« Previous | Contents | Next »
Listen
Consolidated Resource Accounts For the year ended 31 March 2004
STATEMENT ON INTERNAL CONTROL
Scope of responsibility
As Principal Accountable Officer, I have responsibility for maintaining a sound system of internal control that supports the achievement of the organisation's policies, aims and objectives, set by the Scottish Ministers, whilst safeguarding the public funds and assets for which I am personally responsible, in accordance with the responsibilities assigned to me.
I am supported by the Accountable Officers of the respective bodies within the Scottish Executive departmental accounting boundary who bear this responsibility directly for their own organisations.
The Scottish Public Finance Manual (SPFM) is issued by the Scottish Ministers to provide guidance to the Scottish Executive and other relevant bodies on the proper handling of public funds. It is mainly designed to ensure compliance with statutory and parliamentary requirements, promote value for money and high standards of propriety, and secure effective accountability and good systems of internal control.
The purpose of the system of internal control
The system of internal control is designed to manage rather than eliminate the risk of failure to achieve the organisation's policies, aims and objectives. It can therefore only provide reasonable and not absolute assurance of effectiveness.
The system of internal control is based on an ongoing process designed to identify the principal risks to the achievement of the organisation's policies, aims and objectives, to evaluate the nature and extent of those risks and to manage them efficiently, effectively and economically. The general principles for a successful risk management strategy are set out in the Scottish Public Finance Manual
The process within the Scottish Executive accords with the guidance from the Scottish Ministers and has been in place for the year ended 31 March 2004 and up to the date of approval of the annual accounts.
Other Accountable Officers similarly have appropriate systems in place. (The annual accounts of these bodies contain separate specific Statements on Internal Control, which provide detailed information on their systems and plans).
The risk and control framework
All Scottish Executive bodies operate risk management strategies in accordance with the Scottish Public Finance Manual. The risk management guidance was updated in September 2004. (Further information on how individual bodies do this is available in their separate annual accounts).
In the Scottish Executive, Management Group oversees the effective management of risk. The Management Group Corporate Issues Sub-Group reviews the Scottish Executive corporate risk register every quarter, and reports to Management Group, following which the risk register is considered by the Scottish Executive Audit Committee. Departmental Management Boards are responsible for Departmental risk registers: for assessing and monitoring risks and actions taken to manage risk, and for ensuring that risk assessment is embedded into corporate and performance management, business planning and financial reporting processes. Departmental risk registers are supported by Divisional risk registers, prepared based on each Division's objectives. Programmes, policies, projects and specific initiatives may also prepare risk registers as appropriate to manage risk.
More generally, the Scottish Executive is committed to a process of continuous development and improvement: developing our systems following the results of any reviews and in response to developments in best practice in this area. In particular, in the period covering the year to 31 March and up to the signing of these accounts the Scottish Executive has:
- introduced a "balanced scorecard" system of performance management (of which the corporate risk register is an integral part). This forms a crucial link between various strands of corporate planning and reporting and provides Management Group with a quarterly picture of the Executive's overall performance;
- embedded further the principles of risk management into the day to day processes of business divisions as part of our 2-year change programme "Changing to Deliver",
- better aligned risk management with wider performance management through our business planning process;
- adopted the Gateway Review process (a programme designed to provide assurance on the delivery of major projects; managed by a Centre of Expertise for programme, policy and project delivery.)
These initiatives will be further developed in the coming year.
Additionally, the Scottish Executive has recently appointed non-executive members to Departmental Management Boards. These non-executive members will chair, or sit on Departmental Audit Committees.
Review of Effectiveness
As Principal Accountable Officer, I also have responsibility for reviewing the effectiveness of the system of internal control. My review is informed by:
- the executive managers within the organisation who have responsibility for the development and maintenance of the internal control framework;
- the work of the internal auditors, who submit to the relevant Audit Committees regular reports which include the Head of Internal Audit's independent opinion on the adequacy and effectiveness of the organisation's systems of internal control together with recommendations for improvement;
- comments made by the external auditors in their management letters and other reports.
Other bodies within the departmental accounting boundary are also subject to internal and external audit and have in place systems for reporting by their executive managers.
Appropriate action is in place to address any weaknesses identified and to ensure the continuous improvement of the system.
As reported in greater detail in the Development Department Outturn Statement, in 2003-04 the Department paid 406m of Supporting People grant to local authorities to fund expenditure on housing support services, both directly by local authorities and by authorities making payments to other providers. Housing support services as defined in the Regulation of Care (Scotland) Act 2001 required to be registered with the Scottish Commission for the Regulation of Care in the course of 2003-04. The relevant requirements for registration were not met. As a result, from 1 October 2003 providers requiring to be registered did not meet the Supporting People scheme conditions and were, on the face of it, operating unlawfully. As soon as these circumstances came to the attention of the Scottish Executive, appropriate action was taken to address the situation. Legislation is also to be introduced to rectify retrospectively the position with respect to both the registration issue and the payments made by local authorities which were not in compliance with the scheme conditions.
Accountable Officer:
Date: 29 November 2004
« Previous | Contents | Next »