Neidio i’r prif gynnwys
English Cymraeg

Annual Report to the FSA Board from the Chair of the Audit and Risk Assurance Committee (ARAC)

FSA 23-09-04 This annual report provides the Board with a summary of the work undertaken by the FSA ARAC during 2022/23 in accordance with the ARAC’s Terms of Reference

Diweddarwyd ddiwethaf: 7 September 2023
Diweddarwyd ddiwethaf: 7 September 2023

1. Summary

1.1    To provide the Board with a summary of the work undertaken by the FSA ARAC during 2022/23 in accordance with the ARAC’s Terms of Reference (see Annex C). 

1.2    The Board is asked to:

  • Note the work that has been undertaken by the ARAC during the 2022/23 financial year; and
  • Note that this report has been agreed with the other Members of the ARAC.

2. Introduction

2.1    The report sets out the work of the ARAC that I have chaired since 1 September 2022 in relation to the Committee’s activities in England, Wales, and Northern Ireland (NI) during the year to 31 March 2023. 

2.2    I would like to thank all my fellow Board Members who served on the ARAC during the year, including my predecessor as Chair of ARAC, Colm McKenna, the Executive and in particular, the Chief Executive (CE), Emily Miles, as well as the Board Secretariat team for their supportive and professional approach. 

2.3    I would also like to thank the FSA’s Internal Audit Team, Tara Smith, the Director of People and Resources, other FSA officials and representatives of the National Audit Office (NAO) who have attended the meetings during the year to present reports which have provided the basis for much of the ARAC’s work. 

2.4    The respective roles of the Chief Executive, ARAC and Board are set out at Annex A. 

3. Discussion

Key events in 2022/23

3.1    ARAC meetings continued to be held virtually.  They took place in May, June, October and November 2022 as well as February and March 2023.  I replaced Colm McKenna as Chair of ARAC after his term of appointment ended in August 2022.  For details of ARAC Membership see Annex B.

3.2    The drafts of the Head of Audit Assurance’s 2021/22 Annual Report and Opinion and the Chair’s Annual Report to the Board for 2021/22 were discussed at the May 2022 meeting.  The draft 2021/22 Annual Report, Governance Statement and Accounts was discussed at the June 2022 meeting.  An early draft of the governance statement for 2022/23 was discussed at the March 2023 ARAC meeting.

3.3    The corporate risk register was presented to, and discussed by, ARAC at the May and November 2022 meetings.  The Committee also received regular risk management updates at ARAC meetings on the FSA’s mitigations in relation to risks associated with the cost-of-living crisis and cyber security.  These included a deep-dive on Cyber Security and Data Governance presented to ARAC at the February 2023 meeting.  

3.4    ARAC reviewed and discussed the draft internal audit and regulatory audit assurance plans for 2023/24 when we met in February 2023.  The audit plans were approved at the March 2023 meeting with the understanding that these may be subject to revision over the year in response to changes in the FSA’s risk profile or other events impacting on the FSA.

3.5    ARAC received notification of and regular updates on any investigations conducted during the year where there was potential for compliance, financial, or reputational risk.

The FSA’s 2021/22 Annual Report and Accounts (ARA) 

3.6    The draft 2021/22 accounts and annual report were discussed at the June 2022 ARAC meeting.  Four sets of accounts were provided to the Committee: the consolidated set of accounts and one set each for England, Wales, and NI.  No significant issues were raised by Members in relation to the accounts. 

3.7    Due to resourcing constraints and delays in the Local Government Pension Scheme (LGPS) pension valuation the NAO did not complete their audit of the FSA accounts until September 2022.  At the October 2022 meeting, ARAC acknowledged the changes to the ARA since the previous meeting and NAO presented their audit completion report.  This confirmed that there had been no material adjustments to the ARA arising from their audit.  It was agreed that the four sets of accounts would be submitted to the Comptroller and Auditor General for certification at the same time.

3.8    At the November meeting, ARAC received an update on the progress of the ARAs which included the late receipt of LGPS information and the timetable for the Comptroller and Auditor General sign-off.  The Accounting Officer subsequently signed the accounts for FSA on 9 January 2023.  The consolidated accounts were laid before parliament on 19 January 2023.  

FSA internal audit and regularity audit work 2022/23

3.9    All final internal audit and regulatory audit reports issued during the year were shared with me (or the previous ARAC Chair).  Other ARAC Members received a copy of audit reports with a “limited” or “unsatisfactory” opinion (see Annex D for audit assurance level definitions) and relevant Directors were invited to discuss such reports with ARAC.

3.10    Two audits completed at the end of 2021/22 (Post Mortem Inspection and Food Chain Information / Collection and Communication of Inspection Results) and one during 2022/23 (Environmental Management System), which resulted in a “limited” opinion, were discussed at ARAC.  The Committee had productive discussions with the executive on issues highlighted by these reports and management have either implemented or are taking forward agreed actions to reduce the risks in these areas.  No audits had an “unsatisfactory” opinion.

3.11    The executive summary of each report with a “substantial” or “moderate” opinion was shared with ARAC Members as part of the progress report on audit activities presented to ARAC meetings.  The Committee was updated regularly on actions taken by management teams to address the issues raised in all internal and regulatory audit reports.

3.12    A summary of assurance activities and outputs for 2022/23 is in the table below.  The figures for 2021/22 are provided for comparison.

Assurance activities and outputs: Regulatory audit reports Number of reports 2021/22 Number of reports 2022/23
Substantial 1 2
Moderate 4 4
Limited 0 1
Unsatisfactory 0 0
Advisory reports / Management letters 1 1

 

Assurance activities and outputs: Regulatory audit reports Number of reports 2021/22 Number of reports 2022/23
Substantial 2 0
Moderate 1 3
Limited 2 0
Unsatisfactory 0 0
Opinion not applicable 0 2

 

Activities and outputs Number of reports 2021/22 Number of reports 2022/23
Total number of reports 11 13
Number of planned audits 18 15

3.13    The FSA implemented the Local Authority Recovery Plan in July 2021 to enable local authorities to return to normal routine inspections of food businesses by April 2023.  FSA’s local authority auditors in England, Wales and Northern Ireland conducted assessments of local authority implementation of the Recovery Plan during the last quarter of 2021/22 and issued a summary report on the assessments during 2022/23.  There were no significant control issues raised in the summary report.

3.14    The Committee also received summaries of reports in relation to external audits and reviews conducted by third parties for assurance purposes such as an inclusive recruitment review by Pearn Kandola LLP, a web application assessment by Prism Infosec and a review of ISO 14001:2015 (environmental management system) by the British Assessment Bureau.  Full reports of such reviews and audit reports are provided to ARAC Members on request.

3.15    ARAC received updates in relation to implementing agreed actions resulting from the Ernst & Young Report issued in December 2020 which recommended the separation of internal audit and regulatory audit.  Following the separation in August 2022, the Head of Internal Audit continues to work closely with the three regulatory audit teams in England, Wales, and NI to ensure assurance effort is not duplicated.  Throughout the year the Committee has scrutinized the resources available for audits.

3.16    ARAC also received regular updates on the implementation of the recommendations from the External Quality Assessment of FSA internal audit.  The report issued in April 2022 concluded that FSA internal audit practices are generally compliant with the requirements of the Public Sector Internal Audit Standards and met the Government Functional Standard GovS 009: Internal Audit. 

3.17    Overall, I am satisfied that, other than the delays caused by staff changes, adequate and proportionate audit assurance resources were provided throughout the year to ensure continued effectiveness of internal and regulatory audit assurance activities.

ARAC effectiveness

3.18    During the year Committee Members completed a self-assessment on the effectiveness of the ARAC in line with HM Treasury guidance which advises that a self-assessment is completed annually.  Using the NAO’s self-assessment tool Members scored various questions using a scale of a 1 to indicate “room for improvement”, a 2 for “meeting the standards” and a 3 for “excelling”. 

3.19    The average score for all the areas of assessment for both essential and good practice questions was between 2 and 3, indicating that Committee Members considered they were either meeting the assessment standards or excelling.  However, individual scores highlighted specific areas where one or more Members considered there was still room for improvement, mainly in relation to aligning with good practice in areas such as skills and experience and continual improvement.

3.20    ARAC Members continued to have access to training opportunities during the year although none was utilised due to the long-standing nature of membership until recently.  The new Members of ARAC will be accessing training during 2023.

3.21    In June 2022, Members of the Committee held bilateral meetings with representatives of the FSA’s external auditors, the NAO, and the Interim Head of Audit Assurance.  These meetings ensured that there is a clear understanding of expectations and mutual understanding of current issues.  The Committee also concluded that there is a good working relationship between Finance, external auditors, and internal and regulatory audit.

Adequacy of risk management, control and governance arrangements

3.22    I am satisfied that sufficient and comprehensive work was undertaken by ARAC, and internal and external assurances were received during the year to adequately inform ARAC’s assessment on the effectiveness of FSA risk management, control, and governance arrangements. Based on this, it is my view, as Chair of the Committee, that the arrangements in place during the year were satisfactory. 

4. Future ARAC Meetings

4.1    During 2022/23 virtual ARAC meetings were held approximately two weeks before Board meetings to enable a written report of ARAC meetings to be presented at the Board meeting. It is expected that the Committee will continue with this approach and will meet a minimum of four times in 2023/24 with no increase in resource requirements anticipated. 

Annex A - Role of the ARAC

1    The Committee’s prime purpose is to provide advice to the Board and the Accounting Officer on internal control, risk management and governance. 

2    Internal and external auditors attend ARAC meetings.  Others may be asked to attend where the Committee wishes to review progress on specific issues.

The Role of the FSA Board

3    This annual report by the Chair of the ARAC provides the Board with an independent view of how assurance and risk matters are being handled within the FSA.  The Board’s role is to note and comment on the activities of the ARAC. 

The Role of the Chief Executive

4    HM Treasury has appointed the Chief Executive as the Principal Accounting Officer of the FSA.  The Chief Executive has a direct, personal responsibility to the Westminster Parliament for the propriety and regularity of FSA expenditure.  The Chief Executive also signs the financial statements in respect of the monies from the National Assembly for Wales and the NI Assembly. 

5    The Chief Executive is required to sign the annual Governance Statement, which is published in the Annual Report and Accounts. 

Annex B – Membership of the FSA Audit and Risk Assurance Committee 2022/23 

Members

  • Colm McKenna (Chair until 31 August 2022)
  • Tim Riley (Chair from 1 September 2022)
  • Ruth Hussey 
  • Margaret Gilmore
  • Anthony Harbinson (from 23 November 2022)
  • Peter Price (until 6 February 2023)
  • Justin Varney (from 6 February 2023)

Regular Attendees:

  • Emily Miles - Chief Executive 
  • Pam Beadman - Director of Finance and Performance (until 30 May 2022)
  • Tara Smith - Director of People and Resources (from 1 June 2022) 
  • Freedom Mpande - Interim Head of Audit Assurance (until 4 December 2022)
  • Catherine Andrews - Head of Internal Audit (from 5 December 2022)
  • Ruth Nolan - Deputy Director of Finance and Planning (from 17 October 2022)
  • Simon Dwyer – Financial Controller
  • Michael Todd - Head of Planning & Performance  
  • Michael Jackson - Head of Regulatory Compliance Division
  • Nathan Philippo - Head of Delivery Assurance
  • Jenny Desira - Head of Knowledge, Information Management and Security 
  • Richard Smith - NAO 
  • James Edmands – NAO

Annex C - Terms of Reference for the FSA Audit and Risk Assurance Committee

Purpose

The Audit and Risk Assurance Committee (ARAC) is an advisory Committee of the FSA Board with no executive powers.  It is responsible for reviewing, in a non-executive capacity, the comprehensiveness and reliability of assurances on governance, risk management and the control environment. 

The ARAC will approve the Annual Reports and Accounts (ARAs) on behalf of the FSA Board, with the recommendation that the Accounting Officer sign the accounts on approval.  It shall additionally have responsibility for reviewing the integrity of financial statements.

Membership

A minimum of four Members of the FSA Board appointed by the FSA Chair under delegated powers following consultation with the Committee Chair.  At least one of those appointed will be a Board Member for Wales or Northern Ireland. 
The term of appointment will normally be coterminous with an individual’s term of appointment to the FSA Board and will automatically cease if an individual ceases to be a Board Member. 

At least one of the Committee Members should have recent and relevant financial experience.

All new Members will be provided with induction training and the FSA will provide for any additional development which is deemed necessary for the Member to fulfil their role on the Committee.  The Chair of the ARAC will hold an annual review with each Member and any training or development needs will be taken forward with the agreement of the Chair and Accounting Officer.

Committee Chair

Appointed from the membership of the Committee by the Chair of the FSA under delegated powers.  The term of appointment will normally be coterminous with an individual’s term of appointment to the FSA Board.

Co-option

The Committee may co-opt additional Members (whether Members of the FSA Board or not) for a period of up to one year to provide specialist skills, knowledge or experience.  Co-opted Members will have a right to speak, but not vote.  Co-opted Members will not be included in any calculation of the quorum.

Quorum

Three Non-Executive Board Members.

Attendance

The Chief Executive, as Accounting Officer, the Director of People and Resources, the Deputy Director of Finance and Planning, the Head of Planning and Performance, the Head of Internal Audit, the Head of Delivery Assurance and a representative of the external auditors would normally be invited to attend.

Directors and other officials will be invited to attend as required.

Reporting

The ARAC Chair will provide the Chair of the FSA and the Board with a written update on the key elements of Committee meetings.  The ARAC will report formally in writing to the Board, annually, to support the finalisation of the accounts and the Governance Statement and to update the Board on the work of the Committee, internal and external audit and any areas requiring specific attention.

Meetings

The ARAC will meet at least four times a year.  The Chair of the Committee will convene additional meetings as necessary.  The Committee has the right to sit privately without any non-Members present for all or part of a meeting. 

Additionally, the Members of the Committee will meet with the Head of Internal Audit and, separately, the External Auditors, annually, in closed meetings when the efficacy of the processes, trust, co-operation and any other issues can be discussed, and future action agreed.

The FSA Chair, the Board or the Accounting Officer may ask the ARAC to convene further meetings to discuss specific issues on which they want the Committee’s advice.

Responsibilities

The ARAC will advise the FSA Board and Chief Executive on:

  1. The strategic processes for risk management, the high-level control and governance framework and the effectiveness of its operation in practice;
  2. The contents of the Governance Statement; 
  3. The accounting policies, the accounts, and the annual report of the FSA, including the judgements used in producing the accounts, the adequacy of disclosures, the process for review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors; 
  4. The effectiveness of the design and operation of financial systems and controls;
  5. The planned activity and results of internal, regulatory and external audit and the results of other, external assurance reports;
  6. The resourcing and effectiveness of the internal audit function;
  7. Provide independent scrutiny of the audit process of the regulatory audit system;
  8. The adequacy of the management response to issues identified by audit activity, including external audit management letters; 
  9. Assurances relating to the corporate governance requirements for the organisation; 
  10. Proposals for tendering for either internal or external audit services or for the purchase of non-audit services from contractors who provide audit services; 
  11. Anti-fraud policies and whistle-blowing processes, and arrangements for special investigations; and 
  12. The Committee’s effectiveness having reviewed its own performance, constitution and terms of reference and recommending any changes it considers necessary.

Information Requirements

The ARAC will be provided with, where appropriate:

1.    Any changes to the organisation’s Corporate Risk Register that are relevant to the responsibilities of the Committee; 
2.    The risk management strategy;
3.    Management assurance reports, and report on the management of major incidents, ‘near misses’ and lessons learned;
4.    Progress reports from both the Head of Internal Audit and Head of Delivery Assurance summarising: 

  • work performed (and a comparison with work planned) 
  • key issues emerging from their respective audit work. 
  • management action in response to issues identified and agreed. 
  • changes to their respective audit plans 
  • any resourcing issues affecting the delivery of their objectives.

5.    Progress reports from the External Audit representatives summarising work done and emerging findings; 
6.    External assurance and compliance reports in relation to the FSA’s activities;  
7.    Internal audit and regulatory audit strategies and annual plans; 
8.    The Head of Internal Audit’s Annual Opinion and Report; 
9.    An annual report summarising the results of regulatory audits including an overall assessment / opinion on the effectiveness of official controls;
10.    Quality Assurance reports on the internal audit and regulatory audit functions; 
11.    The draft accounts of the organisation; 
12.    The draft Governance Statement
13.    Any changes to accounting policies; 
14.    Proposals to tender for audit functions; 
15.    Summary of findings of every internal audit and regulatory audit report; 
16.    External Audit’s management letter; and 
17.    A report on cooperation between the FSA auditors and external auditors.

The ARAC will work with the FSA’s Executive Management Team to ensure that the Board can be confident that risk management processes, content, mitigating and recovery actions are appropriate and correctly resourced.

Notes

1.    The Chair of the ARAC will have free and confidential access to the Chair and Chief Executive of the FSA whenever appropriate. 
2.    The Head of Internal Audit and the representatives of External Audit will have free and confidential access to the Chair of the Committee. 
3.    The Committee may procure specialist ad-hoc advice at the expense of the FSA, subject to the cost being agreed by the Chief Executive as Accounting Officer.

Annex D – Assurance level definitions as applied to FSA assurance audit reports (excluding local authority audit reports)

Assurance levels assigned to assurance audits as defined in the Government Internal Audit Manual:
 

Audit opinion Definition
Substantial  In my opinion, the framework of governance, risk management and control is adequate and effective.
Moderate In my opinion, some improvements are required to enhance the adequacy and effectiveness of the framework of governance, risk management and control.
Limited In my opinion, there are significant weaknesses in the framework of governance, risk management and control such that it could be or could become inadequate and ineffective.
Unsatisfactory In my opinion, there are fundamental weaknesses in the framework of governance, risk management and control such that it is inadequate and ineffective or is likely to fail.