Guidance

Quick Guide Central 바카라 사이트바카라 사이트檚 Assurance Directory

Updated 3 June 2025

Introduction

Welcome to the Central 바카라 사이트바카라 사이트檚 Assurance Directory (CGAD) guide. This quick guide supports the CGAD as found on 바카라 사이트 , and Part II of the Orange Book: Management of Principles and Concepts - the Risk Control Framework. It provides information on the contents of the CGAD, how to navigate each part and offers practical tips for its effective use.

The CGAD is your go to, 바카라 사이트榦ne-stop바카라 사이트�, excel spreadsheet intended to cover all the standards, codes and guidance documents currently issued by the centre of government. First launched, as the 바카라 사이트楻CF 바카라 사이트� Bank of Questions바카라 사이트� in April 23, it references, on a 바카라 사이트渂est endeavours바카라 사이트� basis, the most up to date versions of those documents or provides links to the latest web-browser HTML version.

Like the Orange Book, 바카라 사이트渙ne size does not fit all바카라 사이트� when undertaking risk and assurance activities and the question sets contained within the CGAD are not meant to be exhaustive. Instead, each organisation should adopt the assurance approach that best suits its own circumstances and environment, as determined by the Ministers, Permanent Secretaries, Accounting Officers (AOs) and Boards who direct, manage, and control their organisations.聽聽

Use the CGAD as a 바카라 사이트榞uiding hand바카라 사이트� to help navigate those numerous standards, codes and guidance documents issued by the centre. Remember, the CGAD does not introduce new requirements; it simply facilitates the navigation of existing ones.聽

For queries on the directory, its composition, or background to the RCF, please contact the Risk Centre of Excellence (RCoE), RiskCoe@hmtreasury.gov.uk, who own the CGAD. For queries related to the documents themselves, such as the functional standards, or other guidance documents within the CGAD, please contact the respective document owner. Contact details are provided within the directory.

Risk Centre of Excellence, 바카라 사이트 Risk Profession

1. 바카라 사이트楢t a Glance Guide바카라 사이트� to the Central 바카라 사이트바카라 사이트檚 Assurance Directory

• The Central 바카라 사이트바카라 사이트檚 Assurance Directory (CGAD) is structured in 6 parts covering the Orange Book, the supplementary suite of risk management guidance, the Risk Control Framework, Functional Standards, other codes of conduct, standards and guidance, and Spotlight items.

• The process below provides an 바카라 사이트榓t-a-glance바카라 사이트� representation of the CGAD. Follow the sequence of blocks to help understand the relationship between the different parts. More details on using the directory, how to navigate the excel spreadsheet and the directory contents are provided on the following pages.

1.1 Central 바카라 사이트바카라 사이트檚 Assurance Dore

Download the CGAD from Orange Book on 바카라 사이트. The spreadsheet contains the names of (and links to) assurance documents and relevant high-level assurance questions.

Part 1 Orange Book Principles

Use to structure your OB assurance and comply/ explain statements. Contains 75 questions.聽 These are the recommended minimum questions to ask.

Parts 2 to 6 Granular Questions

Use these to produce more granular evidence which may assist in answering the questions in Part 1 with greater confidence.

Part 2 Orange Book Guidance Documents

Questions relating to the OB guidance suite on 바카라 사이트.聽Greater granularity on Risk Appetite, Risk Reporting, Risk Management Skills & Capability, and Portfolio Risk Mgt.

Part 3 RCF Specific

More granular (but still high level) questions for each component - pillar and block - of the RCF.

Part 4 Functional Standards

Questions relating to the Functional Standards More detailed assurance questions might also be provided by the Function/ Profession leads (where known, hyperlinks are provided).

Part 5 Other Codes & Guidance

Questions covering aspects of 40+ other codes, standards and guidance issued by the centre of government.

Part 6 Spotlight Items

These might otherwise appear in Part 4 & 5 but are currently given more profile as 바카라 사이트榮potlight items바카라 사이트�.

Having decided what questions you want to ask, start gathering relevant evidence as part of the next phase of work.

2. Using The Directory:聽 Central 바카라 사이트바카라 사이트檚 Assurance Directory (CGAD)

Why is the CGAD helpful for the Risk Control Framework (RCF)?

To help organisations have an effective and efficient approach to risk control, the Risk Control Framework (RCF) sets out a structure to make it easier for accounting officers (AOs) to navigate the many government control requirements they are currently expected to adhere to - see Para 9 and Annex A for more information on the RCF. The CGAD has been created to help clarify this landscape. Capturing the centrally issued standards, codes and guidance into one directory should create efficiency through a more precise view of what controls are needed to suit risk appetite and tolerance.

Benefits of the CGAD include: * it provides a systematic approach to aid assurance mapping. * it streamlines compliance-related activities, making it easier to access policy documents. * it strengthens current assurance practices by using a common language, leading to greater consistency. * it increases efficiency by consolidating information in one place, avoiding duplication of effort. * it is adaptable to meet future compliance requirements including the potential for rationalisation/consolidation of existing documents.

Who might use the CGAD?

The CGAD is designed to assist anyone involved in assurance activities:

1. Accounting Officers

• assess the effectiveness of their risk management frameworks in achieving organisational objectives.
• navigate and ensure organisational compliance with control requirements, relevant for the Annual Governance Statement 바카라 사이트榗omply or explain바카라 사이트� disclosure requirements within Annual Accounts and Reports.

2. Senior Management /Heads of Functions

• provide oversight of risk and assurance activities within their organisation and assist AOs in meeting their obligations.

3. First Line² roles who own and manage risk - operational

• to understand their operational requirements as owners of risk, responsible and accountable for their management including providing appropriate assurance on the control measures in place.

4. Second Line² roles 바카라 사이트� functions that oversee or specialise in risk management

• monitor and facilitate the implementation of effective risk management/ assurance practices to AOs, Senior Management, Boards, Audit and Risk Assurance Committees and Auditors (internal/external).
• Provide assistance and support to risk owners in managing risks effectively.

5. Third Line Functions ²

• in providing a structure for internal/external auditors audits and reviews.

6. ARACs³

• to oversee and monitor compliance with governance, risk and assurance activities.

7. Other stakeholders

• gain a view of risk, control, and assurance activities across government.

²Orange Book Annex 2: The Three Lines Model Pg 46

³Orange Book: Audit and Risk Assurance Committee Pg 45

3. Getting Started 바카라 사이트� How to Navigate the Directory

To access the CGAD 바카라 사이트� excel spreadsheet, visit the 바카라 사이트 website. Use the search function to locate the CGAD or use the link here to reach The Orange Book webpage. The CGAD is updated bi-annually: Spring and Autumn. Enable the edit function to modify the content once downloaded.

The High-Level Assurance Question Sets

The CGAD is divided into 6 바카라 사이트榩arts바카라 사이트� containing high-level questions designed to help assess the quality and effectiveness of risk and assurance activities. The questions are intended to be detailed enough to be useful but sufficiently high level to be pragmatic in approach allowing for flexibility and adaptability. While they aim to provide coverage, they are not exhaustive and may not be applicable in all circumstances or situations. The question sets should help to:

• evaluate an organisations adherence and compliance to the many central government documents.
• provide early warning signs on any emerging risks, control failures/areas that should be monitored.
• identify areas for improvement for example if there are gaps in responses to the questions or answers to the questions raise concerns, further assurance evidence may be needed.

4. Contents of the Directory

Part 1: Orange Book Principles

Part 1 of the CGAD contains the recommended 75 minimum high-level questions covering the Orange Book: Management of Risk Principles & Concepts. They are designed to support AOs and organisations in meeting their 바카라 사이트榗omply or explain바카라 사이트� disclosure requirements. The question set covers the 5 Orange Book principles and at least one specific question for each component of the Risk Control Framework. They serve as a foundation for the 바카라 사이트榗omply or explain바카라 사이트� disclosure requirement, as they help provide more granularity in support of those disclosure statements.

Use this question set to:

• help complete the 바카라 사이트榗omply or explain바카라 사이트� disclosure requirement as part of Accounting Officer responsibilities within annual governance statements.
• ensure the organisational risk management framework is being adhered to both from a 1st and 2nd line perspective.
• assist the organisation바카라 사이트檚 attestations on risk and risk management.
• help assess and evaluate the effectiveness of the Risk Function.

Part 2: Other Published Orange Book Guidance

Part 2 contains questions relating to the supplementary Orange Book guidance which can be found on 바카라 사이트 . They can be used in conjunction with Part 1 to provide further granularity for example on:

• Risk Appetite 바카라 사이트� how is it set, understood, and informing decision-making.
• Good Practice Guide: Risk Reporting 바카라 사이트� how risk reporting is supporting decision making.
• Risk Management Skills & Capabilities Framework 바카라 사이트� how the Risk Function and risk management frameworks are operating.
• Portfolio Risk Management Guidance - how are project and programmes risks managed within portfolios.

Use this question set to:

• provide further detailed and more granular evidence on the specific risk management related topics.
• help gather insights into their effectiveness and application.
• to support responses to Part 1 particularly with the 바카라 사이트榗omply or explain바카라 사이트� disclosure requirement.
• help assess and evaluate the effectiveness of the Risk Function.

Part 3: Risk Control Framework

Part 3 contains high-level questions from the Cabinet Office and the 바카라 사이트 Internal Audit Agency - Key lines of Enquiry v.July 2022. The questions are linked to each 바카라 사이트榩illar and block바카라 사이트� of the RCF. Use these questions to help support responses in Part 1. They help ensure that consideration is given to each aspect of the RCF. They also provide an insight into the types of questions internal auditors may use in evaluating the effectiveness, efficient and compliance of the different assurance activities.

For more background information on the RCF and the 바카라 사이트榩illars바카라 사이트� and 바카라 사이트榖locks바카라 사이트� of the framework see Annexes A & B. The RCF acts as a structure through which organisational risks, how they are being managed, where and by whom, can be understood and assured as a cohesive whole.

Use this question set to:

• help assess, improve, and assure compliance with individual pillars and block components of the RCF.
• ensure compliance with public sector legal and regulatory requirements.
• ensure compliance with local organisation controls and regulatory requirements.
• help assess and evaluate Risk Functions/Other functions.

Part 4: Functional Standards

Part 4 contains high-level questions covering the suite of 바카라 사이트 Functional Standards. These standards are mandated for use across central government (departments and their arm바카라 사이트檚 length bodies) through Managing Public Money and promote consistent and coherent ways of working across government . Each functional standard includes a number of principles (section 2 of each standard); the questions contained within Part 4 are based on the principles.

Use this question set to:

• determine which functional standard should be evaluated and reviewed ranging from FS002 to FS015 (there is no FS012)
• determine whether more evidence is needed particularly on mandatory (shalls) and what is strongly advisory (shoulds).

Part 5: Other Standards, Codes & Guidance

Part 5 contains high-level questions to cover the many other central standards, codes and guidance documents in government. The main landing page contains information on each document, a brief description of its purpose plus links to the latest versions. Also make use of the Matrix tab, which shows how these documents link to the components of the RCF.

Use this question set to: * ensure all 바카라 사이트榦ther codes, guidance and standards are considered as part of the RCF block and pillar. * provide more granular evidence. * evaluate the organisations adherence to the codes, * help identify areas of concern/improvement.

Part 6: Spotlight Items

Part 6 highlights 바카라 사이트榮potlight바카라 사이트� items that might otherwise be included in Parts 4 or 5. These items are given greater prominence as specific areas of risk or emerging risk that may require more focused attention. This section will adapt over time to reflect changing requirements.

Use this question set to:

• focus on specific and topical subject areas.
• increase awareness, draw attention to these specific areas.
• help encourage engagement, stay-up to date with key topics.
• drive improvements in these areas.

Annexes - Background Information

Annex A: Part 2 Orange Book

The new Part II of the Orange Book was created in April 2023 as part of the Golden Thread project led by Sir Nigel Boardman, the Risk Centre of Excellence, Treasury Officer of Accounts and the 바카라 사이트 Internal Audit Agency to help AOs gain greater confidence and a better understanding of the responsibilities they face in relation to control and assurance activities, and adherence to the many existing standards, codes and guidance across government.

Part II outlines the RCF, based on a 바카라 사이트榟ouse바카라 사이트� structure - four 바카라 사이트榩illars바카라 사이트� containing four sub-components 바카라 사이트榖locks바카라 사이트� - which aims to make it easier for AOs to聽navigate all those standards, codes and standards. Part II also contains guidance on assurance and assurance mapping. 聽It does not mandate one particular approach. It acknowledges that there is 바카라 사이트榥o one-size-that-fits-all바카라 사이트� instead it sets out different methods which allow for departmental flexibility and judgement in the design, implementation and operation of assurance activities with the overall aim of providing a consolidated view of the risk and assurance landscape.

Background on the 바카라 사이트楥omply or Explain바카라 사이트� Disclosure Requirement

The Orange Book 바카라 사이트榗omply or explain바카라 사이트� disclosure requirement forms part of the Accounting Officer Annual Governance Statement. 聽Its requirement has been in the Orange Book and FReM since 2020. As set out in , each public sector organisation should have systems for managing risk suited to business, circumstances and risk appetite.聽聽 The ) lays out the principles for managing risk (including taking good risks) that departments are expected to comply with or explain reasons for non-compliance.

One of the commitments made to the Public Accounts Committee in January 2022 was that the RCoE would start to review, audit, and enforce the requirement to make a disclosure on compliance with the Orange Book바카라 사이트檚 five main principles, including a clear and careful explanation of any areas of non-compliance. 聽The RCF can help support your organisations with that 바카라 사이트榗omply or explain바카라 사이트� requirement as it provides a structure to support the disclosure (including the evidence needed in support of those statements). It can help to identify gaps and areas of control that may need further assurance, and/or further improvement.

Annex B 바카라 사이트� More information on the RCF Pillars and Blocks

Pillar: Governance and Management Framework: Each organisation shall have a governance framework which complies with government and departmental policies and directives (as applicable) and the functional standards.

Propriety & Ethics	The Seven Principles of Public Life apply to anyone who works as a public office-holder. The Ministerial Code and Civil Service Code sets out the standards of conduct expected of ministers and how they discharge their duties respectively.
Governance Statement & AO System Statement	The governance statement manifests how the accounting officer바카라 사이트檚 duties have been carried out in the course of the year. In addition, each central government department is required to have an accounting officer system statement (AOSS) which provides a single statement setting out all of the accountability relationships and processes within a department group.
Boards	The accounting officer in each central government organisation should be supported by a board structured in line with the Corporate Governance Code.
Arm바카라 사이트檚 Length Bodies & Joint Ventures	The principal accounting officer of a department needs to be confident that its arm바카라 사이트檚 length bodies are in turn maintaining appropriate internal controls that support the achievement of their objectives and obligations.

Pillar: Roles & Accountabilities: Roles and accountabilities shall be defined in the relevant governance and management framework and assigned to people with appropriate seniority, skills and experience.

AOs	The AO is directly and personally accountable to Parliament for stewardship of their organisation바카라 사이트檚 resources.
All staff	Individual staff members have a responsibility to perform their roles in accordance with the Civil Service Code.
Functional Roles	Each function has a Head, accountable for managing the function across government.
SROs for Major Projects	The Senior Responsible Owner (SRO) of a project or programme within the government major projects portfolio (GMPP), is accountable to their own organisation바카라 사이트檚 management, also to Parliament.

Pillar: Strategy, Planning & Reporting: Public sector organisations take both medium-term and shorter-term approaches to planning, while the reporting process should be designed and operated to enable performance monitoring.

Medium-term Planning	Each department is required to develop, have approved and maintain a strategic plan, setting out its objectives for the duration of Parliament.
Annual Planning	The strategic plan provides the starting point for each annual plan. The purpose of annual planning is to determine and set out publicly a department바카라 사이트檚 funding and how it allocates its budgets.
Processes	The senior officer responsible for finance should maintain policies and processes to control and manage use of resources in the organisation바카라 사이트檚 activities. Similar expectations and management should be in place for processes for other functional, delivery or project areas.
Reporting	The AO should be satisfied, and shall sign, that the accounts, annual report and governance statement have been properly prepared. Within the organisation, the reporting process should be designed and operated to enable performance monitoring.

Extract 바카라 사이트� The Golden Thread Project 바카라 사이트� Steering Group Update, November 2022

Annex C: References

Useful links, Publications and Websites

Accounting Officer바카라 사이트檚 Guide
Central 바카라 사이트바카라 사이트檚 Assurance Directory
Central 바카라 사이트바카라 사이트檚 Assurance Directory Video 바카라 사이트� Risk Centre of Excellence Toolbox
바카라 사이트 Financial Reporting Manual (FReM)
바카라 사이트 Functional Standards
IIA Three Lines Model
Managing Public Money
The Orange Book Suite	)
Portfolio Risk Management Guidance
Risk Centre of Excellence
Risk Improvement Finder
Risk Appetite Guidance Note
Risk Reporting 바카라 사이트� Good Practice Guide
Risk Management: Skills & Capability Framework