CERTIFICATES OF ASSURANCE Contents: Scope Key Points Background Assurance Framework Timetable / Review Annex 1: Deputy Director Certificate Annex 2: Internal Control Checklist Annex 3: Director Certificate Annex 4: Portfolio Accountable Officer Certificate
Scope 1. This section gives guidance on the provision of certificates of assurance to support the signing of the Statement on Internal Control. The assurance framework set out in this guidance relates specifically to constituent parts of the Scottish Administration i.e. the core Scottish Government (SG), SG Executive Agencies and non-ministerial Executive Agencies / Departments. Other organisations to which the Scottish Public Finance Manual is directly applicable - including bodies sponsored by the SG - should arrange for appropriate assurance frameworks consistent with this guidance to be put in place.
Key Points 2. It would only be possible to provide assurances without any qualification where best practice and any relevant guidance had been followed throughout the accounting period. Certificates of assurance can provide only reasonable and not absolute assurance. 3. Certificates of Assurance from Deputy Directors (or equivalents) should be completed in consultation, as appropriate, with their Finance Team and internal auditors. It is essential that the Internal Control Checklist is completed in full and with due diligence by Deputy Directors (or equivalents). 4. Certificates of assurance should be commissioned following the end of each financial year allowing sufficient time for the completion of the process to meet the timetable for signature of the relevant accounts.
Background 5. Accountable Officers for parts of the Scottish Administration are required to sign Statements on Internal Control (SICs) in respect of annual accounts for which they are directly responsible. To enable them to sign a SIC - which is provided alongside the annual accounts - Accountable Officers require assurances on the maintenance and review of internal control systems within or affecting their area of responsibility. Internal control systems comprise the whole network of systems established in an organisation to provide assurance that organisational objectives will be achieved, with particular reference to: - risk management;
- the effectiveness of operations;
- the economical and efficient use of resources;
- compliance with applicable policies, procedures, laws and regulations;
- safeguards against losses, including those arising from fraud, irregularity or corruption; and
- the integrity and reliability of information and data.
6. Assurances are required following the end of each financial year but it would only be possible to provide such assurances without any qualification where best practice and any relevant guidance (e.g. the Scottish Public Finance Manual (SPFM)) had been followed throughout the accounting period. It is recognised however that such assurances can provide only reasonable and not absolute assurance.
Assurance Framework 7. Assurances from Deputy Directors (or equivalents) to Directors (or equivalents) should be provided in the form set out in Annex 1. Annex 1 should be completed in consultation, as appropriate, with the relevant Finance Team and internal audit as to whether any matters had arisen which could affect clear certification. The Internal Control Checklist at Annex 2 has been designed to identify any such matters. 8. It is essential that the Internal Control Checklist is completed in full and with due diligence by Deputy Directors. In particular, the third column ("details") should record the broad steps taken to confirm/review the existence and adequacy of control, and any significant absence of, or weakness in, the control. Some explanatory notes and guidance on what is required by way of "details" is provided in the final column. It must be stressed, however, that the areas covered by the checklist are not exhaustive and any other significant weaknesses must be reported in the Certificate of Assurance. Checklists should be reviewed by Finance Teams. Finance Teams are not expected to undertake a detailed scrutiny of the checklists but should be satisfied that the checklists have been completed in full and that the information provided is consistent with their knowledge of the area concerned. Directors should ensure that they receive all relevant checklists and satisfy themselves that these have been properly completed. Directors (or equivalent) can then use the completed checklists, the associated certificates, and their own knowledge/review of their Directorate's control and risk processes when preparing their own Certificates of Assurance. 9. Completion of Annex 1 by Deputy Directors of sponsoring divisions within the SG should take account of any internal control issues that are considered likely to merit inclusion in the SICs of relevant sponsored bodies. Any additional issues included in the finalised SICsof sponsored bodies, or significant matters arising between the SICs being finalised and the signing the SG consolidated accounts, must be reported up the line as and when they come to light. It is for Deputy Directors of sponsoring divisions to decide, in consultation as appropriate with their Finance Team and internal auditors, what if any form of assurance would be appropriate in relation to any sponsored bodies that are not self-accounting and do not therefore complete SICs. 10. Assurances from Directors (or equivalents) to Accountable Officers should be provided in the form set out in Annex 3. Finance Teams should arrange for copies of these certificates to be submitted to relevant audit committees together with, as appropriate, either a draft certificate of assurance for the Accountable Officer to provide to the Principal Accountable Officer for the Scottish Administration or a draft SIC for signature by the Accountable Officer - see the following paragraph. 11. Accountable Officers sign the SICs in respect of the accounts for which they are directly responsible. The Principal Accountable Officer signs the SIC in respect of the SG consolidated accounts. Assurances to the Principal Accountable Officer from Portfolio Accountable Officers - based on assurances from relevant Directors (or equivalents), should be provided in the form set out in Annex 4. Assurances to the Principal Accountable Officer from the Accountable Officers of the Crown Office and Procurator Fiscal Service (COPFS) and Executive Agencies within the SG accounting boundary should take the form of the SICs provided alongside the COPFS and Agency accounts. Relevant issues in the SICs of NHS bodies within the SG accounting boundary should be included in the assurance from the Health and Wellbeing Portfolio Accountable Officer. 12. Assurances on SG corporate services in relation to the consolidated accounts will be provided to the Principal Accountable Officer by the Director of Change and Corporate Services and the SG Director of Finance. These assurances on corporate services should be copied as appropriate to the Accountable Officers of those accounting entities (e.g. Executive Agencies and sponsored bodies) which rely to varying degrees on corporate services provided by the core SG.
Timetable / Review 13. Certificates of assurance should be commissioned following the end of each financial year allowing sufficient time for the completion of the process to meet the timetable for signature of the relevant accounts. The provision of assurances on SG corporate services should take account of the timetable for the signature and publication of the accounts for Executive Agencies and sponsored bodies which is normally earlier than the SG consolidated accounts. 14. The Certificates of Assurance process, including the completion and review of the Internal Control Checklists, is subject to review by the external auditors as part of their audit of the accounts. Copies of the certificates and the completed checklists should therefore be retained locally for inspection. Internal auditors will also require access to these documents as part of their internal review of governance matters. Back to top Page Published/ Updated: March 2008 |