Emerging best practice
| Emerging best practice |
Proportional approach |
|
| Self-reporting vs own information |
|
| Substantive vs controls testing |
|
| Rolling assurance vs standing teams |
|
All major contracts need a bespoke compliance programme aligned to the risks of that contract. Supply chain assurance strategies should be set out early and included in the contract management plan. |
| Government data is easier to assure but is not always feasible or efficient. |
| Where suppliers self-report, government needs assurance. Controls assurance is often less onerous, more efficient, improves understanding and can help indicate broader concerns that need to be actioned. However controls testing requires more expertise to do properly. |
| A rolling programme of routine assurance could reduce the need for compliance testing of all contracts. | ||||
