Introduction and Context
NHS Fylde and Wyre Clinical Commissioning Group (CCG) is a body corporate established by NHS England on 1 April 2013 under the National Health Service Act 2006 (as amended).
The CCG’s statutory functions are set out under the National Health Service Act 2006 (as amended). The CCG’s general function is arranging the provision of services for persons for the purposes of the health service in England. The CCG is, in particular, required to arrange for the provision of certain health services to such extent as it considers necessary to meet the reasonable requirements of its local population.
As at 31 April 2021, the CCG is not subject to any directions from NHS England issued under Section 14Z21 of the National Health Service Act 2006.
Scope of Responsibility
As Accountable Officer, I have responsibility for maintaining a sound system of internal control that supports the achievement of the CCG’s policies, aims and objectives, whilst safeguarding the public funds and assets for which I am personally responsible, in accordance with the responsibilities assigned to me in Managing Public Money. I also acknowledge my responsibilities as set out under the National Health Service Act 2006 (as amended) and in my Clinical Commissioning Group Accountable Officer Appointment Letter.
I am responsible for ensuring that the CCG is administered prudently and economically and that resources are applied efficiently and effectively, safeguarding financial propriety and regularity. I also have responsibility for reviewing the effectiveness of the system of internal control within the CCG as set out in this governance statement.
Governance Arrangements and Effectiveness
The main function of the Governing Body is to ensure that the CCG has made appropriate arrangements for ensuring that it exercises its functions effectively, efficiently and economically and complies with such generally accepted principles of good governance as are relevant to it.
The members of the CCG are responsible for determining its governing arrangements, which are set out in the CCG’s Constitution which is published on the CCG’s website: https://www.fyldecoastccgs.nhs.uk/document/fylde-and-wyre-ccg-constitution-31-july-2019-v5-7-pdf/
The CCG is accountable for exercising its statutory functions. It may grant authority to act on its behalf to any of its members, its Governing Body, employees or a committee or sub-committee of the CCG. Section 6 of the CCG’s Constitution details the governing structure of the CCG. The extent of the authority to act of the respective bodies and individuals depends on the powers delegated to them by the CCG as expressed through the Constitution; the CCG’s Scheme of Reservation and Delegation; and for committees, their terms of reference.
The CCG’s Scheme of Reservation and Delegation (Appendix D of the Constitution) sets out those decisions that are reserved for the membership as a whole, and those decisions that are the responsibilities of the Governing Body, committees and sub-committees, individual members and employees.
During the reporting period, arrangements have been maintained to ensure that the CCG was able to properly discharge its statutory functions, duties and responsibilities. In addition, robust performance management processes remained in place with clear lines of accountability through established formal arrangements.
The CCG’s Constitution outlines the principles of good governance which must be adhered to at all times in the way by which the CCG conducts its business. These include the need for the highest standards of propriety, impartiality, integrity and objectivity in relation to the stewardship of public funds, the management of the organisation and the conduct of its business.
The CCG’s Constitution establishes those matters and arrangements that are reserved to the Council of Members and those which are delegated to the Governing Body and the relevant CCG committees.
Taken together these documents enable maintenance of a robust system of internal control. The CCG remains accountable for all of its functions, including any it has delegated.
Assurance is provided to the Council of Members through the following structural and organisational control:
Fylde Coast CCGs Committee Arrangements
Committees of the Governing Body have been established as either ‘Joint Committees’ or ‘Committees in Common’ as appropriate, except the Remuneration Committee. ‘Joint committees’ operate as a single committee containing members from both CCGs. They use a single agenda and usually reach one conclusion or recommendation on matters put before them. A ‘committee in common’ meeting is effectively a forum in which separate organisations are holding their equivalent committees within the same arrangements. Membership of ‘committees in common’ is therefore exclusive to those proposed by the host organisation and whilst there may be different agendas, there is common debate around single topic items for these agendas. However, decisions and voting takes place consecutively with each organisation making its decision specific to its’ own agenda.
Terms of reference and membership of the Governing Body Committees were reviewed during the year and can be found at: https://www.fyldecoastccgs.nhs.uk/about-us/governing-bodies/fylde-and-wyre-ccg-committees/
Fylde Coast CCGs Leadership Arrangements
Dr Amanda Doyle is the Accountable Officer (AO)/Chief Clinical Officer (CCO) of NHS Fylde and Wyre CCG, NHS Blackpool CCG and NHS West Lancashire CCG. This is in addition to her role of Senior Responsible Officer (SRO) for the Lancashire and South Cumbria Integrated Care System (ICS).
During 2020/21 in addition to her role of Director of Nursing and Quality, Jane Scattergood, was the COVID-19 Vaccination Director for Lancashire and South Cumbria.
With effect from 1 August 2020, Andrew Harrison was appointed as Chief Finance Officer of NHS Morecambe Bay CCG in addition to his existing roles as Chief Finance Officer of NHS Fylde and Wyre CCG and NHS Blackpool CCG. In order to support this arrangement, John Gaskins became Acting Chief Finance Officer for Blackpool CCG and Fylde and Wyre CCG.
In January 2021 David Bonson left his role as Chief Operating Officer of NHS Blackpool CCG and NHS Fylde and Wyre CCG, and interim leadership and management arrangements were put in place to ensure the Fylde Coast CCGs continued to operate effectively and safely. Dr Neil Hartley-Smith and Dr Ben Butler-Reid, Clinical Directors, took on the formal Chief Operating Officer responsibilities.
During 2020/21 all NHS organisations continued to work extremely hard in their response to the COVID-19 pandemic. With effect from 23 March 2020, the CCG modified its arrangements and wherever possible CCG staff began to work from home. The CCG operated in accordance with guidance issued by NHSE/I and whilst there was some relaxation of ‘business as usual’ requirements, organisations continued to have a statutory responsibility to ensure effective and robust governance arrangements were in place. This enabled organisations to realign their capacity and resources in order to operate effectively in the current climate and make safe decisions. Governing Body and committee meetings were held via video conference throughout the year, with streamlined agendas and exception reporting.
In December 2020 and January 2021, with the North West facing a third peak of COVID-19 infections, the CCG responded to further NHSE/I guidance to enable staff to focus on the priorities of the NHS and minimise unrelated activity, cancelling unnecessary oversight meetings and backing the redeployment of staff wherever possible.
Council of Members
The Council of Members has final authority for all CCG business and established the vision, values and overall strategic direction for the organisation. It has reserved powers with respect to authorisation of the CCG Constitution, commissioning strategy and election/ratification of key appointments to the CCG Governing Body.
During 2020/21, the Council met on 6 occasions and was quorate on each occasion. Two of the meetings (November 2020 and March 2021) were held jointly with the Blackpool CCG GP Practice Link to discuss matters of mutual interest. Engagement from the membership continued with robust discussion on a wide range of agenda items pertaining to its responsibilities including matters relating to quality, performance and strategy. It also ratified appointments to the Governing Body
It is my view that the Council of Members has operated effectively throughout the period 1 April 2020 to 31 March 2021.
The Governing Body has its functions conferred on it by sections 14L(2) and (3) of the 2006 Health and Social Care Act, inserted by section 25 of the 2012 Health and Social Care Act. In particular, it has responsibility for:
- ensuring the CCG has appropriate arrangements in place to exercise its functions effectively, efficiently and economically and in accordance with the principles of good governance (its main function).
- determining the remuneration, fees and other allowances payable to employees or other persons providing services to the CCG and the allowances payable under any pension scheme it may establish under paragraph 11(4) of Schedule 1A of the 2006 Act, inserted by Schedule 2 of the 2012 Act.
- approving any functions of the CCG that are specified in regulations (section 14L(5) of the 2006 Act, inserted by section 25 of the 2012 Act)
- planning, setting the vision, strategy and operational plans
- approving commissioning plans
- monitoring performance against plans
- providing assurance of strategic risk
- commissioning community health services; maternity services, elective hospital services, urgent and emergency services. Ambulance, 111, patient transport services and out of hours, older people’s services, children’s services including those with complex healthcare needs, rehabilitation services, wheelchair services, mental health services, learning disability services, continuing healthcare and certain specific primary care functions delegated to the CCG by NHS England
- those matters delegated to it within the CCG’s Constitution.
During 2020/21, in response to the COVID-19 pandemic, there was an emphasis on system working across Lancashire and South Cumbria and the NHS as a whole enacted a Command and Control system wherein national direction was implemented through a distinct chain of command directly linking strategic intent with operational delivery. NHSE/I guidance was issued to support providers and commissioners to free up capacity and resource to focus on the challenges of the pandemic.
The Governing Body continued to meet bi-monthly operating under this strategic framework and its agendas were more focussed and its papers streamlined. Agendas incorporated a range of reports to support delivery of its key functions including quality performance and finance. A regular update was also provided on the development and implementation of key aspects of service delivery across the Lancashire and South Cumbria Integrated Care System (ICS), the Fylde Coast Integrated Care Partnership (ICP) and Primary Care Networks (PCNs). The Governing Body received regular update reports on the COVID-19 pandemic. During May 2020 a review of the Fylde Coast CCGs’ emergency response to the pandemic was carried out to ‘test’ how effective the response had been both internally and externally. In July 2020 the Governing Body supported the recommendations from this ‘Test and Adjust’ Survey.
In February 2021, in response to the publication by NHSE/I of the document ‘Integrating Care – Next steps to building strong and effective care systems across England’ the Governing Body approved a proposal relating to commissioning governance arrangements in 2021/22 to enable single decision making across Lancashire and South Cumbria.
Throughout 2020/21, due to the COVID-19 pandemic and Government social isolation requirements constituting special reasons to avoid face to face gatherings, meetings of the Governing Body have been held via video-conference. Members of the public were invited to submit questions to the Governing Body in advance of the meetings and since January 2021 were able to join the meetings virtually to observe.
Agendas, papers including minutes which show attendance at meetings are published on the CCG’s website at: www.fyldecoastccgs.nhs.uk/about-us/governing-bodies/
The Governing Body is quorate if five members are present, including at least one lay member, either the chief clinical officer or the chief finance officer and at least three clinicians. During 2020/21 the Governing Body met ‘in common’ with the NHS Blackpool CCG Governing Body, on seven occasions and has been quorate at each meeting.
The Governing Body has delegated responsibility for a range of functions to its committees, which are set out in the approved terms of reference of each committee/group and the CCG’s standing orders and scheme of reservation and delegation. The CCG’s operational scheme of delegation has been regularly overseen by the audit committee to ensure it facilitates informed and prompt decision-making, is ‘fit for purpose’ and that the robust and appropriate organisational and financial controls across the CCG are maintained.
Following a review of governance arrangements in March 2020, the Governing Body endorsed proposals on how the committees would undertake their duties and make key decisions using technology and virtual committee status in order to maintain and enhance levels of scrutiny not being fulfilled by a physical presence. This arrangement continued during the incident management period, via the Governing Body and committees, which ensured appropriate levels of scrutiny and assurance.
It is my view that the Governing Body has operated effectively in meeting its responsibilities throughout the period 1 April 2020 to 31 March 2021.
Audit Committee (Committees in Common held with Blackpool CCG)
The Audit Committee provides the Governing Body with an independent and objective view of the CCG’s financial systems, financial information and compliance with laws, regulations and directions governing the CCG. The key duties of the Audit Committee are governance, risk management and internal control. The committee shall review the establishment and maintenance of an effective system of integrated governance, risk management and internal control, across the whole of the CCG’s activities that support the achievement of the CCG’s objectives. In particular, the committee will review the adequacy and effectiveness of:
- All risk and control related disclosure statements (in particular the Governance Statement), together with any accompanying Head of Internal Audit opinion, External Audit opinion or other appropriate independent assurances, prior to submission to the Governing
- The underlying assurance processes that indicate the degree of achievement of the organisation’s objectives, the effectiveness of the management of principal risks and the appropriateness of the above disclosure statements.
- The underlying assurance process that indicates the degree of Financial Systems robustness and responsiveness to delivering financial control.
- The underlying assurance process for complying with the Value for Money responsibilities of the CCG.
- The policies for ensuring compliance with relevant regulatory, legal and code of conduct requirements and any related reporting and self-certifications.
- The policies and procedures for all work related to counter fraud, bribery and corruption as required by NHSCFA.
The members of the Audit Committee are the Lay Members on the CCG’s Governing Body (with the exception of the CCG Chair) and the CCG’s Secondary Care Doctor. The lay member for governance chairs the committee. This member also holds the office of the conflicts of interest guardian. The committee meets at least three times per annum. Minutes and attendance at Audit Committee meetings are published on the CCG’s website via the Governing Body meeting papers.
The Remuneration Committee makes recommendations to the Governing Body on the remuneration, fees and other allowances for employees and other persons providing services on behalf of the CCG.
The committee meets at least once per year. Throughout 2020/21, the remuneration committee has made recommendations on the implementation of NHS pay awards and approved amendments to HR Policies.
Members of the Remuneration Committee are the Lay Members on the CCG’s Governing Body, the Chair of the Council of Members and the Secondary Care Doctor.
Finance and Performance Committee (Joint meetings held with Fylde and Wyre CCG)
The Finance and Performance Committee has responsibility to:
- Oversee the performance of the CCG in delivering the national targets and objectives included in the local commissioning plan, ensuring the effective and efficient use of resources whilst delivering financial balance
- Assure that the commissioning portfolio delivers against contracted performance metrics and outcomes, (recognising the leadership of the Primary Care Commissioning Committee for primary care contracts)
- Give assurance to the CCG Governing Body on finance, performance, service reviews, procurement and planning of all commissioned services and contracts, including those dependent upon Partnership Agreements and joint working arrangements, (recognising the leadership of the Quality Improvement and Engagement Committee for quality matters).
- Receive routine monitoring reports that evaluate CCG performance against mandated national and regional metrics as well as locally agreed indicators that ensure the CCG is meeting its defined objectives.
- Undertake monitoring of commissioned services via Provider performance reporting and provide assurance to the CCG Governing Body that services delivered for patients are done so effectively, consistently and in line with specified requirements and regulation.
- Scrutinise the performance of commissioned contracts, assure the CCG Governing Body of compliance and oversee action plans where performance is deemed to need corrective actions.
- Consider and review high level financial issues and risks, and ensure corrective plans are in place where variation from plan requires action.
- Ensure the CCG meets its financial duties and objectives
- Ensure the CCG complies with all information governance requirements.
During 2020/21 a command and control structure has been in place associated with the NHS response to the COVID-19 pandemic. This along with the changed nature of NHS commissioner to provider contractual relationships and the CCGs most material Independent Sector contracts operating under a National contract as part of the pandemic response has resulted in many of the previously usual finance and performance oversight arrangements becoming less complex. In response to this situation and an internal review of governance arrangements, when operating under the command and control structures, the committee met monthly in the period April to November and following a further review of governance arrangements the CCGs stood down F&P ensuring that the oversight this committee would previously have provided was undertaken by the Governing Body from a finance perspective with the Quality Improvement and Engagement Committee having oversight on performance matters.
Membership comprises representatives from across the Fylde Coast CCGs and includes two Lay Members (of which one is the committee Chair and one the Vice Chair), the Chief Clinical Officer or a Clinical Director, four GP Elected Clinical Members, the Chief Finance Officer and one other Executive. Other officers attended on an ad hoc basis.
Minutes and attendance at Finance and Performance Committee meetings are published on the CCG’s website via the Governing Body meeting papers.
Quality Improvement and Engagement Committee (Joint meetings held with Blackpool CCG)
The Quality Improvement and Engagement Committee provides strategic oversight and assurance to the Governing Body relating to the quality, public and service user engagement and the continual improvement of all CCG directly and jointly commissioned services. It ensures that effective, relevant and appropriate decisions are made in protecting the health and wellbeing of the population we serve. The key responsibilities of the committee are that:
- Service quality, patient engagement and involvement are integral to the work of the CCG.
- All the services that the CCG commissions, including its joint and partnership arrangements (ICP/ICS etc), are safe and effective and have been influenced by tangible public and patient involvement and engagement.
- There is continuous scrutiny in the quality of commissioned services, including primary care and patient outcomes.
- The principles of quality assurance and clinical governance are integral to performance monitoring arrangements for all CCG commissioned services and are embedded within consultation, service development and redesign, evaluation of services and the decommissioning of services
- Assurance is provided to the Governing Body about public involvement and the difference it has made, and that the CCG is meeting its statutory duties.
- There is oversight of the development, implementation and monitoring of:
- The CCG’s strategic approach to Quality Improvement Strategy and Quality Assurance
- Communications and Engagement Strategy
- Equality and Inclusion Strategy
- Risk Management Strategy
- Other relevant strategies
- Patients have effective and safe care, with a positive experience of services.
- The quality and outcomes of treatment and care commissioned by the CCG, or provided by its member practices, is improving against national or locally agreed measures.
- Early warning systems are in place to identify concerns relating to the quality and safety of services and that appropriate action is taken in response to those concerns.
- The views of all our communities underpin the work of the CCG and meet its Constitutional duties and requirements.
- The CCG is fulfilling its statutory duties for Equality and Diversity, particularly the Equality Act 2010, through the implementation of the Equality Delivery System.
- CCG corporate governance arrangements are robust (e.g. regarding service quality risk identification and risk management; FOIs; statutory Health and Safety responsibilities).
The Quality Improvement and Engagement Committee provides assurance in the delivery of the above responsibilities and duties to the Governing Body by regularly reviewing and approving performance reports. The committee holds to account the relevant Governing Body leads and the senior management team of the CCG for their relevant responsibility and accountable areas.
The committee usually meets monthly. The Membership comprises representatives from across the Fylde Coast CCGs and includes the Secondary Care Doctor, two Lay Members, up to seven GP Elected Clinical Members, a CCG Clinical Director, the Chief Operating Officer, Director of Nursing and Quality and Head of Quality. Other officers attended on an ad hoc basis.
During 2020/21 the committee met on ten occasions and meetings were held via video-conference with reduced agendas and focussed/exception reports where appropriate. Minutes and attendance at Quality Improvement and Engagement Committee meetings are published on the CCG’s website via the Governing Body meeting papers.
Patient and Public Engagement and Involvement Forum (PPEI)
The Fylde Coast Patient and Public Engagement and Involvement Forum (PPEI) is accountable to the Quality Improvement and Engagement Committee. The Forum meets monthly and has responsibility for ensuring that the voice of patients and carers, and public and stakeholders views inform the commissioning decisions of the CCG. The key aims of the forum are to:
- Ensure the CCG fulfils its statutory responsibilities to make arrangements to involve and consult patients and the public in service planning and operation, and in the development of proposals for change and involve and engage people in line with the Equality Act 2010
- Work in partnership with relevant bodies such as the Health and Wellbeing Board and Healthwatch, and engage with different groups and communities, and
- Ensure effective mechanisms are in place to capture the voice of practice populations.
The Forum is chaired by the CCG’s Lay Member for patient and public involvement. Membership includes representation from Healthwatch, patient representatives and people from the community, voluntary and faith sector, including those representing older people, carers, children and young people and the LGBT community. During 2020/21 the meeting has been held virtually but has also been paused at times due to the pandemic.
Primary Care Commissioning Committee (Committees in Common held with Blackpool CCG)
NHS England has delegated to the CCG the authority to exercise certain specified primary care commissioning functions. The Primary Care Commissioning Committee has responsibility for the management of these delegated functions and the exercise of the delegated powers in accordance with the agreement entered into between NHS England and the CCG. The committee makes decisions on the review, planning and procurement of primary care services, under delegated authority to the CCG from NHS England and NHS Improvement. Meetings are usually held bi-monthly and are held in public. Papers for the meetings can be accessed via the CCG’s website.
The membership comprises all of the CCG’s Lay Members, one of whom Chairs the committee and one acting as Vice Chair of the committee (excluding the Audit Committee Chair), the Secondary Care Doctor (and proxy Lay Member), the Chief Operating Officer, the Chief Finance Officer, the Director of Nursing and Quality and a CCG Clinical Director. Representatives from the local authority, Healthwatch, Lancashire Coastal Local Medical Committee and NHS England are also invited to attend committee meetings. Other officers may be required to attend on an ad hoc basis. Minutes and attendance at the Primary Care Commissioning Committee meetings are published on the CCG’s website.
During 2020/21 the committee met on four occasions and meetings were held via video-conference. The committee welcomed representation from two Patient Participation Group chairs who were able to bring their valuable experience of working with local GP Practices to the discussions.
Clinical Commissioning Committee (Joint meetings held with Blackpool CCG)
The Clinical Commissioning Committee provides clinical advice and insight and assurance to the Governing Body that the CCG is commissioning and actioning the operational implementation of service priorities in line with the needs of the local population and the strategic objectives of the CCG. It has operated throughout the reporting period.
The membership comprises all the GP Elected Clinical Members, from whom the Chair and Vice Chair are nominated, the Chief Operating Officer, the Director of Nursing and Quality, the Secondary Care Doctor and the Directors of Public Health (Blackpool Council and Lancashire County Council). Other CCG officers are invited to participate in support of the committee’s work. The committee usually meets six times a year and the minutes and attendance are published on the CCG’s website via the Governing Body meeting papers.
Following the review of governance arrangements and the guidance relating to the ongoing COVID-19 pandemic as described on page 37, the committee met monthly via video-conference during the period May to November 2020. During the period December 2020 to March 2021 committee meetings were stood down to free up capacity and resource to focus on the challenges of the pandemic.
UK Corporate Governance Code
NHS Bodies are not required to comply with the UK Code of Corporate Governance. However, whilst the detailed provisions of the UK Corporate Governance Code are not mandatory for public sector bodies, compliance with relevant principles of the code is considered to be appropriate and good practice. This Governance Statement is intended to demonstrate how the CCG has due regard to the principles set out in the Code and which are considered appropriate for CCGs.
Discharge of Statutory Functions
In light of recommendations of the 1983 Harris Review, the CCG has reviewed all of the statutory duties and powers conferred on it by the National Health Service Act 2006 (as amended) and other associated legislative and regulations. As a result, I can confirm that the CCG is clear about the legislative requirements associated with each of the statutory functions for which it is responsible, including any restrictions on delegation of those functions.
Responsibility for each duty and power has been clearly allocated to a lead Director. Directors have confirmed that their structures provide the necessary capability and capacity to undertake all of the CCG’s statutory duties.
Risk Management Arrangements and Effectiveness
The CCG accepts that all activities have some element of inherent risk and therefore risk assessment and mitigation is a fundamental part of CCG process. Recognising and managing risk facilitates flexible and dynamic planning/provision and oversight risk promotes clear standards of internal control. The CCG uses its Governing Body Assurance Framework and Risk Register process to do this and continuously promotes/embeds risk management principles throughout the organisation.
The Governing Body is responsible for risk management within the CCG, ensuring that a framework of systems and processes for effective risk management are in place and for monitoring compliance in line with risk appetite. The Governing Body Assurance Framework (GBAF) is the vehicle for strategic review and reporting of overall CCG risks.
Each of the Fylde Coast CCGs have continued to consolidate their work, staffing structures, and risk management processes, so whilst remaining two separate statutory bodies, the two Governing Bodies remain clearly sighted on both existing and new risks across the whole Fylde Coast footprint.
The Accountable Officer is responsible for assuring the Governing Body that an effective system of governance and internal control exists within the CCG.
Risk leadership is given a high profile within the CCG – driven from executive level it is built into the strategic planning process and then managed operationally through a robust process of governance around decision-making as set out in the CCG’s Scheme of Delegation within the CCG’s Constitution.
The Chief Operating Officer has responsibility for the overall management of arrangements for corporate governance and takes an executive level responsibility for physical risks, in particular, health and safety, fire, safeguarding and compliance with claims and complaints, with the Director of Nursing and Quality taking a day-to-day responsibility for these risks. The Head of Quality is the Caldicott Guardian.
The Chief Finance Officer, as well as being the Senior Information Risk Owner (SIRO) is responsible for ensuring that all financial risk, security, information governance, business support and procurement risks are managed.
Senior managers are responsible for ensuring the implementation of risk management systems and processes within their area of control.
Staff members at all levels complete mandatory training including those aspects of risk management that are relevant to their role. This ensures that staff have the capabilities and knowledge of basic risk management principles, including foreseeing potential risks. Information and learning from good practice is shared through staff briefings. All staff are aware that they must comply with the CCG’s risk management policies.
The CCG operates two systems to facilitate the management of risk. First, a proactive risk management via the risk assessment process including the populating of the Risk Register and second, reactive risk management via the incident reporting process.
The CCG’s Risk Register is a prioritised list of risks identified to the CCG through the risk assessment process. All CCG managers are responsible for ensuring that risk assessments are undertaken and reviewed within their area of control which forms the Risk Register.
The Executives, the Senior Management Team, the Quality Improvement and Engagement Committee, the Finance and Performance Committee and the Primary Care Commissioning Committee regularly review and agree the scoring of all risks. Risks scoring 12 and above on the Risk Register are submitted to the Governing Body and Audit Committee via the Governance Body Assurance Framework.
The challenge of COVID-19 across the period presented new risk considerations for the CCG incorporating risks to staff from the isolation of home working to an emerging focus on restoration of services.
It is the policy of the Fylde Coast CCGs to:
- provide clear leadership and direction on risk management, promoting openness and transparency
- embed a culture where risk management principles are implemented, and risk management is an essential function of the organisation’s activity
- ensure structures, processes and sufficient resources are in place to support the identification, assessment, management and monitoring of risks
- assure the public, patients, staff, partner organisations and other stakeholders that Fylde Coast CCGs implement their commitment to manage risk effectively.
Key Risks Summary
The 2020/21 COVID-19 pandemic challenged routine CCG activity including rolling over of existing commissioning arrangements and centralisation of commissioning and finance arrangements. This together with disparate homebased and arm’s length working arrangements and the imperatives of CCG staff supporting incident management and specific pandemic responses (e.g. Testing; Vaccination; novel service development) has presented significant challenge to normal working practices, including risk management.
Looking to forthcoming organisational change, risk owners and functional leads will be challenged to critically review their existing risks in line with identified risk appetite and distil a focussed suite of risks that will safely but succinctly communicate Governing Body concerns into emergent organisations.
Within this context key current risks relate to staffing capacity, financial resources available versus the demand on this and service delivery of a number of commissioned services against quality and performance targets.
Internal Control Framework
The system of internal control is the set of processes and procedures in place in the CCG to ensure it delivers its policies, aims and objectives. It is designed to identify and prioritise the risks, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically.
The system of internal control allows risk to be managed to a reasonable level rather than eliminating all risk; it can therefore only provide reasonable and not absolute assurance of effectiveness.
The CCG’s Governing Body Assurance Framework is the internal control process that enables the CCG to focus on risks in delivering its principle annual objectives, be assured that adequate controls were operating to reduce those risks to acceptable levels, and highlight any gaps in control and assurance that may hinder the achievement of those objectives.
The Governing Body’s own assessment of the effectiveness of the organisation’s system of internal control is aided through delivery of the risk-based internal audit plan, as approved by the Audit Committee, including reviews of the assurance framework, and a range of control systems. In accordance with Public Sector Internal Audit Standards, the Head of Internal Audit provides an annual opinion, based upon and limited to the work performed, on the overall adequacy and effectiveness of the organisation’s risk management, control and governance processes (ie the organisation’s system of internal control). This is achieved through a risk-based plan of work, agreed with management and approved by the Audit Committee, which provides a reasonable level of assurance.
Annual Audit of Conflicts of Interest Management
The Audit Committee and the CCG Governing Body have reviewed the policy and aligned it across both Blackpool CCG and Fylde and Wyre CCG as part of the continued integrated working. The Managing Conflicts of Interest Policy (including Gifts and Hospitality) was approved at a Governing Bodies in Common meeting (Blackpool CCG and Fylde and Wyre CCG) in March 2020. The policy follows NHS England statutory guidance (latest published June 2017) and can be accessed at:
CCGs are required to undertake an annual internal audit of conflicts of interest management. To support CCGs to undertake this task, NHS England published a template audit framework.
MIAA carried out the annual audit of conflicts of interest with the CCG during January to March 2021. Overall, the CCG has demonstrated that arrangements are in place to satisfy NHS England requirements with regards to conflicts of interest. The following compliance levels, as per NHS England requirements, have been assigned to each area:
|Scope Area||RAG Rating||Level|
|Declarations of interests and gifts and hospitality
|Register of interests, gifts and hospitality and procurement decisions||G||Fully Compliant|
|Decision making processes and contract monitoring||G||Fully Compliant|
|Reporting concerns and identifying and managing breaches/non-compliance||G||Fully Compliant|
Overall, there has been a consistent level of compliance with NHS guidance compared to previous years.
The CCG contracts a number of services from the Midlands and Lancashire Commissioning Support Unit (MLCSU), from which the data provided is utilised in presentations to the Governing Body and relevant committees. The 2020/21 Service Auditor’s Report on MLCSU provides assurance on financial data including accounts payable, accounts receivable, treasury and cash management, the financial ledger and financial reporting.
The Governing Body receives data relating to the performance of the CCG. This includes activity and financial data. The quality of data received from providers we commission services from is routinely validated to ensure accuracy. If any anomalies or unexpected trends occur, they are investigated with Providers. The Quality and Performance report is a regular item on the Governing Body agenda and can be found on the website.
The NHS Information Governance Framework sets the processes and procedures by which the NHS handles information about patients and employees, in particular personal identifiable information. The NHS Information Governance Framework is supported by an Information Governance Toolkit and the annual submission process provides assurance to the CCG, other organisations and to individuals that personal information is dealt with legally, securely, efficiently and effectively.
The CCG’s information governance feeds into the Finance and Performance Committee as part of the CCG’s integrated governance structure. The CCG’s Chief Finance Officer has Executive responsibility for information governance and is the Senior Information Risk Officer (SIRO), with responsibility for ensuring that information risk is assessed and managed within the organisation.
The Head of Quality is the Caldicott Guardian for the CCG. The Caldicott Guardian acts as the ‘information conscience’ for the organisation and is responsible for protecting the confidentiality of patient/service-user information and enabling appropriate information sharing.
The CCG is continually reviewing its information governance provision. Control measures are in place to ensure risks to data security are managed and controlled. The CCG has put an information risk management process in place led by the SIRO. Information asset owners and administrators have been identified to cover the CCG’s main systems and records stores, along with information held at team level.
There is high importance on ensuring that there are robust information governance systems and processes in place to help protect patient and staff personal information. An information governance management framework and structure chart has been created to highlight lines of responsibility for information governance within the organisation. All staff are required to undertake annual information governance training electronically, via ESR. The CCG has a Data Security and Protection Policy, a Staff Information Governance Handbook and an Information Governance Code of Conduct to ensure staff are aware of their information governance roles and responsibilities.
There are processes and systems in place for incident reporting and investigation of serious incidents. We are developing information risk assessment and management procedures and a programme will be established to fully embed an information risk culture throughout the organisation against identified risks.
The CCG’s information governance team have updated the Information Governance Handbook with information and best practice for staff to follow whilst working from home during the COVID-19 pandemic. Bi-monthly newsletters have also been created and circulated to staff which highlight different themes for Information Governance. An example being hints and tips for staff to ensure there are physical controls and information are protected whilst working from home.
Information Risk and U Assure
The CCG has in place an information risk work programme that has been agreed by the SIRO to identify what information the CCG holds, stores, shares and receives from other organisations.
The CCG utilises the U Assure system to log information assets, internal and external data flows and systems used within the organisation. Each team has nominated Information Asset Assistants (IAA) who identify, log and review key information assets within their teams. A nominated Information Asset Owner (IAO) reviews the information and advises on the consequences should the assets be unavailable, damaged, destroyed or lost and its impact on the organisation.
The U Assure system risk scores the asset dependent on the information recorded by both the IAA and IAO. Assets scoring higher than 12 are classed as high risk and an action plan is put in place to mitigate the risk. Additionally, if an asset is unable to be accessed after 3 days and this has a noticeable impact on the organisation, patients or legal obligation the asset would be classed as business critical.
Data flow maps are created for information that is distributed between internal teams and is sent from or to external organisations. The method of transfer is also risk assessed. The information risk programme is an ongoing task throughout the year.
The CCG provides formal assurance of its compliance with information governance requirements annually through the Data Security and Protection Toolkit (DSPT). The DSPT is a national self-assessment and reporting tool that the CCG must use to assess local performance in line with the requirements set out by NHS Digital. Due to the current situation regarding COVID-19, NHS Digital postponed the DSP Toolkit submission deadline for 2019/20 to 30 September 2020. This gave NHS organisations the flexibility to be able to deal with the current COVID-19 pandemic. Due to the previous extension, NHS Digital extended the 2020/21 submission deadline to the 30 June 2021.
The CCG has chosen to postpone the submission of the Data Security and Protection Toolkit due to the ongoing COVID-19 pandemic. Authorisation for submission of the 2020/21 DSP Toolkit will be obtained at a later date to ensure that all mandatory evidence items are available, accurate and have been fully met.
Further to the above, the DSP toolkit submission is subject to an independent audit. MIAA is in the process of completing a review on 13 assertions selected by NHS Digital for all internal DSPT audits for 2020/21. The CCG currently await the submission rating for the 2020/21 DSP toolkit submission.
Following the issue of national criteria in 2008, the CCG is required to categorise all incidents involving personal confidential data. These are considered serious untoward incidents when involving data loss or confidentiality breaches.
As a result of high profile data breaches nationally and the CCG’s commitment to embed the information governance agenda across the CCG, staff awareness of the importance of reporting all information security incidents and near misses has been raised and staff are required to undertake annual information governance training. For the 2020/21 DSPT submission, NHS Digital released guidance to confirm that organisations will meet this requirement if at any point since 1 April 2020 they have achieved 95% or above completion rate. The CCG achieved this in September 2020.
During the period 1 April 2020 to 31 March 2021, there were no incidents categorised as reportable within the CCG.
Business Critical Models
Business critical systems are mainly provided by Midlands and Lancashire Commissioning Support Unit. They are subject to regular external review, the outputs of which are reported to the CCG’s Audit Committee through service auditor reports. The CCG’s business critical systems have been identified and form part of the CCG’s Information Asset Register each with a suitably qualified Information Asset Owner.
The national incident declared in respect of COVID-19 has required national command and control to support the NHS and ensure effectiveness in managing a large-scale incident. As such, NHSE/I has taken steps, including adopting ‘in hospital’ and ‘out of hospital’ cell structures in the North West region; with Chief Executive Leads accountable to the North West Regional Director to facilitate co-ordinated decision-making. The cells act with the authority of NHSE/I in making decisions at pace to respond to the incident. The co-ordination role has remained in place throughout 2020/21. The decision-making responsibility for the aspects of CCG business covered by these emergency governance arrangements has therefore been managed by NHSE/I, rather than the CCG Governing Body, in line with national expectations.
In response to COVID-19 pressures and operating changes that have taken place as a consequence of the 2020/21 work environment, previous ‘business as usual’ committees and reporting has been stood down or operated virtually. In order to mitigate any potential resulting control issue, the virtual approach to governance has been reviewed by each committee in the CCG to ensure respective workplan items/statutory duties are covered and that committee decision-making can continue to operate. The Governing Body and Audit Committee have received papers and agreed recommendations in respect of how governance oversight and control is maintained when operating through virtual committees and in the COVID-19 operating environment. The CCG has also sought repeated clarity on responsibilities under changing levels of responsibility throughout the Level 3 and 4 incident management period which has lasted the full 12 months of the year.
Review of Economy, Efficiency and Effectiveness of the Use of Resources
The 2019/20 year-end assessment of the CCG by NHSE/I was published in October 2020. Fylde and Wyre CCG was rated as “Good” overall. Four headline categories were used in the year-end assessment:
- Requires improvement
This assessment was reached by taking into account the CCG’s performance in each of the indicator areas over the year, and a qualitative assessment of the CCG’s leadership. The assessment also took into account how well CCGs have played into their local systems.
The 2020/21 year-end assessment of the CCG by NHSE/I was initially postponed due to the impact of the COVID-19 pandemic on services and staff across the NHS in the North West and thereafter nationally a light touch approach was adopted. The results will be published www.fyldecoastccgs.nhs.uk.
Over the course of the year, like all areas of England, the CCG has been impacted by COVID-19, but its focus remains on improved performance across all indicators. Some challenges remain on other indicators, but progress is being made and robust plans are in place to improve and sustain performance.
The CCG has experienced and capable Executives, Clinicians, Lay Members and Senior Management Team delivering plans across all functions. The CCG’s leadership has a strong track record of delivery across the various functions, as well as providing leadership within the Integrated Care Partnership (ICP) and Integrated Care System (ICS). The Executives are supported by strong challenge from experienced Lay representatives on the Governing Body and other committees.
The Fylde Coast CCGs’ shared leadership team works closely with colleagues at Blackpool Teaching Hospitals NHS Foundation Trust to ensure delivery of health and care services across the Fylde Coast. We also work closely with colleagues at Blackpool Council and Lancashire County Council as we develop integrated health and social care. This work has continued during the pandemic and greater partnership working can be evidenced despite some of the operational challenges brought about by the pandemic.
The CCG has operated during 2020/21 under command and control structures and processes due to the COVID-19 pandemic, these have focused on system delivery and financial position underpinned and delivered by organisational planning and performance. Strong financial planning and budgetary controls are in place to ensure the CCG understands its financial position and delivers its agreed plan within the context of the overall ICS plan. Risks to delivery being discussed at the Finance and Performance Committee and the Governing Body within the context of the wider ICS approach and system resource.
I have received advice from the internal and external auditors on the efficacy of the organisation’s arrangements to ensure the effective use of resources and accept their independent view that the CCG has sound processes in place.
All commissioners and providers of NHS services are required to put in place arrangements to tackle fraud, bribery and corruption, and this is undertaken by the CCG’s nominated Anti-fraud Specialist, together with the wider Anti-fraud Team at MIAA. The CCG’s Chief Finance Officer oversees the anti-fraud arrangements for the CCG.
The Anti-fraud Specialist provides an Anti-fraud Annual Report which offers the CCG’s Audit Committee the opportunity to review in totality the anti-fraud work completed during the year. The ultimate aim of all anti-fraud work is to support improved NHS services and ensure that fraud within the NHS is clearly seen as being unacceptable.
During 2020/21, the Anti-fraud Specialist has completed a wide range of work across the main key areas of activity as outlined by the NHS Counter Fraud Authority and agreed within the workplan approved by the Audit Committee. The following has been achieved during the year:
- Attendance at Audit Committees (now Committees in Common with Blackpool CCG)
- Regular meetings with key personnel including the Chief Finance Officer, Deputy Chief Finance Officer and Internal Audit
- Completion and submission of the NHS Counter Fraud Authority’s Standards for Commissioner’s Self Review Tool
- MIAA fraud awareness video provided to the CCG for distribution to staff
- Preparation for the latest National Fraud Initiative Exercise
- Newsletters/briefings/circulars covering various fraud and bribery related topics
- Reviewed and updated the fraud section within the Audit Committee Terms of Reference
- COVID-19 guidance and related alerts issued to the CCG
- COVID-19 Checklists provided to the CCG
- Completed on behalf of the CCG, the NHS Counter Fraud Authority Impact Assessment Return
- Commenced an assessment of the CCG’s anti-bribery arrangements
- Commenced a review of the CCG’s Personal Health Budget arrangements
- Completion of various requests from the NHS Counter Fraud Authority in respect of fraud activities at the CFA
- Alerts, guidance papers and warnings issued and actioned
- Assisted in the nomination of a fraud Champion for the CCG
- Responded and provide advice to management on potential fraud concerns
The CCG is required to comply with all the Standards for Commissioners issued by the NHS Counter Fraud Authority. The CCG’s overall self-assessment against these standards for 2020/21 is green.
Internal Audit and Internal Control
Following completion of the planned audit work for the financial year for the CCG, the Director of Internal Audit issued an independent and objective opinion on the adequacy and effectiveness of the CCG’s system of risk management, governance and internal control. The Director of Internal Audit concluded that:
Substantial Assurance can be given that that there is a good system of internal control designed to meet the organisation’s objectives, and that controls are generally being applied consistently.
The basis for forming this opinion is as follows:
|1. An assessment of the design and operation of the underpinning Assurance Framework and supporting processes.|
|2. An assessment of the range of individual assurances arising from our risk-based internal audit assignments that have been reported throughout the period. This assessment has taken account of the relative materiality of systems reviewed and management’s progress in respect of addressing control weaknesses identified.|
|3. An assessment of the organisation’s response to Internal Audit recommendations, and the extent to which they have been implemented.|
The commentary below provides the context for the opinion. The opinion covers the period 1st April 2020 to 31st March 2021 inclusive and is underpinned by the work conducted through the risk based internal audit plan.
Planned Audit Coverage and Outputs
The 2020/21 Internal Audit Plan has been substantially delivered with the focus on the provision of your Head of Internal Audit Opinion with the exception of one review in respect of the Data Security & Protection Toolkit which due to the timing of this review is ongoing, however we don’t expect the outcome of this review to impact on the overall HOIA opinion.
This position has been reported within the progress reports across the financial year.
The impact on the organisation of COVID-19 required us to review your internal audit risk assessment and plan for 2020/21 on a regular basis, in liaison with yourselves. As part of this assessment we took account of the following:
How the organisation has implemented NHSE/I guidance, issued to support them in responding to COVID-19, whilst still discharging their stewardship responsibilities.
- Any revisions to the organisation’s strategic priorities as well as liaising with you to review areas for internal audit focus;
- Independent assurance requirements on how COVID-19 costs are captured and claimed across a range of areas; and
- Mandated review requirements and audits which from a professional internal audit perspective are pre-requisite to ensuring sufficient coverage for a robust Head of Internal Audit Opinion.
Therefore review coverage has been focused on:
- The organisation’s Assurance Framework
- Core and mandated reviews, including follow up; and
- A range of individual risk based assurance reviews.
|Phase 1 Opinion|
|Processes in place to update the AF were robust. The AF was visibly reviewed by the organisation. The AF clearly reflects the impact of COVID-19 on the organisation.|
|Phase 2 Opinion|
|Our survey to Governing Body members contained 9 questions covering a range of themes: strategic objectives, risk appetite and engagement and reporting. Participants were asked to select one of three statements in response to the questions posed: Agree, Partially Agree and No. We received 7 responses.
All survey respondents agreed that the governance and reporting structures around the AF were clear. There are a number of areas for ongoing focus with regards to strategic objectives, risk appetite, Governing Body engagement with the AF and assurance mechanisms for the management and mitigation of risks in the AF.
|Phase 3 Opinion|
|Structure||The organisation’s AF is structured to meet the NHS requirements.|
|Engagement||The AF is visibly used by the organisation.|
|Quality & Alignment||The AF clearly reflects the risks discussed by the Governing Body.|
Core and risk based reviews issued
|1 high assurance opinions:||Primary Medical Care Commissioning – Primary Care Finance|
|0 substantial assurance opinions:||There were no reviews which were assigned a substantial assurance opinion.|
|1 moderate assurance opinions:||Risk Management|
|0 limited assurance opinions:||There were no reviews which were assigned a limited assurance opinion.|
|0 no assurance opinions:||There were no reviews which were assigned a no assurance opinion.|
|2 reviews without an assurance rating||Conflicts of Interest
ICP Governance – Commissioning Reform
Conflicts of interest
As required by NHS England’s Managing Conflicts of Interest: Revised Statutory Guidance for CCGs (June 2017), an audit of conflicts of interest was completed following the prescribed framework issued by NHS England. The following compliance levels were assigned to each scope area:
Primary Medical Care Commissioning and Contracting: Finance
The Primary Medical Care Commissioning and Contracting Internal Audit Framework for Delegated CCGs was issued in August 2018. NHSE require an internal audit of delegated CCGs primary medical care commissioning arrangements. The purpose of this is to provide information to CCG’s that they are discharging NHSE’s statutory primary medical care functions effectively, and in turn to provide aggregate assurance to NHSE and facilitate NHSE’s engagement with CCGs to support improvement.
The 2020/21 Primary Medical Care Commissioning and Contracting review focused upon Finance and provided Full Assurance (assurance rating provided as per the NHSE guidance).
During the course of the year we have undertaken follow up reviews and can conclude that the organisation has made good progress with regards to the implementation of recommendations. We will continue to track and follow up outstanding actions.
We have raised 8 recommendations as part of the reviews undertaken during 2020/21. All recommendations raised by MIAA have been accepted by management.
Of these recommendations, none were critical and there was one high risk rated recommendation in relation to Risk Management.
Wider Organisation Context of Opinion
This opinion is provided in the context that the Governing Body like other organisations across the NHS is facing a number of challenging issues and wider organisational factors particularly with regards to the ongoing pandemic response. The COVID-19 pandemic led to changes to the NHS financial framework, the establishment of the control and command structures both regionally and within individual organisations and an ongoing focus on the emergency response. This has required NHS organisations to operate in a different way to previous ‘business as usual’ practice. Guidance was clear that financial constraints must not stand in the way of taking immediate and necessary action but that there was no relaxation in fiduciary duties. This has meant that rapid actions and decisions needed to be and continue to be made in relation to key governance processes and internal control arrangements. The challenge for organisations has been to strike a practical balance between documenting the basis for decisions and not slowing down the decision-making processes.
During the COVID-19 response, there has been an increased collaboration between organisations as they have come together to develop new ways of delivering services safely and to coordinate their responses to the pandemic. This focus on collaboration will continue as the NHS progresses on its journey towards integrated care systems.
In providing this opinion I can confirm continued compliance with the definition of internal audit (as set out in your Internal Audit Charter), code of ethics and professional standards. I also confirm organisational independence of the audit activity and that this has been free from interference in respect of scoping, delivery and reporting.
Managing Director, MIAA
Review of the Effectiveness of Governance, Risk Management and Internal Control
My review of the effectiveness of the system of internal control is informed by the work of the internal auditors, executive managers and clinical leads within the CCG who have responsibility for the development and maintenance of the internal control framework. I have drawn on performance information available to me. My review is also informed by comments made by the external auditors in their annual audit letter and other reports.
Our assurance framework provides me with evidence that the effectiveness of controls that manage risks to the CCG achieving its principle objectives have been reviewed.
I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the Governing Body, the Audit Committee, the Finance and Performance Committee, the Quality Improvement and Engagement Committee, Internal Audit, and a commitment to ensure continuous improvement of the internal control system in place using the Governing Body Assurance Framework, the CCG’s Risk Register, and the NHSE/I CCG Improvement and Assessment Process.
As Accountable Officer, I have responsibility for reviewing the effectiveness of the system of internal control that supports the achievement of the CCG’s policies, aims and objectives, whilst safeguarding the public funds and assets for which I am personally responsible. My review has been informed in the ways outlined above. The Interim Director of Internal Audit has also provided significant assurance that there is a generally sound system of internal control, designed to meet the organisation’s objectives, and that controls are generally being applied consistently.
My review concludes that no significant internal control issues have been identified and that NHS Fylde and Wyre Clinical Commissioning Group has a generally sound system of internal control that supports the achievement of its policies, aims and objectives.
Dr Amanda Doyle OBE
Accountable Officer, NHS Fylde and Wyre Clinical Commissioning Group
9 June 2021