Internal Audit Report Corporate Governance and Risk Management

Similar documents
Audit Committee, 20 March Internal Audit Report Stakeholder Communications. Executive summary and recommendations.

Internal audit report Follow-up of previous recommendations

Committee on Standards in Public Life 'Ethics for Regulators' Review. CSPL Ethics for Regulators Review: Regulators Survey

University of Birmingham. Protocol for the Governance of University Wholly Owned Subsidiary Companies and Companies

APPLICATION OF THE KING IV REPORT ON CORPORATE GOVERNANCE FOR SOUTH AFRICA 2016 TM (King IV TM )

Risk Management Strategy

Grant Thornton s annual report on the HCPC s governance, risk management and internal control systems is attached.

GOVERNANCE HANDBOOK COMMUNITY REHABILITATION COMPANIES PUBLIC SECTOR OWNERSHIP MAY May

CORPORATE GOVERNANCE STATEMENT

Australian Securities Exchange Notice

Audit & Risk Committee Charter

FINAL 2017 AUDIT AND RISK COMMITTEE CHARTER SUNLAND GROUP LTD ACN

The Gym Group plc. (the Company ) Audit and Risk Committee - Terms of Reference. Adopted by the board on 14 October 2015 (conditional on Admission)

Code of Governance for Community Housing Cymru s Members (a consultation)

4.5 discuss with the external auditor the auditor s judgments about the quality and acceptability of the Group s accounting principles;

LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE

Corporate Governance Statement

AUDIT & RISK MANAGEMENT COMMITTEE CHARTER

The Corporate Governance Statement is accurate and up to date as at 30 June 2018 and has been approved by the board.

UNITY TRUST BANK PLC ( the Bank ) AUDIT AND RISK COMMITTEE. Terms of Reference

TO THE POLICE AND CRIME COMMISSIONER FOR MERSEYSIDE AND THE CHIEF CONSTABLE OF MERSEYSIDE JOINT AUDIT COMMITTEE ANNUAL REPORT

ZPG PLC (THE COMPANY) AUDIT COMMITTEE - TERMS OF REFERENCE adopted by the Board on 6 July 2017

SPIRE HEALTHCARE GROUP PLC (THE COMPANY) AUDIT AND RISK COMMITTEE - TERMS OF REFERENCE

INTERNAL AUDIT PLAN AND CHARTER 2018/19

The NAO letter is provided to the Committee for its consideration.

Corporate Governance Statement Australian Men s Shed Association

AdAlta Limited ABN

The quorum necessary for the transaction of business shall be two members.

UNITY TRUST BANK PLC ( the Bank ) AUDIT AND RISK COMMITTEE

Information Commissioner's Office

The Institute of Directors of South Africa ( IoDSA ) is the convener of the King Committee and the custodian of the King reports and practice notes.

NHF 2015 Code of Governance: compliance checklist

FarmaForce Limited (ACN ) Corporate Governance Statement

ConvaTec Group Plc (the Company) AUDIT AND RISK COMMITTEE - TERMS OF REFERENCE adopted by the board on 12 October 2016

Interims, Specialists and Consultants City of York Council Internal Audit Report 2015/16

Risk Management and Assurance Strategy

City College Plymouth

Corporate Governance Statement. APN Property Group August 2017

Charity Governance Code. Checklist for small charities UNW LLP

Informa PLC TERMS OF REFERENCE AUDIT COMMITTEE. Adopted by the Board on

Informa PLC TERMS OF REFERENCE AUDIT COMMITTEE. Effective 1 st January

REDDE PLC AUDIT COMMITTEE TERMS OF REFERENCE APPROVED BY THE BOARD ON 26 TH JULY 2017

LLOYDS BANKING GROUP AUDIT COMMITTEE TERMS OF REFERENCE (LLOYDS BANKING GROUP PLC, LLOYDS BANK PLC, BANK OF SCOTLAND PLC & HBOS PLC)

Audit Committee Annual Report. Director of Corporate Governance. Stage 1 only (no negative impacts identified)

Community Housing Cymru s Code of Governance

Ibstock plc. (the Company) Audit Committee - Terms of Reference

Network Rail Limited (the Company ) Terms of Reference. for. The Audit and Risk Committee of the Board

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

Key to Disclosures Corporate Governance Council Principles and Recommendations

Terms of Reference - Audit Committee

CORPORATE GOVERNANCE STATEMENT 30 JUNE 2017

Corporate Governance. Governance. 28 Low & Bonar Annual Report 2009

RISK MANAGEMENT FRAMEWORK

Terms of reference for the risk committee

BOTSWANA ACCOUNTANCY OVERSIGHT AUTHORITY (BAOA)

For personal use only

Principle 1 Lay solid foundations for management and oversight.

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

GOVERNANCE FRAMEWORK

Corporate Governance Statement

Office for Budget Responsibility Oversight Board Terms of reference January 2016 Context 1. The OBR comprises the Chair of the OBR and the two other

2018 Corporate Governance Statement

Risk Management Strategy Review. Deloitte recommendations and Implementation Plan

C O R P O R A T E G O V E R N A N C E S T A T E M E N T

GENERAL GUIDANCE NOTE The Board Charter aligned to King IV August 2018

Cardno Limited Corporate Governance Statement

ECS ICT Berhad (Company No H) Board Charter

Appendix 4G. Key to Disclosures Corporate Governance Council Principles and Recommendations

AUDIT COMMITTEE CHARTER

AFM Corporate Governance Code

AUDIT COMMITTEE: TERMS OF REFERENCE

Contract Management Final Report March 2016

Corporate Governance Council Principles and Recommendations. Appendix 4G

LEGAL AID BOARD BOARD EVALUATION FINAL REPORT

Joint Report of PCC s Chief Finance Officer and Chief Constable s Director of Resources. Joint Audit Committee s Draft Annual Report for 2013/14

Statement of Corporate Governance Practices 2016

Key to Disclosures Corporate Governance Council Principles and Recommendations

King IV application report In pursuit of growth

4.1. The quorum necessary for the transaction of business shall be two members.

CORPORATE GOVERNANCE STATEMENT

Corporate Governance Statement

Renewal and Succession Strategy for Non-Executive Board Members and Committee Members

For personal use only

CORPORATE GOVERNANCE KING III COMPLIANCE

The Community Housing Group Ltd. Governance Framework

Board Charter Z Energy Limited

2.2. Attendance: Others may be invited by the Chair to attend all or part of any meeting (but they will not be entitled to vote).

The University s responsibilities and its arrangements for internal audit Internal audit protocol 2012/13

COATS GROUP PLC (the "Company") TERMS OF REFERENCE FOR THE AUDIT & RISK COMMITTEE Adopted by the Board on 28 July 2017

ANGLOGOLD ASHANTI LIMITED Registration No. 1944/017354/06 ( AGA or the Company ) REMUNERATION AND HUMAN RESOURCES COMMITTEE TERMS OF REFERENCE

CORPORATE GOVERNANCE STATEMENT 2018

ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY

Appendix 4G. Key to Disclosures Corporate Governance Council Principles and Recommendations

Strate Compliance with King III. Prepared by: Company Secretary

Key to Disclosures Corporate Governance Council Principles and Recommendations

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

King lll Principle Comments on application in 2013 Reference in 2013 Integrated Report

Australian Agricultural Projects Ltd ABN:

Code of Corporate Governance

Aurora Energy Corporate Governance Disclosures

Transcription:

Audit Committee, 13 March 2013 Internal Audit Report Corporate Governance and Risk Management Executive summary and recommendations Introduction Mazars has undertaken a review of the arrangements for corporate governance and risk Management in accordance with the internal audit plan agreed by the Committee in March 2012. The audit considered the following risks: Council members conflict of interest. Failure to meet Council/Committee quorums. Expenses claim abuse by members. Weak or non-existent controls to mitigate against the risks associated with HCPC s objectives. Failure to review/monitor risks in a regular structured manner. The report is attached as an appendix to this paper. Decision The Committee is asked to discuss and approve the report Background information At its meeting in March 2012 the Committee approved the Internal Audit Plan for 2012/13 Resource implications None Financial implications None Appendices Internal Audit Report Corporate Governance and Risk Management Date of paper 1 March 2013

Internal Audit Report Corporate Governance and Risk Management (07.12/13) REPORT

Health & Care Professions Council Corporate Governance& Risk Management (07.12/13) CONTENTS Page 1. Introduction 1 2. Background 1 3. Scope and objectives of the audit 3 4. Audit Findings: One page summary 5 5. Summary of findings 6 6. Action plan agreed with management 8 Appendix 1 Definitions of Assurance Levels and Recommendations AUDIT CONTROL SCHEDULE: Client contacts: Louise Hart: Secretary to the Council Greg Ross-Sampson: Director of Operations Roy Dunn: Head of Business Process Improvement Internal Audit Team: Peter Cudlip: Partner Graeme Clarke: Director James Sherrett: Assistant Manager Finish on Site \ Exit Meeting: Last information received: 31 January 2013 5 Management responses received: 11 12 Draft report issued: 7 Final report issued: 12 In the event of any questions arising from this report please contact Graeme Clarke, Director, Mazars LLP graeme.clarke@mazars.co.uk Status of our reports This report and has been prepared for the sole use of the Health and Care Professions Council. This report must not be disclosed to any third party or reproduced in whole or in part without the prior written consent of Mazars LLP. To the fullest extent permitted by law, no responsibility or liability is accepted by Mazars LLP to any third party who purports to use or rely, for any reason whatsoever, on this report, its contents or conclusions.

1. INTRODUCTION 1.1 As part of the Internal Audit Plan for 2012/13, we have undertaken a review of the Health and Care Professions Council s (HCPC) arrangements for corporate governance and risk management. These areas were included in the Plan in order to fulfil our professional obligations as Internal Auditors according to the requirements set by the Institute of Internal Auditors. In addition, HCPC has identified a number of risks associated with corporate governance within its Risk Register. 1.2 Our review of these areas in 2011/12 led us to provide a Substantial assurance in both areas with three Priority 3 recommendations for corporate governance (report 06.11/12 refers) and two Priority 3 recommendations for risk management (05.11/12). Progress on the implementation of these recommendations was reviewed as part of our Follow Up visit (01.12/13), with only one recommendation in respect of corporate governance considered to be outstanding, although in the process of being implemented at the time of our visit in September 2012. 1.3 We are grateful to the Council Chair, Secretary of the Council, Head of Business Process Improvement and other members of staff for their assistance during the course of the audit. 1.4 This report is for the use of the Audit Committee and senior management of HCPC. The report summarises the results of the internal audit work and, therefore, does not include all matters that came to our attention during the audit. Such matters have been discussed with the relevant staff. 2. BACKGROUND Corporate Governance 2.1 HCPC is a regulator and was established to protect the public. To do this HCPC maintains a register of professionals who meet the standards for the professional skills and behaviour. Individuals on the Register are called registrants. 2.2 The Council currently consists of 20 members, of whom 10 are registrant and 10 are lay members. Of the 10 registrants, members include professionals from across the professions it regulates. The 10 lay members are recruited from a wide range of different professions and backgrounds. This seeks to ensure a broad knowledge base and diverse input into strategy development, implementation and monitoring. 2.3 The Council is currently supported by four statutory committees: Education and Training; Conduct and Competence; Health; and, Investigating. There are also five non-statutory committees which the Council have decided will assist in discharging its duties: Audit; Finance and Resources, which also sits as the Remuneration Committee; Communications; and Fitness to Practise. 2.4 The Council for Healthcare Regulatory Excellence (CHRE) in their interim report, published in September 2011, Board size and effectiveness: advice to the Department of Health regarding health professional regulators, suggested that Councils reduce their membership from 20 to between 8 and 12. The HCPC is currently reviewing how best to carry out the process of restructuring its Council and Committees. It is anticipated that the restructure will be complete by January 2014. Page 1

2.5 In November 2012, the Centre for Health Service Economics and Organisation (CHSEO) published its report Cost-efficiency review of the health professional regulators reporting on the cost effectiveness of health regulators against a range of metrics. In terms of the Governance metric the report states that the HPC s low scale-adjusted unit costs are notable since there are other regulators that have significantly higher scale-adjusted unit costs. It should be noted that this report uses data available prior to the on-boarding of social workers and the transition from HPC to HCPC. 2.6 In July 2011, HM Treasury and the Cabinet Office jointly issued Corporate governance in central government departments: Code of good practice together with a related Guidance document. The Code recognises that government departments need to be business-like and operate according to recognised precepts of good governance in business: Leadership articulating a clear vision for the department and giving clarity about how policy activities contribute to achieving this vision, including setting risk appetite and managing risk; Effectiveness bringing a wide range of relevant experience to bear, including through offering rigorous challenge and scrutinising performance; Accountability promoting the government s goal of transparency through clear and fair reporting; and Sustainability taking a sensible, long-term view about what the department is trying to achieve and what it is doing to get there. While the Code of good practice is focussed on ministerial departments and smaller departments, Non-Departmental Public Bodies and other bodies are encouraged to adopt the practices set out in the Code wherever this is relevant and practical. The Code recognises that there is scope to develop a Code of Good Practice for nonministerial departments and for arm s-length bodies in the near future and that such a Code would need to be commensurate with the size, status and legal framework of the organisation. Nevertheless, the principles on which the Code is based are broadly applicable to HCPC. Risk Management 2.7 HM Treasury guidance states that Risk management covers all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress. Good risk management helps reduce hazard, and builds confidence to innovate. 2.8 HCPC s Audit Committee approved a statement in November 2010 defining the organisation s risk appetite as risk averse. This sets the tone for the organisation s approach to risk management. 2.9 Risk management processes at HCPC are embedded within the business planning cycle. For example, risks identified in the risk register include strategic risks which relate to HCPC s Strategic Intentions and Directorate/Department and risks which are aligned to the Annual Work Plans and objectives for those Directorates/ Departments. Significant projects undertaken by HCPC also have their own risk registers as part of the usual project management processes. Page 2

2.10 Risk registers have a consistent format and clearly identify scoring, risk mitigation controls and responsibility for, and ownership of, risks and associated mitigation actions. 2.11 The Risk Register is subject to regular review and monitoring by senior management within HCPC and formal review by all Risk Owners and the Executive Management Team (EMT) on a six-monthly basis. The Audit Committee also receives assurances on the adequacy and effectiveness of risk management arrangements on a regular basis through a variety of means. These include formal presentations by Risk Owners, on a rotation basis, to the Audit Committee covering the risks for which they are responsible. The Audit Committee also receives a Top Risks paper at six monthly intervals. 2.12 There have been no significant changes to HCPC s risk management framework since our last review of the area in 2011/12. 3. SCOPE AND OBJECTIVES OF THE AUDIT 3.1 Our audit considered the following risks relating to the area under review: Council members conflict of interest (HCPC Risk Register, Ref 4.2); Failure to meet Council/Committee quorums (HCPC Risk Register, Ref 4.4); Expenses claim abuse by members (HCPC Risk Register, Ref 4.11); Weak or non-existent controls to mitigate against the risks associated with HCPC s objectives, leading to non-achievement of objectives, financial loss or reputational damage; and Failure to review/monitor risks in a regular structured manner, leading to nonachievement of the HCPC s objectives. 3.2 In reviewing the above risks, our audit considered the following areas: Roles and responsibilities of the Council and its members; Attendance of members and quoracy of meetings including monitoring and reporting back to Council; Members expenses; Induction and training for members; Processes for the appraisal and assessment of Council and Committee members; Administration and maintenance of HCPC s Risk Register including its review and update during the year; and Processes for the identification, scoring and recording of risks. 3.3 The audit did not consider policies and procedures covering Anti-Bribery, Fraud, Gifts and Hospitality, Declarations of Interest as a separate internal audit advisory review of HCPC s arrangements for ensuring compliance with the Bribery Act was being undertaken alongside this review. Page 3

3.4 Our review of risk management represents a high level review of HCPC s risk management framework only, with consideration of individual risks within the Risk Registers and identified controls being undertaken as part of individual assignments in accordance with the Internal Audit Strategy. 3.5 The objectives of our audit were to evaluate the adequacy and effectiveness of HCPC s arrangements for corporate governance and risk management, and the extent to which controls have been applied, with a view to providing an opinion on the extent to which risks in this area are managed. In giving this assessment, it should be noted that assurance cannot be absolute. The most an Internal Audit service can provide is reasonable assurance that there are no major weaknesses in the framework of internal control. 3.6 We are only able to provide an overall assessment on those aspects of the controls and arrangements for corporate governance and risk management that we have tested or reviewed. The responsibility for maintaining internal control rests with management, with internal audit providing a service to management to enable them to achieve this objective. Specifically, we assess the adequacy of the internal control arrangements implemented by management and perform testing on those controls to ensure that they are operating for the period under review. We plan our work in order to ensure that we have a reasonable expectation of detecting significant control weaknesses. However, our procedures alone are not a guarantee that fraud, where existing, will be discovered. Page 4

4. AUDIT FINDINGS: ONE PAGE SUMMARY Assurance on effectiveness of internal controls Substantial Assurance Recommendations summary Priority No. of recommendations Corporate Governance Risk Management 1 (Fundamental) None None 2 (Significant) None None 3 (Housekeeping) 2 None Total 2 0 Risk management HCPC s Risk Register contains a specific section of risks associated with corporate governance. Some of these are detailed in 3.1 above. Testing undertaken as part of this audit has confirmed that the main mitigating actions identified by HCPC on its Register are in place and operating effectively. There have been no significant changes to HCPC s risk management framework since the last review of this area and testing undertaken as part of this review has confirmed the framework continues to work effectively including the regular review and update of the Risk Register. Value for money In respect of corporate governance, implications can arise in the extent of Council Members and management time spent at meetings, as well as resources involved in the administration of the meetings and wider framework. As detailed in Section 2, CHSEO s report Cost-efficiency review of the health professional regulators, indicates that for the Governance metric, HCPC has performed well in terms of cost effectiveness in comparison to other health regulators. One area highlighted for further attention (and through our work in 2011/12 and 2012/13 Follow Up) is market testing of the contractual arrangement with Co-operative Travel for the administration of air and train travel expenses for members. Additionally, as part of this review, we identified in a number of cases that Co-Operative Travel are not being used and arrangements are often not made sufficiently early to ensure that advance bookings savings are gained. Value for money implications in risk management arise through the extent of arrangements put in place and the on-going administration of the framework. HCPC has sought to embed risk management throughout its operational processes, for example, the business planning cycle and Directorate/Department work plans and the framework appears to meet HCPC s needs. Page 5

5. SUMMARY OF FINDINGS Overall conclusion on effectiveness and application of internal controls 5.1 Taking account of the issues identified in paragraphs 5.2 to 5.3 below, in our opinion the control framework for corporate governance and risk management, as currently laid down and operated at the time of our review, provides substantial assurance that risks material to the achievement of HCPC s objectives are adequately managed and controlled. Areas where controls are operating effectively 5.2 The following are examples of controls which we have considered are operating effectively at the time of our review: Corporate Governance Comprehensive governance documentation is in place and is accessible by interested parties via HCPC s website; There are clear expectations relayed to Members in terms of attendance, with on-going monitoring by the Secretariat and review as part of the annual appraisal process for Members; A formal induction programme for Members is in place. In addition, training and learning opportunities for Members are identified through the annual appraisal process with the Chair; Reports and papers are provided to Council and Committee in a timely manner, together with support provided by the Secretariat, help to enable effective decision-making; and An Expenses policy is in place which explicitly details the responsibilities of Members. All expenses incurred are checked against the policy and monitored through the use of a spread sheet within the Secretariat. We have, however, made a further recommendation in respect of travel expenses for Members as part of this review and in addition to the one made during our review in 2011/12; Risk Management The Risk Register continues to be subject to formal review by the Chief Executive and Registrar, Director of Operations and Head of Business Process Improvement on a regular basis and by the whole Executive Management Team on a six-monthly basis; Risk management processes are embedded within the business planning cycle and Directorate and Department Annual Work Plans recognise potential risks to the achievement of objectives and identify risk mitigation controls and arrangements; Significant projects undertaken by HCPC have their own risks and issues logs as part of the usual project management processes. An update on projects, including the risks associated with them, is provided to the Finance & Resources Committee as part of the Operations Report; and On a rotation basis, Risk Owners are required to present the risks to the Audit Committee for which they are responsible. Page 6

Areas for further improvement 5.3 We identified certain areas where there is scope for further improvement in the control environment. The matter arising has been discussed with management and has been, or is being, addressed as detailed in the management action plan (Section 6 below). 5.4 At the Audit Committee meeting in September 2012 a discussion took place on the Risk Register and the Top Risks paper which were presented. This included that it would be helpful if the description of the top risks included a statement on whether each risk had crystallised since the previous iteration of the Risk Register. The next presentation of the Top Risks paper, as part of the six-monthly presentation cycle, is due at the March 2013 meeting and hence we have not made a formal recommendation in relation to this matter. Page 7

Health & Care Professions Council Corporate Governance &Risk Management (07.12/13) 6. ACTION PLAN Observation/Risk Recommendation Priority Management response Timescale/ responsibility 6.1 Observation: In the context of the CHRE interim report, published in September 2011, Board size and effectiveness: advice to the Department of Health regarding health professional regulators, the Council will be restructured with the number of members reducing from January 2014. This is also anticipated to result in a reduction in the number of Committees with more business being dealt with by the full Council. As planned, the Secretariat should, in conjunction with the Chair and other Members, determine a plan for the implementation of a new governance structure. As part of this plan consideration should be given to the following areas:- - ensuring that the Council is able to maintain its strategic oversight and horizon-scanning roles without becoming overloaded by operational matters; 3 During 2013, the governance arrangements including the Code of Corporate Governance will be reviewed. Furthermore, detailed planning will be undertaken in relation to the appointments process for members of council and this will include reviewing the competencies required and ensuring the breadth of skill mix across the newly recruited council members. Secretary to the Council Therefore HCPC will need to establish a clear plan in order to achieve this, whilst ensuring that its governance arrangements continue to operate effectively. Risk: Governance arrangements are made less effective - skills-sets, experience and knowledge required of Council members and whether there are any gaps, through the use of a skills matrix; - time commitments required of Members; - the independence of the Chair of the Audit Committee; - ensuring that the risk oversight functions which were carried out, at least implicitly, by Committees is transferred to either the Council or Audit Committee; and - quoracy requirements of the Council and remaining Committees. Page 8

Health & Care Professions Council Corporate Governance &Risk Management (07.12/13) Observation/Risk Recommendation Priority Management response Timescale/ responsibility 6.2 Observation: As part of our review in 2011/12, we made a recommendation around market testing of the preferred supplier arrangements for providing train and air travel arrangements for Partners and Members with Co- Operative Travel. At the time of our Follow Up in September 2012 this was in the process of being undertaken. Review of a sample of Council and Committee Members expense claims found that in several cases rail travel and flight bookings were made on the same day or only very slightly before the travel was to take place. This means that potential savings for advance bookings are not being achieved. In three cases the bookings were not at least two weeks in advance, as required by the Expenses Policy for Council and Committee members. Members should be reminded of the need to make travel bookings sufficiently in advance to enable advance bookings savings to be made and at least two weeks in advance as per the Expenses Policy for Council and Committee members. 3 Once consideration has been given to this report by the Audit Committee, the Secretary to Council will write out to all members to remind them of the Expenses policy in place and the need to book travel as far in advance as possible. March 2013 Secretary to the Council Risk: Failure to ensure value for money on travel expenses. Page 9

Health & Care Professions Council Corporate Governance &Risk Management (07.12/13) Appendix 1 Definitions of Assurance Levels and Recommendations We use the following levels of assurance and recommendations in our audit reports: Assurance Level Adequacy of system design Effectiveness of operating controls Substantial Assurance: Adequate Assurance: Limited Assurance: While a basically sound system of control exists, there is some scope for improvement. While a generally sound system of control exists, there are weaknesses which put some of the system objectives at risk. Control is generally weak leaving the system open to significant error or abuse. While controls are generally operating effectively, there is some scope for improvement. While controls are generally operating effectively, there are weaknesses which put some of the system objectives at risk. Control is generally weak leaving the system open to significant error or abuse. Recommendation Grading Definition Priority 1 (Fundamental) Priority 2 (Significant) Priority 3 (Housekeeping) Recommendations represent fundamental control weaknesses, which expose, HCPC to a high degree of unnecessary risk. Recommendations represent significant control weaknesses which expose, HCPC to a moderate degree of unnecessary risk. Recommendations show areas where we have highlighted opportunities to implement a good or better practice, to improve efficiency or further reduce exposure to risk. Page 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback