Skip to main content

Accountability, governance and decision-making

Find out about how we have identified ways of improving our internal governance structures, policies, processes, tools and systems, along with the assurance requirements of the external bodies that receive assurance from us.

Download the full Fit for 2020 - Report from the NHS Digital Capability Review

We must have transparent and robust arrangements for governance and assurance for the new developments we need to introduce to our delivery model, and for all our functions and activities - IT and data services, information security and information governance functions, and new and existing programmes/services. We have identified ways of improving:

  • our internal governance structures, policies, processes, tools and systems, and the capability and capacity to provide the required level of control and assurance for our executive teams and the NHS Digital Board
  • the assurance requirements of the external bodies that receive assurance from NHS Digital, particularly the Digital Delivery Board, the Department of Health and Her Majesty's Treasury

Internal assurance

Our expanded delivery responsibilities mean that our existing assurance policy is no longer adequate to instil confidence in our internal assurance processes. Equally, our staff voice concerns about overly bureaucratic and overlapping assurance processes.

We will adopt a set of corporate delivery assurance principles and integrated assurance and approvals plans for all new programmes and activities. This will be based on the recommendations of the external advisors and is intended to:

  • ensure alignment of decision-making and prioritisation with strategic objectives
  • support transparent decision-making and prioritisation criteria
  • give consistent and rigorous reporting and visibility of critical information about progress and delivery
  • foster the use of consistent standards controls, delivery assurance, risk management and compliance

We will continue to use the 'three lines of defence' assurance model, as that is a tried and tested framework widely used across the public and private sector. We will define the scope of the three lines of defence as they apply to NHS Digital, and apply this more consistent approach to assurance processes across our organisation, including removing any overlap of responsibility that currently exists across NHS Digital's board sub committees.

Our risk appetite and management processes will also need to be amended in the light of this work. We will do this at portfolio and domain level, as well as strategically for the organisation.

The Digital Delivery Board (DDB) is responsible for the prioritisation and investment approval for all Personalised Health and Care 2020 programmes. When investment decisions are made by the DDB, we believe NHS Digital has a complimentary responsibility to assure the DDB and the system that it can deliver the programmes being approved in a way that meets their requirements and timescales and delivers value for money. To that end, we intend to establish an Investment Approval sub-committee of the NHS Digital Board to discharge this responsibility.

System-level governance

Much has been done across the Department of Health, NHS England and NHS Digital to review the system-level delivery assurance arrangements, with the establishment of a new Digital Delivery Board, chaired by the health and care system Chief Clinical Information Officer.

The roles of the sub-boards of the DDB and Domain Boards for Personalised Health and Care 2020 are still evolving. It is vital that these boards do not overlap in their remits, that Domain Boards become more consistent in their operation and that NHS Digital internal assurance processes are complimentary and not contradictory.

Equally, it is important that NHS Digital's internal assurance processes are tailored to meet the needs of other government departments, such as HM Treasury and the Government Digital Services, so that duplication is avoided and these departments recognise their legitimacy and validity.

There is also general recognition across Government that our collective assurance processes do not support agile and iterative delivery methods. We must also incorporate the implications for assurance and risk management arising from the different contracting and sourcing models that we are starting to introduce.

The changes we are proposing to introduce are intended to ensure that there is a clear understanding of the corporate governance role of NHS Digital complementing that of the Digital Delivery Board in the governance and assurance landscape.

Strengthening our Portfolio Management Office

All of this requires a much clearer and stronger role for our Corporate Portfolio Management Office to satisfy the programme and domain reporting requirements to the Digital Delivery Board and Domain Boards and to ensure an organisation-wide, consistent focus on the importance of successful delivery and assurance.

A more proactive approach to managing the Personalised Health and Care 2020 portfolio will mean we achieve a 'no surprises' culture with our partners.

What we will do

We will:

  • introduce and embed an integrated assurance process across all NHS Digital programme work, based on the 'three lines of defence' model

  • implement a new Investment sub-committee of the NHS Digital Board and remove any duplication of responsibility across all NHS Digital Board sub-committees

  • work with the Department of Health and NHS England to improve the alignment of assurance and risk controls across the new governance structures, based on the 'assure once, satisfy all' principle

  • lead the health and care system to design new forms of assurance that will be needed for new health digital services

  • use our statutory role and functions to champion compliance of nationally-agreed standards

  • strengthen our Portfolio Office to support internal and system assurance requirements and provide the appropriate and timely information on the implementation progress of Personalised Health and Care 2020.

Last edited: 13 September 2019 10:18 am