As 2018 begins to gain momentum the regulators focus on governance shows no signs of relenting, and consequently, it is essential that statutory property compliance is a top priority for all registered providers.
Boards must be able to say with confidence that they are fully compliant with their statutory obligations and provide evidence to support this statement.
We understand that actually achieving this is a complex and onerous task but compliance with the home standard in the regulatory code is a key focus for the Regulator of Social Housing (RSH), and governing bodies need to ensure that their organisation is on track.
Our clients often report to us that what they perceive to be one of the most difficult challenges when undertaking a compliance review is knowing where to start and what to look for. The nine building blocks to compliance, included below, is by no means prescriptive but provides a guide for organisations who want assurance that they have a roust approach to compliance.
1. Board and management - reporting and challenge
Strong leadership is the key. In order to both attain and retain assurance Boards must take an active and sustained interest in the actions the organisation is taking to ensure they are compliant, and fulfil their role by understanding what their policy principles are, challenging performance against these principles, and ensuring there is robust reporting in place to evidence outcomes. They must have an understanding of what to look for and where to probe; particularly in respect of the “big five” areas of gas, fire, electrical, asbestos and water hygiene. In organisations where this is identified as a particular weakness, we often recommend the commission of an external training body who can facilitate workshop(s) to clarify exactly what Boards should be looking for and how.
2. Policies, procedures, process maps
When it comes to policies, procedures, and process maps, we rarely find that such documents do not exist, but it is the manner in which they have been created and maintained which gives rise to shortfalls. Often the same documents have been updated and amended over time to reflect new guidance and legislation, but are not reviewed as a complete body of work, and as a result mistakes, omissions and misalignment develop. We would recommend that the “big five” compliance policies are reviewed by Board every two years, or immediately following the publication of new legislation. It should be ensured they are legally compliant, robust and reflect the organisation’s risk management approach. Robust policies, procedures, and process maps also ensure there is clarity, accountability, and responsibility within the organisation and that operators understand who is accountable and who is responsible.
3. Data validation – “clean checks”, security protocols
Regular and robust data validation is an integral part of compliance, as well as assurance of it. Reliable assurance can only be given if there is the data in place to support it. Data held in the central system must match that of the original records including: visit dates, re-inspection dates, property or asset specific information, access documentation, and any other supporting evidence. Additionally, there must be sufficient security protocols in place which ensure the number of people with the authority to amend/add/delete information on the central system is limited which reduces the exposure of the data to omissions, mistakes, or malicious activity.
Although we would always strongly advocate that all data is held on a central system, we are aware that this is not always possible. In this instance, it is pivotal that there is a robust policy and procedure in place for how data is managed offline; this includes password protection, creating back-ups, version control, and limiting access.
4. Central control of key data to evidence assurance
Following on from above, the way in which data is held is just as important as how it is managed. We always advise our clients as a matter of priority that all data is moved to, and maintained, on a central system.
In instances were data is not held on a central system, we strongly recommend installing a central custodian who will take ultimate responsibility for the data and will test/audit its robustness at scheduled, frequent intervals.
5. Inspection programmes that comply (including “catch up”)
Robust, well planned, cyclical inspection programmes are pivotal to achieving and maintaining compliance. It is essential to understand obligations in terms of the types of inspections required as well as the frequencies at which they must be completed. All inspection programmes, including any “catch up” works, should be clearly outlined in policy principles and, at a minimum, be compliant with legislative requirements.
6. Clear approach to delivery/close out of follow up works
There should always be an audit trail of any remedial works raised as part of a cyclical inspection programme. This should include records of when the work was raised and by whom, when the remedial works were carried out and by whom, and finally evidence that all works have actually been completed.
7. Procurement, qualified contractors, and competent persons
We advise all of our clients that it is best practice to define what constitutes competent persons in their policy documents. There is some ambiguity in the sector around what constitutes competence and these decisions should be made at leadership levels. For example, we would recommend that asbestos contractors are UKAS accredited and that fire risk assessors are BAFE accredited. This is not a legal requirement but helps provide organisations with assurance around competence. This then provides clarity for the procurement of compliance contractors and the requirement to systematically check competence on an on-going basis.
8. Internal and external assurance checks
Compliance activities should always be supported by both internal and external audit programmes to provide assurance that works are being completed to the right standard and are legally compliant. Audit processes are powerful tool for identifying weaknesses both in the operational staff carrying out the works, and the processes and procedures which support them. Catching problems “early” in this sense allows them to be resolved before the stakes are raised and the consequences of not addressing them higher. We always recommend external validation of compliance to provide additional assurance from outside of the organisation.
9. Clear escalation protocol in case of non-compliance
The approach to an event of non-compliance should also be clearly reflected in the organisation’s policy principles. There should be clarity around exactly what happens in such an event; how is it reported, who is it reported to, what action that person should then take, and under what timescales. Ultimately, all events of non-compliance should be reported to Board who should then have an understanding of why the event occurred, what action was taken to remedy it, and most importantly what is being done to prevent it from happening again.
If you would like to discuss this compliance roadmap further, or any of the statutory property compliance services we offer, please email Jenny Neville.