1.Risk Management | | | |
Do you have in place processes that seek to identify and record key business risks (linked to business objectives and targets) on an on-going basis? Have these risks been evaluated and prioritised? Has the management of each risk been allocated to a relevant manager? Do you receive reports on the management of key risks and control actions taken? | Yes / No Yes/No Yes/No Yes/No | | This relates to the use of a structured process to manage business risk in line with the SPFM. This will be one that ensures the right people are involved in the process, and that each stage in the process is being actively recorded and managed. It will also be one that revisits the issues periodically to ensure that the assessments reflect current risks. An example of a structured process would be the maintenance of risk registers at divisional / branch / project level as considered appropriate. (Guidance onRisk Managementis available in theSPFM.) |
Has appropriate consideration been given to business continuity and disaster recovery for key systems (including ICT) upon which your operations depend? | Yes / No | | Local response to the possible loss of corporate functions (e.g. Scots, SEAS, accommodation) might be considered in the context of divisional risk management procedures. Where local systems are in operation, including but not exclusively ICT systems, the Division has a responsibility to ensure that consideration has been given to continuity and recovery e.g. back-up discs Out-stations may have arrangements with local businesses in event of loss of facilities. (Guidance on Business Continuityis available on the Intranet.) |
2.Business Planning | | | |
Does your area have clear business objectives and outcomes which contribute to the achievement of higher level objectives and outcomes, and have they been translated into measurable targets against which performance and progress are measured? | Yes / No | | Your business objectives / SMART targets should be reflected in the Divisional Plan and performance appraisal forms at all levels. (Guidance on Business Planning and Risk Management and the Business Planning Toolis available on the Intranet) |
Have new and/or radically changed work programmes been referred to Finance and/or Internal Audit for advice? | Yes/No | | New initiatives or changed systems should normally be referred thus. (Guidance on the Role of Finance is available on the Intranet. Guidance onInternal Auditis available in the SPFM.) |
In developing targets, does the area identify performance measures which take account of inputs, outputs and outcomes? | Yes / No
| | This question seeks to find out if the relationship between inputs, outputs and outcomes is being applied in developing performance measures. (Guidance on Business Planning and Performance Managementis available on the Intranet) |
Do you regularly receive timely, relevant and reliable reports on progress against targets and take corrective action where necessary? | Yes / No | | This could take the form of regular reports prepared for consideration at progress meetings or updates provided in the context of regular meetings with managers. Corrective action might involve the reallocation of resources (budgets and staff) and the reordering of priorities. |
3.Major Investment Projects | | | |
Are there ongoing major investment projects within your area? (If no, ignore the rest of Section 3)? | Yes / No | | Major investment projects covers both capital and resource expenditure. Major capital investment projects are defined in the SPFM as those with a total cost exceeding £2.0m inclusive of fees and VAT and this figure should be used as a guide in relation to other major investment projects. |
Do you adhere to the relevant guidance for controlling and monitoring major investment projects during their lifetime e.g. progress reports at agreed intervals/milestones, including mandatory Gateway Reviews and Key Stage Reviews (in the case of High Risk or Mission Critical project delivery). | Yes / No | | All major investment projects are subject to the guidance in the SPFM onMajor Investmentor, if applicable, to the section onPublic Private Partnerships(PPP). Conventionally procured projects are subject to the guidance in theConstruction Procurement Manual produced by Construction Advice & Policy Division.You should be in a position to confirm or otherwise that the procedures you have in place comply with the relevant guidance. |
Do you adhere to the relevant guidance for reviewing major investment projects and assessing value once the contract has been delivered? | Yes / No | | This would involve carrying out post project, post occupancy, and other benefits evaluation exercises in accordance with the relevant guidance. |
Do you have arrangements to ensure that staff carrying out roles as Project Owner (PO/SRO), Project Sponsor or Project Manager re major investment projects have previous experience of project delivery, relevant skills and a personal letter of appointment (or formal statement) setting out responsibilities and specific delegated authorities? | Yes / No | | The roles, responsibilities and appointment requirements of the various functions in the client management structure are set out in theMajor Investmentsection of the SPFM and in theConstruction Procurement Manualproduced by Construction Advice & Policy Division. The latter guidance also includes information on the relevant skills for each of the functions. |
| | | |
Are there ongoing projects - other than major investment projects - within your area? | Yes / No | | Projects covered in this section include investment projects that would not qualify as "major" and policy delivery related projects. |
Do you adhere to the relevant guidance on project management and ensure that staff have the relevant skills? | Yes / No | | The general principles set out in theMajor Investmentsection of the SPFM should be applied, as appropriate, to all investment projects. Guidance on policy delivery related project management is available on the Intranet- guidance on project management staff training is available via Corporate Learning Services. |
5.Financial Management | | | |
Do you ensure that your portfolio Finance Team (and as necessary Internal Audit) is involved at the earliest possible stage in the preparation of all policy proposals etc which may have resource, control or other finance related implications and that they are kept informed of developments? (Portfolio Finance Teams should also be consulted on any novel or contentious spending proposal and any matter which includes issues of financial propriety and regularity.) | Yes / No | | Guidance on the Role of Finance is available on the Intranet.References might also be included in induction material and local desk instructions. |
Do you have procedural instructions, cleared with your portfolio finance team, about how financial matters are handled within the area, drawing as appropriate from the key principles of the SPFM? Do you have in place processes for regular monitoring of compliance with these instructions? | Yes / No Yes / No | | Local desk instructions should be in place covering the arrangements for entering into commitments and for approving and processing the resultant payments - and ensuring adequate separation of duties. Desk instructions may also cover other matters such as delegated authorities, budget monitoring procedures and the requirement to consult Finance on all proposals that may have resource or other finance related implications. Monitoring of compliance might be achieved by regular management checks and the consideration of financial matters at regular meetings with your managers. |
Do you delegate financial authority to staff at appropriate levels? | Yes / No | | Delegated financial authority (i.e. where members of your staff have full responsibility for budgets and/or purchasing and take decisions without having to refer upwards) will not be appropriate in many Divisions but where it is you should provide details of the broad arrangements e.g. set out in desk instructions, financial responsibility statements. This is separate from the authority required to make and authorise payments etc within SEAS. (General guidance onDelegated Authorityis available in the SPFM. Guidance on the SG Scheme of Delegationis available on the Intranet.) |
Is there adequate separation of duties where required (e.g. authorising and processing payments and receipts, awarding grants)? Are staff with financial duties aware of - and adequately trained to discharge - their responsibilities in that regard? | Yes / No Yes / No | | Again this is separate from the authority required to make and authorise payments etc within SEAS. There may be concerns (e.g. within small units) where the rules on separation of duties cannot practically be achieved. In such circumstances the response should relate to whether the local arrangements (e.g. compensating controls) agreed with Finance Teams are working satisfactorily. (The requirement for appropriate separation of duties is included in a number of sections of the SPFM, notably those coveringExpenditure & PaymentsandIncome Receivable & Receipts.) This covers all staff involved in the financial process and not simply Finance Teams. The amount of knowledge and training does, of course, need to be related to the part played by the individual in the financial process. Individual duties might be covered in desk instructions. |
Do you have arrangements to ensure that all assets for which the area is responsible are properly managed and safeguarded (e.g. against unauthorised use or disposal)? | Yes / No | | Only assets for which the area is responsible need to be considered here. This will include those assets on a locally maintained inventory of valuable and attractive items. (Guidance onManagement of AssetsandFraudis available in the SPFM.) |
Do you have procedures for ensuring that proper and accurate accounting records are maintained and entries in them are properly authorised? | Yes / No | | The response to this question needs to reflect both the provision of information needed for accounting purposes (e.g. the proper and timely entry of data into SEAS) and for cash management purposes. The response should also take into account the controls in place within your area to ensure that only authorised personnel have access to the SEAS system. (Guidance on SEASis available on the Intranet.) |
Do you have measures in place to monitor the security and accuracy of financial information? | Yes / No | | The response should reflect the measures that you have in place to ensure that the SEAS (or any other financial) system contains accurate and up to date information. Measures might include periodic or regular management checks. |
Do you have procedures in place for monitoring and reviewing those budgets for which you are responsible? Are agreed budget plans documented and disseminated within your area? Do you regularly review internal financial reports which report actual against budget outturn and discuss progress with your Director or equivalent? | Yes / No
Yes / No Yes / No | | This question deals with the local arrangements within the area for monitoring and reviewing the administration cost and programme budgets. These might be linked to re-profiling exercises run by your Finance Team. (Guidance on Budget and Financial Managementis available on the Intranet.) You will wish to consider here the mechanisms in place for communicating budgetary information both at the beginning of the year and changes made in-year whether at the time of formal monthly or quarterly reviews or at other times. This would also cover the transfer of funds between one area and another or between the centre and your area. The review of the regular financial reports needs to take account of both the review internally within the area as well as external reporting of outcomes and any remedial action required. |
Do you ensure that that the State Aid Unit is consulted on all proposals that may have state aid implications? | Yes / No | | Guidance on theEC State Aid Rules is included in the SPFM. More detailed guidance is available from the State Aid Unit. |
Do you ensure that any grant proposals and payments follow the relevant guidance in the SPFM? | Yes / No | | The section of the SPFM onGrant & Grant in Aid includes references to checklistscovering the grant proposal, application and assessment processes and a Model Offer and Conditions of Grantdocument. There is a separate Offer of Grant document for use in relation to grant funding provided to voluntary bodies to assist with their operational costs. |
6.Fraud | | | |
Are operational managers and other members of staff within your area aware of their responsibilities as set out in theScottish Government Fraud Policy Statement? | Yes / No | | Relevant guidance in the section onFraudin the SPFM might be brought to the attention of staff periodically and / or in induction material. |
Are any cases of suspected fraud within your area dealt with in accordance with theScottish Government Fraud Response Plan? | Yes / No | | Unless separate prescribed procedures are in place any suspicion of fraud (internal or external) should be reported to the Fraud Response Co-ordinator. |
| | | |
Is all procurement activity within your area undertaken in accordance with the SPFM and SPD guidance and where required is it undertaken by officers with the necessary delegated purchasing authority? | Yes / No | | Management checks on sample purchases / contracts should be carried out to ensure compliance with the relevant guidance. See theProcurementsection of the SPFM and the guidance available via the SPD Homepage. See also specific guidance on the Intranet on the operation of the Government Procurement Card and the Easebuy System. |
Does your area's use of consultants comply with relevant guidance? | Yes/No | | Contracts for consultancy of up to £50K in value must be approved at Director General level. Consultancy contracts above £50K must be authorised by the Cabinet Secretary for Finance and Sustainable Growth on the recommendation of the relevant Director General. If there have been no such cases during the period then just say so. (See the relevant guidance on Consultancy Procedures on the Intranet |
| | | |
Are staff aware of their responsibilities? | Yes / No | | Awareness would normally be achieved through job specifications/descriptions and, where appropriate, formal delegations. |
Do you have adequate procedures for disseminating guidance and instructions? | Yes / No | | This could be achieved through e-mail and divisional / team meetings. |
Do you adhere to the corporate procedures re recruitment / induction; Personal Learning Plans and training provision; and absence management, FWH, T&S and overtime? | Yes / No | | You should be able to confirm that a divisional Induction Pack and Learning Plan are in place and that the Division adheres to relevant guidance on the completion of PLPs, absence management, FWH etc. (Guidance on Induction, the Divisional Learning plan and eHRis available on the Intranet.) |
Do people in the area (and any providers of out-sourced services) have the knowledge, skills and tools to support the achievement of directorate objectives and to manage effectively risks to their achievement? | Yes / No | | Internally, the response to this question might be informed by Skills for Success Profiles, PLPs and the Divisional Learning Plan. External assurance might be provided by adherence to relevant procurement guidance and through performance targets and monitoring. |
9.Equality and Diversity | | | |
Are key policies/activities in your area assessed for their impact on equality groups (as required by legislation)? | Yes / No | | This question relates to the SG's responsibilities under the statutory public sector equality duties. You are expected to ensure that key policies and activities in your area are assessed for their impact on equality. |
Are support structures in place to enable staff to undertake and complete impact assessments? | Yes / No | | You will want to consider what steps you have taken to ensure that your staff are able to and do use the SG's equality impact assessment guidance and toolkit. You will also want to consider what kind of support you are providing for your staff so that they are able to undertake and complete this process successfully. |
Do you have procedures in place to ensure that equality impact assessments have been completed for all relevant policies/activities? | Yes / No | | The Equality Impact Assessment Tool is available to all staff via the SG Intranet. |
Do you ensure that all staff objectives take account of the mainstreaming diversity agenda? | Yes / No | | All staff are required to have a diversity objective as part of the annual performance appraisal process. Examples of appropriate objectives are available on the SG Intranet. |
10.Information | | | |
| | | |
Does your area expressly track information risks? Can you confirm that information risk assessments have been carried out? Are all significant "information" posts manned? Are access control mechanisms in place for each system? Do you have processes in place for dealing with breaches of security / data handling incidents? | Yes / No Yes / No Yes / No Yes / No Yes / No | | SG policies and guidance on information risk are available on the Intranet. Compliance with this guidance ensures the SG fulfils its obligations to meet centrally prescribed information assurance standards and requirements, e.g. Cabinet Office's Manual of Protective Security, e-services security assurance requirements (including accreditation) and ISO 27000. Where Agencies do not use SG guidance they must ensure that their own equivalent guidance and arrangements are fully compliant with central government requirements. Information risk assessments should be carried out in relation to the correct protective marking of information assets; the restriction of access to information; the training of staff in handling sensitive information; the scanning of information received in hardcopy format; the purposes and management of processing of personal data; the impacts of loss or corruption of information; and so on. Such risk assessments should extend to all delivery partners and others in the information supply chain. TORs for posts (including Information Asset Owners (IAOs) and, where appropriate, Information Management Support Officers (IMSOs)) are in place, staff are available to discharge these roles and have undergone or are undergoing appropriate training. Access control mechanisms for each system are documented by IAOs.
Process is in place to report, manage and recover from information risk incidents. Lessons have been learnt, and shared, from incidents (if any). Local managers have a responsibility to ensure that staff are aware of and comply with the relevant guidance and to initiate checks where non compliance is suspected. Managers have a responsibility to ensure that all suspected or actual information security breaches are reported to IT Security. |
11.Health & Safety | | | |
Does your area have processes in place to ensure compliance with Health and Safety policy? Have there been any breaches against H&S regulations during the year? | Yes / No Yes / No | | This could involve ensuring that there is someone with designated responsibility for monitoring processes in your area, and for confirming compliance. (Guidance on the Health and Safety Management Systemis available on the Intranet.) |
If you are not operating in a main building, does your area have appropriate emergency procedures in place relating to all office accommodation it occupies? | Yes / No / NA | | Are you happy that procedures effectively deal with any potential emergencies? |
12.Sponsored Bodies | | | |
Is your area responsible for sponsoring any NDPBs or other bodies? (If no, please ignore the other questions in this section.) | Yes / No | | Guidance for Sponsor Teams is available on the Intranet. |
Is there an up to date Management Statement/Financial Memorandum (MS/FM) in place for each of your sponsored bodies? | Yes / No | | You should be in a position to confirm that these are finalised or otherwise, that they are up to date, and that they were subject to proper consultation (including with your Finance Team and Internal Audit Division) (A model MS/FM is provided at Annex 3 of the section of the SPFM onAccountability.) |
Do you have appropriate arrangements in place to monitor adherence to the MS/FM? Are you satisfied that the sponsored bodies have been adhering to the MS/FM? Do you contribute to and/or approve the Corporate Plans and Performance Measures of the sponsored bodies, and review outturn against these measures? Are you satisfied with the arrangements adopted by the sponsored bodies to prevent, detect and deal with fraud? | Yes / No Yes / No Yes / No Yes / No | | You should provide broad details of the steps you take to monitor these areas. Guidance on the role of the sponsoring team is set out in the model MS/FM in the SPFM. |
13.Compliance | | | |
Do you have processes in place to ensure compliance with applicable policies, procedures, laws and regulations - including those referred to separately in this Checklist e.g. the SPFM? | Yes / No
| | Processes might refer to desk instructions, local checklists and/or periodic management checks e.g. relating to the existence of statutory authority for expenditure and the holding / provision of information under the Data Protection and Freedom of Information Acts. The level of response should reflect the work of the Division. (Guidance on Data Protectionresponsibilities and FOIis available on the Intranet.) |
14.Review | | | |
Do you review from time to time the effectiveness of internal controls in your area? Have you taken action to improve controls? | Yes / No
Yes/No / NA | | You should be reviewing internal controls in your area at appropriate points in time e.g. when processes change or operational shortcomings come to light. Has anything happened during the course of the financial year that has raised questions about the controls that you have in place? E.g. has the running of the regular financial monitoring exercises suggested any shortcomings? Have there been any particular queries that may lead to doubts about how the controls are operating? (Guidance on internal controls is provided in the main section of the SPFM onCertificates of Assurance.) |
Have controls and risks in your area been subject to independent review (e.g. by Internal Audit) in the course of the year? Has appropriate action been taken to implement agreed recommendations resulting from such reviews? | Yes/No Yes/No/NA | | You should provide details of any key weaknesses identified and the steps taken to resolve these. |
15.Other Issues | | | |
Apart from the issues raised above, are there any significant control matters arising in your area which could adversely affect the signing of the SIC? | Yes/No | | Provide here details of any significant control problems, specific to your area of responsibility, which you have encountered during the year. |
| | | | |