Accountability report

Last updated on 19 Oct 2022

Corporate governance report: Directors’ report

Governance

The HRA was formed in 2011, and later in accordance with the provisions of the Care Act 2014, the HRA was established as an executive non-departmental public body (NDPB) sponsored by the Department of Health and Social Care (DHSC) on 1 January 2015.

Our relationship with the DHSC, acting on behalf of the Secretary of State, is regulated by a Framework Agreement. This sets out the respective roles and responsibilities of each organisation, the shared principles that underpin our relationship and the arrangements for ensuring that the department is able to fulfil its responsibilities as sponsor and in relation to accountability.

The Framework Agreement also explains our governance arrangements, how we are accountable for our performance and how DHSC measures our performance without being involved in our day-to-day decision-making.

The DHSC’s Science, Research and Evidence Directorate acts as our sponsor and provides assurance to the department’s Permanent Secretary and the Secretary of State that we’re meeting our obligations.

We’re governed by a Board that is our corporate decision-making body. It is made up of five non-executive directors and three executive directors. Three non-voting directors also attend the Board. We are committed to openness and transparency with Board meetings held in public, and papers and minutes available on our website.

Declaration of interests

The HRA maintains a formal register of Board members’ interests as set out in the Code of Accountability for the NHS. Board members are asked to confirm any declarations of interest at each Board meeting and at any time that changes take place. This includes any interests in relation to specific items on a Board agenda.

Board members are also asked to declare any spouse / partner interests. The register, showing current declarations made by the Board, is updated on a regular basis and made available to the public on our website.

Remuneration to auditors

The accounts have been prepared according to accounts direction of the Secretary of State, with approval of HM Treasury. The accounts have been audited by the Comptroller and Auditor General under the Care Act 2014 at the cost of £43,000.

The audit certificate can be found here.

Statement of accounting officer’s responsibilities

Under the Care Act 2014, Section 109 (Schedule 7, paragraph 20) the Secretary of State has directed the HRA to prepare a financial statement of accounts for each year in the form and on the basis set out in the Accounts Direction.

The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of the HRA and of its income and expenditure, statement of financial position and cash flows for the financial year.

In preparing the accounts, the Accounting Officer is required to comply with the requirements of the Government Financial Reporting Manual issued by HM Treasury and in particular to:

  • observe the Accounts Direction issued by the Secretary of State, with the approval of HM Treasury, including the relevant accounting and disclosure requirements and apply suitable accounting policies on a consistent basis
  • make judgements and estimates on a reasonable basis
  • state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed and disclose and explain any material departures in the accounts
  • prepare the accounts on a going concern basis
  • confirm that the annual report and accounts as a whole is fair, balanced and understandable
  • confirm that the Accounting Officer takes personal responsibility for the annual report and accounts and the judgments required for determining that it is fair, balanced and understandable.

The Accounting Officer of the DHSC has designated the HRA Chief Executive as Accounting Officer of the HRA. The responsibilities of an Accounting Officer, including responsibility for the propriety and regularity of the public finances, for which the Accounting Officer is answerable, for keeping proper records and for safeguarding the HRA’s assets, are set out in Managing Public Money published by the HM Treasury. As far as the Chief Executive is aware, there is no relevant audit information of which the entity’s auditors are unaware and the Chief Executive has taken all the steps that they ought to have taken to make them aware of any relevant audit information and to establish that the entity’s auditors are aware of that information.

Governance statement

This governance statement sets out the framework utilised by the HRA to regulate its activities and to ensure delivery of its functions and objectives. In addition to setting out the governance structure, it outlines;

  • the way in which performance is managed and reviewed
  • the risk management processes
  • the process for setting directors’ remuneration.

The HRA complies with the requirements of HM Treasury Corporate Governance in Central Government Departments: Code of Good Practice (2017) insofar as they relate to public bodies.

The Accounting Officer has responsibility for maintaining a sound system of internal control that supports the achievement of the HRA’s policies, aims and objectives, whilst safeguarding public funds and its assets for which the Accounting Officer is personally responsible, in accordance with the responsibilities assigned in HM Treasury: Managing Public Money. The Accounting Officer is accountable for the discharge of functions to the Authority’s Board and ensuring appropriate arrangements are in place for the appropriate discharge of all statutory functions attached to the HRA.

The Accounting Officer is also accountable to the Secretary of State at the DHSC. This line of accountability is managed through a Framework Agreement between the DHSC and the HRA, an Annual Accountability Review with the Minister through quarterly reviews with officials at the DHSC, and close working on a day-to-day basis between HRA staff and those in the DHSC Sponsor Branch.

Governance Structure

The Board membership attendance over 2021-2022 was as follows:

  • Professor Sir Terence Stephenson, Chair (6/6)
  • Richard Cooper, Non Executive Director (6/6)
  • Professor Andrew George, Non Executive Director (6/6)
  • Dr Nicole Mather, Non Executive Director (6/6)
  • Neelam Patel, Non Executive Director (6/6)
  • Dr Matt Westmore, Executive Director (6/6)
  • Ian Cook, Executive Director (5/6)
  • Karen Williams, Executive Director (6/6)
  • Dr Janet Messer, Director – non-voting (6/6)
  • Juliet Tizzard, Director – non-voting (6/6)
  • Kurt Weideling, Director – non-voting (0/2) (left the HRA July 2021)
  • Helen Ainsbury, Director – non-voting (3/3) (joined the HRA August 2021, left the HRA February 2022)
  • Ian Robinson, Director – non-voting (1/1) (joined the HRA January 2022)
Governance structure.jpg
Long description

Key areas of business considered by the Board, in addition to standing items over the reporting period such as performance reporting (including financial analysis), risk management and updates on key programmes, include:

  • development of the HRA’s three year strategic plan for 2022-2025, which resulted in Board approval of the new strategy in May 2022
  • development of the HRA’s business plan for 2022-23, which resulted in Board approval of the new plan in May 2022
  • review and approval of the HRA’s external communication strategy which sets out how the communications team will focus its strategic resource to deliver maximum benefit
  • approval of the HRA’s patient and public involvement shared commitment statement which will help embed public involvement in all health and social care research
  • regular updates on the work conducted by the HRA Audit and Risk Committee review and discussion of actions from board effectiveness review
  • review and approval of strategic and key operational risks which supports the Board’s duty of delivering an effective risk management strategy and framework for the HRA
  • preparations for the HRA’s 10-year anniversary celebration of achievements
  • review and approval of annual reports relating to the delivery of the Research Ethics Service in England and the Confidentiality Advisory Group
  • an annual review of complaints, feedback and information received
  • review of the annual staff survey findings and management response
  • regular feedback from staff forum representatives on staff morale and matters affecting staff
  • a review of key HRA achievements over the year and key messages for stakeholders
  • review and approval of financial reports throughout the year formed from ledger data, the accuracy of which is confirmed annually following review of audit findings

The Board is committed to improving its performance and effectiveness with seminars often held prior to the Board meeting. Topics covered in these seminars include:

  • an away day focusing on the strategic direction of the organisation, innovation plans and team building
  • an update on the transformation programme; past, present and future
  • an update on Think Ethics
  • Equality, Diversity and Inclusion: unconscious bias training
  • an update regarding the Confidentiality Advisory Group with attendance from the Group Chair
  • staff survey 2021 findings and feedback from staff forum representatives
  • a review of the effectiveness of the HRA Board

A board effectiveness review internally facilitated including a questionnaire based on the Financial Reporting Council guidance for Boards and Board Committees was conducted in January 2022 and discussed at the Board seminar. The findings from the review were fundamentally positive, concluding that the Board has open and honest communication, with appropriate consideration of relevant matters with robust challenge by both the non-executive directors and executive directors.

Several recommendations for further consideration were identified and approved at the March 2022 Board which include:

  • expanding the representation at Board meetings to be more representative of our key stakeholders potentially including wider representatives from the research community and patients and the public
  • discussing a variety of topics which relate to the wider research environment with more frequent attendance by external stakeholders
  • identifying further ways to improve transparency and accessibility of Board papers, Board meetings and the organisation’s decision making.

The Board reviews performance at each meeting. The strategic performance report provides the Board with an overview of the status of the HRA Business Plan 2021/22 deliverables as well as management information relating to these objectives, such as strategic risks, and developments in the external environment.

The Board considers both strategic and operational risk, their mitigation and management, regularly. This year our strategic risk register was redeveloped and refreshed following an extensive piece of work to consider the risks of the organisation with input from Board members and the Audit and Risk Committee. The Board also considers potential future risks and ensures these are captured on the register with the mitigations detailed appropriately and the strategic and reputational impacts discussed fully. The system of risk management can only manage it to a reasonable level and not completely eliminate risk.

Declaration of interests are declared and formally recorded, and all Board members’ expenses are published.

The Board has two sub-committees; the Audit and Risk Committee and the Pay and Remuneration Committee.

Audit and Risk Committee

The HRA Audit and Risk Committee has continued to deliver its role to advise the HRA’s Accounting Officer and the HRA Board on risk management, corporate governance and assurance arrangements in the HRA.

The HRA Audit and Risk Committee has met five times in the year to 31 March 2022. The Committee membership attendance over the period was:

  • Richard Cooper (Chair, NED), (5/5)
  • Professor Andrew George (NED), (5/5)
  • Neelam Patel (NED), (3/4)
  • Marc Taylor (Audit and Risk Committee independent member), (5/5)
  • Maurice Goddard (Audit and Risk Committee independent member), (2/2) (joined September 2021; left May 2022)

In addition, individuals from the HRA and Government Internal Audit Agency, were invited and regularly attended the Committee. The National Audit Office and KPMG, as external auditors for the HRA, also attended each meeting.

This year, the Audit and Risk Committee reviewed and approved the annual report and accounts for 2020/21 as well as reviewing the HRA corporate and strategic risk registers on a quarterly basis, the internal and external audit reports, corporate gift and hospitality reports, single tender actions and loss and compensation reports.

New developments this year that the committee reviewed and supported include:

  • a refresh to the HRA’s strategic risk register and risk appetite statement which will provide clarity to HRA staff and other stakeholders regarding how key risks will be managed by the HRA
  • a review of the HRA’s fraud position
  • approval of the HRA’s information governance annual report which provides assurance that information governance issues and risks are being managed effectively
  • a review of the Cabinet Office accessibility audit of the HRA website
  • a discussion on the sector wide risks with the potential to affect the health and research community which allowed the Committee to consider what impact these risks may have on the HRA and whether the management of these risks by the HRA was appropriate
  • a discussion on the HRA’s sustainability strategy which will support future plans to embed sustainability across the HRA
  • a discussion on the impact of the International Financial Reporting Standard (IRFS) 16 (accounting for leases) on the HRA.

The Audit and Risk Committee also undertakes regular ‘deep dives’ into specific areas to better understand the issues affecting the HRA. The Committee undertook the following ‘deep dives’ during this reporting period:

  • the potential impact of the comprehensive spending review on the HRA
  • complaints, third party complaints, whistleblowing and raising concerns received by the HRA and how these are handled.

The Audit and Risk Committee reviewed its effectiveness in February 2022 with a Committee discussion, based on the five good practice principles from the HM Treasury Audit and Risk Assurance Committee Handbook. The Committee has agreed to alternate each year between completing a questionnaire based on the above principles individual and having a Committee discussion.

The findings were largely positive with open and transparent discussions held, and constructive challenges made, with members having a good understanding of the objectives, priorities and risks of the organisation.

Pay and Remuneration Committee

The membership of the Pay and Remuneration Committee is made up of the Chair and NEDs. The business conducted by the Pay and Remuneration Committee over the period includes:

  • advising the Board about appropriate remuneration and terms of service for the Chief Executive and any directors on Executive and Senior Managers pay arrangements. This is to ensure they are fairly rewarded for their contribution and includes:
  • all aspects of salary (including any performance-related elements/bonuses)
  • provisions for other benefits, including pensions
  • arrangements for termination of employment and other contractual terms
  • proper calculation and scrutiny of termination payments taking into account national guidance as well as advising on and overseeing appropriate contractual arrangements for such staff
  • consideration of the requirements, including review of job descriptions, for executive director recruitment.

The committee met four times in the reporting period to deliver its functions. The Chief Executive is normally invited to attend the committee unless discussions relate to the remuneration and terms of services of the Chief Executive.

HRA Executive Committee

The Executive Committee is the senior executive decision-making body responsible for managing our business within agreed objectives, resources and according to the HRA / DHSC Framework Agreement and standing orders. The Executive Committee is accountable to the Chief Executive.

It is responsible for ensuring an effective bridge from executive to Board business and the formulation of HRA strategy.

The Executive Committee has delegated responsibility to the individual directors for the management of day-to-day corporate business, and to the Portfolio Delivery Group for the management of key programmes and projects. These are within agreed objectives, resources and according to the HRA / DHSC Framework Agreement and standing orders.

Effectiveness

The system of performance monitoring in place throughout the year is designed to ensure appropriate delegation and segregation of duties. The following sections describe the operation.

Risk and control.jpg
Long description

Our Board has overall responsibility for risk management throughout the HRA. Its responsibilities include:

  • agreeing the risk management policy
  • assigning a responsible senior manager for risk management
  • ensuring risk management processes are effective and embedded throughout our work
  • agreeing the risk appetite statement for the HRA
  • reviewing significant programme, strategic and operational / project risks
  • reviewing critical risk management activities / controls and their verification.

Current responsibilities are as follows:

  • ensuring appropriate risk management systems are in place: Chief Executive, Deputy Chief Executive & Director of Finance, Head of Corporate Governance and Risk
  • scheduling and facilitating internal audit activities: Deputy Chief Executive & Director of Finance
  • regularly reviewing and following-up risk management activities with all parties. This will include ensuring the verification / assurance of risk management activities and key controls/contingencies: Head of Corporate Governance and Risk
  • writing the Governance Statement: Chief Executive, Deputy Chief Executive & Director of Finance, Head of Corporate Governance and Risk
  • ensuring the appropriate risk structure is in place including the audit and risk committee: Head of Corporate Governance and Risk
  • monitoring risk performance. As part of the routine progress reports the Audit and Risk Committee receives information on the risk performance in terms of the current risk profile, risk management activity performance, and implementation and verification of risk management controls and contingencies: Head of Corporate Governance and Risk.

We aim to maximise the impact our operations have within our resources. By doing this we aim to manage risks at all levels from strategic level to the operational / project levels without stopping innovation, including projects delivered by partner organisations.

This requires considering a full cross section of risks to the organisation including; reputational risks, financial risks, organisational risks, health and safety risks and risks to the achievement of the organisation’s objectives. The Audit and Risk Committee reviewed a refreshed risk appetite statement in February 2022 which, will be considered for approval at the May 2022 Board meeting.

The HRA strategic risk register captures the high-level significant risks which could impact on the delivery of the HRA’s strategic objectives. This is reviewed at each Audit and Risk Committee and regularly at the Board. A snapshot of the strategic risks is included with the HRA’s strategic performance report. Also, each directorate, and individual governance teams and programme boards hold their own risk registers and review these on a regular basis. Any significant risks are subsequently escalated to the leadership team for discussion and further escalation to the Board, Audit and Risk Committee and DHSC sponsor team as required.

A risk engagement framework has been developed this year to further support the risk culture of the organisation. Teams and Directorates regularly review risks and the engagement framework will support the identification of risks as part of the business planning process but also throughout the year. The engagement framework will also share the risk appetite from the Board with staff and look at what assurance is in place to address key risks affecting the organisation. The risk engagement framework will also ensure there is appropriate risk related training of staff and the sharing of feedback and good practice throughout the year.

In addressing issues relating to risk, we seek to be as transparent and open as possible and identify and address those areas where there is a need for improvement in the risk management processes and / or controls and contingencies.

The Audit and Risk Committee reviews and ensures that systems are in place to ensure effective risk management. The internal audit function forms part of the review process and provides assurance on the risk management process and advises the Audit and Risk Committee accordingly.

Quality Assurance

We consider the requirements and coverage of the best practice guide The Aqua Book produced by the working group set up following the Macpherson recommendations, as well as direct discussions with the modelling oversight committee within DHSC. With the endorsement of that committee, we have confirmed that we do not operate any business-critical models. We have sought separate views on our broader quality assurance processes and to the extent they are able to comment, the modelling oversight committee has observed that the processes appear thorough and well developed. We are therefore fully compliant with the Macpherson recommendations.

Information Governance

The HRA has an established Information Governance structure:

  • the Board has designated the Deputy Chief Executive & Director of Finance as Senior Information Risk Owner (SIRO) with responsibility for the system of safeguarding and protecting personally identifiable, confidential and sensitive data
  • the information governance lead is also the Deputy Chief Executive & Director of Finance
  • Jonathan Fennelly-Barnwell, Deputy Director of the Approvals Service is the Caldicott Guardian
  • Stephen Tebbutt, Head of Corporate Governance and Risk is the Data Protection Officer
  • Directors and managers are Information Asset Owners (IAOs) as appropriate.

The Information Governance Steering Group (IGSG) is a formal sub-committee of the Executive Committee. Its purpose is to coordinate, supervise and direct the work of others to ensure we maintain a coordinated approach to information governance. It meets four times a year and implements organisational and managerial structures that support proper consideration of information governance issues to sustain continual improvement.

Data security risks are managed and monitored within the overall risk management framework, the HMG Security Policy Framework, overseen by the information governance lead and IGSG to ensure security threats are followed up and appropriately managed. We are committed to the 10 steps to cyber security and the National Data Guardian’s Data Security Standards. No data security incidents have been reported to the ICO during the year. The HRA has created additional roles to support its cyber resilience, notably a Security Architect position and Cyber Security Lead. A new monitoring report is now received by IGSG, the Cyber Security Assurance Report, which provides assurance that cyber security controls are sufficient to prevent current and future information security threats.

Key Information Governance developments overseen by the IGSG this year include:

  • securing Office 365 accreditation following the completion of the Exchange on-line, clinical risk assessment
  • data cleansing of HRA records with over 60% of the HRA’s total information records being reviewed and destroyed or archived. This work forms part of a key programme to move documents from our shared drive and an online collaborative tool to SharePoint. This programme is in progress and is due to be completed in 2022/23. An external provider, Cognizant, has been engaged to support this work with workshops and training events to support staff during this transition
  • A review of our data sharing agreements has taken place to ensure these remain fit for purpose. Following external legal advice in relation to The Over-volunteering Prevention System (TOPS) our privacy notice has been updated to make clear to participants regarding the collection of potentially sensitive health information.

All information assets and associated systems are identified and included in an Information Asset Register and are subject to annual information asset assessments. These assessments inform the Corporate and Information Risk Registers and help ensure we conform to data protection legislation. We have also completed the Data Security and Protection Toolkit this year and met all mandatory requirements.

The system of internal control

As Accounting Officer, I have responsibility for reviewing the effectiveness of the system of internal control, which has been in place for the period 1 April 2021 to 31 March 2022, and up to the date of approval of the annual report and accounts, in accordance with HM Treasury guidance.

The Executive Committee, which I lead, reviews and monitors progress with other management groups providing input as required. These include Recruitment Panel and management groups specifically for the information systems we provide, and major programmes or steering groups for significant projects.

Senior managers who have responsibility for the development and maintenance of the system of internal control provide me with assurance. The assurance framework itself provides me with evidence that the effectiveness of controls that manage the risks to the organisation achieving its principal objectives have been reviewed and this aspect of the Authority’s activities has been subject to external review.

Our business plan for 2021/22 has been developed and approved by the Board which sets out our clear purpose and business objectives.

Our controls assurance and risk management processes are closely aligned to the twin objectives of maintaining ongoing activities and managing significant transformation issues.

Reports are provided to the Board on a quarterly basis on achievements and progress against the objectives and plans, and this report includes risks and controls in place to mitigate them.

The effectiveness of the system of internal control has been, and continues to be, subject to review by our internal auditors who, in liaison with our management, plan and carry out a programme of work. This work has been approved by the Audit and Risk Committee which external audit attends, to review the design and operation of the systems of internal control.

If weaknesses are identified, these are reported to the Audit and Risk Committee and an action plan agreed with management to implement the recommendations agreed as part of this process. During the year, no sigificant internal control matters were identified.

The Head of Internal Audit provides me with an opinion, in accordance with Public Sector Internal Audit Standards, on the overall adequacy and effectiveness of the HRA’s risk management, control and governance processes.

In accordance with the requirements of the UK Public Sector Internal Audit Standards, I am required to provide the Accounting Officer with my annual opinion of the overall adequacy and effectiveness of the organisation’s risk management, control and governance processes.

My overall opinion is that I can give Moderate assurance to the Accounting Officer that the HRA has had adequate and effective systems of control, governance and risk management in place for the reporting year 2021/22.

Head of Internal Audit Opinion 2021/22

Compliance with NHS Pension Scheme Regulations

As an employer with staff entitled to membership of the NHS Pension Scheme, control measures are in place to ensure all employer obligations contained within the scheme regulations are complied with. This includes ensuring that deductions from salary, employer contributions and payments into the scheme are in accordance with the scheme rules and that member pension scheme records are accurately updated in accordance with the timescales detailed in regulations.

A headshot of Dr Matt Westmore

Dr Matthew Westmore

Chief Executive

Remuneration and staff report

Remuneration Policy

The Chair and Non-Executive Director Board members are remunerated in line with DHSC guidance that applies to all NHS bodies. Details of the senior managers’ remuneration, given in the following tables, with one exception, is set and reviewed in line with the DHSC guidance Pay Framework for Executive and Senior Managers (ESM) in Arms’ Length Bodies. Senior managers employed under the ESM framework are under stated contracts of employment on terms and conditions as set out by NHS Employers. Pay for one Executive Director employed and contained in the report is set and reviewed in line with Agenda for Change terms and conditions. All those contained in the senior managers’ remuneration table below are subject to annual appraisals on their performance.

Remuneration and Pension for Directors (subject to audit):

Name and Title of Directors Year-ended (31 March) Salary (bands of £5,000)
£000
Other Remuneration (bands of £5,000)
£000
(**) All Pension related benefits (bands of £2,500)
£000
Total(bands of £5,000)
£000
Professor Sir Terence Stephenson, Chair - Note 1 2022

2021
45 - 50

45 - 50
0

0
0

0
45 - 50

45 - 50
Richard Cooper, Non-Executive Director and
Audit Chair (from 01/04/2021)
2022

2021
10 - 15

5 - 10
0

0
0

0
10 - 15

5 - 10
Professor Andrew George, Non-Executive Director 2022

2021
5 - 10

5 - 10
0

0
0

0
5 - 10

5 - 10
Dr Nicole Mather, Non-Executive Director 2022

2021
5 - 10

5 - 10
0

0
0

0
5 - 10

5 - 10
Neelam Patel, Non-Executive Director (from 01/04/2021) 2022

2021
5- 10

0
0

0
0

0
5- 10

0
Graham John Clarke, Non-Executive Director and Audit Chair (left 1/03/2021) 2022

2021
0

10 - 15
0

0
0

0
0

10 - 15
Back to annual report and accounts 2021/22