Corporate report

Corporate governance framework

Updated 29 October 2024

Background

The Single Source Regulation Office’s (SSRO) Framework Document with the Ministry of Defence (MOD) sets out the broad governance framework within which the SSRO and the MOD operate.  The Framework Document sets out the SSRO’s core responsibilities, and the governance and accountability framework that applies between the roles of both organisations.  It also sets out how the day-to-day relationship between the two organisations works in practice, including in relation to governance and financial matters.

Further to the Framework Document, the SSRO’s Corporate Governance Framework, along with its standing orders, financial policies and delegations, details how the SSRO’s responsibilities, functions and decision-making are carried out, including the main roles and responsibilities of the Board and its committees.  In the event of any conflict, the Framework Document takes precedence. 

The Corporate Governance Framework is the responsibility of the SSRO Board.  It is maintained by the SSRO Governance team and will be reviewed formally at least every two years, although reviews may be triggered by significant changes in the organisation, or the SSRO’s operating environment.  Authority has been delegated to the Chief Executive to make minor amendments (i.e., any changes that do not alter the underlying intention of the Framework) as and when these may be required.

The Corporate Governance Framework fulfills the requirement set out in the Framework Document that the SSRO has in place a Board Operating Framework consistent with the Government Code of Good Practice.

Overview of the SSRO’s key functions, roles, and responsibilities

The SSRO’s purpose, statutory functions and responsibilities are set out in Part 2 of the Defence Reform Act 2014 (the Act) and the Single Source Contract Regulations 2014 (the Regulations), and are summarised in the Framework Document between the SSRO and MOD.

The SSRO’s powers, statutory duties and functions include:

• Keeping an up-to-date record of qualifying contracts and receiving statutory reports from defence contractors under the regulatory framework.
• Recommending the appropriate baseline profit rate and capital servicing rates for use in calculating contract profit rates.
• Publishing guidance on allowable costs, contract profit rate steps, reporting and penalties.
• Keeping the operation of the regulatory framework under review and making recommendations for changes to the Secretary of State.
• Giving opinions and making determinations on matters referred to the SSRO concerning the regulatory framework.
• Keeping under review the extent to which reporting requirements are being complied with.
• Analysing reported data on request for the Secretary of State.
• Issuing guidance in relation to the application or interpretation of the regulatory framework.

The Act allows for the SSRO to set its own procedures, except for the arrangements concerning the discharge of its referral functions as specified in legislation.

The SSRO Board

The SSRO Board consists of a Chair, a Chief Executive, a Chief Operating Officer (or equivalent) and at least two non-executive Board members (NEBMs).  The Board must include a majority of NEBMs.

An MOD sponsor representative attends SSRO Board meetings as an observer, in accordance with the SSRO Board MOD Representative Protocol.

The Board can delegate any of the SSRO’s functions to the Chair, another Board member, or a committee.

The Board may also choose to delegate to the Chief Executive specific matters that would otherwise be reserved to it.

The Framework Document provides more detail about the composition of the Board, its powers to establish committees, appointments to the Board, and its duties and responsibilities.

Terms of Reference for the SSRO Board are at Appendix 1.

The Chair and NEBMs

The Chair is responsible for leading the Board and ensuring its overall effectiveness.  The Chair is ultimately accountable for the decisions taken by the Board in carrying out its functions.

NEBMs act collectively through the Board and its committees; they do not have individual executive authority.

The Chair and individual members should at all times comply with the principles and responsibilities described in the Code of Conduct for Board Members of Public Bodies issued by the Cabinet Office, and the additional requirements set out in the SSRO’s Code of Conduct for SSRO Board and Referral Committee members.

The Framework Document provides more detail about the role and responsibilities of the Chair, and individual Board members’ responsibilities.

The Chief Executive

The Chief Executive has executive responsibility to the Board for the work of the SSRO, its staff, and the day-to-day management of the SSRO.  

Where a matter is not specifically reserved to the Board, the SSRO’s Chief Executive has the authority to act.  The Chief Executive is further authorised to appoint another appropriate member of SSRO staff to act on their behalf.

The Chief Executive is supported and advised on the SSRO’s day-to-day management by a Senior Leadership Team.  The Senior Leadership Team is not a committee of the Board.

The Framework Document provides more detail about the Chief Executive’s responsibilities in accounting to Parliament and to the public, in relation to the MOD, and as Accounting Officer.

Board Committees

To help it fulfill its functions, the SSRO can establish standing or ad hoc committees and determine their procedures, including the membership and life cycle of the committee.

At a minimum, there will be an Audit and Risk Assurance Committee.

The Chair is responsible for ensuring that Board committees are properly structured, with appropriate terms of reference that set out the committee’s responsibilities and the authority delegated to it by the Board. 

While the Board may make use of committees to assist its consideration of appointments, succession, audit, risk and remuneration, it retains responsibility for and endorses final decisions in these areas.

Members of committees are appointed by the Chair.  A committee may include persons who are not members or employees of the SSRO.

The Terms of Reference for the SSRO’s committees are set out in Appendix 2.

Referral Committees and Independent Persons

The Act specifies that a number of the SSRO’s statutory functions^{[footnote 1]} must be exercised by a committee (a Referral Committee).

The SSRO will appoint a Referral Committee to deal with each referred matter.

Each Referral Committee must consist of three persons, at least one of whom must be a person who is not a member or employee of the SSRO.

Referral Committee members are appointed by the Chair, or another member who has been authorised for that purpose, on the recommendation of the Chief Operating Officer (or equivalent).

The SSRO will identify independent persons who are neither members nor employees of the SSRO who may be appointed to Referral Committees.  These independent persons should comply with the standards of behaviour detailed in the SSRO’s Code of Conduct for Board and Referral Committee members.

Terms of Reference for Referral Committees are set out in Appendix 3.

Appendix 1 – Terms of Reference for the Board

Purpose

The SSRO Board’s duties and responsibilities are set out in detail in the SSRO’s Framework Document with the MOD.

The Board provides strategic leadership and oversight for the SSRO.

Its primary role is to ensure the effective discharge of the SSRO’s functions, guiding the development and monitoring of its strategic aims and objectives.

The Board also provides direction and support, ensuring that the SSRO operates within the regulatory framework, and the policy and resources framework determined by the Secretary of State.

It ensures that effective financial planning, human resources, and risk management arrangements are in place in order that the SSRO meets its objectives.

The Board, through the Chair, also appoints the Chief Executive and holds them accountable, and supports them in the discharge of their role as Accounting Officer.

Roles and Responsibilities

The specific functions and decisions reserved to the Board include:

Approval of:

• the SSRO’s Framework Document with the Ministry of Defence;
• the Corporate Governance Framework;
• the Annual Report and Accounts for Accounting Officer sign-off;
• the SSRO’s Corporate Plan and objectives;
• corporate performance management arrangements;
• Risk management arrangements;
• the SSRO’s financial framework, any significant changes to the prime and detailed financial policies, the Scheme of Financial Delegations and any significant changes to delegated financial authorities;
• the financial plan, annual budget, and any variations to the budget where this would have a significant impact on the overall approved levels of income and expenditure;
• the business case and procurement strategy for any contract valued above the ‘Find a Tender’ threshold;
• significant changes to overall staff terms and conditions of employment;
• decisions concerning litigation in respect of matters that are of public, political, financial or reputational significance;
• communication plans in respect of matters that are of public, political or reputational significance.

Regarding the discharge of the SSRO’s regulatory functions:

Regulatory Function	Approval of
Rates Assessment Sections 19(2) and (3) Defence Reform Act 2014 (DRA)	Significant consultations and associated outputs. The methodology to be applied in assessing the appropriate rates and adjustment. The annual recommendation to the Secretary of State.
Referrals DRA, Schedule 4, Para 10(3)	Appointment of persons to Referral Committees (by the Chair, or by a member under delegation from the Chair) Significant changes in policy, procedures, and guidance in relation to referrals.
Review of Legislation DRA, Section 39(1) and (2)	Proposals for significant changes to the regulatory framework within ongoing and periodic reviews of legislation, and submission of recommendations to the Secretary of State.
Reporting requirements, Analysis and DefCARS DRA, Sections 24(1), 25(1), 36(1), 36(3), 37(1) and Schedule 4, Para 14	Significant changes in DefCARS policy.
Compliance DRA, Section 36(2)	Significant changes in the compliance methodology.
Guidance in respect of: determining the contract profit rate for a QDC or QSC DRA, Section 18(1) determining allowable costs under QDCs DRA, Section 20(1) determining penalties (DRA, Section 33(4)) the preparation of reports Single Source Contract Regulations 22(9) and 33(8) other guidance (for example, alternative pricing) DRA, Section 35A	Significant updates to guidance, including new guidance areas, and associated consultation activities.

Oversight / consideration of:

• the Audit and Risk Assurance Committee’s annual report, and any issues raised by the Audit and Risk Assurance Committee to the Board;
• people issues, including implementation of the Workforce Strategy; application of the annual pay remit; staff remuneration policy and pay management guidance; employee engagement (including the annual engagement survey action plan); and succession planning and skills; and any issues raised by the People Champion to the Board;
• corporate performance management through regular monitoring reports; and
• cyber security and information handling arrangements.

Informing the Chair’s decision on:

• the Chief Executive’s annual pay award and non-consolidated award; and
• nominations to the Board.

Membership

The Board comprises the Chair, the Chief Executive, the Chief Operating Officer (or equivalent), and at least two non-executive Board members (NEBMs) that among them have a balance of skills and experience appropriate to directing the SSRO’s business. 

The Board must include a majority of NEBMs.

Quorum

The Board’s quorum will be three non-executive members.

Meetings

The Board will meet at least four times each year.

Meetings of the Board are held in accordance with the SSRO’s Standing Orders.

Reporting

The minutes of Board meetings are the formal record of the Board’s business.

Minutes will be published on the SSRO website once they are approved by the Board as a correct record.

In line with Cabinet Office guidance, the SSRO chair must conduct a Board Effectiveness Review (BER) annually and ensure that a BER is externally facilitated every three years. 

Monitoring

The terms of reference for the SSRO Board will be kept under periodic review.

Appendix 2 – Terms of Reference for the Audit and Risk Assurance Committee

Purpose

The Board has established an Audit and Risk Assurance Committee (ARAC) to provide scrutiny, oversight and assurance of risk management, internal control and governance procedures to the Chief Executive, as Accounting Officer, and to the Board.

Roles and Responsibilities

The ARAC shall advise the SSRO Board and Accounting Officer on:

• The strategic processes and framework for governance, risk management and internal control.
• The Annual Report and Accounts, including the Governance Statement, recommending them to the Board.
• The organisation’s policies for counter-fraud, cyber and information security, procurement, and the prime and detailed financial policies.
• Internal audit, including the appointment of the internal auditors, agreeing the audit plan, audit reports and the adequacy of management response to audit recommendations.
• The planned activity and results of the external audit by the NAO, including its management letter and the response by management.
• The effectiveness of the internal control environment.
• The arrangements for controlling and reporting SSRO expenditure.
• Risk assurance, including reporting its views on the adequacy of the SSRO’s risk management arrangements to the Board.
• Corporate governance arrangements, reporting annually to the Board its views of the governance of the SSRO and on the Committee’s own effectiveness.

Membership

The ARAC will comprise no fewer than two non-executive members. The Committee will be chaired by a non-executive member.

A secretariat function will be provided by the SSRO Governance team.

The ARAC may co-opt additional members for a period not exceeding one year to provide specialist advice on a particular matter.

The ARAC may procure specialist ad-hoc advice at the expense of the organisation, subject to budgets agreed by the Board.

Quorum

A minimum of two members of the ARAC shall be present for the meeting to be quorate.

Meetings

The ARAC will meet at least four times a year.

The Chair of the ARAC may convene additional meetings, as they deem necessary.

ARAC meetings will normally be attended by the Accounting Officer, the Head of Corporate Services, Head of Internal Audit, and a representative of External Audit. Other staff may be invited to attend the Committee, as required.

Unless otherwise agreed, notice of each meeting, the agenda and any relevant papers, shall be sent to attendees one week before the date of the meeting.

Reporting

The ARAC will present the minutes of its meetings to the Board as soon as possible after each meeting. The ARAC will make recommendations to the Board as it considers appropriate.

The Chair, on behalf of the Committee, will provide an annual report to the Board, timed to support finalisation of the accounts and the Governance Statement, summarising its conclusions from the work it has done during the year.

Access

The Head of Internal Audit and the representative of External Audit will have free and confidential access to the Chair of the ARAC.

Information requirements

For each meeting, unless otherwise agreed, the ARAC will be provided with:

• A report summarising any significant changes to the organisation’s strategic risks and a copy of the Corporate Risk Register.
• A progress report (written or verbal) from the Head of Internal Audit.
• The findings of any internal audit reviews.
• A Corporate Services report (written or verbal) including the management of any major incidents or ‘near misses’ and consequently the lessons learned.

As and when appropriate the Committee will also be provided with:

• proposals for the terms of reference of internal audit/the internal audit charter;
• the Head of Internal Audit’s Annual Opinion and Report;
• the draft annual report and accounts of the organisation and the draft Governance Statement;
• external audit’s management letter, the audit plan and the audit completion report;
• a report on any changes to financial and accounting policies, IT and security policies;
• a report on changes to the counter-fraud policy;
• a report on any proposals to tender for audit functions; and
• the organisation’s Risk Management Policy.

Monitoring

The terms of reference for the Committee will be kept under periodic review.

Appendix 3 – Terms of Reference for Referral Committees

Purpose

The Defence Reform Act 2014 (the ‘Act’) requires that several of the SSRO’s functions, listed in paragraph 10(3) of Schedule 4, be exercised by a committee consisting of three persons appointed by the Chair or any other member who has been authorised (generally or specifically) for that purpose.  At least one of the members of such a committee must be a person who is not a member or employee of the SSRO.

The specific listed functions are:

• Section 16(2)(b) - determining the amount of price adjustments;
• Section 18(3) – determinations about the contract profit rate;
• Section 20(5) or (6) – determinations about allowable costs;
• Section 21(3)(b) – determinations about final price adjustments;
• Section 23(6) or (7) – determinations about the use of records;
• Section 27(3) – investigating confidentiality obligations;
• Section 29(5) - determining whether a contract is a qualifying subcontract;
• Section 30(4)(b) – overruling a notice that Part 2 of the Act and the Single Source Contract Regulations 2014 should cease to apply to a sub-contract;
• Section 32(8) – determinations on a penalty; and
• Section 35(1), (3), (4) and (7) - opinions and determinations.

Some of these functions have specific timeframes, determined by the Act.

A Referral Committee will be responsible for considering such matters as and when they arise.

Roles and Responsibilities

A Referral Committee shall:

• act as an objective, impartial and fair arbitrator on referrals;
• make decisions in relation to opinions and determinations accepted by the SSRO;
• decide, in consultation with the executive, procedural matters including whether to formally accept a referral, or to suspend or close an ongoing referral investigation;
• ensure that its decisions are evidence-based;
• ensure that the publications that result are a reflection of the Committee’s decisions; and
• observe the SSRO’s corporate governance framework, its core values and all legal requirements.

Membership

Referral Committees shall be appointed by the Chair of the Board, or another member authorised for that purpose, and must be comprised of three individuals, of which at least:

• one must be a non-executive member; and
• one must be an independent person who is neither a member nor employee of the SSRO.

Executive members shall not ordinarily be appointed to a Referral Committee.  However, if necessary to deliver the SSRO’s function within required or appropriate timescales, an executive member may be so appointed.

Referral Committees will be chaired by a non-executive Board member.

The Act states that a determination by such a committee is to be made on the basis of a majority of the committee, and is final.

Quorum

For all functions of a Referral Committee by virtue of paragraph 10(3) of Schedule 4 of the Act, the quorum at any Referral Committee meeting will be three and must include a Referral Committee member selected from the panel of persons who are not members or employees of the SSRO.

Meetings

A Referral Committee will meet as required.

Monitoring

The terms of reference for Referral Committees will be kept under periodic review.

1. The functions listed in paragraph 10(3) of Schedule 4 of the Act (‘Referrals’) ↩