Annual Report & Accounts 2017/18

78 NI Water Annual Report and Accounts 2017/18 were reviewed on a continual basis using risk management software, with monthly reports generated for monitoring purposes. A detailed threat and opportunity map was used to identify the consequences, controls and required actions and was presented to the Risk Committee and Board. Corporate threats and opportunities can be ‘drilled down’ to business units and to programme or project levels as appropriate, to evidence the effectiveness of controls and required actions. Directorate threats and opportunities can also be escalated to senior management’s attention when they are graded as ‘high’ or ‘medium’. An established escalation process is also in place to alert the Chief Executive, Board and Stakeholders of significant new issues. The Risk Committee updates the Board on a quarterly basis on threat improvements, benefits from opportunity realised, improvement in resilience, risk escalated and completion of improvement actions. The Board approved the risk appetite and reviewed the action plans in place to manage the risk exposure and realise opportunities. The Board provides a quarterly risk management report, at a strategic level, to DfI. Risk management is a permanent agenda item in the Shareholder Meetings. Other stakeholders are involved in managing threats and opportunities which impact upon them. Key risks materialising in year During the year there were no key risks which materialised into potentially significant issues. Internal Audit The Head of Internal Audit provided an ‘Annual Opinion’ on NI Water’s system of governance, risk management and internal control. The opinion for the year ended 31 March 2018 is ‘Satisfactory’: ‘While there is some residual risk identified this should not significantly impact on the achievement of the customer promises’. Review of effectiveness As Accounting Officer, I have responsibility for reviewing the effectiveness of the system of corporate governance, internal control and risk management. My review is informed by the work of managers within NI Water, who have responsibility for the development and maintenance of the internal control framework. I am also informed by other independent sources of assurance. In the current year this included an external review of cyber security readiness. I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the Board, Audit Committee and Risk Committee and a plan to address weaknesses and to ensure that continuous improvement of the system of internal control is in place. A formalised assurance framework to assist me in assessing the extent of compliance with the specified responsibilities, including the effectiveness of the systems of internal control has been developed. The Audit Committee and Risk Committee considered the Internal Audit Opinion and Chief Executive’s Annual Assurance Statement and informed the Board on the overall effectiveness of NI Water’s system of internal control and risk management. The year end Management Assurance Statements include a list of evidence to support management’s response and the associated threats and opportunities. The External Audit opinion for the Statutory, Regulatory and Regularity audits are all ‘unqualified’ and there is an effective process to manage closure of Management Letter Points raised by the External Auditors. I am therefore satisfied that the governance, risk management and internal control framework in NI Water is ‘satisfactory’. Chief Executive’s Year End Assurance Statement – Exception Report Whilst there is an adequate system of internal control in place in NI Water, a number of matters included in the ‘Exception Report’, appended to my Annual Assurance Statement to the DfI Accounting Officer, have been identified for further action. Most of the matters are reflected in the strategic threats and opportunities section, while others are reported to the Shareholder. The Board and I will continue to address these matters. We will also work with our Shareholder, where there is joint accountability on certain threats and opportunities, to manage them towards the relevant threat appetite or opportunity realised level. Sara Venning Accounting Officer 24 July 2018 Governance