3. Accountability report
Statement of Accounting Officer’s responsibilities
Under the Government Resources and Accounts Act 2000, HM Treasury has directed the Authority to prepare, for each financial year, resource accounts detailing the resources acquired, held or disposed of during the year and the use of resources by the Authority during the year.
The accounts are prepared on an accruals basis and must give a true and fair view of the state of the affairs of the Authority and of its income and expenditure, Statement of Financial Position and cash flows for the financial year.
In preparing the accounts, the Accounting Officer is required to comply with the requirements of the Government Financial Reporting Manual and in particular to:
- observe the Accounts Direction issued by the Treasury, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis
- make judgements and estimates on a reasonable basis
- state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed, and disclose and explain any material departures in the accounts
- prepare the accounts on a going concern basis
- confirm that the Annual Report and Accounts as a whole is fair, balanced and understandable and take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable
HM Treasury has appointed the Permanent Secretary of the Authority as Accounting Officer of the Authority.
The responsibilities of an Accounting Officer, including responsibility for the propriety and regularity of the public finances for which the Accounting Officer is answerable, for keeping proper records and for safeguarding the Authority’s assets, are set out in Managing Public Money published by HM Treasury.
As the Accounting Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information and to establish that the Authority’s auditors are aware of that information. So far as I am aware, there is no relevant audit information of which the auditors are unaware.
Back to topGovernance statement
Responsibilities
As Accounting Officer, I have responsibility for maintaining effective governance and a sound system of internal control to support the achievement of the Authority’s policies, aims and objectives. As part of this role I safeguard the public funds and assets for which I am personally responsible, in accordance with the responsibilities assigned to me. This statement sets out the key challenges faced by the UK Statistics Authority (the Authority), the issues which have arisen, the remaining risks, and the system of control to manage these risks. Our Governance Statement supports the description of our performance provided in the Annual Report (Chapter two) which sets out our strategy and the progress we have made towards delivery.
In line with commitments made by the Authority to the Public Administration and Constitutional Affairs Committee, I appointed Mr Ed Humpherson as an Additional Accounting Officer, with responsibility for the OSR budget, from 1 June 2020. The appointment was made in accordance with Section 5, subsection 8 of the Government Resources and Accounts Act 2000 and carries with it the responsibility for ensuring that resources approved by the UK Statistics Authority Board for the Office for Statistics Regulation are used for the purposes intended.
Compliance with the Corporate Governance Code
I have assessed the Authority’s compliance with the Corporate Governance in the Central Government Departments’ Code of Good Practice 2017. The code focuses on governance arrangements for ministerial departments and there are elements, such as ministerial chairmanship of the Board (Section 1.1), which are not directly relevant to the Authority due to our statutory framework and status as a non-ministerial department. However, we comply with the spirit and principles of the code.
Role of the Authority Board during 2020/21
The UK Statistics Authority Board (Authority Board) has the statutory objective of promoting and safeguarding the production and publication of official statistics that ‘serve the public good’. In accordance with the 2007 Act, the Authority Board is comprised of a majority of non-executive directors (including a Chair) appointed through open competition, and three executive members, as set out in the 2020/21 Governance and Committees of the Board table.
The post of Chair of the UK Statistics Authority is a Crown appointment. Sir David Norgrove was appointed by HM The Queen following an open competition and subject to a pre-appointment hearing by the Public Administration and Constitutional Affairs Committee and a formal debate on the floor of the House of Commons. Sir David took up his post on 1 April 2017 and his term of appointment will end on 31 March 2022.
Governance and Committees of the Authority Board during 2020/21
During 2020/21 sub-committees, which supported the Authority Board in its work and reported to it, met as follows.
Table 5
| Committee | Chaired by | Purpose | Meetings |
|---|---|---|---|
| Audit and Risk Assurance | Ms Nora Nanayakkara | To support the Authority Board and the Authority’s Accounting Officer in their responsibilities for risk management, control and governance. | Six |
| Regulation Committee | Professor Anne Trefethen | To help shape the regulation strategy and to oversee the programme of Assessment of sets of official statistics against the Code of Practice plus other work related to Assessment and regulation. | Five |
| Remuneration Committee | Sir David Norgrove | To determine 2019/20 performance bonuses for the members of the Senior Civil Service (SCS) employed by the Authority and to consider other staff pay issues. | Two |
Topics covered by each Committee
Table 6
| Authority Board | Strategy and Business planning; Census 2021; Integrated Data Programme; COVID-19 scenario planning; COVID-19 Infection Survey; Data Acquisition; Alternative Data Sources; EU Exit/transition; Retail Prices Index; Spending Review 2020; Inclusive Data Taskforce; System of National Accounts; Risk Appetite; Strategic risks; Board effectiveness; Statistical quality; People Plan and inclusivity. |
|---|---|
| Audit and Risk Assurance Committee | Annual Report and Accounts; Census and Data Collection Transformation Programme; COVID-19 Infection Survey; Committee effectiveness; Corporate Governance Assurance; Procurement; Security; External Audit; Finances: Internal Audits; Risk and Assurance (including risk management); HR; Statistical quality; Legacy uplift; Contract Management; Data Acquisition. |
| Regulation Committee | Annual Review of Casework; OSR Work Programme and Business Plan; Regulatory Strategy; Risk Interventions Policy; National Statistics Designation Review; Guidance on the processing of sex and gender data; Review of the approach to developing statistical models to award 2020 exam results; Compliance checks and Rapid Reviews; Assessments: Business Demography; Productivity; Census 2021; and Systemic Reviews: Defra User Engagement; Post 16 Education and Skills; Mental Health.; Statistical Leadership; Reproducible Analytical Pipelines. |
| Remuneration Committee | Senior Civil Service performance moderation (base pay and non-consolidated performance related award). |
Attendance at the Authority Board and its sub-committees
Table 7
| Authority Board | Audit and Risk Assurance committee | Regulation Committee | Remuneration Committee | |
|---|---|---|---|---|
| Non-executive members | ||||
| Sir David Norgrove Chair | 11/11 | 5/5 | 2/2 | |
| Professor David Hand | 11/11 | 5/5 | ||
| Ms Sian Jones Deputy Chair | 10/11 | 4/6 | 2/2 | |
| Professor Sir David Spiegelhalter From 27 May 2020 | 10/10 | 5/6 | ||
| Professor Jonathan Haskel | 8/11 | 4/5 | ||
| Richard Dobbs From 27 May 2020 | 10/10 | 4/5 | ||
| Ms Nora Nanayakkara | 11/11 | 6/6 | ||
| Professor Ann Trefethen | 9/11 | 5/5 | 2/2 | |
| Ms Helen Boaden | 11/11 | 5/5 | ||
| Executive members | ||||
| Professor Sir Ian Diamond Chief Executive and National Statistician | 11/11 | 2/2 | ||
| Mr Ed Humpherson Director General for Regulation | 11/11 | 5/5 | ||
| Ms Sam Beckett Deputy Chief Executive and Second Permanent Secretary From 10 September 2020 | 7/7 | |||
| Ms Francesca Kay Deputy National Statistician for Data Capability To 30 November 2020 | 4/4 |
Board effectiveness review
This year’s board effectiveness review was overseen by the Chair of the Authority Board. A survey was undertaken that sought members’ views on:
- processes for agreeing business plans
- adequacy of information provided to the Board, to allow it to monitor performance and progress
- board composition and culture
- support for members, including during the transition to remote meetings
- areas of focus for the coming year
The outcome of the survey was discussed at the board meeting in July 2020. The responses indicated an improvement in the operation of the Board in a number of areas, including risk discussions and business planning; the support provided by the Secretariat and, the transition made to remote meetings. Members indicated that in the coming year, areas of focus should include Census 2021, Integrated Data Platform and COVID-19 Infection Survey.
Board minutes and papers are published on the UK Statistics Authority website at: https://uksa.statisticsauthority.gov.uk/publications-list/?type=minutes-and-papers
Assurance over the quality of information
The Authority Board recognises the need to ensure it receives sound advice and information to enable informed decisions to be made.
The Secretariat works with teams to ensure the information provided is of a good quality, with a template used for committee papers, structured to ensure risks and resource implications are highlighted and to ensure sufficient engagement and challenge during discussions.
The structure and information contained in regular agenda items are reviewed annually as part of the board effectiveness review.
An Integrated Performance and Finance Report is provided to the Authority Board in each meeting to aid decision making and the Strategic Risk framework has been discussed throughout 2020/21. Overall, the Authority Board has been content with the quality of the data it is provided with during the year.
Executive committees during 2020/21
I chair the National Statistics Executive Group (NSEG). The role of NSEG is to support the National Statistician in the exercise of my functions as the Head of the Government Statistical Service (GSS) and Analysis Function, and as Chief Executive of the UK Statistics Authority and ONS, so as to achieve the collective mission and strategic objectives of the official statistics system.
This group met on 12 occasions during 2020/21.
Back to topManagement of risk
Summary: During the last year, there has been significant investment in developing risk maturity. As we have continued to deliver through the impact of the COVID-19 pandemic, we have become smarter risk takers in the face of a changing risk profile, working with the risk appetite, and ensuring that we have robust action plans in place.
Developments in our risk framework has led to an injection of new talent and tools which has not only improved risk maturity but enabled the organisation to respond to risk in real time, supporting the prioritisation and delivery framework.
As we progress into 2021/22, the focus on quality risk management will continue to ensure that we reflect change across the external environment, and that we develop our assurance framework to support delivery.
Risk management approach
Risk management is inherent in all of our activities and is considered throughout our planning and delivery to ensure that we operate within the boundaries of our risk appetite, as defined by the UKSA Board. This provides a framework through which we can assess and understand our risk profile but also the opportunities that we can take in order to achieve and accelerate on the ambitions of the Strategy.
To continue to mature risk management within ONS, significant investment has been made over the last 12 months to develop an integrated risk and assurance framework, building core capability and improving risk management at senior levels of the organisation. As this work has developed, we have seen the following improvements:
- a refined and owned set of strategic risks – (Figure 1)
- development of an ONS corporate risk profile
- governance structure aligned to the risk profile for oversight and challenge of strategic and corporate risks
- new risk reports that provides greater insight to Leadership and Management groups
- increased horizon scanning activities to identify emerging and evolving risks
- a developing assurance framework for strategic and corporate risk action plans
The Audit and Risk Assurance Committee (Committee) has responsibility for advising the Board on the effectiveness on the governance, risk management and system of internal control. Strategic risk status updates and progress against delivery of the revised integrated risk and assurance framework have been regularly provided to the Committee. An internal audit of risk management was undertaken in 2020/21 which validated the progress being made, particularly the improved sense of ownership from risk owners and effectiveness of the governance in overseeing the risk profile.
UK Statistics Authority strategic risks
In the lead up to the publication of the strategy (2020), members of the Executive and Non-Executive Board developed a suite of strategic risks (Figure 1), reflecting the mid and longer-term challenges in delivering against the UK’s evolving society and economy.
As we have continued to operate with these risks and against the backdrop of a significant upheaval following the COVID-19 pandemic, the risk profile has remained broadly static, with a greater focus being given to the mitigations to ensure that we can continue to keep pace with growing external demand whilst working towards the tolerances defined by our risk appetite. However, following the successful delivery of the Census and a steady state around our security, it is important we reflect on our risk profile and appetite as we move into the future.
The ability to keep pace continues to be a strategic risk for us, ensuring that the analytical priorities of our external stakeholders are well understood, and that we respond with agility in order to maximise the impact of the information we provide. This also leans to our infrastructure and the challenges faced in ensuring that the organisation is sufficiently responsive in meeting new or emerging demands and continuing on our core transformation. We recognise the challenge in developing and prioritising our resource to support this delivery and need to ensure that we continue to build strong relationships with Parliament and across government, forming partnerships that will enable us to meet our ambitions.
Figure 1: UK Statistics Authority strategic risks summary
Table 8
| Risks | |
|---|---|
| Trust in official statistics, data and analysis | The external environment including: the political perspective; scepticism of the role of statistics in society; competition in the production; and ability to manage the views of our stakeholders – impact on the perception of the statistics system to society. This is mitigated by developing our understanding of the needs of key stakeholders, research and development programmes, development of the ONS website and reviewing the National Statistics classification system. |
| Inclusivity of approach | We have a responsibility to reflect society in everything that we do and ensure that the UK’s evidence base reflects all characteristics of society. There is a risk that our presentation of the economy and society is not sufficiently reflective of the UK. This is mitigated through our approach to collecting and bringing together inclusive data, the inclusivity of the Census in 2021, refresh of our economic statistics and Inclusive Data Taskforce. |
| Resources | The success of the strategy is dependent on our ability to attract the support of Parliament and the centre of government to obtain sufficient funding to deliver our ambitions. There is a risk that we are unable to secure sufficient financial backing to deliver the full scope of our activities. Current mitigations include our preparation for the Spending Review, efficiency programme, internal structure review and budget approvals. |
| People | The ability to attract, retain and develop an inclusive, motivated, and flexible workforce with the right capability is key to the delivery of the strategy. Key mitigations include the development of the pay business case, People Strategy, and Location Strategy. |
| Keeping pace with the needs of society | As we continue to deliver against the UK’s evolving society and economy in the context of our statistics, analysis, and data, it is critical that we can identify and respond to priorities at pace. If we do not act with agility, there is a risk that the relevance of our information diminishes, and we are unable to maintain and improve the organisation’s profile and value. This is mitigated through effective internal governance, demand management pipeline, business development, and building a flexible analytical resource. |
| Delivering and communicating quality | The use of a wider array of data sources has resulted in changes to the scope, nature and approach in the production of key statistics. There is a risk that if we do not streamline our statistical and quality assurance processes, as well as embed a cross-cutting analytical approach then confidence in the statistical system and the perception of its value will diminish. This is mitigated through our quality assurance framework, work of the Quality Committee and the Analysis and Evaluation Committee, in addition to engagement with the academic community and continued research and development. |
| Failure of Census | There is a risk that the Census will not deliver population estimates and wider analysis of UK society in 2021 and therefore fail to meet the expectations of key stakeholders. This is mitigated by our stakeholder engagement plan, internal and external assurance programmes and ensuring we have in place administrative data to support a parallel run alongside Census 2021. |
| Data breach | In order to deliver the strategy, we need to increase our access to data from administrative and survey sources. There is a risk that a major data or security breach in the ONS, or across the wider society, risks undermining confidence in our ability to manage data; and government support for our approach. This is mitigated by our security strategy, developing a security culture, replacing legacy technology, and ensuing security by design. |
| COVID-19 organisational impact | As well as the significant business disruption and challenges to our staff wellbeing, the Covid-19 outbreak has significantly increased stakeholder demand for data and analysis to provide the insight needed to manage the pandemic and support government decision making. There is a risk that we do not have the internal mechanisms in place to assess and prioritise new and existing demand through internal governance, as we respond to rapid requests from our key stakeholders in Parliament and across Government. This is mitigated through enhanced collaboration with Government partners, internal resourcing prioritisation processes, as well as a focus on building our analytical capabilities and analytical recruitment pipeline. |
| Collaboration across government | The cross-cutting elements of the strategy depend on collaboration across the GSS and Analysis Function. There is a risk that we are unable to establish a collaborative model and associated governance within ONS, GSS and Analysis Function, which will impact on our ability to deliver the cross-cutting analysis elements of the strategy. This is mitigated through the engagement across government, developing the Integrated Data Platform and coherence programmes across the GSS. |
Data and security management
This has been an important year for security and data management with the COVID-19, Census 2021, Data Access Platform (DAP) and Integrated Data Platform (IDP) all being key priorities for both the Authority and wider Government.
The COVID-19 pandemic and the Authority’s response have been major factors in our data security activity. While our work with other Government departments to acquire data continued, substantial work was performed in acquiring datasets from new sources to support COVID-19 analysis for the Government. The security of these new and existing sources of data has remained a top priority for the Authority.
The Authority’s operational response to COVID-19 was heavily reliant on good security and this supported the move to remote working in accordance with Government directives. Significant changes were implemented to personal, physical and technology security which enabled us to appropriately manage the access and use of existing data to deliver our expected statistical outputs while extending analysis work into new areas.
There was rapid service development to underpin COVID-19 statistical response with security paramount as part of service design, especially in our work for Hotspots analysis, NHS-X infrastructure and the COVID-19 Infection Survey. We enabled these programmes of work to move ahead quickly, using secure methods, to inform the national response to COVID-19 while protecting the personal data within them, both internally and across third party suppliers.
The outcomes from the Census Rehearsal and implementation for Census 2021 has played a substantial part in security and information delivery through the review period. Working across 28 internal and external workstreams, we have ensured secure data journeys for citizen’s Census submissions through the secure design and development of platforms and services. In addition, we obtained independent assurance of the security being implemented through a detailed third-party review, which concluded that the Authority had a comprehensive security programme in place designed to reduce the risk of compromise to the delivery of Census 2021 and citizen data.
The overall security of our systems, in particular our key data management environment, the Data Access Platform (DAP), remains critical. During the year this extended to include the embedding security of our security into the Integrated Data Programme (IDP), a new platform approach for the secure sharing and use of Government data for analysis and research. Transforming security with DAP and IDP using modern techniques and technology supports the Authority and wider Government transformation of statistics, and our ongoing success. Though risks remain in our ability to use administrative data in support of Census 2021 and in the delivery of key outputs, we are making progress in this area, particularly with tax data from Her Majesty’s Revenue and Customs (HMRC) and national insurance data from the Department for Work and Pensions (DWP). We are also balancing the use of administrative data with our established surveys.
Our support to the Digital Economy Act continues through the security assessment of potential data processors under Act and Code of Practice. Maintaining high levels of security protection for public data used in research is a key requirement for the Authority. Our experts have assessed organisations for accreditation this year to ensure strong security controls are in place to host and process data, with the Research Accreditation Panel making a determination on the formal accreditation. In addition, several annual assessments have been performed on accredited organisations to ensure that their security environment remains strong, with appropriate improvements being implemented.
Public confidence and support for the provision of data is critical, including the acceptability of legislation such as the Digital Economy Act. We recognise that a data or cyber breach in the management of data could impact this significantly. To support our approach to managing these areas, we have made significant investment in protective technology, monitoring services and vulnerability testing together with staff training and development. This has included extensive engagement with the National Cyber Security Centre and with key Government department security teams. Enhanced security training is now a mandatory requirement for all staff, with substantial effort being put into behavioral security to provide staff with the awareness needed so they play a stronger part in the defence of the Authority.
During this period, we drew to a close our three-year security strategy. This has successfully transformed our security and embedded it at higher levels within the heart of the Authority, enabling the Authority to deliver its objectives in a safe and secure environment. It has also built a stronger team, with the technical skills required to meet the Authority’s business needs and aspirations. We are moving rapidly to utilising commodity cloud services, and consuming data and services from very complex environments, and other third parties, that will be expertly assured to safeguard the security of the Authority’s data and services.
Back to topInformation management
Management of the Authority’s documents and records throughout their lifecycle, and according to information legislation, continues to be a priority. In 2018/19, we rolled out a new document management system enabling greater functionality for the storage and sharing of operational information.Migration to an upgraded version of the system took place during 2020/21. The document management system has been supported by a new document and records management policy which has been revised to allow for ongoing management of personal data in the upgraded system in support of compliance and accountability with data protection legislation.
With significant levels of confidential data collected and acquired for use in official statistics, information management and confidentiality are critical considerations where people, processes and systems interface with the external world. Staff working in some parts of the Authority have access to a range of business and personal data to produce high quality, accurate statistics. There is a recognised, strong cultural understanding that information must be handled lawfully, accurately and securely, supported by strong legal, technological and business processes.
We continue to make available a range of documents that describe how the Authority looks after and uses data for the public benefit. These include the strategic approach to data use; a comprehensive data management framework to describe how the Authority manages and governs data practices to ensure we protect the confidentiality and security of data we hold, and meet our legal obligations; a range of data management policies; and a transparent register of the data sources we acquire from other organisations that support the production of our statistics and research.
The data protection auditing and compliance monitoring service continues to report on all activities across the Authority from a data protection perspective, also supporting the work of the Data Protection Officer in providing guidance, training and awareness of data protection requirements.
I am required to report any significant breaches relating to personal data to the Information Commissioner’s Office (ICO). There have been no such incidents during 2020/21.
Developments in the control environment
During 2020/21 we made significant investment and improvements within the internal control environment. These include:
- embedding the revised governance framework and structure of the
sub-committees below the National Statistician’s Executive Group, placing the strategic objectives and risks at its core to provide robust oversight and challenge - developing the risk and assurance capability across the organisation to strengthen its lines of defence across key risk areas- with a particular focus on statistical quality and our strategic programmes
- developing the oversight of organisational management, with strengthened governance and an integrated approach to reporting on progress against our strategic business plan, objectives, risks and finances
- building a responsive and flexible Internal Audit function to meet the evolving assurance needs and the risks of the organisation
These developments have provided organisational stability to manage the ongoing and changing demands placed upon us. We will continue to invest in this area to maintain the confidence and integrity of our internal control framework.
A revised Governance Assurance Statement, signed by each of our Directors was developed this year to ensure and maintain focus on core areas of internal control, including; People; Risk; Governance; Security; Statistical Quality; Portfolio Management; Commercial and Finance Management, and has confirmed the adequacy of the control environment operating each of their respective areas.
Whistleblowing arrangements
Making sure the Authority’s staff feel able to come forward with concerns is important in ensuring effective governance and management across the Authority.
The Authority’s Whistleblowing and Raising a Concern Policy encourages employees to raise concerns about wrongdoing, advises on the protection afforded to whistle blowers, and provides reassurance that concerns will be investigated responsibly and professionally. The Authority has also trained Nominated Officers in place who can be approached in relation to concerns. The policy and supporting guidance are accessible on the Authority’s intranet.
Assurances from Internal Audit
The Internal Audit function provides the National Statistician and the Audit and Risk Assurance Committee with a clearer view on any emerging risks. The internal audit programme is closely linked to the key risks of the Authority. Arrangements are in place to ensure that the National Statistician is made aware of any significant issues which indicate that key risks are not being effectively managed. The Internal Audit service complies with the Public Sector Internal Audit Standards.
Opinion of the Head of Internal Audit
In my role as Head of Internal Audit (HIA), I am required to provide an overall opinion based on my professional judgement, which is supported by the outcomes of the 2020/21 Internal Audit Programme of work. However, my annual opinion also recognises the wider control and operating environment within the Authority, the level and extent of change, and the way in which the organisation is managing and responding to its key risks. The opinion I provide reflects the status of the risk, control and governance environment, based at the point in time in which the work was undertaken.
It is important to highlight that whilst the impact of Covid-19 has necessitated a change in focus across the organisation and the way in which the Internal Audit team have had to operate in the working environment, I can report that there has been no material impact on the delivery of the Internal Audit Programme. Regular updates have been provided to the Committee, ensuring an appropriate level of flexibility to enable internal audit delivery to best align with the changing priorities of the organisation and assurance needs.
Throughout the last 12 months, I can report that there has continued to be a strong level of engagement with Internal Audit across the Executive and with their respective teams. I have seen a good level of improvement in our follow up reporting (testing implementation of audit findings), which has consistently reported ‘good’ progress, and the management action tracking (management progress updates), in which I have seen minimal delays in the implementation of audit findings throughout this period.
Following the 2019/20 Limited opinion, there has been a significant investment made in developing governance and improving risk management maturity. This has been critical as the organisation has had to navigate through a rapidly changing risk landscape, against the backdrop of the evolving pandemic, delivery of the Census 2021, and a sub-optimal spending review. Under the leadership of the National Statistician, I have observed an increased focus on managing risk, particularly at the senior level, with a desire to explore risk appetite in order to support strategy delivery.
The development in risk management has been underpinned by the revised governance, which holds a critical role in the oversight, challenge, and cross organisational management of ONS’s risks. As a result, I have observed greater accountability and ownership of the risks at the strategic and corporate levels as well as a positive willingness in the business to develop their risk and assurance capability. Further work is required to ensure that risk is well embedded throughout all layers of the organisation. Indeed, there is a need to establish the link more firmly to second line assurance activities here, so that the organisation can more promptly respond to emerging issues. This forms a key part of the wider risk and assurance strategy for ONS, which will redress the balance of assurance across the three lines of defence.
Previous internal audit reports have reported a propensity to work in silos, existence of shadow capability, and a lack of ownership or accountability across key areas such as statistical quality, legacy recovery, IT disaster recovery and risk management. There are some clear improvements in this space, notably as a result of the governance refresh. In relation to the individual areas of concern raised in 2019/20, outside of risk management which has been addressed above, I have observed a good level of traction in developing the statistical quality assurance framework, disaster recovery capability and legacy recovery plans.
To ensure that the progress made in these areas is both sustainable and yielding the right outcomes, continued focus is required by the organisation to assure that risks are being addressed. The effectiveness of this focus will be evident from 2021/22.
With regard to other internal audit work delivered this year, despite some encouraging indications in risk and governance, there are some specific areas that still require focus. The audit and advisory work highlighted challenges around accountability and/or working together as one ONS. Whilst some improvements have already been made in response to the audits, the development of greater collective accountability at the senior management level, a common view of the priority outcomes for the organisation and a stronger consistent model for the supporting capability, will be critical to ensuring the continuing development of an integrated culture with a continued focus on the accountability of senior leadership for ONS.
Although there remains some work to do to ensure the continued momentum of engagement and improvements across all aspects of risk, accountability and control, and governance, it is evident that the organisation has heavily invested in developing its maturity. The commitment and tone from the top of the organisation provides good indications that this will continue as we deliver over the next period.
Overall, my opinion on the framework of governance, risk management and controls is “moderate” for 2020/21 financial year.
Opinion of the Chair of the Audit and Risk Assurance Committee
Based on the work of the Committee during the year and the assurance work carried out by the External and Internal Auditors, it is my opinion that the Authority’s governance and control framework is generally effective.
The Committee accepts the overall moderate opinion from the Head of Internal Audit, which reflects the work and effort across the organisation on joint working, achieving improved accountability and ownership of cross organisational risks. These developments were underpinned by the refreshed executive governance framework with risk management embedded at its core. This progress has been achieved as a result of the Accounting Officer’s commitment to deliver in the areas highlighted in last year’s report as requiring improvement and the Committee recognises the hard work and dedicated efforts that have underpinned a satisfactory control environment where the organisation’s strategic objectives can be well supported.
The Head of Internal Audit’s overall limited opinion of the last four years was based on three overarching issues: silo working, a lack of accountability, governance and ownership of cross organisational risks, which had persisted over the years. This year’s moderate opinion reflects the strong start and good progress that has been achieved in addressing these issues, particularly in the latter quarter of this year. The commitment of the Accounting Officer and the Senior Leadership Team to working as “One ONS” has been a key enabler of this progress. This new approach is at an early stage and it is critical that sustained effort is demonstrated over the coming period and beyond in order to continue to see the necessary progress in the control environment across the business. Promising progress has been made in the following three areas highlighted in 2019/20:
- strengthening risk and oversight functions
- developing the culture of ownership and accountability
- strengthening governance
In order to maintain this progress, it is vital that sustained efforts continue to be applied to maturing and embedding the early success achieved in these three areas over the forthcoming period, supported by internal audit.
Overall conclusion
In conclusion, the UK Statistics Authority’s approach to governance, risk management and control is generally effective. We have developed our approach across each of these areas during the year and I am pleased that this progress has been reflected in the assurance work that has been delivered during the year.
During 2021/22 we will continue to embed the improvements in our approach and focus on further developing our assurance activities to match the ambitions we have for the organisation and ensure that we keep pace with these activities.
Back to top