Source · Select Committees · Public Accounts Committee
Recommendation 4
4
Accepted
Agree a shared risk culture and appetite for student funding across DfE, OfS and SLC.
Conclusion
DfE, OfS and SLC recognise they have a shared responsibility to tackle fraud and abuse of student funding although this is not yet fully embedded in their ways of working. In our July 2023report on tackling fraud and corruption across government, we concluded that tackling fraud cannot be left to counter-fraud technical experts. Senior officials across government must demonstrate leadership, set the tone, and build in preventative approaches. DfE, OfS and SLC acknowledge that they missed an opportunity to intervene early for one of the case studies cited in the C&AG’s report. With better information sharing and awareness of the risks, DfE might have acted differently. DfE, OfS and SLC now meet regularly in a newly created group to share intelligence and consider risk. Recommendation 4: DfE, OfS and SLC should agree a shared risk culture and risk appetite, supported by a formal reporting framework (including targets for fraud prevention and reduction), and write this into each organisation’s risk register.
Government Response Summary
The government states that a data sharing protocol and a joint incident response plan are now in place between DfE, OfS, and SLC, detailing existing collaboration on risk management and reporting, and confirming OfS has a strategic risk on its register related to data controls.
Government Response
Accepted
HM Government
Accepted
The government agrees with the Committee’s recommendation. Recommendation implemented The department, the Student Loans Company (SLC) and the OfS all share a low-risk appetite with respect to protecting student funding from fraud and misuse. The OfS is an independent body and must set its own risk appetite, in line with its requirements to act proportionately, but, like all public bodies, has a low-risk appetite for fraud and misuse of public money. All three organisations are committed to agreeing protocols for identifying and mitigating risk in the Higher Education (HE) system, working together but each playing their individual role in addressing providers of concern. A data sharing protocol among DfE, OfS and SLC, and a joint incident response plan, are now in place. The department and SLC already collaborate on setting risk appetite and on risk management arrangements. DfE attend SLC Audit & Risk Committee (ARC) and Board. SLC provides reports on fraud prevention and reduction to ARC and works with the DfE to consolidate quarterly fraud reports to the Cabinet Office, the Public Sector Fraud Authority (PFSA) and DfE ARC. Additionally, SLC agrees its fraud savings target annually with the DfE / PFSA. The OfS has a strategic risk on its risk register, relating to potential concerns that providers do not have adequate internal controls over the data they supply to the SLC and the OfS, leading to risks to public funding and compliance with OfS’ conditions of registration. Through its own fraud risk arrangements, the OfS has identified and manages risks relating to fraud for the grant funding for which the OfS itself is responsible. The OfS will continue to undertake regulatory work in relation to registered providers, focusing on quality and management and governance; and will do so on the basis of the risk appetite set by the OfS board. The department is considering the need for further improvements, including legislative changes to roles and responsibilities, if required.