Question to the Ministry of Defence:

To ask the Secretary of State for Defence, what steps he is taking to strengthen the linkage between (a) Board risks, (b) disaggregated risks and (c) risks owned and managed in individual entities of his Department.

The Ministry of Defence (MOD) follows the Code of Good Practice for corporate governance in central government departments and undertakes regular reviews of its governance structure to ensure it remains fit for purpose for managing delivery and performance.

The Lead Non-Executive Director assesses Board performance each year and the department has challenge functions for its senior committees to help bring diversity of thought to decision making. The department also undertakes regular reviews of its Operating Model. The Defence Operating Model outlines the roles, responsibilities, authorities and accountabilities across Defence and the key delivery, decision-making, management and assurance processes.

The Annual Report and Accounts 2022-23 pages 72 to 76 details how risks are managed within the department. The Defence Command Paper Refresh (DCPR) published on 18 July 2023 sets out Defence’s priority to embed a sophisticated approach to managing risk through a significant improvement programme. This will align the Department’s risks with the commitments outlined in the DCPR, Defence Strategy and wider cross-government priorities, providing a clear line of sight from Board level risks through to all disaggregated levels of departmental risks. The Defence Board and the Defence Audit, Risk and Assurance Committee (DARAC) have approved the improvement programme and have oversight of delivery. These changes will be delivered across whole Defence enterprise, including functions and front-line commands. MOD continues to mature the operation of its functions, in support of the wider development of the Government’s Functional model.

Improvement activities as set out in the Annual Report and Accounts 2022-23 on page 76 include maturing the annual assurance reporting process, refreshing the risk management framework for the Department, strengthening the three Lines of Defence model to clarify the accountabilities and governance requirements for each line, and developing a risk-based assurance map. These improvements will integrate assurance across the three Lines of Defence, ensuring assurance activities remain proportionate to the level of risk in the department and its risk appetite.