Annual report 2019-2020

Annual Report for the period 2019-2020

Publication date:
30 June 2020
Date range:
June 2020 - June 2021

The Accountability Report

Annual governance statement

Scope of responsibility

As Accountable Officer, I hold responsibility for maintaining a sound system of internal control that supports the achievement of the organisation’s policies, aims and objectives, whilst safeguarding the public funds and departmental assets for which I am personally responsible, in accordance with the responsibilities assigned to me. I am also responsible for ensuring that Kent and Medway NHS and Social Care Partnership Trust is administered prudently and economically and that resources are applied efficiently and effectively.

The purpose of the system of internal control

The system of internal control is designed to manage risk to a reasonable level rather than to eliminate all risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness.

The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of the policies, aims and objectives of Kent and Medway NHS and Social Care Partnership Trust, to evaluate the likelihood of those risks being realised, the impact should they be realised and to manage them efficiently, effectively and economically. The system of internal control has been in place in Kent and Medway NHS and Social Care Partnership Trust for the year ended 31 March 2020 and up to the date of approval of the annual report and accounts.

Kent and Medway NHS and Social Care Partnership Trust (KMPT) serves a population of over 1.8 million and provides mental health, learning disability, substance misuse and other specialist services for people over the age of 16 who live in Kent and Medway. Our Early Intervention in Psychosis Services see young people from 14 years upwards.

The trust is managed in four Care Groups: Acute, Community Recovery, Older Adult Services and Forensics and Specialist Services, all supported by a range of corporate teams.

As Accountable Officer I have in place partnerships and processes with other organisations. The Strategic Transformation Partnership (STP) will have a significant impact on ongoing relationships and I am ensuring that the Trust is constructively engaged and considering governance aspects.

These include Clinical Commissioning Groups (CCGs), NHS Improvement (NHSI), the Local Authorities, Healthwatch, the Department of Health and Social Care, Police Authorities and other acute and mental health trusts. Some of the main fora for the transaction of these relationships are:

  • Quarterly South of England NHS Chief Executives’ Forum

  • Regular Integrated Assurance Meetings (IAMs) with NHSI

  • Quality and Performance Review Meetings with the CCGs

  • Meetings with the Local Authorities through the Kent and Medway Partnership Board, Kent County Council Health Overview and Scrutiny Committee, Medway Council Overview and Scrutiny Committee, Safeguarding Board, Kent Adult Services Group and a range of joint Planning Boards

  • Regular meetings with the Accountable Officers of local CCGs and universities including the Kent, Surrey, Sussex Deanery and Medical School

  • Sustainable Transformation Partnership Steering and Management Groups, Integrated Care Partnerships (ICPs)

    and Primary Care Networks (PCNs).

Capacity to handle risk

The Trust Board takes overarching responsibility for risk management. As Accountable Officer I ensure that sufficient resources are invested in managing risk and I have been supported in undertaking this role by the Executive Director of Finance, Executive Medical Director and the Executive Director of Nursing and Quality.

The Executive Director of Nursing and Quality is the executive lead for clinical governance and the implementation of risk management. She ensures that the Trust continues to have robust systems in place to comply with the objectives set out in its approved policies and procedures.

The Executive Medical Director is Responsible Officer for medical revalidation for the Trust. The Executive Director of Finance and Performance has a specific role for leading strategic development and implementation of financial risk management (including anti-fraud and bribery), which includes oversight of the Standing Financial Instructions. The Executive Director of Finance is also the Senior Information Risk Officer and, as Chair of the Information Governance Group, is responsible for developing and implementing information risk management.

These executive directors have a key role in the development of quality standards across the Trust and for maintaining effective integrated clinical governance.

The Non-Executive Committee members of the Integrated Audit and Risk Committee (IARC) play a key role in the internal control assurance processes. IARC scrutinises the effectiveness of management actions in mitigating risks through regular reviews of the corporate functions and Care Group risk registers, on a rolling basis in addition to the Trust risk register. Board Committees also have a responsibility for elements of the risk management system, with the Integrated Audit and Risk Committee providing assurance on its effectiveness.

Chaired by the Chief Executive, the Executive Assurance Committee (EAC) meets each month and ensures that KMPT maintains robust systems of governance, risk management and internal control that support the delivery of high quality patient-centred care.

KMPT recognises the important role all leaders across the Trust have in developing a robust approach to risk management and ensuring it forms an integral part of good management practice and to be most effective should become part of the Trust’s culture. The provision of appropriate training is central to the achievement of this aim.

The Trust’s Risk Management Strategy provides the framework for the continued development and integration of the risk management process in the Trust’s strategic aims and objectives. It encompasses our risk management process and sets out how staff are supported and trained to enable them to identify, evaluate and manage risk. The Risk Management Strategy and associated policy was comprehensively revised and updated during 2018-19 and further reviewed and approved in May 2019 to reflect current best practice in Risk Management.

Training on clinical risk management is included in the mandatory induction programme which all clinical staff participate in at the start of their employment with the Trust. Through out 2019-20 managers and their nominated risk assessors were offered tailored further training on the principles and application of risk assessment and the tools used by the Trust to identify, record, monitor and review risk.

The Trust provides mandatory and statutory training that all staff are required to attend in addition to specific training appropriate to individual responsibilities, such as Prevention and Management of Violence and Aggression.

The Trust seeks to learn from good practice through a range of mechanisms including benchmarking, clinical supervision and reflective practice, individual and peer reviews, performance management, continuing professional development, clinical audit, the application of evidenced based practice and reviewing compliance with risk management standards. There are formal mechanisms in place to ensure that external changes to best practice, such as those issued by the National Institute for Health and Clinical Excellence are incorporated in to Trust policies and procedures.

The risk and control framework

The Trust’s Risk Management Strategy provides the framework for the continued development of the risk management process, building on the principles and plans linked to the Trust’s Assurance Framework, the Risk Register, the requirements of the Care Quality Commission and national priorities.

Progress was achieved in the year to mitigate key risks relating to the principal objectives of the Trust. Risk management within the Trust is a live and dynamic process and the risks identified as having the potential to have the greatest impact on the strategic objectives have changed accordingly during the year 2019-20.

Financial risk

Financial risk has remained a constant throughout the year although the relative potential impacts have changed proportionately as a result of controls, mitigations and external changes. The three key elements have been:

  • Risk ID 6097 2019/20 CIP Programme (Rating of 20 – Extreme)

  • Risk ID 6098 Long Term Financial Sustainability (Rating of 20 – Extreme)

  • Risk ID 5920 Financial risk to KMPT due to out-of-area PICU bed use (Rating of 20 – Extreme).

Operational risk to quality of care

Risk ID 5875 CMHTs demand and capacity (KCC/KMPT)

The changes made with the KCC transition impacted the ability of the CMHTs to cope effectively with the high level of demand for assessment of service. A number of mitigations were immediately put in place.

  1. Active recruitment of agency staff to work in the teams that have severe staffing shortages

  2. Caseload reviews for all teams to re-alignment work and secured resources to provide expert social care knowledge to help this process

  3. Assessment of the team’s ability to respond to demands, though capacity planning, in conjunction with the Performance Directorate

  4. Introduction of more innovative processes to reduce repetition and duplication, including the assessment process

  5. The implementation of the clinical care pathways to support efficient patient flow through the community team and demand and capacity management.

Mental Health Investment Monies received will create 45.32 new posts for CRCG with recruitment ongoing. Performance team have completed re assessment of demand and capacity for CRCG who confirm resources continue to be insufficient to meet KPI targets. Ongoing work with commissioners to establish primary care level screening systems by KMPT PCMHNs to ensure appropriate referrals occur.

Plans for this to be negotiated as a role for non KMPT PCMHN going forward.

Organisational risk

Risk ID 5989 emerging infectious diseases

A significant new risk which emerged during the year. This risk was included following the global emergence of Covid-19 and in response to the declaration of a level 4 health incident by the UK government as well as it being a pandemic.

Risk ID 5965 Exiting the EU

A significant risk to the Trust during the year was the uncertainties relating to the potential impact of the UK exiting the EU without a deal. A substantial piece of work was undertaken in partnership with the Local Health Resilience Partnership to review the risks identified and generate plans.

The Trust has in place a process for the identification, assessment, and management of risks. This is a systematic approach which assesses the consequences and likelihood of each risk event, associated mitigations and allows for the identification of risks which could be considered unacceptable to the organisation. Areas of risk are triangulated using indicators including incidents, claims and performance metrics.

Risk registers owned by and or delegated to the Committees of the Board are regularly reviewed to ensure that the correct types and levels of risks are scrutinised for the maximum benefit to the organisation. Robust control mechanisms are in place, based upon the Trust’s organisational policies, protocols, strategies and procedures used to control, mitigate and monitor risk. Additional assurances are gained from the Trust’s organisational scheme of delegation which details who has oversight of risk via the Committee structure, Trust-wide groups and sub-groups. Prevention of risk is achieved through the interface partnership working arrangements across the local health economy and in our joint commissioning arrangements.

The Local Counter Fraud Team provided by TIAA support the Trust in the prevention, detection and investigation of alleged incidents of fraud, bribery and corruption.

They have undertaken awareness training to all new starters at corporate induction and run publicity campaigns to highlight fraud in the NHS. They also advertise the Confidential National Fraud and Corruption Reporting Line through poster distribution, fraud staffzone page, promotional material and newsletter articles. The newsletter ‘Fraudstop!’ is circulated to all staff and distributed at the Trust induction.

The risk and control framework incorporates a range of supporting systems and associated policies that provide a structured and consistent approach to the management of risk.

These include:

  • Risk Management Strategy

  • Risk Management Policy (and associated guidance)

  • Information Risk Management Framework and Policy

  • Incident Reporting Policy

  • Complaints Policy

  • Serious Incidents Policy

  • Investigations Policy

  • Health and Safety Policy

  • Learning from Experience Policy

  • The bi-annual review of the Board Assurance Framework by the Integrated Audit and Risk Committee.

The risk team have developed a range of simple to use tools and guidance documents for managers based on the most up to date risk management theory. The risk management policy has been updated this year to be in alignment with HSG 65 and to use the Plan Do Check Act model for risk management.

Staff are kept up to date with the key corporate and health and safety risks for their areas through a range of media including posters, team meetings and briefings, enabling them to identify and report any new issues. The risk team work closely with Care Groups to improve the quality and maintenance of their risk registers.

All risks are assigned an owner as well as a manager when they are identified. Committees of the Board have oversight of a portfolio of risks relevant to them and receive regular reports for assurance. Where possible, risks are eliminated and where this is not possible, a selection of controls and actions are put in place to ensure that the likelihood or consequence of the risk being realised is lessened.

The use of a control calibration tool to ensure that all risks are graded appropriately and that the types and effectiveness of controls taken into account has had a positive impact in improving risk management and awareness. All risks are given a performance metric with measurable outcomes that show whether the controls are working.

The Board Assurance Framework document is refreshed annually at the beginning of each financial year and is reviewed at regular intervals. Its key elements include:

  • Board agreed organisational objectives and identification of the principal risks that may threaten the achievement of these objectives

  • Identifying the design of key controls intended to manage these principal risks

  • Setting out the arrangements for obtaining assurance on the effectiveness of key controls across all areas of principal risk

  • Identifying assurances and areas where there are gaps in controls and assurances

  • Putting in place plans to take corrective action where gaps have been identified in relation to principal risks

  • Maintaining dynamic risk management arrangements including a well founded risk register.

Based on my assessment of the Board Assurance Framework our three key priorities in its development will continue to be implemented in 2020-21 in order to enhance the internal control arrangements. The implementation of these objectives will further strengthen the Board’s visibility of the process of

monitoring risk mitigation plans associated with its significant risks and as highlighted on the BAF. These priorities are to:

  • Improve the organisations understanding of the process of risk management by demonstrating an improved quality of risk assessment, risk registers and control mechanisms

  • Improve the confidence of external stakeholders in our risk management process by enabling staff and managers to talk confidently about their risk profile by describing their risks and mitigations

  • Establish a clear appetite for risk that can be used at all levels by management as a decision making tool.

The Board will oversee the implementation of these priorities, whilst primarily taking assurance from the work of the Board Committees.

Review of the effectiveness of risk management and internal control

The Risk Management Framework is supported by the processes in place to identify, assess, treat and monitor risks that materialise in clinical and corporate areas of the Trust. The Trust has established processes for managing risks that impact on the quality and safety of information, staff and patients.

As part of my review I also place reliance on the Head of Internal Audit’s independent opinion of reasonable assurance, which substantiates this disclosure.

Head of Internal Audit Opinion (HoIA) on the Effectiveness of the System of Internal Control for the Year Ended 31 March 2020

The purpose of my annual HoIA Opinion is to contribute to the assurances available to the Accountable Officer and the Board, which underpin the Board’s own assessment of the effectiveness of the organisation’s system of internal control. This Opinion will in turn assist the Board in the completion of its Annual Governance Statement (AGS).

The Trust is forecasting, from the Finance report at the March 2020 Board, a £3m surplus, against a control total of break- even. Our opinion on the organisation’s system of internal control has taken this factor into account.

My opinion is set out as follows:

  1. Overall opinion;

  2. Basis for the opinion; and

  3. Commentary.

  1. My overall opinion is that Reasonable Assurance can be given that there is a generally sound system of internal control, designed to meet the organisation’s objectives, and that controls are generally being applied consistently. However, some weakness in the design and/or inconsistent application of controls, put the achievement of particular objectives at risk.

  2. The basis for forming my opinion is as follows:

    1. An assessment of the design and operation of the underpinning Assurance Framework and supporting processes; and

    2. An assessment of the range of individual opinions arising from risk-based audit assignments, contained within internal audit risk-based plans that have been reported throughout the year. This assessment has taken account of the relative materiality of these areas and management’s progress in respect of addressing control weaknesses.

Additional areas of work that may support the opinion will be determined locally but are not required for Department of Health purposes e.g. any reliance that is being placed upon Third Party Assurances.

The Care Quality Commission and the fundamental standards

The Trust is required to register with the Care Quality Commission (CQC) under section 10 of the Health and Social Care Act 2008 and is registered without conditions for its 17 registered locations.

The Trust is fully compliant with the registration requirements of the Care Quality Commission.

The Trust has systems and procedures in place to maintain ongoing compliance with the CQC fundamental standards (Health and Social Care Act 2008), for the purpose of monitoring and continually improving the quality of healthcare provided to its patients.

Following the well-led inspection at KMPT that was undertaken by the CQC during October and November 2018 whereby the trust maintained its overall ‘good’ rating, a quality improvement plan (QIP) was developed for those areas identified as requiring some improvement. The QIP started its implementation journey in April 2019, with quarterly target dates being set for the 7 must do’s and 31 should do’s. To date, progress has been made against all action points.

In 2019, KMPT did not receive any focussed inspections and maintained regular contact with the CQC via engagement meetings. In February 2020, KMPT received its provider information request from the CQC which then indicates that its second well-led inspection will take place within a 6 month timeframe.

The CQC Oversight Group is responsible for ensuring that Trust services meet the required fundamental standards. This is led by the Executive Director of Nursing and Quality. This group now meets on a bi-monthly basis and reports directly to the Quality Committee. This group supported the preparations and responses for the CQC well-led inspection which took place in 2018. As part of the preparations, deep dives will be used to scrutinise the quality of care provided across all care groups and various support tools will be available for staff to utilise such as a self- assessment tool for the CQC’s Key Lines of Enquiry (KLoE).

Data security

The Executive Director of Finance is the Senior Information Risk Owner (SIRO) of the organisation, providing information risk management expertise at Board level. The SIRO oversees the consistent implementation of the information risk assessment process by Information Asset Owners, as described in the relevant ICT policies and procedures. Additionally the SIRO acts as chair to the Trust-Wide Information Governance Group which is attended by clinical and corporate care groups and the Caldicott Guardian.

The Data Security and Protection Toolkit and Information Risk Register are key enablers to embedding good practice, as well as identifying and managing key information risks. As a result, the Information Governance Department have put into place a range of appropriate policies, procedures and management arrangements to provide a robust framework for Information Governance in accordance with the NHS Digital requirements.

2019-20 yearly overview

During the year 2019-20 there have been four Information Governance breaches which were reported to the Information Commissioner. These are detailed within the Data Security Breaches section below.

The Trust took part in a pilot audit with NHS Digital for the Data Security and Protection Toolkit which was undertaken by TIAA. This audit involved review of 65 out of the 100 mandatory evidence items over 20 assertions.

As a result of this audit the Trust were provided with “Reasonable Assurance” across all 20 assertions.

2020-21 plans

During the year 2019-20 an awareness drive for Information Governance was introduced across the organisation. This will continue into the year 2020-21 and includes the following tasks to increase awareness and further support the staff.

Information governance training

In addition to the current eLearning training available to all staff, there will be an introduction of face to face training sessions for those staff who would benefit more from a classroom based approach.

IG compliance lead

The organisation has introduced a compliance lead who is working with teams and undertaking site audits to help support the improvement of information processing.

Digital communications

A full review of all internal and external website pages will be reviewed and updated along with key messages being passed to staff through the use of technology.


The organisational assessment of the information governance arrangements of the Trust is informed by evidence to support the achievement of all mandatory fields on the 2019-20 Data Security and Protection toolkit, as well as the information governance assurance from the internal audit reviews, undertaken in the financial year, and lessons learnt from information security breaches. The Trust has successfully achieved full completion of the mandatory requirements of the Toolkit and has therefore been rated as “satisfactory”.

Significant issues

The Trust has identified the following as significant control issues for the 2019-20 period.

Data Security Breaches

During the 2019-20 period there were four information governance serious incidents regarding the loss or misappropriation of personal information. Lessons learned from the incidents have been incorporated into the risk management process.

Three incidents involved staff members inappropriately accessing the clinical record of a service user without appropriate legitimate business need. Each of these incidents were internally investigated

and appropriate action taken in line with human resources advice. As a result of these investigation learning has also been identified and the organisation are looking at new guidance and training documents. These matters were reported to the ICO.

The other incident related to a clinic letter containing sensitive patient information which was sent to the wrong location

in error. This matter was internally investigated and training needs identified.

The individual involved was advised of the error and offered additional support. The matter was reported to the ICO.

The Pension Scheme arrangements

As an employer with staff entitled to membership of the NHS Pension Scheme, or auto-enrol into an alternative qualifying scheme, control measures are in place to ensure all employer obligations contained

within the Scheme regulations are complied with. This includes ensuring that deductions from salary, employer’s contributions and payments into the Scheme are in accordance with the Scheme rules, and that member Pension Scheme records are accurately updated in accordance with the timescales detailed in the Regulations.

Register of interests

The trust has published an up-to-date register of interests for decision-making staff within the past twelve months, as required by the ‘Managing Conflicts of Interest in the NHS’ guidance.

Equality, diversity and human rights

Every member of KMPT should be respected and celebrated for the uniqueness they bring, and how this supports our approach to the people we look after. Ultimately translating into Brilliant Care Through Brilliant People.

Control measures are in place to ensure that the organisation is compliant with its obligations under equality, diversity and inclusion plus human rights legislation.

This includes provision of information to that meets the statutory publication duties and best practice on inclusion initiatives.

The Workforce and Organisational Development Committee have received bi-monthly updates through workforce reports. The Quality Committee will monitor service user/carer impacting equality and diversity issues. The operational Equality and Diversity Steering Group (EDSG) and staff networks feed into the KMPT strategy. I as Chief Executive now chair the Trust wide group. Plans are in place to meet the continuing gender reporting and new disability standards reporting requirements.

Staff Network forums are more established, supporting BAME, faith, disability and LGBTQ+ staff. Each has an Executive Director lead and report back through the EDSG.

Counter fraud and anti-bribery arrangements

KMPT has sound arrangements in place to ensure compliance with counter fraud and anti-bribery requirements, as set out in the Secretary of State directions. At an operational level, there are induction and refresher fraud & Bribery awareness sessions for staff.

The Integrated Audit and Risk Committee receives regular progress reports on the delivery of the Local Counter Fraud Service (LCFS) work plan and investigative reports where appropriate. In addition, the Committee reviews anti-fraud and bribery Trust policies and procedures.

The LCFS undertakes an annual review of fraud risk, feeding into a fraud risk assessment which drives the annual LCFS work plan. The Integrated Audit and Risk Committee takes assurance from this particular area of work, which ensures organisational objectives and investigative activities are appropriately investigated and concluded in a timely way to minimise potential future risks within the Trust’s systems of internal control.

In addition during 2019-20 the recruitment procedures in relation to staff procured through agencies were reviewed to ensure third party checks on individuals are in line with KMPT policy. Local procedures were reviewed with regard to single tender waivers and the use of corporate credit cards. Results were fed back to the Integrated Audit and Risk Committee who were able to benchmark local performance against other NHS providers.

During the year, a Single Tender Waiver (STW) was raised for the sum of £11,156 in respect of a piece of board development work. As part of its routine scrutiny of STWs, the Integrated Audit and Risk Committee (IARC) reviewed it and as a result, raised concerns. An independent investigation was initiated by the IARC and it was found that there was an undeclared interest between the person requesting the Trust procure this consultancy work and the company delivering it. Appropriate action was taken by the Trust and there is no ongoing relationship with the contractor.

Health and Safety

The Trust continues to be complaint with Health and Safety regulations with positive comment from the Health and Safety Executive (HSE) on our management of violence and aggression against staff and musculoskeletal management. Timeliness of reporting of RIDDOR incidents to HSE has been a continuing focus with some improvement on previous years and a slight reduction on overall numbers of incidents reported. Staffing changes caused some slippage on internal Health and Safety auditing during the year but this has now been resolved and the overall programme of audits recovered.


The Trust has undertaken risk assessments and Carbon Reduction Delivery Plans are in place in accordance with emergency preparedness and civil contingency requirements, as based on UKCIP 2009 weather projects, to ensure that this organisation’s obligations under the Climate Change Act and the Adaptation Reporting requirements are complied with.

The Trust has a Board-approved sustainable development management plan (SDMP) and continues to work towards reducing required energy consumption.

The Trust continues to work with partners across Kent and Medway in developing areas of best practice, environmental training, and seminars on new technologies in order to actively explore new initiatives in reducing the carbon footprint, and employs the lead officer on sustainability in the STP process.

Review of economy, efficiency and effectiveness of the use of resources

The Trust ensures economy, efficiency and effectiveness through a variety of means including:

  • A robust pay and non-pay budget control system

  • Financial and establishment controls

  • Effective tendering procedures

  • Continuous programme of quality and cost improvement.

The Board performs an integral role in maintaining the system of internal control, supported by the work of its committees, internal and external audit and its regulators.

Annual Quality Account

The directors are required under the Health Act 2009 and the National Health Service (Quality Accounts) Regulations 2010 (as amended) to prepare Quality Accounts for each financial year.

In preparing the Quality Accounts we have endeavoured to ensure that all information and data is accurate and provides a fair and balanced reflection of our performance this year. Our Board and Executive Management Team have sought to take all reasonable steps and exercise appropriate

due diligence to ensure the accuracy of the data reported. The Trust has reviewed all the data available to it on the quality of care in all of the NHS services it provides.

The quality governance framework and the data quality controls ensure the performance information reported in the Quality Account is reliable and accurate.

Assurance is provided by the robust internal controls over the collection and reporting of the measures of performance included in the Quality Account, and these controls are subject to audit and review to confirm that they are working effectively in practice.

The data underpinning the measures of performance reported in the Quality Account has been reviewed and tested to ensure it is robust and reliable, conforms to specified data quality standards and prescribed definitions. The Quality Account has been prepared in accordance with Department of Health guidance and has not been subject to external audit this year.

Review of effectiveness

As Accountable Officer, I hold responsibility for reviewing the effectiveness of the system of internal control. My review of the effectiveness of the system of internal control is informed by the work of the internal auditors, clinical audit and the executive managers and clinical leads within the KMPT who have responsibility for the development and maintenance of the internal control framework. I have drawn on the information provided in this annual report and other performance information available to me. My review is also informed by comments made by the external auditors in their management letter and other reports. I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the Board, the Integrated Audit and Risk Committee, Quality Committee, and a plan to address any weaknesses and ensure continuous improvement of the system is in place.

The Board has an established process in place to undertake a formal and rigorous annual evaluation of its own performance and that of its Committees.

There have been two changes to Board membership during the year. A new Chair took up post in July 2019 and a new Executive Medical Director joined the Trust in November 2019.

The Board had evaluated itself against the CQC Well Led framework and has used the results to develop its Board Development plan. The implementation will be monitored directly by the Board.

The Board carries out its roles and responsibilities with the aid of a structured and focussed annual cycle of business, which takes into account the setting of strategy and the monitoring of key risks, performance, governance and quality issues. Service user and carer engagement is embedded within the annual cycle of business and presentations are invited at each formal Board meeting.

The Trust has put in place arrangement to meet the Fit and Proper Person requirement which have been audited and the audit concluded that the Trust could take reasonable assurance from the arrangements in place. In addition to including Fit and Proper Person arrangements in recruitment procedure and in Annual Governance Declarations, a separate policy which increases the range of individuals covered has been approved by Board. All current Board members have confirmed they meet the requirements to serve on the Board of a healthcare organisation.

Board attendance for the 2019-20 period averaged a rate of 88 per cent. The Board met formally 9 times during the year.

Where appropriate, the Board have also held informal Board meetings and Board Seminars regularly throughout the year. In addition, a programme of externally facilitated Board Development and Strategy days are held throughout the year.

The committees of the Board are:

  • Integrated Audit and Risk Committee

  • Quality Committee

  • Finance and Performance Committee

  • Workforce and Organisational Development Committee

  • Remuneration and Terms of Service Committee

  • Mental Health Act Committee.

The Board Committee structure continues to be embedded within the Trust. This continues to be enhanced by Non- Executive Director Chairmanship and Board reporting arrangements. This arrangement has enabled the Board to focus on its core business. The Board Committees provide a formal report to the Board meeting after each of their meetings highlighting key issues and receive feedback from the Board, which is reported at the next meeting of that Board Committee. This ensures timely monitoring of areas of responsibility delegated by the Board to the Committees through receipt of Chairs’ assurance reports and minutes.

The Finance and Performance Committee (FPC) review monitor and scrutinise the Trust’s key performance indicators across both finance and performance. There is a cross membership between the Quality Committee and the Integrated Audit and Risk Committee (IARC) to ensure risks and assurance issues are clearly identified and followed through. There is also cross membership between FPC and IARC

There is an established mechanism to maximise the effectiveness of its Committees through comprehensive work plans as well as the alignment of the Board’s meetings and that of its Committees. This ensures timely monitoring of areas of responsibility delegated by the Board to the Committees through receipt of Chair assurance reports and minutes, with a clear escalation mechanism to the Board, where deemed appropriate.

The Integrated Audit and Risk Committee (IARC) supports the Board in reviewing the effectiveness of the system of internal control, through a structured annual work plan. The main role of the Committee is to seek assurance that the Trust’s governance and risk management systems are fit for purpose, adequately resourced and effectively deployed. To aid this assurance, the coverage of the Committee’s work plan incorporates the review of the organisation’s risk management processes, and associated risk registers, from service, directorate to corporate level. This includes an annual presentation from all Care Groups, Support Services and Corporate Directors on their risk management process.

IARC takes assurance from the Internal Audit function, by agreeing the risk based Internal Audit Plan and monitoring its delivery regularly, as well as overseeing the implementation of audit recommendations.

IARC annual self-assessment incorporated the views of the internal and external auditors, and the counter fraud function. The overall assessment results indicate that the Committee is discharging its terms of reference and meeting best practice guidelines, as set out in the NHS Audit Committee Handbook.

The Non-Executive members of the Integrated Audit and Risk Committee play a key role in governance by scrutinising the effectiveness of management actions in mitigating risks through regular reviews of the Trust’s risk register and Assurance Framework. In addition, the Committee’s role includes:

  • Monitoring of significant corporate and strategic risks on behalf of the Board, through a review of the corporate risk register at least 4 times a year

  • Scrutinising the effectiveness of the information risk management arrangements

  • Formally reviewing the system of internal control on a bi-annual basis, taking assurances from the Board Committees on the management of detailed risks.

TIAA carried out 16 assurance reviews, which were designed to ascertain the extent to which the internal controls in the system are adequate to ensure that activities and procedures are operating to achieve Trust’s objectives. For each assurance review an assessment of the combined effectiveness of the controls in mitigating the key control risks was provided. In addition, an advisory review was also undertaken.

Of these audits the three that have a limited assurance opinion relate to IT Facilities Review, Effective Use of ESR and Datix (Actions Module). The audit of IT Facilities has been reported to the Integrated Audit Committee and will receive follow up reviews by TIAA to ensure the key control issues which gave rise to the assessments have been addressed. The remaining two are at the draft report stage awaiting management responses.

Assurance is also taken from the external auditors who audit the Trust’s financial statements and review its Annual Governance Statement. They also ensure that there are proper arrangements in place for securing economy, efficiency and effectiveness in its use of resources.

Assurance assessments

Number of reviews

Previous year

Substantial assurance



Reasonable assurance



Limited assurance



No assurance



Arrangements are in place for the discharge of statutory functions to have been checked for any irregularities and to ensure that they are legally compliant.

The Committee receives and agrees the annual work plans for internal and external auditors.

The Quality Committee meets monthly focussing on quality compliance and risks to quality (including regular presentations from Care Group Directors on their risk registers) and receives reports from its sub-committees, Patient Safety, Patient Experience and Clinical Effectiveness.

This includes regular reporting on clinical audit, Never Events, SIs and complaints, with information about actions taken as a consequence. The Quality Committee oversees the production of the Trust’s Quality Account as part of its established annual schedule and monitors performance against current quality objectives through the year. The Quality Committee provides regular updates to the Board on progress against the Quality Account priorities, which are set each year with wide consultation and devised to be challenging.


I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the Trust Board which is supported by:

  • The Integrated Audit and Risk Committee which considers the annual plans and reports of External and Internal Audit

  • The Quality Committee which ensures that comprehensive and robust systems and processes are in place for clinical governance and quality within the Trust

  • The Executive Management Team which oversees the implementation of the strategic direction of the Trust

  • The 2019-20 Quality Account disclosure and associated internal assurances in place to validate its accuracy, which include data quality verification, and associated Board declaration

  • Board assurance that each director knows of no information which would be relevant to the auditors for the purposes of their audit report, and of which the auditors are not aware, and; have taken all the steps that he or she ought to have taken to make himself/ herself aware of any such information and to establish that the auditors are aware of it.

In addition, the Head of Internal Audit has a mechanism for identifying and recording in Internal Audit reports gaps in controls that need to be addressed.

Action plans have been agreed with senior managers and further details are recorded in the Internal Audit progress reports presented to the Integrated Audit and Risk Committee at each meeting.

The Trust is reliant upon information system controls operated by third parties under contracts negotiated by the Department of Health and under which the Trust has no contractual or other influence over the managed service providers. For the ESR Payroll and HR system, the Department of Health has put in place arrangements under which the Trust received formal assurances about the effectiveness of internal controls.

The trust has identified significant control issues for the 2019-20 period relating to potential financial system and controls weaknesses and four data security breaches, which have been identified

in the body of the Annual Governance Statement above.

My review confirms that Kent and Medway NHS and Social Care Partnership Trust has a generally sound system

of internal control that supports the achievement of its policies, aims and objectives.

On behalf of the Trust Board Helen Greatorex

Chief Executive Date: 24 June 2020