Part 3: Identifying issues and risks
3.1
Responsible Ministers need timely information about significant issues and risks for Crown entities so they can decide whether they need to take action to address them. A Crown entity’s board and monitoring department each have a role in ensuring that the Minister receives this information.
3.2
Although each Crown entity’s board must take an active role in identifying and managing risks for the entity, departments are expected to scan for issues and risks for the Crown entity in the course of their monitoring work, and any policy or wider sector work. As discussed in Part 2, monitoring departments and Crown entities need to have relationships that allow them to discuss issues and risks in a free and frank way when necessary.
3.3
Monitoring departments need to have clear information about the significant issues and risks specific to each Crown entity, which they have gathered in the course of their work, so it can be communicated internally when necessary. Departments need this information to help them identify and prioritise the focus of their monitoring work.
3.4
In this Part, we set out our findings about how the departments:
- identified and recorded issues and risks for Crown entities; and
- kept the responsible Minister informed about issues and risks.
Key messages
3.5
MED collated information about significant issues and risks for each of the selected Crown entities through its internal reporting initiative.
3.6
DIA and MCH did not record information about significant issues and risks for the selected Crown entities. The work they carried out to identify issues and risks and advise the responsible Minister about them was usually informal. This meant that it was not clear whether DIA and MCH had a thorough understanding of issues and risks for the selected entities.
3.7
This Part contains one recommendation – that departments record clear and accessible information about issues and risks for Crown entities in a way that is useful to inform their monitoring work.
Identifying and recording issues and risks for Crown entities
Departments need to have clear, up-to-date information about significant issues and risks for Crown entities.
3.8
In 2008, MED collated information about selected Crown entities through its internal reporting initiative (see paragraphs 7.32-7.35). The reports commented on significant issues and risks for each Crown entity. The format of the reports resulted in information that was brief, focused, easy to understand, and a record for staff to refer to. MED has started updating this information.
3.9
MED carried out further, regular risk assessment work for one Crown entity that it monitors. MED recorded issues within the monitoring plan for the entity, and had a checklist to help staff carry out a strategic assessment of the entity’s performance. Information about issues and risks for the entity were also recorded in a standardised format and discussed internally among members of the monitoring team each month.
3.10
MCH and DIA did not have a clear or formal approach for identifying and recording risks for specific Crown entities. Therefore, they did not hold clear information about the strengths and weaknesses, significant issues, risks, and challenges of the Crown entities, either for the short or long term.
3.11
DIA had a system to store correspondence about particular issues for the Crown entities. They told us that this helped them manage current issues and risks.
3.12
MCH and DIA told us that the amount of attention they gave each Crown entity was based on the risk associated with that entity, or whether there was significant room for the entity to improve its performance. However, they did not formally record decisions about the relative risk or priority of Crown entities, so these decisions were not transparent.
3.13
The departments told us that they consider and manage risk informally in a variety of ways. They told us that they do this within policy work, through discussions with monitoring staff and Crown entities, and by having open, “no-surprises” relationships with the entities.
3.14
In our view, departments need clear, up-to-date information about significant issues and risks associated with each Crown entity. This information should help departments ensure that their monitoring activities take these risks into account. For example, if a department identified that a Crown entity was at risk for some reason, the department might plan to review and report on certain information from the entity more frequently, or in greater depth, than usual.
3.15
In Part 7, we discuss the need for departments to better target how they review and report on each Crown entity’s performance, and to have greater consistency in the way they approach this. Decisions about what information is important for review purposes are likely to help staff in identifying where areas of risk may lie.
3.16
A standard approach to assessing risks (for example, reviewing the entity’s financial position or considering the value of its assets) may help staff to identify and assess risks. MED’s internal reporting initiative is an example of this.
3.17
A standard approach to assessing risks may also help the departments to prioritise their monitoring activities, especially if their staff need to monitor more than one Crown entity.
| Recommendation 2 |
|---|
| We recommend that the departments record clear and accessible information about significant issues and risks specific to Crown entities in a way that is useful to inform their monitoring work, and review this information regularly. |
Identifying general risks associated with monitoring Crown entities
3.18
MED had identified some generic risks associated with monitoring Crown entities. It had identified strategies to mitigate some of these risks.
Understanding each Crown entity’s issues and business
3.19
It is important that monitoring departments understand each Crown entity’s business and significant issues as part of their work in identifying and managing risk. Representatives from three Crown entities told us that it was critical for the department to have a good understanding of their issues and business.
3.20
Representatives from Crown entities that we spoke with had different views about whether their monitoring department had a good understanding of their issues and business. Representatives from three Crown entities were positive about the monitoring department’s level of understanding.
3.21
A representative from one Crown entity expressed concern to us about the monitoring department’s level of understanding. These concerns included the department’s lack of understanding of the entity’s critical issues and capability.
Keeping responsible Ministers informed about issues and risks
Advice provided to Ministers about each Crown entity’s issues and risks was often informal.
3.22
The departments told us that they kept responsible Ministers informed about risks and emerging issues for Crown entities mainly through informal discussions. These discussions were seldom recorded.
3.23
We saw some evidence of the departments providing responsible Ministers with written briefings on issues and risks for Crown entities.
3.24
MCH had clear records of its advice to the Ministers about day-to-day issues and risks for Crown entities. It provided responsible Ministers with fortnightly written briefings setting out day-to-day issues for Crown entities.
3.25
DIA provided the responsible Minister with weekly status reports that included information and updates on monitoring activities for Crown entities.
3.26
We saw limited evidence of MCH and DIA providing responsible Ministers with advice about strategic issues and risks for Crown entities.
3.27
We saw some evidence of MED providing advice to Ministers within briefing papers of strategic issues and risks for the selected Crown entities.