The Scottish Government

« Previous | Contents | Next »

Listen

Statement on Internal Control

Scope of Responsibility

As Principal Accountable Officer, I have responsibility for maintaining a sound system of internal control that supports the achievement of the organisation's policies, aims and objectives, set by the Scottish Ministers, whilst safeguarding the public funds and departmental assets for which I am personally responsible in accordance with the responsibilities assigned to me.

I am supported by senior management colleagues who are the designated Accountable Officers for their respective areas of responsibility, and by the Accountable Officers of the respective bodies within the Scottish Executive departmental accounting boundary who bear this responsibility directly for their own organisations.

The Scottish Public Finance Manual ( SPFM) is issued by the Scottish Ministers to provide guidance to the Scottish Executive and other relevant bodies on the proper handling of public funds. It is mainly designed to ensure compliance with statutory and parliamentary requirements, promote value for money and high standards of propriety, and secure effective accountability and good systems of internal control. Information on how Scottish Executive bodies have applied this guidance is contained in these accounts and in the separately published accounts of the individual bodies.

Corporate Governance Framework

Within the accountability framework established by the Public Finance & Accountability (Scotland) Act 2000, the Scottish Executive senior management team are responsible for ensuring that the Executive is organised and managed in the most effective way to support Ministers in the implementation of their policies. In December 2006, I re-organised the senior management structures within the organisation. I chair the Strategic Board ( SB), the ultimate decision making authority on all issues of fundamental importance to the Executive. Its creation is intended to achieve tighter, more effective decision making at the heart of the organisation. The Board also has an important role in driving and shaping the vision for the SE in the future, and in ensuring the overall effectiveness of the organisation in supporting Ministers in pursuit of their key objectives. Membership is drawn form the wider senior management team and includes the non-executive members who bring an external perspective to the management of the Executive. Strategic Board business is also taken forward by appropriate sub groups, including a People & Business Innovation Sub Group whose remit includes consideration of corporate governance matters. For the duration of the financial year to 31 March 2007, each Department also had its own Departmental Management Board ( DMB) whose membership included non-executives. Other bodies within the SE boundary have similar arrangements in place.

Audit committees were established in all Scottish Executive Departments and Agencies and relevant bodies. Their role is to support the Accountable Officer by monitoring and reviewing both the risk, control and governance processes which have been established in the organisation, and the associated assurance processes. These committees are constituted in line with the Policy Principles for Audit Committees in Central Government as set out in the SPFM, including the appointment of non-executive/independent members from appropriate external sources.

The Scottish Executive had a structure of Departmental Audit Committees ( DACs), with the Scottish Executive Audit Committee ( SEAC), composed exclusively of non-executive members, as the over-arching Audit Committee. These Audit Committees completed all the necessary work for the accounting period to 31 March 2007. While audit committees in Agencies and sponsored bodies exist essentially to service the needs of their own organisations; collectively they help to provide assurances on the risk, control and governance across the Scottish Executive as a whole and to underpin this Statement on Internal Control.

As a result of the election of a new Scottish Administration on May 3 2007, I have further refined the management structures along with the audit committee and management board arrangements, including the non-executive directors' membership of these. The evolution of these new arrangements is ongoing and further information on the revised management structure is available at www.scotland.gov.uk.

The Purpose of the System of Internal Control

The system of internal control is designed to manage risk to a reasonable level rather than to eliminate all risk of failure to achieve the organisation's policies, aims and objectives. It can therefore only provide reasonable and not absolute assurance of effectiveness.

The system of internal control is based on an ongoing process designed to identify the principal risks to the achievement of the organisation's policies, aims and objectives, to evaluate the nature and extent of those risks and to manage them efficiently, effectively and economically. The general principles for a successful risk management strategy are set out in the SPFM. The process within the Scottish Executive accords with the guidance from the Scottish Ministers and has been in place for the year ended 31 March 2007. Although the principles are unchanged, there have been some changes in practice up to the date of approval of the annual accounts, as a result of the organisational changes.

Other Accountable Officers similarly have appropriate systems in place. (The annual accounts of these bodies contain separate specific Statements on Internal Control, which provide detailed information on their systems and plans).

The Risk and Control Framework

All Scottish Executive bodies operate risk management strategies in accordance with the SPFM. (Further information on how individual bodies do this is available in their separate annual accounts).

For the year to 31 March 2007, the Strategic Board oversaw the effective management of risk. Quarterly, the SB People & Business Innovation Sub-Group reviewed the Scottish Executive corporate risk position, as incorporated within the Balanced Scorecard (which provides management with a single cohesive document and highlights the links between success drivers and associated risks) and reports to the SB, following which the report is considered by the SEAC. The regular Cabinet Delivery Report monitored progress against the Partnership Agreement objectives and includes an audit of the centrally monitored commitments at some or significant risk, complemented by Ministerial bilateral meetings on delivery which provided the opportunity to discuss delivery and risk.

Risk management controls are identified in project and delivery plans and are used to keep projects and programmes in line with plan. Business areas are responsible for maintaining risk registers based on objectives for assessing and monitoring risks and actions taken to manage risk, and for ensuring that risk assessment is embedded into corporate and performance management, business planning and financial reporting processes. Programmes, policies, projects and specific initiatives may also prepare risk registers as appropriate to manage risk.

The existing risk management framework, as documented in the SPFM, is currently being revised as part of the organisation's transitional arrangements in the context of the new management structures and the developing role of the Strategic Board.

Developments in 2006/07

More generally, the Scottish Executive is committed to a process of continuous development and improvement. Developing our systems following the results of any reviews and in response to developments in best practice in this area. In particular, in the period covering the year to 31 March 2007 and up to the signing of these accounts the Scottish Executive has:

• established a new Purchase to Pay system in order to improve payment performance, release efficiency savings and improve the quality of purchasing and the associated links to the accounting system;
• updated its Best Value guidance and included detailed guidance on creating a Best Value regime, produced following extensive consultation with Scotland's public service organisations;
• continued to build on its existing portfolio of Gateway Review projects as a method of reducing risk in large projects. In 2006 Gateway Review became mandatory for those organisations covered by the terms of the Scottish Public Finance Manual, specifically for those projects with a budget of £5 million or more that are categorised as High-Risk or Mission Critical.

In addition, as part of our ongoing change and improvement programme, the Executive received the final reports of the Audit Scotland "Financial Management and Budgetary Control" review and of the "Taking Stock: Fit for the Future" review. A number of changes were made that will improve our financial, control and delivery processes as a result of recommendations contained in the final reports. Audit Scotland has also produced three client-facing baseline reviews - one on the core Scottish Executive Departments; one covering NDPBs and Executive Agencies; and one on NHS health boards. These reviews provide baseline information on the arrangements in place to secure Best Value and to identify areas of good practice.

Review of Effectiveness

As Principal Accountable Officer, I also have responsibility for reviewing the effectiveness of the system of internal control. My review is informed by:

• the executive managers within the organisation who have responsibility for the development and maintenance of the internal control framework;
• the work of the internal auditors, who submit to the relevant Audit Committees regular reports which include the Head of Internal Audit's independent opinion on the adequacy and effectiveness of the organisation's systems of internal control together with recommendations for improvement; and
• comments made by the external auditors in their management letters and other reports.

Other bodies within the departmental accounting boundary are also subject to internal and external audit and have in place systems for reporting by their executive managers.

Assurance on the maintenance and review of internal controls systems is provided by managers within the Scottish Executive, who provide a certificate of assurance covering their areas of responsibility to their Accountable Officer, who then provides an appropriate assurance to me. Similar processes exist within the other Scottish Executive bodies, which may produce their own Statement on Internal Control if they publish their own annual accounts, or who will otherwise draw to the attention of the departmental Accountable Officers any significant internal control matters.

Audit Committees also provide advice on internal control matters including the annual assurance provided by the Head of Internal Audit, reports from managers and the consideration of information on control issues received in respect of Agencies or sponsored bodies. DACs provide an annual report to the SEAC giving an assurance that the DAC is operating in accordance with SPFM guidance and drawing the SEAC's attention to issues that may fall within its remit. This report will include, where appropriate, any notifications of problems being experienced by audit committees of Executive Agencies or relevant sponsored bodies.

Appropriate action is in place to address any weaknesses identified and to ensure the continuous improvement of the system.

Principal Accountable Officer

Date: 23 October 2007

« Previous | Contents | Next »