NHSCFA Engagement Programme

This section describes the NHSCFA’s approach to leading the NHS in protecting its resources by using intelligence to understand the nature of fraud risks, investigate serious and complex fraud, reduce its impact and drive improvements

Published: 16 December 2022

The NHSCFA will provide robust assurance to stakeholders, including participating organisations and the Cabinet Office, Department of Health and Social Care (DHSC) and NHS England and NHS Improvement . Using our strong links with regulators such as the Care Quality Commission (CQC) we will share information about the standards of counter fraud work to eliminate duplication of effort for NHS funded services.

The NHSCFA working in partnership with NHS organisations are committed to ensuring NHS resources are protected from fraud, bribery and corruption. To support this commitment NHSCFA has developed a series of counter fraud requirements for NHS funded services, to help them understand and meet the Government Functional Standard GovS 013: Counter Fraud.

Counter Fraud Functional Standard Return

The NHSCFA are required to provide assurance to a number of bodies of NHS compliance with the Functional Standard. This is accomplished by the receipt and validation by NHSCFA of the CFFSR submitted by organisations providing any NHS funded services.

The annual CFFSR enables the organisation to produce a summary of the counter fraud, bribery and corruption work conducted over the previous twelve months. Organisations are required to complete the CFFSR annually and return it to the NHSCFA by a specified deadline. The CFFSR covers the key areas of activity outlined in the NHSCFA Requirements. The CFFSR is reviewed by the audit committee chair and signed off by the director of finance, who authorise the content.

Upon completion, the CFFSR provides a red, amber or green overall RAG rating. Further details of the red, amber and green ratings.

Using the counter fraud, bribery and corruption requirements set out in this document, the NHSCFA will support organisations through regular benchmarking, compliance testing, evaluation of effectiveness and value for money indicators. The NHSCFA engagement programme also enables the analysis of trends and patterns in performance in relation to each requirement for each organisation type. This will assist in providing comprehensive and focused support to organisations

The purpose of the counter fraud, bribery and corruption NHSCFA engagement programme is to be constructive and supportive. The assurance and engagement processes do not focus solely on non-compliance with the NHSCFA Requirements: they also highlight compliance and outcomes achieved. Where requirements are not being met, the NHSCFA will provide advice, support and assistance to organisations in order to help them improve performance.

Identifying and mitigating risks

Organisations should adopt a risk-based approach when determining the amount of resources required to achieve the highest performance rating for each requirement. Organisations vary in size and needs, and a risk-based approach ensures that appropriate resources are mobilised to identify and address the counter fraud, bribery and corruption needs of the

Organisations should conduct risk analysis in line with Government Counter Fraud Profession (GCFP) fraud risk assessment methodology and recorded and managed in line with the organisation's risk management policy and included in the appropriate risk registers to identify risks locally. Further details are contained within Requirement 3.

Performance ratings

The definitions for each performance rating are listed below.

FULL COMPLIANCE demonstrating impact of the work: GREEN.

A risk has been identified, work has been carried out and the effectiveness of this work has been measured. The risk has been mitigated or significant progress has been made in mitigating the risk. Outcomes are therefore present.

PARTIAL COMPLIANCE with the requirement but little or no impact of work undertaken: AMBER.

A risk has been identified and action has been taken to mitigate the risk. There is evidence of compliance through outputs. However, the effectiveness of work undertaken has not yet been evaluated or there is no reduction of the risk. There is therefore little or no evidence of outcomes.

NON-COMPLIANCE with the requirement: RED.

A risk has been identified but no action has been taken to mitigate it, or the action taken is insufficient in scope.

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!