Annual Report and Accounts 2020 to 2021
Risk and internal control framework
The Board and Audit and Risk Committee
The Board and Audit and Risk Committee oversee the arrangements in place for the risk management function which operates within the Commission. This framework was reviewed and revised during 2020-21, with the support of the Commission’s internal auditors. Programme risk registers are reviewed monthly at Finance and Performance Group (FPG), and the Senior Leadership Team consider the Corporate Risk Register and any escalations from FPG at their monthly meetings. The Audit and Risk Committee receive the Corporate Risk Register at least once a quarter, and Board discuss risk twice a year.
The risk management strategy
The strategy outlines the objectives and policies for identifying and managing risk to the achievement of the Commission’s strategic objectives and business plan. This also includes the Commission’s tolerance or appetite for risk. The framework sets out management roles and responsibilities, the process for identifying and recording risk, allocating ownership of risk, evaluating risk, determining responses to risk and monitoring and reporting on progress in managing risk. The framework applies to all levels of the organisation up to the Corporate Risk Register.
The Commission’s risk tolerance
The Commission's risk tolerance is expressed through the level of residual risk judged acceptable for each risk identified. Risk owners are required to identify and implement mitigating actions to reduce the residual risk value to an acceptable level.
The Commission’s governance framework
The Commission’s governance framework sets out how the Board manages its affairs and which matters are delegated to the Chief Executive, or to other employees or committees. This is reviewed periodically (typically every three years), with the most recent changes to the overarching framework being made in June 2020.
Specific aspects of this framework are reviewed more frequently to ensure they remain fit for purpose.
The internal audit programme
The internal audit programme focuses on the requirement to provide assurance that the risks faced by the Commission are properly managed and controlled. Where control weaknesses are identified, these are drawn to the attention of senior managers, who are responsible for determining and implementing an appropriate response.
In their annual report, the Commission’s internal auditors for 2020-21 (PwC) provide an independent opinion on the adequacy and effectiveness of the Commission’s system of internal control, together with recommendations for improvement. During the year, PwC carried out specific reviews on the following subjects:
- Governance and Assurance – risk management framework
- Financial Systems – managing income
- 4th National Lottery Licence Competition
- information and intelligence management
- performance reporting and monitoring
- business continuity and disaster recovery.
No fundamental weaknesses were identified in the Commission’s control and assurance processes.
Last updated: 21 July 2021
Show updates to this content
No changes to show.