· xls file · web view· social services inspectorate · use of resources assessment · pure...

Annual Governance Statement 2008/09 - Matrix of assurances given against CIPFA/SOLACE Objectives

of 39

Appendix A

Objective 1: Establishing principal statutory obligations and organisational objectives:Step 1 In support of objective 1 – mechanism established to identify principal statutory obligationsExamples of assurance: Evidenced by: Lead Comments Direction

Personnel/ Hampshire Police Authority Å

Police Authority/ Financial Accounting Committee minutes, Financial Regulations & Standing Orders Å

Police Authority Held by Chief Executive and published on website Å

Personnel Held by line managers and on intranet Å

Personne/Service Delivery Department Published on intranet within Personnel Planning’s pages. Å

Service Delivery Department Å

Å

Personnel Å

Å

1. Responsibilities for statutory obligations are formally established

· Documents (e.g. constitution) recording individual officer and member responsibilities

Legislation, Financial Regulations, Standing Orders, terms of reference and Force Policies & Procedures. Members operate within the code of conduct. Officer responsibilities are shown in Part 1 of role profiles. There are also police officer and police staff codes of conduct. The risk register for the Authority will need to be reviewed to ensure that it captures risks across the Authority including governance issues.

· Minutes of delegations to officers and committees· Committee terms of reference· Job descriptions of key officers· Structure charts

2. Record held of statutory obligations

· Accessible record of statutory obligations (e.g. central registry or legal library, intranet) and Force Polices and

FPP Library and PNLD (Police National Legal Database) accessible via intranet

3. Effective procedures to identify, evaluate, communicate, implement, comply with and monitor legislative change exist and are used

· Established identification and implementation processes in place as part of Programme and Project Management system.

Service Delivery Department, HMIC, management, Audit Commission, Internal Audit, PSD, Best Value, Self Inspection, IPCC

Service Delivery Department Environmental Scanning identifies and communicates legislative change. An intranet news channel has been developed. Service Delivery Department manage Force Policies & Procedures which must be reviewed at least every 3 years by authors. Policy owners measure compliance· Risk resulting from Legislative changes

is recognised and is listed on the corporate risk register.

· Appointment of suitably qualified and experienced employees, selected against accurate and specific job descriptions and person specifications

All posts have role profiles and person specifications. There is a comprehensive recruitment process for all officers. All police staff posts and specialist police officer posts have a formal selection process and appropriate vetting process.

· Evidence of effective arrangements for internal and external communication (e.g. by review of communication of recent legislation to relevant officers and members)

Police Authority/ Media and Corporate Communications

The Authority & Force have communication strategies. Additionally, the Authority publishes a monthly internal newsletter and the Authority have recently agreed to a bi-monthly stakeholder newsletter to be published. The Force also uses E-learning, the force newspaper (Frontline), OCU and departmental newsletters and the intranet to promulgate new legislation e.g. FOI. Force Policies and Procedures are regularly reviewed and changes notified in Force Routine Orders.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionTraining Dept Å

Training Dept

ACPO Group Å


· Appropriate induction training has been given to specific post holders

Student officer training delivered to all officers. All staff have induction training. All employees complete mandatory e-learning. PDRs are held annually to ascertain the individual’s performance, ability and any required training. The PDR process is being developed to link the individual to unit and force objectives more closely and allow ongoing personal development to be an integral part of the appraisal process. This will allow better management of the succession planning and organisational development. All training is presented to Training Prioritisation Steering Group quarterly, to approve, defer or not approve against the Force Control Strategy, abstraction and resources. This incorporates all legislative changes. Certain postholders must have relevant training e.g. area car driver. However, it is acknowledge that training for many posts can be ad hoc. There are current proposals to more closely align recruitment and training within one HR structure and with a direct reporting line. This will ensure joined up delivery of the right people with the right skills at the right time to do the right job.

· Awareness training tailored to job profiles has been provided

E-learning, internal training courses, external courses, briefings, team meetings, website access, email access, membership of professional institutions, circulars from Govt Depts and ACPO help to keep staff informed. Training needs are covered in PDRs. Relevant professional training is not always available for some posts, particularly specialist posts. However, new legislation is subject of Training Needs Analysis and officers that need to be aware but are not directly affected by change are updated by means of mandatory e Learning. Where specialist professional training cannot be delivered in Force, significant budget is made available to cover this training need via external providers. Emerging priorities in training provision are caught through environmental scanning and considered at TPSG. These are delivered through a range of blended training activity.

é

Frontline Training now delivers enhanced Training provision for all officers. Leadership and Development Training will now be provided as a single work-stream that will provide for Business, Executive and Professional leadership training provision bespoke to role and rank

All new legislation is subject of Training Needs Analysis and officers that need to be aware but are not directly affected by change are updated by means of mandatory e Learning. Frontline Training is now designed to meet a combination of forcewide and local performance needs. E-learning can be used in combination with other training methods or on its own.

· Inspection of reports to members on implications of new legislation

Senior Officers decide on the need to brief members on the implications of new legislation

· Evidence that assurance has been given to Chief Executive (or equivalent) that all relevant legislative changes have been reported and addressed

Systems exist to ensure that the Chief Constable receives communications from government departments, ACPO and other relevant sources. Information is received via relevant journals and non-operational professionals receive further relevant information via their professional institutions. Environmental scanning is undertaken by Service Delivery Department to minimise the risk of not identifying changes. Environmental scanning will feed into the new project and programme management boards.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionÅ

Step 2: In support of Objective 1 – Mechanism in place to establish organisational objectives (see footnote 5 at end)Examples of assurance: Evidenced by: Lead Comments Direction

Service Delivery Department/ Police Authority Å

4. Effective action is taken where areas of non-compliance are found in either mechanism or legislation

· Review of evidence to demonstrate that action has been taken to overcome identified areas of non-compliance, for example:

Financial Accounting/ Service Delivery Department/ Professional Standards

All issues are fed into a strategic assessment process to generate actions. Terms of Reference of the Governance Committee includes to monitor the implementation of their (i.e.. Internal & External Audit) recommendations. This is currently done through annual audit report/opinion and other updates given by Internal / External Audit through the year. Outstanding audit recommendations no longer presented to Finance Committee. The PRINCE2 methodology adopted by the Force promotes the monitoring of corrective action.

o Internal /external audit reports to audit committee or equivalent;

Professional Standards Dept uses an organisational learning matrix (OLM) to ensure that lessons learnt from public complaints and misconduct investigations are disseminated and actioned at Force / OCU level. There are quarterly professional standards committee meetings in the Constabulary and the Police Authority.

o Monitoring reports on progress on delivering action plans in response to identified legal/statutory risks in risk register (e.g. on implementation of Freedom of Information Act 2000)

Recommendations and Areas for Improvement identified by HMIC are monitored by action owners and reported to and monitored by HPA Performance Committee. PSD conducts a strategic assessment every 6 months and bi-monthly TCG meetings drive the business and assess priorities.

o Evidence of corrective action being taken in response to upheld complaints against the authority

Within the force all criminal cases and gross misconduct cases are referred to PSD for police and staff. No complaints upheld against HPA to take action on.

1. Consultation with stakeholders on priorities and objectives

· Results from internal and/or external consultation exercises have been analysed and published

The Authority and Force has undertaken facilitated external consultation and the Authority has a Consultation Officer and the Constabulary has a consultation and research team. The Authority also produces an annual consultation programme to ensure that all diverse groups of the counties are reached. The Authority meet with the strategic planning group to ensure local priorities are reflected in statutory documents. Results of Authority and Constabulary consultation conducted are provided to the Community Affairs Committee, feedback is available at the Authority website and directly to those involved. The Force has undertaken staff surveys for internal consultation as well as surveys relating to specific organisational initiatives or evaluations.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionService Delivery Department / Police Authority Å

Service Delivery Department / Police Authority Å

Service Delivery Department HPA and Force’s Strategic Plan Å

Service Delivery Department/ Financial Accounting HPA and Force’s Strategic Plan ÅMedium Term Financial Strategy

Financial Services Å


Å

Å

Police Authority/ Media Services Communication Strategies published for HPA and the Force. Å

Police Authority/ Service Delivery Department Å

ACPO/OCU Commanders and Dept Heads Å

Service Delivery Department co-ordinates Å

2. The authority’s priorities and organisational objectives have been agreed (taking into account feedback from consultation).

· Authority’s approved policing plan takes account of all consultation and local and national priorities

HPA and Force’s Policing Plan is informed by consultation results. Authority Members and officers are involved in the construction of priority setting.

· Priorities and objectives in strategic partnerships are aligned with corporate priorities and objectives

All partnerships exist to work jointly to achieve shared objectives. All partnership objectives should be aligned with the authority’s corporate priorities and objectives. Care is taken to ensure that specific funding for specific activities does not divert resources from priorities.

3. Priorities and objectives are aligned to principal statutory obligations and relate to available funding

· Corporate priorities and objectives are clearly set out in the policing plan· Strategic plan takes account of annual budget and medium term financial plan· Financial plans take account of strategic partnership contributions and income streams

The medium and forward budget process takes account of partnership contributions and income.

4. Objectives are reflected in departmental plans and are clearly matched with associated budgets

· Clear terms of reference are set for the preparation of departmental and/or service plans

Guidance has been issued and is being updated on the preparation of services plan and meetings held with Dept Heads to identify improvements needed. As of April 2009 all departments and OCUs are required to submit delivery plans on how they will deliver on the policing priorities. The new policing priorities have been published, the 2009 - 10 control strategy has been aligned within this process.

· Departmental and/or service plans clearly reflect corporate objectives and match approved funding

Delivery plans must link to Force priorities. All Depts have budgets allocated. The Force budget is matched to priorities as part of the budget process.

· Annual reports are produced on the outcome of departmental and/or service plans

Depts have PIs. The most important PIs are monitored at Force level via the Force Performance and Review Group. Delivery plans and PIs are published on the intranet.

5. The authority’s objectives are clearly communicated to staff and to all stakeholders, including partners.

· A communication strategy in respect of the corporate objectives has been developed, approved and implemented

· Evidence of consultation with stakeholders (e.g. public and internal surveys etc) and strategic partners on service provision against cost.

Public consultation exercise made public by Community Affairs Committee, Independent Advisory Group, victims of crime survey, Safer Neighbourhood surveys, precept leaflet issued, FAQs on intranet, meeting with residents associations etc, staff survey. Police Authority consultation and public facing Constabulary consultation is made public via its Community Affairs Committee.

· Documented meetings across departments to discuss key objectives in corporate and departmental and/or service plans

User groups and management boards/ committees have cross-departmental representation. Service Delivery Department review service plans and meet with dept heads to ensure that the objectives and PIs are in line with Force objectives, policies and procedures. Dept meetings should be minuted and published.

· Corporate objectives and aims are set out in key documents (annual plans, Local Area Agreements etc) on the authority’s website and intranet site

Strategic Plan and Local Policing Plan and Report on HPA and Force Websites as well as Force Intranet


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionStep 3: In support of objective 1 – Effective corporate governance arrangements are embedded within the authorityExamples of assurance: Evidenced by: Lead Comments Direction

Police Authority Å

Å

Police Authority The Code will be reviewed at least annually by the Governance Committee Å

Police Authority/ Governance Committee Submission of Annual Governance Statement ÅAudit plans and reports.Relevant reports from other agencies.

Governance Committee Å

Å

Å

Governance Committee Defined in terms of reference Å

Governance Committee Defined in terms of reference Å

Yes Å

Governance Committee minutes issued Å

1. Code of corporate governance established

· A Code of Corporate Governance in line with the CIPFA/SOLACE guidance relevant to the type of authority has been adopted by the authority.

Code approved by Governance Committee. Draft of revised and updated Code to Governance Committee in March 2009.

· A communication strategy in relation to the Code has been developed, approved and implemented

The Code of Corporate Governance published on the HPA website and members made aware

2. Review and monitoring arrangements in place

· The Code itself incorporates a review date and/or a system for continuous update in response to changed requirements

· There are clear arrangements for continuously monitoring compliance with the Code e.g. reports on compliance are regularly submitted to the committee charged with corporate governance responsibility

· An annual report on compliance with the Code of Corporate Governance is prepared and submitted to members

The Governance Committee receives an annual report covering all assurance areas. This is supplemented by annual audit reports. In addition, progress reports are given on weak assurance areas and audit findings.

· Internal/external audit reports on adequacy of corporate governance arrangements

All relevant reports submitted to Governance Committee. Corporate Governance is an annual audit as part of the approved internal audit plan.

· An action plan is prepared to address any significant identified weaknesses in complying with the Code and is continuously monitored by the authority or committee charged with corporate governance responsibility

Action plans prepared by lead stakeholder and progress monitored by Governance Committee

3. Committee charged with governance responsibilities

· Responsibility for overseeing corporate governance has been formally delegated to an appropriate committee

· Committee terms of reference clearly demonstrating responsibility for corporate governance issues have been approved by the authority

· Terms of reference are sufficiently comprehensive to ensure that all appropriate aspects of corporate governance are covered

· Agendas and minutes from the committee charged with corporate governance responsibility indicate that the responsibility is being discharged adequately in accordance with terms of reference


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionGovernance Committee & Deputy Chief Constable Å


Governance Committee & Deputy Chief Constable Å

Police Authority HPA Website Å

Step 4: In support of objective 1 – Performance management arrangements are in placeExamples of assurance: Evidenced by: Lead Comments Direction

Service Delivery Department PIs and targets set at Force and local levels. Å

Service Delivery Department produces data and quality assures.

Clear responsibilities for all PIs

ACC’SO’ review visits of ‘SO’ DeptsACC’TO’ review visits of OCUs

Scorecards being developed for Force and departmental use.

Phase HMIC inspections.Annual baseline assessments.

Year on year comparisons undertaken.

Business improvement reviews and intervention undertaken.

Benchmarking undertaken by a number of departments but not all.

4. Governance training provided to key officers and all members

· Induction training for key new officers and all new members incorporate suitable coverage on corporate governance issues according to responsibilities

Key officers and members have received reports and advice on corporate governance, the Code of Corporate Governance and the Annual Governance Statement.

· Ongoing awareness training is provided as appropriate to key staff and all members to ensure that changes in the Code are made known within the authority

Members and key officers are updated by reports to the Governance Committee and ACPO Group/RMB as necessary.

5. Staff, public and other stakeholder awareness of corporate governance

· There is a general staff awareness training programme

Minutes of the Governance Committee are published on the HPA website. All portfolios provide input to the governance process, but there is no general awareness programme.

· The Code has been published and is accessible to all staff, the public and other stakeholders

1. Comprehensive and effective performance management systems operate routinely

· There is a clearly defined performance management framework that identifies:

o all sources of performance measures;

Performance Committee of HPA Agrees and reviews performance with ACPO officers.

o who is responsible for achieving each performance measure;

Performance Review Group (Force level) reviews performance with OCU Cdrs and Dept Heads.

o who is responsible for collating the data for each one;o who determines and approves the performance measures;

Performance data packs published monthly by Service Delivery Department on intranet.

o who receives reports on performance and how often;o how data quality is assured;o how performance data is captured and its integrity maintained;o how poor performance is addressed;o how performance is driven upwards over time

Reports from HMIC/PSU/Audit Commission received, responded to and acted upon.

· Reports resulting from internal or external reviews of performance management · Year-on-year comparison of achievement against performance targets (e.g. in annual reports)· Best value reviews, including benchmarking results· Departmental and/or service benchmarking results· Annual reports issued by, or in relation to, strategic partnerships

However, there is concern that the quality of data held in some areas is in need of improvement e.g. detectionsA new Corporate Information Management structure has been implemented with a focus on data quality. A post of data quality manager will be recruited and will have responsibility for drafting and ownership of a data quality strategy.


of 39

Examples of assurance: Evidenced by: Lead Comments Direction


Service Delivery Department co-ordinates

Service Delivery Department

Service Delivery Department Regular reports are made to the Performance Committee. Å

Å


Financial Accounting/ Financial Services Å


Service Delivery Department Regularly monitored Å

Service Delivery Department Force performance indicators Å

Financial Services Dept Å

OCU Cdrs/ Dept Heads OCU families meet regularly Å

Service Delivery Department IQuanta data is published in the monthly Force performance pack ÅABC data is being used to compare spending and efficiency

Å

Service Delivery Department A “dashboard” is available to view and drill down on performance Å

Service Delivery Department EFQM underpins self assessment process. Å

Audit Commission/HMIC Co-ordinated by DCC Audit Letter Å

1. Comprehensive and effective performance management systems operate routinely

A Business Intelligence project has been set up to provide an improved performance management capability..

2. Key performance indicators are established and monitored

· Appropriate key performance indicators (KPIs) have been established and approved for each service element and are included in departmental and service business/annual plans

All OCUs and departments have agreed PIs. The performance pack produced by Service Delivery Department covers the KPIs. Service Delivery Department will review the delivery plans to ensure PIs are SMART. KPIs and Force PIs are published monthly by Service Delivery Department These are monitored by performance Committee and Performance Review Group. Performance is also reviewed at ACCTO and ACCSO review visits.

Å

· KPIs have been developed and are monitored in respect of key partnerships

PIs and reports sent to Performance Committee and Performance Review Group

· A robust monitoring system has been approved and implemented

Constant review through National Policing KPIs (e.g. from the Home Office and HMIC) as well as local review at Performance Committee and Performance Review Group

· There are regular reports on progress on delivering approved KPIs· There is an approved mechanism for reviewing the continuing suitability of KPIs and for securing continuous improvement

3. The authority knows how well it is performing against its planned outcomes

· Regular reports are presented to members on the delivery of national, authority, departmental and partnership performance targets

· Internal and external auditor’s reports on key performance indicators

Auditors – Co-ordinated by Service Delivery Department

Audit Commission reviews. Hampshire County Council internal audits. Performance monitoring. New financial KPIs included in 2009/10 budget setting process for ongoing monitoring by HPA.

· Key performance indicator risk scorecards

Monthly performance pack issued and KPI risk areas constantly monitored as part of developing dashboards indicator system.

· Use of Resources (PURE for police service) reviews and progress reviews against the action plans.

PURE is used to measure performance. A PURE action plan is produced and progress is monitored.

· Monitoring reports on the achievement of local performance targets in the Local Policing Plan

Performance is monitored in the monthly Force Performance pack. Areas of poor performance are highlighted and discussed at Performance Committee and the Performance Review Group.

· Best Value Performance Indicators · Internal performance indicators · Regular budget monitoring reports (capital and revenue, current year and medium-term)

Force position regularly reported to Finance Committee and RMB. Extensive local reporting in addition. Monthly reports to ACPO Group and key members of Authority

· Voluntary benchmarking exercises with peer groups Some depts. take part in benchmarking (Financial Services, Financial

Accounting, Transport, BAPS)

· National comparative performance measures against comparable authorities (e.g. QuAnTa data on comparative policing · Local Area Agreements and other strategic partnerships

ACC TO through OCU commanders supported by SDD

Local Area Agreements are governed by clear principles and have high level representation from the Authority and Force. Performance is monitored.

· Balanced score card · EFQM model adopted· External audit/agency reports on performance (e.g. compliance with National Crime Recording Standard, HMIC reports, Police Standards Unit reports)


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionAudit Commission/HMIC Co-ordinated by DCCBaseline Assessments

Å

3. The authority knows how well it is performing against its planned outcomes

· External audit/agency reports on performance (e.g. compliance with National Crime Recording Standard, HMIC reports, Police Standards Unit reports)


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionService Delivery Department co-ordinates Å

Service Delivery Department Reports include comparison to most similar forces, targets and over time Å

Å

Å

Taken into account when setting targets Å




Å

Å

4. Knowledge of absolute and relative performances achieved is used to support decisions that drive improvements in outcomes

· Monitoring reports are regularly presented to the appropriate committee

Regular monthly performance pack issued & placed on intranet. Performance is reviewed by members at the Performance Committee and by senior officers at Performance Review Group. The Authority has appointed Local Engagement and Performance Officers to assist with performance management.

· The reports include detailed performance results, both absolute and relative to peer authorities, a clear indication of below target, on target and at, or above, target results, highlighting areas where corrective action is necessary

· Committee reports on below par performance include ‘SMART’ action plans to improve performance

Performance Committee/ ACPO/ Service Delivery Department

Not always a SMART action plan but actions are given to relevant staff and progress is monitored at subsequent meetings.

· Performance targets in subsequent corporate and departmental and/or service business plans are revised in the light of actual performance


Taken into account when setting targets. The NIM based integrated planning process establishes a risk based approach to target setting and prioritisation.

· Continuous improvement is strived for by increasing the difficulty of performance targets when they have been met over a period (e.g. movements on KPI results)


· Performance trends are established and reported upon over the medium term and are fed into the corporate and departmental and/or service planning process and into the planning process of key partnerships


· Performance targets are adjusted in the light of the performances of peer authorities

5. The authority continuously improves its performance management

· The performance management systems are regularly reviewed and updated to take account of changes in organisational structure, new performance measurement frameworks (i.e. new Government initiatives, new internal performance measures etc) and other factors

Performance review systems regularly reviewed internally and externally. HMIC/Audit Commission make recommendations to improve systems. Service Delivery Department oversee action plans and report via performance management systems and directly to the HPA committees.

· The performance management arrangements are revised in line with external or internal review of the arrangements

Yes. Service Delivery Department have a performance review team and the corporate information management team develop RMS to produce improvements in performance mgmt data. New performance management initiatives such as balance scorecards are also considered and the development of corporate and bespoke performance dashboards for SPI/KPI monitoring..

· Performance management arrangements are reviewed to assimilate new techniques and/or technology e.g. developments in performance management information systems

Regular appraisal of new options for reviewing performance e.g. EFQM, balance scorecard Compstat style Perf Review Group and monitors. Involvement in development of NMIS.Boundary changes updated, sector analysis updated and changes in crime definitions updated.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionService Delivery Department Å

Step 1 – In support of Objective 1 - Apply the Six CIPFA/SOLACE Core PrinciplesFocusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area

Lead Comments Direction

Used as a basis for: Police Authority Mission Statement, Aims and Objectives and Code are consistent Åcorporate and service planningshaping the community strategylocal area or performance agreements

Police Authority Å

Framework for Partnership working V2. ACC TO through commanders supported by SDD Å

This information is reflected in the authority’s: Service Delivery Department Åcorporate planmedium term strategyresourcing plan in order to ensure improvementcomplaints procedure Professional Standards Department Å

5. The authority continuously improves its performance management

· Performance management arrangements are developed and monitored in relation to key partnerships

Partnerships exist to work jointly on shared objectives. The performance output achieved through key partnerships is embedded within the current performance management arrangements.

The code should reflect the requirements for local authorities to:

Source documents/good practice/other means that may be used to demonstrate compliance1. develop and promote the

authority’s purpose and vision

2. review on a regular basis the authority’s vision for the local area and its impact on the authority’s governance arrangements

Mission Statement, Aims and Objectives are reviewed annually. Governance arrangements reviewed regularly (e.g. new Governance Committee terms of reference)

3. ensure that partnerships are underpinned by a common vision of their work that is understood and agreed by all parties

The Framework for Partnership Working reinforces the need that all partnerships must be of benefit to the Force and assist in achieving its aims(The framework for partnership working updated V2 will include general principles of conduct, partnership agreement terms of reference, protocol for force employees involved in partnerships, an individual undertaking form and a conduct and accountability reference.)

4. decide how the quality of service for users is to be measured and make sure that the information needed to review service quality effectively and regularly is available

Control Strategy and Performance Review takes into account performance measures

5. put in place effective arrangements to identify and deal with failure in service delivery

Complaints process in place and organisational learning matrix (OLM) designed to resolve previous failures in delivery of service. Most local complaints about service delivery resolved locally. Use of INFRA for workflow and recording of complaints and resolutions in the future will enable effective trend analysis and corporate overview and response to common issues across the Force.


of 39


Step 2 – In support of Objective 1 - Apply the Six CIPFA/SOLACE Core PrinciplesMembers and officers working together to achieve a common purpose with clearly defined functions and roles


constitution Police Authority Årecord of decisions and supporting materials

constitution Police Authority As above. Åconditions of employment

scheme of delegation Police Authority Åstatutory provisions

job descriptions/specification Police Authority Chief Executive post has role profile and performance review arrangements Åperformance management system

6. decide how value for money is to be measured and make sure that the authority or partnership has the information needed to review value for money and performance effectively. Measure the environmental impact of policies, plans and decisions.

The results are reflected in authority’s performance plans and in reviewing the work of the authority

Financial Accounting/ Finance Committee/ Governance Committee

Use of resources measured by Audit Commission annually and by HMIC. Reports to committees and publicly available. The results are used in planning for improvements. A new CAA and Use of Resources will consider progress on environmental objectives.

The local code should reflect the requirements for local authorities to:

Source documents/good practice/other means that maybe used to demonstrate compliance

1. set out a clear statement of the respective roles and responsibilities of the executive and of the executive’s members individually and the authority’s approach towards putting this into practice (this is not relevant for the police service)

Role profiles are clearly set out for posts and terms of reference are maintained for each Committee. Records of decisions are minuted. Full minutes are retained. Codes of conduct exist for members, officers and staff.

2. set out a clear statement of the respective roles and responsibilities of other authority members, members generally and of senior officers

3. determine a scheme of delegation and reserve powers within the constitution, including a formal schedule of those matters specifically reserved for collective decision of the authority taking account of relevant legislation and ensure that it is monitored and updated when required.

Financial Regulations, which set out the arrangements for the scheme of delegation. Standing Orders. Updated and revised Code of Corporate Governance sets out responsibilities of key members and officers.

4. make a chief executive or equivalent responsible and accountable to the authority for all aspects of operational management (See footnote 6 at end)


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionPolice Authority Å

Section 151 responsibilities Police Authority ÅS112/114 Local Gov’t Finance Act 1988Statutory provisionStatutory reportsbudget documentationjob description/specification

monitoring officer provisions Police Authority Monitoring Officer (Chief Executive function) ÅStatutory provisionjob description/specification

Member/officer protocol Police Authority Not been necessary to date. Å

Pay and conditions policies and practices Police Authority Terms and conditions set out and regularly reviewed. Å

Police Authority Authority Committees monitor service delivery Å

5. develop protocols to ensure that the leader and chief executive (or equivalent) negotiate their respective roles early in the relationship and that a shared understanding of roles and objectives is maintained (See footnote 7 at end)

new chief executive and leader pairing consider how best to establish and maintain effective communication

Role profiles agreed. Updated and revised Code of Corporate Governance sets out responsibilities of key members and officers.

6. make a senior officer (usually the section 151 officer) responsible to the authority for ensuring that appropriate advice is given on all financial matters, for keeping proper financial records and accounts, and for maintaining an effective system of internal financial control

Treasurer. Updated and revised Code of Corporate Governance sets out responsibilities of key members and officers.

7. make a senior officer (other than the Responsible Financial Officer) responsible to the authority for ensuring that agreed procedures are followed and that all applicable statutes, regulations are complied with

8. develop protocols to ensure effective communication between members and officers in their respective roles

Codes of conduct provide this control. Also included in principal objectives in Code of Corporate Governance.

9. set out the terms and conditions for remuneration of members and officers and an effective structure for managing the process including an effective remuneration panel

10. ensure that effective mechanisms exist to monitor service delivery


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionPolice Authority/ Service Delivery Department Å

Å

13. when working in partnership: To be developed.

Å

11. ensure that the organisation’s vision, strategic plans, priorities and targets are developed through robust mechanisms, and in consultation with the local community and other key stakeholders, and that they are clearly articulated and disseminated

Vision, strategy, corporate plans, budgets, performance plan/regime

Consultation conducted by the police authority and constabulary as part of planning processes and to fulfil statutory obligations. Strategic plans and priorities are set in agreement between both HPA and Force taking full account of this consultation. Feedback from these consultations feed directly into the policing plan and performance framework

12. when working in partnership ensure that members are clear about their roles and responsibilities both individually and collectively in relation to the partnership and to the authority

Protocols for partnership working. For each partnership there is:

Police Authority / ACC TO through commanders supported by SDD

To be developed. Police Authority Members are provided with a brief role profile and are expected to feedback after partnership meetings. The Authority is updated on changes in legislation. Committee papers are published on the Authority’s website. As much of this is reliant upon the collective activities of and agreement from the partnership it will need to be considered in more depth.

· a clear statement of the partnership principles and objectives

From a community safety perspective the framework for partnership working updated V2 will include general principles of conduct, partnership agreement terms of reference, protocol for force employees involved in partnerships, an individual undertaking form and a conduct and accountability reference.

· clarity of each partner’s role within the partnership· definition of roles of partnership board members· line management responsibilities for staff who support the partnership· a statement of funding sources for joint projects and clear accountability for proper financial administration· a protocol for dispute resolution within the partnership

Police Authority/ ACC TO through OCU commanders supported by SDD

- ensure that there is clarity about the legal status of the partnership

There is a requirement to review partnerships and the progress which has been made towards identifying all of the key partnerships on the database. This work will also incorporate a review of how the Constabulary defines a partnership. This will form a position statement of where we are with partnerships and will be used to inform future strategy and a risk assessment of the costs and benefits of bringing all partnerships into the same governance arrangements.

- ensure that representatives or organisations both understand and make clear to all other partners the extent of their authority to bind their organisation to partner decisions.

Guidance can be included in the framework for partnership working on how to advise the other partners of what the Constabulary’s authority is to bind into the partnership’s decisions.


of 39


Step 3 – In support of Objective 1 - Apply the Six CIPFA/SOLACE Core PrinciplesPromoting values for the authority and demonstrating the values of good governance through upholding high standards of conduct and behaviour


Police Authority/ ACPO Å

Police Authority/ Personnel Codes of conduct in place. Å

performance appraisalcomplaints procedures

antifraud and corruption policy

member/officer protocols

standing orders Police Authority/ Financial Accounting Åcodes of conductfinancial regulations

codes of conduct Police Authority/ Personnel Codes of conduct in place. Å


Source documents/good practice/other means that maybe used to demonstrate compliance

1. ensure that the authority’s leadership sets a tone for the organisation by creating a climate of openness, support and respect

Surveys indicate good leadership in place. Chief Constable showing clear leadership through production of 'Policing with a Purpose' document, individual letters to all staff re. codes of conduct, expected standards of behaviour and values to be demonstrated, and conducting a series of roadshows around the Force to deliver messages personally.

2. ensure that standards of conduct and personal behaviour expected of members and staff, of work between members and staff and between the authority, its partners and the community are defined and communicated through codes of conduct and protocols

members/officers code of conduct performance management system

3. put in place arrangements to ensure that members and employees of the authority are not influenced by prejudice, bias or conflicts of interest in dealing with different stakeholders and put in place appropriate processes to ensure that they continue to operate in practice (see footnote 8 at end)

Standing Orders, codes of conduct, Financial Regulations and policies and procedures in place and operating in practice. Code of Conduct updated in 2008. Code of Corporate Governance currently under review. First draft presented to Governance Committee in March 2009.

4. develop and maintain shared values including leadership values both for the organisation and staff reflecting public expectations and communicate these with members, staff, the community and partners


of 39

Examples of assurance: Evidenced by: Lead Comments Directioncodes of conduct Å

terms of reference Police Authority Standards Committee exists. Terms of reference agreed. Åregular reporting to the authoritydecision making practices Service Delivery Department co-ordinates Values used to inform control strategy and strategic objectives. Å

protocols for partnership working Å

Step 4 – In support of Objective 1 - Apply the Six CIPFA/SOLACE Core PrinciplesTaking informed and transparent decisions which are subject to effective scrutiny and managing risk


Financial Accounting co-ordinates / Police Authority Å

Financial Accounting co-ordinates evidence Å

5. put in place arrangements to ensure that procedures and operations are designed in conformity with appropriate ethical standards, and monitor their continuing effectiveness in practice

Professional Standards Dept/ Service Delivery Department-FPP Coordination

All procedures reviewed centrally to ensure that they are ethical, appropriate and equality compliant. Diversity Team set up and each member of ACPO Team assigned as a 'Champion' for one strand of diversity. Standards of professional behaviour circulated to all staff individually.

6. develop and maintain an effective standards committee

7. use the organisations shared values to act as a guide for decision making and as a basis for developing positive and trusting relationships within the authority

8. in pursuing the vision of a partnership, agree a set of values against which decision making and actions can be judged. Such values must be demonstrated by partners’ behaviour both individually and collectively.

Police Authority/ ACC TO through OCU commanders supported by SDD

Working Group believes protocols are available for particular partnerships but that there is no defined partnership values for judging decisions and actions.Hampshire Constabulary cannot dictate to partners what values must be demonstrated by partners’ behaviour both individually and collectively. We can make the Constabulary’s values known and can state that we would like other partners to respect those values but we cannot compel. This would be covered by the General Principles of conduct section within the Framework for partnership V2.


Source documents/good practice/other means that may be used to demonstrate compliance

1. develop and maintain an effective scrutiny function which encourages constructive challenge and enhances the organisation’s performance overall and of any organisation for which it is responsible.

Scrutiny is supported by robust evidence and data analysis

Internal audit, external audit, HMIC, H&SE, PSD, etc. The Authority is also reviewing its Committee Structure which will help to enhance scrutiny and overview.

2. develop and maintain open and effective mechanisms for documenting evidence for decisions and recording the criteria, rationale and considerations on which decisions are based

decision making protocols record of decisions and supporting materials

Minutes of meetings available. Decision logs kept for operational decisions.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionMembers Code of Conduct Police Authority/ Professional Standards Dept Ç

terms of reference Police Authority Governance Committee Åmembershiptraining for committee members

complaints procedure Police Authority/ Professional Standards Dept Complaints procedures in place. Ç

members’ induction scheme Police Authority Å

training for committee chairs

Police Authority Advice from the Chief Executive and Treasurer is available. Å

risk management protocol Governance Committee Åfinancial standards and regulations

“Confidential Reporting” policy Professional Standards Dept Ç

3. put in place arrangements to safeguard members and employees against conflicts of interest and put in place appropriate processes to ensure that they continue to operate in practice

Codes of conduct and register of members interests exists. Hospitality registers maintained for employees. Standards of professional behaviour set down and circulated to all employees. Reportable Association Policy in production which is an additional safeguard. Advice given if individual associations may have the potential to compromise staff. Management intervention interviews conducted to advise staff as appropriate where their individual circumstances could lead them vulnerable to corruption.

4. develop and maintain an effective audit committee ( or equivalent ) which is independent or make other appropriate arrangements for the discharge of the functions of such a committee

5. put in place effective transparent and accessible arrangements for dealing with complaints

6. ensure that those making decisions whether for the authority or partnership are provided with information that is fit for the purpose – relevant, timely and gives clear explanations of technical issues and their implications.

Induction training provided. There are concerns over the quality of data and training for specific posts which may mean that information is not fit for purpose for some decisions.

7. ensure that professional advice on matters that have legal or financial implications is available and recorded well in advance of decision making and used appropriately

record of decision making and supporting materials

8. ensure that risk management is embedded into the culture of the organisation , with members and managers at all levels recognising that risk management is part of their job

Risk management arrangements agreed by Governance Committee and in terms of reference.

9. ensure that arrangements are in place for “Confidential Reporting” to which staff and all those contracting with the authority have access

Confidential Reporting policy in place. Intranet confidential reporting tool - 'Confide in Us' - permits anonymous email reporting. Integrity Line is the telephone confidential reporting tool.


of 39

Examples of assurance: Evidenced by: Lead Comments Directionconstitution Police Authority Monitoring Officer advice Åmonitoring officer provisionsStatutory provision

Police Authority Monitoring Officer advice Å

monitoring officer provisions Police Authority Monitoring Officer advice Åjob description/specificationStatutory provision

Step 5 – In support of Objective 1 - Apply the Six CIPFA/SOLACE Core PrinciplesDeveloping the capacity and capability of members and officers to be effective


training and development plan Police Authority / Personnel & Training Dept é

induction programmeupdate courses/information

Police Authority Å

10. actively recognise the limits of lawful activity placed on them by, for example the ultra vires doctrine but also strive to utilise powers to the full benefit of their communities

11. recognise the limits of lawful action and observe both the specific requirements of legislation and the general responsibilities placed on local authorities by public law

12. observe all specific legislative requirements placed upon them, as well as the requirements of general law, and in particular to integrate the key principles of good administrative law – rationality, legality and natural justice into their procedures and decision making processes.



1. provide induction programmes tailored to individual needs and opportunities for members and officers to update their knowledge on a regular basis

Induction training provided. Members and employees have PDRs to identify training needs. Further training available. Some concerns over training for some specialist posts. There have been historic issues with Enquiry Office staff, detention officers, police staff investigators and Intelligence Management staff, these have now all been addressed.

2. ensure that the statutory officers have the skills, resources and support necessary to perform effectively in their roles and that these roles are properly understood throughout the organisation

job description/personal specifications membership of top management team

Chief Executive, Treasurer and ACPO posts all have role profiles and person specifications.


of 39

Examples of assurance: Evidenced by: Lead Comments Directiontraining development plan Police Authority/ Personnel & Training Dept Å

Police Authority/ Personnel Å

performance management system Police Authority/ Å

Police Authority Consultation/ SDD Å

area forums’ roles and responsibilitiesresidents panel structure

succession planning Police Authority Å

3. assess the skills required by members and officers and make a commitment to develop those skills to enable roles to be carried out effectively

Members trained on induction and continuing training available thereafter. Officers trained on induction and then training needs reviewed annually through the PDR process. The PDR process was reviewed and a pilot was conducted in 2 x OCUs during 2007. This was rolled out in 2008 to all staff. The new process focuses on key accountabilities and behaviours for that specific role ensuring alignment with Local and Force objectives. The Personnel Mangers are now identifying local training needs that are incorporated into the Training Plan A leadership programme aimed at first and second line managers is being developed to address a skills and knowledge gap in this area.

4. develop skills on a continuing basis to improve performance including the ability to scrutinise and challenge and to recognise when outside expert advice is needed

training and development plan reflect requirements of a modern councillor including:

As above, ongoing training is made available to members and employees to assist them to scrutinise in their role.

· the ability to scrutinise and challenge· the ability to recognise when outside advice is required· advice on how to act as an ambassador for the community· leadership and influencing skills

5. ensure that effective arrangements are in place for reviewing the performance of the authority as a whole and of individual members and agreeing an action plan which might for example aim to address any training or development needs

The performance framework for assessing authorities is still under development. The Authority reviews Force performance. The Force also uses a range of performance measurements e.g. Force Perf Review Group, Performance Profile, PDRs.

6. ensure that effective arrangements designed to encourage individuals from all sections of the community to engage with, contribute to and participate in the work of the authority

strategic partnership framework stakeholders forums’ terms of reference

Consultation events held. Service Delivery Department promote the Special Constabulary. (This comes under Citizen Focus and the work of a Chief Inspector in Service Delivery Department and Independent Advisory Groups). Targets to increase the use of volunteers across the Force, the work of Safer Neighbourhood Teams, local neighbourhood meetings and the creation of a Policing Pledge outlining the service which can be expected of the Force and its officers are all designed to increase community involvement, engagement and cohesion.

7. ensure that career structures are in place for members and officers to encourage participation and development

This is an area in which projects are ongoing to improve succession planning. Failure to improve could result in a risk to achieving objectives e.g. not enough Detectives.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionStep 6 – In support of Objective 1 - Apply the Six CIPFA/SOLACE Core PrinciplesEngaging with local people and other stakeholders to ensure robust public accountability


Communications strategies agreed. ÅIndependent Advisory Groups.

HMIC Reports Police Authority/ Service Delivery Department Å

Audits Reports

NPIA DoctrinePolice and Crime Standards Directorate reports

annual report Police Authority/ Service Delivery Department Annual report produced. Å

community strategy Police Authority/ Service Delivery Department Å

Police Authority Å

Police Authority/ Service Delivery Department Å

The local code should reflect the requirements to:


1. make clear to themselves, all staff and the community, to whom they are accountable and for what

community strategy. The Policing Pledge and associated communications strategy.

Police Authority/ Media & Corporate Communications

Neighbourhood Policing project. The Policing Pledge was introduced in force in Dec 08 and is the subject of ongoing communications activity, both internally and externally. The pledge lays out the level of service the public can expect from the force and has accountability at its core. Mention should also be made of regular police authority consultation, most recently consulting on the Policing Plan 2009-2012.

2. consider those institutional stakeholders to whom they are accountable and assess the effectiveness of the relationships and any changes required

Consultation conducted. Feedback available through multiple channels e.g. police station front desks, publications, websites, stalls.Residents can now search by post code to find their local police officer(s)/PCSO(s) ) and crime statistics and give direct feedback.

3. produce an annual report on scrutiny function activity

4. ensure that clear channels of communication are in place with all sections of the community and other stakeholders including monitoring arrangements to ensure that they operate effectively

Consultation conducted. Feedback available through multiple channels e.g. police station front desks, websites, stalls, scrutiny panels.processes for dealing with competing demands

within the community

5. Hold meetings in public unless there are good reasons for confidentiality.

Done. Members of the public now have the opportunity to address full meetings of the Authority directly.

6. ensure arrangements are in place to enable the authority to engage with all sections of the community effectively. These arrangements should recognise that different sections of the community have different priorities and establish explicit processes for dealing with these competing demands

Citizen Focus Action Plan, Safer Neighbourhoods implementation plan.

The Authority and Force has undertaken facilitated external consultation and the Authority has a Consultation Officer and the Constabulary has a consultation and research team . The Authority also produces an annual consultation programme to ensure that all diverse groups of the counties are reached. The Authority meet with the strategic planning group to ensure local priorities are reflected in statutory documents. Results of Authority and Constabulary consultation conducted are provided to the Community Affairs Committee, feedback is available at the Authority website and directly to those involved. The Force has undertaken staff surveys for internal consultation as well as surveys relating to specific organisational initiatives or evaluations.


of 39

Examples of assurance: Evidenced by: Lead Comments Directionpartnership framework Police Authority/ Service Delivery Department Consultation conducted and fed into control strategy. Åcommunication strategy

annual report Police Authority/ Service Delivery Department Åannual financial statementsannual business plan

constitution, policing plan Police Authority/ Service Delivery Department Å

constitution Å

Staff associations involved in policy making working groups.

7. establish a clear policy on the types of issues they will meaningfully consult on or engage with the public and service users including a feedback mechanism for those consultees to demonstrate what has changed as a result

8. on an annual basis, publish a performance plan giving information on the authority’s vision, strategy, plans and financial statements as well as information about its outcomes, achievements and the satisfaction of service users in the previous period.

Policing plans contain these elements. All are available on the websites. A business plan for the Authority is currently being formulated.

9. ensure that the authority as a whole is open and accessible to the community, service users and its staff and ensure that it has made a commitment to openness and transparency in all its dealings, including partnerships subject only to the need to preserve confidentiality in those specific circumstances where it is proper and appropriate to do so

Vision and values within policing plan and control strategy. Codes of conduct. Terms of reference.

10. develop and maintain a clear policy on how staff and their representatives are consulted and involved in decision making.

Police Authority/ Service Delivery Department/ Personnel

Consultation conducted (e.g. staff representative groups invited to Council Tax precept consultation). Employee surveys used to inform policy.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionObjective 2: Identify principal risks to achievement of objectives: Step 1: In support of objective 2 – The authority has robust systems and processes in place for the identification and management of strategic and operational riskExamples of assurance: Evidenced by: Lead Comments Direction

Business & Property Services Å

Risk Management

Å

ACPO Group minutes 27 April 2005. Å

Communications Risk Strategy endorsed and published on intranet. Å

Å

Ç

Business & Property Services Risk Management Å

Risk Management Co-ordinator has a clear role profile. Å

DCC and Director of Finance corporate governance responsibility minuted.

1. There is a written strategy and policy in place for managing risk which:

· Existence of approved strategy and policy document

Risk Strategy Approved by ACPO Group April 05. Also signed off by the Governance Committee. The Risk Strategy requires revision.The strategy is still in need of revision and will need to be condensed to meet with the requirements of the Force. Therefore the format will consist of minimum of information with relevant references / hyperlinks as with the business continuity strategy. It is hoped this will be possible once the Risk Management Policy and Procedure is complete. Although the policy statement was endorsed by ACPO, SDD ( Corporate Services) require a formal policy & procedure to be written even though within the RM field a policy statement is expected / accepted.A draft version of the Equality Impact Assessment and Policy and Procedure has been completed.

· Has been formally approved at political and risk management board (or equivalent) level

· Is reviewed on a regular basis· Has been communicated to all relevant staff· Includes partnership risks

· Evidence of formal approval (e.g. management board/committee minutes)

ACPO Group minutes 27 April 2005 last revision of Risk Management Policy Statement endorsed by RMB on 10.04.07

· Evidence of formal review (e.g. management board/committee minutes, document version number and date)

RMB progress report Sep 2005. The policy has been reviewed and is awaiting approval but the strategy review still requires completing. A revised policy has been endorsed by ACPO however the revised strategy still requires completion and endorsement.

· Evidence of communication strategy, possibly covered in strategy document· Examples of dissemination e.g. induction, briefings, awareness sessions, policy and strategy published on intranet, strategic diagnostic questionnaire results

Presentations made internally and an annual business continuity conference.It is anticipated that the Risk Management Policy & Procedure being written at present will be referred to in future training

· Partnership risk registers Service Delivery Department (Policing and Partnerships Development)

A Constabulary partnership database has now been created and is in the process of being populated· Constabulary Partnership Risk Register

2. The authority has implemented clear structures and processes for risk management which are successfully implemented and:

· Management board/committee minutes Reports are presented to the Resource Management Board quarterly. Annual report also presented to Hampshire Police Authority

· Management board and elected members see risk management as a priority and support it by personal interest and input

· Job descriptions of senior and operational managers and corporate risk manager

· Decision making considers risk


of 39


Business & Property Services Risk Management

Å

Å

Å

Å

Å

Governance /DCC Å

Author Å

Å

Å


· Job descriptions of senior and operational managers and corporate risk manager

· A senior manager has been appointed to “champion” risk management

Role profiles for new Finance & Business Mgr posts on OCUs include a responsibility for risk mgt

· Roles and responsibilities for risk management have been defined

· Internal audit reports and external audit comments on risk management system

Comments received from internal and external audit and being acted upon – meetings have been held

· Risk management systems are subject to independent assessment

· CPA or PPAF review comments on risk management

PPAF comments being acted upon by Risk Management Co-ordinator but not completed. This came out of the strategic diagnostic completed several years ago and is no longer relevant because the high and medium risks have been mitigated plus practices have changed / moved on over time.

· Risk management is considered in the annual business planning process

· Annual business plans Risk Mgt Co-ordinator submits a service plan that includes both risk management and business continuity considerations on an annual basis.

· Risk management extends to partnership risks

· Link between internal audit and risk management functions is clearly defined in terms of reference of internal audit

Risk management is included within the Internal Audit Strategy. It forms a key part of the Corporate Governance audit, which is undertaken annually.

· Responsibility for risk management function, including partnership risk management, is set at appropriate senior level

Corporate Governance = Governance Committee and DCC. Business risk mgmt = Director of Finance & Resources

· Committee reports setting out options for change include an appropriate risk assessment, including the ‘no change’ option

PRINCE2 methodology adopted by Force which requires risk assessments and risks to be identified and managed through a risk log maintained as part of project documentation.

· The corporate business plan and financial plan assess risks as appropriate and in particular take account of new and emerging risks facing the authority

Business & Property Services Risk Management / Financial Services Dept

Yes. Budget risks and pressures are identified during the Medium Term Financial Strategy process. Risks are regularly reviewed and updated.

· Partnership risks are assessed before agreements are signed

Service Delivery Department (Policing and Partnerships Development)

Risks are assessed on all new partnerships but there is no established process or training for assessing the risks.

3. The authority has developed a corporate approach to the identification and evaluation of risk which is understood by all staff

· Systematic procedures for risk identification and evaluation have been agreed and are consistently applied across all business units and partnerships

Operational Orders must identify risks. Health & Safety standard risk assessments and guidance exist on the intranet. Procedures for agreed general risk identification/evaluation (not just H & S issues). Strategic Risk Register now developed and endorsed by ACPO. Risk owner assigned and structured action plans are submitted to mitigate the risk. In addition, project risks should be submitted to the Risk Mgt Co-ordinator for review. Relevant project references are now shown on strategic risk entries along with reference to the relevant sections of the Policing plan. In addition a guide on how to enter an entry into the register is published on the intranet


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionBusiness & Property Services Risk Management Å








3. The authority has developed a corporate approach to the identification and evaluation of risk which is understood by all staff

· Examples of dissemination e.g. induction, briefings, awareness sessions, strategic diagnostic questionnaire results

Training courses on risk management, business continuity, health & safety, operational planning. Risks identified in operation orders and covered at briefings. All officers trained in Operational risk mgmt. Members trained. Risk Mgt Co-ordinator now accredited trainer. Info on intranet. Workshops have been developed and HPA have received training. Training has been provided to the 2nd line managers course as well as OCU's. Specific departments that have received training are B&PS & PSD. This half day workshop includes identifying possible risks and 1 risk is developed into a full entry

4. The authority has well defined procedures for recording and reporting risk

· Evidenced by review of risk management strategy and policy

Risk strategy published on the intranet, and approved by ACPO. The 2nd edition of the policy is included in the strategy.

· Examination of corporate and partnership risk registers

Strategic register is well established and now includes an evidence sheet to record any reasons for changes in scoring / rating of the risk. In addition the RMC has been involved with SDD (Corporate Services) developing a risk questionnaire regarding partnerships / collaboration data base

· Key risk indicators have been determined and there is evidence of monitoring against these risks

Key risks are identified in the strategic risk register. Risk owners are assigned to the strategic register risks. Risk owners must notify any relevant changes. Quarterly updates are requested from risk owners. A no. of risks have been archived as a result of effective action plans.

· Evidence of regular and frequent reporting of risk to political and management board level

Quarterly reports are submitted to RMB. Progress is currently reported to Governance Committee as the action plan to address governance concerns is ongoing. Risk mgmt in terms of reference for Governance Committee.

· Evidence of risk based auditing being carried out

Internal audit develop the audit plan and undertake individual audits on a risk assessed basis.

· Evidence of risks not properly addressed identified in internal audit reports etc being fed into the risk management process

All risks identified in internal audit reports require an action plan. Completion of action plans are monitored and any outstanding actions reported to RMB and Governance Committee.

· Environmental scanning reports are fed into the risk management process so as to identify new and emerging risks

The authority receives circulars from the Home Office and ACPO to keep it well informed of developments. Force Resilience Forum has a broader remit to report on preparedness to respond to a critical incident. Environmental scanning reports are fed into project board, monitoring organisational changes. The RMC reviews selected applications. risk management perspective is spent on the planned organisational changes. .In addition the RMC exchanges good practice etc within the Alarm Police Sector group and has recently become the Vice Chair for the South East & Eastern Regional Risk Management Group


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionBusiness & Property Services Å

Yes Å

Å

Å

Å


Å

Å

Å

Å


5. The authority has well-established and clear arrangements for financing risk

· Evidence that the authority’s policy for risk financing is regularly reviewed in the light of costs and alternative risk mitigation strategies

The Insurance Officer constantly reviews risk financing and the position is formally reviewed annually.

· All legal requirements for insurance are met· Evidence that self-insurance provisions are subject to annual independent actuarial valuation and that contributions to the fund are adjusted accordingly

Insurance Officer is currently concluding a report on the benefits of the Force moving to a Managed Fund for consideration in 2009

· Insurance claims being managed in accordance with ‘Woolf’ principles

The timescales imposed by the Woolf principles are adhered to by legal services.

· Evidence of monitoring the incidence of successful and unsuccessful claims and of feeding the results back into the policy for risk financing accordingly

Claims are monitored and fed back into the risk financing process using the networked Figtree system operated by the Insurance Officer.

6. The authority has developed a programme of risk management training for relevant staff

· Training programme for risk management

Risk Mgmt Co-ordinator has provided induction / training to Finance and Business Managers (Single Point of Contacts). This programme is ongoing.

· Training needs analysis (both specialist staff development and general awareness)

Training is being delivered but more is required. There is a training workshop on risk registers being provided.

· Regular newsletter or other means of communicating risk management issues to staff

Force ‘Frontline’ newspaper to be used for items of general interest. Emails to be used for communicating issues of importance that must reach personnel and be read. The possibility of an annual or half yearly risk management newsletter is being explored. This is not likely to happen in the short term because of resources / priorities.

· Induction programme includes risk management

Single Points of Contact have received induction training. All staff have risk mgmt training on induction. Regular one to one sessions are held.

· Appropriate responsibilities for risk management incorporated into job descriptions and appraisals

Risk Mgmt Co-ordinator and Single Points of Contacts (Finance & Business Managers) do have risk management specifically identified within their role profile. In addition, risk management responsibility is covered in the strategic perspective element of senior managers' role profiles.

7. The corporate risk management board (or equivalent) adds value to the risk management process by:

· Corporate risk management board or equivalent terms of reference

ACPO Group agreed at its Apr 05 meeting that Risk Mgmt reports will go to Resource Management Board (RMB) or ACPO Group.

· Advising and supporting corporate management team on risk strategies

Governance Committee receive reports relating to the implementation of actions required as part of its corporate governance remit.

· Identifying areas of overlapping risk· Driving new risk management initiatives· Communicating risk management and sharing good practice


of 39




All posts have role priorities agreed with line managers Å

Å

Formal training being undertaken. é

Å


Daily TCG meeting held operationally to identify risks

All projects run on PRINCE2 methodology.Fortnightly IT security meetings

Å

· Corporate risk management board or equivalent terms of reference

· Providing and reviewing risk management training

· Regularly reviewing the risk register(s)

· Minutes of corporate risk management board

· Coordinating the results for risk reporting

· Reports to corporate management team

8. A corporate risk officer has been appointed with the necessary skills to analyse issues and offer options and advice and:

· Job description of corporate risk officer Risk Mgt Co-ordinator role profile covers risk management across the organisation

· Support decision making and policy formulation

· Provides support in the risk identification and analysis process

· Key task matrix of corporate risk officer

· Provides support in prioritising risk mitigation action

· Evidence of the corporate risk officer reporting to corporate management team on risk management issues

Agreed at ACPO Group (Apr 05) that Risk Mgt Co-ordinator reports to RMB or ACPO Group.

· Provides advice and support in determining risk treatments

· Evidence of training on current risk management topics / membership of appropriate organisations (e.g. ALARM)

· Inspires confidence in managers

· Use of consultancy as appropriate Consultants used for training selected staff on how to test the business continuity plans. Loss control days provided by the insurance broker have been used for risk management training. No external training has been provided this year to F&BMs due to budget pressures.

9. Managers are accountable for managing their risks

· Evidence of manager involvement in risk identification and analysis process

Special Branch review and report on operational risk levels nationally and locally.

Supervisory officers are trained in identifying risk and covered in operational orders.

All senior managers have been trained in health and safety and the use of risk assessment forms.Managers have approved standard risk assessments available on the intranet.Managers have been involved in business continuity & disaster recovery plans.Business Continuity workshop held annually enlightens managers of current issues and how to manage risks.RMB receives reports on risk management. The Flanagan report, The Green paper and the National Risk Register will serve to support risk management and help to emphasise the need for this.

· Risk owners detailed in corporate /departmental risk register(s)

Operationally the duty officers are responsible for risk management. Action managers identified for strategic risks. Action plans are developed within the strategic and local organisational risk register


of 39



Å

Å


Å

9. Managers are accountable for managing their risks

· Risk owners assigned in relation to key partnerships

Service Delivery Department (Policing and Partnerships Development)

Risk owners assigned but not clearly documented. This will be addressed through the partnership database. Some officers and staff members will require appropriate training in business risk management.

· Job descriptions of managers outline their risk management responsibilities

Risk Mgt Co-ordinator and Business & Finance Mgrs profiles do, as main staff responsible. But others do not.

· Evidence of (at least) annual review of risk at service/operational levels and of partnership risks

Quarterly reports to RMB include reviews of all the strategic risk register. Updates are received from all depts./OCUs but vary in quality. A quarterly reporting form has been developed for the Finance and Business Managers to submit to the Risk Mgt Co-ordinator from Feb 07. The quarterly reporting form has been reduced to 1 page. However RMB now only require the Local Organisational Risk Register to be reported by exception.

· Analysis of completed control and risk self-assessment questionnaires

Analysis of strategic diagnostic questionnaires completed and feedback. Plan to repeat. The highest risk recommendations from the strategic diagnostic have been completed. The remainder is now been surpassed by recommendations in various audits.

10. Risk management is embedded throughout the organisation

· Evidence of a general risk management culture at all levels

Operational officers face daily risk assessments. They are trained to be able to deal with these. Operational risk management is not of concern to the Force.

The importance of business risk is increasingly recognised but does not have the same level of resources committed to it. That said, risks with two major partnerships were identifed and managed during the year which does prove that risks are identifed and managed. Major new developments and expenditure projects are run along PRINCE2 project lines which ensures that risks are identifed and managed.

· Risk management training programme Finance & Business Mgrs trained. Half day workshop on Risk Management and full day workshop business continuity. More training to a broader audience, including senior managers would be beneficial. Training has been provided to PSD, HPA & B&PS. An annual business continutiy workshop has been held which has demonstrated what risks there are and how these have been/could be managed. Again, see the comments above on risks being identified and strategic objectives covering responsibilities for risk management for all senior managers.


of 39



Å

Å

Å


10. Risk management is embedded throughout the organisation

· Evidence of managers involvement in risk management aspects of business planning

Managers have been involved in risk management as described above (section 9). Focus on Finance & Business Mgrs as leads.

· Results of strategic diagnostic survey to ascertain the extent to which risk management is understood by each category of officer (senior management, operational managers etc) and members

Results of strategic diagnostic now received and acted upon. Will be done again in future to assess movement. Operational risk assessments are done continually. Business risk assessment is an area which is still developing.

11. Risks in partnership working are fully considered

· Evidence of risk assessments being undertaken before the commencement of major projects, preferably in the report on which the decision to proceed is based

SDD / Business & Property Services Risk Management

Major projects should be managed using PRINCE2 methodology, and therefore risk should be identified. However there is little evidence of risk review and submissions relating to entering into partnerships.

Service Delivery Department Department is developing the register of partnerships which will be used as a basis for identifying and managing risks. As above, risk management can only be undertaken if staff across the Constabulary are adequately trained in Business Risk Management.

Regarding partnerships - the RMC initially started working with Service Delivery Department regarding Partnerships and then Service Delivery Department regarding the development of an appropriate risk questionnaire. In addition a report to the RMB in March 09 was presented as a result of researching which departments have registers and what criteria is used. The Partnership Development Manager has been asked to prepare a position statement on partnerships which will lead to a review of the strategy.

· Evidence that risk assessment are regularly reviewed during the project period

See PRINCE2 methodology - risks are logged and managed. Risks in two major partnerships have been identified and managed in recent times.

· Evidence that potential partners are required to produce and submit risk assessments

· Evidence that partnership arrangements are reviewed in terms of risk before they are entered into and, subsequently, that the risks are reviewed

· Evidence that there are effective arrangements in place for risk sharing (e.g. in the partnering contract terms and conditions or agreement)

12. Where employed, risk management information systems meet users’ needs

· Evidence of risk information being updated promptly

Risk management Strategy available with business continuity plans and guides available on the Force intranet. Policy & Procedures have been published. However for various strategic and practical reasons a software package for risk mgmt will not be installed at his stage as it may be possible to utilise a new system being developed by Ops Support. Spreadsheet and publication on the intranet will be the method used. Spreadsheets produce limited information output. Accounting for feedback is an essential part of the decision making process to develop the most practical system.

· Review of accuracy and usefulness of output from information systems· Evidence that users were/are consulted on initial implementation and further development


of 39


Business & Property Services Risk Management Å12. Where employed, risk management information systems meet users’ needs

· Interviews with users to assess suitability of the system for their needs


of 39


Objective 3: Identify and evaluate key controls to manage principal risksStep 1: In support of objective 3 – The authority has robust system of internal control which includes systems and procedures to mitigate principal risksExamples of assurance: Evidenced by: Lead Comments Direction

Financial Accounting Å

HPA Minutes Å

Available on intranet Å

Å

Reports produced by Treasurer in Feb each year Å

Outturn report in June each year. ÅExternal audit interim audit & audit letter Å

PURE results reported to the Authority and action plans agreed. Å

Business & Property Services Å

HPA minutes ÅÅ

Professional Standards é

1. There are written financial regulations in place which have been formally approved, regularly reviewed and widely communicated to all relevant staff:

· Financial regulations and instructions exist & are reviewed & updated regularly

Updated and agreed by HPA in 2004. Updated and approved by HPA in June 2007. Contract standing orders revised 2007/08, implemented 1 April 2008. Presented to Finance Committee December 2007.

· Authority has adopted CIPFA code on Treasury Management

· Compliance with the Prudential Code

· Evidence of formal approval

· Examples of dissemination e.g. induction, briefings, awareness sessions, accessible in finance manuals and/or on intranet site

· Reports to audit committee or equivalent confirming compliance or identifying extent of non-compliance with regulations and instructions

Internal Audit Annual Report and Internal Audit regular progress reports with briefing notes relating to specific audits.

· Report approving annual treasury management and investment strategy· Outturn report on treasury mgt.· External audit assessment of compliance with Prudential Code· Results of Use of Resources (or PURE) assessment of internal control KLOEs

2. There are written contract standing orders in place which have been formally approved, regularly reviewed and widely communicated to all relevant staff

· Standing orders exist, are reviewed and updated regularly to cover new procedures such as partnering arrangements and on-line tendering

New Standing Orders on Contracts were implemented 1st April 2008 followed by marketing and awareness training to Finance and Business Managers which commenced in April 2008. Further training and awareness during the year has also been provided by Procurement Officers (category managers) to individual staff or departmental managers/teams. There have been no updates or amendments to Standing Orders during 2008/09.

· Evidence of formal approval· Examples of communication and dissemination e.g. induction, briefings, awareness sessions, accessible in finance manuals and/or on intranet site

Implementation of new procurement manual has yet to be completed, standard procurement template documents held with common folder, accessible to all procurement staff, e-tendering now fully implemented, easy to access procurement guidance available via intranet and comprehensive marketing and training programme continues to be carried out by all Procurement Officers (category managers).

3. There is a confidential reporting policy in place which has been formally approved, regularly reviewed and widely communicated to all relevant staff

· confidential reporting policy exists and has been reviewed and updated regularly

Policies and procedures are published on the intranet on confidential reporting (02103) and integrity witnesses. There has been a poster and sticker campaign. PSD meet with OCU commanders. Usage is reviewed.


of 39


Professional Standards é

Å

Police Authority/ Personnel é

Police Authority/ PSD/ Audit Å

3. There is a confidential reporting policy in place which has been formally approved, regularly reviewed and widely communicated to all relevant staff · Evidence of formal approval An external reporting facility through Crimestoppers has been introduced in

addition to the internal line.

· Examples of communication and dissemination e.g. induction, briefings, awareness sessions, accessible on website and intranet site

Number of reports has increased. 'Reputation Matters' - i.e. PSD newsletter - reports on developments in policy and procedure, as well as outcomes of investigations into conduct.

· Evidence of effectiveness of policy (e.g. reports on incidence of usage, evidence on annual declarations on fraud to Audit Commission)

Chief Constable has reported a decrease in complaints and accusations of incivility.

4. There is a counter fraud and corruption policy in place which has been formally approved, regularly reviewed and widely communicated to all relevant staff

· Counter fraud and corruption policy exists and has been reviewed and updated regularly

Professional Standards Department / Financial Accounting

Confidential Reporting Procedure 02103 exists and is on the Force intranet. PSD undertake some proactive and reactive misconduct checks which could identify fraud (e.g. overtime & mileage claims). Accounting controls are in place to prevent and detect fraud. Internal audit undertake anti-fraud work as part of the Audit Commission’s National Fraud Initiative. Constabulary has set up Anti-Corruption Unit, part of whose role is to manage the Confide in Us reporting tool. Anti-Corruption Policy in production. Internal Audit conducting pro-active fraud audit work.

· Evidence of formal approval Registers are held by all OCUs and Depts and reviewed by audit/self inspection. A review is currently underway by Head of CID concerning anti-corruption strategies involving the handling of CHISs.

· Examples of dissemination (briefings, induction, awareness sessions, accessible on website and intranet site

· Evidence of effectiveness of policy (e.g. reports on identified frauds; annual AF70 returns to Audit Commission, reports on results of National Fraud Initiatives)

· Review of register of gifts and hospitality

5. There are codes of conduct in place which have been formally approved and widely communicated to all relevant staff

· Codes of conduct have been agreed, including national schemes (e.g. police officers)

Codes of conduct exist for members, officers and staff. Codes of conduct are appropriately approved and issued on appointment. Codes of conduct are published on the intranet.

· Evidence of formal approval· Examples of dissemination e.g. induction, briefings, awareness sessions, accessible on intranet site

6. A register of interests is maintained, regularly updated and reviewed

· Inspection of register of interests (members and staff)

All members and senior officers complete a register of pecuniary interests. Members also have to make declaration of related party transactions as part of the Statement of Accounts disclosures. Outside interests or secondary employment must be approved by the line manager

· Evidence of regular updating and review by senior officer(s)


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionFinancial Services Dept Available on intranet Å

Finance Committee and HPA minutes. Annual revision approved by RMB. Å

Å

Reports to Financial Mgmt Meeting, RMB and Finance Committee Å

Business & Property Services Procurement Å

Approval by ACPO group ÅÅ

Å

Business & Property Services Risk Management ê

7. Where a scheme of delegation has been drawn up, it has been formally approved and communicated to all relevant staff

· Scheme of delegation incorporates adequate controls and sanctions· Evidence of formal approval

· Examples of communication and dissemination e.g. induction, briefings, awareness sessions, accessible on intranet site

Regular meetings. RMB, F&BM, OCU Commanders, Command Forum, Force Performance Review Group. Also included on financial awareness training course.

· Regular reports on the operation of the scheme (e.g. compliance, budget monitoring, year-end balances)

8. A corporate procurement policy has been drawn up, formally approved and communicated to all relevant staff

· Procurement policy exists and has been reviewed and updated regularly to take account of new initiatives e.g. drive towards wider consortia arrangements, shared

Policy approved by ACPO group. Best Value Review of Procurement completed and recommendations being implemented.

· Evidence of formal approval· Examples of dissemination e.g. induction, briefings, awareness sessions, accessible on intranet site

Available on intranet. Marketing and awareness training to Finance and Business Managers was delivered during 2008 by the Principal Procurement Officer. Further training and awareness during year continues to be provided by Procurement Officers (category managers) to individual staff or departmental managers/teams. Head of B&PS reviews procurement matters at scheduled quarterly meetings.

· Evidence of effectiveness of policy (e.g. benchmarking results, best value review, internal/ external audit review)

Where any areas of non-compliance are identified, appropriate action is taken by Procurement Officers (category managers) to address such matters with the department or individual concerned. The number of suppliers currently in use has incrementally reduced over the past 3 years and currently stands at 1120. This has been achieved through the regular monitoring by Procurement Officers of contracting options and increasing use of collaborative arrangements. An internal audit has been undertaken on Procurement (April 2009) and actions are being taken to implement recommendations.

9. Business/service continuity plans have been drawn up for all critical service areas and the plans:

· Current business/service continuity plans exist covering all critical service areas and are readily accessible

All originally identified areas have plans, however some of these need to be revised and others previously considered as non critical to be reviewed to ensure this is still correct. A major 3 month review that entailed conducting a survey at the majority of locations within the force was completed at the end of 2008. However the resulting information from this has caused an increased workload due to changes in template designs and rewrites of a number of BCP sections. It has resulted in identifying a number of new locations that require plans to be written and a new assumptions section to be added to the master plans. It is anticipated that all revised/ new Business Continuity Plans will be returned to OCU's within the next few months. The Resource Management Board receives quarterly risk management reports which identify risk assessments and focus on changes to existing assessments and the actions taken or proposed to manage those changes.

· Are subject to regular testing


of 39



Å

ê

· Are subject to regular review

· Evidence of regular testing Regular testing of back-up power supplies and alarms. An annual detailed testing process is undertaken on a particular area. More testing is needed as current tests do not cover all scenarios and not all plans tested. However recent experience shows this may not present a significant risk. A guide on testing plans is published on the intranet and SPOCs have been provided with training on this however the only time OCU's have tested plans has been as part of the one day training provided by RMC. However the lessons learnt document has been completed on various occasions when an interruption has been experienced.

· Evidence of regular review in the light of the results of testing and for changes in structures, procedures, information systems, responsibilities etc

Regular reviews of continuity plans should be undertaken and reported. However, updates vary in quality and not received from all depts. and OCUs. Due to the major review conducted at the end of 2008 risk management are updating many of the plans in detail to take account of findings


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionBusiness & Property Services Risk Management Strategic risk register sets out principal risks. Å

Å

Å

Risk owners have been assigned on the strategic risk register Å

Å


Financial Accounting Dept co-ordinates Å

Health & Safety, Personnel On intranet Å

Å

Approved by Chief Constable ÅÅ

No cases proven. Successful H&SE inspection. é

Å

10. The corporate/departmental risk register(s) includes expected key controls to manage principal risks

· Risk register sets out principal risks and sets out appropriate key controls to manage them.

· Key controls are monitored, reviewed and updated regularly

Strategic risk register updated quarterly but the quality of responses received is variable. A full copy of 1 high level risk is submitted each quarter with the RMB for more detailed consideration

· Use of risk management workshops to underpin the process and review of register and key controls

Risk mgmt workshops delivered, but more training required and planned for delivery.

· Risk owners are assigned to manage principal risks· Partnership risks are considered Partnerships are included. The Strategic Risk Register includes an entry

for Partnership risk. The community partnership register entry is being suggested for archiving due to the extensive work completed on this, which includes SDD ( Corporate Services) creating a data base.

11. Key risk indicators have been drawn up to track the movement of key risks and are regularly monitored and reviewed.

· Appropriate key risk indicators are documented

Strategic risk register sets out principal risks and monitors. The reason for changes should now be documented on the evidence form recently developed.· Evidence of regular monitoring

· Evidence of changes in risk indicators (and reasons for change) emanating from appropriate information sources (e.g. where internal audit findings are used to change the perceived level of risk)

12. The authority’s internal control framework is subject to regular independent assessment

· Internal audit plans and reports All submitted to Governance Committee. Submitted to HPA. Annual Audit Letter from Audit Commission makes specific reference to Use of Resources assessment. The Annual Governance Statement is covered in the Audit Commission's Annual Governance Report.

· Annual report/opinion of Head of Internal Audit· External audit reports· Use of Resources/PURE assessment reports

13. A corporate health and safety policy has been drawn up, formally approved, is subject to regular review and has been communicated to all relevant staff

· Health & safety policy exists and has been reviewed and updated regularly

· Policy covers partnerships All Members and employees are covered by H&S policy, as are persons on authority premises, observers and visitors.

· Evidence of formal approval· Examples of dissemination e.g. induction, briefings, awareness sessions, inclusion of policy on website and intranet site

H&S included on Induction. Training for managers and staff, including some mandatory training, managed by Personnel Managers. Policies and procedures on intranet.

· Evidence of effectiveness of policy e.g. number of cases investigated by Health & Safety Executive – and the number of cases proven

· Review of number of reported incidences and ‘near misses’

There is an accident data base for electronic reporting which automatically reports to the H&SE when necessary. Those responsible for Health and Safety - Force H&S Committee, Departmental H&S committees, Personnel Managers - review incidents and trends as part of the organisational learning and overall response to risk assessment and management.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionProfessional Standards Formal complaints subject to the policy and procedure Å

Å

Approved by Police Authority/ACPO ÅÅ

Reports, E-learning, briefings Å

Held by Professional Standards Dept ÅÅ

Objective 4: Obtain assurance on the effectiveness of key controlsStep 1: In support of objective 4 – Appropriate assurance statements are received from designated internal and external assurance providers:

Examples of assurance: Evidenced by: Lead Comments DirectionFinancial Accounting Dept co-ordinates Finance Committee/ Governance Committee minutes Å

Å


Financial Accounting Dept co-ordinates Lead stakeholders are required to submit assurance statements. Å

Å

Å


14. A corporate complaints policy/procedure has been drawn up, formally approved, communicated to all relevant staff, the public and other stakeholders is regularly reviewed

· Complaints policy/procedure exists and has been reviewed and updated regularly· Procedure is compliant with all relevant statutory requirements

Compliant with statutory requirements for police complaints and complaints about members

· Evidence of formal approval· Examples of dissemination e.g. induction, briefings, awareness sessions, inclusion of policy on website and intranet site

Reports, E-learning, briefings, 'Reputation Matters' PSD newsletter, Chief Constable's communications to all staff re. standards of behaviour and Policing with a Purpose.

· Leaflets/posters highlighting complaints procedure· Complaints files· Committee reports summarising complaints dealt with analysed by outcome

Issues relating to public complaints for all employees and internal misconducts for police officers are reported to the Complaints and Professional Standards Committee.

· The authority has identified appropriate sources of assurance· Appropriate external assurances are identified and obtained

1. The authority has determined appropriate internal and external sources of assurance

· Minutes of committee at which report on assurances was considered· Sources of assurance are appropriate to the authority

HMIC, Audit Commission, Internal Audit, Her Majesty’s Revenue & Customs, H&SE

2. Appropriate key controls on which assurance is to be given have been identified and agreed

· Briefing notes, guidance, instructions etc given to appropriate managers regarding what is expected of them

AGS meeting not held this year. Process consisted of updating action plan, review by responsible officers for the areas appertaining to their work, review by Chief Officers at RMB and onward transmission of summary and significant issues to HPA..

3. Departmental assurances are provided

· Departmental heads sign off on adequacy of controls (i.e. provide annual governance assurance statements)

· Supporting documentation provided by departmental heads re review and monitoring arrangements that key controls have been in operation for the period and will continue to operate until accounts signed off.

Lead Stakeholders are required to submit assurance statements covering the assurance areas for which they are identified as the lead stakeholder. Lead stakeholders have been notified that supporting documentation must be retained. Internal audit will test process annually.

(Structured process and standard documentation to ensure consistency of coverage and common understanding of level of assurance given)

· Completed Control & Risk Self-Assessment questionnaires

Not used due to compensating controls in current AGS Matrix process. This is partly covered by this process.

· Annual governance assurance statements evaluated by officer team or committee charged with the responsibility of preparing the AGS. Evaluation to include ‘reality checking’ of sample of assurance statements

AGS meeting not held this year. Process consisted of updating action plan, review by responsible officers for the areas appertaining to their work, review by Chief Officers at RMB and onward reporting of summary and significant issues to HPA. Initial responses 'reality checked' by Financial Accounting, additional explanation requested as necessary.


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionService Delivery Department/ Financial Accounting Reports from: Å

Audit Commission - Annual Governance Report to Governance Committee

External Auditor

HMIC

Police Crime Standards DirectorateHOForce mgmt board minutesPolice Authority minutes

As above

Financial Accounting Dept co-ordinates Reports to Finance Committee & Governance Committee Å

Annual opinion issued Å

Financial Accounting Dept co-ordinates Annual Governance Statement produced Å

Internal audit annual audit ÅExternal audit annual auditAction plans and progress will be reported to Governance Committee Å

Service Delivery Department co-ordinates Å

4. External assurance reports are collated centrally

· Sources of external assurance relevant to authority are identified and agreed, including partnerships

· Reports are reviewed by relevant senior management team and reported to appropriate committee

· External assurance reports will vary according to type of authority and could include comment and input from the following (the list is not exhaustive):

· Action plans are prepared and approved as appropriate

· Audit Commission

· Follow up reports on recommendations are requested and reviewed by relevant senior management team and progress is regularly reported to relevant committee

· External Auditor (either from direct audit work or from work jointly commissioned

· Social Services Inspectorate· Use of Resources assessment · PURE assessment (police service)· Best Value Reviews· HMIC· Police Standards Unit Report recommendations are usually monitored by the primary contact or

responsible officer. They may also be reported to a Committee or Board.

· Home Office commissioned reports· Senior management team minutes Governance Committee receives reports and updates from External Audit.

Progress against recommendations and any subsequent Action Plans are also monitored by this committee.

· Follow up reports to appropriate committee

5. Internal Audit Arrangements

· Reports of Head of Internal Audit to audit committee or equivalent throughout the year

· Annual report of Head of Internal Audit, including opinion on internal control and risk management framework

6. Corporate Governance Arrangements

· Annual corporate governance assurance statement· Internal or external audit review of corporate governance arrangements· Monitoring reports to committee on delivery of action plans in response to reviews of corporate governance

7. Performance monitoring arrangements

· Annual and in-year reports on delivery of key performance indicators by internal and/or external review agencies

All relevant reports on KPIs/SPIs reported to Performance Committee and Force Performance Group


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionObjective 5: Evaluate assurances and identify gaps in control/assurances

Examples of assurance: Evidenced by: Lead Comments DirectionGovernance Committee / Deputy Chief Constable. Å

Financial Accounting Dept co-ordinates


Internal audit to review corporate governance annually. Å

Å

Å

Å

See above re. process for preparing and producing the AGS. Å

Step 1: In support of objective 5 – The authority has made adequate arrangements to identify, receive and evaluate reports from the defined internal and external assurance providers to identify areas of weakness in controls

1. Responsibilities for the evaluation of assurances are clearly defined throughout the organisation.

· Minutes of committee meetings New updated Code of Corporate Governance identifies specific responsibilities for key members and officers. Committee Terms of Reference identify responsibilities· Training plans

· Job descriptions· Committee terms of reference

2. Mechanism established for collecting governance assurances

· Terms of reference and key responsibilities Internally, the review of the AGS is conducted by Financial Accounting. The outcome from the initial review of the AGS matrix by the Department or OCU leads is presented to the ACPO Team (RMB) for review and sign-off. The AGS itself is produced using the review of the AGS matrix, Internal Audit reports and the Annual Internal Audit Opinion, External Audit reports and other sources to form a rounded view of the current situation. This identifies any significant risks which are managed via an action plan which is monitored by the Governance Committee. Internal and External Audit recommendations are followed up by Internal and External Audit as well as by the RMB. Audit Commission's Annual Governance Statement reviews the AGS and confirms that all assurances have been given.

· Overall responsibility allocated to governance senior officer group

· Required assurances are agreed and recorded

· Record of assurances required and received is held and is complete

· Central record of all assurances (either evidence file, or showing clear link to where evidence is held)

Evidence gathered through assurance statements from lead stakeholders. Internal audit undertake annual reviews of corporate governance. This document supported by declarations and further evidence

· Clear guidance as to evaluation procedure including assurance over risks, independence and objectivity of assurances

· Approved written guidance re evaluation procedure

Not required – a traffic light system is used to identify areas that require improvement (amber) or significant improvement (red)

· Defined evaluation mechanism

· Scoring matrix/methodology (Not all assurances are suitable for grading; many will be subjective anyway. Key points are that there is a consistent and reliable assessment process and that the conclusions drawn are in line with the evidence produced)

Not required – a traffic light system is used to identify areas that require improvement (amber) or significant improvement (red)

· Timetable for completion by statutory deadline

An agreed timetable, allowing for in-year evidence gathering and assessment and for the period between the year-end and the date of the governance assurance statement (timetable driven by that for the production of the annual statement of accounts)


of 39


Objective 6: Action plan to address weaknesses and ensure continuous improvement of the system of internal controlStep 1: In support of objective 6 – There is a robust mechanism to ensure that an appropriate action plan is agreed to address identified control weaknesses and is implemented and monitored

Examples of assurance: Evidenced by: Lead Comments DirectionFinancial Accounting Dept Å

Governance Committee minutes ÅÅ


Å

Target dates are in action plans Å

Governance Committee. Updates given at meetings as appropriate ÅFinancial Accounting Dept co-ordinates Governance Committee minutes produced Å

Updated reports received by Governance Committee ÅÅ

Objective 7: Annual Governance Statement:

Examples of assurance: Evidenced by: Lead Comments DirectionGovernance Committee/ Deputy Chief Constable Å


· Gap assessment – performed and challenged

· Gap assessment results and actions arising there from; Minutes of meetings; Annual report of Head of Internal Audit – including opinion on internal control and risk management framework; Reports of external auditor and other external review agencies

Action plans produced and reported to Governance Committee; Governance Committee minutes on internet

1. An action plan is drawn up and approved

· Prioritised action plan, setting out actions, responsibilities and timescales, approved at appropriate level

Action plans received and held by Financial Accounting Dept. Progress reported to Governance Committee

· Minutes2. All actions are ‘SMART’:

· Each action on prioritised action plan is compliant with ‘SMART’ test

Lead stakeholders Monitored by Governance Committee


· Specific· Measurable· Achievable· Realistic· Time-bound

3. Actions communicated and responsibilities assigned

· Responsibilities for each action are defined in action plan


· Evidence of distribution of action plan to those who require it

4. Implementation timescales agreed

· Target dates included in action plan

5. Ongoing review of progress and of continuing appropriateness of action

· Timetabled reviews· Minutes· Progress reports· Internal audit or other review of implementation of agreed actions

In the internal audit plan as an annual review. Informs the Internal Audit strategy and risk assessment process.

Step 1: In support of objective 7 – An Annual Governance Statement has been drafted in accordance with the statutory requirements and timetable set out in the Accounts and Audit Regulations 2003, as revised by the Accounts and Audit (Amendment) (England) Regulations 2006, and is in accordance with CIPFA guidance.

1. Responsibility for the compilation of the Annual Governance Statement has been assigned

· Documented key responsibilities Terms of reference/ RMB. DCC responsibility minuted at Oct 04 RMB. New Code of Corporate Governance assigns responsibilities for production of AGS to the Treasurer, although the DCC "is responsible for corporate governance issues affecting the Constabulary, ensuring that appropriate reviews...are carried out into key areas and [are] highlighted"


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionGovernance Committee minutes monitor progress Å

Å

Å

Annual Governance Statement is in line with CIPFA guidance Å

Governance Committee and HPA minutes ÅProduced in accordance with required content Å

Å

Authorised by 30 June Å

Objective 8: Report to cabinet/executive committeeStep 1: In support of objective 8 – An annual report to the authority (or delegated committee) on the Annual Governance Statement is presented, in accordance with the CIPFA pro forma

Examples of assurance: Evidenced by: Lead Comments DirectionGovernance Committee Å

Å

· Minutes

2. There is an Annual Governance Statement production timetable that meets the statutory deadline

· Annual Governance Statement timetable is linked to that for the preparation of statutory accounts

Target is to produce the Annual Governance Statement in time for approval at June meeting. Production of the Annual Governance Statement is in the Close of Accounts Timetable

3. The Annual Governance Statement is reviewed, challenged and approved by the authority

· Terms of reference assigned to senior officers group

Senior officers provide feedback and an assessement. This reports to the RMB and the Governance Committee. No formal terms of reference

· Annual Governance Statement is compliant with CIPFA guidance· Minutes

4. Governance assurance statement is prepared, incorporating all the required elements of the statement on internal control

· Format of governance assurance statement clearly incorporates required elements of the statement on internal control

· Governance assurance statement is prepared by a senior officer group under terms of reference defined by the authority

Prepared by senior officers who review the assurances required in their area of expertise/responsibility, reviewed by the Force’s Resource Management Board and the Authority’s Governance Committee

· Statutory timetable is followed

1. Responsibility for reporting is clearly defined

· Initial report explaining the requirement to produce an annual governance assurance statement incorporating the SIC should establish the reporting arrangements / responsibilities of all involved and set out who should sign the annual governance assurance statement after approval by the authority or designated committee

Done. Annual Governance Statement to be signed by Chair of HPA, Chief Constable and Chief Executive. Terms of Reference for Governance Committee are clear that this is the responsibility of the Committee. The Code of Corporate Governance - currently in draft to be approved at the June 2009 meeting - is also clear on the responsibilities for monitoring and reporting on corporate governance and the AGS per se, the monitoring officer has specific responsibilities which are also enshrined in this code.

· Reports identifying any changes to initial arrangements

Supplementary evidence and action plans to be available to support conclusions and ensure that work will be undertaken where necessary


of 39

Examples of assurance: Evidenced by: Lead Comments DirectionFinancial Accounting Dept co-ordinates Å

Å

Footnotes5 In the police service it is assumed that the Authority’s corporate objectives will subsume those of the Force.6 In the police service the Chief Executive or equivalent is responsible for the operational management of the Police authority; the Chief Constable is responsible for the operational management of the Force.7 The Authority Chair, Chief Executive, Treasurer and Chief Constable in the police service.8 In the police service “employees” includes the Chief Constable and staff under the direction and control of the Chief Constable.

2. The signatories to the annual governance assurance statement and SIC are defined and are appropriate in accordance with statutory requirements (i.e. Most senior officer and most senior member of the organisation)

· As above Agreed and actioned. Annual Governance Statement signed by Chair of HPA, the Chief Executive and the Chief Constable

3. The report is likely to be published in a timely fashion with the statutory accounts

· Assessment of the current position in relation to the statutory deadline

Required for June approval of accounts meeting and therefore in the public domain from that date. Published in the Statement of Accounts by the following 30 September.