PPN 02/20 and PPN 04/20 set out information and guidance on supplier relief payment (SRPs) to suppliers to ensure service continuity during and after the Covid-19 pandemic.
The NHSCFA asked NHS organisations, in relation to the period between 20 March and 30 June 2020, the number and value of ‘at risk’ suppliers that they continued to pay as normal when service delivery was disrupted or suspended. These arrangements and a definition of ‘at risk’ are contained within PPN 02/20.
There were 100 SRPs awarded under PPN02/20 worth a total value of £24,657,517.45 (£24.7m). 81% of SRPs were made by acute trusts, with health and care and ambulance accounting for 4% and mental health trusts accounting for 15%.
The highest proportion (21%) of SRPs were for contracts relating to patient appliances, whilst 19% of contracts were for hotel services equipment, materials, and services. Medical and Surgical and Purchase Healthcare each accounted for 11% of contracts.
PPN02/20 stipulates that, contracting authorities should keep records of decisions and agreements made as record keeping acts as a significant component of transparency. If proper records are not kept, it shows a lack of governance over this process. 94 (94%) SRPs worth £21.5m had evidence of such records documented. The proportion of SRPs where records of decisions were documented was high. This demonstrates high levels of transparency across the NHS with regards to this process.
No evidence was documented for 5 (5%) SRPs worth £1m, all of which were within acute trusts, whilst it was unknown for 1 (1%) SRP worth £0.1m. The proportion of these SRPs where no evidence of records documented were scattered across various NHS organisations and suppliers. This indicates no pertinent trend of risk. It was however explained for 3 of these SRPs that internal approval had been granted in some form.
PPN 02/20 stipulates that “risks associated with advance or pre-payments should be carefully considered and documented”. There were 8 (8%) SRPs worth £1.3m which had no evidence of a risk assessment documented. Whilst this proportion is low, 6 of these 8 SRPs were from one NHS organisation, this may suggest a lack of capability across those organisations to undertake or record such activity. With the failing of this control being largely isolated to one NHS organisation, our assurance exercise continues to show good performance across the vast majority of NHS organisations in demonstrating effective risk management and governance around the process of making SRPs.
As part of guidance for SRPs, PPN 02/20 stipulates that the supplier operates on an ‘open book’ basis to ensure that there is transparency during the period of SRPs. This means they must make available records / data to demonstrate that payments made to the supplier under contract, have been used in the manner intended.
74 (74%) SRPs worth a total value of £16.2m demonstrated evidence that the NHS organisation requested such records / data from the supplier. 72 (72%) of these requests had been satisfied by the supplier, with 2 (2%) suppliers not making records / data available to the contracting authority. There were 26 (26%) SRPs worth a total value of £6.5m where no request was made to the supplier to provide such records or data. Receiving this information acts as a significant component of transparency between the contracting authority and the supplier about the application of public funds. Although the total value of these SRPs is relatively low in comparison to the total NHS procurement spend; the proportion of total SRPs is high and should therefore be considered with caution.
Of the 72 (72%) SRPs where requests for records / data were received by contracting authorities, 3 (3%) worth a total value of £188,019 did not demonstrate that payments made were used in the manner intended; there were no further indications as to what action would to be taken. The total value and proportion of these instances relative to all SRPs is low and would therefore suggest prudent application of the supplier relief tools set out in PPN 02/20.
It was identified that 6 suppliers were in receipt of SRPs from at least 6 NHS organisations or more. Although there is no indication of fraud, it is important for NHS organisations to ensure that SRPs are used for the manner intended by PPN 02/20.
Notable areas of good practice
Our assessment shows good levels of transparency, financial governance, and fraud risk management by NHS organisations in the application of SRPs. Where this PEA exercise identified failures of internal controls, they were mostly attributable to a small number of NHS organisations with unique circumstantial context. NHSCFA will be providing individualised feedback to all participating NHS organisations in 2022-2023 and will work in collaboration to address the identified issues. This should not however distract from the prudent application of fraud risk management protocols largely applied throughout the NHS provider sector.
Notable areas for improvement
Whilst the proportion of SRPs that demonstrated no evidence of records of decisions / agreements made was low, there is an opportunity for all NHS organisations to ensure that there are adequate provisions to undertake such activity, and a suitable platform to record such decisions. This is likely to derive from SOPs, and a contract management software platform. Equally, it is important for organisations to provide the capability to their staff to record activities of risk assessments relating to contractual activity (more specifically, advance payments relating to SRPs). Again, this is likely to derive from a contract management software platform.
There are common trends of contracting authorities not undertaking adequate due diligence on SRPs, as well as failing to manage internal records on key decisions with the failings of suppliers not using SRPs in the manner intended. These outcomes highlight the importance of contracting authorities applying basic principles of risk management (as set out in PPN 02/20), even during an emergency management situation. Effective management of internal controls under normal circumstances will impact an organisation’s ability to apply basic risk management protocols in an emergency management scenario, such as the Covid-19 pandemic. It is therefore recommended that NHS organisations continue to implement and review the appropriateness of their fraud risk management regime. Again, NHSCFA will work collaboratively with NHS organisations to achieve this.