This is insane. Why would you use EXEC, which bypasses the protection you get from injection attacks, and pretend you're using stored procs ? Why not just do:
SELECT count(jid) FROM tblJudgements1 where scategoryname='Judgements' and (favour = @favour
Also, you'd do better to store categories and favours in tables, and then map to them via ids instead of strings.