CCNI Risk Register

Corporate Risk Register –May2015

As approved by Board 18 May 2015

Corporate Risk/Tolerability Matrix (Residual Assessment)

Source – HM Treasury

Orange Book Oct 04

Key

* Definitions of risk categories, likelihood and impact are set out in the Commission’s risk policy

CORPRATE RISK SUMMARY

OUTLINE OF CHANGES TO RISKS

ANALYSIS OF CHANGES TO RISK RATINGS

Changes to the Register and Action Plan

Since the last risk register various actions have been progressed. To address Risk 1 - public confidence,there was further staffinput to business plan registration target setting. A business case for resource to progress grouped applications was completed and actioned.In terms of risk 2 - Failure to operate compliance role,a policy meeting with DSD was held to consider delays by Dept in making accounting regs, consideration of recovering costs was included in the approved updated Legal Manual, different delivery options for monitoring compliance online systems were explored and a work order progressed.

In terms of Risk 3 - Failure to equip the public and other stakeholders, a Comms planner to progress key messages during 2015/16 was completed. Athematic Report on Whistleblowing in the charity sector was published. Steps to mitigate Risk 4 -Failure to have necessary resources, included submission of a revised final draft of Corporate and Business Plans to sponsor branch, and an organisational culture development exercise was carried out. In relation to Risk 5- Poor governance, steps were taken to develop input from middle managers on business plan and assurance.As part of approving therefreshed draft Risk Register a board session was held on the reworking of risks as part of draft Business Plan consideration.

Assurance Statement

I certify that the related risk management action plan was reviewed by SMT during May 2015, a review of controls and actions was undertaken, and assurance checks completed as necessary.

Signed _________Chief Executive Date:08/05/2015

1

Corporate Risk Action Plan

• Prioritisation policy covering deemed, expressions of interest and special circumstances
• Policy, procedure and guidance governing registration activities and decision making
• SMT approved work around to enable additional inputs/roles in registration workflow
• Pilot process to monitor and address poor applications agreed
• Monthly SMT performance review
• Board updates on casework and population of charity register
• Chief Executive’s report to Board on challenges to registration
• Monitoring via post registration survey
• Communications strategy and action plan
• Publishing our decisions policy.
• Additional resource to focus on called forward and group applications.

Current Assessment:

CCNIis treating this extreme to high risk which is fundamental to the operation of its role as a regulator. The quality of registration applications continues to present obstacles to achieving the volume of registration as envisaged in the Light Touch Review. From the start of Q1 additional resourcing has been allocated to bring forward grouped applications that can be fast tracked. Management has responded to a series of Internal Audit issues related to registration which, it is anticipated, enhanced use of CRM and changes to operating practices will address.

• High level investigation procedures and various manuals in place and approved by Board

• Board level panel authorisation of high risk enquiries

• Liaison with other enforcement bodies and regulators (Charity Commission of England and Wales and Office of the Scottish Charity Regulator ) and HMRC

• MOUs agreed with HMRC, CCEW, OSCR, PSNI and ISA

• Programme team capturing learning from each case
• Permanent legal resource in place to handle legal tests and challenges
• Review of Tribunal cases and legal costs
• Chief Executive’s report to Board on challenges in implementing the Act

• Assurance rec’d from DSD that accounting regs in place by year end.
• Additional legal resource to assess reallocation of lower risk cases.

Current Assessment:

The Department’s assurance at end of last quarter that accounting regulations will be in place by year end confirms the likelihood of further delays regarding this risk. CCNI has raised with sponsor branch the view that this risk should be transferred to the Department’s risk register. While the number of statutory enquiries has declined,pressure arising will not diminish untilTribunal processes are exhausted. These significant cases are testing our resources to the limit and as a result some high profile regulatory cases, have not been progressed. In addition, resources continue to be allocated to respond to complaints and lobbying by a small number of disaffected individuals, and the Commission is now engaged in follow up Tribunal work with another regulator.

• Monthly Liaison and policy group meetings between CCNI and sponsor branch to address issues arising from responses

• Policies and procedures governing statutory activities and decision making
• Communications strategy and action plan
• Publishing our decisions policy
• Policy development plan, including timetable to review/amendexisting policies and decision making procedures
• Engagement strategy with sector/other stakeholders
• Chief Executive’s report to Board on challenges to Commission decisions and press coverage, and challenges in implementing the Act.

Current Assessment:

This is a moderate to low risk which the development and implementation of a new communications plan is intended to mitigatefurther. Steps are being taken to review existing publication commitments to ensure the optimal publication of information in addition to enquiry and thematic reports on compliance and enquiries by year end. The Commission has raised the impact of Tribunal practices on its workload with the Department and is awaiting feedback.

• MSFM with DSD and bi monthly Liaison meetings with sponsor branch
• Governance Framework
• ARA Committee review procedures and ensure robustness
• Conflict of interest and Whistle blowing policies in place

• Internal audit provide advice and guidance

• Board assessment and Staff Performance Management & Appraisal systems in place
• Regular Business plan updates to Board, A&R, SMT and DSD
• Monthly SMT review of Business Plan progress and assurance updates by middle management
• Engagement of HR& R committee in staff development, TNA process
• Staffing Handbook approved by Board and assurance processes in place

• ICT strategy agreed by board.

Current Assessment:

This is an extreme to high risk. Following receipt of resource budget from sponsor branch the residual likelihood has been reduced, but the impact remains given the 4% reduction. The lack of departmental guidance on 2015/16 budget parameters led CCNI to forward plan on the basis of the 2012/13 Light Touch Review. Attention is being given to the June monitoring round and submission of an in year bid. The impact of cuts and potential responses has been discussed with managers and staff. Further work with the middle management group on quarterly achievements and forward plans is intended to further mitigate this risk going forward, particularly with regard to performance management and monitoring.

• Governance Framework including Board and committee terms of reference
• Board annual effectiveness review
• Audit and Risk Committee review procedures and ensure robustness.
• Business Continuity Plan
• Policy Development Plan

• Internal audit provide advice and guidance

• Risk policy, risk registers, assurance framework.
• Regular Assurance to Dept, Board, A&R, SMT
• Monthly SMT review of progress and assurance updates by middle management

Current Assessment:

This risk is judged as a high to moderate at this time, informed by briefings and indications of a satisfactory assurance rating from audit. Changes to the assurance check mechanism were implemented to provide further assurance, and additional steps to involve and make middle managers and staff accountable as part of assurance checking will be developed in Q1.

CEX - Chief Executive, SMT – Senior Management Team, HCS - Head of Charity Services, HCoS - Head of Corporate Services, HC&E - Head of Compliance & Enforcement, PM - Policy Manager, CM – Casework Manager, CO - Comms Officer 1

1