English Cymraeg

Audit & Risk Assurance Committee (ARAC)

INFO 23-06-03

View as PDF
View as PDF

Summary Report of 16 May 2023 meeting

The Committee considered the following:

Final Internal and Regulatory Audit plans 2023/24, Draft Annual Report to FSA Board from ARAC Chair and Annual Review of Internal Audit Charter

All three items were agreed.

Executive Update

The Director for People and Resources updated ARAC as to the current position of Operations Hawk and Sparrow and how the risks around each are being managed.  The Director of Operations gave an overview of the risks around the temporary registration of vets expiring and the mitigating actions that are being taken.  The ARAC challenged and gave their own insight into similar risks to assist in the management of the vets’ issue.

Serious Case Review (SCR)

The Head of Standards and Reward presented the process for Serious Case reviews which had previously been discussed by the Executive Management Team.  This included recommendations in respect of the ARAC role such as the Chair of ARAC agreeing when to initiate a SCR process with the Chief Executive Officer (CEO), the need for independent oversight and where it may be obtained and ARAC receiving a report following the completion of the review and updates on the agreed actions.  The ARAC were content to agree the recommendations.

Counter Fraud Annual Report

The Head of Standards and Reward also presented the Annual Counter Fraud Report.  The FSA continues to update its arrangements for counter fraud, bribery and corruption and to align to the applicable Government Functional Standard and new assessment framework.  A further update on counter fraud will be received by ARAC at the November 2023 meeting.
Information Security Risk Update
The Head of Knowledge Information Management and Security introduced the paper which gave details about a specific security incident and the actions taken to contain the situation and strengthen the existing controls to help prevent a similar incident in the future.

National Audit Office (NAO) Audit Planning

NAO presented their plan for the audit of the 2022/23 consolidated and devolved accounts.  It was confirmed that the audit will be completed post parliamentary recess to take account of the timing of the audit for one of the pension schemes and allow NAO to complete work for ministerial departments pre recess.  The audit fee is yet to be confirmed.
Draft Internal Audit and Regulatory Audit Annual Report

The Head of Internal Audit presented her annual report and opinion.  The overall opinion is ‘Moderate,’ some improvements are required to enhance the adequacy and effectiveness of the framework of governance, risk management and control.  Areas for improvement include consistency of application of processes and procedures, portfolio management of programmes and maximising the use of data and information to learn and make improvements.

Draft FSA Annual Report, Consolidated and Devolved Accounts

The Head of Planning and Performance introduced the draft annual report.  Members were asked to send specific comments to the executive around the performance report, principal risks and accounts.

Date of next meeting:

13 June 2023 11:00 -13:00

Summary Report of 13 June 2023 meeting

The Committee considered the following:

Executive Update

The Head of Standards and Reward gave ARAC members details of a whistleblowing case and associated investigation to understand whether there are any actions that will need to be taken forward.  The Director for People and Resources updated ARAC as to progress being made to manage the risks around temporary registration of vets expiring.  Although progress has been made this is relatively short / medium term and other mitigations will need to be considered.  Finally, the Director of Operations gave an overview of a report reviewing FSA’s Risk and Crisis Management in respect of incidents.  An action plan and associated governance is being put together to address issues raised.

Internal Audit Progress Report

The Head of Internal Audit presented her progress report detailing that the 23/24 audit plan is on track with the last two reports from 22/23 due to be finalised this month.  The ARAC were updated as to the status of two investigations.  Consequently, a change to the internal audit plan was agreed which will review areas of concern identified from the first investigation.

Complaints Overview

The Head of Standards and Reward outlined the complaints landscape and data held.  The process has been changed to ensure that ARAC will be updated on any complaints at an earlier stage.

Regulatory Audit Progress Report

The Head of Delivery Assurance presented his progress report detailing that all Q1 work has commenced, one report from last year was being finalised and the team now had a vacancy due to a member of staff achieving promotion.  ARAC members requested more detail in future reports on management actions for Local Authorities (LAs) and the framework for determining which LAs in England are sampled.

Risk Update

The Head of Planning and Performance introduced the quarterly risk update which detailed a change in the risk appetite for one of the risks, a summary of EMTs latest conversation on risk, the current corporate risks and mitigations and details on the updated HMT Orange Book.  ARAC members challenged and asked for assurance over some of the specific risks.

Information Security Annual Report & Incident Update

The Head of Knowledge Information Management and Security introduced her annual report on security.  Ransomware remains the biggest threat although Artificial Intelligence is seen as an emerging risk for future years.  ARAC members were reassured by the mitigating actions that the team have taken over the last year and have planned for 23/24.  ARAC were updated in relation to an incident discussed at the previous ARAC.  A lessons learned report has been produced which details mitigations which will be taken forward.

Update on FSA Annual Report, Consolidated and Devolved Accounts

ARAC members were asked to feedback any further comments that they have on the version received at the May ARAC meeting.  A final version for agreement (subject to the outcome of the NAO audit) will be presented at the September meeting.

Cost of Living Deep Dive

The Head of Strategic Delivery presented the deep dive which detailed the work the FSA has completed over the last 12 months to monitor and mitigate the risks posed by the cost-of-living crisis in the context of the FSA’s remit and policy responsibilities and the ongoing work to monitor where risk is manifesting and the FSA’s processes for mitigation.  ARAC members welcomed the paper and challenged on whether the level of risk is quantifiable to assist with prioritisation and whether the risk mitigations are working.

Date of next meeting:

12 September 2023 11:00 -13:00

Back to top