Governance statement

Scope of Responsibility

As accountable officer, I have responsibility for maintaining a sound system of internal control that supports the achievement of the NHS Trust’s policies, aims and objectives, whilst safeguarding the public funds and departmental assets for which I am personally responsible, in accordance with the responsibilities assigned to me.

I am also responsible for ensuring that the NHS Trust is administered prudently and economically and that resources are applied efficiently and effectively. I also acknowledge my responsibilities as set out in the NHS Trust Accountable Officer Memorandum. 

The purpose of the system of internal control 

The system of internal control is designed to manage risk to a reasonable level rather than to eliminate all risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of the policies, aims and objectives of the East of England Ambulance Service NHS Trust, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically. The system of internal control has been in place in the East of England Ambulance Service NHS Trust for the year ended 31 March 2023 and up to the date of approval of the annual report and accounts. 

Capacity to handle risk 

The Trust has a well embedded risk management process designed to allow the organisation to handle risk effectively. Risk leadership and training are key components.

Risk leadership

The Board of directors has overall responsibility for the management of risk within the Trust. The chief executive officer retains overall executive responsibility for risk management, with the director of corporate affairs and performance as the responsible director. Risk management is a core component of all senior roles. The Trust has an approved risk appetite, strategy and procedure to facilitate risk management throughout the organisation.

Risk management training

Staff are trained and equipped to manage risk in a way appropriate to their authority and duties, in line with the Trust’s risk management strategy and procedure. The Trust has in place a risk management training approach to ensure that staff are suitably equipped to manage risk in a way that is appropriate to their authority and duties.

Training staff is embedded within the corporate induction, as well as annual refresher via e-learning mandatory training requirements. Quarterly training and support are given to management teams, to standardise the approach to risk management and manage risks.

The risk and control framework 

Risk management strategy and risk appetite

This describes the processes to identify, assess, and manage potential risks. It outlines the principles applied to all Trust activities to ensure risks identified are evaluated and treated, mitigating any risks that could prevent delivery of objectives. The Board has in place a risk appetite statement, which is current and will be reviewed in the coming financial year.

The compliance and risk group oversees the day-to-day management of risk and internal controls, to ensure monitoring against key risks and objectives occurs, as well as utilising a risk-based approach to business and decision-making.

Once a risk is identified, assessment is undertaken, focusing upon causes and effects, against impact and likelihood. Controls are then implemented, and mitigating actions established throughout the organisation.

Quality governance arrangements

The organisation has a robust set of quality governance arrangements in place, including:

  • Committee and sub-group infrastructure to ensure all quality issues are monitored and addressed. This includes safeguarding, medicines management, health and safety and infection, prevention and control.
  • A full suite of policies and procedures to control quality systems and processes
  • Robust risk assessment and quality impact assessment processes.
  • Data quality checks within the processes for publishing and using performance information – managed through a dedicated informatics team.

Data security risks

Data security risks are identified, assessed, managed, and reported as per the Trust’s risk management strategy and process and are overseen by the information governance group and data quality and security group, as well as the Trust’s senior information risk owner (SIRO).

Significant risks

The major risks identified within the financial year have been monitored and acted upon by the Board and sub-committees through scrutiny of the board assurance framework (BAF) at Board and sub-committee meetings. In-year, the risks were reviewed, reassessed and strengthened with a summary as follows:

 Strategic Goal Strategic Risk Comments
Be an exceptional place to work, volunteer and learn  SR1a: If we do not ensure our people are safe and their wellbeing prioritised, there is a risk we will be unable to attract, retain and keep our people safe and well. Current risk in recognition of the safety, culture and behaviours programme and reflects the need for inclusivity. Key mitigations include the culture improvement programme and the following improvement plans: inclusivity, wellbeing and health and safety.
SR1b: If we do not ensure our leaders are developed and equipped, there is a risk that we will not be able to change our culture and value, support, develop and grow our people. Current risk reflecting the importance of stabilising the infrastructure, capacity and capability of our leadership teams across the organisation to support staff effectively. Key activities include the leadership development framework and our Time to Lead programme. 
Providing outstanding quality of care and performance  SR2: If we do not deliver operational and clinical standards then there is a risk of poor patient outcomes and experience.  Current risk focusing on our ability to deliver timely and high-quality care to patients. Mitigation relates to recruitment to the clinical workforce plan, operational efficiencies and system working. Clinical care standards are positive. 
Be excellent collaborators and innovators as system partners SR3: If we do not ensure we have the ability to plan, influence and deliver across our systems to secure change, we will not be able to meet the needs of our public and communities.  Current risk focusing on supporting and collaborating in the delivery of system-wide integration, focusing on alternate pathway schemes, engagement and involvement within the wider health and social care landscape. 
Be an environmentally and financially sustainable organisation  SR4: If we do not resolve long standing organisational inefficiencies we will be unable to deliver an effective, sustainable, value for money service to our public.  This risk focuses on long term financial planning, sustainability and efficiencies, supporting a balance between value for money and delivery of the service. Key mitigations focus on the cost improvement programme, and efficiency improvement. 
All Goals SR5: If we do not clearly define our strategic plans we will not have the agility to deliver the suite of improvements needed. This risk focuses on the need to integrate our improvement plans and strategic aim to bring about a clear narrative and understanding of our vision. This will lead to improved prioritisation and achievement of requirements.
SR6: If we do not deliver sustainable regulatory compliance and develop positive relationships, we will have limited ability to deliver our strategy. In recognition of the regulatory improvements required in well led, this focuses upon compliance and regulatory standards, and the impact upon our reputation. Mitigations include the performance management framework, engagement strategy, and development of robust compliance monitoring.

Governance compliance risks

The Trust is not fully compliant with the registration requirements of the Care Quality Commission (SOF4). A range of mechanisms are in place to provide assurance of compliance with the Health and Social Care Act 2008 (Regulated Activities) and Regulations 2010, as set out in the Care Quality Commission’s guidance for providers. The Trust was rated overall as requires improvement in July 2022 inspection.
Measures continue to be implemented to address compliance with national ambulance targets. These include a well-established programme of multidisciplinary directorate performance reviews monitored and reviewed by the Board on monthly basis. Positive improvements have been recognised by the CQC during the year removing two licence conditions imposed in 2020 due to safeguarding concerns and pre-employment checks. 

Training and education programmes on culture continues to be implemented to support alignment with Trust values and behaviours across the Trust. Key risks:

 Risk Mitigation
There is a risk arising from challenges in complying with well led requirements oftheCQC due to leadership instability, capacity and capability, and embedding values and behaviours.

 
  • Well led improvement plan with key programmes relating to culture, capacity and capability, leadership development.
  • Localised culture interventions to support tangible change.
  • Improvement director to support improvement.
  • Increased governance capacity to support compliance.
There is a risk to oversight and assurance due to the quality of utilisation of data and measuring effectiveness, as well as capacity of teams for data analysis.
  • Integrated performance report: Board and sectors in place.
  • Support from NHSI ongoing to enhance data utilisation.
  • Chief information officer (CIO) focus on data quality and utilisation.
  • Committee metrics and escalation parameters in place.
  • Demonstrating Impact programme to transition to statistical process control and performance improvement.

Embedding of risk management

Risk management is embedded throughout key activities in the organisation, including:

  • All risk registers are managed via an electronic database. Escalation of risk is achieved through the governance structures and processes.
  • Identification and assessment of risk is a core business function, with managers recognising and assessing risks to the delivery of their aspect of the service.
  • All cost improvement programmes have a reviewed and approved quality impact assessment, where risks and mitigating actions are identified.
  • All core plans, such as the winter plan, potential for overtime incentives, surge plan or Board-level financial decisions have a risk and impact assessment.
  • Embedded incident reporting system for staff to report incidents or near misses.
  • Core groups monitor the risks relevant to their terms of reference.
  • Audit committee has oversight of risk management to ensure it is embedded.

Workforce strategies and staffing systems

The Trust is working to a budgeted whole time equivalent (WTE) workforce establishment informed by the clinical strategy and workforce plan to enable the delivery of safe and effective care to our patients.

Progress against the workforce plan is monitored through the people committee and Board. The service is committed to building an engaged and inclusive culture with engagement events for staff to speak directly with executives and non-executive directors, nominated Executive leads for each STP area and ongoing joint working with Trade Unions to improve workforce policies and procedures. The Trust is undertaking significant work to improve the culture and leadership in the organisation.

The Trust will continue to foster positive collaborative working relationships and ensure that existing staff networks (LGBT+ Network, BME Network, All Women in EEAST Network, Men's Wellbeing Network, Multi-Faith Network and Disability Support Network) are encouraged to play an active role in the decision making in the Trust. 

Compliance with CQC registration requirements

The Trust is not fully compliant with the registration requirements of the Care Quality Commission. In 2020, following a focused well led inspection, the Trust was placed in Special Measures (SOF4) and as a result, enhanced regulatory oversight and monitoring is in place.

A full core service inspection was carried out in Spring 2022 with an improvement to the well led rating, returning to requires improvement. This did not alter the overall rating and the Trust remains in SOF4, pending a further inspection and review. At the time of writing this report, two of the 11 conditions on the Trust’s provider license have been removed, with others being applied for. 

The Trust is focusing heavily on making the necessary improvements, working with regulators to establish and deliver rapid interventions to strengthen the position short term, whilst progressing the Fit for the Future programme for long term, sustainable change. The plan focuses on four core underpinning well led themes, in addition to the immediate action plans relating to the CQC, Equality and Human Rights Commission and training and education.

Register of interests

The Trust has published on its website an up-to-date register of interests, including gifts and hospitality, for decision-making staff (as defined by the trust with reference to the guidance) within the past 12 months, as required by the ‘Managing Conflicts of Interest in the NHS’ guidance.

Pension scheme

As an employer with staff entitled to membership of the NHS Pension Scheme, control measures are in place to ensure all employer obligations contained within the scheme regulations are complied with. This includes ensuring that deductions from salary, employer’s contributions and payments into the Scheme are in accordance with the scheme rules, and that member pension scheme records are accurately updated in accordance with the timescales detailed in the Regulations.

Equality, diversity and human rights

Control measures are in place to ensure that all the organisation’s obligations under equality, diversity and human rights legislation are complied with. Focused work has been undertaken successfully via a section 23 agreement with the Equality and Human Rights Commission, which was lifted in October 2022. As part of the Trust’s culture improvement work, there is an inclusivity plan in place to deliver further improvements in relation to equality and diversity over coming years.

UK climate projections

The Trust has undertaken risk assessments and has plans in place which take account of the ‘Delivering a Net Zero Health Service’ report under the Greener NHS programme. The trust ensures that its obligations under the Climate Change Act and the adaptation reporting requirements are complied with.

Review of economy, efficiency and effectiveness of the use of resources

The Trust has a range of processes to ensure that resources are used economically, efficiently, and effectively. This includes management and supervision arrangements for staff and a system of devolved budget management. This incorporates reviews of finance and performance at budget manager, service director and overall Trust level, through detailed reporting to the performance and finance committee. The committee also scrutinises the Trust’s quality cost improvement programme and reviews delivery of this programme which is supported by quality impact assessments.

External auditors are required as part of their annual audit to satisfy themselves the Trust has made proper arrangements for securing economy, efficiency, and effectiveness in its use of resources and report by exception if in their opinion the Trust has not.

Information governance

In 2022/23 there were a total of 35 incidents reported to the Information Commissioner’s Office (ICO) through the data security reporting tool, demonstrating a 20% reduction in cases from the previous year. Of these, at the time of writing this report, the ICO took no further action in 33 cases (94%), being satisfied with the investigation and actions taken by the Trust. The remaining two are outstanding for a decision. 

Three incidents met the Trust’s Serious Incident (SI) threshold and were managed under the Trust’s SI process. These incidents met the threshold for reporting to NHS England but not the Information Commissioner’s Office. Two related to accidental destruction of patient records, and the third a disclosure error.

Data quality and governance

The Trust has several processes in place to ensure that data are accurate and provides a balanced view. These include:

  • Clinical data and outcomes checked and verified by the clinical audit manager (state registered paramedic) prior to submission to the national audit programmes.
  • Monthly checks of Department of Health statistical reports to ensure latest comparative data are included.
    Assurance through governance processes to Board-level via the Integrated Board report.
  • Information governance toolkit.
  • Assurance provided through information governance group and data quality and security group to Trust Board via the audit committee.
  • Regular scrutiny of processes and information through Board sub-committees.
  • Transition to the data lake – a single source of our data that cannot be manipulated.

Key risks to the data relate to the need for manual manipulation of aspects of the data set, due to multiple systems not yet interacting automatically with one another, as evidenced in the latest internal audit report. Mitigations include the development of clear standard operating procedures for all data sets utilised. Operational data via the 999 and patient care records are assured as accurate as these are automated.

Review of effectiveness 

As accountable officer, I have responsibility for reviewing the effectiveness of the system of internal control. My review of the effectiveness of the system of internal control is informed by the work of the internal auditors, clinical audit and the executive managers and clinical leads within the NHS Trust who have responsibility for the development and maintenance of the internal control framework. I have drawn on the information provided in this annual report and other performance information available to me.

My review is also informed by comments made by the external auditors in their management letter and other reports. I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the board, the audit committee and quality governance committee and a plan to address weaknesses and ensure continuous improvement of the system is in place.

The Trust Board recognises the importance of the principles of good corporate governance and is committed to ensuring these are effective and efficient. This is implemented through key governance documents, policies, and procedures of the Trust, including:

  • The Board governance and assurance framework, including the sub-committees
  • The Trust’s standing orders, reservation of powers to the Trust Board, scheme of delegation, and standing financial instructions.

The Trust is led by a unitary Board, which provides leadership within a framework of internal control whilst promoting innovation, and challenge to performance issues. The Board monitors the effectiveness of the internal control systems and processes through clear accountability arrangements.

Each executive director is held to account for control systems and processes, monitoring methods and weaknesses within directorates; cross checking evidence of compliance with statutory functions to ensure that the Trust remains legally compliant. 

Review of effectiveness of the Trust Board and sub-committees

The Board and the sub-committees review their effectiveness on a regular basis and formally through the Board’s annual evaluation process. Assurance that each committee has been compliant with its terms of reference and publication of an integrated effectiveness report has been achieved:

Area of improvement:

  • Significant improvement on quality of papers, KPI delivery and levels of assurance. Reports, delegates, outcomes, quality of meetings and conversations.
  • Decisions/recommendations supported by better quality analysis.
  • Pre-meets between chair and lead executives to prepare the agenda and discuss papers in advance. Focus on the BAF and the areas needing committee priority and attention to deliver the strategic objectives.
  • Recognition of the work carried out by subgroups allowing prioritisation of more key issues.

Area for focus:

  • Clear metrics and approach to managing and overseeing strategies to be developed.
  • Clarity around overlap/duplication with other committees.
  • Data quality.
  • Ensuring that committee does not slip into tactical operational management and remains focused on assurance and strategy.
  • Diversity of membership.

Summary of activities

The following provides summary of the activities in maintaining and reviewing the effectiveness of the system of internal control:

 Trust Board Audit Committee Quality Governance Committee Corporate Governance Team
Risk management assurance – reviewing the BAF, risk escalation, strategic risk review. Reviewing assurance pertaining to risk and governance via reports and deep dives.  Review and assurance on action plans following the 2022 CQC inspection.  Facilitation of well led development and working to support through SOF4. 
Developing, reviewing and approving key Trust strategies.  Approval of the Board governance and assurance framework and the risk management strategy.  Reviewing and approving the clinical audit plan and relevant clinical and quality annual reports.  Ongoing embedding of the Board governance and assurance framework and risk management strategy. 
Receiving and approving annual reports.  Review in detail the Standing Orders, Standing Financial Instructions, Scheme of Delegation and Reservation of Powers to the Trust Board.  Monitoring performance against the ambulance clinical quality indicators and key clinical indicators to assess quality of care.  Facilitation of the CQC, EHRC, and other regulatory relationships and assurance mechanisms to support improvements. 
Receiving assurance on plans and progress in relation to regulatory compliance.  Reviewing in detail the system of control arrangements, including policy management, information governance, data quality and  procurement.  Receiving and reviewing update reports in relation to claims and litigation cases, patient experience, research.  Facilitation of the escalation and assurance mechanisms in support of the Board and its sub-committees. 
Close monitoring of the culture improvement programme as well as frequent oversight of freedom to speak up and whistle blowing.  Reviewing the recommendations and action plans from internal audits.  Assessment and assurance of compliance with wider regulation, including the Civil Contingencies Act.   
  Analysis and monitoring of wider committee assurance and effectiveness in relation to risk management and internal controls. Assuring patient safety and experience through patient network reports and deep dives into areas such as ‘no sends’ and performance ‘perfect weeks’.  

Clinical audit activities

Clinical audit forms part of the quality governance framework and provides assurance that services are being delivered to patients at the required standard, in order that the Trust meets the dimensions of quality: patient safety, patient experience and clinical effectiveness.
The results of audits and experience audits are used to review and develop training for staff, and examples, themes and trends have enabled the Trust to identify areas that draw out the quality measures.

The clinical audit and patient experience programmes for 2022/23 focused on national, strategic, and regulatory driven audit projects that related to the priorities set within the quality account agenda. Full details of all audits undertaken are in the quality account.

The head of internal audit opinion and annual internal audit programme

Head of internal audit's annual opinion

TIAA is satisfied that, for the areas reviewed during the year, East of England Ambulance Service NHS Trust has reasonable and effective risk management, control and governance processes in place.

This opinion is based solely on the matters that came to the attention of TIAA during the course of the internal audit reviews carried out during the year to date and is not an opinion on all elements of the risk management, control and governance processes or the ongoing financial viability or your ability to meet financial obligations which must be obtained by East of England Ambulance Service NHS Trust from its various sources of assurance.

Actions taken to address internal control issues

The key challenges the Trust faced throughout 2022/23 and the actions taken were:

Key challenges to internal controlActions taken
Operational capacity to meet demand and performance requirements. 
  • Closure of the operational workforce capacity gap.
  • Over-recruitment to control room roles.
  • Utilisation of additional private ambulance service provision to support delivery of care to patients.
  • Collaboration on system improvement activities including development of intra-provider patient transfer (access to the stack).
Well-led issues pertaining to culture, inclusivity, behaviours, capacity and capability.
  • Improvement director support
  • CQC improvement plan delivery in year.
  • Local culture interventions programme.
  • Enhanced staff engagement approach.
  • Strengthened whistleblowing and freedom to speak up.
  • Speak Up, Speak Out, Stop It campaign.
  • Policy and procedure reviews and strengthening.
  • Increased training in values, behaviours and leadership around culture.

Conclusion

I can confirm that there are no significant internal control issues identified that do not have a clear plan in place for effective mitigation. Where control issues have been identified, for example in relation to leadership and governance through CQC inspection, a process has been developed which ensures appropriate support and scrutiny in relation to the areas required, with robust reporting in place. Improvement is being seen across all areas of concern.

There is an acknowledgement that the Trust continues on its improvement journey, with strengthened systems and controls being implemented to mitigate the internal control challenges that the Trust is actively managing. I am confident that appropriate mitigation plans are in place with clear oversight and scrutiny through the regulators and that we therefore have a generally sound system of internal control that supports the achievement of our policies, aims and objectives. We continue to identify opportunities to strengthen the internal control environment into 2023/24.

Signed by Tom Abell, Chief Executive Officer
June 2023

Next page: Remuneration and staff report

Back to contents