Audit and Risk Committee Minutes - April 2020
- Simon Jeffreys: Non-Executive Board Member (Chair)
- Mark Hammond: Non-Executive Board Member
- Jennifer Rowe: Non-Executive Independent Member
- Marta Phillips: Non-Executive Independent Member
- Rebecca Lawrence: Chief Executive
- Chris Sharp: Finance Director
- Stephen Dean: Grant Thornton
- Chris Davis: Government Internal Audit Agency
- Matt Ellis: Government Internal Audit Agency
- Kevin McGinty: HMCPSI
- Steven Corbishley: National Audit Office
- Mohit Parmar: National Audit Office
- Roger Sutton: CPS Cyber Security
- Jade Whittle-Barnes: Governance, Reporting and Briefing Manager
- Sophie Szuman: Assistant Private Secretary
Item 1: Declaration of Conflicts of Interests
1. None raised.
Item 2: Minutes of the Last Meeting and Matters Arising
2. The minutes of the last meeting were agreed and progress was noted against outstanding actions.
Item 3: Gifts and Hospitality Update
3. Chris Sharp took the Committee through the paper, and highlighted that all of the returns, bar one were received on time. The Committee approved of the new format.
Item 4: Fraud, Bribery and Corruption Update
4. Chris Sharp explained that this was the first time that these three items have been presented together and confirmed this would be the format going forward.
5. Chris Sharp updated the Committee on changes not detailed in the paper, this included that the declaration of conflicts of interest returns would now go to anyone in a senior position and contract teams as well as a personal declaration email for all staff to complete. The Committee agreed this was a sensible way to proceed, and suggested it was made clear this was to improve coverage and not because there was an issue within the organisation.
6. There had been no reported instances of bribery or corruption in the last financial year.
Item 5: Government Internal Audit Agency (GIAA) 2019-2020 Annual Report and Opinion
7. The Committee welcomed Matt Ellis, Head of Internal Audit for the CPS at the GIAA to his first meeting.
8. The Committee noted the improvement in the control environment and the risk and control framework.
9. The Committee agreed that the ‘moderate’ opinion was a fair judgement of the findings and would like to see overall rating move to ‘substantial’ next year.
Item 6: GIAA 2020-2021 Audit Plan
10. Chris Davis, Internal Audit Manager, confirmed that he had discussed the draft audit plan with the senior leadership team and was confident that it could be delivered despite the additional barriers posed by Covid-19. The senior leadership team and GIAA were aware of the possible rescheduling required and noted that the plan would need to be flexible.
11. The Committee felt that the stakeholder relationship audit needed careful consideration and would be difficult to start in the immediate weeks. Chris Davis agreed and thought that GIAA preparatory work would be able to start at this time.
12. On data governance, the Committee felt that the Information Commissioners Office would have a keen interest in the report, and agreed that it was important for it to be published as soon as possible. GIAA would check the feasibility of completing the audit remotely. [ACTION A1]
13. The Committee stressed that they were keen to see a robust audit plan, with consideration being given to the practicality in light of the current circumstances.
14. The Committee discussed as to how the plan could be better aligned to departmental risks. Rebecca Lawrence agreed to discuss with Chris Sharp if any additions needed to be made to achieve better coverage. [ACTION A2]
Item 7: Internal Audit Recommendations Tracker
15. The Committee noted the updates on this tracker.
Item 8: CPS Risk Management and COVID 19 Response
16. Rebecca Lawrence provided a verbal update on the CPS actions and work so far in light of Covid-19 outbreak, she highlighted:
- The use of Gold, silver and bronze command structures;
- New guidance for Custody Time Limits and the Public Interest test had been issued to prosecutors;
- Changes to the structure of fees paid to external counsel;
- The Strategy and Policy Directorate had completed horizon scanning activity specifically focussed on the ramifications of the outbreak, this would be presented to the CPS Board at the end of the month;
- Cross-government engagement; and
- The longer term economic effects of Covid-19 on public sector spending.
17. The Committee discussed the risks arising from the increase in remote working. The security and digital teams were focussed on increasing cyber security resilience.
18. The Committee asked that consideration was given to staff wellbeing during this period and how best to ensure that staff could safely return to the office once the lockdown was lifted.
19. Chris Sharp, Director of Finance, presented the papers, which outlined they key organisational risks. The Committee were grateful for the new format and thanked Chris for his hard work to deliver it.
20. The Committee considered the findings of the GIAA audit of risk management. In particular the Committee discussed the whether health and safety was a true risk with regards to personal injury claims. The Committee asked that the actions be made more specific, rather than broad concepts of activity to pursue, to allow for the exercise of management controls.
21. The Committee recommended that Covid-19 was highlighted as an issue at the front end of the register, not as a risk, as it had already crystallised. They were also keen that the organisation maintained a careful balance of the strategic and operational actions. [ACTION A3]
22. The Committee asked that consideration was given to the lessons learned and how the organisation could capitalise on any changes made in light of the outbreak. [ACTION A4]
Item 9: HMCPSI Update
23. Kevin McGinty, HM Chief Inspector of the CPS, presented an overview of the key findings from his recent inspections, this included:
- Status of inspections during the Covid-19 outbreak;
- Communications with defence;
- Timeliness of reviews;
- Youth Crime and specialist units; and
- Outcomes from local strategic relationships.
24. The Committee agreed that the Chair would raise the youth crime and strategic relationships at the next Board meeting for further consideration. [ACTION A5]
Item 10: Cyber Security
25. Roger Sutton presented the paper which provided a summary of the key decisions taken to facilitate the smooth running of the organisation during the Covid-19 period and their effects on cyber security risk management. The Committee noted the updates.
26. The Committee asked that a review was conducted to establish lessons learned, specifically, what had been successful and any areas for improvement to advance our response for future scenarios. [ACTION A6]
27. The Committee were reassured that teams had access to the necessary software and equipment.
Item 11: Draft CPS 2019-20 Annual Report and Accounts
28. Chris Sharp presented an early draft of the annual report and accounts to the Committee. He asked the Committee to consider whether the annual report would benefit from further detail with regards to HMCPSI reports. It was agreed that it was not necessary as all of the reports were available online.
29. The Committee agreed to write to the Secretariat with any suggested changes to the report.
Item 12: NAO Audit Planning Report
30. Stephen Corbishley, National Audit Office, presented the audit planning report. The report detailed the proposed approach for auditing the 2019-20 financial statements. The Committee noted the contents of the paper, and are aware the NAO was working remotely and the impact that would have on the completion of the audit. The NAO confirmed they were working to the previously agreed timelines.
31. The NAO would watch and wait to see what the impact of Covid-19 on the balance of accounts was, and highlighted property valuation as a possible change.
Item 13: Any Other Business
32. None raised.
Item 14: Closed Discussion
33. Discussion was not held.