In 2013, the Chief Medical Officer initiated a programme of contractual reviews for organisations in receipt of NIHR funding to ensure that the organisations have effective and appropriate governance, financial and risk management systems in place. These reviews, known as Annual Funding Reviews (AFR), have become an annual exercise.
AFRs cover five Areas of Focus that contribute to successful project delivery. The Funding Review Assurance Questionnaire (FRAQ) is used to help the Department of Health and Social Care (DHSC) assess the level of arrangements, systems and control in place.
The five Areas of Focus should be embedded in the project life cycle for NIHR projects:
- Governance arrangements
- Financial controls
- Finance management
- Finance systems
- Compliance and risk management
The five areas are important in programme delivery and should be subjected to continuous improvement as the need arises.
NIHR expects all organisations that are in receipt of NIHR funding, including Research Capability Funding (RCF; NHS organisations only) and Official Development Assistance (ODA), to have good practices in its operations and to aim to have the best practices.
This Good Practice Guide seeks to provide guidance for organisations in receipt of NIHR funding contracts on what DHSC considers to be good practice and provides a range of examples of good practice that we have identified. It is not exhaustive and will be enhanced over time.
Project life cycle, including funding application stage
Good practice should be demonstrated during the entire project life cycle, which comprises competitive funding application, pre-award, award, post award, publications, and project closure.
DHSC uses the FRAQ to collect AFR information. It has four main sections:
- Funding Application
- Finance Management
- RCF (for NHS only)
- ODA (for Higher Education Institutions [HEIs]).
Each question in the FRAQ is assigned one of the five Areas of Focus.
Sections one to four in the guide below below list the processes, policies and practices that are considered good practice. Where possible, we have provided hyperlinks to publicly available resources or examples we have identified that meet our definition of good practice. They are not definitive and may not be suitable for all types of organisations and organisational structures, but they provide organisations with an idea of what we are looking for. As further examples are identified, they will be included in future versions of this guide.
Section 1: Funding application
In support of funding applications, good practice involves having in place the following:
- A funding application process that is well documented and open, fair and transparent. For example, University of Oxford has a good example of research process overview in its website.
- Grant or contracts management systems; for example, Worktribe and other commercial software packages. Most systems, including Worktribe, have flow charts that describe roles and responsibilities. For an example, see the University of York Worktribe flow chart.
- A process to determine costings, which includes cost identification and pricing of a research proposal, cost management process, costing templates and pricing policy. It is a good practice for applicants (HEIs and NHS) to have a costing and pricing policy, which could mention how an organisation follows funder guidelines such as the one in (d) below. Another example is the Royal Free London assessing costs of RF research studies standard operating procedure, which shows in detail how research costs are assessed.
- Adherence to sector guidance such as Transparent Approach to Costing (TRAC) Guidance for HEIs; Attributing the costs of health and social care Research & Development (AcoRD) policy and AcoRD FAQs for NHS organisations; and to funder guidance, for example the NIHR Global Health Research Finance Guidance for Applicants, etc.
- Pre-award due diligence and risk management. KPMG has a very good example of pre-award due diligence guidance.
- Project organogram and division of duties and responsibilities, with a staffing allocation table for projects as well as the percentage (%) full-time equivalent (FTE). Where there is no system that supports this, it would suffice to use an excel template. University of York has shared an example staffing allocation table (projects).
- Guidance for collaborating partners, policy on collaborations and equitable partnerships, and pre-award due diligence on collaborating partners. University of York has shared an example policy and procedure for the development and approval of international collaboration agreements.
- Funding application checklist, which is normally included at the end of a funding application form. Value for money (VfM) is an important consideration in applications.
Section 2: The Five Areas of Focus in the Annual Funding Review
Section 2.1: Governance arrangements supported by Human Resources
Documents required to support institutional and oversight arrangements include:
- Corporate Governance Charter (structure, mandate, statutory duties, legislation, regulatory authorities, etc. For an example, see the Alder Hey Children’s NHS Foundation Trust Corporate Governance Manual 2016-17.
- Terms of reference for functional Board Committee on key mandates (including projects) such as nominations, remunerations, programmes (including research), audit, assurance and risk management, etc. For an example, see the Birmingham and Solihull Mental Health NHS Foundation Trust Research and Innovation (R&I) Committee Terms of Reference (July 2019).
- Performance Review Hierarchy, which indicated how information flows from source/operations to decision making levels.
- Performance Review Reports, Working Group, periodic review meetings. For an example, please see the University of Warwick example terms of reference for a Financial Control and Compliance Group and a University Executive Board (Finance).
- Human Resources (HR) and HR Policy. Staff support governance structures and a good HR policy would provide guidance to staff at all levels
Demonstrating i to iv above is a sufficient indicator of good practice in institutional and oversight arrangements. Effective corporate governance should also be supported by HR (v). Good HR is a cornerstone for all organisations.
HR supports institutional and governance arrangements. In research, HR plays a critical role. A comprehensive HR policy can be documented either as a single handbook or as a separate but complete and comprehensive HR policy.
An HR policy should comprise the following:
- remuneration (compensation and benefits)
- equal opportunities and anti-discrimination policies
- HR management relations and service
- workplace diversity
- health, safety and security (including mental health and wellbeing)
- disciplinary procedures
- anti-bullying and anti-assessment
- employment support and assistance
- work-life balance
- labour unions where applicable
- HR information systems
- adherence to all legislations that concern or affect HR
- separation procedure for leaving employees
- fixed term contract staff policy to safeguard those on short term contracts which covers research staff
- General Data Protection Regulation (GDPR) and data protection
- training and development.
There is a free human resources policy manual for small business from HR Solutions that gives an idea of some of the contents of HR policy for small businesses. The HR policies listed by HR Solutions also apply to larger organisation. NHS/HEI entities should review their HR policies to ensure they cover all essential and mandatory areas as stipulated by legislation. NIHR expects Contractors to have a comprehensive HR Policy even though NIHR’s FRAQ may only focus on a few areas.
Section 2.2: Financial Controls
Financial controls should be embedded throughout the organisation, in all levels, processes and activities. These can be documented using the following documents:
- Approval roles, thresholds and workflows.
- Approval and Authorization policy/schedule or Scheme of delegation.
- Standing Financial Instructions (SFI; examples will be shared in due course).
- Finance Procedures and Policy Manual or Finance Regulations; which can be the same as SFI (see in section 2.2 iii above). For an example, see the University of York Financial Regulations.
- Procurement Policy (if it a standalone document, separate from Finance Manual). It is a good practice for procurement policies of individual organisations to comply with principles underpinning procurement as described in the government's public procurement policy.
- Any other written policy that documents financial controls. It is good practice to ensure that financial controls are embedded throughout the project life cycle and across the appropriate levels in an organisation; these can be embedded in any of the documents above
- Separation of duties guidance, unless already embedded in any of the documents above.
Oracle describes approvals (the most critical element in financial controls) very well in the Oracle Approvals Management document (section 1-9).
Section 2.3: Finance management
A finance management, control and services function has a broad scope that covers:
- Business planning and support of strategy
- Cash flow (treasury) management
- Staff (Finance, Programmes, Human Resources, Information Technology, Senior Management Team [SMT], Directors/Trustees)
- Financial management, accounting and reporting; taxation if applicable
- Support services
- SMT reporting; support of audit and other statutory obligations
Good practice in finance management can be demonstrated with a combination of documents that include the following:
- Finance management arrangements (Contractor, sub-contractor) and cascading downwards in the supply chain
- Finance management capacity assessment conducted as part of due diligence, so as understand the capacity, and where necessary arrange training/capacity building that will strengthen financial management capacity of awardees. Organisations are free to use the enclosed FRAQ for DHSC/NIHR, which has an element of self-score.
- General finance policies such as Finance Policies and Processes, and Financial Regulations Manual (see section 2.2 iii and iv above)
- Action/management response to pre-award recommendations and any findings in the due diligence reports (see section 1 e and g above)
- Monitoring framework and financial management arrangements, which can be embedded in the contract management and project monitoring arrangements (NIHR uses Statement of Expenditure [STOX], which can be quarterly [QSTOX], annual [ASTOX] or final financial report / statement of expenditure [FSTOX])
- Planning and project budgeting; annual operating plans; resource allocation and payment arrangements; Annual Operating Plans , project gantt chats; recruitment plan; procurement plans
- Standard Operating Procedure (SOP) on finance reporting and reviews, which includes project reporting templates; financial reporting structure that mirrors project funding; financial and narrative reports which can be monthly, quarterly, semi-annual or annual reports; milestone delivery reports (MDRs). University of Warwick has a good example of hierarchical review of reporting, which uses a review group (see section 2.2 iv above)
- Project organogram indicating % FTE for staff and project time sheets arrangements
- Internal Financial and Management Accounts, ideally quarterly; coding structure and list of transactions of both income and expenditure; project reconciliation templates
- Financial Statements and Audit Report (including management reports); project payables and receivable statement
- FM oversight and monitoring; including safeguarding of assets and management of liabilities
- Project closure procedures (SFI / Finance Manual); it is a good practice to have a project closure template, which lists all checks that need to be completed before a project is closed.
- Assurance planning, execution and management; Audit (internal and external) – project audits, project specific audits, expenditure verification
- Self-review/reflection and peer review of finance function and staff (see section 2.3 ii above).
Section 2.4: Finance system
A finance system may have multiple meanings depending on the nature of the business. In a NIHR’s award context, the components of a finance or finance accounting system comprise:
- Approvals and authorizations
- Finance software and hardware
- Staff (Finance, Programmes, Human Resources, Information Technology, SMT, Directors/Trustees)
- Accounting records (ledgers, supporting documents etc)
- Governance, reporting, audit and training
- Processes and procedures.
All the parts of a finance system play an important role with a sole objective of ensuring that funds are spent for the earmarked purpose and that every amount is accounted for.
NIHR does not recommend any system in particular, but whichever system is used should have all the attributes of a good finance/financial accounting system, namely:
- Finance System (hardware & software); Finance System Policy and Guidance
- Chart of Accounts, coding system (unique), duties, approvals, links with other system, reconciliations;
- Protocols for users, segregation of duties (process and technology, access rights, system access logs, etc)
- List of transactions; in-built reporting or separately held but interfaced reporting system
- Interfaces with core systems such as payroll, procurement, fixed assets and inventory, contract/grant management, database/records systems, etc;
- Sufficient back-up and data disaster recovery plans
- Staff training and refresher, preferably documented, on all aforementioned.
Section 2.5: Compliance and Risk Management
Successful applicants for NIHR funding enter into a contract with DHSC (the funder). The contract contains all the terms and conditions related to the funding and is legally binding. Contractors are therefore expected to have contract management arrangements in place that ensures that all the terms and conditions are adhered to.
Compliance and risk management are intertwined and the success of one drives the good outcome of the other.
A good compliance and risk management framework is associated with a wide range of policies that all work together effectively. These policies includes the following:
- Due diligence policy. The NIHR global health due diligence questionnaire is used for NIHR awards and contracts, but the contents therein gives an indication of the things NIHR look for. Also, the University of York has an example pre-award risk management guidance.
- Risk management policy including risk register, risk ratings, etc. For an example, see the Parole Board for England and Wales Risk Management Policy and Guidelines.
- Anti-Bribery and Anti-Corruption Policy; including Fraud Management Policy; Fraud Response Plan. CIMA has a good fraud risk management guide.
- Escalation and whistleblowing / Speak up policy; conflict of interest policy; anti-fraud policy. There are many examples of these policies online such as the Department of Business, Energy and Industrial Strategy (BEIS) whistleblowing guidance for employers. The NHS could have a risk management policy that is customised for the health service; The NHS Counter Fraud Authority (NHSCFA) is mandated to deal with fraud and counter fraud, and has useful information for the NHS.
- Child and Vulnerable Adults Protection Policy. NSPCC has good general guidance on safeguarding children and child protection. Also, NIHR has a safeguarding guidance.
- Code of conduct (CoC) and supplier CoC (SCoC). The Foreign, Commonwealth and Development Office (FCDO) has a good example of a Supply Partner Code of Conduct.
- Research Ethics and adherence to all legislations in force.
- Publishing modern slavery statement, where applicable, as required by the Modern Slavery Act 2015.
- Key operational policies: Finance, procurement, and operations.
- HR Policy that captures elements of compliance and risk management; DBS background checks and references.
- Internal control framework policy; delivery chain maps; VfM assessment.
- Internal and funder financial and narrative/progress reports. When there is a large portfolio of projects, it is a good practice to report internally by exception, provided reporting to the funder meets all the reporting requirements.
- Statutory and Audit Reports (including actions on recommendations following audit findings); Compliance and risk audit
- Continuous improvement policy; for example, ISO 9001 10.3 Continual Improvement.
Project closure and publications
Good practice for project closure includes having in place the following:
- Project Closure Checklist, which includes Project Reconciliation Template and Final Closure Financial Report (which is known as Final Statement of Expenditure [FSTOX] in NIHR) and Final Project Narrative Report
- Asset Register and disposal plans; Handover and Sustainability Plans (if applicable).
- Final Audit and or Expenditure Verification Report (where audit is required)
- Fixed Term Contract Staff Policy
- Project Archiving Policy.
- NIHR Open Access policy; Publication and Dissemination (and learning) Policy; and other equivalent policies
Section 3: Specialist areas
Currently specialist areas are considered to be Research Capability Funding (RCF) and Official Development Assistance (ODA). Organisations in receipt of RCF and/or ODA funding are expected to follow all the areas of focus, 2.1 to 2.5 above, in addition to the requirements described below.
Section 3.1: RCF (for NHS Organisations only)
A written RCF policy is an indicator of good practice. Such a policy would cover RCF allocation process and criteria, escalation process, project award verses actual spend, RCF guidance, change of usage and staff training on RCF. In writing an RCF policy, NHS organisations should refer to NIHR's guidance and policy on RCF. For an example, please see the Norfolk and Norwich University Hospitals NHS Foundation Trust RCF guidance notes and review panel scoring template (2019-20).
Section 3.2: NIHR awards funded via Official Development Assistance
ODA awards should be managed in a prudent way, just like the domestic NIHR awards with all the good practices mentioned already under sections 1 and 2 above. NIHR awards funded via ODA may also require unique contractual arrangements for example where the same project is being implemented in multiple countries. Below is a list of useful resources for applicants applying for NIHR ODA funding, as well as NIHR ODA contract holders:
- The ODA Contract Management Policy is prepared by individual organisations to suit internal governance arrangement and the relevant ODA context, and covers the project life cycle. For an example, please see the University of Oxford research process overview, which comprise key contents of a contract management policy.
- The NIHR Global Health Research core guidance covers the key principles supported by NIHR ODA funding and includes a number of useful resources, namely:
- Eligibility and Compliance
- Equitable Partnerships
- Community Engagement and Involvement
- Training and Research Capacity Strengthening
- Risk Management
- Regulatory Approvals and Compliance
- Value for Money (for more information, please see the UK Aid Direct value for money guidance).
- The NIHR Global Health Research Finance Guidance for Applicants covers what can be funded through NIHR ODA.
- The Financial Guidance for NIHR Global Health Research Programme Contract Holders on Exchange Rates provides advice on how to deal with foreign currency denominated transactions.
- The NIHR Safeguarding Guidance sets out the standard NIHR approach to safeguarding and the principles which Research Organisations / Institutions involved in managing any NIHR funded programmes should apply.
- The Global Grant Community Good Financial Grant Practice Standard (GFGP) provides an innovative and integrated approach to standardize, simplify and strengthen financial governance of grant funding worldwide. Please see also the GFGP Information hub and the Good Financial Grant Practice (GFGP) standard online assessment tool.
- The International Aid Transparency Initiative (IATI) Standard is a set of rules and guidance about what data organisations should publish and what format it should be presented in.
- During due diligence and before sending funds to some countries, the following lists should be checked: financial sanctions targets by regime list; UK sanctions list; financial sanctions targets: list of all asset freeze targets.
- The Corruption Perception Index could help in risk based approach in risk management.
Section 4: Continuous improvement
Good practice is best sustained through continuous improvement (for example, ISO 9001 10.3 Continual Improvement). This Good Practice Guide will be updated periodically. Organisations participating in AFRs may be asked if they would allow DHSC to use their documents as examples of good practice that are referenced and shared as part of this guide.
|Stage of history||History information|
|Issue date||28 June 2021|
|Effective date||28 June 2021|
|Coordinating centre||Finance team contact details|
|Central Commissioning Facility (CCF)||firstname.lastname@example.org|
|NIHR Evaluation, Trials and Studies Coordinating Centre (NETSCC)||email@example.com|