Posted on December 14, 2020 by Simon Bittlestone
Achieving net zero greenhouse gas emissions will be a colossal challenge for the UK and one that will require all parts of government to work together. The NAO has audited numerous cross-government projects and programmes in the past, ranging from the 2012 Olympics to preparations for EU Exit. This experience has given us a deep insight into the factors that are likely to be critical to the government achieving its climate change ambitions, which are outlined in our recent report Achieving net zero.
We found that although the government has reorganised its approach to tackling climate change since setting the net zero target, it still needs to put in place effective cross-government working to ensure it can step up to the challenge. These findings are even more relevant now that the government has announced the UK’s Nationally Determined Contribution, which commits us to reducing our emissions by 68 per cent on 1990 levels by 2030.
Of course, we recognise the scale of the task ahead for government. Achieving net zero means finding ways to reduce greenhouse gas emissions from all sectors of the economy, including those where progress to date has been limited, such as transport and buildings. It’s also not yet known what role new technologies will play in reducing emissions, or how much individuals will change habits and lifestyles. Adding to the complexity, many of the activities required to reach the goal are interdependent; for example, increasing the number of electric vehicles creates demands on the power system. Achieving net zero will require careful sequencing and planning.
Net zero is a truly cross-government endeavour. The Climate Change Committee, which advises government on how to achieve net zero, made recommendations to 15 different government departments in its most recent progress report. This means departments need to have finely-tuned ways of working together that mean everyone is pulling in the same direction. Government’s coordination arrangements for net zero are still evolving and some have been delayed because of COVID-19. It is still too early to say how well the arrangements are working.
Government wants to create a sense of collective ownership for achieving net zero, rather than responsibility resting with one central ‘owner’. But there are certain risks to consider for this to happen, such as ensuring net zero takes sufficient priority in relation to government’s other aims. There also needs to be enough capability across government, and sharing of information across departments, including relevant insights that could be applied across different sectors.
The challenge of achieving net zero stretches beyond central government and into a wide range of other public bodies, including regulators, arm’s-length bodies and local authorities. However, the responsibility of these public bodies in meeting the net zero target is not clear. For example, local authorities do not have a clearly defined role in the achievement of net zero, despite the important part they could play in decarbonising transport and housing, and encouraging businesses and individuals to take action. More can be done to ensure public bodies reduce their own emissions. Decarbonising the public sector is an important signal that government is taking the net zero target seriously, as well as setting an example for businesses to follow.
We looked at government’s plans over the next 12 months to establish a net zero strategy and the challenges it will face beyond. Establishing the strategy – which government plans to do before it hosts the global climate conference “COP26” in November 2021 – is a critical step for clarifying its plans around how net zero will be achieved. A clearer pathway towards achieving target is more likely to build private sector investors’ confidence to back the technologies and infrastructure that will be needed. Government needs to find a way to provide this greater clarity, whilst at the same time, giving itself the flexibility to react to unexpected events or new solutions emerging over the next three decades.
Once the government’s plan is in place, it needs to ensure it has a way to track progress on the policies aimed at achieving net zero. While there is good annual reporting on greenhouse emissions, which give a broad sense of where the UK is on the road to net zero, currently government doesn’t have a way of assessing the overall performance of its key emissions policies. This means senior decision makers could lack an understanding of where key problems might be emerging, or where resources need to be reprioritised. There is also a lack of collated information on the costs and benefits of policies aimed at achieving net zero, which could hamper resourcing decisions and preclude full public accountability.
There is a need to reach out of Whitehall and engage businesses and individuals, who will be critical to achieving net zero. Almost every individual will also have some role to play, whether that is changing the type of car they drive, updating their household heating system or even reducing the amount of meat and dairy products they consume. Currently, there is a mismatch between the public’s support for action to tackle climate change and an understanding of the changes that everyone will be required to make.
You can read our report in full here: Achieving net zero. The next year is set to be a critical period in the net zero journey, and we plan to continue working with government departments over that time as it considers and implements our recommendations. We are undertaking a programme of work to assess the government’s activities in particular aspects of achieving net zero: one on environmental tax measures and another on reducing carbon emissions from cars.
Simon Bittlestone, manager of net zero studies at the National Audit Office.
Posted on September 24, 2020 by Leena Mathew
Given the wide-reaching impact of membership of the EU, preparing for the UK’s departure from the EU represented a significant challenge to government, with considerable potential consequences for businesses and citizens.
Our programme of work on EU Exit
Over the last four years, the NAO has carried out a substantial programme of work on various aspects of government’s EU Exit preparations. We have published 28 reports so far, which have provided a detailed picture of significant EU Exit projects and programmes in real time, looking from planning into implementation stages. Using these reports, we compared different approaches taken by departments and considered the common barriers or enablers for achieving outcomes. We also returned to the same issues over time – for example, in our suite of reports on the border – to provide a point-in-time assessment of progress and risks, and to understand how and why things had changed.
Our work highlighted the large amount of new activity departments were undertaking. This included developing understanding in new areas such as the Department for Health and Social Care’s work on supply chains; getting involved in new markets such as the Department for Transport’s procurement of freight capacity; or setting up new structures such as the cross-government Border Delivery Group. We recognised that new ways of working were necessary for government to meet the challenges it faced, and risks could be better managed if actively considered and planned for.
Insights from government’s EU Exit preparations
Our latest report Learning for government from EU Exit preparations brings together our insights from how government has tackled the challenge of preparing for EU Exit to date. We draw on our reports to highlight areas of good practice, such as the initial work the Department for Exiting the European Union asked departments to do to identify all the areas where EU Exit would have an impact. This provided a solid basis for assessing the scale of the challenge across government as a whole and across individual departments, and for identifying where an issue required a coordinated response across government. We also highlight areas where government’s approach could have been improved, such as in the slow move from policy to addressing implementation challenges, and the lack of timely and clear communication from the centre to departments.
We saw that government had taken action to understand what was not working and to take steps to improve. The insights we set out are intended to help government identify and implement improvements on existing work at a faster pace.
These fall into four broad areas that encompass important aspects of any government programme.
- Plan for all possible scenarios, with robust contingency plans.
- Identify the scale, nature and complexity of the task at the outset.
- Recognise the opportunities and increased risks from working at speed or in new ways.
- Develop clear structures for oversight and decision-making.
- Draw on expertise in implementation early on, to expose delivery risks.
- Develop effective structures to facilitate cross-government working.
- Establish a culture of clear and timely communication across departments.
- Engage early with key stakeholders, and understand their role in delivering the outcome.
- Encourage strong financial management, for informed decision-making and accountability.
Why our insights are important now
While at the time EU Exit was a challenge with little historical precedent, the insights we have gathered continue to have relevance. Preparations for the end of the transition period in December 2020 are ongoing (we will be reporting on these in the near future), and the impact of the UK’s Exit from the EU will continue to be felt on the work of government as it plans the future policy direction of areas such as immigration, agriculture, consumer protection and the environment.
Government is now also responding to the demands of a global pandemic which similarly requires a fast-paced response, innovative policy solutions, coordinated action across government and effective, external transparency and communication. And, as we highlighted in our five-year strategy, there are significant challenges for government ahead such as the transition to a net zero carbon economy, how demographic changes will continue to drive higher demand for public services, and how technological innovation will continue to reshape whole industries and public service delivery.
Back in 2017, we raised the need for government to prioritise what it could manage from its existing business-as-usual work alongside the demands of EU Exit. The government of today is no less busy, and the Civil Service itself is undergoing reform, with a new Cabinet Secretary and a new Chief Operating Officer at the helm. It is more important than ever that government learns from its recent experiences to ensure that it is as well-placed as it can be to manage the scale and complexity of the many challenges it faces.
Authors: Leena Mathew and Sarah Pearcey
Leena has responsibility for the NAO’s work on EU Exit and the border, and Sarah has led many EU Exit reports. They both worked on the NAO’s report on the learning government can draw from its EU Exit preparations.
Posted on August 27, 2020 by Daniel Lambauer
COVID-19 continues to have a significant impact on the work of the National Audit Office, including our international work. Our team has continued to complete our international assignments successfully from the UK. We are actively exchanging experiences with other national audit agencies (also known as Supreme Audit Institutions – SAIs) on how to audit governments’ response to COVID-19 across the world, which provides us with valuable insight to strengthen our UK audit response.
The objectives of our international work are three-fold – we want to use international good practice to improve our UK focused work; we want to enhance the UK’s reputation by showcasing the quality of our public audit work worldwide; and we want to protect the UK taxpayer’s interests overseas by bidding to audit international organisations that receive UK funds, or by providing training to SAIs in countries that receive UK aid.
The NAO published its new strategy in June , so we were already planning how international activities could best contribute to our mission as the UK’s independent public spending watchdog. As Gareth Davies, the Comptroller and Auditor General, recently described, the NAO is undertaking a substantial audit programme on the government’s response to the COVID-19 pandemic. From the start, we were clear that UK audit coverage of the pandemic would be stronger by including global insights. People who read our reports see media coverage contrasting how other countries are responding and want an objective comparison between these responses. We can also learn lessons from other countries that can help the UK to better respond to this pandemic.
The NAO has a global reputation as a leading SAI, but we strongly believe there is always more we can learn from others on how best to provide a modern public audit service. Having good links with other SAIs also allows us to make better use of international comparisons in our reports – particularly in key areas such as delivering major infrastructure and defence projects – providing Parliament with insights on how other governments approach the same challenges facing our own.
As we contacted other SAIs it was obvious our situation was not unique. As well as considering the specific nature and unprecedented scale of the pandemic, SAIs around the world were all thinking about how to audit the same thing at the same time. SAIs have a unique cross-government perspective and an independent evidence base that many other commentators do not. We are expected to audit government’s use of public funds but there is a lot to consider. How do we time our interventions so as not to compromise the emergency response, whilst ensuring full accountability for the use of public money. What type of audit product is useful at different stages of the response?
NAO staff have shared insights on the pandemic in webinars organised by the International Organisation of Supreme Audit Institutions (INTOSAI ). We also established a new European Organisation of Supreme Audit Institutions (EUROSAI) Project Group on Auditing the response to the COVID-19 pandemic, which we are co-chairing with SAI Finland. As part of this, SAIs from 30 European countries have agreed to coordinate and communicate COVID-19 work; share audit approaches, information and outputs; and scope content for any future lessons learned reports. In June and July we co-hosted eight online meetings where 30 SAIs set out the impact of COVID-19, their audit response, and what they wanted to share and learn. We will use these insights, and further information exchanges on specific topics, in our own reports to Parliament.
This isn’t easy, and each SAI has a different answer as every country’s context is different. However, what has quickly become apparent is that government responses around the world are similar: preparing, responding and then handling the recovery and long-term impacts of the pandemic. This involves significant expenditure in healthcare, wider emergency response measures and supporting individuals, businesses and the economy.
Since the pandemic started, operating internationally hasn’t been straightforward. In March we recalled our people working overseas at short notice and like everyone we have had to adapt to working online. Our work has continued successfully. We completed our international audits, including the World Intellectual Property Organisation, the Organisation for the Prohibition of Chemical Weapons, and the Pan American Health Organisation. The international bodies we audit will have to consider new ways of working in response to the pandemic. To support them in this, our audit reports provided an important and independent perspective on the decisions they have to make on future strategic planning, more efficient and effective processes, and on making better use of the resources provided to them. We will also share experiences with other SAIs auditing UN organisations at the UN Panel of External Auditors this November.
Learning how public servants around the world have responded to the pandemic, many in countries with fewer resources than the UK, provides valuable comparisons. It makes us even more grateful to those on the front line of the UK’s response.
The aim of everything we do at the NAO is to help Parliament hold government to account for its use of public money and to help improve public services. The nature of public audit means we first need to look backwards to understand what happened, so we can then look forwards to recommend how to make things better. By working internationally, the NAO is also looking outwards to help us understand how others are meeting the same challenges the UK faces.
Authors: Daniel Lambauer, Kevin Summersgill, Damian Brewitt
Daniel Lambauer joined the NAO in 2009 as a performance measurement expert and helped to establish our local government value for money (performance audit) team. He is the Executive Director with responsibility for Strategy and Resources. As part of his portfolio, he oversees our international work at executive and Board level and has represented the NAO internationally at a range of international congresses. Before joining the NAO, Daniel worked in a range of sectors in several countries, including academia, management consultancy and the civil service.
Kevin Summersgill joined the NAO’s value for money (performance audit) specialism in 2005. He has audited a wide range of public policy areas and as our Head of International Relations and Technical Cooperation routinely represents the NAO internationally. A specialist in continuous improvement and management systems thinking, he has advised governments and United Nations organisations around the world on how to increase effectiveness, transparency and accountability.
Damian Brewitt is a Chartered Accountant and Director of our international audit portfolio, leading financial and performance audit teams across the NAO’s portfolio of international external audit engagements. He has spent 16 of his 28 years of public sector external audit undertaking financial and performance audit of organisations across the international system. He has specific expertise in IPSAS, international governance and risk management. He supports the NAO and our stakeholders in providing sector insight, leveraged from his experience and the work of our teams across our international client portfolio. He has chaired the Technical Group of the UN Panel of External Auditors for the last two years.
Posted on July 23, 2020 by Gareth Davies
I last posted to this blog in late April as the country was in the teeth of the COVID-19 pandemic, explaining how we were maintaining our operations and adjusting our work programme in the light of the government response to the virus.
Now, in late July, most of the UK is gradually emerging from lockdown following a devastating period for many families, an enormous effort by health and care workers and many others in crucial roles and an unprecedented set of government spending interventions to mitigate some of the economic effects of the crisis.
Like every organisation, the NAO has had to adapt to the new working environment, but throughout this period we have continued to deliver our core programmes of work: the audit of the 2019/20 accounts of more than 400 government departments and public bodies and a substantial programme of value for money reviews and investigations into important spending programmes.
A substantial proportion of our effort has been redirected to the audit of government’s response to COVID-19. We have published reports on the scale and nature of the public spending commitments and on readying the NHS and social care for the pandemic. We have a further seven studies already underway to begin publishing in the Autumn, and more in the planning phases. We’ve developed our COVID-19 hub for people to follow our work on this.
Looking back, at the point that Parliament rose for its summer recess, we had completed the audits of 171 departments and public bodies, including some of our larger audits such as the Department for Work and Pensions and the Home Office. Our work on the remainder continues over the summer and those audited accounts will be laid in Parliament from its resumption in September. I’m grateful to both my audit teams and the finance teams of our audited bodies for their determined approach to obtaining the audit evidence we need when working remotely, and for addressing the financial reporting challenges posed by the pandemic including volatile valuations and going concern risks.
We have continued to complete and publish value for money reports on vital areas of public interest, including universal credit, the MoD’s aircraft carrier programme, asylum accommodation and support and digital transformation in the NHS. Our factual investigations have included reports on progress in removing dangerous cladding from residential blocks, the selection of towns to bid for money from the £3.6bn Towns Fund and government’s response to the collapse of Thomas Cook. This work has supported sessions of the Public Accounts Committee which has been meeting virtually throughout.
Our Overview of the UK government’s response to the COVID-19 pandemic brought together in one place all of the main activities, costs and funding undertaken by government in the initial months and laid the foundation for us to build our programme of more in depth studies. We also looked further into the action the Department of Health & Social Care and other bodies undertook during March and April to ready the NHS and adult social care for a rapid increase in the number of infected people.
Looking forward, we have a broad and varied programme of work on COVID-19 to come once Parliament reconvenes in the Autumn. We have several reports planned on the important issue of government procurement. They include an audit of government buying in the pandemic, as well as specific studies into the efforts to increase the number of ventilators available to the NHS and on supplying the NHS and adult social care sector with PPE.
We will also examine measures aimed at protecting businesses and individuals from the economic impact of the coronavirus pandemic. This includes reports into the Bounce Back Loan Scheme and the Coronavirus Job Retention Scheme. Other studies will look into the government’s work to protect and support the vulnerable during lockdown and the Free School Meals voucher scheme. Our website has full details of our work in progress related to COVID-19, and we will continue to add further reviews to this list as they are approved.
In all of this work, we will examine how government adapted its approach to reflect the need for urgency in the first phase of the pandemic, and how it is managing the attendant risks to value for money and probity in public spending. Our reports will be published, laid in Parliament and be available to the Public Accounts Committee for its programme of inquiries in the normal way.
We will continue to respond to the risks to public money posed by this unprecedented time for the country to provide the assurance required by Parliament and the public and to draw out the lessons for future phases of this pandemic and future emergencies.
Posted on July 20, 2020 by Ruth Kelly
Data analytics has become an integral part of the audit process. And where a few years ago it was an area where we were exploring and creating tactical solutions to problems, today the NAO, like many organisations, has developed a strong capability and is making significant progress towards the widespread adoption of data analytics across all elements of our audit work.more… How data analytics can help with audits
Posted on June 25, 2020 by Abdool Kara
In January of this year, I took on senior level responsibility for leading the NAO’s people agenda as we reviewed and reset our strategy. I quickly recognised that that this was to be a significant undertaking for the organisation, with much work to do if we are to become the exemplar employer that we aspire to be.
What I did not and could not know at the time was how our world would be transformed over the course of a few months. Firstly, the arrival of the COVID-19 pandemic, having to deal with its impact on our people, as well as, in the fullness of time, covering it in our programme of work. Secondly, the consequences of the killing of George Floyd, highlighting the injustices faced by black people not only in the USA but here in the UK as well.
I have long been interested in the issues of racism, from witnessing the demonstrations and riots of the 1980s in my teens. My heritage on my father’s side, whilst not drawn directly from slavery, is the result of the importation of indentured ‘coolie’ labour brought from India to replace the slaves who had previously worked the sugar cane fields of Mauritius. And I have experienced both direct and indirect prejudice, and yes racism, on many occasions throughout my career.
On the one hand, we have been here before, witnessing tragic events which shine a spotlight on the devastating effects of racism on our communities and reminding us of our country’s history of slavery and colonialism. What feels different this time is the acceptance that racism exists throughout our society, rather than the issue being swept under the carpet. It gives me hope – less ‘it doesn’t happen here’ and more ‘this is an important conversation for the nation’. Change may, finally, be upon us in a new wave of civil rights that feels essential, immediate and in step with the times we live in.
But change is not an external force – all change starts with people taking personal responsibility for their actions, and organisations putting their own houses in order. I and my senior colleagues are committed to accelerating the NAO’s progress in becoming a genuinely inclusive organisation which embraces and values difference and supports our people to bring the full breadth of their thinking, experience and skills to work.
At the forefront of our new strategy is our people, it is our commitment to bringing about genuine change in the lived experience of colleagues from all backgrounds, but especially our black and minority ethnic colleagues who have not always been well served by our ability to embrace their talents and enhance their opportunities.
As an organisation whose very purpose is to hold government and public bodies to account for their progress in improving public services for all communities, we recognise that we cannot speak with authority if our own record on diversity and inclusion is open to question. Therefore, our aspiration is to be an exemplar employer in all respects, but with a focus on key areas, such as BAME representation at senior levels in our business, where we have the most progress to make.
We also need to ensure that our work, such as our Windrush report, continues to highlight inequalities in the way public services are delivered and secures deep and sustained improvement in the outcomes for the most vulnerable groups in society. The vast statistical differences in the impact of COVID-19 on different ethnicities and socio-economic groups is raising important questions that need examining.
We are evidence-led when assessing the services of others and must be equally evidence-led in our assessment of ourselves. Doing so will help us to openly acknowledge the challenges we face in achieving sustained improvement in our approach to equality, diversity and inclusion for all our people. As an organisation we are particularly dissatisfied with the progression rates for BAME colleagues in recent years. We need to make change quickly and remove barriers to progression wherever we find them.
This is a serious commitment which requires deep and permanent change and we are putting in place a range of measures to realise our ambitions. We are building on recent progress in improving the diversity of our graduate intake by applying rigorous requirements for diverse shortlists in all our recruitment and promotion campaigns. We have also launched our first diversity mentoring scheme which is giving our senior leaders much richer insight into the experiences of female, black, disabled, LGBT+ and underprivileged colleagues. Also, each member of our executive team takes an active role in sponsoring one of our diversity networks so that their voice is heard at the most senior levels of our business.
We will shortly be publishing our 2019-20 Diversity and Inclusion Annual Report which provides an honest and transparent assessment of where we see that tangible progress has been made, but also sets out clearly where we have more to do.
The recent launch of our new five-year strategy highlights our commitment of having a diverse, inclusive and healthy workforce as a key enabler in delivering our strategic priorities. We will be consulting on our new Diversity and Inclusion Strategy for 2021-23, which will support us in realising our ambition of being an exemplar employer, where all colleagues can realise their full potential irrespective of background.
I am conscious that statements of aspiration can often sound hollow without clear actions and demonstrable improvements, but as senior leader for the NAO’s people agenda I am fully committed to seeing genuine, sustained and beneficial change for our people and know that I have the support of my colleagues to make this happen.
Reshaping our culture and bringing to life our new values, which include respect and inclusion at their heart, will be key to this. So too will practical actions to revise our HR and other policies and practices which we know can reflect or enable unconscious bias.
So, there is plenty for us to get on with. But my personal passion and commitment to the equalities agenda, born from my own heritage and life experiences, both professional and personal, mean that I won’t be satisfied until the NAO is a fantastic place to work for all.
Posted on April 22, 2020 by Gareth Davies
With Parliament returning yesterday, I wanted to take the opportunity to reflect on the last few extraordinary weeks and set out what it means for the National Audit Office and its work.
Firstly though, on behalf of the whole NAO, I would like to pay tribute to everyone who is working so hard to see our country through this crisis. That of course includes our courageous health and social care workers and others on the front line of the response, but also all the public servants behind the scenes at the national and local level keeping our country going. As the organisation responsible for scrutinising so many of these public bodies, we have a privileged insight into how vital they are to everyone’s lives every day – and even more so at a time like this.
To all of the public servants rising to this unprecedented challenge, thank you.
Like many other organisations, the NAO has been home-based for a month now. In infrastructure terms, the NAO was well-prepared for homeworking as our systems are designed to support secure remote auditing. We are working hard to support our staff as they grapple with the practical and wellbeing challenges of the current situation. We are of course not the only ones. And as an organisation that supports Parliament, that has been especially brought home to us as we see the House of Commons resume business in a manner we have never seen before.
As Parliament adapts, so too are we in order to ensure that we can help it to hold government to account. The response to the global pandemic will have implications for many years for public spending and public service delivery. It is too early to tell exactly what the impact will be, but it will be profound.
What is already clear is that MPs, and the public that they represent, will expect us to carry out a substantial programme of work on the COVID-19 response so we can learn for the future. This will include looking at government spending on the direct health response as well as the wider emergency response. We will also look at the spending on the measures to protect businesses and individuals from the economic impact.
It will take us time to develop and produce our work, more importantly it will take time for the public sector to be in a place where it can learn from our findings. Our challenge is to try and provide the appropriate level of evidence-based reporting to support accountability and provide insight at the most suitable time. We must not get in the way of public servants working hard to save lives, but we must also ensure that our reporting is sufficiently prompt to support proper accountability for public money.
We have decided to begin with a factual summary of the significant government spending commitments and programmes relating to COVID-19 which we hope to publish next month. We will use this to identify a risk-based series of evaluative studies where we think there is most to learn.
What is also important to Parliament is that we do not lose sight of the wider picture. There are many other challenges facing the UK including EU Exit; progress in meeting government’s net zero carbon emissions target; major infrastructure projects and the financial sustainability of key public services. Our work programme will have to balance this with the demands of COVID-19. That is why we will be continuing to publish reports already in train. We are also working hard to meet our key statutory duty to audit the accounts of over 450 public bodies.
My colleagues and I are committed to providing Parliament and the public with the evidence they need to understand how public money has been used in tackling this crisis. We will also help ensure that the appropriate lessons are learned for the future.
Posted on April 16, 2020 by Yvonne Gallagher
COVID-19 is affecting us all. The way we live, work and socialise has changed dramatically. The National Audit Office is no different, our staff are working from home and we will also have an important role to play in reporting on the government’s response to COVID-19. You can find more information on our emerging plans here. In the meantime, we’re resharing some of our knowledge on how organisations can make a success of working remotely at this time.
Technology is a great enabler for working from home, but there are pitfalls to avoid. In September 2017, we issued a guide to cyber security for audit committees and now is an appropriate time to revisit some of the key points.
Policies and procedures
The most important point to note is that your organisation’s information security policies and procedures still apply – they exist for good reason. Security shouldn’t be sacrificed, even during difficult and uncertain times.
If your organisation doesn’t have a homeworking policy, now could be an opportunity to think about what it might look like. But don’t be forced into a knee-jerk reaction because of the current situation; take the time to get the approach right and build it into your longer-term business continuity arrangements.
Using personally owned IT
If your organisation routinely provides laptops to staff which are securely configured and set up for remote access, then you’re in a good place. If not, Bring Your Own Device (BYOD) is a possibility, but inevitably this approach brings risks that need to be considered. The main risks are around unauthorised access and data loss.
A popular BYOD approach for smartphones and tablets running Android or iOS is the ‘managed container application’. This means all corporate data is accessed via one or more designated apps (for example, Microsoft Office). This allows strong controls to protect and isolate corporate data from the user’s personal apps and prevents copying and pasting of data across the container boundary.
Use of personal PCs is a more difficult area. Technology such as remote desktops minimises the risk of data loss as the apps and data stay on the remote server. Most IT departments will be familiar with remote desktops, and the main barrier to their more widespread use is having the necessary infrastructure to support the volume of users required.
Allowing users to access work data through a web browser over an internet connection from their own PC might seem an attractive option, particularly with more services becoming available in the ‘cloud‘. However, NCSC are clear that this is a risky approach.
They advise that it’s difficult to gain confidence in the security or configuration of the PC, and there are limited technical controls you can enforce to reliably prevent data loss or access from insecure or out-of-date devices. And, from a legal perspective, responsibility for protecting data and complying with GDPR and the Data Protection Act 2018 rests with the data controller, not the device owner. You may also have commercial arrangements that restrict running of business software on or accessing business data from personally owned devices.
There are many established software tools for videoconferencing and collaborative working. Common apps include Microsoft Teams, Skype for Business, Google Hangouts, Cisco WebEx, GoToMeeting and Zoom. Do bear in mind that these should be securely configured, their privacy policies and settings reviewed, and used appropriately in relation to the sensitivity of the meeting content being discussed.
Where you are meeting with a third party, it would be wise to set agreed expectations around call recording and screen sharing and request explicit permission before capturing any information discussed during the meeting, for example screenshots.
There are also considerations relating to the home working environment itself. Devices outside an office environment are more vulnerable to theft or loss. This can be mitigated by physical security measures and by encryption – but do check that each device is turned on and set up correctly.
Also consider your policy around printing from home and whether it’s necessary. Information in physical form needs to be protected in the same way as information in electronic form. Forwarding information from work to personal email accounts for printing is a big confidentiality risk, so where there is a legitimate need to print, you will need to make suitable arrangements.
In shared accommodation, you should also be aware of who might be able to overlook your screen or overhear your teleconferences. There are reports that some organisations are advising people to turn off smart speakers and voice assistants during working hours when sensitive matters are being discussed.
Preventing unauthorised access to devices is another obvious but essential consideration – NCSC has recently issued guidance on good password policy, including practical suggestions for reducing password overload for end users.
Be aware of phishing scams, whether by email or text message. This advice applies generally, and some security companies have reported seeing a large increase in phishing attacks as a result of the current pandemic. NCSC has good advice on spotting suspicious emails.
It’s important to promote and maintain a strong security-minded culture, even when your people are trying to collaborate and work flexibly.
Obtaining IT equipment and services
The Crown Commercial Service (CCS) has published information on a number of agreements that can enable the public sector and related organisations to quickly and easily procure technology products and services to allow employees to work more flexibly.
CCS also note that a number of providers of collaboration software are offering introductory or extended trials of their products. These include Microsoft (Office365), Google (G Suite, Hangouts Meet) and Cisco (WebEx, Duo, Umbrella, AnyConnect).
The current situation is putting unprecedented pressure on individuals and organisations alike but try not to lose sight of the security basics. If you’re struggling to get a fully-fledged remote working strategy in place I’d recommend focusing on the fundamentals. Find the right approach for your organisation and gradually build it into your longer-term business continuity arrangements.
We’re all having to adapt to these new ways of working, but don’t worry there’s plenty of support out there to help you protect your corporate and customer data.
Posted on April 8, 2020 by Abdool Kara
We all rely on local public services to be able to function in our day-to-day lives, and in these challenging times, we’re even more reliant on those services. Whether from local authorities, local NHS organisations police forces and fire and rescue organisations, to keep us safe and take care of us should we need it.
At the National Audit Office (NAO) we’re responsible for scrutinising the spending of central government departments, agencies and other national public bodies but who audits local public services? And what do those auditors do?
Local public bodies are audited by firms appointed as local auditors. Every year, they carry out their work auditing these bodies’ accounts and assessing the adequacy of their arrangements to secure value for money. They carry out this work in accordance with the Code of Audit Practice and, although the NAO doesn’t audit local public bodies, the Code they must follow is set by the Comptroller and Auditor General (C&AG) who leads the NAO.
The law requires the Code to be reviewed at least once every five years, which meant a revised Code was due by April 2020. So, back in the summer of 2018 we started on the project to review and prepare a new Code.
Our review of the Code
The review of the Code came at an interesting time in the audit world, given both the increased level of interest in the audit profession more widely, and the announcement of a number of independent reviews across the profession. The review by Sir Donald Brydon and, more recently, the review of local authority audit and financial reporting being undertaken by Sir Tony Redmond. To add to this complex environment, the review started under the NAO’s previous C&AG but was to be completed under our new C&AG, Gareth Davies, who arrived at the NAO in June 2019.
We wanted to ensure that we were engaging as widely as possible, so last Spring we began the first stage of our consultation process, seeking views about the issues people considered were relevant to the development of the new Code. We received over 40 formal responses to the first stage of the consultation and gathered further useful information from wider engagement through attendance at conferences and other events
Having taken into account those views, we drafted the text of the new Code and undertook a further public consultation on the draft text in the autumn of 2019. The draft was further refined in light of this second round of feedback, and the final draft of the Code was then laid before Parliament in January 2020. It received approval in March and, almost two years after the project began, came into force last week. The Code applies to audits of 2020-21 financial statements onwards.
What’s changed under the new Code?
In the first part of our consultation, we received a lot of feedback telling us that people wanted auditors’ work to be more useful to the bodies being audited as well as the wider public, that reporting by auditors should be more timely, and that much of the language used by auditors was not readily understandable to a non-accountant.
A significant proportion of these comments were made in relation to the work auditors do assessing and reporting on the arrangements that local audited bodies have in place to secure value for money. Unlike the NAO’s studies, where we report on whether value for money has actually been achieved, local auditors look at the overall arrangements that bodies have in place across a range of areas covering decision making, governance, and working with others through partnerships. From the consultation, it was clear that people wanted to see more information being reported from auditors’ work, and in particular in relation to financial sustainability.
The new Code looks to address these issues by requiring auditors to issue an annual commentary on the arrangements that bodies have in place, under three focussed headings:
- Financial Sustainability
- Governance and
- Improving Economy, Efficiency and Effectiveness
Where an auditor finds significant weaknesses in a body’s arrangements, they are expected to bring this to the body’s attention promptly, and to accompany it with clear recommendations setting out what the body should do to address the weakness. The commentary and recommendations will be set out in an Auditor’s Annual Report, that will bring together all of the work the auditor has undertaken in the previous year, including following up on recommendations made previously.
For the NAO, the publication of the new Code is not the end of the story. Colleagues are now working hard to develop the detailed guidance that will sit underneath the new Code, and we’re again looking to consult the relevant sectors extensively as we take forward its development.
I’m delighted that the new Code has now come into force and would like to thank colleagues in the NAO’s Local Audit Code and Guidance Team for their work in bringing the new Code into being, and to all of you who responded constructively to our various consultations over the last 18 months. I look forward to seeing the impact that the approaches I’ve outlined here will have on helping to ensure that local public bodies continually improve their arrangements to make best use of their scarce resources.
2020-21 will be a very challenging year for local bodies as they put in place all kinds of arrangements to cope, with the new reality presented by COVID-19 Coronavirus. Through the new Code, local auditors will have an opportunity to use their reporting to help their clients rise to the challenge.
Posted on March 4, 2020 by Lord Michael Bichard
It’s difficult to believe that I have been the Chair of the NAO for nearly six years, but all good things come to an end. Because the term of office is limited by statute, I shall shortly be stepping down. In fact, the advert for my successor is now public.
This has been one of those jobs which I shall look back on with great affection. For a start it has allowed me to work with people of the highest quality who have a real passion for what they do. At the same time I have been able to stay close to the key issues of government and to play a part in shaping the direction and strategy of the organisation, at a moment when the independent role of the NAO has never been more important.
Whether through its financial audit or value for money work, the NAO has played a unique and invaluable part in safeguarding governance, promoting the more efficient use of scarce resources and clarifying the ever more complex accountability arrangements that now surround the delivery of public services. I am especially proud of the way in which we have maintained the quality of our work and courageously exposed failings when they have occurred. Without the NAO the public would have been much less conscious of the problems with universal credit, the cost and delays of Crossrail, the vulnerable state of local government finance and the mismanagement of several major IT projects.
At the same time, we cannot be complacent. As the previous Comptroller and Auditor General memorably said, “we have to be much more than mortuary attendants”. Rather, we need to play a full part in helping to improve the quality of public services and to use the knowledge and information we have to that end. That’s why I have constantly emphasised the need for us always to be looking to add value and to measure our success by the impact we make. Are things changing for the better as a result of our work? For me the answer to that question is still not enough.
As one of our stakeholders said during the current Strategic Review, “you know more than you tell”; using our knowledge to best effect has to be a priority as we move forward. In truth, any great organisation knows there is always more to do. That is why our strategic review is so important and why the arrival of a new Comptroller and Auditor General provides exciting opportunities.
I have greatly enjoyed working with two brilliant Comptrollers and my successor will want to quickly establish a strong relationship with Gareth Davies to support him in dealing with the many external challenges which the office will face as well as driving through the organisational changes we need.
Chairing the NAO is a privilege and a chance to make a difference to the way our public services are delivered. I am stepping down reluctantly, but I know there are others who share my passion for the work we do, and I hope that they will think about taking on the role.