Audit and Risk Committee Minutes - October 2020
- Simon Jeffreys: Non-Executive Board Member (Chair)
- Mark Hammond: Non-Executive Board Member
- Jenny Rowe: Non-Executive Independent Member
- Marta Phillips: Non-Executive Independent Member
- Rebecca Lawrence: Chief Executive Officer
- Max Hill QC: Director of Public Prosecutions
- Chris Sharp: Finance Director
- Chris Davis: Government Internal Audit Agency
- Matt Ellis: Government Internal Audit Agency
- Kevin McGinty: HMCPSI
- Steven Corbishley: National Audit Office
- Mohit Parmar: National Audit Office
- Stephen Dean: Grant Thornton
- Mark Gray: Operations, Digital and Commercial Director
- Roger Sutton: Head of Cyber Security
- Jackie Ronchetti: Head of Security and Information Assurance Division
- Mel Trust: Head of Employee Relations, Policy & Performance Management
- Karen Welch: Head of Complex Casework
- Sophie Szuman: Assistant Private Secretary
- Rebecca Burrow: Corporate Governance Manager
Item 1: Declaration of Conflicts of interest
1. None raised.
Item 2: Minutes of the Last meeting and Matters arising
2. The minutes of the last meeting were agreed and progress was noted against outstanding actions.
Item 3: CPS Risk Management Update
3. Chris Sharp, Finance Director, updated the Committee on current indications from HMT, and highlighted there may be negotiation needed on the spending review bid in relation to the international, Bar fees and innovation bids.
4. The Committee discussed;
- how cross CJS investment would impact the funding requested
- whether the risk assessment bids were aligned across the system
- whether we were using digital redaction tools as much as possible, and as the residual risk is still well outside tolerance, it would continue to be an area of focus
- the enterprise risk manual, and wanted clarification as to its audience
5. CS reassured the Committee that HMT are aware of what cross CJS investment assumptions the CPS made, when writing our own SR bid.
6. On security and information management and redaction, Rebecca Lawrence, Chief Executive Officer, commented that considerable work has been done since the Information Commissioner’s report but agreed that it is a challenging risk.
7. Max Hill, Director of Public Prosecutions, added that the National Disclosure Improvement Plan (NDIP) Board had been expanded to cover case progression and RASSO. This ensured there was a monthly detailed conversation on data management and transfer, digital case file, Director’s Guidance 6 and charging.
8. MH described how the redaction tools are not easily adopted nationwide across the police, due to the large number of different forces and police chiefs who all have different approaches and existing digital platforms to work with. MH described the current course of action was to endorse commercially available tools which are compatible with the CPS platform.
9. Kevin McGinty, Chief Inspector at Her Majesty’s CPS Inspectorate, discussed his report on redaction, which is to be published on 12 Nov. KM noted that it is a complex problem, and although there is a lot of positive evidence of improvement, there is also some evidence of area level messages not getting through to staff. KM offered to present the paper at the next meeting if it would be of benefit.
10. CS discussed the health and safety of prosecutors in court, as it was outside of tolerance. CS noted how HMCTS implement some safety measures for their own staff, but this isn’t always extended to the defence or prosecutors.
11. CS clarified that the enterprise risk manual was available for all staff, but was aimed at risk reporters.
Item 4: COVID-19 Response
12. Mark Gray, Operations, Digital and Commercial Director updated the Committee on the impact of COVID-19 in the Magistrates and Crown Courts. MG detailed the split picture, with more concern on the Crown Court. Some of the reasons being the backlog of cases, CTL applications and overly ambitious listing. MG was concerned the extended period of high pressure was difficult in terms of personnel retention and increased the possibility of reputational damage.
13. The Committee raised;
- Reputational risk in having repeated applications for CTL extensions
- The impact of preparing work which doesn’t proceed
- How to handle external commentary and how to advise that the consequences of wider CJS issues, and not the sole responsibility of the CPS.
14. MG described the good working partnership at every level and described how the CPS will not critique others externally but were as factual and accurate as possible.
15. The Committee discussed;
- How staff have done a great job, but there was a need to gear up for a possible second lockdown or similar scenario, whilst balancing the need for ensuring staff are given a proper break
- Getting staff into the office to help break up the long period of time of a large proportion of the work force being at home
- The relationship with the trade unions
- What is one thing the organisation should be doing which we are not doing
- The narrative of defendants using jury trials to try and escape justice
16. MG described the launch of the wellbeing one stop shop, the work of the estates team to steadily open more covid-secure offices, and the leadership team messaging which invites staff to attend should they wish, but clear that there is no instruction to attend. On trade unions, MG commented that there is a good collaborative relationship.
17. MG thought there were no gaps in action taken and described the good rhythm at gold/ silver command meetings for raising issues. MG noted the biggest challenge as listing and the relationship with the judiciary.
Item 5: Cyber Security
18. MG provided the Committee with the regular update and noted that the most significant activity since April was an issue with a subcontractor, and other penetrative tests which were carried out. MG noted that some areas were highlighted for improvement, but nothing out of the ordinary.
19. The Committee raised;
- The number of user laptops without necessary updates
- Regular surveillance on platforms
20. MG updated that the number of laptops had been reduced from 900 to 300. It can be caused by devices not being logged onto, some staff not rebooting laptops, and other more technical issues. MG reassured the Committee that new starters and those with technical issues which prevented the download of the patches will be replaced as of next week with new laptops.
21. MG described the exercise taken to test the system vulnerabilities, and that there is still some residual risk.
Item 6: Gifts and Hospitality Register
22. CS commented that there has been a steep decline in gifts and hospitality received due to COVID-19.
23. RL asked for one amendment to be made on behalf of MH, the book ‘Banks on Sentencing’ which had been incorrectly listed as a gift. [ACTION O1]
Item 7: Anti Bribery and Corruption Annual Report
24. CS had no instances of bribery or corruption in the reporting period. CS was confident that this was not because incidents are not being reported, but because the opportunity for fraud has been reduced, by increased automation and other additional controls.
25. The Committee commented;
- on the statistics and suggested it would have been useful to have a table with the data in, even though it is a nil return, to ensure complete transparency.
- that when employees access other avenues to report issues, such as employment tribunals, they should be educated and encouraged to use the whistleblowing process.
Item 8: Freedom of Information and Rights of Access Requests
26. Jackie Ronchetti, Head of Security and Information Assurance Division explained that the CPS was likely to receive an increase in ROAR and FOI requests on last year, but these are still not a substantial number of requests. JR detailed that since paper was written, she had discussed all FOIs and ROARs with her team, and they all have bespoke action plans.
27. The Committee asked;
- If there are any themes in the requests received
- What the thinking was behind the level of review given to ROARs and the calibration in terms of risk.
28. JR noted that ROARs are regularly received from convicted defendants, victims and witnesses, and that throughout the year there are peaks and troughs on receipts. JR advised that we only have one staff ROAR at present. On FOIs, there is a range of areas, such as covid-19, murder cases and LGBT hate crime policy. JR shared that there is no overall theme but they are reviewed weekly in collaboration with the Director of Communications.
29. JR advised that due to stretched resources, there needed to be a change in level of review. Due to the type of offences heard in the Magistrates’ Court, it was felt that one review would be appropriate. JR advised that once the change had been implemented, it was carefully monitored for a possible increase in complaints and ICO reports.
30. The Committee thanked JR and her team for their hard work to date and a concise paper.
Item 9: Internal Audit Progress Report and Finalised Reports
31. Matt Ellis, Government Internal Audit Agency updated the Committee on the progress report. ME confirmed that he would still expect the programme to be delivered in full but was mindful of the pressures GIAA reporting puts on CPS staff. ME highlighted the new format used in the most recent report, and the additional staffing GIAA has in place until the end of this reporting period.
32. ME expected to have up to eight reports for discussion in January. ME noted the agreement to cancel the financial readiness report, and the reallocation of this time into the Corporate Governance review. ME noted that two further reports may be cancelled, but that the decision will be taken ahead of the next Committee meeting.
33. The Committee discussed;
- If the same amount of work is going to get done and commented there would be concern if GIAA plan not to carry out as much, or if there is a reduction in GIAA resource.
- The need for the work to be risk based and risk focused
34. ME confirmed that GIAA will maintain the same number of days work but will replace two titles of work with something different, but the new titles had not been agreed. ME was clear that the cancellation of days would be a last resort.
35. RL agreed that the corporate governance review would benefit from having extra days allocated. RL added that although this is not a risk, she asked for it to be prioritised as it is a cross cutting issue in which the benefit would be felt across other issues.
36. ME described the more agile and consultancy/ advisory style audits which GIAA are able to conduct, and how multiple organisation audit are a challenge, but would be of great use to the CPS.
37. Chris Davis, Government Internal Audit Agency gave an overview of the staff engagement audit report with a substantial rating. CD noted that the key initiatives are properly defined, but that there was work to be done on area plans for 20/21, and a significant recommendation has been made accordingly in this area.
Item 10: Internal Audit Recommendations Tracker
38. CS confirmed that he is taking a firm approach in ensuring that COVID-19 is only used as a reason when appropriate, and not as an excuse.
39. The Committee commented;
- That they agreed that due caution is being taken in ensuring that actions are only closed when appropriate
- That progress is being made with the tracker, and they appreciate the efforts to date. They Committee agreed that staff are taking the actions seriously and are being addressed in a sensible and robust way. The Committee felt that care needed to be taken to ensure the actions and timelines are realistic.
- On victims and witnesses care needed to be taken to ensure we met the deadline
- On international divisions KiTs, and raised concern that they are described as not taking place, and that in light of covid-19 it is even more important that they happened
- On international and EU Exit, that the tracker described the end date as being March 2021, however we are due to exit on 1st Jan 2021
40. KM discussed his report on Victim communication. KM was plain that it is a poor report and added that although work has been done to try and improve the quality, it had limited impact. KM suggested there is a need to reassess how the letters are dealt with from the very start of the process.
41. On points D and E above, RL suggested this could be down to poor articulation in the document, and she was confident in the CPS readiness from her role chairing the Brexit Steering Group.
Item 11: Whistle Blowing Annual Report
42. Mel Trust, Head of Employee Relations, Policy & Performance Management stated that there have been no whistleblowing cases in this reporting period. MT advised that in Q2 the team undertook health check of the policy using the wider civil service assessment tool. MT noted that we are still falling below wider civil service use of the policy.
43. Mark Hammond, Non-Executive Director and Whistleblowing Champion agreed that he and the policy are underused. MH commented that the Civil Service benchmark is a measure, but not always a sufficient ambition. MH added that staff recognise the civil service code and when this was breached, but do not know how a problem should be reported.
44. RL agreed that high aspiration and ambition was needed, and that a lack of take up cannot be interpreted as a lack of issues.
45. The Committee suggested;
- The need to focus on themes that come out of investigations and grievances, and for this to be fed back into the organisation, so that staff are aware that issues raised have action taken against them.
- That being a formal whistle-blower can be daunting, and discussed the use of a speak up programme, where issues are logged, triaged and dealt with as appropriate.
Item 12: Disciplinary, Grievance and Employment Tribunal Data Annual Report
46. Karen Welch, Head of Complex Casework described a key area for improvement was the time taken to appoint an investigator and described the work in train to try and find an early resolution to straight forward cases, as requested by the DPP.
47. KW noted the changes made to CPS policy in light of the independent review, with a particular focus on a more supportive tone and the health and wellbeing of employees.
48. The Committee queried how whistleblowing fits into this policy and report.
49. KW advised that policy and report are largely independent, and that the team are not sighted on whistleblowing activity.
Item 13: National Audit Office Update
50. Steven Corbishley, National Audit Office, reflected on 19/20 audit completion report and noted the CPS was one of the few organisations which reached the summer recess deadline for laying of accounts.
51. For the 20/21 financial year, SC notified the Committee that he will be leaving, to be replaced by Liz Fox. SC commented that as the CPS was on time with 19/20 accounts, he would expect this to be continued into 20/21.
52. On the value for money work, SC confirmed that there would be a programme investigating the impact of COVID-19 on the CJS and its recovery.
53. The Committee thanked Steven Corbishley for his insight and hard work.
Item 14: Any Other Business
54. None raised.
Item 15: Close Discussion
55. GIAA and NAO discussed what was needed to be appropriately prepared for a fully remote interim audit.