Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Agenda Paper No: MEETING: Agenda item: Paper Number: Agenda Title: Sponsor: Author: 9 CM/02/17/09 PUBLIC BOARD MEETING 22 February 2017 9 CM/02/17/09 Audit and Corporate Governance Committee (ACGC) Report to the Board Paul Rew, Chair, Audit and Corporate Governance Committee Martin Harrison, Committee Secretary PURPOSE OF PAPER: To provide the Board with a report of the meeting of the Audit and Corporate Governance Committee (ACGC) on 25 January 2017. Introduction 1. This is an information report from the meeting of the Audit and Corporate Governance Committee (ACGC) which was held on 25 January 2017. A number of reports and briefings were discussed. The most significant are summarised below. Recommendation 2. The Board is asked to NOTE the Audit and Corporate Governance Committee report. Summary 3. Risk and Management assurance The Committee considered the latest (2016/17) risk management information in the Strategic and High level Operational risk register; proposed Strategic and High level operational risks for 2017-18; and levels of tolerance in CQC’s risk tolerance statement. 4. 2016/17 Risk register – In reviewing the current risk management information, the Committee was assured that there were no risks for which any new and significant concerns arose. The Committee affirmed the importance of digital technology as central to the success of the Strategy and therefore we are intending to spend time at our next meeting looking in more detail at risks related to implementation of the digital strategy. 5. Proposed Strategic and High level operational risks for 2017-18 - The Committee was able to provide advice and comment on proposed Strategic and High level operational risks for 2017-18. In light of this, the proposed risks for 2017-18 will be presented to the Board for consideration. 1 Agenda Paper No: 6. 7. 9 CM/02/17/09 Risk tolerance statement - The Committee reviewed the current risk tolerance statement. We provided some minor comment on drafting but overall, the Committee was content that there did not need to be a change in the levels of tolerance set out in the statement. Internal Audit The Committee noted progress against the 2016 / 17 internal audit programme, the findings from reports and management actions within final reports. Since the last meeting of the Committee, eight audit reports have been issued with one report homeworker arrangements – receiving a ‘limited’ assurance rating The Committee was content that appropriate action was in place to address the findings of the homeworker arrangements audit and we have asked for a progress update at our next meeting. 8. In addition, the Committee was able to agree some changes to the 2016/17 internal audit programme. These involved: additional work to undertake a review of the Implementation Plan for CQC’s new Strategy; further work around the assurance in place over IT disaster recovery arrangements; and deferral of planned audits on Customer Services Modernisation and Inspection Reports. Both of these deferrals will be considered as part of audit planning for 2017/18. 9. The Committee is due to receive the draft internal audit risk assessment and plan for 2017/18 at its next meeting in April. In previous years the involvement of committee members in development of the draft plan via consultation outside of formal meetings had been helpful and committee members are content to be involved again in a similar way Audit report on the 2016/17 financial statement audit 10. The Committee considered the proposed audit planning report on the 2016/17 financial statement audit. We were content with the completeness and coverage of the assessment of potential risks of material misstatement to the financial statements and the Committee was therefore able to agree the proposed audit plan to address identified risks. National Audit Office value for money study 11. The Committee received an oral update on progress. It is planned that NAO colleagues will be able to join our next meeting to discuss the study in more detail. Pensions governance 12. Following discussion on pension obligations at recent meetings, the Committee received a report setting out further detail about the arrangements relating to pension schemes of which CQC was an active member. While there is no significant or specific concern at present, there are still some areas where further clarity is needed around the exact responsibilities of CQC and how this relates to the responsibilities of Department of Health (DH). The Committee noted that this will be raised with colleagues from DH. Annual report and accounts: proposed structure and timetable 13. The Committee noted proposals for the structure and key messages for the 2016 / 17 Annual Report and Accounts. The Committee also noted the timetable for preparation and sign-off of the Report and Accounts, noting that there will be further opportunities to comment as the draft develops and is presented to future meetings. As with previous years, there will be an opportunity for Board and ACGC members to 2 Agenda Paper No: 9 CM/02/17/09 meet individually with Finance and Editorial staff to scrutinise the report and accounts in much greater detail. Disclosure and Barring Service (DBS) incident follow-up 14. At its meeting on 22 September, the Board considered the full report of the external review into last Julys data security breach and the CQC response to that independent review. The Board asked ACGC to oversee implementation of the recommendations. Accordingly, the Committee received a report setting out action carried out to complete the recommendations of the external review and an overview of the wider programme of work on security improvements. The Committee was assured that five out of the six recommendations had now been completed and work to complete the final one - a programme of security culture change so that CQC could become an exemplary information security organisation – was in train. We note that the external reviewer is scheduled to return to CQC during the summer of 2017 to test that recommendations have been successfully implemented and will also be asked to review the CQC Values Information programme. The Committee also suggested that it would be helpful for internal audit to review progress in 2017/18. Name: Title: Date: Paul Rew Chair, Audit and Corporate Governance Committee 1 February 2017 3