Control and Assurance (principle four)
Internal Control System
The Board retains ultimate responsibility for the organisation’s compliance with all legal, statutory, regulatory and constitutional requirement.
The Board is responsible for establishing and maintaining the whole system of internal control and for reviewing its effectiveness and are also responsible for the active management of risks faced by the organisation.
In addition, to the Organisational Assurance Framework and Scheme of Delegation, a range of routine management oversight processes are a core element of the system of internal control. Routine Board review of these activities support the organisation in achieving robust operational governance.
- Financial/ operational performance indicators
- Actual and forecast budgets and their review
- Longer term business planning and sensitivity analysis
- Treasury and covenant compliance reviews
- Resource planning and people management
- Routine trend analysis and exception reporting
- Information security measures
- Data quality measures
- Policy and procedure framework
- Compliance with law reviews
- Regulatory compliance reviews
- Review relating to health and safety of residents, other customers and employees
- Business continuity arrangements
- Annual management assurance statements
The Organisational Assurance Framework provides the Board with assurance that there are effective controls for key systems and process, with gaps in controls or assurance clearly documented. Housing 21 also maintains comprehensive reports, policies and other documents to demonstrate compliance with the NHF Code of Governance, and Regulatory Standards. The Board takes into account the outcome of these areas when it publishes the Annual Statement of Internal Control which, providing information on the effectiveness of the system of internal control.
-
Audit and Assurance Committee
The Audit and Assurance Committee provides further assurance to the Board that the system of internal controls are effective, with plans and compliance obligations delivered.
The Audit and Assurance Committee acts as an independent scrutiny function and reviews and challenges assurances provided by both management and the internal audit function. The Terms of Reference for the Audit and Assurance Committee are documented in Appendix 8. Their remit covers:
- The review of significant financial reporting issues and judgements made in connection with the preparation of the Group’s financial statements, interim reports, preliminary announcements and related formal statements the areas of External Audit, Internal Audit,
- Overseeing relations with the external auditor, reviewing their independence and effectiveness
- Ensuring that the Group has an effective and efficient internal audit service
- Reviewing the Group’s internal controls (including internal financial controls) and to recommend to the Board an overall risk management strategy and framework
- Review the policies and procedures of the organisation in relation to fraud and whistleblowing and actions taken in respect of incidents which arise.
-
Risk management
The Board maintains ultimate responsibility for risk management, setting the organisation's risk appetite and routinely reviewing it to ensure that it remains appropriate whilst considering the organisations internal and external operating environment.
The Board is responsible for understanding the risk profile of the organisation and the effectiveness of key controls through regular reporting of both operational and strategic risks to the committees of the Board and the Board itself.
The Board routinely considers risk impacts as part of its decision making with specific narrative on risks and related mitigation strategies within Board papers. The Board regularly carries out risk horizon scanning and participates in stress-testing of business plans to identify risks that may pose a material threat to the organisation’s viability, ensuring appropriate mitigation plans are in place.
The Board reports annually within the Annual Report a statement on the risk management work of the Board, including its understanding of principal and emerging risks and how these are being managed or mitigated.
The Board approves the organisation's Risk Management Policy and Framework annually on recommendation from the Audit and Assurance Committee with the document providing information on Board risk appetite and risk identification and reporting processes.
The Audit and Assurance Committee provides assurance to the Board annually on the effectiveness of risk management processes.