Governance statement

As Accountable Officer, I have responsibility for maintaining a sound system of governance and internal control that supports the Ethical Standards Commissioner (ESC) to successfully achieve its objectives, policies and aims. I am also responsible for safeguarding the public funds and assets assigned to the organisation, in accordance with the responsibilities set out in the Memorandum to Accountable Officers for Other Public Bodies.

System of governance and internal control

A system of governance and internal control should both ensure and demonstrate that an organisation is operating effectively, efficiently and economically. The ESC’s system of governance consists of a number of elements.

It is my responsibility to ensure that the functions of the office are fulfilled.

I am supported by the Senior Management Team (SMT), which comprises the Public Appointments Manager, the Head of Corporate Services, the Senior Investigating Officer and the Hearings & Investigations Officer. During the year, the SMT met on 10 occasions to discuss operational and strategic matters. Its actions and decisions are recorded in minutes published on our website.

A Scheme of Delegation relating to the running of the office is in operation. Under the scheme, members of the SMT and individual staff members have delegated authority to make decisions on my behalf. It is available to all staff members and is published on our website.

During the year, the office has been working to our Strategic Plan for the period 2024-2028 launched on 1 April 2024. This plan set out our purpose and strategic objectives as well as the values the ESC will work to.

We operate a biennial business plan. This sets out the actions we will take to achieve the organisation’s strategic objectives. Biennial business plans and associated progress updates are available on our website.

Each function prepares action plans to support the biennial business plan. These outline the specific steps required to complete each action, capture key operational requirements and address recommendations arising from external and internal audit and risk assessment.

The ESC operates a set of standing orders. These describe the organisation’s key operating requirements.

Managing finances

The ESC is funded through the Scottish Parliamentary Corporate Body (SPCB) and, each year, submits an evidence-based budget bid for scrutiny and approval. The budget is based on the requirements of strategic and biennial business plans as well as projections of anticipated activity and prior year performance. The budget bid is scrutinised and approved by the SMT.

Performance against budget is analysed and reviewed on a monthly basis. Key issues are raised with the Head of Corporate Services and myself, as they occur and at SMT meetings. This allows any financial concerns to be promptly identified and resolved.

The Scheme of Delegation provides clear guidelines for the ESC’s financial management and is supported by a set of financial instructions.

Managing staff

A performance management system fully underpinned by the Strategic Plan, biennial business plans and annual action plans is in operation. Staff members agree a series of specific objectives directly related to and designed to achieve the organisation-wide objectives outlined in these plans. As a result, staff objectives are aligned to business plans.

As well as the performance management system, the ESC maintains a number of staff policy documents. These reflect both statutory duties to staff, as well as terms and conditions and HR-related procedures. A full suite of updated HR policies, fully reflecting ESC’s values, are regularly reviewed. Staff members are consulted on and informed about any revisions and also trained on their responsibilities. This ensures that staff members are fully aware of the rights and responsibilities they have.

The ESC maintains a register of interests. The Commissioner, all staff members, members of the Advisory Audit Board and key contractors must complete a declaration of interests form. No significant company directorships or other interests were held which may have conflicted with their responsibilities.

The ESC operates a whistle-blowing policy. The Commissioner recognises that the underlying structure of the organisation, with power concentrated in a single individual, may make it difficult for staff to report concerns. The policy requires staff to first report internally but with the additional option of reporting issues directly to the Chair of the Advisory Audit Board (AAB).

The Commissioner has developed and published a set of core organisational values. These are incorporated into strategic and business plans and into all policy development. Staff members are actively encouraged to consider and work to them when interacting with colleagues and stakeholders. Staff members are encouraged both formally through the performance management system and informally to build strong internal and external networks. The whole team meets on a regular basis, both online and in person, where organisational decisions, challenges and successes are shared. Organisational information and plans are widely shared and staff are encouraged to contribute to them.

Managing risk

We operate a full risk management system. The Risk Management Policy is available on our website. Its key principles are:

ESC will foster a culture that embeds risk management into all aspects of its business.
Risk management should be a key feature of corporate decision-making processes to ensure that the impact of policy decisions on risk is considered each time a strategic decision is taken or a policy is approved.
Risk management should be embedded in strategic, financial and business planning.
Risk management policies will be clearly communicated to all staff.
All processes and procedures should be designed to take account of, manage, treat or tolerate risk and the impact of risk, in a manner that is proportionate and affordable.
ESC will maintain, review and update the risk register regularly.
ESC’s risk management policy and procedures will operate without prejudice to the statutory functions of the Commissioner.

All staff members are encouraged to identify risks on an ongoing basis and at key points in the business cycle. These are documented in our risk register along with any mitigating actions. The risk register is reviewed on a quarterly basis by the SMT, at each AAB meeting and by internal audit.

The key risks to the organisation are detailed in the Key Issues and Risks section of this report.

External scrutiny

Our AAB provides advice on governance and financial issues. Members of the AAB are drawn from the independent members of the SPCB’s Advisory Audit Board. The AAB met formally on three occasions during 2024/25 and otherwise provided advice and support.

The ESC contracts for the services of an internal auditor. Work undertaken during the year comprised a review of our financial controls, recording and use of precedents in the public appointments process and business continuity arrangements. The systems of control in respect of the first two was considered strong and in respect of the last it was given a rating of substantial.

External oversight of our work is provided by the Auditor General for Scotland, the Standards Commission for Scotland (SCS), the SPCB and two standing Committees of the Scottish Parliament. Additionally, during this year, the ESC was subject to the scrutiny of the SPCB supported bodies landscape review committee. Extensive work has been undertaken to build relationships with these bodies and a range of other stakeholders.

We actively seek further external oversight of our working arrangements, including from equivalent regulators operating within the other administrations in the UK.

Fraud, bribery and corruption

The ESC requires all staff at all times to act honestly and with integrity and to safeguard the public resources for which they are responsible. I will not accept any level of fraud, bribery or corruption; consequently, any case alleging such conduct will be thoroughly investigated and dealt with appropriately. The ESC is committed to ensuring that opportunities for fraud, bribery and corruption are reduced to the lowest possible level of risk.

The ESC’s policies and procedures on fraud, corruption and bribery include the anti-fraud policy, code of conduct (which applies also to the Commissioner), terms and conditions for the supply of goods and services and broader financial governance arrangements.

The ESC’s standard procedure is to declare any fraud, whistleblowing or control failure incidents to the AAB and this forms part of the annual assurance process.

In 2024/25 and 2023/24 there were no instances of fraud or bribery identified or detected.

Information security

Sound management of the information we hold is essential to our business.

The ESC operates a programme to maintain its Cyber Essentials Plus accreditation ensuring that cyber security arrangements are assessed externally. The ESC also subscribes to the National Cyber Security Centre’s early warning system which flags security gaps and potential threats.

During the year the ESC reported no data breach incidents to the Information Commissioner (2023/24: One; no further action).

Effectiveness of governance arrangements

The system of internal control is designed to manage rather than eliminate the risk of failure to implement policies and achieve aims, and objectives; therefore, it can only provide reasonable and not absolute assurance of effectiveness.

I am satisfied that an effective system of internal control for ensuring that finances are managed appropriately was in place during 2024/25. I am satisfied that overall an effective system for ensuring appropriate governance of the organisation was in place during the year.

Authorisation

Ian Bruce Signature
Ian Bruce
Accountable Officer
Date: 03 October 2025