Purpose
The Board Assurance framework forms part of the governance arrangements for the NHS Counter Fraud Authority. (NHSCFA). Information about the NHSCFA, for example its basis in law, its strategies and business plans is available from https://cfa.nhs.uk/about-nhscfa/corporate-publications
The governance arrangements ensure that the NHSCFA is held accountable in the key areas listed in table 1, which reflect the organisation’s operating structure, priorities and objectives.
This document sets out how the NHSCFA will record, report on and provide assurance to the NHSCFA Board via the Audit, Risk & Assurance Committee (ARAC), on the governance arrangements.
The governance arrangements are designed to promote accountability, ensuring the NHSCFA satisfies its social, regulatory and legal obligations.
Roles and responsibilities
The NHSCFA Board is responsible for providing strategic leadership for the organisation ensuring that it is able to account to parliament and the public on how the functions of NHSCFA are delivered. Details are set out in the NHSCFA Board Terms of Reference
The ARAC provides an independent view to the Board and Accounting Officer on the appropriateness and adequacy of all aspects of NHSCFA’s risk management, internal control environment, governance and assurance arrangements. Details are set out in the Audit & Risk Assurance Committee Terms of Reference (cfa.nhs.uk)
The executive team are responsible for leading the organisation, developing and setting strategy and ensuring the delivery of priorities and plans. The team are accountable for the delivery of the strategic duties as set by the Board.
The Finance and Corporate Governance Division is responsible for:
- maintaining relevant risk management policies and guidance documents
- completing of an annual assurance map
- producing a risk based annual internal Governance & Assurance workplan
- tracking the implementation of audit and Governance & Assurance recommendations
- monitoring the compliance with government counter fraud standards (Gov13)
- attending and supporting the Performance and Assurance Panels (PAPS) to challenge on assurance and risks.
The Performance & Improvement Director is responsible for chairing of the PAPS and provision of a quarterly assurance letter to the Accounting Officer.
Methodology
The NHSCFA adopts a risk-based approach to identifying where additional assurance is required and effective ways of assessing the controls in place and communicating these to the ARAC in a clear, concise and timely manner.
This approach will take into account the three lines of defence model set out in HM Government The Orange Book Management of Risk – principles and concepts.
Accordingly, the elements set out in Table 1 enable the ARAC to meet its responsibilities to the Board.
The following reports will be provided to the ARAC:
- risk register report
- external and internal audit reports (provided by NAO/GIAA)
- internal Governance & Assurance reports (provided by F&CG on exception only)
- progress reports on the implementation of external and internal audit recommendations
- progress reports on the implementation of internal Governance & Assurance recommendations
- an annual report on other elements of assurance
Review
The Board Assurance Framework will be subject to formal review no less than annually but may be reviewed and updated at any time.
| Corporate Governance Area | Assurance/Controls in place | Frequency/availability |
|---|---|---|
| Corporate Governance Area Compliance with statutory instruments and directions which set out the structure and functions of the NHSCFA | Assurance/Controls in place Operational Board & sub committees with annually reviewed Terms of Reference G&A exercises on Statutory transfer of Functions |
Frequency/availability Annual Ad hoc |
| Corporate Governance Area Delivery of the Board functions | Assurance/Controls in place Operational Board & sub committees with annually reviewed Terms of Reference Board effectiveness reviews GIAA review completed in March 2020 (moderate rating) Board Performance Report |
Frequency/availability Annual Annual Ad hoc Quarterly |
| Corporate Governance Area Financial Management & Financial Planning | Assurance/Controls in place SFI/ SFO reviewing annually NAO/ GIAA audit reports Standing agenda – ARAC and Board Use of financial resources and financial management included in annual assurance map Integrated Planning arrangements |
Frequency/availability Annual Annual/ad hoc Quarterly Annual Annual |
| Corporate Governance Area Risk Management | Assurance/Controls in place Suite of risk management documentation - Risk Appetite, Risk Policy, etc Risk Register Risk Register Review Group Performance and Assurance Panels Assurance map |
Frequency/availability Annual Quarterly Quarterly Bi-annual |
| Corporate Governance Area Performance Management (against 2020-23 strategy & 2021-22 published KPIs) | Assurance/Controls in place Management Reporting Tool Performance and Assurance Panels Assurance map |
Frequency/availability Quarterly Quarterly Bi-annual |
| Corporate Governance Area Performance Management (against Unit Business plan objectives and legislative requirements e.g Investigatory powers & legislation, PIDA, Safety Health & Environment, Sustainability) | Assurance/Controls in place Management Reporting Tool Performance and Assurance Panels Assurance map |
Frequency/availability Quarterly Quarterly |
| Corporate Governance Area Information Governance (inc. Data Protection, FOI & Equality Act) | Assurance/Controls in place Assurance map Annual Report - Governance Statement |
Frequency/availability Annual Annual |
| Corporate Governance Area Programme & Project Management | Assurance/Controls in place Management Reporting Tool Assurance map Governance Statement |
Frequency/availability Quarterly Annual Annual |
| Corporate Governance Area Stakeholder & External Profile Management | Assurance/Controls in place Assurance map | Frequency/availability Annual |
| Corporate Governance Area Counter Fraud, Anti Bribery, Whistle- blowing & Complaints | Assurance/Controls in place Assurance map Annual Report |
Frequency/availability Annual Annual |
| Corporate Governance Area Annual Report & Accounts, including Governance Statement | Assurance/Controls in place Annual review and authorisation | Frequency/availability Annual |
| Corporate Governance Area Contract Management | Assurance/Controls in place Governance Statement G&A exercises |
Frequency/availability Annual Ad hoc |