HERTFORDSHIRE POLICE AUTHORITY
STATEMENT ON INTERNAL CONTROL 2006/07
1 Scope of Responsibility
1.1 Hertfordshire Police Authority is responsible for ensuring that its business
is conducted in accordance with the law and proper standards, and that
public money is safeguarded and properly accounted for, and used
economically, efficiently and effectively. The Police Authority also has a
duty under the Local Government Act 1999 to make arrangements to
secure continuous improvement in the way in which its functions are
exercised, having regard to a combination of economy, efficiency and
1.2 In discharging this overall responsibility, the Police Authority is also
responsible for ensuring that there is a sound system of internal control
which facilitates the effective exercise of the Authority’s functions, and
which includes arrangements for the management of risk.
1.3 Through 2006/07, the Authority was bound by its Standing Orders and
Schemes of Delegation to Committees and to Officers. It delegated,
subject to certain requirements, all its functions, except for those which in
law were specifically the responsibility of the Authority. In practice,
therefore, operational decisions were delegated to the Chief Constable.
Policy and decision making
1.4 The full Police Authority had the following roles during the year:
• to ensure the maintenance of an efficient and effective police force
for Hertfordshire, and to consider any matters of policy or strategy
which enable this duty to be performed
• to set the budget for the police force, including setting the rate for
local council taxes for policing
• to set local policing policies and targets having regard to national
and local objectives
• to consider, approve and monitor the performance of the policing
• to appoint (and, if necessary, dismiss) the chief officers
• to consider approve and issue an annual report
• to receive the Chief Constable’s report
• to receive and comment on the Auditor’s report and any report from
1.5 There was a three-year strategic plan and an annual policing plan, which
was based on formal consultation with stakeholders and is approved by
the full Police Authority. During 2006/07, there were six key policing
priorities in the Policing Plan:
• Citizen Focus – to provide a citizen focused police service
• Reduce Crime – to work in partnership to reduce overall crime
• Investigate Crime – to bring more offenders to justice
• Provide Assistance – to provide improved care and assistance to the
• Promote Public Safety – to improve feelings of public safety
• Resource Use – to ensure that the Constabulary has the right size
workforce with the right skills to meet current and future demands and
There were 14 key objectives that were under these six key policing
2 The Purpose of the system of Internal Control
2.1 The system of internal control was designed to manage risk to a
reasonable level rather than to eliminate all risk of failure to achieve
policies, aims and objectives; it therefore only provided reasonable and
not absolute assurance of effectiveness. The system of internal control
was informed by:
• the Internal Plan, that set out the broad business objectives, targets
and milestones that support the policing priorities outlined in the
Annual Policing Plan and three year Strategic Plan
• monthly meetings of Wider COM (the Chief Officer and wider
management team where policies are set and strategic issues facing
the force are discussed and actioned. Additionally monthly business
reports on finance and human resources are considered.)
• the 28 day OPM (operational performance management meetings)
whereby Areas and Departments monitored performance against the
annual plan, and the six monthly Operational Control Strategy
(produced following a six monthly Operational Strategic Assessment);
they identified critical risk issues, and considered financial and human
resources issues when appropriate.
• the quarterly Intelligence led Policing (ILP) process whereby Area and
Departmental performance against local targets is scrutinised by a
member of COM
• the Strategic Scanning and Problem Solving Board which meets bi-
monthly and considers emerging issues and plans
• the quarterly Risk Management Forum which re-assess the top 20
risks and the progress that has been made to mitigate them
• production of an Organisational Strategic Assessment and Control
Strategy, which was reviewed and approved by COM every six months
and monitored at the Constabulary Strategic Programme Board every
• the Constabulary completed its Business Continuity Plan in the autumn
and tested the arrangements in April 2007.
The system of internal control was in place within Hertfordshire Police
Authority for the year ended 31 March 2007, and up to the date of
approval of the annual report and accounts.
3 The Internal Control Environment
The key elements of the internal control environment within the Police
Authority were as follows.
3.1 The Standing Orders and Schemes of Delegation set out how members
and officers worked to ensure compliance with established policies,
procedures, laws and regulations. These are subject to annual review and
were last reviewed in May 2006.
3.2 The Police Authority has had a meeting structure that comprised of five
committees and seven working groups. One committee dealt exclusively
with senior staffing issues and met as required. There was a Forward
Plan agreed by the Police Authority that provided the initial areas of work
for the other committees and working groups to focus on. The purpose of
the Forward Plan was to ensure that members focused on the issues that
had the greatest risk to the Authority. The Forward Plan was regularly
updated to take account of change as the year progressed.
3.3 The Authority has been developing a Risk Assessment relating to its
governance functions, starting with a member training session/ initial
assessment in November 2006 and the appointment of a risk lead.
3.4 The Constabulary’s meeting structure draws a clear distinction between
Strategic, Policy and Tactical level meetings, with policy being made at the
tactical level and only then being escalated for ratification. The revised
structure was also in line with CIPFA’s Corporate Governance guidelines.
3.5 The Constabulary has in place a risk management strategy and a risk
management forum which meets quarterly to review risks and risk
management developments. All members of the forum have received risk
management training. During the course of the year the forum has
reviewed and updated the Constabulary’s risk register, which includes an
assessment of likelihood and impact of risks, mitigating actions and a
nominated risk owner. In addition, there is a risk management procedure
for all projects, health and safety, and information technology. Risk
assessment is also embedded within the Constabulary’s day to day
3.6 There was regular review of performance against plan as part of the OPM
and ILP processes. Any areas where performance fell short of
expectation were targeted for improvement, with the Senior Managers
being called to account.
3.7 During the year the Constabulary completed work on its corporate
business continuity plan and produced local plans for each area and
department. The corporate plan was tested in April 2007.
Value for money
3.8 The Authority has developed a comprehensive process for identifying and
implementing efficiencies, to comply with its Efficiencies Plan and HMIC’s
requirements to demonstrate and provide value for money as well as to
help address identified future year budget gaps. The Authority
participated in the Audit Commission Police Use of Resources review for
2006/07 and awaits the outcome. The Audit Commission assessed the
Authority as “consistently above minimum requirements- performing well”
for police use of resources in 2005/06. Value for money was considered
as part of this assessment and the Authority was assessed similarly as
“performing well” for this component.
3.9 The Constabulary continued to use its commissioning process for all
projects. Projects start with a mandate which sets out the budget, the IT
requirements, the accommodation required, the benefits of the project and
the efficiencies that will arise from the project. This has to be signed off by
the relevant project board. There is a project manual outlining the Herts
process for managing a project and this has to be followed. Once the
project has finished there is an independent review. This robust process
ensures that projects are kept on track and also deliver benefits and
efficiencies for the Constabulary.
3.10 The full Police Authority approved the budget, after a stringent budget
setting process that fully involved staff in the Constabulary and Members
of the Police Authority. This process included the allocation of financial
resources to different departments, areas and projects, and setting the
council tax precept for the Authority, the control of capital expenditure, and
the setting of prudential indicators.
3.11 The Authority’s Financial Regulations were reviewed and approved by the
Authority in May 2006. These set out the rules for the control and
management of the Authority’s finances and assets and ensured the
legality of financial transactions. The schemes of delegation to Officers
and Committees were also reviewed. The Authority has reviewed and
agreed a new Anti-fraud and Corruption policy that takes into account the
requirements of the Constabulary and its relationship with the Authority.
The Authority plans to produce an additional policy paper specifically for
Police Authority Members and its own staff.
3.12 Throughout the year there was regular reporting to the Financial
Resources Working Group on the revenue and capital budget
performance. The relevant controls, which operated throughout 2006/7,
were of a generally high standard.
3.13 The PAV (Police Access Visibility) Estate Strategy continues to be under
regular review with a formal annual review being presented to full Police
Authority in November 2006. Members are kept fully informed of
developments through the Estates Working Group which was created in
3.14 Internal Audit undertook a review of the key financial systems, namely:
• Budgetary Control
• Financial Ledger
These were sound in all significant respects, and showed compliance with
current financial regulations; improvements had been made to the control
3.15 Internal Audit also undertook reviews at each of the Basic Command Units
and with minor exceptions found the controls in operation to be
satisfactory. Recommendations were made where appropriate and these
have been accepted.
3.16 In addition to the work above, Internal Audit reviewed the controls in the
• Police Authority Office
• Stock and Stores
• Risk Management
• Cleaning Contract
In most respects the controls in operation were satisfactory and where
there was potential for improvement Internal Audit made
recommendations that have been accepted by the Constabulary and
Authority. The most significant weaknesses were in the clothing store
where the contractor was unable to supply the required level of service.
The Constabulary has plans to address this during 2007/08.
3.17 Follow up of Internal Audit’s work on the Contract Register showed that
considerable progress had been made, however there was still some more
work required to strengthen control in this area. The Constabulary has
plans to conclude this work in 2007/08 along with completing a review of
the Contract Regulations and Procurement Principles that were last
updated in 2003.
3.18 The Authority’s staff monitored performance against key indicators
monthly, and Members were kept fully informed.
3.19 The Performance Scrutiny Committee reviewed performance quarterly
against the targets in the Policing Plan. The Chair of the Committee also
attended the Force’s monthly OPM meetings. The Committee were able to
refer items to the full Authority should this be deemed appropriate. Overall
performance against all of the objectives was reviewed twice yearly by the
3.20 The Constabulary’s OPM and ILP processes ensure a strong performance
management culture, with focus on both human and financial resource
management as well as operational performance. These reviews were at
Area and Department level with recourse to the monthly Chief Officers
meetings where appropriate. As a result there was strong performance
monitoring at an operational level.
3.21 There were strong processes in place to ensure that departmental
objectives were translated into individual performance management
objectives. The Constabulary used its own performance management
system, to monitor both Police Officer and Police Staff performance, and
thus assessed how staff met key competencies.
3.22 The Audit Working Group, which became a committee in November 2006,
received two updates on progress in delivering the annual internal audit
plan and a summary of all key points to date. The work of the external
auditors was also reported to the Audit Working Group/ Committee.
Members of the Working Group/ Committee were able to question the
Auditors, the Head of Finance and the Director of Resources on the
content of relevant reviews.
3.23 During 2005/06 the Constabulary’s arrangements for monitoring
compliance with its E-Mail Security and Usage policy identified
inappropriate use of its e-mail system. This was brought to the attention of
the Managing Information Board and, under the direct command of the
Deputy Chief Constable, an investigation was launched. This investigation
was completed in the year and led to disciplinary procedures for some
staff and a general strengthening of e-mail protocol and access. A further
review of internet use is to be undertaken in 2007/08.
4 Review of Effectiveness
4.1 Hertfordshire Police Authority has responsibility for conducting, at least
annually, a review of the effectiveness of the system of internal control.
The review of the effectiveness of the system of internal control in 2006/07
was informed by the work of the internal and external auditors, HMIC and
managers within the Constabulary.
4.2 Internal Audit provided an independent opinion on the adequacy and
effectiveness of the Police Authority’s system of financial control, including
• the key controls operating within and around the core financial systems
• the controls operating in other areas that had been selected for audit
using Internal Audit’s risk assessment procedures
• controls over information management and security.
In the Chief Internal Auditor’s opinion, the above arrangements were
adequate and effective in 2006/07, with sound controls in all key areas.
The Constabulary took significant steps in the year to improve its contract
register and processes to let and monitor framework contracts and
contracts for the employment of consultants. The Constabulary plans to
conclude this work in 2007/08. Internal Audit also raised concerns about
the operation of the uniform store and the Constabulary is acting on these
as part of a wider review of the uniform supplies service.
4.3 The Audit Commission’s Audit and Inspection Annual Letter relating to
2006/07 was issued in November 2006. It found that there were generally
effective systems of internal financial control in place.
4.4 The baseline assessment undertaken by HMIC in 2005/06 was published
in October 2006. The Constabulary was generally ranked as good.
However, there were four areas (tackling serious and organised
criminality, volume crime investigation, improving forensic performance
and protecting vulnerable people) ranked as fair as compared with only
two the year before (forensic management and criminal justice).
Suggestions for improvement have been made and these are being acted
upon, with quantifiable improvements made in volume crime investigation
and forensic performance. Enhancements have also been made to
Tackling Serious and Organised Criminality and Protecting Vulnerable
People. However, the Constabulary has recognised the need to further
strengthen management controls in the protection of vulnerable people.
As a result during 2006/07 it created a Protection Vulnerable People
Programme Board and put in place an action plan to address identified
areas for improvement. This will be updated in order to incorporate
agreed actions following the HMIC review in April 2007.
4.5 Senior Officers in the Constabulary have produced departmental
assurance statements to support this review and the Constabulary as a
whole has produced an overall assurance statement. Internal Audit has
drafted this statement making use of these reviews and with the
involvement of the Executive Director of the Police Authority who acts as
the Monitoring Officer, the Authority’s Treasurer, the Constabulary’s
Director of Resources, the Head of Finance, the Force Solicitor and other
senior officers. The results of this review have also been considered by
the Constabulary Chief Officer team.
4.6 The Treasurer and the Executive Director of the Police Authority as
Monitoring Officer have advised us on the implications of the review, and a
plan to address weaknesses and ensure continuous improvement of the
system is in place.
5. Significant Internal Control Issues
The Authority and Constabulary took or proposed to take a number of
actions to further improve the system of internal control, as follows:
• the Constabulary reviewed and updated its anti-fraud and corruption
policy which was then incorporated into a new Authority policy
• the Constabulary has reviewed its Business Continuity planning
procedures and produced a Corporate Business Continuity Plan, and a
Business Continuity Plan for each Area and Department
• the Constabulary updated its Contract Register and initiated actions to
ensure regular review and monitoring of framework and consultancy
• the schemes of delegation and financial regulations have been
reviewed by the Authority
• the Constabulary further strengthen its processes in order to monitor
compliance with its e-mail security and use policy
• the Constabulary implemented and regularly reviews an Organisational
Strategic Assessment and Control Strategy in order to further develop
its ability to control and manage organisational risk
• in accordance with the Accounts and Audit Regulations (2006) the
Audit Committee undertook a review of Internal Audit in the year.
• the Constabulary will test its Corporate Business Continuity plan
• the Constabulary will review Contract Regulations and Procurement
Principles for approval by the Authority
• the Contract register will be reviewed and completed by the
• the Constabulary will produce and implement an action plan in order to
address the Management of Police information (MoPI) requirements
• the Constabulary will implement its Protecting Vulnerable People
Action Plan and agree actions resulting from the HMIC inspection
carried out in April 2007
• the Constabulary will implement new arrangements for the
management of uniform stores
• the Police Authority will produce a risk register
• the Police Authority will produce an anti fraud and corruption policy for
Policy Authority members and its own staff
• Internal Audit is reviewing its working arrangements document.
Ian Laidlaw-Dickson Date
Chairman of the Police Authority
Frank Whiteley Date