Compliance Team Process
Document Information
INDEX
POL00083967
POL00083967
Privacy Level In Confidence
Title Audit Process Manual
Subject Chapter 8 - Annual Certificate of Compliance
Version Control I 4.0
Purpose To outline the process for processing self
assurance forms for the Annual Certificate of
Compliance
Audience Compliance Team
Circulation Electronic (MS Word. Doc), Paper
Next Review Feb 2009
date
Input to review or change
Activity Detail Date
Input sought Marie Perry (Compliance Policy & 30/11/07
from Standards Manager)
Kevin Ray, Carole Pryszlak, Paul M I 23/11/07
Brown and Tom O'Reilly (Regional
Managers) 23/11/07
Ronnie Flynn (Head of Crown Office I 30/11/07
Network) 23/11/07
Martin Hopcroft (Performance 23/11/07
Analyst) 11/01/08
Tony Hills (NCAM)
Marie Cockett (Branch Accountant)
Summary of No feedback received from the 23/11/07 to
feedback Regional Managers or Head of 15/01/08
Crown Office Network
Response to No changes required as result of 15/01/08
feedback seeking input.
Responsibilities in change
Role Job Title(s) Date
Author Risk Reporting Advisor 18/01/08
Assurance Risk and Assurance Team 31/01/08
Authorised Risk and Assurance Manager 04/02/08
8. Annual Certificate of Compliance V4.0.doc
POL00083967
POL00083967
Communication
Branch Managers, Compliance
Team, Regional Managers, Product
& Branch Accounting and
Performance Analyst
Feb 2008
Audit
Process
Update
and article
in
Frontline
Focus in
February
2008
8. Annual Certificate of Compliance V4.0.doc
Version control
POL00083967
POL00083967
Version I Reason for issue Date of Go-
No. Live
Version I New Process April 2004
1.0
Version Minor amendments following input April 2004
11
Version Annual Review January
2.0 2005
Version Update to reflect change in roles and job March
2.1 titles 2005
Version I Work moved from MI Support to April 2005
2.2 Operations Support
Version Update following headcount April 2005
2.3
Version Updated to reflect review of post ACC July 2005
2.4 activity
Version Annual Review March
3.0 2006
Version Annual Review January
4.0 2008
8. Annual Certificate of Compliance V4.0.doc
INDEX
SECTION 1
SECTION 2
MANAGER
SECTION 3
ADVISOR
SECTION 4
POL00083967
POL00083967
INTRODUCTION
RESPONSIBILITIES OF THE RISK AND ASSURANCE
RESPONSIBILITIES OF THE RISK REPORTING
RESPONSIBILIITIES OF THE LEAD AUDIT OFFICERS
8. Annual Certificate of Compliance V4.0.doc
SECTION 1 INTRODUCTION
1.1 This chapter details the roles and responsibilities for the
Compliance Team in respect of involvement in managing the
Annual Certificate of Compliance (ACC) Process.
The latest Annual Certificate of Compliance Policy is published
on the Compliance Team Library, which also details the
timescale for completion, and is communicated to crown
offices by the Risk Reporting Advisor.
SECTION 2 RESPONSIBILITIES OF THE RISK AND
ASSURANCE MANAGER
2.1 Ensure the whole process is subject to an annual review, in
addition to periodic updates due to interim changes.
SECTION 3 RESPONSIBILITIES OF THE RISK
REPORTING ADVISOR
3.1 Write to all crown office branches on the day designated to
inform the branch manager (BM) of the completion
requirements, including the requirement to return a completed
form within 14 days.
3.2 Deal with initial queries from the BM e.g. clarification of
question or location of source of control.
3.3 Where there is a newly recruited BM, contact the BM after
issuing the ACC to ensure that they understand what is
required and that they are conversant with the required controls.
3.4Return any partially completed forms to the BM for completion.
3.5Send a reminder on the day after expected return date (to any
branches who have yet to submit a return) with a further 7 days
to complete. Failure to meet this revised deadline will result in
the non-return being escalated to the respective Business
Development Manager (BDM).
3.6 File returned ACCs on the ACC for Crown Office Library, taking
care not to overwrite previous versions.
8. Annual Certificate of Compliance V4.0.doc
POL00083967
POL00083967
POL00083967
POL00083967
3.7 Review the returns, categorising them as follows: -
a) Return correctly completed with actions to support exception
plan
b) Return completed with an exception plan not fully supported
by an action plan
c) Return not submitted (in spite of a reminder)
d) Return indicates no exceptions
8. Annual Certificate of Compliance V4.0.doc
3.8 In line with the categorisation outlined in 3.7 undertake the
following action: -
a) Contact the BM manager after the completion date of
actions, to discuss and confirm that actions have been
implemented. (Note: It is important to ensure that there is
preparation prior to contacting the BM, in terms of being
conversant with the exemption report and action plan
pertaining to the branch as well as the expected business
controls and rationale for the control)
b) Contact the BM to discuss the gaps. Any refusal to deploy a
control should be referred to the relevant BDM.
3.9Maintain records that detail the following:
e Name & Branch Code
e Date of request for completion
e Date of returns (including dates of any reminders
issued)
e Category of response (see 3.7)
3.10 Enable an annual report to be provided, via the Compliance
Scorecard that
captures the following information:
e Number of branches involved (period and YTD)
e Number, % and names of branches failing to submit a
return
e Number, % and names of branches declaring 100%
conformance
e Number, % and names of branches with exceptions not
supported by actions
e Number, % and names of branches with exceptions
supported by actions
e Number of phone calls received during the timeframe
from BMs seeking guidance
e Number of phone calls made during the timeframe to
support new BMs
e Number of phone calls made during the timeframe to
confirm implementation of actions
« Compliance scores for all controls, inclusive of RAG
status
8. Annual Certificate of Compliance V4.0.doc
POL00083967
POL00083967
POL00083967
POL00083967
3.11 Ensure that there is coverage to issue ACCs, in the event of
the absence of the Risk Reporting Advisor.
3.12 Ensure that the results of completed ACC forms act as an
input to the audit risk model, specifically on fully declared
compliance certificates and those crown offices that only submit
an ACC after a reminder.
8. Annual Certificate of Compliance V4.0.doc
POL00083967
POL00083967
SECTION 4 RESPONSIBILIITIES OF THE LEAD AUDIT
OFFICERS
Top
4.1. Ensure that there is preparation prior to the audit of a crown
office, in terms of: -
e Obtaining and analysing the latest completed ACC and any
associated exemption report or action plan from the ‘ACC for
Crown Offices’ database
e Obtaining and analysing the latest audit report from the
respective ‘P32’ database
e The expected business controls and rationale for each
control
e How conformance to the control will be tested
4.2 Ensure that all audits of crown offices include, as a core, a
review of deployment against the ACC (compared to the latest
declared version), the implementation of any subsequent action
plans and coverage of all critical controls.
4.3 Depending on the previous declaration, the review work should
focus on seeking evidence that any action plan has been
implemented as a priority and that there is evidence of
deployment, if controls were declared to be in place.
4.4 Report findings of the visit to the branch manager via the
closing meeting in addition to an audit report, using Report
Template B, and copy to the relevant Regional Manager (RM)
and Business Development Manager (BDM).
8. Annual Certificate of Compliance V4.0.doc