Annual report and accounts 2024 to 2025

Accountability report: Corporate governance report

This report explains the composition and organisation of ORR’s governance structures and how they support the achievement of our strategic objectives.

Directors’ report

Directors

Executive and non-executive members of the ORR Board are listed in the 'governance statement'.

Register of interests

The Board Secretary maintains a register of interests, a version of which is published on our website. Any interests with the potential to cause a conflict are managed in accordance with the Board’s rule of procedure.

Personal data-related incidents

There were no personal data-related incidents requiring notification to the Information Commissioner’s Office during the year.

John Larkinson
Accounting Officer
8 July 2025

Statement of Accounting Officer’s responsibilities

Under the Government Resource and Accounts Act 2000, HM Treasury has directed ORR to prepare for each financial year resource accounts, detailing the resources required, held, or disposed of during the year and the use of resources by ORR during the year. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of ORR and of its income and expenditure, statement of financial position and cash flows for the financial year.

In preparing the accounts, the Accounting Officer is required to comply with the requirements of the Government Financial Reporting Manual and in particular to:

  • Observe the Accounts Direction issued by the Treasury, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis;
  • Make judgments and estimates on a reasonable basis;
  • State whether applicable accounting standards, as set out in the Government Financial Reporting Manual, have been followed, and disclose and explain any material departures in the financial statements;
  • Prepare the financial statements on a going concern basis; and
  • Confirm that the annual report and accounts as a whole is fair, balanced and understandable, and take personal responsibility for the annual report and accounts and the judgments required for determining that it is fair, balanced and understandable.

The Treasury has appointed the Chief Executive as ORR’s Accounting Officer. The responsibilities of an Accounting Officer, including responsibility for the propriety and regularity of the public finances for which the Accounting Officer is answerable, for keeping proper records and for safeguarding ORR’s assets, are set out in Managing Public Money published by HM Treasury.

As the Accounting Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information, and to establish that ORR’s auditors are aware of that information. So far as I am aware, there is no relevant audit information of which the auditors are unaware.

Governance statement

This statement explains the governance arrangements of ORR, including the management of risk and resources.

Governance structure

Our governance structure for 2024-25 is shown below:

Governance structure

The Board

ORR is a non-ministerial government department led by a statutory Board consisting of non-executive directors (including the Chair) and executive directors (including the Chief Executive). The Secretary of State for Transport makes appointments to the Board for a fixed term of up to five years, which is renewable, but can only remove individual members for grounds specified under paragraph 2 of Schedule 1 of the Railways and Transport Safety Act 2003.

The Board provides support and challenge on the effective running and long-term strategy of ORR as well as on the department’s performance and risk management, and progress against delivery of our objectives and priorities. Members’ duties and responsibilities are set out in a code of conduct included in the Board’s rules of procedures. The Board’s objectives are aligned to key business and risk management activities.

Membership and appointment terms of ORR’s Board as at 31 March 2025 were as follows:

Non-executive directors

Declan Collier, Chair, reappointed to 31 December 2028

Justin McCracken, Deputy Chair, reappointed to 30 September 2025

Xavier Brice, appointed to 16 January 2027

Ian Dobbs, appointed to 1 December 2029

Anne Heal, reappointed to 30 September 2026

Madeleine Hallward, reappointed to 12 April 2030

Daniel Ruiz, appointed to 16 January 2027

Catherine Waller, appointed to 16 January 2027

Executive directors

John Larkinson, Chief Executive, reappointed to 27 March 2027

Richard Hines, Director, Railway Safety, appointed to 26 June 2029

Changes to Board membership

The following changes to Board membership took place this year:

  • The term of appointment of Ian Prosser (executive director) ended on 26 June 2024.
  • Richard Hines was appointed as an executive Board member from 27 June 2024.
  • The term of appointment of Bob Holland (non-executive director) ended on 31 December 2024.
  • Ian Dobbs was appointed as a non-executive director from 2 December 2024.

Board meetings

The Board held 15 formal meetings in 2024-25.

Key areas of discussion

  • Regular reports on health and safety risks across the rail industry, as well as oversight of cross-office work to review how duty holders assess the costs and benefits of safety interventions.
  • Progress on the rail reform agenda.
  • Performance of Network Rail, with particular attention to train reliability and punctuality, financial efficiency, asset reliability, weather risk safety management, environmental targets, and safe operation of the railway, as well as freight performance and freight growth.
  • Holding to account of Network Rail for the delivery of its performance obligations further to the findings of an investigation into the Wales & Western Region.
  • Delivery of PR23, including CP7 passenger train performance reset and measures for 2026-29.
  • Key stages of the periodic review process of HS1 Ltd (PR24), approving the final determination agreed in December 2024.
  • Performance of HS1, with particular attention to health and safety targets, asset management, train service provision, and financial performance and efficiency.
  • Competing and complex track access applications, including open access services.
  • Performance of National Highways, with particular attention to efficiency, enhancements, asset management and environmental targets, and oversight of ORR’s third annual assessment of safety on the strategic roads network.
  • Holding to account of National Highways to determine whether it is compliant with the Road Investment Strategy (RIS) and its licence, in regard to performance, delivery, and capability.
  • Sponsorship of the rail ombudsman, including an update on contract management, performance, and use of data.
  • Oversight of ORR’s work on improving the rail passenger experience and its role as competition authority for the rail industry, as well as reviewing train revenue protection practices.
  • Progress in delivering the data strategy implementation plan to maximise the value of data within ORR.
  • ORR’s role in improving sustainability, including its current role and remit across both rail and road.
  • Participation in a programme of engagement to better understand the needs of our stakeholders, including external speakers at Board meetings as well as field visits and stakeholder meetings focused on rail and road (namely transport in Scotland and the freight sector).
  • Analysis of TfL funding, commissioned and funded by DfT.
  • Regular reporting of ORR’s financial performance and capability, progress against the business plan for 2024-25, communications strategy, and strategic risks.
  • The annual review of effectiveness of the Board.

Audit and Risk Committee

The Audit and Risk Committee supports the Board in its responsibilities for issues of risk, control and governance and associated assurance. Its role is to review whether assurances presented are sufficient and comprehensive enough to meet the Board and the Accounting Officer’s needs, and to assess the reliability and integrity of those assurances, as well as to provide an opinion on how well the Board and Accounting Officer are supported in decision making and in discharging their accountability obligations (particularly in respect of financial reporting and risk management).

The Audit and Risk Committee comprises four non-executive directors (one of whom chairs the committee) and an independent member.

Ian Dobbs was appointed to the Audit and Risk Committee from December 2024. Madeleine Hallward stepped down from the Audit and Risk Committee in December 2024.

Bob Holland stepped down as Chair of the Audit and Risk Committee in December 2024 and was replaced by Daniel Ruiz.

The committee met five times during the year.

Key areas of discussion

  • Internal and external audit plans and progress against those plans, including progress made in implementing audit recommendations.
  • Key strategic and corporate risks for ORR and how they are managed.
  • Renewal of the internal audit contract with RSM.
  • Changes to the presentation of risks to the Audit and Risk Committee.
  • Learning and development spend controls.
  • Regular reporting on cybersecurity, including threats, trends and cyber effectiveness.
  • The annual report and accounts and draft governance statement.

People Committee

The People Committee fulfils the functions of a remuneration and nominations committee. It has a specific role in reviewing the performance and remuneration of ORR’s senior civil servants including the Chief Executive, as well as advising the Chair on non-executive recruitment and induction. It maintains oversight of our people-related strategies (such as our reward strategy for employees below the senior civil service)
and culture.

The committee, which comprises three non-executive directors, met four times during the year.

Key areas of discussion

  • The performance of ORR’s senior civil servants during 2024-25.
  • ORR’s pay policy and non-consolidated performance-related pay awards for its senior civil servants, ensuring that this is consistent with the annual guidance produced by Cabinet Office for the senior civil service as a whole and meets Secretary of State approval.
  • Implementation of ORR’s pay and reward and diversity and inclusion strategies.
  • People and employee relations data, including a deep dive into the structure of the Railway, Planning and Performance directorate and the Highways team.
  • The annual civil service people survey results.
  • An externally facilitated audit of the organisation’s culture.
  • The succession and talent management arrangements for senior civil servants covering critical roles at ORR.
  • Advice and progress update on the recruitment of non-executive directors.

Health and Safety Regulation Committee

The Health and Safety Regulation Committee’s role is to develop, maintain, review and update ORR’s health and safety regulatory strategy and the overall adequacy of arrangements to meet ORR’s statutory duties. It consists of a mix of non-executive and executive members.

The committee met four times during the year.

Bob Holland and Daniel Ruiz stepped down from the Health and Safety Regulation Committee in December 2024.

Ian Dobbs and Madeleine Hallward were appointed to the Health and Safety Regulation Committee in December 2024.

Key areas of discussion

  • ORR’s strategic approach to health and safety regulation, including key performance indicators, risk profiling, formal enforcement, and activity planning (including a regulatory strategy for trains passing the end of their movement authority), and working with other relevant bodies such as RAIB and IGC (for Channel Tunnel matters).
  • The development of health and safety-related policy, considering inter alia the management
    of fatigue, enforcement, train protection systems, and ORR strategic risk chapters.
  • Industry and dutyholders’ health and safety performance.
  • Network Rail’s work to improve track worker safety, fire safety, structures compliance, modernising maintenance, and extreme weather resilience.
  • Safety performance and management of non-mainline sectors, including heritage operators, London Underground and UK Trams.
  • Relevant ‘lessons learned’ reviews from inside and outside the rail industry.
  • Emerging safety trends and challenges, including cybersecurity and high integrity software-based systems.

Highways Committee

The purpose of the Highways Committee is to oversee the work of the highways team, advise the ORR Board and act as a forum for policy development with senior staff. It consists of a mix of non-executive and executive members. The committee met three times in the year.

Key areas of discussion

  • Reports from our monitoring framework for National Highways.
  • National Highways’ capital planning and asset management.
  • Operational performance, including safety
    and efficiency.
  • National Highways’ safety performance, including the performance of safety systems on smart motorways.
  • Consideration of options for the interim settlement year, in the absence of a RIS.

Meeting attendance

Meeting attendance in 2024-25 was as follows:

MemberBoardAudit and Risk CommitteePeople CommitteeHealth and Safety Regulation CommitteeHighways Committee
Declan Collier15/15--4/4-
Xavier Brice13/155/5-4/4-
Ian Dobbs3/50/1-2/2-
Madeleine Hallward12/154/4-0/13/3
Anne Heal15/15-4/4-3/3
Richard Hines12/12--3/3-
Bob Holland9/124/4-2/3-
John Larkinson15/15--3/42/3
Justin McCracken15/15-4/44/4-
Ian Prosser3/3--1/1-
Daniel Ruiz14/151/1-3/33/3
Catherine Waller8/153/53/4--
Nicholas Bateson [note 1]-5/5---

Note 1: independent member of the Audit and Risk Committee, reappointed to 30 September 2027.

Board effectiveness

The Board and its standing committees are governed by the Board’s rules of procedure. There is a formal appraisal system for all Board members, including executive members, undertaken by the Chair. Committee chairs report to the Board after each meeting and minutes are circulated to Board members. The Board is required to review its own performance, including that of the committees, on an annual basis (conducted externally at least every three years, most recently in 2022-23), and its rules of procedure on a biennial basis (most recently in January 2024).

In early 2025, an internal review of Board effectiveness was undertaken. The review highlighted several key strengths, including the Board's ability to monitor the political environment, the effective collaboration between the Chair and Chief Executive, and the objective and collaborative decision-making process. The Board also demonstrated a deeper understanding of ORR’s core activities and strategic direction, supporting and debating ORR’s strategy, and maintaining clear ways of working between the Board and executive.

The review noted the importance of stakeholder engagement, with several site visits and stakeholder dinners arranged throughout the year. Further attention was given to matters of risk, succession planning and effective working between committees and Board.

Conflicts of interest

The Board’s rules of procedure include strict guidelines on conflicts of interest. A register of Board members’ interests is available on our website, and members declare interests on agenda items at the start of every Board and committee meeting. On the rare occasion where there is a risk of a conflict of interest, the Board must decide whether or not the relevant member must withdraw from the meeting during discussion of the relevant item, and this is recorded in the minutes. No issues arose during the year where a Board member was required to withdraw from a meeting.

Compliance with the Code of Practice on corporate governance

ORR is a non-ministerial government department with its functions vested in a statutory Board appointed by the Secretary of State. On that basis, there are some departures from the model envisaged in the ‘Enhanced Departmental Board Protocol’ for ministerial departments, as follows:

  • The Board reserves to itself any changes in its governance and scrutiny thereof, so there is no committee with responsibility for governance.
  • The senior management team and the Board do not include a finance director as ORR is not a spending department.
  • The Board has a role in deciding individual reward for senior civil servants (further to the recommendation of the People Committee). This approach adds a useful element of independence and objectivity given the small size of the department.

These exceptions aside, the Board considers that ORR is compliant with the principles established in the Code for central government departments. The Board and senior team operate according to the recognised precepts of good corporate governance in business, namely: leadership, effectiveness, accountability, and sustainability.

The executive

As Chief Executive, I head ORR and am also the Accounting Officer. Executive governance arrangements are based around two committees. Each committee involves a sub-set of executive directors as appropriate.

  • The Executive Committee meets weekly and oversees operational issues such as progress against the business plan and allocation of resources for business planning.
  • The Regulation and Policy Committee meets three times a month and assists the development of safety strategy, policy, and reviews the overall adequacy of arrangements to meet ORR’s statutory duties.

In addition, certain major workstreams have their own programme Board, for example, the PR23 programme. Programme Boards are made up of a task-appropriate mix of executive Board members, directors and staff.

Managing outside interests

Leavers from ORR are reminded of the business appointment rules (BARs) in place for departing civil servants, as part of our leaving process. Similarly, as part of the onBoarding process new joiners are asked to disclose any conflict of interest (this is in addition to an annual disclosure process) and are referred to the employment handbook and policy available on our intranet.

Application of business appointment rules

In compliance with business appointment rules, we are transparent in the advice given to all grades of employees and those at SCS level. Our conflict of interest policy is published on our intranet and we advise our employees that there must never be any reason for people outside ORR to suspect that our decisions may be influenced by private interests. We therefore impose certain restrictions on employees’ financial and non-financial activities. These requirements form part of their employment contract and the Civil Service Code. In 2024-25 there was one exit where BARs were set. In 2023-24 there were no exits where BARs were required or set.

Internal whistleblowing

All employees at ORR are required to comply with the terms of the Civil Service Code, including the core values of integrity, honesty, objectivity and impartiality. The Code also sets out what an employee must do if they believe they are being required to act in a way that conflicts with the Code, or if they become aware of actions of others which they believe are in conflict with the core values.

Our ‘whistleblowing and raising a concern’ policy is available to all staff on our intranet. One internal whistleblowing complaint was raised and closed after an investigation in 2024-25. In 2023-24 no complaints were raised.

External whistleblowing

ORR is a prescribed person under UK whistleblowing law and values the role whistleblowers can play in ensuring effective regulation. The law allows employees and ‘workers’ to make disclosures of information in the public interest, by giving them protection from victimisation or detriment by their employer.

Whistleblowers can talk to ORR about their concerns of things that have happened, are currently happening, or are likely to happen, if they believe it raises a matter of wider public interest relating to: the provision and supply of railway services; or any activities related to the Office of Rail and Road’s functions.

An annual report of whistleblowing disclosures received by ORR in its capacity as a prescribed person is published on our website.

Risk management

Management of risk is delegated to the Executive Committee. The Audit and Risk Committee is responsible for assuring the Accounting Officer and the Board on the adequacy of risk management processes.

Risk is managed in line with our risk management strategy. The strategy has been approved by the Executive Committee and agreed as appropriate by the Audit and Risk Committee. The risk management strategy is supported by a risk manual which provides guidance on the operational aspects of risk management for colleagues. Our risks are aligned to the risk categories in HM Treasury’s risk management guidance – ‘The Orange Book’. Risk management is the responsibility of all colleagues within ORR, and organisation-wide risk management training is available on our e-learning platform.

Our corporate risk dashboard contains largely operational and reputational risks with a close proximity which need to be actively managed. Risk registers are maintained by each directorate. Risk champions in each directorate are responsible for collating risks at directorate level. This ensures that risks at working level are captured. Risk champions come together as a group quarterly to discuss the top risks in their area and to provide an additional perspective on others’ risks. The corporate risk dashboard is then discussed by the deputy directors’ group, who moderate the scoring and provide assurances for the risks in their areas, ahead of discussion and challenge of the top risks by the Executive Committee. Corporate risks are reviewed quarterly by the Audit and Risk Committee. The key corporate risks we have faced and actively managed in the year are outlined in the 'performance analysis' section.

The strategic risk register identifies those risks which have the potential to have a serious, critical or existential impact on ORR’s ability to meet its strategic objectives and are typically longer-term risks which do not change quickly and require less active management. Strategic risks are informed through an annual horizon scanning exercise. They are reviewed quarterly by the Executive Committee and biannually by the Audit and Risk Committee. The Board considers the key strategic risks facing ORR annually.

Quality assurance of analysis and publications

We have up-to-date quality assurance guidance, including an analytical assurance framework, robust processes and accessible tools in place for effective risk management of analysis and decisions. This helps to inform and support our analysts, policy, and decision makers.

During the year we published our list of business critical models (BCMs) on our website. We continue to assess the fitness for purpose for each of the BCM quality assurance and governance processes using a five-pillar methodology and a scoring system. This is in alignment with the recommendations from Sir Nick Macpherson’s review of quality assurance of government models, the Aqua Book, the government functional standard and best practice across government. The internal BCM panel has helped to support cross-working between model leads and to strengthen quality assurance processes.

Information assurance

We maintain an information strategy as part of our wider technology strategy. ORR is registered as a data controller with the Information Commissioner and adheres to the provisions of the Data Protection Act 2018 and the UK General Data Protection Regulation. We have a data protection officer as mandated by the legislation who advises the office with regards to compliance. Our privacy policy is published on our website.

We maintain a risk register on information risk and oversee our compliance with our government information assurance requirements through quarterly reporting to the Audit and Risk Committee and yearly assurance to Cabinet Office through the Departmental Security Health Check.

This checks our compliance with the requirements of the Cabinet Office’s minimum security standards where they apply to us in relation to physical, personnel and incident management standards. Cyber standards are assessed both independently using penetration tests, red team and purple team events and participation in Cabinet Office’s GovAssure programme. Identified changes are handled through an ongoing cyber security plan to maintain strict technical controls across our network and devices.

Internal audit

Our internal auditors for 2024-25 were RSM. Throughout the year RSM delivered a programme of audit reviews which was developed jointly with the executive and endorsed by the Audit and Risk Committee. The plan was designed to address the key risks facing the organisation and to provide assurance that our key business processes are fit for purpose. The most that the internal audit service can provide to ORR is reasonable assurance that there are no major weaknesses in those systems audited. Based on the reviews undertaken and specific testing and evaluation performed during the year to 31 March 2025, RSM’s opinion is that ORR has an adequate and effective framework for risk management, governance and internal control, with some further enhancements to the framework needed to ensure that it remains adequate and effective. Recommendations made by RSM during the year have either been implemented already or will be implemented in 2025-26.

Following an audit of our data governance, we have updated our information strategy in line with the Cabinet Office functional standard Gov005 and have reviewed user access to our data warehouse. We have also expanded the remit of our Information Governance Group to provide a holistic view of our data, information and technology strategies across the organisation. Following an audit on cyber risk assessments, we have updated our policies on acceptable use of IT and passwords to ensure the organisation is following best practice on cybersecurity. Some outstanding recommendations cut across both the data governance and cyber risk audits and will be completed in 2025-26.

Value for money from major contracts

It is our policy to utilise competitive tendering when seeking goods and services from third party suppliers, whenever practical. On occasions where a sole source approach is necessary, robust justification must be provided and signed off by a senior member of staff.

For high value contracts, we have four main routes to access the market, depending on the tender requirements: Crown Commercial Services frameworks, wider public sector frameworks, Dynamic Purchasing Systems (DPS), and open tenders. Our primary strategy is to use framework agreements through mini-competitions or direct awards where it can be demonstrated that the supplier offers value for money. These frameworks often include benchmarking provisions to ensure the contract retains its value for money. The DPS allows suppliers to join at any time and is particularly useful for procuring goods and services that are commonly available in the market and can be adapted to changing needs over time to ensure we have the widest reach in supplier base and secure the best value for money.

For consultancy tenders, we either use a framework or undertake an open competition, publicising the requirements through Contracts Finder and the Central Digital Platform. This approach opens opportunities to small and medium enterprises that often specialise in our specific consultancy needs. We focus on price and whole life costs as key criteria.

Our procurement process and strategy have been updated to comply with the Procurement Act 2023. Continuous professional development opportunities are provided to procurement staff to stay updated with the latest regulations and best practices, ensuring value for money in our procurement activities.

For high value contracts, we ensure a comprehensive contract management approach that includes regular performance reviews, supplier feedback mechanisms, and clear escalation procedures for addressing issues. Specific KPIs related to social value and sustainability are included in contract performance monitoring where it is
appropriate to do so.

The transition from the previous Public Contracts Regulations 2015 to the Procurement Act 2023 has allowed us to transform our procurement approach, emphasising Most Advantageous Tender (MAT) and value for money. By modernising our processes to make them quicker, simpler, and more flexible, we ensure that our procurement activities are not only compliant with the latest regulations but also focused on achieving the best value for money. This approach helps us to maximise the efficiency and effectiveness of our spending, ensuring that we obtain high-quality goods and services at the most competitive prices.

Procuring sustainable products and services

Sustainable procurement involves managing internal demand to ensure that only appropriate goods and services are obtained from third parties. This includes selecting suppliers with relevant sustainability credentials, utilising eTendering, and opening up procurements to small and medium enterprises (SMEs).

For a large proportion of our common goods and services, we continue to utilise the Crown Commercial Service (CCS) frameworks, which adhere to Government Buying Standards. These standards set out mandatory minimum requirements for goods and services such as paper, office equipment, ICT, cleaning products, furniture, construction, and fleet.

We have included additional sustainability questions in relevant tenders where proportionate to do so and will continue this approach in the coming year.

We aim to integrate environmental, social, and economic considerations into purchasing decisions, following systematic approaches such as using the Government Buying Standards. We are committed to supporting the government’s target of achieving net-zero carbon emissions by 2050, and our contracts where appropriate specify the removal of single-use plastics and transition to renewable, low-carbon energy sources.

By continuously updating our procurement practices and incorporating sustainability criteria, we ensure that our procurement activities contribute to long-term environmental benefits for our organisation, society, and the economy.

Functional standards

During the year we have assessed ourselves against Cabinet Office’s functional standards. Most mandatory elements have been met at 31 March 2025. Where they have not been met and they are considered appropriate for ORR, there is an action plan in place to achieve compliance.

Accounting Officer’s statement

As Accounting Officer, I am personally responsible and accountable to Parliament for the organisation and quality of management in the department, including its use of public money and stewardship of its assets. The system of internal control in place to support me in this capacity accords with all relevant HM Treasury guidance.

My review of the effectiveness of the system of internal control for 2024-25 was informed by the Audit and Risk Committee, from assurance statements from directors across the organisation, and from information on levels of compliance with relevant government functional standards. This is further supported by independent assurances from internal and external audit.

As Accounting Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information and to establish that ORR’s auditors are aware of that information. I am not aware of any relevant audit information which has not been disclosed to the auditors.

I have considered the evidence that supports this governance statement and am assured that ORR has a strong system of internal control in place to support the achievement of its strategic objectives. During the year our internal auditors have made a number of recommendations to management to enhance governance, risk management and control. Where actions have not yet been completed, action plans are in place for all recommendations made.

I confirm that the annual report and accounts are fair, balanced and understandable. I am personally responsible for them, and for the judgments required to determine this.

John Larkinson
Accounting Officer
8 July 2025