Corporate governance report

Components

This report explains the composition and organisation of ORR’s governance structures and how they support the achievement of our strategic objectives.

Directors’ report

Directors

Executive and non-executive members of the ORR board are listed in the governance statement.

Register of interests

No directorships or other significant interests, which may have caused a conflict with their management responsibilities, were held by any board members. A register of interests is available on our website.

Personal data related incidents

There were no personal data-related incidents requiring notification to the Information Commissioner’s Office during the year.

John Larkinson
Accounting Officer
17 July 2024

Statement of Accounting Officer’s responsibilities

Under the Government Resource and Accounts Act 2000, HM Treasury has directed ORR to prepare for each financial year resource accounts, detailing the resources required, held, or disposed of during the year and the use of resources by ORR during the year. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of ORR and of its income and expenditure, statement of financial position and cash flows for the financial year.

In preparing the accounts, the Accounting Officer is required to comply with the requirements of the Government financial reporting manual and in particular to:

  • Observe the Accounts Direction issued by the Treasury, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis;
  • Make judgments and estimates on a reasonable basis;
  • State whether applicable accounting standards, as set out in the Government financial reporting manual, have been followed, and disclose and explain any material departures in the financial statements;
  • Prepare the financial statements on a going concern basis; and
  • Confirm that the annual report and accounts as a whole is fair, balanced and understandable, and take personal responsibility for the annual report and accounts and the judgments required for determining that it is fair, balanced and understandable.

The Treasury has appointed the chief executive as ORR’s Accounting Officer. The responsibilities of an Accounting Officer, including responsibility for the propriety and regularity of the public finances for which the Accounting Officer is answerable, for keeping proper records and for safeguarding ORR’s assets, are set out in Managing Public Money published by HM Treasury.

As the Accounting Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information, and to establish that ORR’s auditors are aware of that information. So far as I am aware, there is no relevant audit information of which the auditors are unaware.

Figure 1: Governance structure

Governance statement

This statement explains the governance arrangements of ORR, including the management 
of risk and resources.

Governance structure

Our governance structure for 2023-24 is shown below.

Figure 1: Governance structure

Flow chart showing the main board, board committees of Health and Safety Regulation Committee, Highways Committee, Audit and Risk Committee, People Committee and  Executive committees - Executive Committee, Regulation and Policy, Major programme boards (e. g. PR23)

The board

ORR is a non-ministerial government department led by a statutory board consisting of non-executive directors (including the chair) and executive directors (including the chief executive). The Secretary of State for Transport makes appointments to the board for a fixed term of up to five years, which is renewable, but can only remove individual members for grounds specified under paragraph 2 of Schedule 1 of the Railways and Transport Safety Act 2003.

The board provides support and challenge on the effective running and long-term strategy of ORR as well as on the department’s performance and risk management, and progress against delivery of our objectives and priorities. Members’ duties and responsibilities are set out in a code of conduct included in the board’s rules of procedure. The board’s objectives are aligned to key business and risk management activities.

Membership and appointment terms of ORR’s board as at 31 March 2024 were as follows:

Non-executive Directors

Declan Collier, chair, since 1 January 2019, reappointed until 31 December 2028

Justin McCracken, Deputy chair, reappointed to 31 July 2024

Xavier Brice, to 16 January 2027

Anne Heal, reappointed to 30 September 2026

Madeleine Hallward, to 12 April 2025

Bob Holland, reappointed to 31 December 2024

Daniel Ruiz, to 16 January 2027

Catherine Waller, to 16 January 2027

Executive directors

John Larkinson, chief executive from 8 October 2018, reappointed to the board until 27 March 2027

Ian Prosser, Director, Railway Safety, reappointed to the board until 26 June 2024

Changes to board membership

There were no changes to board membership this year.

Board meetings

The board held 13 formal meetings in 2023-24.

Key areas of discussion

  • Regular reports on health and safety risks across the rail industry and ensured that safety impacts of industrial action were considered and mitigated.
  • The performance of Network Rail, with particular attention to train reliability and punctuality, financial efficiency, asset reliability, weather risk safety management, environmental targets, and safe operation of the railway.
  • Key stages of the periodic review process for Network Rail, approving the final determination in October 2023.
  • The performance of HS1, with particular attention to health and safety targets, availability of lifts and escalators, train service provision, and renewals delivery.
  • The risks, issues and priorities for the periodic review of HS1 Ltd (PR24) ahead of the Final Determination due in December 2024.
  • The performance of National Highways, with particular attention to efficiency, enhancements, asset management and environmental targets, and oversaw ORR’s second annual assessment of safety on the strategic roads network.
  • Oversight of the establishment and management of a refreshed rail ombudsman as part of rail reform.
  • Oversight of ORR’s work on improving the rail passenger experience and its role as competition authority for the rail industry.
  • Industry data management and the development of a data strategy to maximise the value of data within ORR.
  • ORR’s role in improving sustainability, including its current role and remit across both rail and road.
  • Participation in a programme of engagement to better understand the needs of our stakeholders, which included regional field visits related to rail and road as well as external speakers at board meetings.
  • ORR’s financial position, progress against the business plan for 2023-24, communications strategy, and strategic risks.
  • The effectiveness of the board and review of its board procedure rules, including committee terms of reference.

Audit and Risk Committee

The Audit and Risk Committee supports the board in its responsibilities for issues of risk, control and governance and associated assurance. Its role is to review whether assurances presented are sufficient and comprehensive enough to meet the board and the Accounting Officer’s needs, and to assess the reliability and integrity of those assurances, as well as to provide an opinion on how well the board and Accounting Officer are supported in decision making and in discharging their accountability obligations (particularly in respect of financial reporting and risk management).

The Audit and Risk Committee comprises four non-executive directors (one of whom chairs the committee) and an independent member.

The committee met five times during the year.

Key areas of discussion

  • Internal and external audit plans and progress against those plans, including progress made in implementing audit recommendations.
  • Key strategic risks for ORR and how they are managed.
  • Deep dives into safety risks and freight risks.
  • Learning and development spend controls.
  • A regular report on cybersecurity, including threats, trends and cyber effectiveness.
  • The annual report and accounts and draft governance statement.
  • A review of the committee’s terms of reference.

People Committee

The People Committee (formerly the Remuneration and Nominations Committee) fulfils the functions of a remuneration and nominations committee. It has a specific role in reviewing the performance and remuneration of ORR’s senior civil servants including the chief executive, as well as advising the chair on non-executive recruitment and induction. It maintains oversight of our people-related strategies (such as our reward strategy for employees below the senior civil service) and culture.

The Committee, which comprises three non-executive Directors, met four times during the year.

Key areas of discussion

  • The performance of ORR’s senior civil servants during 2022-23.
  • ORR’s pay policy and non-consolidated performance-related pay awards for its senior civil servants, ensuring that this is consistent with the annual guidance produced by Cabinet Office for the senior civil service as a whole and meets Secretary of State approval.
  • Implementation of ORR’s pay and reward and diversity and inclusion strategies.
  • People and employee relations data, including a deep dive into the railway safety directorate in the first of a series of deep dives focusing on organisational issues such as succession planning.
  • The annual people survey results.
  • The succession and talent management arrangements for senior civil servants covering critical roles at ORR, including updates on the recruitment of the Director of Railway Safety.
  • Advice on the recruitment of non-executive directors.
  • A review of the committee’s terms of reference and effectiveness, resulting in a recommendation to the board to update the committee’s name.

Health and Safety Regulation Committee

The Health and Safety Regulation Committee’s role is to develop, maintain, review and update ORR’s health and safety regulatory strategy and the overall adequacy of arrangements to meet ORR’s statutory duties. It consists of a mix of non-executive and executive members.

The committee met four times during the year.

Key areas of discussion

  • ORR’s strategic approach to health and safety regulation, including key performance indicators, risk profiling and activity planning.
  • The development of health and safety-related policy, considering the management of fatigue, interoperability, enforcement, train protection systems, and ORR strategic risk chapters.
  • Dutyholders’ health and safety performance.
  • Network Rail’s work to improve track worker safety, fire safety, structures compliance, modernising maintenance, and extreme weather resilience.
  • Safety performance and management of non-mainline sectors, including heritage operators, trams, and London Underground.
  • Relevant ‘lessons learned’ reviews from inside and outside the rail industry.
  • Emerging safety trends and challenges, including cybersecurity and high integrity software-based systems.
  • A review of the committee’s terms of reference and effectiveness.

Highways Committee

The purpose of the Highways Committee is to oversee the work of the highways team, advise the ORR board and act as a forum for policy development with senior staff. It consists of a mix of non-executive and executive members. The committee met six times in the year.

Key areas of discussion

  • Reports from our monitoring framework for National Highways.
  • National Highways’ capital planning and asset management.
  • Operational performance, including safety and efficiency.
  • Implementation of the second road investment strategy (RIS2) and planning for RIS3, including advice to the Secretary of State.
  • National Highways’ safety performance, including the performance of safety systems on smart motorways.
  • National Highways’ management of local disruption to the network and support for those affected.
  • A review of the committee’s terms of reference and effectiveness.

Meeting attendance

Meeting attendance in 2023-24 was as follows:

MemberBoardAudit and Risk CommitteePeople CommitteeHealth and Safety Regulation CommitteeHighways Committee
Declan Collier13/13--4/4-
Xavier Brice12/135/5-3/4-
Madeleine Hallward12/134/5--6/6
Anne Heal13/13-4/4-6/6
Bob Holland13/135/5-4/4-
John Larkinson13/13--4/46/6
Justin McCracken12/13-4/44/4-
Ian Prosser10/13--3/4-
Daniel Ruiz13/13--4/46/6
Catherine Waller13/135/54/4--
Nicholas Bateson [note 1]-5/5---

Note 1: independent member of the Audit and Risk Committee

Board effectiveness

The board and its standing committees are governed by the board’s rules of procedure. There is a formal appraisal system for all board members, including executive members, undertaken by the chair. Committee chairs report to the board after each meeting and minutes are circulated to board members. The board is required to review its own performance, including that of the committees, on an annual basis (conducted externally at least every three years), and its rules of procedure on a biennial basis. A thorough review of the board procedures took place in January 2024 with amendments made accordingly.

In early 2023 an externally conducted board effectiveness review found that “the current ORR board is strong, dynamic and challenging. board renewal and increased diversity have created a different complexion of board in terms of diversity of thought. In 2019 there was the solid base of a well-functioning board, but this board appears more proactive and engaged in an anticipatory way around critical challenges”. In early 2024, an internal review of board effectiveness was undertaken, which considered progress against the 2023 recommendations. It found that the board continued to perform well, noting the upcoming changes to board composition due in 2024, following the standing down of two long-serving members at the end of their terms.

Across 2023-24, each committee also reviewed its terms of reference and effectiveness and made recommendations to the board as appropriate.

Conflicts of interest

The board’s rules of procedure include strict guidelines on conflicts of interest. A register of board members’ interests is available on ORR’s website, and members declare interests on agenda items at the start of every board and Committee meeting. On the rare occasion where there is a risk of a conflict of interest, the board must decide whether or not the relevant member must withdraw from the meeting during discussion of the relevant item, and this is recorded in the minutes. No issues arose during the year where a board member was required to withdraw from a meeting.

Compliance with the Code of Practice on corporate governance

ORR is a non-ministerial government department with its functions vested in a statutory board appointed by the Secretary of State. On that basis, there are some departures from the model envisaged in the ‘Enhanced Departmental board Protocol’ for ministerial departments, as follows:

  • The board reserves to itself any changes in its governance and scrutiny thereof, so there is no committee with responsibility for governance.
  • The senior management team and the board do not include a finance director as ORR is not a spending department.
  • The board has a role in deciding individual reward for senior civil servants (further to the recommendation of the People Committee). This approach adds a useful element of independence and objectivity given the small size of the department.

These exceptions aside, the board considers that ORR is compliant with the principles established in the Code for central government departments. The board and senior team operate according to the recognised precepts of good corporate governance in business, namely: leadership, effectiveness, accountability, and sustainability.

The executive

As chief executive, I head ORR and am also the Accounting Officer. Executive governance arrangements are based around two committees. Each committee involves a sub-set of executive directors as appropriate.

  • The Executive Committee meets weekly and oversees operational issues such as progress against the business plan and allocation of resources for business planning.
  • The Regulation and Policy Committee meets three times a month and assists the development of safety strategy, policy, and reviews the overall adequacy of arrangements to meet ORR’s statutory duties.

In addition, certain major workstreams have their own programme board, for example, the PR23 programme. Programme boards are made up of a task-appropriate mix of executive board members, directors and staff.

Managing outside interests

Leavers from ORR are reminded of the business appointment rules (BARs) in place for departing civil servants, as part of our leaving process. Similarly, as part of the onboarding process new joiners are asked to disclose any conflict of interest (this is in addition to an annual disclosure process) and are referred to the employment handbook and policy available on our intranet.

Application of business appointment rules

In compliance with business appointment rules, we are transparent in the advice given to all grades of employees and those at SCS level. Our conflict of interest policy is published on our intranet and we advise our employees that there must never be any reason for people outside ORR to suspect that our decisions may be influenced by private interests. We therefore impose certain restrictions on employees’ financial and non-financial activities. These requirements form part of their employment contract and the Civil Service Code. In 2023-24 there have been no exits where BARs have been required or set.

Internal whistleblowing

All employees at ORR are required to comply with the terms of the Civil Service Code, including the core values of integrity, honesty, objectivity and impartiality. The Code also sets out what an employee must do if they believe they are being required to act in a way that conflicts with the Code, or if they become aware of actions of others which they believe are in conflict with the core values.

Our ‘whistleblowing and raising a concern’ policy is available to all staff on our intranet. No internal whistleblowing complaints were raised in 2023-24. In 2022-23 three complaints were investigated and closed.

External whistleblowing

ORR’s whistleblowing policy is designed to provide an avenue for people working in the rail and road industries to raise concerns about perceived wrongdoings, illegal conduct or fundamental misconduct that may endanger others. ORR is a prescribed person under the Public Interest Disclosure Act 1998. Prescribed persons are people and bodies you can blow the whistle to rather than your employer. Whistleblowers are able to contact ORR regarding concerns over the provision and supply of railway services and any other activities in relation to our functions.

An outline of whistleblowing complaints by railway employees is published on our website.

Risk management

Management of risk is delegated to the Executive Committee. The Audit and Risk Committee is responsible for assuring the Accounting Officer and the Board on the adequacy of risk management processes.

Risk is managed in line with our risk management strategy. The strategy has been approved by the Executive Committee and agreed as appropriate by the Audit and Risk Committee. The risk management strategy was updated in the year to take account of a change in approach, resulting in a separation of strategic and corporate risks into different registers. The risk management strategy is supported by a risk manual which provides guidance on the operational aspects of risk management for colleagues. Our risks are aligned to the risk categories in HM Treasury’s risk management guidance – ‘The Orange Book’. Risk management is the responsibility of all colleagues within ORR, and organisation-wide risk management training will be provided in 2024-25.

Our corporate risk dashboard contains largely operational and reputational risks with a close proximity which need to be actively managed. Risk registers are maintained by each directorate. Risk champions in each directorate are responsible for collating risks at directorate level. This ensures that risks are working level are captured. Risk champions come together as a group quarterly to discuss the top risks in their area and to provide an additional perspective on others’ risks. The corporate risk dashboard is then discussed by the deputy directors’ group, who moderate the scoring and provide assurances for the risks in their areas, ahead of discussion and challenge of the top risks by the Executive Committee. Corporate risks are reviewed quarterly by the Audit and Risk Committee. The key corporate risks we have faced and actively managed in the year are outlined in the performance analysis section.

The strategic risk register identifies those risks which have the potential to have a serious, critical or existential impact on ORR’s ability to meet its strategic objectives and are typically longer-term risks which do not change quickly and require less active management. Strategic risks are identified through a biannual horizon scanning exercise. They are reviewed quarterly by the Executive Committee and biannually by the Audit and Risk Committee. The Board considers the key strategic risks facing ORR annually.

Quality and analytical assurance

We have quality assurance guidance, including an analytical assurance framework, robust processes and tools in place for effective risk management of analysis and decisions. This helps to inform and support our analysts, policy, and decision makers.

During the year we reviewed our data, analytical and publication guidance, making it more accessible. We continue to assess the fitness for purpose for each of the business critical model (BCM) quality assurance and governance processes using a five-pillar methodology and a scoring system. This is in alignment with the recommendations from Sir Nick Macpherson’s review of quality assurance of government models, the Aqua Book, the 'government functional standard: 'analysis'' and best practice across government. The internal BCM panel has helped to support cross-working between model leads and to strengthen quality assurance processes.

Information assurance

We maintain an information strategy as part of our wider technology strategy. ORR is registered as a data controller with the Information Commissioner and adheres to the provisions of the Data Protection Act 2018 and the UK General Data Protection Regulation. We have a data protection officer as mandated by the legislation who advises the office with regards to compliance. Our privacy policy is published on our website.

We maintain a risk register on information risk and oversee our compliance with our government information assurance requirements through quarterly reporting to the Audit and Risk Committee.

We follow the requirements of the Cabinet Office’s minimum security standards where they apply to us in relation to physical, personnel and incident management standards. Cyber standards have been replaced by a new cyber assessment framework. We have identified that further work needs to be completed to enable us to comply with this. We have therefore embarked on a plan which will enable us to implement stricter technical controls across our network and devices.

Internal audit

Our internal auditors for 2023-24 were RSM. Throughout the year RSM delivered a programme of audit reviews which was developed jointly with the executive and endorsed by the Audit and Risk Committee. The plan was designed to address the key risks facing the organisation and to provide assurance that our key business processes are fit for purpose. The most that the internal audit service can provide to ORR is reasonable assurance that there are no major weaknesses in those systems audited. Based on the reviews undertaken and specific testing and evaluation performed during the year to 31 March 2024, RSM’s opinion is that ORR has an adequate and effective framework for risk management, governance and internal control, with some further enhancements to the framework needed to ensure the framework remains adequate and effective. Recommendations made by RSM during the year have either been implemented already or will be implemented in 2024-25.

Following an audit of our safety enforcement processes, we have implemented enhanced monitoring arrangements through a centrally managed team to ensure that the requirements of our quality management system are being consistently applied across our work. These enhanced monitoring arrangements include the pace and timeliness of our interventions. Following an audit of public commitments, we have produced guidance for making public commitments and have implemented a process for their tracking.

Value for money from major contracts

It is our policy to utilise competitive tendering when seeking goods and services from third party suppliers, when practical to do so. On the occasions where a single source approach is taken, robust justification must be provided, which is signed off by a senior member of staff.

For high value contracts, we have three main routes to access the market, depending on the requirement of the tender: Crown Commercial Services frameworks; wider public sector frameworks; and open tenders. Our main tendering strategy is to utilise framework agreements using mini-competitions or through direct award where it can be demonstrated that the supplier provides value for money. A benefit of using such frameworks is that they often allow for the inclusion of benchmarking provisions, which can be used to ensure the contract retains its value for money.

For tendering consultancy, we either utilise a framework or we undertake an open competition, publicising the requirements through ContractsFinder. This opens up the requirements to small and medium enterprises who often specialise in our particular consultancy requirements. We focus on price/whole life costs as one of the main criteria.

Functional standards

During the year we have assessed ourselves against the Cabinet Office’s functional standards. Most mandatory elements have been met at 31 March 2024. Where they have not been met and they are considered appropriate for ORR, there is an action plan in place to achieve compliance.

Accounting Officer’s statement

As Accounting Officer, I am personally responsible and accountable to Parliament for the organisation and quality of management in the department, including its use of public money and stewardship of its assets. The system of internal control in place to support me in this capacity accords with all relevant HM Treasury guidance.

My review of the effectiveness of the system of internal control for 2023-24 was informed by the Audit and Risk Committee, from assurance statements from directors across the organisation, and from information on levels of compliance with relevant government functional standards. This is further supported by independent assurances from internal and external audit.

As Accounting Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information and to establish that ORR’s auditors are aware of that information. I am not aware of any relevant audit information which has not been disclosed to the auditors.

I have considered the evidence that supports this governance statement and am assured that ORR has a strong system of internal control in place to support the achievement of its strategic objectives. During the year our internal auditors have made a number of recommendations to management to enhance governance, risk management and control. Where actions have not yet been completed, action plans are in place for all recommendations made.

I confirm that the annual report and accounts are fair, balanced and understandable. I am personally responsible for them, and for the judgments required to determine this.

John Larkinson
Accounting Officer
17 July 2024