NHS Resolution      Annual report and accounts 2021/22                                            79



            The Head of Internal Audit gave MODERATE             Anti-fraud, bribery and corruption
            assurance to the Accounting Officer that NHS
                                                                 As with all  NHS organisations, the risk of fraud  is a
             Resolution has had adequate and effective systems
                                                                 significant consideration. The nature of NHS Resolution's
            of control,  governance and  risk management
                                                                 work inevitably focuses our attention on the risk of
             in  place for the reporting year 2021/22.
                                                                 fraudulent claims being brought against our members,
             Performance and financial controls                  and we take a zero-tolerance stance towards fraud
                                                                 and  bribery. We have established controls in  place to
             NHS  Resolution's financial and operational performance
                                                                 mitigate the risk of fraud as far as possible,  including
             is reported  regularly to the Senior Management
                                                                 an  up-to-date Anti-fraud, bribery & corruption policy
            Team, to the Board and to me.  Our financial
                                                                 and procedure, as well as annual training. These
             position, together with operational  KPIs,  is reported
                                                                 provide guidance for all staff, enabling them to
            quarterly to DHSC to demonstrate that performance
                                                                 recognise and deal with  potential  instances of fraud
             is being  managed  in  line with expectations.
                                                                 and  bribery.  Counter fraud services are provided  by
            There are policies and  procedures for the management   GIAA who work in accordance with the NHS Counter
            of finances and resources, including a scheme of     Fraud Authority Standards for Providers to prevent,
            delegated authorities for the approval of expenditure.  deter, detect and investigate fraud and  bribery.  During
            The internal audit programme routinely covers key    2021/22 we have worked closely with our colleagues
            financial controls to provide assurances to management   in the NHS Counter Fraud Authority,  DHSC  and the
            and the Board.  Governance arrangements through the   Cabinet Office in the adoption of the Government
             Reserving and  Pricing Committee for the valuing of   Counter Fraud  Functional Standard GovS013.
             provisions for claims are set out earlier in this statement.
                                                                 We continue our membership of the Claims and
            Timing of cashflows -  known claims provisions       Underwriting  Exchange (CUE), a database of non-clinical
                                                                 claims reported to insurers.  This enables us to share
            The known claims provision calculation uses the
            expected settlement date (ESD) from individual       information with other indemnifiers,  so as to identify
            claims recorded in the Claims Management System      potentially fraudulent claims. We are fully alive to the
            (CMS) to apply inflation and discounting to reach a   information governance risks entailed in such an initiative
            valuation.  However, for the disclosure of the expected   and ensure that due legal  process is adhered to.
            timing of cashflows, this has historically been  based   Information security and governance
            on an actuarial view of settlement patterns.
                                                                 NHS Resolution  has maintained ISO 27001  Information
            An adjustment to the 2021/22  known claims           Security certification which provides evidence that we
             provision  has been applied to the estimate         have an effective information security management
            technique as there has been a significant divergence   system. The surveillance audit carried out in  December
             between the two views,  most likely as a result     2021  reviewed a range of governance and technical
            of the impact of the Covid-19 pandemic.              security controls. The audit identified zero major non­
                                                                 conformances and two minor non-conformances. As a
            As part of this reassessment, we have concluded that
            this approach should  have been applied to prior periods,   result of this the audit recommended the certification
            drawing on the information that was available at the   for NHS  Resolution be continued. We have also
            time, as it results in a better estimate of the known claims   achieved Cyber Essential  Plus certification which  is a UK
             provision. The prior period financial statements have   Government scheme of good practice in  information
                                                                 security.  NHS  Resolution is committed to minimising
            therefore been  restated as required  by IAS 8 Accounting
                                                                 the risks associated with  information handling and
             Policies, Changes in Accounting  Estimates and  Errors.
             Further details of the adjustments to the financial   to ensuring that all staff are fully aware of their
            statements are provided at Note 7.4 to the accounts.  responsibilities in  relation to information governance.

            We are identifying potential  improvements to the
             process to estimate the expected timing of cash-flows.