BSO 92/2016
From: / Director of Finance
Subject: / DRAFT 2016/17 MID YEAR ASSURANCE STATEMENT
Status: / For Review/Comment
Date of Meeting: / 27 October 2016
Following review of the attached 2016/17 Mid-Year Assurance Statement by the Governance and Audit Committee at their meeting on 18 October 2016, the BSO Board is now asked to undertake a final review prior to sign off by the Chief Executive. In reviewing the Statement, BSO Board is asked to note that no new significant internal control divergences have been reported during the first six months of this financial year.
The BSO Board may also wish to note that the following changes have been made by DoH to the Mid-Year Assurance template in respect of the 2016/17 year:
(a) A new section on Financial Governance (Section 5) has been added to make the statement a more holistic accountability document. This section does not place any new requirements on BSO but reflects existing systems/processes and also provides the DoH with additional assurance in this area.
(b) A minor change has also been made to the document (Section 10) to reflect a change in reporting arrangements for the Board Governance Self-Assessment Tool from 2016/17 ie. Organisations are no longer required to send their completed assessments to the DoH.
A completed Mid-Year Assurance Statement was required by the DoH on Friday, 14 October 2016 however, as in previous years, this was forwarded in draft format and a signed version will be forwarded following review by the BSO Board.
DoH ARM’S LENGTH BODY: MID-YEAR ASSURANCE STATEMENT
This statement concerns the condition of the system of internal governance in Business Services Organisation as at 30 September 2016.
The scope of my responsibilities as Accounting Officer for the Business Services Organisation, the overall assurance and accountability arrangements surrounding my Accounting Officer role, the organisation’s business planning and risk management, and governance framework, remain as set out in the Governance Statement which I signed on 10 June 2016. The purpose of this mid-year assurance statement is to attest to the continuing effectiveness of the system of internal governance. In accordance with Departmental guidance, I do this under the following headings.
1. Governance Framework
The Governance Framework as described in the most recent Governance Statement continues in operation. The Governance and Audit Committee, the Business Committee and the BSO Board have continued to meet to discharge their assigned business. Minutes of their meetings, together with board meeting minutes containing the Committees’ reports, are available for Departmental inspection to further attest to this.
2. Assurance Framework
An Assurance Framework, which operates to maintain, and help provide reasonable assurance of the effectiveness of controls, has been approved and is reviewed by the BSO Board. Minutes of board meetings are available to further attest to this.
3. Risk Register
I confirm that the Corporate Risk Register has been regularly reviewed by the board of the organisation and that risk management systems/processes are in place throughout the organisation. As part of the board-led system of risk management, the Register is presented to the BSO Board for discussion and approval and all significant risks are reported to the Board – most recently on 29 September 2016.
In addition, I confirm that Information Risk continues to be managed and controlled as part of this process.
4. Performance against Business Plan Objectives/Targets
I confirm satisfactory progress towards the achievement of the objectives and targets set out in the organisation’s business plan as approved by the Department with the exception of those listed on the table below.
Objectives/Targets outside of Target Date (as at 30 September 2016)
Key Priorities/Target / Key Actions / CommentImplement FPL Application Upgrade / Implementation by November 2016. / Due to extended negotiations with suppliers this is to be implemented in June 2017 for phase one and September 2017 for phase two.
Exploit new technology available through FPL systems to improve process efficiencies both within PaLS and elsewhere in the ‘purchase- to -pay process’.
[HSC Strategic Procurement Action Plan issued by DHSSPS – Actions 25, 26 and 27]. / PaLS to engage with Shared Services Accounts Payable (SSAP) and Trusts to ensure ‘purchase-to-pay’ processes operate effectively through the eProc support service;
Identify any opportunities for service efficiencies or cost reductions in service provision and implement
(By September 2016). / Improvement contingent with e-marketplace which is dependent on the upgrade of FPL.
Review the current Human Resources Strategy (2015-18) with a view to ensuring issues relating to talent acquisition and management are refreshed and updated. / Directorates to assess the profession-specific skill requirements for the duration of the strategic planning period in accordance with guidance to be issued by DHRCS by June 2016; / Delayed until December 2016 due to delays in obtaining final staff attitude survey results
By 30 June 2016, 90% of staff to have had an annual appraisal of their performance in 2015/16 and an agreed personal development plan for 2016/17. / Monitor through BSO Corporate Scorecard.
(by June 2016) / 65.5% SMT reminded July 2016. This is now a Director Target in Annual Plan.
5. Finance
I confirm that proper financial controls are in place to enable me to ensure value for money, propriety and regularity of expenditure under my control, manage my organisation’s budget, protect any financial assets under my care and achieve maximum utilisation of my budget to support the achievement of financial targets.
I confirmcompliance with the principles set out in MPMNI and the Financial Memoranda which includes:
· safeguarding funds and ensuring that they are applied only to the purposes for which they were voted;
· seeking Departmental approval for any expenditure outside the delegated limits in accordance with Departmental guidance;
· preparation of business cases for all expenditure proposals in line with Northern Ireland Guide Expenditure Appraisal and Evaluation (NIGEAE) and Departmental guidance and ensuring that the organisation’s procurement, projects and processes are systematically evaluated and assessed;
· accounting accurately for the organisation’s financial position and transactions;
· securing goods and services through competitive means unless there are convincing reasons to the contrary; and
· procurement activity should be carried out by means of a Service Level Agreement with a recognised and approved Centre of Procurement Expertise (CoPE)
6. Controls Assurance
I confirm actions are being taken to implement Action Plans arising from the year-end self-assessments of compliance with Controls Assurance Standards. As at 30 September 2016, 75% of actions have been fully implemented and 25% partially implemented. The remaining actions will be implemented in 2016/17.
7. External Audit Report
In their 2015/16 Report to those Charged with Governance, the external auditor provided a range of assurances surrounding a number of services performed by BSO on behalf of other HSC organisations. The external auditor provided positive assurances on 13 of the 15 service areas/ systems covered, but was unable to provide any assurance over the recruitment and selection process and was unable to confirm that adequate controls existed within the area of payroll, travel and subsistence. Further details of the issues arising in these two areas are provided in Section 8.
I confirm actions are being taken to implement the accepted recommendations made by external audit. The BSO has in place a process to ensure that all outstanding recommendations are implemented within an acceptable timescale.
8. Internal Audit
In 2016/17, the Internal Auditor has carried out twelve audits as shown in the table below.
Audit / Assurance LevelComplaints / Satisfactory
FPS Ophthalmic / Satisfactory
FPS IT / Satisfactory
FPL IT / Satisfactory
PaLs Procurement / Satisfactory
Business Services Team / Satisfactory
Honest Broker Service / Satisfactory
Asset Management / Satisfactory
Pension Processing / Limited
Counter Fraud Services and
Fraud Processes within BSO / Limited
Satisfactory
Payroll Shared Services Follow Up / Limited
Recruitment Shared Services Follow Up / Limited
In her Mid-Year Assurance Statement as at 30 September 2016, the Head of Internal Audit reported significant weaknesses in control following four audits: Pension Processing, Counter Fraud Services, Payroll Shared Services Follow Up and Recruitment Shared Services Follow Up. As a result, only a limited assurance was provided by internal audit in these areas. The priority one recommendations contained in these four limited internal audit reports are summarised below.
8.1 Pension Processing
The Pensions Processing Audit took place during August 2016. The scope of the audit was to test the controls in place within BSO Payroll Shared Services as well as HSC Pensions Service as BSO Payroll Shared Services provide the payroll figures on which the pension calculations are based. The report provided a limited assurance and stated that whilst there is generally appropriate control processes in place within HSC Pensions Service to process payments, there was a high volume of errors identified in the information provided to HSC Pensions Service by Payroll Shared Services, on which the pension payments are based. There were six priority one recommendations covering the areas of calculations of reckonable pay and total superannuable remuneration, general administration of the scheme including procedure manuals, as well as performance of the service in respect of KPIs.
8.2 Counter Fraud Services and Fraud Processes within BSO
The Counter Fraud Services internal audit took place during August 2016 and limited assurance was provided in respect of the counter fraud services part of the audit only. The report contained two priority one recommendations in respect of the quality assurance process for managing fraud investigations and the development of key performance indicators for the service.
8.3 Recruitment Shared Services – Follow Up
In January 2016, internal audit issued an unacceptable level of assurance in Recruitment Shared Services as significant weaknesses had been observed with the functionality of the ERecruitment system and also performance management. Subsequently, a Follow Up audit was conducted by internal audit during July and August 2016 to review progress towards the implementation of previously accepted priority one and two internal audit recommendations and a limited assurance was issued. The Follow Up report stated that while some progress in the development of the E Recruitment system functionality and performance management was noted further improvement and embedding of processes was required. In particular, the Follow Up report highlighted that, of the twelve priority one recommendations made in January 2016, seven were fully implemented and five partially implemented. The partially implemented priority one recommendations cover the areas of general customer management, query management and formal complaints processes. There are also system functionality issues to be resolved and further improvements in information governance practices.
8.4 Payroll Shared Services – Follow Up
In February 2016, internal audit reported a limited assurance in respect of Payroll Shared Services. Subsequently, in August 2016, a Follow Up audit was conducted by internal audit to review progress against previously issued priority one and two recommendations and a limited assurance was issued. The Follow up report advised that whilst there was evidence of progress against previous recommendations, further action and embedding of processes was required. In particular, the Follow Up report highlighted that, of the twenty priority one recommendations made in February 2016, ten were fully implemented, nine partially implemented and one not implemented. The partially implemented priority one recommendations cover areas in respect of ensuring appropriate authorisation of payments, dealing with overpayments, the review process for maternity calculation and pension calculations. The not implemented recommendation, proposes that BSO should seek a system solution to the substitution rule which requires a senior member of staff to nominate a deputy in their absence however, there are no system controls to prevent that Officer from authorising payments to themselves. However, BSO staff have been instructed that they must not substitute to a staff member who is lower in the Organisational Management structure. BSO has reconsidered this previously accepted recommendation and agreed that its implementation is of low priority within the context of the limited budget for change requests. BSO has therefore decided not to implement this recommendation in the short to medium term.
I confirm actions are being taken to implement the accepted recommendations made by internal audit. The BSO has in place a process to assist with full implementation of all recommendations within an acceptable timescale. Furthermore, the Head of Internal audit, in her Mid Year Follow Up report as at 30 September 2016, stated that 380 (86%) of the total 444 recommendations examined were fully implemented, a further 64 (14%) were partially implemented and none were not yet implemented. In addition, of the total recommendations reviewed, 238 related to Shared Services and that 193 (81%) had been fully implemented, a further 45 (19%) partially implemented and none were not yet implemented at the time of review.
9. NAO Audit Committee Checklist
I confirm completion of the NAO Audit Committee Checklist and that action plans will be implemented to address any issues.
During completion of the self-assessment BSO Non-Executive Directors (NEDs) serving on the Governance and Audit Committee (GAC) reiterated their concerns regarding the delay in the appointment of Non-Executive Directors to the BSO Board. GAC NEDs’ view was that this delay carried a significant risk as, from a substantive committee of four NEDs, only two remained neither of whom has financial expertise. Further, GAC NEDs also expressed concern that any further delay in the appointment of NEDs to the BSO Board may lead to a gap in knowledge as the timeframe for new appointments may not coincide with the departure of currently serving NEDs whose contracts end on 31 March 2017.
10. Board Governance Self Assessment Tool
I confirm completion of the Board Governance Self Assessment Tool and that action plans will be implemented to address any issues. I also confirm that any relevant issues will be reported to the Department.
11. Internal Control Divergences
11.1 / Update on prior year control issues which have now been resolved and are no longer considered to be control issues.11.1.1. / Recruitment / Payroll Shared Services
The BSO Governance Statement 2015/16 highlighted a number of issues regarding two shared services centres – recruitment & selection, and payroll. These issues remain challenging for BSO however the detail of these is now set out under Section 8 – Internal Audit.