been completely designed through user research.
  • Establishment of a Data Assurance forum involving both legal and non-legal staff.
  • Despite these mitigations, it should be recognised that the potential impact of disclosure of sensitive case information on the lives of individuals remains significant.
SecurityCyber security is compromised by cyber attack by criminals or foreign powers, leading to interference in our criminal justice system, loss of data and/or reputational damage.
  • The CPS has a security baseline that is based on the defence in depth principle which aids to mitigate this risk. This is based on operational and cyber security controls such as authentication measures, secure architecture, vulnerability management and monitoring/auditing of CPS systems.
  • A continual programme of protective monitoring and threat hunting is performed on the CPS network with helpful updates and advisories on immediate alerts of any cyber incidents or vulnerabilities.
  • The CPS has created and developed playbooks and a cyber incident response plans. These are tested and exercised to ensure integration into business/operational incident responses plans and processes.
  • In-house capability being strengthened, both in the cyber security team itself and in the teams running elements of the core service.
VictimsVictims of rape and sexual offences lack trust in the CPS and wider criminal justice system to serve justice because the pace of change does not permit sufficient time to rigorously test and review proposed key changes
  • Extensive programme of stakeholder engagement established improving confidence of stakeholders in work undertaken by the CPS on RASSO. DPP direct engagement with senior partners a feature of this programme, developing greater trust and confidence amongst influential partners. Continuing engagement with Police, supporting an effective and appropriate joint approach to this type of offending.
  • Rape Joint National Action Plan, (JNAP) in place with governance arrangements to support implementation and strengthen collaboration with NPCC.
  • Launch of the National Operating Model (NOM) took place in July, alongside the next iteration of the cross-Government Rape Review. This was well received by stakeholders and implementation plans are in place.
VictimsCPS performance is considered to be sub optimal with continuing scrutiny of rape and domestic abuse prosecutions.
  • Legal guidance on RASSO casework quality has been published, ISVA framework involving greater contact with Independent Sexual Violence Advisers, and pre-trial therapy guidance published.
  • Strategic shift to quarterly reporting affording greater transparency on performance data.
  • The CPS maintains an effective range of competent spokespersons, including the DPP and CCP lead. The organisation will provide briefing support to CCPs, allowing them to confidently represent the CPS position with their respective stakeholders and media.
  • Operation Soteria External Consultation Group (ECG) is well established and meets regularly. We provide more data to stakeholders through our quarterly Data ECG enabling us to address concerns or queries head on. More in-depth stakeholder sessions have taken place on the development of the CPS VAWG Strategy.
VictimsCPS performance and outcomes for Victims – including casework improvement, support for victims, volumes of RASSO cases going to court, and the recruitment of specialist resource, digital capacity and capability and the success of Operation Soteria – does not improve in line with public expectations, leading to negative media coverage, a loss of public and stakeholder confidence, and significant reputational damage.
  • A robust approach to evaluation to ensure our evaluation methodology provides a strong evidence base from enhanced and universal services testing & rollout, and NCVS implementation.
  • The Victims Transformation Programme Board has agreed the model for the Enhanced Service, using learning from the Soteria pathfinder evaluations. Implementation planning is underway. Recruitment of the victim liaison officers are underway across CPS areas who will assist in delivering the enhanced service.
  • A National Centre for Victim Services (NCVS) is being created and will be implemented in 2024. This will provide a set of standards for all victim services and build a centre of excellence. The NCVS has launched VLU letters including implementation within the business through a series of awareness sessions.
Operational PerformanceThere is a risk that there will be a worsening of performance and deterioration in standards of case preparation due to the impact of backlogs, the timeliness of decision-making, and ongoing pressures on operational teams.
  • A weekly return is provided to HMCTS and the judiciary on listing and Custody Time Limits (CTLs) to assist in the coordination of the work to tackle backlogs. Working with Resident Judges, Areas have been asked to triage cases in their backlogs to assess cases being listed for trial.
  • The CPS is fully engaged in the Court Recovery work both externally with partner agencies at national and local levels and internally through the Operational Recovery and Improvement Programme.
  • Continued engagement with our strategic partners at HMCTS to understand their sitting days forecasts and how these will impact on our progress.
  • Establishment of Central Prosecution Team and moving staff between Areas remotely to take on caseload in Areas struggling with a lack of resource.
  • Increase in judicial capacity and sitting days.
  • Increased investment in clerking teams to better manage the resource we have available.
Operational PerformanceWith declining criminal Bar capacity and insufficient sitting days, there will be inadequate coverage of hearings to allow for cases to be held as promptly as possible.
  • Criminal barristers have received an increase of 15% in defence legal aid fees for most Crown Court cases, including those which are currently part of the significant backlog – this will help retain current criminal barristers, and help attract new recruits to this area of law going forwards.
  • Co-ordinated listing at a regional level to help increase capacity.
PeopleRecruitment: The CPS is not able to attract and recruit the required talent from the external market and require further investment to secure a robust internally grown resourcing pipeline.
  • The CPS is committed to creating a strong cadre of LM1 managers to nurture internal talent.
  • Remaining sighted on budgetary pressures and resource profiling activities and impact on wider CPS resourcing.
  • Revised Talent offer to equip people with tools to own their career development and taking opportunities to progress.
  • Structured ‘grow your own’ talent pipelines (Crown Prosecutor legal trainee scheme and Prosecutor Pathways).
  • Recruitment pipelines established to ensure future supply of resource, with a rolling cycle of campaigns for the posts for which there is the highest demand and/or turnover.
PeopleDeployment: The CPS is unable to respond in an agile way to deploy people with the right skills to support CPS strategic casework priorities
  • Resource and demands planning are conducted with Areas and HQ to ensure skilled people are in place at the right time.
  • Retention Strategy in place to improve retention of key skills and experience in core roles to support growth, and ensure effective transfer of skills and experience across the workforce to best support the CPS in delivering its strategic workforce objective.
  • Establishment of a prosecutor surge team.
  • The National Resourcing Model helps us to better represent caseloads, and anticipate additional work based on up-to-date information on Area-specific caseloads. It helps us forecast future demand.
PeopleWell-being: The CPS culture does not promote wellbeing and support people to thrive.
  • The CPS promotes employee health checks and has expanded our wellbeing offer to include increased financial wellbeing offer.
  • People survey priorities agreed for the CPS for 2023-24.
  • Engagement with DTUS remains ongoing at national and area level plus change programme specific engagement at early opportunities. Discussions with DTUS framed on CPS 2025 people outcomes.
  • Whitley structures have been effective in maintaining constructive dialogue with DTUS and supporting conflict resolution.
CorporateThe CPS does not maintain a trusted and effective relationship with the police and other strategic partners to achieve its strategic goals in successfully influencing cross-CJS change.

In 2023-24 we continue work to build the CPS’ organisational capability to work effectively with its partners and mitigate this risk. Activities this year are split into three areas:

Capability

  • Follow up development for senior leaders.
  • Continued practitioner training offer to Level Es and below across HQ and Areas.
  • Further development of stakeholder resource.

Targeted support for a specific sector

  • HMCTS Engagement Framework- to provide national direction and organisational join up so that we can make sure we’re maximising all touchpoints with HMCTS.
  • PCC/LCJB engagement plan- to enhance knowledge of the CPS, CJS and influence of CCPs with PCCs.

Targeted support for a specific issue

  • Prosecution Team Project- to identify models which improve communication between prosecutors and police officers (results to feed into HO roundtables and future spending review submissions).
  • Retrospective of public criticism of the CPS by policing to extract lessons learnt for future joint projects and develop an incident response process.
CorporateMultiple change projects taking place simultaneously may lead to change fatigue within the organisation, as well as competing priorities
  • The risk has been recognised by the organisation and strong commitment gained at Executive level and across the existing Change Teams (Operations, Digital and People), for developing an organisation-wide portfolio management capability to mitigate this risk.
  • Advisory audit undertaken by GIAA on the CPS’ Management of the Portfolio of Change has also been undertaken to highlight immediate areas of focus. The Report endorsed the current approach being taken to change in the various existing change teams e.g. “hub and spoke” arrangements, noting the requirement to join this up more through the development of the portfolio office.
  • The likelihood of change fatigue remains real. However, the Portfolio function will help develop a coherent change narrative across all the existing change teams to assist staff at all levels understand the logic and sequencing of change across the organisation.
  • Existing change teams have a dedicated forum to discuss the totality of change within their remits and what is currently planned with a view to agreeing the sequencing to reduce people impacts.
CorporateA Spending Review, new DPP and General Election are all coming close together, which risks significant changes to CPS’ strategic priorities and direction for which we are unprepared
  • Engagement with Shadow Cabinet across government to help understand potential future changes in strategic direction, including impact analysis of the most radical options.
  • A monthly Transitions Programme Oversight Group with representation from across all CPS functions and projects has been established as a delivery board to monitor progress and proactively manage dependencies, risks and issues across the programme.
CorporateRisk of the CPS having insufficient funding, leading to breach of control totals, loss of reputation, tighter HMT controls, and/ or poorer justice outcomes
  • Executive Team have led a prioritisation exercise to determine which activities must be paused and/or stopped to save money this financial year (2023-24).
  • Additional controls on recruitment introduced as well as prioritisation decisions on digital programmes.
  • We have delivered £36m of savings in-year.
  • Engagement with the Supplementary Estimate process to request additional budget after consultation with Areas/Directorates and between different teams in Finance.
  • Discussions with EG have commenced on the process to agree what can be delivered within CPS’ funding for next financial year (2024-25).
  • Preparations for Spending Review next year are underway with the project plan agreed internally. Briefings with HMT on key elements of our future SR bid have begun (on RASSO and victims).
CorporateRisk of the CPS having restricted access to its estate due to GPA underperformance, and wider impacts on value for money and IFRS 16 (leases)
  • Executive level workshop to discuss areas of concern and focus, with deep dives to improve business-to-business processes.
  • We are in the process of withholding payment for underperformance across our estate.
  • We are tracking on a weekly basis the property transactions to improve IFRS 16 outcomes.
  • Estates team are conducting site-level audits on statutory compliance/health and safety to hold GPA performance to account.

Identifying and managing conflicts of interest

The Civil Service Management Code sets out standards of propriety expected of civil servants in respect of external interests. The CPS has a policy in place for the declaration and management of interests for all staff, which includes declaration of any interests that may give rise to a conflict or perceived conflict of interest and adheres to the requirements of the Code.

In addition to the established processes in place for managing interests, an annual audit exercise takes place which requires all staff to make a declaration of any private, personal, or financial interests or, for those in SCS and equivalent grades and senior employees in a Commercial role, to make a nil declaration. Where a conflict or perceived conflict of interest arises, these will be recorded, considered assessed and managed by appropriate senior managers with the support of Risk and HR practitioners.

Business appointments

In compliance with business appointment rules, the CPS is transparent in the advice given to individual applications for senior staff, including special advisers. There was one SCS leaver in 2023-24 who required a BAR application and/or conditions set.

His Majesty’s Crown Prosecution Service Inspectorate

His Majesty’s Crown Prosecution Service Inspectorate inspects the Crown Prosecution Service and the Serious Fraud Office. It provides independently assessed evidence to help drive improvement and build public confidence in the prosecution process.

HMCPSI priorities for inspection are set out in an annual Business Plan and it reports annually to the Attorney General on the performance of the CPS, in addition to other individual and thematic inspection reports.

During 2023-24, HMCPSI completed nine inspections which are summarised below. The full responses from the CPS to the reports are available online at https://www.cps.gov.uk/publication/inspectorate-responses.

The effectiveness of Crown Prosecution Service policy and guidance for the handling of cases involving the National Referral Mechanism, 25 July 2023

Overall, the Inspectorate found our guidance to be effective and extensive. The report also commended the ongoing commitment by the CPS Strategy and Policy Directorate and Directorate of Legal Services Team, to proactively ensure the development of national policy and on-going revision to reflect changes, as a result of changing case law and legislation. It acknowledges the CPS’ commitment to ensuring Areas are kept up to date with the latest developments in county lines and modern slavery. There is also recognition of our close working relationships with Criminal Justice System colleagues to ensure our policies are aligned and complement each other, with a commitment to improve processes where possible. 

There are four recommendations to address which relate solely to the CPS.

The Handling of Complaints, 23 August 2023

This report provides clear evidence that progress has been made since the last inspection on this issue and we are pleased that this has been recognised. HMCPSI has identified good practices and strengths (particularly in relation to putting things right/acknowledging mistakes, providing information on escalation, and appropriate empathy) and has made some positive findings on timeliness of responses. However, despite these elements and an overall improvement in the overall quality of our handling of complaints, the report has identified there is still much to do.

We welcome the findings and accept the recommendations. We will use these to continue to make improvements to both the quality and timeliness of our handling of complaints. We note that there are some aspects of our guidance, training, and use of data that could be improved to help us achieve this. We will give thorough consideration to the best way of implementing the recommendations.

There are five recommendations for the CPS to address.

Area Inspection Programme 2021-22 Composite Report, 21 September 2023

The report brings together the findings of inspections carried out across all 14 CPS Areas over the past two years to assess the quality of volume casework in magistrates’ court, Crown Court and rape and serious sexual offences (RASSO) teams.

This report acknowledges that good prosecutorial decisions are being made across the CPS in all case types, with the Code for Crown Prosecutors properly applied and the most appropriate charges selected. Further, it recognises the positive response the CPS has made in respect of RASSO casework over recent years.

Whilst this is encouraging, we recognise that performance needs to be consistent across all casework strands and regions, and we have more to do to improve the quality of case analysis and strategy, and disclosure decision-making.

As the report outlines, each Area inspection has been subject to a separate inspection report and work is ongoing to address areas for improvement. More widely, the CPS is currently running a 12-month programme to improve our approach to case strategy, during which we will be implementing ambitious change across five key areas:

  • Culture
  • Engagement with investigators
  • Standards and training
  • Roles and responsibilities
  • Digital tools
CPS Induction Processes, 1 November 2023

The report notes the induction provided to new prosecutors is effective and equips them with the skills and knowledge to be able to carry out their roles. HMCPSI has identified good practices and strengths, particularly commending the buddy system and the supportive environment created by managers and colleagues that enables new starters to develop; and the overall induction training provided.

The report identified five issues to address.

Follow-up inspection: Custody Time Limits, 30 November 2023

The report recognises that we treat CTLs as a priority and continue to monitor and check these cases, even as the volume has increased to over 10,000 custody cases. It also acknowledges the ongoing challenges in managing CTLs due to the impacts of the pandemic and Bar action.

Despite the challenges, HMCPSI note there is still improvement to be made in fully embedding our monitoring system. It recommends that by 31 December 2023, we must embed the consistent use and updating of the CTL case progression log, (including recording the weekly assurance review on the case management system (CMS)) in all cases. By 31 March 2024 we must also have developed a system of assurance to evidence improvement and monitor compliance with CTL policies.

Meeting the needs of victims in the criminal justice system: An inspection of how well the police, the Crown Prosecution Service and the Probation Service support victims of crime, 19 December 2023

The report acknowledges that the police, the CPS and the Probation Service recognise the importance of meeting the needs of victims. The report also found examples of good communication both between the three bodies and with victims, as well as examples of good victim care. However, the report is clear that many victims do not receive a good quality service from the three agencies inspected.

The CPS agrees with the report’s assertion that improving victims’ experience of the criminal justice system is vital. The CPS’ Victim Transformation Programme, which is referenced in the report, aims to transform the service the CPS provides to every victim of crime. This will include the establishment of clear service standards for CPS victim communication and processes to ensure these measures are met consistently. Our ambition is for victims to feel informed, supported and empowered by the CPS.

We also want victims to experience a more joined-up service from the criminal justice system as a whole. The joint inspection report is clear that cross-justice system collaboration needs to improve, especially in terms of information sharing and communication. The CPS will continue to work closely with the Police and our other criminal justice partners to provide victims with a better quality of service, especially as we develop and implement the Victim Transformation Programme. It is important that we do not inadvertently create a more complex system for victims to navigate.

Interim findings report: Joint Case Building by the Police and Crown Prosecution Service, 25 January 2024

The relationship between the CPS and the Police is critical to the efficient and effective pursuit of justice and the functioning of the criminal justice system. The CPS very much welcomes the Criminal Justice Joint Inspection’s work examining this and the helpful pointers the early findings contained in the interim report highlight. In due course, we look forward seeing and considering the findings of phase 2 of the inspection and the recommendations that may arise out of that.

The CPS values highly its working relationship with policing. The interim report alludes to issues which are known and are already under joint consideration by both agencies, often through joint governance meetings, but we recognise that more work needs to be done to build on and improve culture, communication, and partnership.

Work has commenced through the Joint (Police and the CPS) Operational Improvement Board (JOIB) to explore the development of shared performance metrics, recognising that Policing and the CPS have separate statutory responsibilities, so (where possible) both can pursue shared success measures.

There are no recommendations/issues to address from the interim report. Publication of the full report is anticipated for June/July 2024.

Criminal Justice Joint Inspection (CJJI) – Efficiency spotlight report: The impact of recruitment and retention on the criminal justice system, 15 February 2024

The report identified two areas of focus for all agencies. The CPS provides its responses below and will continue to work with CJS partners to drive improvements.

1. All agencies should invest more in understanding why staff leave. The reasons will be different and varied across different roles and locations within each agency as well as across the CJS. Agencies should use this information to inform future changes to improve recruitment and retention and ensure that the right support and incentives are in place to retain staff.

CPS Response: Work had already begun on this area prior to the inspection, and we are pleased to confirm that our updated employee leaver questionnaire is in place with a new process on exit interviews to follow shortly as part of our new, dedicated retention strategy.

2. All agencies should regularly review caseloads, capacity, capability, and productivity. This will help to ensure there is adequate supervision and support for staff across the CJS. 

Inspection of Crown Prosecution Service actions in the Valdo Calocane case, 25 March 2024

The report found that overall, we had met our obligations to the bereaved families under the Victims’ Code of Practice and the Bereaved Family Scheme. There was one recommendation for the CPS to undertake a review of guidance relating to victims’ engagement.

Commercial arrangements

The CPS Commercial Policy sets out the governance procedures and protocols for all commercial activity, ensuring we can demonstrate compliance with Public Contract Regulations (2015), Cabinet Office, Central Data and Digital office spend controls and delegated authority limits.

Our Policy and Governance team have supported implementation of the Policy across the CPS including the roll out of a comprehensive training program which commenced during FY 2021‑22, and which has continued throughout FY’s 2022-23 and 2023-24.

Commercial Policy is under-pinned by a robust approval framework with commercial board gateway meetings (weekly) which assure all commercial activity (through the Define, Procure and Manage phases of the Commercial lifecycle). The introduction of strategic sourcing specialisms has enabled early engagement with the business to identify and understand their current (and where appropriate) future needs, generating a better understanding of requirements and supporting the construction of a Commercial Pipeline, which is published (for market awareness) through our portal and refreshed on a quarterly basis.

The Commercial Function is integral to corporate governance and risk management, supporting the drafting and submission of Business Cases through Investment and Spend Approval processes, ensuring Commercial Risks are identified and evaluated at the planning activity phase to enable the right mitigation to be implemented and monitored throughout the commercial lifecycle.

The commercial function is represented on internal governance boards to provide commercial insight and oversight, ensuring that compliance is assessed and evaluated and to ensure competitive tension is achieved (making the opportunity sufficiently attractive to the market to secure the most advantageous value for money outcomes).

We are undertaking rigorous and comprehensive delivery market capability assessments (make versus buy evaluations), performing more frequent (and more effective) pre-market engagement to assess what can be performed and/or delivered (together with more accurate should cost modelling to understand the likely economic and financial implications). We continue to perform proactive contract management on our gold and silver tier arrangements in line with the Government Commercial Function Standards.

We have also provided our team invaluable insight by harnessing our prosecution colleagues’ experiences to bring some of the complex crimes to life. This had a real impact on our commercial team as it highlighted how important the work, they are doing with our supply chain is to ensure vulnerable workers are protected and exploitation is eradicated.

The new National Procurement Regulations are being implemented (legislation) in Q3 FY 2024-25, (Reform Go Live date proposal is 28/10/2024) with the 6-month implementation period expected to commence in the last week in April. The team are currently undertaking a comprehensive training program and updating our processes, procedures, protocols and systems to ensure that we are able to operate compliantly with the requirements of the new regime.

Review of effectiveness

The Accounting Officer has responsibility for reviewing the effectiveness of the system of internal control in the CPS.

His review is informed by the work of Internal Audit and members of EG, which has responsibility for the development and maintenance of the internal control framework, and comments and recommendations made by the external auditors in their annual management letter and other reports.

The Lead Director, Corporate Services has acted as the Additional Accounting Officer of the CPS during this period.

Assurance audits

The CPS uses the Government Internal Audit Agency (GIAA) to provide objective insight aimed at helping achieve better outcomes and value for money for the public. In 2023-24 GIAA assessed the overall level of assurance in the CPS as a whole to be ‘moderate’. This reflects that some improvements were identified to further enhance the adequacy and effectiveness of the framework of governance, risk management and control.

Internal Audit use a four-point scale in assessing the level of assurance:

Substantial The framework of governance, risk management and control is adequate and effective.
Moderate Some improvements are required to enhance the adequacy and effectiveness of the framework of governance, risk management and control.
Limited There are significant weaknesses in the framework of governance, risk management and control such that it could be or could become inadequate and ineffective.
Unsatisfactory There are fundamental weaknesses in the framework of governance, risk management and control such that it is inadequate and ineffective or is likely to fail.

The following table represents the high-level outcomes achieved for each of the areas audited during 2023-24:

Area of inspection

Outcome from review of effectiveness

Date report finalised

Digital Supplier Disaggregation

LIMITED

May 2023

Freedom of Information

MODERATE

August 2023

Records Management

MODERATE

January 2024

Prosecution Costs

MODERATE

April 2024

Risk Management

MODERATE

April 2024

Interim Staff Expenditure

LIMITED

April 2024

Witness Expenses

SUBSTANTIAL

April 2024

Governance

MODERATE

April 2024

Based on the above, it is concluded that there were some limited weaknesses in the CPS’ governance and control framework that affected achievement of its strategic objectives in 2023‑24, but that these can be rectified through actioning GIAA’s recommendations.

Advisory audits

As well as the above assurance audits, the GIAA also conducted one advisory audit during 2023‑24. Advisory audits involve GIAA working together with subject matter experts from across the CPS in an advisory role and are not subject to an opinion. The advisory audit carried out in 2023‑24 was in respect of Productivity & Efficiency, with the report being issued in April 2024.

Loading...