This statement explains the governance arrangements of ORR, including the management of risk and resources. ORR is the independent safety and economic regulator for Britain’s railways and the independent monitor for National Highways.
Governance structure
Our governance structure for 2022-23 is shown below.
Figure 1: Governance structure
The Board
ORR is a non-ministerial government department led by a statutory Board consisting of Non-Executive Directors (including the Chair) and Executive Directors (including the Chief Executive). The Secretary of State for Transport makes appointments to the Board for a fixed term of up to five years, which is renewable, but he can only remove individual members for grounds specified under paragraph 2 of Schedule 1 of the Railways and Transport Safety Act 2003.
The Board provides support and challenge on the effective running and long-term strategy of ORR as well as on the department’s performance and risk management, and progress against delivery of our objectives and priorities. Members’ duties and responsibilities are set out in a code of conduct included in the Board’s rules of procedure. The Board’s objectives are aligned to key business and risk management activities. The Board held 10 formal meetings in 2022-23.
As part of a wide-ranging agenda during the year, the Board:
- Considered regular reports on health and safety risks across the rail industry and ensured that the safety impacts of industrial action were considered and mitigated.
- Monitored the ongoing impact of recovery from COVID-19 of the rail industry and the strategic roads network.
- Monitored the performance of Network Rail, with particular attention to its work to improve track worker safety, keeping up pressure to deliver financial efficiency, and its response to declining performance of freight and passenger services.
- Oversaw ORR’s work with industry to plan for establishment and management of a refreshed rail ombudsman as part of rail reform.
- Engaged with key stages (including advice to governments) of the five-yearly periodic review process for Network Rail, which will result in a draft determination in June 2023.
- Responded to government’s requirements for assurance in relation to the evidence base for the introduction and operation of smart motorways and oversaw ORR’s first assessment of safety on the strategic roads network.
- Continued to press train operators to address poor performance and deliver better customer service through improved information during disruption, complaints handling, training for frontline staff and compensation, where appropriate.
- Received regular updates on progress of regulatees against environmental performance indicators, undertook visits to understand the performance and safety challenges around extreme weather events and climate change on earthworks on the rail network, and monitored the work of Network Rail in response to those challenges.
- Oversaw ORR’s measures to ensure its workforce remained effective and engaged as hybrid working became the norm.
- Continued to oversee ORR’s work as competition authority for the rail industry.
- Participated in a programme of stakeholder engagement and field visits to better understand the needs of our stakeholders.
Membership and appointment terms of ORR’s Board as at 31 March 2023 was as follows:
Non-Executive Directors
Declan Collier, Chair, since 1 January 2019, appointed until 31 December 2023
Justin McCracken, Deputy Chair, reappointed to 31 July 2024
Xavier Brice, to 16 January 2027
Bob Holland, reappointed to 31 December 2024
Anne Heal, reappointed to 30 September 2026
Madeleine Hallward, to 12 April 2025
Daniel Ruiz, to 16 January 2027
Catherine Waller, to 16 January 2027
Executive Directors
John Larkinson, Chief Executive from 8 October 2018, reappointed to the Board until 27 March 2027
Ian Prosser, Director, Railway Safety, Board appointment to 25 September 2023
Changes to Board membership
There were no changes to Board membership this year.
Audit and Risk Committee
The Audit and Risk Committee supports the Board in its responsibilities for issues of risk control and governance and associated assurance. Its role is to review whether assurances presented are sufficient and comprehensive enough to meet the Board and the Accounting Officer’s needs, and to assess the reliability and integrity of those assurances, as well as to provide an opinion on how well the Board and Accounting Officer are supported in decision-making and in discharging their accountability obligations (particularly in respect of financial reporting and risk management).
The Audit and Risk Committee comprises four Non-Executive Directors (one of whom chairs the Committee) and an independent member.
The Committee met five times during the year. Areas considered included:
- Internal and external audit plans and progress against those plans, including progress made in implementing audit recommendations.
- Key strategic risks for ORR and how they are managed.
- Deep dive into regulatory risks and roads data.
- A regular report on cyber security, including threats, trends and cyber effectiveness.
- Fraud prevention and whistleblowing policies.
- The annual report and accounts and the Governance Statement.
Remuneration and Nominations Committee
The Remuneration and Nominations Committee has a specific role in reviewing the performance and remuneration of ORR’s senior civil servants including the Chief Executive. It maintains oversight of our people strategy, including our reward strategy for employees below the senior civil service. It also advises the Chair on non-executive recruitment and induction.
The Committee, which comprises three Non-Executive Directors, met four times during the year. Areas considered included:
- The performance of ORR’s senior civil servants during 2021-22.
- ORR’s pay policy and non-consolidated performance-related pay awards for its senior civil servants, ensuring that this is consistent with the annual guidance produced by Cabinet Office for the senior civil service as a whole and meets Secretary of State approval.
- The succession and talent management arrangements for senior civil servants covering critical roles at ORR.
- Implementation of the three-year diversity and inclusion strategy.
- Implementation of ORR’s pay and reward strategy.
- The annual people survey results.
- The gender pay gap report.
Health and Safety Regulation Committee
The Health and Safety Regulation Committee’s role is to develop, maintain, review and update ORR’s health and safety regulatory strategy and the overall adequacy of arrangements to meet ORR’s statutory duties. It consists of a mix of non-executive and executive members.
The Committee met four times during the year. Areas considered included:
- ORR’s strategic approach to health and safety regulation.
- Network Rail’s work to improve track worker safety and extreme weather resilience.
- Relevant ‘lessons learned’ reviews from inside and outside the rail industry.
- Emerging safety trends and challenges.
- Safety performance and management of non-mainline sectors, including heritage operators, London Underground and UK Trams.
- Duty holders’ health and safety performance.
Highways Committee
The purpose of the Highways Committee is to oversee the work of the highways monitor team, advise the ORR Board and act as a forum for policy development with senior staff. It consists of a mix of non-executive and executive members. The Committee met four times in the year and considered:
- Reports from our monitoring framework for National Highways.
- National Highways’ capital planning and asset management.
- Operational performance, including safety and efficiency.
- Implementation of the second road investment strategy (RIS2) and planning for RIS3.
- Reports on National Highways’ implementation of its smart motorway action plan.
- National Highways’ management of local disruption to the network and support for those affected.
Board committee attendance
Board committee attendance in 2022-23 was as follows:
Table 9: Board committee attendances
Member | Board | Audit and Risk Committee | Remuneration and Nominations Committee | Health and Safety Regulation Committee | Highways Committee |
---|---|---|---|---|---|
Declan Collier | 10/10 | - | - | 4/4 | - |
Xavier Brice | 10/10 | 5/5 | - | 4/4 | 4/4 |
Madeleine Hallward | 9/10 | 5/5 | - | - | 4/4 |
Anne Heal | 10/10 | - | 4/4 | - | 4/4 |
Bob Holland | 9/10 | 5/5 | - | 3/4 | - |
John Larkinson | 10/10 | - | - | 4/4 | 4/4 |
Justin McCracken | 9/10 | - | 4/4 | 4/4 | - |
Ian Prosser | 10/10 | - | - | 4/4 | - |
Daniel Ruiz | 10/10 | - | - | 4/4 | 4/4 |
Catherine Waller | 10/10 | 5/5 | 4/4 | - | - |
Nicholas Bateson [note 1] | - | 5/5 | - | - | - |
Note 1: independent member of the Audit and Risk Committee
Board effectiveness
The Board and its standing committees are governed by the Board’s rules of procedure. There is a formal appraisal system for all Board members, including executive members, undertaken by the Chair. Committee chairs report to the Board after each meeting and minutes are circulated to Board members. The Board is required to review its own performance, including that of the committees, at least every two years.
In early 2022 an internal review of Board processes gave strong assurance on ORR’s internal governance. In early 2023 an externally conducted board effectiveness review found that “the current ORR Board is strong, dynamic and challenging. Board renewal and increased diversity have created a different complexion of Board in terms of diversity of thought. In 2019 there was the solid base of a well-functioning Board, but this Board appears more proactive and engaged in an anticipatory way around critical challenges”.
Conflicts of interest
The Board’s rules of procedure include strict guidelines on conflicts of interest. A register of Board members’ interests is available on ORR’s website, and members declare interests on agenda items at the start of every Board and Committee meeting. On the rare occasion where there is a risk of a conflict of interest, the Board must decide whether or not the relevant member must withdraw from the meeting during discussion of the relevant item, and this is recorded in the minutes. No issues arose during the year where a Board member was required to withdraw from a meeting.
Compliance with the Code of Practice on Corporate Governance
ORR is a non-ministerial government department with its functions vested in a statutory Board appointed by the Secretary of State. On that basis, there are some departures from the model envisaged in the ‘Enhanced Departmental Board Protocol’ for ministerial departments, as follows:
- The Board reserves to itself any changes in its governance and scrutiny thereof, so there is no committee with responsibility for governance.
- The senior management team and the Board do not include a finance director as ORR is not a spending department.
- The Board has a role in deciding individual reward for senior civil servants. This approach adds a useful element of independence and objectivity given the small size of the department.
These exceptions aside, the Board considers that ORR is compliant with the principles established in the Code. The Board and senior team operate according to the recognised precepts of good corporate governance in business, namely: leadership, effectiveness, accountability, and sustainability.
The Executive
As Chief Executive, I head ORR and am also the Accounting Officer. Executive governance arrangements are based around two committees. Each committee involves a sub-set of Executive Directors as appropriate.
- The Executive Committee meets weekly and oversees operational issues such as progress against the business plan and allocation of resources for business planning.
- The Regulation and Policy Committee meets three times a month and assists the development of safety strategy, policy, and reviews the overall adequacy of arrangements to meet ORR’s statutory duties.
In addition, certain major workstreams have their own programme board, for example, the PR23 programme. Programme boards are made up of a task-appropriate mix of Executive Board members, directors and staff.
Managing outside interests
Leavers from ORR are reminded of the Business Appointment Rules (BARs) in place for departing civil servants, as part of our leaving process. Similarly, as part of the onboarding process new joiners are asked to disclose any conflict of interest and are referred to the employment handbook and policy available on our intranet.
Application of Business Appointment Rules
In compliance with Business Appointment Rules, we are transparent in the advice given to all grades of employees and those at SCS level. Our conflict of interest policy is published on our intranet and we advise our employees that there must never be any reason for people outside ORR to suspect that our decisions may be influenced by private interests. We therefore impose certain restrictions on employees’ financial and non-financial activities. These requirements form part of their employment contract and the Civil Service Code. In 2022-23 there have been no exits where BARs have been required or set.
Whistleblowing
ORR’s whistleblowing policy is designed to provide an avenue for employees to raise concerns about perceived wrongdoings, illegal conduct or fundamental misconduct that may endanger others. Our ‘whistleblowing and raising a concern’ policy is available to all staff on our intranet. In 2022-23 all staff were required to complete mandatory ‘whistleblowing with confidence’ training. There were three internal whistleblowing complaints investigated and closed during 2022-23 (one in 2021-22).
ORR is a prescribed person under the Public Interest Disclosure Act 1998. Prescribed persons are people and bodies you can blow the whistle to rather than your employer. People are able to contact ORR regarding concerns over the provision and supply of railway services and any other activities in relation to our functions. An outline of whistleblowing complaints by railway employees is be published on our website separately.
Risk management
The Board considers the key risks facing ORR as part of a yearly discussion on strategy. Management of these risks is delegated to the Executive Committee. The Audit and Risk Committee is responsible for assuring the Accounting Officer and the Board on the adequacy of risk management processes. On a quarterly basis the Board receives an update on risk from the Audit and Risk Committee, and the Executive’s risk summary paper.
Risk registers are maintained corporately and for each directorate. Risk champions in each directorate are responsible for collating risks at directorate level, which facilitates proactive management of risks by those with the relevant knowledge. Risk champions come together as a group quarterly to discuss top and cross-cutting risks and their mitigating actions. A longlist is then presented to the deputy directors’ group for strategic review and moderation of risk scoring. The top risks identified are then discussed and challenged by the Executive Committee before being presented to the Audit and Risk Committee on a quarterly basis. In addition, the Committee regularly conducts deep-dive reviews of strategic risks.
Risk profile
During the year the principal risks to ORR were as follows:
Key risks and mitigating actions
Principal risks:
Failure to deliver key milestones of PR23 programme
- Risk description:
- The 2023 periodic review (PR23) is an ORR-led statutory process designed to deliver a stable basis for Network Rail, its supply chain and train operators to plan, invest and provide services over the next five-year control period from 1 April 2024. PR23 will determine what Network Rail is expected to deliver with respect to its operation, support, maintenance, and renewal (OSMR) of the network and the level of funding that it will be provided with over control period 7 (CP7). #
- PR23 will also determine the framework for access charges for use of the rail network and the contractual performance and possessions regimes and how we hold Network Rail to account.
- Key inputs to the process are the UK and Scottish governments’ Statements of Funds Available (SoFA) and High-Level Output Specifications (HLOS). These inform Network Rail’s Strategic Business Plan (SBP) for CP7 which will form the basis of ORR’s determination for Network Rail.
- The risk if key milestones are missed is that the timetable for the periodic review slips, causing uncertainty for Network Rail, its supply chain and train operators.
- Mitigating factors:
- PR23 has and will continue to be a collaborative, cross-industry process. We have worked closely with funders (in England & Wales and in Scotland), Network Rail and industry stakeholders. We provided advice to funders about Network Rail’s funding requirements for its OSMR activities for CP7 and what it can deliver for that funding. This informed the UK Government’s and Scottish Ministers’ SoFAs and HLOSs, which are both critical inputs to the success of completing the periodic review to statutory deadlines.
- We also issued guidance in July 2022 to Network Rail on our requirements for its SBP.
- We have a dedicated cross-office programme in place, with appropriate governance, which has ensured that we have met our milestones. In December 2022, we delivered on two key policy areas for CP7: our conclusions on the policy framework for how we intend to hold Network Rail to account in CP7 and our conclusions on the outcomes measures for CP7. We also issued a consultation on our financial framework for CP7 and have been working with Network Rail and wider industry on the recalibration of charges and Schedule 4 and Schedule 8 parameters for CP7.
Network Rail’s train service performance
- Risk description:
- We hold Network Rail to account for its delivery of the outcomes that matter to rail users, including its contribution to reliable and punctual train services. Network Rail must ensure it has the capability to manage train service performance effectively, otherwise performance is at risk. It must carefully manage many factors that influence performance, such as development of a resilient timetable, reliability of infrastructure assets, operational response to disruption and recovery of services. It must also work collaboratively with train operators to minimise disruption.
- Mitigating factors:
- We regulate Network Rail in line with our published Holding to Account policy. We have robust processes in place for scrutinising Network Rail’s contribution to train service performance and escalating our concerns. This includes monitoring key performance indicators, such as delays attributed to Network Rail. This year, we recruited a new Deputy Director role to increase our leadership and scrutiny of operational performance.
- During the year, we raised concerns about train performance with each of Network Rail’s regions and with its System Operator (which oversees freight performance, and national passenger operational performance). We required them to develop performance improvement plans and are actively monitoring progress of these. We will take further action if they are not delivered. We reported on Network Rail’s contribution to train service performance and the action we are taking in our Annual Assessment of Network Rail and through two letters which are published on our website.
Future structure of the rail industry
- Risk description:
- The government is implementing its plan to reform the organisational structure of the rail sector, as set out in The Plan for Rail.
- The reform programme represents an opportunity to simplify and clarify accountabilities in the sector, addressing lessons learnt through the Glaister review. Reform should benefit passengers, freight users and taxpayers by putting in place a more integrated approach to running the railway. ORR can support those benefits through taking a more integrated approach to oversight and assurance across all of Great British Railways’ (GBR) activities.
- The main risk for ORR is that reform undermines our ability to provide effective oversight and assurance of the railways. The cause of this risk is that the legal and sectoral structures are designed without sufficient understanding of the role that ORR currently plays and how it can best operate in the future.
- Additionally, the change programme has not moved forward as quickly originally hoped. While the government’s intention to legislate is clear, there is still no final confirmation that the legislation required for the programme will be taken forward. It is also worth noting that the implementation of any change programme on this scale can create risks to day-to-day delivery of existing commitments, or a loss of clear accountabilities during transition.
- Mitigating factors:
- We have engaged with the reform process since its inception. We continue to use our expertise and independent perspective to inform and support DfT’s developments of its proposals and ensure that the future industry model provides for a strong accountability framework. We have put in place internal coordinated oversight of the reform programme across ORR, bringing together work on consumers, competition, safety, access, the licence and other aspects of reform. This enables us to track all of the interaction between DfT’s reform programme and ORR, keeping up to date with progress and identifying future issues.
- In addition to DfT, we work at a number of different levels with others, including the Great British Railways Transition Team (GBRTT) and industry partners. Through these relationships we influence the direction of reform and ensure ORR interests are represented. We also gather information about reform and work together to tackle the challenges of implementation.
- With the earliest expected date for GBR go-live being sometime during CP7, we are working closely with PR23 colleagues to ensure reform issues are considered as we move forward through the review. We ensure that any determinations will be adaptable to reform as and when it happens.
- More broadly, we continue to hold industry organisations to account for the safe and efficient delivery of their obligations during a time of substantial change for the sector. Our engagement with the Safety Working Group ensures that safety remains a priority and that reform doesn’t become a distraction from the safety critical work of running the railways.
Network funding to support passenger and service levels is difficult to secure
- Risk description:
- A key objective of the periodic review process is to establish the level of funding for the mainline GB rail network and the outcomes Network Rail should deliver over a five-year control period.
- PR23 is taking place under challenging circumstances for the industry. Passenger revenues have fallen due to changed travelling patterns following the COVID-19 pandemic and challenging macroeconomic conditions make government decisions on funding difficult, with the risk that funding to support passenger and service levels is difficult to secure.
- Mitigating factors:
- We have provided advice to the UK and Scottish governments about Network Rail’s funding requirements for its OSMR activities and what it can deliver for that funding. This included identifying choices that funders have available to them.
- Our advice informed the UK Government’s and Scottish Ministers’ HLOSs and SoFAs for CP7. These include requirements around punctuality and reliability which build on ORR’s PR23 objectives of safety, performance, asset sustainability and efficiency.
- We have also defined the outcomes measures that we will hold Network Rail to account against in CP7, including success measures for passenger and freight performance.
Network Rail is unable to achieve funders’ requirements with the level of funding made available for CP7
- Risk description:
- An important element of the periodic review process is governments’ decisions about how much funding they will make available for the railway given their other priorities and what, in return, the railway is required to deliver over the five-year control period. Network Rail bases its business plan for the control period on these decisions which governments set out in their Statements of Funds Available (SoFA) and High-Level Output Specifications (HLOS).
- The 2023 periodic review is taking place in a complex context for the rail industry, which continues to recover from the pandemic against a backdrop of inflationary pressures and industrial action, while funders are making decisions amid a challenging macroeconomic environment.
- ORR will assess whether Network Rail’s CP7 business plans are consistent with funders’ priorities and determine whether there are sufficient funds in each SoFA to meet the associated HLOS. There is a risk that funders’ requirements are not consistent with the funds available for Network Rail’s activities in CP7.
- Mitigating factors:
- We worked closely with funders on the appropriate funding for Network Rail for CP7, delivering advice to the UK Government and Scottish Ministers about Network Rail’s funding requirements for its OSMR activities and what it can deliver for that funding. This informed the UK and Scottish governments’ SoFA and HLOS, which in turn have informed Network Rail’s CP7 plans.
- ORR’s assessment of Network Rail’s Strategic Business Plan will put particular focus on ensuring Network Rail is being as efficient as is realistically possible and can deliver the HLOSs for the funding set out in the SoFAs. We have also continued to work closely with the UK and Scottish governments to understand their priorities.
Industrial action in the rail sector
- Risk description:
- ORR’s risk relates to inadequate preparation for any industrial action and management of its impacts. The most significant of these are the potential for reduced competence and capability in the railway during periods of industrial action and increased potential for health and safety incidents, and pressure on maintenance backlogs. These areas are the subject of complaints to ORR during periods of strike action.
- There is also a wider financial risk to the railway due to the immediate loss of revenue and high cost of the strikes, and the longer term loss of confidence in the railways by passengers and freight, leading to a move to other modes of transport.
- Mitigating factors:
- We have maintained ongoing dialogue with senior industry staff and trade unions to assess the likelihood and potential impacts arising from industrial action.
- We have completed and issued a review of guidance on principles for contingency staff to ensure it was fit for purpose and shared with Network Rail.
- We have carried out some targeted visits during strike periods, which showed that Network Rail and TOCs had mitigations in place and were managing well on the ground.
- We have responded to complaints received and have found no significant safety implications or increase in train accident risk. Where there were deficiencies, we have raised these with the duty holders. The priority of our interventions, and the necessity for any follow up activity is informed by the risk and severity of the incident.
Quality and analytical assurance
We have quality and analytical assurance frameworks, robust processes and tools in place for effective risk management of analysis and decisions. This helps to inform and support our analysts, policy, and decision makers.
During the summer an internal audit of the business critical model (BCM) process was conducted. A list of priority actions was identified and is being progressed. At the end of the year model leads reviewed the governance and quality assurance processes for their business critical models to ensure they were fit for purpose. This consisted of a set of assurance activities across a five-pillar methodology and a scoring system. This is in alignment with the recommendations from Sir Nick Macpherson’s review of quality assurance of government models, the Aqua Book and best practice across government. The internal BCM panel has helped to support cross-working between model leads and to strengthen quality assurance processes.
Information assurance
ORR maintains an information strategy as part of our wider technology strategy. ORR is registered as a data controller with the Information Commissioner and adheres to the provisions of the Data Protection Act 2018 and the UK General Data Protection Regulation. We have a data protection officer as mandated by the legislation who advises the office with regards to compliance. Our privacy policy is published on our website.
We maintain a risk register on information risk and oversee our compliance with our government information assurance requirements through a security forum chaired by our senior information risk owner. This forum meets quarterly (or by exception) to monitor breaches in general security and information security, recommend follow-up actions as appropriate, and to provide a central management point for matters relating to information assurance.
ORR follows the requirements of the Cabinet Office’s minimum security standards where they apply to us. This is being replaced by a new Cyber Assessment framework and we have identified that further work needs to be completed to comply with this. We have therefore embarked on a plan which will enable us to implement stricter technical controls across our network and devices.
Personal data related incidents
We have had no reportable personal data breaches for 2022-23.
Internal audit
Our internal auditors for 2022-23 were RSM. Throughout the year RSM delivered a programme of audit reviews which was developed jointly with the Executive and endorsed by the Audit and Risk Committee. The plan was designed to address the key risks facing the organisation and to provide assurance that our key business processes are fit for purpose. The most that the internal audit service can provide to ORR is reasonable assurance that there are no major weaknesses in those systems audited. Based on the reviews undertaken and specific testing and evaluation performed during the year to 31 March 2023, RSM’s opinion is that ORR has an adequate and effective framework for risk management, governance and internal control, with some further enhancements to the framework needed to ensure the framework remains adequate and effective. Recommendations made by RSM during the year have either been implemented already or will be implemented in 2023-24.
Value for money from major contracts
It is ORR’s policy to utilise competitive tendering when seeking goods and services from third party suppliers, when practical to do so. On the occasions where a single source approach is taken, robust justification must be provided, which is signed off by a senior member of staff.
For high value contracts, ORR has three main routes to access the market, depending on the requirement of the tender: Crown Commercial Services frameworks; wider public sector frameworks; and open tenders. Our main tendering strategy is, and will continue to be, to utilise framework agreements using mini-competitions or through direct award where it can be demonstrated that the supplier provides value for money. A benefit of using such frameworks is that they often allow for the inclusion of benchmarking provisions, which can be used to ensure the contract retains its value for money.
For tendering consultancy, we either utilise a framework or we undertake an open competition, publicising the requirements through ContractsFinder. This opens up the requirements to small and medium enterprises who often specialise in our particular consultancy requirements. We focus on price/whole life costs as one of the main criteria.
Functional standards
During the year we have assessed ourselves against the Cabinet Office’s functional standards. Most mandatory elements have been met at 31 March 2023. Where they have not been met, there is an action plan in place to achieve compliance.
Accounting Officer’s statement
As Accounting Officer, I am personally responsible and accountable to Parliament for the organisation and quality of management in the department, including its use of public money and stewardship of its assets. The system of internal control in place to support me in this capacity accords with all relevant HM Treasury guidance.
My review of the effectiveness of the system of internal control for 2022-23 was informed by the Audit and Risk Committee, from assurance statements from directors across the organisation, and from information on levels of compliance with relevant government functional standards. This is further supported by independent assurances from internal and external audit.
As Accounting Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information and to establish that ORR’s auditors are aware of that information. I am not aware of any relevant audit information which has not been disclosed to the auditors.
During the year we identified that the Cabinet Office learning and development spend control had been breached, where on several occassions we did not seek approval from Cabinet Office to procure locally first. In all cases the spend was low value. Cabinet Office has given retrospective approval for the breaches. As this is the third year in succession that a breach of spend controls has occured, we have now centralised the process for procuring learning and development spend and are actively working with Cabinet OFfice to agree principles for procurement.
I have considered the evidence that supports this Governance Statement and am assured that ORR has a strong system of internal control in place to support the achievement of its strategic objectives. During the year our internal auditors have made a number of recommendations to management to enhance governance, risk management and control. Recommendations have also been made in other independent reports regarding cyber and information security. Where actions have not yet been completed, action plans are in place for all recommendations made.
The annual report and accounts are fair, balanced and understandable. I am personally responsible for them, and for the judgments required to determine this.
John Larkinson
Accounting Officer