Scottish Consolidated Fund Accounts: 2018-2019

Governance Statement

Strategic governance arrangements in relation to the Scottish Consolidated Fund (the Fund) are covered in this governance statement. Although the Fund itself sits outside the Scottish Government's internal governance arrangements, the operation of the Fund is carried out within Scottish Government Finance, and is subject to the same controls and assurance procedures that apply to the Scottish Government, in particular the certificates of assurance and risk management arrangements, overseen by the Director General Organisational Development and Operations. The governance arrangements within which the Fund operates are assessed by the Scottish Government, and the Scottish Government confirms that these arrangements comply with generally accepted best practice and relevant guidelines. Assurance is also provided by the work of internal and external audit and to a more limited extent by the Scottish Government Audit and Assurance Committee (SGAAC). Although SGAAC has no formal role in relation to the Fund, it is informed of any issues pertaining to the Fund, and hence exercises some oversight of the Fund's operations.

The operation of the Fund is governed by the provisions of the Scotland Act 1998, the Public Finance and Accountability (Scotland) Act 2000, the Scotland Act 2012, the Revenue Scotland and Tax Powers Act 2014 and the Scotland Act 2016, which set out the conditions for payments to be made out of the Fund and sums to be paid into the Fund. The Fund uses and relies on the financial management systems of the core Scottish Government to carry out associated accounting and payment functions. Specific assurances on the reliability of these central systems have been provided by the Director General Organisational Development and Operations and relevant senior members of staff within her command.

The following procedures to identify, evaluate and manage significant risks have already been implemented:

• The risks associated with the operation of the Fund have been identified and incorporated within the Scottish Government Financial Management Directorate Risk Register together with the determination of a control strategy for each risk which is kept under constant review.
• The Scottish Government's external auditors, Audit Scotland, provide reports on the adequacy and effectiveness of the systems of internal control with recommendations for improvement as part of their annual audit review of the Scottish Government. Appropriate action is taken to address any weaknesses identified and to ensure the continuous improvement of the system.
• The Scottish Government's internal auditors provide reports on the adequacy and effectiveness of Financial Services Division's systems of internal control together with recommendations for improvement. Such reports include the Division's operation of the Fund where appropriate. Appropriate action is taken to address any weaknesses identified and to ensure the continuous improvement of the system.
• During 2018-19, Internal Audit carried out a capability and capacity review of the SEAS system operated by Financial Services Division in accordance with the Audit Plan agreed by SGAAC in March 2018. The report identified a number of issues and associated risks with the operation of SEAS, and set out a number of recommendations for improvement, which have been or are being addressed. The outcome of the review was to provide reasonable assurance of the adequacy of controls in place.

In the 2018-19 financial year, Financial Services Division in its operation of the Fund has:

• Monitored the balance on the account and taken appropriate action to maintain the balance at an appropriate level whilst remaining within the cash limits set by the UK and Scottish Parliaments.
• Kept its processes and procedures under review, aiming to ensure that they are documented and amended where appropriate to reflect any changes to the Fund's operation. In particular, processes and procedures were reviewed and updated to implement the borrowing provisions of the Scotland Act 2012, which came into effect from 2015-16 onwards, as amended by the Scotland Act 2016, and which have had a significant impact on the operation of the Fund, and have had a similar impact on its accounts. The first repayments of borrowing were charged to the Fund in 2018-19.
• Identified and kept under review any risks arising from the operation of the Fund, and included these where appropriate in the Divisional and Directorate risk registers.
• Assessed the risk management arrangements in place and confirmed that they are operating effectively.
  
• Carried out operations on the Scottish Government IT network and on systems managed by the Scottish Government, and hence has been subject to its IT and data security arrangements. There were no breaches of data security during the year.
• Ensured that during the year staff have received training on any revision to processes and procedures in relation to the operation of the Fund.
• During 2018-19, considered the findings of reports issued in respect of two reviews of its operations commissioned by the Division: an internal review by Digital Transformation Division, and an external review of compliance with the General Data Protection Regulation (GDPR). A project is in progress to implement the recommendations of the latter, which as well as ensuring compliance will enhance the security of data processed by and held on the systems managed by Financial Services Division.

Leslie Evans
Principal Accountable Officer
23 September 2019