Left column


Financial and risk management

    A small leak will sink a great ship: the need to counter fraud and error in government

  • Posted on November 16, 2021 by

    My outdoor tap leaks. Not very much, just a small drip. And though I put a bucket underneath to catch the drips, I’ll admit that sometimes the bucket overflows before I can use the water in my garden. I know I should find out if it’s just a dodgy washer or I need a replacement tap but somehow it never makes it to the top of my to-do list.

    Out of interest, the other day I looked up how much a leaky tap costs the average household. Potentially hundreds of pounds each month, so safe to say it makes financial sense to get it fixed. Then I saw that leaky taps cost UK householders an estimated £3 million every year. Thousands of little drips adding up to a big chunk of money being washed away.

    The Government Counter Fraud Function (GCFF) faces a similar challenge when trying to tackle fraud against the public purse. Government estimates that £26.8 billion a year is lost to fraud and error in the tax and welfare system, but for me, the most surprising thing is that GCFF estimate that up to £25 billion a year more is lost through fraud and error in other areas of government spending. The measurement data available suggests that most departments are losing a relatively small amount to fraud and error every year, but these hundreds of small leaks add up to an eye watering cost to the taxpayer.

    Part of the problem government faces is this sheer diversity of risk – fraud and error impacts everything from grants and procurement to income collection. Fraud and error has also traditionally been the sole responsibility of each department to manage leading to considerable variations in approach to similar risks. Although this has clear benefits for accountability, focusing on risks by organisation rather than type and across multiple organisations leads to missed opportunities. Most government grant programmes are likely to face similar challenges when it comes to managing fraud and error risks, even if their exact nature varies.

    The GCFF was established in 2018 as a means to bridge these gaps and bring together the 16,000 or so people working in public sector counter-fraud to share knowledge and best practice. Though progress has been made, in June 2021 the Committee of Public Accounts reported that the

    Cabinet Office and HM Treasury’s central mechanisms for managing fraud and error are still in their infancy

    There are also less than 7,000 recognised counter-fraud professionals working across central and local government and policing, with more than 75% of these working in tax and welfare. That doesn’t leave many qualified specialists to tackle all the other fraud risks across government.

    The GCFF recognises that the information it holds on fraud and error losses outside the tax and welfare system needs improvement – its fraud loss estimate of 0.5% to 5% of expenditure is a massive potential range. In our Good Practice Guide on Fraud & Error, we set out how departments need to ensure they have a cost effective control environment. This means doing everything they reasonably can to minimise fraud and error, to the point where doing anything more would have a detrimental impact on wider objectives. In a world of limited resources is it enough to replace a washer or do they need a brand new tap?

    The Good Practice Guide also includes our Fraud and Error Audit Framework, developed over several years based on best practice in government and the private sector. Fraud and error risk is continuously evolving, and the Framework provides a structure for assessing how management uses an iterative approach to measure the effectiveness of its counter-fraud and error activities and to continuously improve its controls.

    Ultimately, without more precise information on the scale and causes of fraud and error outside the tax and welfare system, government risks large amounts of fraud and error remaining unidentified or untackled. Ensuring that more effort goes into improving government’s understanding of exactly where money is leaking from the system  is a key focus of our ongoing work on fraud and error. Now, more than ever, it’s important to make sure that vital taxpayers’ money isn’t being washed down the drain.

    About the author

    Katie Dixon manages our work on fraud and error within the Financial and risk Management Hub. She joined us as a trainee in 2011 and, after qualifying as an accountant, completed a masters degree in counter fraud and counter corruption studies. She has experience auditing fraud and error risks across financial, investigative and value for money audits and represents the NAO on several public sector fraud expert panels.

    Follow Katie on LinkedIn

  • Climate Change risk: Are We Doing Enough, Fast Enough?

  • Posted on September 13, 2021 by

    “The world is now living through climate change, not watching it draw near” is the stark warning delivered by the IPCC (Intergovernmental Panel on Climate Change), in its sixth assessment report (AR6).

    In risk speak, high-impact, low-likelihood events will become more likely with higher temperatures.

    With COP 26 fast approaching and extreme weather events becoming an uncomfortable ‘new normal’ across the world, not a week goes by without media coverage of the physical risks of climate change whether it be the: scorching heat in Canada, wildfires in the Americas, or devastating floods in Germany, India and China.

    So, are we acting fast enough?

    The verdict from the Climate Change Committee’s June progress report is “with every month of inaction, it is harder for the UK to get on track” with its climate ambitions.

    To gauge the level of climate change risk maturity in government we surveyed Chairs of Audit and Risk Assurance Committees (ARACs). While four out of five ARAC Chairs considered climate risks to be relevant to their organisation, over half noted that their organisation did not have a climate or sustainability risk policy or a dedicated employee accountable for either. Additionally, seven in ten Chairs said that climate change risks had either never been discussed at an ARAC meeting or had been discussed less than annually.

    Against this backdrop, we intend to help government organisations start the conversation around climate change risk.

    What is climate change risk?

    As risk professionals we tend to think in terms of “what could go wrong?” and how “how can we manage these risks?”.

    Government organisations have a huge challenge in trying to balance short, medium and long-term risks. The UK, and indeed the rest of the world, are still recovering from the COVID-19 pandemic, which showed how crucial it is for organisations to have the resilience to respond to high-impact, low-likelihood events. It is important that a true assessment of long-term risks is considered.

    Our good practice guide intends to help with this. In setting out the wide variety of potential risks that climate change can bring about, it will help all organisations across government – not just those responsible for leading on climate policy –identify and effectively manage a variety of climate change risks. These risks stretch beyond the physical risks, such as the impact of rising temperatures. They also include the risks posed by the transition to net zero and risks specifically posed to government organisations.

    How to support and challenge management

    Our guide further allows audit and risk assurance committees to constructively challenge management’s approach to climate change risk.

    This can be done across the whole risk management cycle: from initial identification and assessment, to treatment and monitoring, through to risk reporting and continual improvement.

    For many organisations effectively managing climate change risk will be a long journey. Our challenge questions are a great tool to help you do this.

    Example questions
    Example questions for the risk management principle ‘Governance and leadership (plain text alternative)

    Key takeaways of the Good Practice Guide can be found here. We hope you find it helpful.

    Authors: Mfon Akpan, Chris Coyne, Courtnay Ip Tat Kuen


    About the authors           

    Mfon Akpan

    Mfon leads our Financial and Risk Management Hub. She is a Big Four trained multi-disciplinary Risk, Assurance and Governance professional with over two decades of cross-border leadership experience across the financial services industry and beyond.

    Mfon has held roles at a number of blue-chip institutions, including the World Bank Group as a Risk Management Specialist, Standard Bank Group where she was the Chief Risk Officer and Regional Head of Risk for its operations in Nigeria and across West Africa, respectively, and Barclays Group Plc where she was an Audit Director.

    Follow Mfon on LinkedIn

    Chris Coyne

    Chris manages our work on financial and risk management. He has been with the NAO since he joined as a graduate trainee in 2008, and has significant experience managing financial audits across a variety of government organisations.   

    Follow Chris on LinkedIn 

    Courtnay joined the NAO in 2013 as a graduate trainee. She has experience leading and managing audits in the public, commercial and charity sectors, as well as acting as an Ambassador for the International Technical Cooperation team.

  • Achieving excellence in Public Sector reporting

  • Posted on May 20, 2021 by

    Good reporting in the public sector should allow the public and Parliament to understand to easily understand an organisation’s strategy and the risks it faces, how much taxpayers’ money has been spent and on what, and what has been achieved as a result. Following the challenges of the last year, most notably COVID-19, clear and transparent reporting is hugely important.   

    Transparency and accountability in central to strong financial and risk management in government, and how this is supported by clear and understandable reporting. With that in mind, we’re delighted to share a recent National Audit Office report which cuts to the heart of this: the Good Practice in Annual Reporting Guide.  Our guide sets out good-practice principles around a number of key areas to help public sector organisations to compile their Annual Reports.  Those principles are:  

    • Accountability  
    • Transparency 
    • Accessibility 
    • Understandability  

    Building on these principles, our guide provides some excellent examples from public sector organisations that we think are leading the way. Below we have picked out a few key takeaways for organisations to consider as part of their preparations for 2020-21 Annual Reports.  

    Risk and Governance: There should be an increased focus on the risks and challenges of recent events and how these are managed, including: 

    • Frank and honest analysis of how COVID-19 (and other risks) have impacted operations and how the taxpayer’s money has been spent and managed.  
    • Clear depiction of the governance and risk management framework to demonstrate an organisation’s processes to identify, monitor and mitigate risk. 
    • Transparent reporting of complex technical judgements and decisions. We anticipate, given the challenges brought about by the pandemic, spending reviews and EU Exit, that organisations may enter complex transactions or arrangements. These transactions should be disclosed transparently and in a way that is understandable to the users. 

    Strategy and Operations: There should be a clear articulation of purpose and objectives, and how an organisation’s operations support their objectives. In particular:  

    • Clarity around an organisation’s purpose, strategic objectives and values and how these feed into the performance of the organisation and any related risks, with reference to its external environment. 
    • Celebration of Diversity and Inclusion within annual reports. Employee costs make up most of the central government expenditure and people are undoubtedly an organisation’s most precious asset.  Organisations should consider what their employee data says about them and whether reporting could be improved in this area. 

    Measures of Success and Financial Performance: There should be a balanced assessment of goals achieved and performance against targets, and financial performance should be understandable and consistent with the underlying financial statements. For instance:  

    • Better trend reporting. Trend analysis over time is a strong indicator of performance and achievements and a good way for the reader to hold organisations to account. Organisations should consider what trend data is being published and what story they are trying to tell.  
    • Better, more accessible information on non-financial metrics affecting organisations, such as sustainability reporting. Organisations should seek to portray non-financial data in simple terms to help tell a story and show clearly how it is linked to their operations.  

    Lastly, the NAO co-sponsor the annual Building Public Trust Awards, Public Sector reporting category with PwC, to give credit to organisations who are demonstrating excellence in government financial reporting. If you believe your organisation’s 2020-21 annual report and accounts is an example of excellent reporting, you can nominate it for the Building Public Trust Awards – Public Sector Reporting Award by emailing Building.Public.Trust@nao.org.uk by 30 June 2021.  

    Authors: Chris Coyne, Rachel Nugent, Catriona Sheil and Courtnay Ip Tat Kuen.

    Chris Coyne

    Chris manages our work on financial and risk management. He has been with the NAO since he joined as a graduate trainee in 2008, and has significant experience managing financial audits across a variety of government organisations.   

    Follow Chris on Linkedin 

    This article was first published on OneFinance (login required) 

    Tagged with:

Right column

  • About the NAO blog

    Our experts share their views about issues and common challenges facing government, what public sector leaders should look out for and how organisations have addressed issues. Our posts draw together threads from across our reports, share secrets spilled in events and reveal our experts’ expectations for the future.

    We encourage comments that support the exchange of ideas for improvement, but ask that those posting are respectful of others.

  • Sign up for automatic feeds

    Sign up to receive email alerts:

    RSS IconSubscribe in an RSS Reader