The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content

Report

Annual Report and Accounts 2020 to 2021

The Gambling Commission's 2020 to 2021 Annual Report and Accounts

  1. Contents
  2. Risk and internal control framework

Risk and internal control framework

The Board and Audit and Risk Committee

The Board and Audit and Risk Committee oversee the arrangements in place for the risk management function which operates within the Commission. This framework was reviewed and revised during 2020-21, with the support of the Commission’s internal auditors. Programme risk registers are reviewed monthly at Finance and Performance Group (FPG), and the Senior Leadership Team consider the Corporate Risk Register and any escalations from FPG at their monthly meetings. The Audit and Risk Committee receive the Corporate Risk Register at least once a quarter, and Board discuss risk twice a year.

The risk management strategy

The strategy outlines the objectives and policies for identifying and managing risk to the achievement of the Commission’s strategic objectives and business plan. This also includes the Commission’s tolerance or appetite for risk. The framework sets out management roles and responsibilities, the process for identifying and recording risk, allocating ownership of risk, evaluating risk, determining responses to risk and monitoring and reporting on progress in managing risk. The framework applies to all levels of the organisation up to the Corporate Risk Register.

The Commission’s risk tolerance

The Commission's risk tolerance is expressed through the level of residual risk judged acceptable for each risk identified. Risk owners are required to identify and implement mitigating actions to reduce the residual risk value to an acceptable level.

The Commission’s governance framework

The Commission’s governance framework sets out how the Board manages its affairs and which matters are delegated to the Chief Executive, or to other employees or committees. This is reviewed periodically (typically every three years), with the most recent changes to the overarching framework being made in June 2020.

Specific aspects of this framework are reviewed more frequently to ensure they remain fit for purpose.

The internal audit programme

The internal audit programme focuses on the requirement to provide assurance that the risks faced by the Commission are properly managed and controlled. Where control weaknesses are identified, these are drawn to the attention of senior managers, who are responsible for determining and implementing an appropriate response.

In their annual report, the Commission’s internal auditors for 2020-21 (PwC) provide an independent opinion on the adequacy and effectiveness of the Commission’s system of internal control, together with recommendations for improvement. During the year, PwC carried out specific reviews on the following subjects:

  • Governance and Assurance – risk management framework
  • Financial Systems – managing income
  • 4th National Lottery Licence Competition
  • information and intelligence management
  • performance reporting and monitoring
  • business continuity and disaster recovery.

No fundamental weaknesses were identified in the Commission’s control and assurance processes.

Is this page useful?
Back to top