In the past academies were given somewhat ambiguous and
vague advice on who could be appointed as the Responsible Officer (RO) to give
assurance to Governing Bodies on internal financial control. That led to a
range of approaches – good practice and not-so-good. Given the rhetoric around
freedom as well as common sense, the new Handbook will doubtless formalise that
flexibility.
In terms of what ROs did, there was more direction if not
prescription. The RO was given a list of Suggested System Control Checks to be
done on a quarterly basis (in practice for many academies, termly basis). These
will, I suspect, go out the window. What will be in their place?
If the RO is to evolve into something resembling internal
audit, the RO’s work will be driven by the risk register. That makes sense -
the assurance function for control and risk should be informed by the risk
register.
But maybe there is a hitch? Many academies – not only new
ones – have in place risk registers that look remarkably like the one in the
2006 Academies Financial Handbook. Using a template is a useful aid but
organisations have to think about their own specific risks – not simply the
generic ones. They need to rigorously review and objectively assess risks. How
many do that?
ROs need to start their work with some attention to risk registers. If ROs have knowledge, understanding and experience when it comes to risk management – as well as common sense – they will add real value as well as ensure that their own testing driven by the risk register addresses real risks.
If academies and their ROs can get their risk registers in
shape, they can then progress onto assurance mapping. But that will have to be
another blog post.
Posts
No comments:
Post a Comment