Governance Statement

Scope of responsibility

As Accountable Officer, I have responsibility for maintaining a sound system of internal control that supports the achievement of the NHS Trust’s policies, aims and objectives, whilst safeguarding the public funds and departmental assets for which I am personally responsible, in accordance with the responsibilities assigned to me. I am also responsible for ensuring that the NHS Trust is administered prudently and economically and that resources are applied efficiently and effectively. I also acknowledge my responsibilities as set out in the NHS Trust Accountable Officer Memorandum.

The purpose of the system of internal control

The system of internal control is designed to manage risk to a reasonable level rather than to eliminate all risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify and prioritise the risks to the achievement of the policies, aims and objectives of the East of England Ambulance Service NHS Trust, to evaluate the likelihood of those risks being realised and the impact should they be realised, and to manage them efficiently, effectively and economically. The system of internal control has been in place in the East of England Ambulance Service NHS Trust for the year ended 31 March 2022 and up to the date of approval of the annual report and accounts.

Capacity to handle risk

The Trust has a well embedded risk management process designed to allow the organisation to handle risk effectively. Risk leadership and training are key components.

Risk Leadership 

The Board of Directors has overall responsibility for the management of risk within the Trust.  The Chief Executive Officer retains overall executive responsibility for risk management, with the Director of Corporate Affairs and Performance as the responsible director. Risk management is a core component of the job descriptions, roles, and responsibility of all senior managers. The Trust has an approved Risk Appetite, Strategy and Procedure to facilitate risk management throughout the organisation.

Risk Management Training

Staff are trained or equipped to manage risk in a way appropriate to their authority and duties, in line with the Trust’s Risk Management Strategy and Procedure. The Trust has in place a risk management training approach to ensure that staff are suitably equipped to manage risk in a way that is appropriate to their authority and duties.

Training staff is embedded within the Corporate Induction, as well as annual refresher via e-learning mandatory training requirements. Quarterly training and support are given to management teams, to standardise the approach to risk management and manage risks.

The risk and control framework

Risk Management Strategy and Risk Appetite

This describes the processes to identify, assess, and manage potential risks. It outlines the principles applied to all Trust activities to ensure risks identified are evaluated and treated, mitigating any risks that could prevent strategic objective achievement. 

The Board has in place a risk appetite statement, which has been reviewed by the Board Sub-Committees to ensure it remains relevant within the current context. 

The compliance and risk group oversees the day-to-day management of risk and has a risk management and internal control focussed remit, to ensure monitoring against key risks and objectives occurs, as well as utilising a risk-based approach to business and decision-making.

Once a risk is identified, assessment is undertaken, focusing upon causes and effects, and assessing the risk against impact and likelihood. Controls are then implemented, and mitigating actions established, in line with the risk appetite of the Trust.

Quality Governance Arrangements

The organisation has a robust set of quality governance arrangements in place; most of which are outlined within this report. Aspects include:

  • Committee and sub-group infrastructure to ensure all quality issues are monitored and addressed. This includes the quality governance committee, compliance and risk group and its sub-groups which include safeguarding, medicines management, health and safety, clinical best practice and infection, prevention and control
  • A full suite of policies and procedures to control quality systems and processes
  • Robust risk assessment and quality impact assessment processes

Data quality checks within the processes for publishing and using performance information – managed through a dedicated informatics team.

Compliance with CQC Registration Requirements 

The Trust is not fully compliant with the registration requirements of the Care Quality Commission. In 2020, the Trust had an unannounced focused well led inspection, secondary to whistleblowing concerns. The inspection covered areas including safeguarding, culture and behaviours, Human Resources systems and processes, private ambulance utilisation, complaints and action plan oversight. Following the inspection, the Trust was placed in Special Measures (SOF4) and as a result, enhanced regulatory oversight and monitoring is in place.

A full core service inspection has not been carried out within the financial year, but it should be noted that this took place in April 2022. Whilst the Trust awaits the final report, the Trust remains with its previous overall rating of ‘Requires Improvement’.

The Trust is focusing heavily on making the necessary improvements, working with regulators to establish and deliver rapid interventions to strengthen the position short term, whilst progressing the Fit for the Future programme for long term, sustainable change. The plan focuses on four core underpinning well led themes, in addition to the immediate action plans relating to the CQC, Equality and Human Rights Commission and training and education.

Data Security Risks

Data security risks are identified, assessed, managed, and reported as per the Trust’s risk 

management strategy and process. These are overseen by the information governance group and data quality and security group, as well as the Trust’s SIRO.

Significant Risks 

The major risks identified within the financial year have been monitored and acted upon by the Board and Sub-Committees through scrutiny of the Board Assurance Framework (BAF) at Board and Sub-Committee meetings and a summary is as follows:

Strategic Goal

Strategic Risk


1: Be an exceptional place to work, volunteer and learn

SR3 Failure to embed a culture focussed on staff safety and wellbeing

Current risk in recognition of the culture and behaviours programme and reflects CQC findings. Key mitigations include the culture improvement programme, redesign of policies and processes and improving speaking up, openness and transparency

Establishment and delivery of a long-term model and workforce plan

Escalated risk that long term planning of the clinical model and associated resourcing requires focus. Key mitigations included specialist resource and support to undertake strategic planning to progress to a long term workforce model

Ability to deliver robust plans to improve diversity

Escalated risk in relation to having a representative and inclusive workforce. Mitigation includes an equality, diversity and inclusion team and dedicated staff networks, commitment to the Anti-Racism Charter, policies, procedures, practices and training in place, and a planned race and disability review.

2: Providing outstanding quality of care and performance

SR1 Failure to deliver a timely response to our patients to ensure a safe level of service

Current risk focusing on our ability to deliver timely care to patients. Mitigation relates to recruitment, operational efficiencies and system working.

SR2 Failure to achieve continuous quality improvements and high-quality care delivery

This risk focuses upon our ability to continuously improve the standard and quality of care, based upon clinical outcomes

3: Be excellent collaborators and innovators as system partners

SR5 Ability to embed EEAST’s place within the changing system to support delivery of the NHS Long Term Plan

Current risk focusing on supporting delivery of system-wide integration, focusing on alternate pathway schemes, engagement and involvement within the wider health and social care landscape

4: Be an environmentally and financially sustainable organisation

SR4 Failure to deliver an efficient, effective and economic service

This risk focuses on long term financial planning and capacity to deliver across Trust strategy

SR6 Ability to ensure sufficient capacity and capability to ensure sustainable change

Current risk focused on the challenges to delivery of EEAST’s improvement agenda, including capacity and prioritisation

All Goals

SR7 Failure to ensure a well governed and accountable Trust that meets the inspection standards

In recognition of the regulatory improvements required in well led, this focuses upon compliance and leadership. Mitigations include an externally facilitated governance review and plan, Fit for the Future programme, robust policies and processes to control governance systems and compliance

Governance Compliance Risks 

Given that the Trust has an active section 31 and section 29a notice, along with the move to SOF4 with legal undertakings being established by NHSE/I, confirmation cannot be provided that the Trust is compliant with assertion FT4(5)(a) or FT4(6). These are aligned to the areas of concern outlined within the proposed legal undertakings, and relate to:

There is a risk arising from challenges in complying with well led requirements of the CQC due to leadership instability, capacity and capability, and embedding values and behaviours
  • Well led improvement plan with key programmes relating to culture, capacity and capability, leadership development
  • Localised culture interventions to support tangible change
  • Improvement Director to support improvement
  • Increased governance capacity to support compliance
There is a risk to oversight and assurance due to the quality of utilisation of data and measuring effectiveness
  • New Integrated Performance Report for Board now in place
  • Support from NHSI ongoing to enhance data utilisation
  • CIO focus on data quality and utilisation
  • Committee metrics and escalation parameters in place
  • Demonstrating Impact programme to transition to statistical process control and performance improvement

Embedding of Risk Management

Risk management is embedded throughout key activities in the organisation. For example:

  • All risk registers for the Trust are managed via an electronic database. Escalation of risk is achieved through the governance structures and processes within the Trust.
  • Identification and assessment of risk is a core business function, with managers responsible recognising and assessing risks to the delivery of their aspect of the service.
  • All cost improvement programmes have a reviewed and approved quality impact assessment, where risks and mitigating actions are identified prior to the scheme being able to proceed. Equality impact is assessed for policies.
  • All core plans, such as the winter plan, potential for overtime incentives, surge plan or Board-level financial decisions have a risk and impact assessment undertaken
  • Embedded incident reporting system for staff to report adverse incidents or near misses.
  • Core groups monitor the risks relevant to their terms of reference on a frequent basis
  • Audit Committee has oversight of risk management to ensure it is embedded
  • Accountability Forum focusses upon locality risk areas impacting on business delivery

Workforce Strategies and Staffing Systems 

The Trust is working to a budgeted whole time equivalent (WTE) workforce establishment informed by the Independent Service Review (ISR) to enable the delivery of safe and effective care to our patients. The efforts over the year mean we are fully established and have resolved the capacity gap. 

Progress against the workforce plan continues to be monitored through the People Committee and Board with the next steps to progress to a long term workforce model and plan. The service is committed to building an engaged and inclusive culture with engagement events for staff to speak directly with Executives and Non-Executive Directors, nominated Executive leads for each STP area and ongoing joint working with Trade Unions to revise and improve Workforce Policies and Procedures. The Trust is undertaking significant work to improve the culture and leadership in the organisation.

The Trust will continue to foster positive collaborative working relationships and ensure that existing staff networks (LGBT+, BME, Women, Multi-Faith and Disability) are supported and encouraged to play an active role in the decision making in the Trust. 

Register of Interests 

The Trust has published on its website an up-to-date register of interests, including gifts and hospitality, for decision-making staff (as defined by the trust with reference to the guidance) within the past twelve months, as required by the ‘Managing Conflicts of Interest in the NHS’ guidance.

Pension Scheme

As an employer with staff entitled to membership of the NHS Pension Scheme, control measures are in place to ensure all employer obligations contained within the Scheme regulations are complied with. This includes ensuring that deductions from salary, employer’s contributions and payments into the Scheme are in accordance with the Scheme rules, and that member Pension Scheme records are accurately updated in accordance with the timescales detailed in the Regulations.

Equality, Diversity and Human Rights 

Control measures are in place to ensure that all the organisation’s obligations under equality, diversity and human rights legislation are complied with. Focused work is under way in relation to Equality, Diversity and Inclusion. A section 23 agreement is in place with the Equality and Human Rights Commission (EHRC) to support improvements.

UK Climate Projections

The Trust has undertaken risk assessments and has plans in place which take account of the ‘Delivering a Net Zero Health Service’ report under the Greener NHS programme. The Trust ensures that its obligations under the Climate Change Act and the Adaptation Reporting requirements are complied with.


Review of economy, efficiency and effectiveness of the use of resources

The Trust has a range of processes to ensure that resources are used economically, efficiently, and effectively. This includes management and supervision arrangements for staff and a system of devolved budget management. This incorporates reviews of finance and performance at budget manager, service director and overall Trust level, through detailed reporting to the Performance and Finance Committee.  The Performance and Finance Committee also scrutinises the Trust’s Quality Cost Improvement Programme and reviews delivery of this programme which is supported by Quality Impact Assessments.

External auditors are required as part of their annual audit to satisfy themselves the Trust has made proper arrangements for securing economy, efficiency, and effectiveness in its use of resources and report by exception if in their opinion the Trust has not.

Information governance

In 2021-22 there were a total of 45 incidents reported to the Information Commissioner’s Office (ICO) through the data reporting tool. Of these, at the time of writing this report, the ICO took no further action in 37 cases (82%), being satisfied with the investigation and actions taken by the Trust. The remaining eight are outstanding for a decision. An overview of the 45 incidents is as follows:

  • Personal / special category information disclosed in error - 12
  • Unauthorised disclosure of personal / special category information - 7
  • Unauthorised access to personal information - 2
  • Email misdirection of personal / special category information - 8 
  • Lost / found patient records - 13
  • Phishing attack - 1
  • Misuse of personal data - 1 
  • Incorrect personal data recorded - 1 

Data quality and governance

The Trust has several processes in place to ensure that data are accurate and provides a balanced view.  These include:

  • Clinical data and outcomes
  • Checked and verified by the Clinical Audit Manager (State Registered Paramedic) prior to submission to the national audit programmes
  • Monthly checks of Department of Health statistical reports to ensure latest comparative data are included
  • Assurance through governance processes to Board-level via the Integrated Board Report
  • Information Governance Toolkit
  • Assurance provided through Information Governance Group and Data Quality and Security Group to Trust Board via the Audit Committee
  • Regular scrutiny of processes and information through Board Sub-Committees
  • Transition to the Data Lake – a single source and repository of our data that cannot be manipulated

Review of effectiveness

As Accountable Officer, I have responsibility for reviewing the effectiveness of the system of internal control. My review of the effectiveness of the system of internal control is informed by the work of the internal auditors, clinical audit and the executive managers and clinical leads within the NHS trust who have responsibility for the development and maintenance of the internal control framework. I have drawn on the information provided in this annual report and other performance information available to me. My review is also informed by comments made by the external auditors in their management letter and other reports. I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the board, the audit committee and Quality Governance Committee, and a plan to address weaknesses and ensure continuous improvement of the system is in place.

The Trust Board recognises the importance of the principles of good corporate governance and is committed to ensuring these are effective and efficient.  This is implemented through key governance documents, policies, and procedures of the Trust, including:

  • The Board Governance and Assurance Framework
  • The Trust’s Standing Orders, Reservation of Powers to the Trust Board, Scheme of Delegation, and Standing Financial Instructions.
  • Terms of reference of the Sub-Committees of the Trust Board. 

The Trust is led by a unitary Board, which provides leadership within a framework of internal control whilst promoting innovation and vision, and challenge to any performance issues. The Trust Board monitors the effectiveness of the internal control systems and processes through clear accountability arrangements. Each Executive Director is held to account in relation to control systems and processes, monitoring methods and weaknesses within their directorates during the year; cross checking evidence of compliance with statutory functions to ensure that the Trust remains legally compliant.

Review of Effectiveness of the Trust Board and Sub-Committees 

The Board and the Sub-Committees review their effectiveness informally on a regular basis and formally once a year through the Board’s approved evaluation process.  This has been further supported in-year through an independent governance review.

The review comprised of three overarching areas of effectiveness, namely:

  • Structure – including frequency of meetings, the agenda and schedule, and time afforded
  • Leadership – including quoracy, skills and experience, behaviours and constructive challenge
  • Infrastructure and Support – including information provision and flow to the committee and Board

Responses to the effectiveness review highlighted a deterioration in the following areas; time spent on each agenda item, sufficient challenge, timeliness of information and the quality and form of information received. This was a trend reflected across most of the committees, and could be attributed to increasing awareness of what 'good' looks like.

There was a notable improvement in the prioritisation of agenda items, skills, knowledge and experience of Board members and modelling of values and behaviours which showed a 25%, 14% and 8.4% improvement respectively compared to the previous reporting period.  The following actions were agreed.

Overarching Area


Change programme

Agenda length and prioritisation

Review and refine agenda plans and ToR


Quality of reporting/ committee metrics

Implementation of SPC reporting for the IPR

Demonstrating impact workstream

Review and realign committee responsibilities

Annual Review

Quality assurance report checking

Business as Usual

Modelling of behaviours

360-degree appraisal

KPMG Governance Review

Board Development Programme



Summary of activities 

The following provides summary of the activities in maintaining and reviewing the effectiveness of the system of internal control:

Trust Board

Audit Committee

Quality Governance Committee

Governance and Risk Team

Risk Management assurance – reviewing the BAF, risk escalation, Strategic risk review

Reviewing assurance pertaining to risk and governance via reports and deep dives

Review and assurance on action plans following the 2020 CQC inspection

Continued progression of the governance and well led improvement

Receiving and reviewing contingency plans and pandemic arrangement for performance, quality and finance

Approval of the Board Governance and Assurance Framework and the Risk Management Strategy

Reviewing and approving the clinical audit plan and relevant clinical and quality annual reports

Ongoing embedding of the Board Governance and Assurance Framework

Receiving and approving annual reports

Reviewing the Annual Accounts for the Trust and its charitable fund, as well as the annual governance statement

Oversight on areas of concern including safeguarding, private ambulance utilisation, complaints and well led

Delivery of the Risk Management Strategy and delivery of training and support to managers and teams

Approval of the annual report, accounts, and governance statement, Data Security and Protection Toolkit, and the Charitable funds annual accounts

Review in detail the Standing Orders, Standing Financial Instructions, Scheme of Delegation and Reservation of Powers to the Trust Board

Monitoring performance against the Ambulance Clinical Quality Indicators

Facilitation of the CQC, EHRC, and other regulatory relationships and assurance mechanisms to support improvements

Receiving improvement plans and progress in relation to the CQC inspection report, monitoring completion and gaining assurance

Reviewing in detail the system of control arrangements, including policy management

Receiving and reviewing update reports in relation to Claims and Litigation cases, and patient experience

Facilitation of the escalation and assurance mechanisms in support of the Board and its Sub-Committees

Close monitoring of the culture improvement programme as well as frequent oversight of freedom to speak up and whistle blowing

Reviewing the recommendations and action plans from internal audits. Supporting the tender and procurement for new internal auditors


Facilitation of well led development and close working with the Improvement Director to support through SOF4

Clinical Audit activities 

Clinical Audit forms part of the quality governance framework and provides assurance that services are being delivered to patients at the required standard, in order that the Trust meets the dimensions of quality: patient safety, patient experience and clinical effectiveness.

The results of audits and experience audits are used to review and develop training for staff, and examples, themes and trends have enabled the Trust to identify areas that draw out the quality measures.

The Clinical Audit and Patient Experience programmes for 2021/22 focused on national, strategic, and regulatory driven audit projects that related to the priorities set within the Quality Account agenda.  Full details of all audits undertaken are in the Quality Account. 

The Head of Internal Audit opinion and Annual Internal Audit Programme

The Head of Internal Audit provides an opinion on the overall arrangements for gaining assurance through the BAF and on the controls reviewed as part of the internal audit work. In addition, the Trust Board is advised by auditors and assessors providing an opinion on the adequacy and effectiveness of risk management, governance and control processes, service delivery, financial management and control, human resources, operational and other review levels. Internal Audit attend all Audit Committee meetings to provide in year analysis and assurance.

The Head of Internal Audit has provided ‘*** Assurance’ that there is a sound system of internal control, designed to meet the Trust’s objectives, and that controls are being applied consistently. The following is the quoted Internal Audit Opinion, presented by the Auditor to the Trust’s Audit Committee in May 2022.

Actions Taken to Address Internal Control Issues

The key challenges the Trust faced throughout 2021-22 and the actions taken were:

Key Challenges to Internal Control

Actions taken

Operational capacity to meet demand and performance requirements

Closure of the operational workforce capacity gap; over-recruitment to control room roles; utilisation of additional private ambulance service provision to support delivery of care to patients; Collaboration on system improvement activities including hospital ambulance liaison officers and rapid release schemes to support faster handovers

Well Led issues pertaining to culture, behaviours, capacity and capability

Improvement Director support; CQC improvement plan delivery in year; local culture interventions programme; enhanced staff engagement approach; strengthened whistleblowing and freedom to speak up; Speak Up, Speak Out, Stop It campaign; Policy and procedure reviews and strengthening; increased training in values, behaviours and leadership around culture


I can confirm that there are no significant internal control issues identified that do not have a clear plan in place for effective mitigation. Where control issues have been identified, for example in relation to leadership and governance through CQC inspection, a process has been developed which ensures appropriate support and scrutiny in relation to the areas required, with robust reporting in place.

There is an acknowledgement that the Trust continues on its improvement journey, with strengthened systems and controls being implemented to mitigate the internal control challenges that the Trust is actively managing. I am confident that appropriate mitigation plans are in place with clear oversight and scrutiny through the regulators and that we therefore have a generally sound system of internal control that supports the achievement of our policies, aims and objectives. We continue to identify opportunities to strengthen the internal control environment into 2022-23.

Tom Abell

Chief Executive Officer

Back to Contents