Company Monitoring Framework Risks, Strengths and Weaknesses Statement January 2017

Similar documents
Company Monitoring Framework Risks, Strengths and Weaknesses Statement November 2017

RISK STATEMENT & ASSURANCE PLAN. Statement of risks, strengths and weaknesses and draft assurance plans for 2015/16. For consultation.

Information risks, strengths and weaknesses statement October 2017

Bristol Water Information Risk Assessment Consultation. Introduction... 2

Building trust and confidence in our reporting Data Assurance Summary 2017/18

Final Assurance Plan. Annual Performance Reporting

Risks, Strengths & Weaknesses Statement. November 2016

Annual Governance Statement

Review of Compliance. Review completed 30 June 2015 Unclassified summary released October 2015

Statement of Risks, Strengths and Weaknesses of Information 2018/19

Risk Management Strategy

Risk and compliance statement 2017

Company monitoring framework

Bristol Water s Data Assurance Summary 2018/19

LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE

3. In addition, it describes the process the Court will use to evaluate the effectiveness of the institution s internal control procedures.

AFM Corporate Governance Code

Brief for Consultancy Services Governance Review

delivering good governance

29/11/2017. Risk Management Policy

JOB DESCRIPTION: Principal. GRADE: The salary for the post is 100k. RESPONSIBLE TO: Chief Executive Suffolk Academies Trust

Board Charter. Page. Contents

The importance of strong financial governance

The viability statement. Finding opportunities in the new regulatory challenge March 2015

NHS West Essex Clinical Commissioning Group

Statement of Risks, Strengths, Weaknesses and Draft Assurance Plan. Our Consultation for 2018/19 Severn Trent

ASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.

Assessing the effectiveness of the external audit process

NHS Corby Clinical Commissioning Group

Statement of risks, strengths and weaknesses and final assurance plan for 2017/18

NHF 2015 Code of Governance: compliance checklist

Compliance assurance programmes

Information risks, strengths and weaknesses statement

Internal audit in insurance: market issues and trends

CONTINUING PROFESSIONAL DEVELOPMENT (CPD) POLICY

NHS Milton Keynes Clinical Commissioning Group

Code of Governance for Community Housing Cymru s Members (a consultation)

CORPORATE GOVERNANCE FRAMEWORK

CORPORATE GOVERNANCE STATEMENT

AGH SOLUTIONS LIMITED GOVERNANCE FRAMEWORK

External Communications Strategy Summary

NHS DORSET CCG CLINICAL SERVICES REVIEW SPECIFICATION

GOVERNANCE OVERVIEW FROM THE CHAIRMAN

ANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016

Internal Audit Charter. (Board approved 13 April 2012)

OUR ASSURANCE PLAN 2018/19

TA Corporate Risks - Ethical Business Practice and Modern Compliance Framework Technical Annex. September 2018 Version 1.0

ITV plc Corporate Governance

AUDIT COMMITTEE REPORT

Community Housing Cymru s Code of Governance

Could you help lead the NHS in your area?

Customer Online Survey Results Statement of Risks, Strengths and Weaknesses 2017/18

Yorkshire Forum for Water Customers

KING III COMPLIANCE ANALYSIS

2018 Corporate Governance Statement

Gloucestershire Hospitals NHS Foundation Trust

Summary findings inspection quality of statutory audits Big 4 firms

Cymdeithas Tai AELWYD Housing Association AELWYD HOUSING ASSOCIATION CONTINUOUS IMPROVEMENT PLAN

IoD Code of Practice for Directors

Part 3 Accountability and Audit:

Annual Audit Letter. Sheffield Teaching Hospitals NHS Foundation Trust. Year ending 31 March 2018

Varndean College Policies and Procedures

Annual reporting in 2016/17: broad perspective, clear focus Aide mémoire

Company Monitoring Framework 2017/2018. Strengths, risks and weaknesses statement and draft assurance plan

Risk Management Policy

STEVENAGE BOROUGH COUNCIL JOB DESCRIPTION

CONSULTATION ON STRENGTHS, RISKS AND WEAKNESSES AND DRAFT ASSURANCE PLAN

The Annual Audit Letter for South West London and St George's Mental Health NHS Trust

Qatar, 24 May Basel II and Corporate Governance Issues

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

Job Description Director of Capital

General Manager Finance. Purpose of the Finance & Corporate Service Team. Position Purpose. Key Accountabilities

What s the cost of control? Keeping control of your business when cash is king

Addendum to Delivering Good Governance in Local Government: a Framework. Consultation Draft

Archives New Zealand Chief Archivist s Report to the Minister. Public Records Act 2005 Audits 2010/2011

Audit Committee effectiveness

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

Kyte Broking Ltd. Conflicts of Interest Policy Summary Statement. Page 1 of 9

The 10 Characteristics of Successful Multi Academy Trusts

Regulatory Compliance and Quality Review Programme

Strate Compliance with King III. Prepared by: Company Secretary

Office of the Police and Crime Commissioner Devon & Cornwall

1. Is the proposed definition of modern slavery appropriate and simple to understand?

AUDIT COMMITTEE REPORT

Resource type: Project 13. Corporate code principles

Financial Reporting Council THE UK CORPORATE GOVERNANCE CODE

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

82 Greene King plc Annual Report 2010

Advanced Audit Techniques

Position Description Hawke s Bay Regional Council Chief Executive

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

Conducting privacy impact assessments code of practice

BBC protocol F1 BBC Executive Board appointments and remuneration

RISK MANAGEMENT STRATEGY

Code of Corporate Governance

SM&CR Culture Measurement Toolkit

PRINCIPLES OF CORPORATE GOVERNANCE Novus Holdings Limited

THE SCOTTISH GOVERNANCE CODE FOR THE THIRD SECTOR

Regulatory Compliance and Quality Review Programme

GOVERNANCE HANDBOOK COMMUNITY REHABILITATION COMPANIES PUBLIC SECTOR OWNERSHIP MAY May

Transcription:

Company Monitoring Framework Risks, Strengths and Weaknesses Statement January 2017 Risks, Strengths and Weaknesses Statement January 2017 Page 1

Contents Introduction Page 3 About Affinity Water Page 3 About this document Page 3 Regulatory Requirements Page 4 Responding to this consultation Page 5 Our assessment of risks, strengths and weaknesses Page 6 Background Page 6 Information that we provide Page 7 Our approach to assurance and information Page 8 Ofwat s assessment Page 12 Our assessment Page 12 Next steps Page 14 Risks, Strengths and Weaknesses Statement January 2017 Page 2

Introduction About Affinity Water As your local water supplier, we manage water in your area every single day treating it and supplying over 900 million litres of it so we can ensure that 3.6 million people have high quality drinking water when they need it. We understand that we provide an essential service to households and businesses across our region. It is what drives our ambition to be your trusted, community-focused water company. But we face a very real challenge to our ability to continue to meet demand in the longer term. We supply water to one of the fastest-growing, most economically active regions in the country. While demand is increasing, the amount of available water is decreasing. In 2014 we submitted a five-year Business Plan to our regulator which set out a path to meeting this challenge. In developing our Business Plan we sought the views of our customers and stakeholders through face-to-face community meetings, online panels and our Let s Talk Water Campaign. As a result of what our customers told us, we set out 13 key commitments. These commitments are designed to ensure that we: have enough water to meet demand, while leaving enough water in the environment minimise disruption to your supply; provide high quality water; and offer customers a value-for-money service. We want to be open with our customers and stakeholders about our performance. We want you to have trust in our service and confidence in the information we publish about our performance. We encourage you to provide feedback at any time about how we re performing against our commitments. About this document We regularly publish information on our performance to demonstrate to customers, stakeholders and our regulators that we are delivering the services expected of us. Risks, Strengths and Weaknesses Statement January 2017 Page 3

This document considers the risks, strengths and weaknesses of the data we report on, and how we aim to ensure trust and confidence in what we provide. We consider it important to demonstrate to our customers and other stakeholders that we report information on our performance that is transparent, reliable, relevant, complete and up-to-date. This is part of our commitment to demonstrate that we take ownership of the information we report. Regulatory Requirements The water industry regulator, Ofwat, requires different companies to provide different levels of assurance to support the information they publish, depending on Ofwat s confidence in the quality of the information that companies produce. Following the most recent price review process Affinity Water was assessed as a self-assurance company. We were considered to have achieved the highest levels of trust and so able to determine if additional assurance around the information we publish was required. Ofwat categorised companies as targeted where it considers companies have not consistently met the high standards customers and other stakeholders expect. Ofwat classifies companies as prescribed where they have not provided Ofwat with sufficient confidence in their ability to deliver, monitor and report performance. In November 2016, Ofwat informed Affinity Water that it intended to move it into the targeted category following its first annual review of its Company Monitoring Framework. http://www.ofwat.gov.uk/publication/company-monitoring-framework-2016-assessment/ http://www.ofwat.gov.uk/publication/company-monitoring-framework-affinity-water-ltd As a targeted company we have carried out an assessment of the risks, strengths and weaknesses of the systems and processes we have in place to support our Board in providing assurance of the information we report. In this document, we set out the results of our preliminary assessment which we will be sharing with our Audit Committee in February 2017. Our Audit Committee plays a critical role in our governance and assurance processes relating to the information we publish. Our preliminary assessment is designed to act as the basis for consultation with stakeholders. Following the conclusion of our consultation on this statement of risks, Risks, Strengths and Weaknesses Statement January 2017 Page 4

strengths and weaknesses we expect to develop and publish our assurance plan by 31st March 2017, ahead of our annual reporting and assurance programme. Our assurance plan will provide increased transparency around how we support our Board in providing assurance of the information we report as well as addressing the minor concerns noted in Ofwat s updated monitoring framework assessment. It will identify any areas for improvement identified through consultation. Responding to this consultation We would like to hear your views on this document, the way we assess data and information and how we present our performance to customers and other stakeholders. Please contact us at: Trustandconfidence@affinitywater.co.uk We would be delighted to hear from you at any time. For the purposes of preparing our 2017 Assurance Plan it would be helpful if you could let us have any comments before 28th February 2017. We will incorporate all the feedback and consultation responses into our Assurance Plan, which we expect to publish no later than 31st March 2017. In preparing your response, you may wish to consider the following questions: Do you have any concerns about the information we report? Is the information we publish easy to understand? What do you consider to be the most important type(s) of information that we provide? Do you have any concerns about the quality of the information that we provide? Do you feel confident that the data we publish is robust, accurate and reliable? Would you value information presented in a different way? Is there any additional information that we don t currently publish that you would find helpful? Risks, Strengths and Weaknesses Statement January 2017 Page 5

Our assessment of risks, strengths and weaknesses Background Following the most recent price review process Affinity Water was categorised as a self-assurance company. We were considered to have achieved the highest levels of trust and so able to determine if additional assurance is required. This categorisation was consistent with Ofwat s Risk Based Review at PR14 that emphasised the importance of the role of company boards and the assurance of reliable accurate information integral to a high quality plan. In its Risk Based Review, Ofwat stated: Affinity Water provided convincing evidence that its Board has provided strategic direction and leadership and it is clear that the CCG had good access to the company Board. Its Board states that the plan is high quality and this is supported by external assurance as well as from evidence and data elsewhere in the plan. 1 Our Board provided strategic leadership and guidance on all elements of the Business Plan. The Board determined that, in addition to our internal assurance processes, development of the Business Plan would be supported by external assurance provided by independent expert specialists. We therefore implemented a multi-layered assurance process to review and challenge our proposals in line with industry best practice. The support of a thorough independent assurance programme, undertaken by external specialist quality assurance providers, was a critical factor for our Board when providing assurance that our Business plan was of a high quality. We have highlighted this approach, as background to the risk, strengths and weaknesses assessment, as it continues to form the fundamental basis of our approach to providing assurance that information we publish is reliable and accurate. 1 Setting price controls for 2015-20 pre-qualification decision, Ofwat, March 2014, page 37 Risks, Strengths and Weaknesses Statement January 2017 Page 6

Information that we provide Throughout a typical regulatory/financial year we provide information to a range of stakeholders, customer representatives and customers. The diagram below provides a summary of the five main areas where we do this. Risks, Strengths and Weaknesses Statement January 2017 Page 7

Our approach to assurance and information Role of the Board Our Board has overall responsibility for monitoring the Company s systems of internal control and for reviewing the effectiveness of these systems, including financial, operational and compliance controls and risk management, and is advised by our Audit Committee on these matters. As explained earlier, we continue to maintain a multi-layer assurance process. Internal systems and processes Systems are designed to manage the risk of failure to achieve business objectives (though such risk cannot be completely eliminated), and provide reasonable, but not absolute, assurance against material misstatement or loss. Particular features of the systems of risk management, planning and controls include: a comprehensive suite of internal control procedures across both operational and financial matters, supported by segregation of duty matrices and detailed delegated levels of authority; an Internal Audit function, the head of which has direct access to the Audit Committee, together with other internal control and assurance resources which monitor compliance with laws, regulations, policies and procedures; the setting and monitoring of annual budgets at a detailed level supported by a five-year forecast; specialist planning teams retained within the organisation to work on major projects, such as business planning activities, supported by external specialists where appropriate; and the use of appropriate external assurance review, both fiscal and operational. The Board approves the company s annual budget and regularly reviews actual performance. All major transactions are reviewed and approved by the Board. The Company follows the principles of the three lines of defence model, as promoted by the Institute of Internal Auditors and other professional and commercial Risks, Strengths and Weaknesses Statement January 2017 Page 8

organisations, as the basis of its internal assurance process. This internal assurance is achieved as follows: 1st Line: Management control Controls are exercised by the operational managers who own and manage risks day to day. Controls are designed into systems and processes under the guidance of operational management. Managerial and supervisory controls are in place to ensure compliance and to highlight control breakdown, inadequate processes and unexpected events. 2nd Line: Risk management and peer review This comprises risk management and compliance functions established by management to help build and/or monitor the first line of defence controls, ensuring they are properly designed, in place and operating as intended. The functions in this category tend to have some independence from the first line of defence but they are still considered management functions providing peer review. 3rd Line: Internal Audit Internal Audit provides the Board and senior management with comprehensive assurance based on a high level of independence and objectivity within the organisation. Internal Audit provides assurance as to the effectiveness of governance, risk management and internal controls, including the manner in which the 1st and 2nd lines of defence achieve risk management and control objectives. Risks, Strengths and Weaknesses Statement January 2017 Page 9

The Board also makes use of external third party organisations to provide it with external assurance that the information prepared by the management of the Company is accurate and compliant. This particularly applies to major items such as the Annual Report and the tariff setting process. The main sources of assurance are Pricewaterhouse Coopers LLP (PwC), who provide financial assurance, and Atkins Limited, who provide engineering assurance. These contracts are periodically retendered and providers may change. In addition the Board also uses other assurance providers, such as Deloitte, Frontier Economics, Ernst &Young and Oxford Economic Research Associates. Risk management framework We have an established framework for identifying, evaluating and managing the key risks we face. Our aim is to foster a culture in which teams throughout the business manage risks as part of their management of day-to-day operations. Operational risks are recorded and assessed, including existing management and control processes, and an action plan is prepared, if necessary, for further mitigation. Activities against these plans are monitored on an on-going basis. Operational risks are also ranked by our teams during the year. Based on these rankings the most significant risks are discussed by our senior management and included in the strategic risk register, which is presented to the Board and the Audit Committee. The strategic register, that is published in our Statutory Financial Statements, includes the principal regulatory risk of Failure to comply with laws, our instrument of appointment and other recognised standards. This risk encompasses the risks managed at directorate level relating to the provision of inaccurate information to our regulators and stakeholders. Risks, Strengths and Weaknesses Statement January 2017 Page 10

Ref Risk Description Related Principal Risks & Uncertainties Cause Potential impact Risk owner Existing controls RC001 Regulatory Reporting Failure to comply with laws, our instrument of appointment and other recognised standards Incorrect reporting methodology. Reputational impact. Potential financial penalties. Director of Regulation & Corporate Affairs Very well established controlled and documented process for reporting all regulatory performance information to Ofwat that is subject to Reporter and Auditor scrutiny in preparation to for the Audit Committee meeting each year with delegated authority to approve regulatory submission on behalf of the Board. RC026 Information produced for stakeholders is inaccurate Failure to comply with laws, our instrument of appointment and other recognised standards Incorrect reporting methodology. Inaccurate / incomplete data in underlying systems. Negative impact on stakeholder confidence and trust. Reputational impact. Potential financial penalties. Director of Regulation & Corporate Affairs Very well established controlled and documented process for reporting all regulatory performance information to stakeholders that is subject to Reporter and Auditor scrutiny in preparation for the Audit Committee meeting each year with delegated authority to approve publication of relevant information. Our simplified bow tie analysis summarises the output from our framework for identifying and evaluating risk around production of performance data Risks, Strengths and Weaknesses Statement January 2017 Page 11

Ofwat s assessment Ofwat s 2016 assessment found minor concerns with three areas of our activity in the year. We will take the opportunity of being assessed by Ofwat as targeted to review all of our stakeholder interactions. We will also seek to specifically address the areas that Ofwat identified in their review as having potential for improvement. We will: review future notes to our accounts where the wording and tone could be simplified and improved. Specifically, in relation to tax reconciliation, we will aim to make our notes more accessible to stakeholders when they relate to technical matters; work to improve effectiveness of web search results for data assurance: we will ensure that a search for data assurance returns more appropriate results than at present; take the opportunity to review the descriptions of assurance that accompany our financial statements and Annual Performance Report. We will review best practice across the industry and ensure that we learn from it. We will ensure that the assurance statement is no longer embedded within the body of the financial statements; and review how we can best evidence to our regulators and stakeholders the work of our Audit Committee and independent non-executive directors in scrutinising the effectiveness of our systems of control in respect of the integrity of the information and data we report and the work of our internal and external assurance providers. Our assessment As a targeted company we have carried out this preliminary assessment of the risks, strengths and weaknesses of our systems and processes that support our Board in providing assurance of the information we report. Our preliminary assessment is that we have some minor improvements to implement as part of the development of our assurance plan for 2017/18. This assessment is based on the three minor concerns identified by Ofwat, and takes into account our established approach to assurance, where our own internal systems of control are supported by external specialist assurance providers. Specifically we consider: Risks, Strengths and Weaknesses Statement January 2017 Page 12

Risks We have an established framework for identifying, evaluating and managing the key risks we face. Our aim is to foster a culture in which teams throughout the business manage risks as part of their management of day-to-day operations. All identified risks are ranked by our teams during the year. Based on these rankings the most significant risks are discussed by our senior management and included in the strategic risk register, which is reviewed by our Board and Audit Committee. The strategic risk register, that is published in our Statutory Financial Statements, includes the principal regulatory risk of Failure to comply with laws, our instrument of appointment and other recognised standards that includes the risks managed at directorate level relating to the provision of inaccurate information to our regulators and stakeholders. Strengths The role of our Board in providing strategic leadership and the on-going approach of adopting a multi-layer assurance process with external assurance from independent expert specialists in addition to our internal assurance processes.; Our Board has overall responsibility for monitoring the company s systems of internal control and for reviewing the effectiveness of these systems, including financial, operational and compliance controls and risk management, and is advised by our Audit Committee on these matters; Internal systems and processes are designed to manage the risk of failure to achieve business objectives and provide reasonable, but not absolute, assurance against material misstatement or loss. A comprehensive suite of internal control procedures across both operational and financial matters, supported by segregation of duty matrices and detailed delegated levels of authority; Risks, Strengths and Weaknesses Statement January 2017 Page 13

An Internal Audit function, the head of which has direct access to the Audit Committee, together with other internal control and assurance resources which monitor compliance with laws, regulations, policies and procedures; The company follows the principles of the three lines of defence model, as promoted by the Institute of Internal Auditors and other professional and commercial organisations, as the basis of its internal assurance process; The Board also makes use of external third party organisations to provide it with external assurance that the information prepared by the management of the company is accurate and compliant. This particularly applies to major items such as the Annual Report and the tariff setting process; Weaknesses We will address the minor issues identified by Ofwat in its Company Monitoring Framework assessment, as set out above; We acknowledge the opportunity we have to improve the transparency and accessibility of our existing assurance processes to help improve the trust and confidence our stakeholders and customers can have in the information and data we publish and the process by which our Board, supported by our Audit Committee and independent non-executive directors are able to assure them. Following the conclusion of our consultation on this statement of risks, strengths and weaknesses we expect to develop and publish our assurance plan by 31st March 2017, ahead of our annual reporting and assurance programme. Next steps We would like to hear your views on this document, the way we assess data and information and how we present our performance to customers and other stakeholders. Please contact us at: Trustandconfidence@affinitywater.co.uk We would be delighted to hear from you at any time. For the purposes of preparing our 2017 Assurance Plan it would be helpful if you could let us have any comments before Risks, Strengths and Weaknesses Statement January 2017 Page 14

28th February 2017. We will incorporate all the feedback and consultation responses into our Assurance Plan, which we expect to publish no later than 31st March 2017. Risks, Strengths and Weaknesses Statement January 2017 Page 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback