Part I F20/15 Eden District Council Scrutiny Co-ordinating Board 23 April 2015 Risk Management Strategy Report of the Director of Finance 1 Purpose of Report 1.1 The report presents the Council’s Risk Management Strategy for approval. 2 Recommendation That the appended draft Strategy is approved. 3 The Strategy 3.1 The draft Risk Management Strategy is appended. 3.2 The Risk Management Strategy plays an important role in setting out the key steps in the Council’s approach to risk management. Therefore, each annual update is brought to Members for approval. Such approval is a key element within the Council’s Annual Governance Statement (AGS). (The AGS is a statutory requirement that must be presented alongside the Council’s annual financial statements). 3.3 The draft Strategy was circulated to members of the Risk Management Group for any comments they might have. There were no proposals to amend the Strategy. 3.4 An internal audit of risk management arrangements was undertaken as part of the 2013-2014 Audit Plan. This was reported to the Accounts and Governance committee (as part of its normal overview of internal audit) at its meeting on 26 June 2014. Whilst the report concluded that there was a sound system of risk management it did make a number of recommendations. Two of the recommendations (both level 3) referred to the risk management strategy. A level 3 recommendation is defined as,’ A recommendation which is concerned with improving operational procedures or efficiency, but does not necessarily relate to an identified control weakness and is unlikely to result in additional risk if not actioned’. The two recommendations were: The Risk Management Strategy should be review and updated to include: how it links to the Council’s Governance Framework and Internal Control; and the wider principles and good practice of risk management as detailed in the risk management standards and codes of practice 1 The Risk Management Strategy should be reviewed and updated to detail: full Council and Audit Committee members’ role and responsibility for risk management; the risk management policy statement; risk management processes that includes the identification, assessment, prioritisation and treatment of risks; risk management activities and improvement actions that includes individual risks assessment action plans, the allocating the ownership of actions and a schedule of activities for implementation or mitigation risks; and the roles and responsibilities all those involved in the risk management arrangement. These two recommendations have been addressed in the appended draft Strategy. This means that all the recommendations have now been addressed. 4 Policy Framework 4.1 The Council has four corporate priorities which are: Housing Quality Environment Economic Vitality Quality Council Council, on 29 September 2011, agreed strategic actions to achieve these priorities. 4.2 Whilst this Strategy is not one of the identified elements of the budgetary and policy framework, it is an element within the Council's AGS, which is an element of that framework. 5 Implications 5.1 Legal 5.1.1 There are no implications. 5.2 Financial 5.2.1 Any decision to reduce or increase resources must be made within the context of the Council’s stated priorities, as set out in its refreshed Corporate Plan. 5.2.2 There are no direct implications. However, one of the key reasons for controlling risk is to reduce the cost of insurance and any uninsured losses. 2 5.3 Equality and Diversity 5.3.1 The Council has to have regard to the elimination of unlawful discrimination and harassment and the promotion of equality under the Equality Act 2010 and related statutes. 5.3.2 An Equality Impact Assessment is included at Annex 2 in the Strategy. 5.4 Environmental 5.4.1 The Council has to have due regard to conserving biodiversity under the Natural Environment and Rural Communities Act 2006. 5.4.2 There are no implications. 5.5 Crime and Disorder 5.5.1 Under the Crime and Disorder Act 2004, the Council has to have regard to the need to reduce Crime and Disorder in exercising any of its functions. 5.5.2 There are no implications. 5.6 Children 5.6.1 Under the Children Act 2004, the Council has to have regard to the need to safeguard and promote the welfare of children in the exercise of any of its functions. 5.6.2 There are no implications. 5.7 Risk Management 5.7.1 Risk management is a process whereby attempts are made to identify, actively control and reduce risk to protect the Council. This covers not only the traditional areas of insurable risk, but also the organisational risk that the Council faces in undertaking all its activities. 5.7.2 Risk management covered elsewhere in the report. 6 Reasons for Recommendation 6.1 Effective risk management is vital for a sound system of corporate governance. A Risk Management Strategy is important in setting out clearly the main steps that the Council takes. D J Rawsthorn Director of Finance Governance Checks: Checked by, or on behalf of, the Chief Finance Officer ✓ Checked by, or on behalf of, the Monitoring Officer ✓ 3 Background Papers: Eden Corporate Risk Register Internal Audit Report - Audit of Risk Management Contact Officer: Telephone Number: David Rawsthorn 01768 212211 4 Appendix Risk Management Strategy 2015 Updated: Update Frequency By: April 2015 Annual Director of Finance www.eden.gov.uk Customer Services Telephone: 01768 817817 Fax: 01768 890470 Write To: Director of Finance, Eden District Council, Town Hall, Penrith, Cumbria CA11 7QF E-Mail: E-mail the Director of Finance at: dof@eden.gov.uk Internet: Information on all of our services is available on our website: www.eden.gov.uk Accessible Information ENGLISH: A summary of the information contained in this document is available in different languages or formats upon request. Contact Eden District Council’s Communication Officer, telephone: 01768 817817 or email: communication@eden.gov.uk POLISH: Streszczenie informacji zawartych w niniejszym dokumencie można uzyskać na życzenie w innym języku lub formacie. Prosimy o kontakt telefoniczny z Referentem Rady ds. Komunikacji Okręgu Eden pod numerem telefonu 01768 817817 lub pocztą e-mail na adres communication@eden.gov.uk. TRADITIONAL CHINESE: 若閣下要求,本文件的摘要資訊可以其他版式和語言版本向您提供 請聯絡伊甸區地方政府傳訊主任 (Eden District Council's Communication Officer) ,其電話為:01768 817817,或發電郵至:communication@eden.gov.uk URDU (ﺍﺱ ﺩﺳﺘﺎﻭﯾﺰ ﻣﯿﮟ ﺷﺎﻣﻞ ﻣﻌﻠﻮﻣﺎﺕ ﮐﺎ ﺧﻼﺻﮧ ﺩﺭﺧﻮﺍﺳﺖ ﮐﯿﮯ ﺟﺎﻧﮯ ﭘﺮ ﻣﺨﺘﻠﻒ ﺯﺑﺎﻧﻮﮞ ﺍﻭﺭ ﻓﺎﺭﻣﯿﭩﻮﮞ )ﺷﮑﻠﻮﮞ ﭘﺮ01768817817 ﻣﯿﮟ ﺩﺳﺘﯿﺎﺏ ﮨﮯ۔ ﺍﯾﮉﻥ ﮈﺳﭩﺮﮐﭧ ﮐﺎﻭﻧﺴﻞ ﮐﮯ ﺍﻓﺴﺮ ﺑﺮﺍﺋﮯ ﻣﻮﺍﺻﻼﺕ ﺳﮯﻓﻮﻥ ﻧﻤﺒﺮ ﺭﺍﺑﻄﮧ ﮐﺮﯾﮟ ﯾﺎcommunication@eden.gov.ukﭘﺮ ﺍﯼ ﻣﯿﻞ ﮐﺮﯾﮟ۔ 1 1. What is Risk Management? Risk Management is a process whereby attempts are made to identify, actively control and reduce risk to protect the Council. This covers not only the traditional areas of insurable risk, but also the organisational risk that the Council faces in undertaking all its activities. The Health and Safety Executive has published its principles of sensible risk management. These are: 1. Sensible risk management is about: ✓ Ensuring that workers and the public are properly protected ✓ Providing overall benefit to society by balancing benefits and risks, with a focus on reducing real risks - both those which arise more often and those with serious consequences ✓ Enabling innovation and learning not stifling them ✓ Ensuring that those who create risks manage them responsibly and understand that failure to manage real risks responsibly is likely to lead to robust action ✓ Enabling individuals to understand that as well as the right to protection, they also have to exercise responsibility 2. Sensible risk management is not about: ✗ Creating a totally risk free society ✗ Generating useless paperwork mountains ✗ Scaring people by exaggerating or publicising trivial risks ✗ Stopping important recreational and learning activities for individuals where the risks are managed ✗ Reducing protection of people from risks that cause real harm and suffering This Strategy aims to follow these principles. 2. Key Aims The key Risk Management aims are as follows: to provide members of the public and employees with a safe and secure environment to protect Council assets, including its image 2 3. Key Steps The key Risk Management steps are as follows: 4. to operate a Risk Management Group to ensure that the management of insurable risk is properly planned and focused across the whole Authority to produce a Risk Register to include key organisational risks and regularly review this by senior management and Members to gain the support of all staff, but in particular of senior management, for the Strategy to include a Risk Management Implications section in the committee report pro forma. Roles and Responsibilities a) Risk Management Group The Council’s Risk Management Group is an important driver of the Council’s approach to Risk Management. Its terms of reference are to look at all aspects of risk to which the Authority is exposed, so as to minimise both the cost of insurance and the cost of direct exposure and to further the well-being of employees and residents of Eden District Council. The tasks of the Risk Management Group are to: • recommend a Risk Management Strategy setting out the Council’s approach to Risk Management to the Scrutiny Board • consider reports undertaken by the Council’s insurers on Risk Management issues within the Authority • review recent trends in claims and accidents • ensure commitment from senior management • publicise the workings of the Group and the concept of Risk Management • consider any training requirements The Group is comprised of the Director of Finance as Chairman, the Insurance Officer as Secretary, the Human Resources Manager and the Contracts and Property Manager. There is also an open invitation to the Risk Management representative from the Council’s insurers. The Group meets on a quarterly basis and its minutes are reported through to Management Team. 3 b) Management Team Management Team will, on a quarterly basis: c) • consider the minutes of the Risk Management Group • review the Risk Register Senior Managers’ Group The Senior Managers’ Group will, on an annual basis, review the Risk Register. d) e) Members • the Risk Register is reviewed quarterly by the Executive and annually by the Scrutiny Co-ordinating Board. • the Scrutiny Co-ordinating Board approves the annual Strategy. Staff After the annual review, the Risk Register is put on the Corporate Bulletin Board. 5 The Role of Risk Management in Corporate Governance Effective Risk Management arrangements are a key element within the Council’s governance framework. The governance framework is set out in the Annual Governance Statement (AGS). This is agreed annually by Management Team, the Executive and the Accounts and Governance Committee. The AGS seeks to meet the six principles of good governance (best practice as set down by the Chartered Institute of Public Finance and Accountancy). Principle 4 is, ‘taking informed and transparent decisions which are subject to effective scrutiny and managing risk’. The AGS refers to the key Risk Management controls in place, that is, those referred to in this Strategy. 6 Following Best Practice The Checklist at Annex 1 shows how the Council’s arrangements compare to good practice. 7 Risk Management Processes There are two key processes that ensure the Council’s Risk Management is soundly based. These are: the Corporate Risk Register - the quarterly review by Management Team is where the completeness and accuracy of the Register is reviewed. Each risk sets out: the risk owner - this is a named officer the likelihood of the risk occurring plus the impact of the risk. This gives the risk rating 4 an action plan if the risk rating is above an acceptable level any action plan states the responsible officer, the action required and date required by action plan implementation is the key focus of the review of the Register Risk Management implications in committee reports: every formal report to Members must include a Risk Management Implications section, completed by the report author. For major decisions, this will often be an extensive section the stated implications are reviewed at draft report stage as part of the governance checks process: the Director of Finance and the Director of Corporate and Legal Services have to sign off all reports 8. Review This Strategy will be reviewed on an annual basis by the Risk Management Group and Management Team before final approval by the Scrutiny Co-ordinating Board. The Director of Finance will be responsible for initiating the review. 9. Publication This Strategy will be published on the Corporate Section of SharePoint. It will also be put on the Corporate Bulletin Board for a short time to publicise the annual review. Updated April 2015 5 Annex 1 Best Practice – Risk Management Checklist 1. Risk Management Framework 1.1 Does the organisation have an established risk management function, for example, a risk champion, risk manager, risk management department, risk committee? Yes, the Director of Finance and the Risk Management Group. 1.2 How is risk management sponsored by the Accounting Officer, and responsibility shared with the Board and the Senior Management Team? The Director of Finance is the lead officer. The Corporate Risk Register is collectively owned by the Management Team. 1.3 Is the organisation’s approach to risk fully documented and widely distributed? (risk appetite) Yes, set out in the Risk Register and the Risk Management Strategy. 1.4 Does the organisation have a Risk Management Strategy? Yes. 1.5 Has the Risk Management Strategy been endorsed by the Accounting Officer/Board/Audit and Risk Committee? Yes, it is drawn up by the Director of Finance and is approved by Management Team and the Accounts and Audit Committee. 1.6 How has the Risk Management Strategy been promulgated to staff? 1.7 How often is the risk management strategy reviewed? When was the strategy last reviewed/updated? Reviewed and updated annually. This checklist is appended to the latest annual review. 2. Risk Management Process 2.1 Are the responsibilities of all staff clearly defined and regularly reviewed? 2.2 Do risk registers record the following information: – Identified risks – Inherent risk assessment (impact and likelihood) – Response to risk – Residual risk assessment (impact and likelihood) – Risk ownership – Timescale for actions required? 2.3 Is there a Risk Register in place which has identified the risks to the organisation at a strategic (organisational) level? Yes. Yes. Yes. 6 2. Risk Management Process (continued) 2.4 Are risk registers maintained at an operational (divisional) level? No, given the size of the Council there is one Risk Register covering corporate and key operational risks. 2.5 Are risk registers maintained at a project level or does evidence exist that risks are assessed for projects individually? Risk Registers are maintained as appropriate, for example, the shared IT service maintains a Risk Register which is reviewed at each Shared IT Board. 2.6 How often are risk registers reviewed? Quarterly. 2.7 What techniques are used by the organisation in identifying risks? By review of Management Team – given the size of the Council, the Chief Officers can reasonably be expected to be aware of key risks. 2.8 How regularly are the responses to key risks monitored? Quarterly, unless an individual action plan indicates more frequent monitoring is required. 2.9 Who is responsible for monitoring the risks? Management Team. 2.10 Is there a policy in place for managing the risks associated with working with partners at project level? A Protocol for Partnership Arrangements is in place. 3. Accountability Have responsibilities for identifying, managing and reporting risk been established? Included in the Risk Register. How regularly are these responsibilities reviewed? Quarterly. 3.2 Are responsibilities in relation to risk reflected in personal objectives and the performance appraisal system? No, not considered appropriate. 3.3 Have any significant internal control issues relating to identified risks been highlighted in the Statement on Internal Control in recent years? No. 3.4 Does the Internal Audit Service use the risk management framework when planning their work? Yes. 3.1 7 3. Accountability (continued) 3.5 How does the organisation gain independent assurance on the effectiveness of its risk management process? Internal Audit of risk management undertaken in 2014. External Audit review the Annual Governance Statement annually. Source: Summarised version of Good Practice in Risk Management – Northern Ireland Audit Office 8 Intentionally Blank 9 Annex 2 Impact Assessment – Risk Management Strategy 2015 1. About the policy/service/function Name of Policy/Service/Function being assessed Risk Management Strategy Job Title of Officer completing EIA Director of Finance Department/service area Finance Telephone number and email contact 01768 212211; david.rawsthorn@eden.gov.uk Date of Assessment April 2015 Main aims and objectives of policy/service/function The main aims are to provide members of the public and employees with a safe and secure environment and to protect Council assets, including its image Is this a: (please copy ✓ and place into appropriate box) New Policy/service/function or a proposal? Review of an existing policy? ✓ A changing/updated policy/service/function? Who are the stakeholders? Officers and members of the public 2. Gathering relevant information, evidence, data and research Consider the sources of information, evidence, data and research that will help you build up a picture of the likely impacts of your policy/service/function on the protected characteristic groups. List your sources of information and what they tell you. (Refer to Section 7.0, Step 2 on page 6 of the Guidance Notes). Information Source Location of data/information (give a link here if applicable) What does the data/information tell us? Previous Risk Management Strategy Council records The Risk Management Strategy plays an important role in setting out the key steps in the Council’s approach to risk management. 1 3. Assessing the Impacts From the information, evidence, data and research you have gathered, use this section to identify the risks and benefits for each of the different protected characteristic groups. Protected Characteristic Group Positive Impact or benefit (Y/N) Negative Impact or risk (Y/N) No impact (✓) Age ✓ Disability ✓ Gender ✓ Race ✓ Religion or Belief (including non-belief) Marriage and Civil Partnership Pregnancy and Maternity Gender Reassignment ✓ Sexual Orientation ✓ Rural Resident ✓ Details of likely impact(s) ✓ ✓ ✓ 2 How do you know? Action required to address impact(s) Give justification if action not possible Note any opportunities to promote equality 4. Action Planning What is the negative/ adverse impact or area for further action? Not Applicable Actions proposed to reduce/eliminate the negative impact Who will lead on the action(s)? Resource implications/ resources required When? (target completion date) Monitoring Arrangements 5. Outcome of Equality Impact Assessment (tick appropriate box) No major change needed - the analysis shows the policy is robust and evidence shows no potential for discrimination Adjust the policy/service/function - alternatives have been considered and steps taken to remove barriers or to better advance equality. Complete the action plan. Adverse impact(s) identified but continue - this will need a justification or reason. Complete the action plan. 6. Review Date of the next review of the Equality Impact Assessment April 2016 Who will carry out this review? Director of Finance 3 ✓
© Copyright 2024