NOT PROTECTIVELY MARKED

Transcription

1 NOT PROTECTIVELY MARKED Meeting Audit Committee Date 24 July 2018 Location Pacific Quay, Glasgow Title of Paper Internal Audit Organisational Change Report Item Number 5.5 Presented By Campbell McLundie, Scott- Moncrieff Recommendation to Members Members are requested to note the report. Appendix Attached Internal Audit Organisational Change Report PURPOSE This paper presents our final report on the review of Organisational Change. The paper is presented in line with the Internal Audit contract with Scottish Police Authority. The paper is submitted for noting. Audit Committee Public Session NOT PROTECTIVELY MARKED 1

2 NOT PROTECTIVELY MARKED 1. BACKGROUND 1.1 Police Scotland and the Scottish Police Authority have set out an ambitious 10 year strategy for the transformation of policing in Scotland. Police Scotland have presented an implementation plan covering the next three years. This covers the key areas of activity and arrangements for the governance and delivery of the transformation programme. This review will consider the adequacy of these plans with specific focus on how the SPA can gain independent assurance on programme and project delivery in order that it can fully fulfil its oversight responsibilities. The key objectives for this review are to ensure that: Programme and project governance is sufficiently robust and independent in order to deliver effective oversight particularly by the SPA; The planning, management and delivery of the policing strategy is subject to sufficiently robust management structures, operational controls and progress reporting to maximise its likelihood of success; Programme and project delivery is subject to adequate risk, issue, change and dependency management; and Financial and benefits realisation planning appropriately reflect programme/project planning and delivery 2. FURTHER DETAIL ON THE REPORT TOPIC 2.1 The report notes that Police Scotland s Organisational Change controls procedures reflect good practice in a number of areas including: o The overall programme and project management framework reflects good practice particularly in areas such as planning, risk and dependency management Audit Committee Public Session NOT PROTECTIVELY MARKED 2

3 NOT PROTECTIVELY MARKED o The Portfolio Management Office (PMO) provides a valuable support resource o Financial planning and budgetary controls are robust The report contains nine grade 3 (high risk exposure) recommendations to enhance the design and operation of the Organisational Change controls. The findings contained within the report have been accepted with action owners and timescales for completion assigned. Next steps: We will follow up management responses contained within the report on a periodic basis to monitor progress being made towards implementing management actions 3. FINANCIAL IMPLICATIONS 3.1 There are no financial implications arising as a direct result of this report. 4. PERSONNEL IMPLICATIONS 4.1 There are no personnel implications associated with this report. 5. LEGAL IMPLICATIONS 5.1 There are no legal implications associated with this report. 6. REPUTATIONAL IMPLICATIONS 6.1 There are no reputational implications arising from with report. 7. SOCIAL IMPLICATIONS 7.1 There are no social implications directly associated with this report 8. COMMUNITY IMPACT Audit Committee Public Session NOT PROTECTIVELY MARKED 3

4 NOT PROTECTIVELY MARKED 8.1 There are no community impact implications directly associated with this report. 9. EQUALITIES IMPLICATIONS 9.1 There are no equalities implications directly associated with this report. 10. ENVIRONMENT IMPLICATIONS 10.1 There are no environmental implications associated with this report. RECOMMENDATIONS Members are requested to note the report. Audit Committee Public Session NOT PROTECTIVELY MARKED 4

5 Scottish Police Authority Internal Audit Report 2017/18 Organisational Change Management Review June 2018

6

7 Scottish Police Authority Internal Audit Report 2017/18 Organisational Change Management Review Executive Summary 1 Management Action Plan 5 Appendix A Definitions 17 Audit Sponsor Key Contacts Audit team Kenneth Hogg, Interim Chief Officer Neil Dickson, Director, Change Steven Jones, Director of Planning and Corporate Support Scott Ross, Portfolio Assurance & Reporting Manager Gary Devlin, Partner Helen Berry, Head of Internal Audit Campbell McLundie, Senior Consultant

8

9 Executive Summary Conclusion A comprehensive management framework has been devised for the delivery of the portfolio supported by a well-resourced Portfolio Management Office (PMO). We have therefore gained assurance that the core planning and management structures are in place to help ensure the success of the portfolio. However we have identified a number of areas of improvement which are reflective of the early stage of development that the portfolio has reached and also the changing relationship between Police Scotland and the SPA. Our recommendations for improvement will support the effective operation of the controls designed for management of the portfolio, as work continues to progress. Background and scope Police Scotland and the Scottish Police Authority have set out an ambitious 10 year strategy for the transformation of policing in Scotland. Police Scotland have presented an implementation plan covering the next three years. This covers the key areas of activity and arrangements for the governance and delivery of the transformation programme. This review considered the adequacy of these plans with specific focus on how the SPA can gain independent assurance on programme and project delivery in order that it can fully fulfil its oversight responsibilities. The key objectives for this review were to ensure that: Programme and project governance is sufficiently robust and independent in order to deliver effective oversight particularly by the SPA The planning, management and delivery of the policing strategy is subject to sufficiently robust management structures, operational controls and progress reporting to maximise its likelihood of success Programme and project delivery is subject to adequate risk, issue, change and dependency management Financial and benefits realisation planning appropriately reflect programme/project planning and delivery Acknowledgements We would like to thank all staff consulted during this review for their assistance and co-operation. scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 1

10 Control assessment 1. Programme and project governance is sufficiently robust and independent to deliver effective oversight, particularly by the SPA. 4 - Amber 1- Amber 2. The planning, management and delivery of the policing strategy is subject to sufficiently robust management structures, operational controls and progress reporting. 3 - Amber 2 - Amber 3. Programme and project delivery is subject to adequate risk, issue, change and dependency management. 4. Financial and benefits realisation planning appropriately reflect programme/ project planning and delivery. Improvement actions by type and priority Control Design Control Operation Grade 4 Grade 3 Grade 2 Grade 1 Nine improvement actions have been identified from this review, eight of which relate to compliance with existing procedures, rather than the design of controls themselves. See Appendix A for definitions of colour coding. 2 Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

11 Key findings Overview The Scottish Police Authority (SPA) and Police Scotland (PS) have embarked on an ambitious and challenging transformation programme which is intended to deliver significant improvements to policing in Scotland over the next ten years. An initial three year implementation plan and financial budget has been approved by the SPA and Scottish Government. This implementation plan is being delivered through a comprehensive Portfolio Management Framework based on best practice programme and portfolio methodologies including Managing Successful Programmes (MSP) and PRINCE2. The portfolio is subject to governance through a hierarchy of project, programme and change boards and supported by a dedicated Portfolio Management Office with specialists in project and financial management. The above structures and methodologies are still in their infancy with the majority of programmes and projects in early planning stages. It is therefore expected that changes will continue to be made to the overall approach over the coming months and improvements introduced as the overall portfolio matures. Good practice We have gained assurance that Police Scotland s procedures reflect good practice in a number of areas: The overall programme and project management framework reflects good practice particularly in areas such as planning, risk and dependency management. The Portfolio Management Office (PMO) provides a valuable support resource. Financial planning and budgetary controls are robust. Areas for improvement We have identified a number of areas for improvement which, if addressed, would strengthen Police Scotland and SPA s control framework. These include: Clarifying of role of the SPA in the portfolio governance structure and stakeholder communications and working with SPA to identify a governance model which supports efficient and effective delivery of transformation programmes and projects. Expanding the planning horizon in project planning to ensure it includes the implementation of anticipated changes. Revising the dependency management approach to expand the scope of dependencies considered and the introduction of acceptance criteria. Improved dis-benefit management particularly in relation to public perceptions of proposed changes. A greater focus on the reporting of project and programme deliverables. Consideration of changes in financial management including change control tolerances and authorisation processes. scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 3

12 These are further discussed in the Management Action Plan below. 4 Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

13 Management Action Plan Control Objective 1: Programme and project governance is sufficiently robust and independent in order to deliver effective oversight particularly by the SPA Amber 1.1 Alignment of SPA and Police Scotland Support Structures The Scottish Police Authority are currently reviewing its internal structures and resources to allow it to improve the delivery of its responsibilities in relation to governance and oversight of policing in Scotland. This responsibility has also been the subject of two recent reviews by HMICS Inspection of firearms licensing (March 2018) and Call Handing Update Report (May 2018). The latter recommended that the governance arrangements in relation to the C3 Programme, including the use of a joint governance and assurance group, be used across all of Police Scotland s significant change programmes. In addition to having a legislative responsibility for policing in Scotland, the SPA can play an important role in helping Police Scotland anticipate and address issues which may be perceived by the public as being disbenefits from planned changes in service delivery. It is therefore important that the SPA is more embedded within the governance arrangements than currently and that the SPA is structured accordingly. Risk Unless the SPA is sufficiently embedded within the portfolio governance arrangements it will be unable to fulfil its oversight responsibilities in an efficient and effective manner. Recommendation We recommend that the SPA and Police Scotland determine a revised portfolio governance structure by which SPA representatives are more embedded within the reporting and consultation processes to allow potential issues and risks to be addressed earlier and to provide greater visibility in relation to the oversight being exercised by the SPA over the delivery of the Change Portfolio. While the current governance model, comprising of a series of Project and Programme Boards, SPA Committees and Board, Scottish Government and other stakeholders has been appropriate for approval of Business Cases and financial budgets the delivery phase of the transformation programme needs to have greater flexibility to support effective and efficient decision making. The current restructuring within SPA offers an opportunity for an open dialogue between the SPA and Police Scotland on the ways in which SPA can gain the assurance it needs and provide appropriate support and challenge to Police Scotland without creating an unnecessarily cumbersome committee structure which could hinder the ability of Police Scotland to deliver success. We recommend that such discussions are held as a matter of urgency to allow the new arrangements to be operational as programmes and projects move into their delivery phase. scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 5

14 Management Action Grade 3 (Operation) Management acknowledges that SPA s role of oversight of the Change Portfolio can be enhanced and that Police Scotland will work with the SPA to ensure this is improved. We will arrange discussions with SPA around governance arrangements. The primary focus of the change portfolio is to deliver tangible improvement to policing and the public we serve. Currently the level of governance and scrutiny, from many stakeholders, is rightly very high but the balance of governance to proceed with a change and a focus on actually delivering improvements needs to be considered. SPA and Police Scotland have already ensured that the SPA is now represented at all Finance and Change board meetings and some Programme Boards to provide critical oversight and assurance, particularly around the propriety, regularity and value for money of the proposed programmes and projects. We are keen to avoid additional steps in an already very robust framework of control and scrutiny. Having noted the above, we would propose that any attendance at Police Scotland governance forums would need to be as observers, to maintain the independence of the SPA. In addition to embedding representatives in our existing governance to observe, it is suggested that SPA s role of oversight is carried out at a strategic level the Transformation Working Group in the first instance this group should receive reporting from SROs on individual programmes as well as the overall portfolio. Currently programmes within Police Scotland receive Assurance Reviews from the Portfolio Assurance Function, Scottish Government Technical Assurance Team and Scottish Government Gateway Review which should provide a level of confidence to the SPA regarding external assurance. The recent HMICS Update to Call Handling Review cited that Police Scotland has undertook a review of programme and project governance, the recommendations from which have been incorporated into new portfolio governance, change governance and investment governance frameworks. A comprehensive assurance approach is now in place the only outstanding issue was the establishment of the SPA Transformation Working Group. Action owner: Director, Change Due date: 30 November Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

15 1.2 Independent Assurance An Approval and Assurance Strategy has been published which sets out the sources of programme and project assurance. These include a tiered set of independent reviews which may be deployed to provide assurance aimed at keeping a programme or project on course. These include a PMO-led independent critical friend review and an OGC Gateway Review led by a reviewer from the Scottish Government. Where additional assurance is considered necessary further assurance can be sought from external consultants. While the above sources of assurance are welcome they may not provide the SPA with a sufficiently independent perspective. Similarly the scope for such reviews may be focused on ensuring that the portfolio management approach and controls are being correctly adopted rather than considering any underlying issues relating to the programme or project subject matter. Risk There is a risk that, despite the above assurance, key issues or risks may not be identified in a timely manner resulting in project delays or failure. Recommendation For high risk or impact projects consideration should be given to either regular external independent assurance reviews delivered by individuals with relevant subject matter experience and knowledge or the use of an external advisory board who are responsible for providing regular independent assurance to the Programme and Change Boards. The OGC Gateway Guidance also suggests that Internal Audit be used to provide regular independent scrutiny at keys stages of a programme delivery and such involvement is used within subsequent Gateway reviews as evidence of sufficiently robust scrutiny and challenge. scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 7

16 Management Action Grade 3 (Operation) Management accepts this Recommendation. Police Scotland recognise the value of external and independent reviews and assurance. Police Scotland is committed to using Gateway Reviews for the Change Portfolio and Programmes within it which meet the Risk Potential Assessment thresholds as set out by Scottish Government s Centre of Excellence. Gateway Review teams are selected based on their experience within the area that is to be reviewed. Police Scotland currently considers, where appropriate, the use of external suppliers to carry out independent assurance on the Portfolio, Programmes and Projects within the Service (e.g. Payroll Project). Police Scotland will ensure this approach is embedded within the Approval and Assurance Strategy. External independent assurance is already underway for proposed major investment in ICT through an ICT assurance group being coordinated by Scottish Government's Chief Information officer Anne Moises, the first meeting of which is scheduled for 30 July Further independent assurance will be considered on a case by case basis. Action owner: Director, Change Due date: 31 August Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

17 Control Objective 2: The planning, management and delivery of the policing strategy is subject to sufficiently robust management structures, operational controls and progress reporting Amber 2.1 Planning horizons Many of the current programmes and projects are still in the planning process. This process allows the project leads to: define the change to be achieved; the options by which such a change can be delivered; the resources needed to deliver the change; and the timescales involved. For many of the change programmes and projects the change will be defined in terms of a new system or a new way of working. It is therefore natural that the project deliverable may considered in terms of a system which is capable of being operated or a set of new operating procedures. However, successful implementation of a new system or new operating procedures requires consideration of the transition process to Business As Usual (BAU) state, incorporating factors such as training the staff responsible for operation of the BAU system and timelines for transfer of ownership. We noted that existing project plans do not all extend to cover this transition period. Risks There is a risk that the focus of the change programmes or projects are to deliver new products or processes available for use by Police Scotland rather than considering the full lifecycle of the innovation including full implementation. Without this there is a risk that the change will not be fully implemented and will therefore fail to deliver the expected benefits. In addition there is a risk that the full resources needed to achieve these benefits, including those which are not directly related to the project such as those relating to the delivery of staff training, are not budgeted for resulting in financial and resource capacity planning challenges. Recommendation We recommend that all project business cases and plans should be assessed for their completeness including the estimated costs for full implementation. scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 9

18 Management Action Grade 3 (Operation) Management accepts this finding. Police Scotland will ensure that all Business Cases are fully assessed to ensure that they include all the required estimated costs for full implementation. The Change Board will ensure that all future Business Cases are assessed against full implementation costs. Action owner: Director, Change Due date: 28 September Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

19 2.2 Delivery management and reporting Reporting is currently focused on monitoring the progress being made by programmes and projects as they progress through the planning process. Part of this planning process is a focus on benefits realisation and how these benefits will be measured and monitored as the programme/project progresses. While the above reporting is important to keep the relevant governance boards informed of progress with the required planning, there is less focus on defining the key outputs which a programme or project are expected to deliver and when these can be expected. While benefits are key to the overall success of the Portfolio it is likely that these will only be achieved as the result of the outcome of a programme or project, which in turn is dependent on the delivery of the defined outputs of the programme/project. However, although individual project highlight reports include milestones achieved, summary reporting outlines progress in terms of time and costs and less in relation to what has been delivered. Risk Without an understanding of how well the programmes and projects are doing in terms of delivering the expected outputs there is a risk that a failing project or programme may not be identified and appropriate action taken. This focus on deliverables may also help provide an appropriate re-examination of what the project needs to achieve including full implementation. Recommendation A complete set of scheduled deliverables should be prepared for each of the programmes and projects and maintained based on revised project plans and highlight reports. This information can then be used for preparing summary reports for relevant governance Boards and the SPA on progress being made and provide a suitable source of information for use in celebrating success stories as the portfolio progresses. Management Action Grade 3 (Operation) Management accepts this finding. Police Scotland recognises the importance of not only reporting on benefits but reporting on deliverables expected from the Projects and Programmes. Police Scotland has started to work on creating a view of all Programme and Project deliverables since this review. Police Scotland will create a schedule of deliverables from all Programmes and Projects within the Change Portfolio. This schedule will be used to create reports for relevant governance boards and SPA. Action owner: Director, Change Due date: 26 October 2018 scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 11

20 2.3 Dis-benefit planning and management As mentioned in 1.1 above, while the benefits of a programme or project change may be clearly evident in terms of improvements to police activities, such changes may be perceived by some, particularly by sections of the public, as a potential threat such as to personal liberties. It is therefore important that during all phases of a programme or project sufficient attention is paid to the risk of such disbenefits and appropriate actions and controls put in place to address such concerns. This is an area in which the SPA could play a particular role in supporting the programme and project teams to fairly assess the external perspective to projects. Risk Without adequate dis-benefit planning and management programme or projects may attract negative attention giving rise to avoidable delays and additional time and resources needing to be committed to address valid concerns. Recommendation A more overt assessment of the impact of programmes and projects on the public and other external stakeholders should be included within the planning process. The SPA should also be invited to review such assessments to ensure that they are sufficiently robust and also to assist in addressing any concerns which such assessments may give rise to. Management Action Grade 3 (Design) Management accepts this finding. Part of the new role of the Head of Business Change and Analysis is to ensure Programmes and Projects conduct Change Impact Assessments. These assessments will consider not only the impact on Police Staff and Officers but the wider Public and Stakeholders that Police Scotland serve. These Change Impact assessments will be shared with SPA in order for them to carry out their oversight role. Police Scotland will carry out Change Impact Assessments in all Programmes and Projects. Action owner: Head of Business Change and Analysis/Director, Change Due date: This will be an ongoing piece of work due to the nature of Projects and Programmes update 26 October Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

21 Control Objective : Programme and project delivery is subject to adequate risk, issue, change and dependency management Amber 3.1 Dependency management There is a dependency management approach embedded within the Portfolio Management methodology which has been developed using best practice from across the public sector. It is based on a Give/Get approach whereby both parties to the dependency agree what the dependency is and enter into an agreement in relation to how and when the dependency is to be fulfilled. The dependency management approach should ensure that relevant inter project dependencies are suitably identified. However, the level of detail currently included in the definition is relatively low. Similarly the dependencies are primarily in relation to those between projects within the portfolio and not in relation to other parts of the organisation. This will be particularly relevant in relation to implementation phases when there may be significant demands on operational units and enabling teams such as training. Risk While the current dependency management approach is good, without sufficient detail included in relation to expected deliverables, or inclusion of all dependencies particularly those in relation to implementation, there is a risk that dependencies will fail to be delivered satisfactorily resulting in project delays or potential failure. Recommendation We recommend that as part of the planning process the dependency management approach is expanded to include all requirements including implementation and that these requirements are defined in sufficient detail including a set of detailed acceptance criteria agreed between both parties to the dependency. Management Action Grade 3 (Operation) Management accepts this finding. Police Scotland recognises that dependencies need to be fully mapped and managed within the Portfolio. Police Scotland s Dependency Management process includes all dependencies implementation, between projects and business areas and inter-dependencies between projects. This will be made clearer and Police Scotland will ensure these points are implemented. As more project move in to implementation phases this will also be enhanced. Police Scotland would welcome the auditor to share better practice from other public sector bodies with regards to Dependencies/working examples of how Police Scotland could improve its approach. Action owner: Director, Change Due date: This will be an ongoing piece of work due to the nature of Projects and Programmes update 26 October scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 13

22 3.2 Change controls The current planning and approval process is taking considerable time, partly due to the layers of approval required. While understandable, given the scale and importance of the portfolio, it will be important to agree a set of programme and project tolerances within which delegated responsibility may be given for changes to be made without having to submit the change to multiple layers of approval. For example, while there is a time tolerance of up to 5 weeks before a project change needs to be submitted for approval to the Change Board, there is a zero tolerance in relation to the financial budget. Risk There is a risk that without workable tolerances being agreed and applied the portfolio will be materially delayed. Recommendation The programme and project tolerances should be reviewed to confirm that they are workable but also enforce the expected controls. Again the embedding of the SPA within the assurance structure may also help ensure that any such changes can be more readily reviewed and approved. Management Action Grade 3 (Operation) Management accepts this finding. Given Police Scotland s current approach to financial management we would not propose to change our approach to zero tolerance movement of financial budget within this financial year, all changes to budget must be reported to Change Board. We will look to review all the tolerances at the end of this year in line with our financial planning cycle and the embedding of the new SPA structure. This would then be presented to relevant parties for consideration Action owner: Director, Change Due date: 21 December Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

23 Control Objective 4: Financial and benefits realisation planning appropriately reflect programme / project planning and delivery Amber 4.1 Budget allocation and prioritisation The financial planning process is continuing to improve with detailed budgets for planned projects being presented for approval at the beginning of the financial year. However, it is unclear how required changes to these budgets will be made during the year. Such changes are likely to include a need for re-prioritisation across the Portfolio or accounting for emerging requirements which arise during the year. Risk It will be important for the success of the programme that such changes can be considered and approved by all appropriate parties within short timescales if delays are to be avoided. Recommendation A revised governance structure, through which key stakeholders including the SPA and Scottish Government can be more embedded within individual programmes and projects, and the appropriate use of devolved tolerances, should ensure that all parties are sufficiently well informed to allow quicker decisions to be made regarding resource re-allocation and project prioritisation. Management Action Grade 3 (Operation) Management accepts this finding. (NOTE this action recommendation will be partly addressed by recommendations in 1.1 and 3.2) In addition with regards to the re-allocation of both resources and funding a new Capital Investment Group (and similar forum for reform revenue) has been established, as a sub group of the Finance Board. This group will meet quarterly to review spend to date across change projects and business as usual, and make any decisions required to re-allocated finances and resources. Action owner: Deputy Chief Officer Due date: 21 December 2018 (As per 3.2) scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 15

24 4.2 Cost allocation and time recording Current budgets reflects allocations from capital and reform budgets and allocation of staff costs for those directly involved in the project. Should implementation work not be included in the project, these costs will not currently be considered as part of the overall project budget. At present there are challenges in allocating some staff costs to projects particularly in relation to officers and staff who are only involved in projects on a part time basis. Risk There is a risk that current project budgets do not sufficiently reflect the total lifecycle costs of the whole project including implementation costs thereby creating future financial planning challenges. There is also a risk that costs incurred may be underestimated due to the incompleteness of costs being attributed to the project. Recommendation All projects should include full lifecycle costs including any estimates for resources required for implementation including training time and downtime required for familiarisation with new systems and processes. Appropriate cost allocation tools such as time recording systems should be introduced where appropriate. Management Action Grade 3 (Operation) Management accepts this finding. HMICS have also recently commented on the fact that projects need to reflect full life-cycle costs. Police Scotland will draft new guidelines for Programmes and Projects to use when calculating costs of officers, staff and implementation costs. Time recording will be considered, but we do not plan to adopt time recording across Police Scotland in the near term. Action owner: Director, Change/Chief Finance Officer Due date: 28 September Scottish Police Authority Organisational Change Management Review scott-moncrieff.com

25 Appendix A Definitions Control assessments R Fundamental absence or failure of key controls. A Control objective not achieved - controls are inadequate or ineffective. Y Control objective achieved - no major weaknesses but scope for improvement. G Control objective achieved - controls are adequate, effective and efficient. Management action grades 4 Very high risk exposure - major concerns requiring immediate senior attention that create fundamental risks within the organisation. 3 High risk exposure - absence / failure of key controls that create significant risks within the organisation. 2 1 Moderate risk exposure - controls are not working effectively and efficiently and may create moderate risks within the organisation. Limited risk exposure - controls are working effectively, but could be strengthened to prevent the creation of minor risks or address general house-keeping issues. scott-moncrieff.com Scottish Police Authority Organisational Change Management Review 17

26

27 Scott-Moncrieff Chartered Accountants All rights reserved. Scott-Moncrieff refers to Scott-Moncrieff Chartered Accountants, a member of Moore Stephens International Limited, a worldwide network of independent firms. Scott-Moncrieff Chartered Accountants is registered to carry on audit work and regulated for a range of investment business activities by the Institute of Chartered Accountants of Scotland.