This content has been automatically generated from the original PDF and some formatting may have been lost. Let us know if you find any major problems.
Text in this format is not official and should not be relied upon to extract citations or propose amendments. Please see the PDF for the official version of the document.
STATES OF JERSEY
RISK MANAGEMENT – FOLLOW UP (R.150/2022): EXECUTIVE RESPONSE
(R.150/2022 RES.) – COMMENTS
Presented to the States on 12th January 2023 by the Public Accounts Committee
STATES GREFFE
2022 R.150 Res. Com.
REPORT
Further to paragraph 70 of the Code of Practice for engagement between Scrutiny Panels and the Public Accounts Committee' and the Executive', (as derived from Standing Orders of the States Assembly) the Public Accounts Committee (the Committee') presents the Executive Response to the Comptroller and Auditor General's (C&AG) Report entitled: Risk Management – Follow Up (R.150/2022).
The C&AG published her report on 7th October 2022 and the Committee received the Executive Response to the report on 22nd November 2022. The C&AG's Risk Management – Follow Up review assessed the Government's progress with regard to risk management, and follows the recommendations made in the previous Risk Management review published by the C&AG on 7th September 2017. The 2022 follow up review highlighted that processes to identify, assess, prioritise and manage risks are fundamental to the achievement of Government's organisational goals.
The follow up review considered the effectiveness of corporate and departmental arrangements for managing risks and arrangements for the escalation of risks from departments and States owned entities to a corporate level. The C&AG concluded that the Government has continued to develop its approach to risk management following the 2017 Report. The C&AG also concluded that effective implementation of the Government's Risk Management Strategy is key to risk management becoming embedded as an integral tool of management.
The PAC shares the view of the C&AG that there is an improved acceptance of risk by the Council of Ministers and the Government's Senior Leadership Team, however, it remains concerned about the effectiveness of arrangements in place to fully and thoroughly assess risk and will be seeking further assurances and updates from the Government Office of the Chief Executive.
Purpose of PAC's Comments
The C&AG made eight findings and 10 recommendations and set out four items of work to prioritise and seven areas for consideration in her Risk Management – Follow Up review. The Committee notes that all 10 recommendations - the four items of work to prioritise and seven areas for consideration – have been accepted by Government. The Committee has considered the rationale provided by the Government through the Executive Response and has concluded that further action is required on specific areas as outlined below.
C&AG Recommendation 2 | Executive Response | Target Date | Responsible Officer |
Implement more effective arrangements to consider and integrate risks in States owned entities and arm's length bodies into the | (Accept) States Owned Entities (SoEs) risks are reviewed under a Memorandum of Understanding. This includes the Head of Risk meeting with SoEs prior to | Complete End Q2 2023 | Head of Risk Chief of Staff |
Corporate Register. | Risk | quarterly shareholder meetings. Arm's Length Bodies – the Arm's Length Bodies Oversight Board will progress improvements in Grant Funding Agreements for larger ALBs. These will include a requirement to notify the "sponsor" department of significant risks. |
|
|
Further Action Required: The Committee notes that the response related to States Owned Entities refers to arrangements that are already in place rather than improvements on the current situation and that the response related to Arm's Length Bodies makes reference to new procedures due to be introduced. The Committee will monitor the effectiveness of these arrangements for both types of bodies, as well as the consideration given to the recommendation that such risks are integrated into the Corporate Risk Register.
C&AG Recommendation 7 | Executive Response | Target Date | Responsible Officer |
Include significant risks that may impact on delivery of departmental business plans in these business plans. | (Accept) Going forward Accountable Officers to include and ensure decision making and prioritisation is risk-based. Significant risks will be developed over 2023 and built into the new Delivery Plans for 2024; as the Delivery Plan template has already been agreed for 2023 and Delivery Plans are nearing completion. | In place Q3/4 2023 | Accountable Officers in consultation with Head of Risk |
Further Action Required: The Committee notes that whilst Recommendation 7 has been accepted, the inclusion of significant risks in departmental business plans has been deferred until the new 2024 Delivery Plans. The Committee is not satisfied with the response and the deferral of the inclusion of significant risks in the new 2024 Delivery Plans. The Committee would add a further concern that the deferral could carry a reputational risk for Ministers.
C&AG Recommendation 10 | Executive Response | Target Date | Responsible Officer |
Review the Terms of Reference of the DRG to maximise its effectiveness. In doing so, clarify the purpose and corresponding information and access needs for the DRG as a resource to add value to the corporate risk management framework | (Accept) Further review of DRG Terms of Reference will take place in 2023. This process is already in place on an annual process to ensure maximised effectiveness | Complete and in place | Head of Risk |
Further Action Required: The Committee notes that the response to Recommendation 10 is marked as complete despite reference to a pending review of the Terms of Reference for the Departmental Risk Group. The Committee questions whether it is correct to mark Recommendation 10 as complete, when further work is still to be undertaken in this area. The Committee will seek assurances and updates on the timing of the review and fuller compliance with the recommendation.
C&AG Area of Consideration 5 | Executive Response | Target Date | Responsible Officer |
Enhance initial (gross) risk and current (residual) risk the system to document both to provide a better audit trail of risk, mitigating controls and action. | (Accept) A review of current procedures and assessment criteria within risk assessment form will be undertaken to consider the C&AG recommendation. | End of Q3 2023 | Head of Risk |
Further Action Required: The Committee notes that the Target Date for a review of current procedures and assessment criteria within Government risk assessment will be undertaken by the end of Q3 2023. The Committee believes that it would be preferable for the review to be undertaken sooner, so that it can be built into the new Risk Management Strategy and online risk management guidance. The Committee also notes the C&AG finding that the approach to risk management varies and believes that it would be beneficial for Government to focus on one particular style of risk management.
C&AG Area of Consideration 6 | Executive Response | Target Date | Responsible Officer |
Provide some specific training in risk management processes for States Members more widely. | (Accept) Underway. COM training already underway. Training for States Members will be offered. | End of Q2 2023 | Head of Risk |
Further Action Required: The implementation of training for the Councils of Ministers is a welcome and positive step. In addition, the PAC would like to see a more proactive approach to the formal provision of structured training for States Members, beyond the general offer of training to States Members outlined in the Executive Response.
Conclusion
Having considered the Executive Response, the Committee is minded requesting a private briefing with the Chief of Staff in order to gain a practical understanding of the Government's Corporate Risk Register.
In summary, the Committee will seek further evidence to ensure that the accepted recommendations are implemented and that improved practices are embedded. It also expects to see evidence that all accepted recommendations have been added to the Recommendations Tracker so that their progress towards implementation can be tracked closely. In the absence of such progress, the Committee may consider undertaking a systemic review of Government Risk Management. The Committee is hopeful that Government will consider its comments, intends to monitor progress and has requested a briefing on the Corporate Risk Register.
Deputy L. Feltham
Chair, Public Accounts Committee