Contact your Parish Council
Corporate level risk update
October 2017
The Corporate level risks are those that at the highest level can impede the achievement of our strategic objectives. They are inherently of a higher impact due to the nature of the risks.
Following the last update to Policy & Resources Committee in April 2017 we have facilitated a risk workshop with Senior Officers and Members to review and update the corporate risks. As part of this session, we looked at the existing risks, the external environment, and the three key priorities for 2017/18 – a home for everyone; regenerating the town centre; providing a clean and safe environment. This resulted in a list of risks, some existing and some new, that needed then to be assigned to a risk owner and assessed.
In addition to this exercise, the Council, as part of service planning, asked all Services to identify their operational risks. These are collated into a single comprehensive risk register and are monitored and reported. A summary of the risk process is attached in appendix A.
We undertook an exercise to classify and map the corporate and operational risks in order to identify any key risk themes. Collectively this highlighted 9 key risk areas. Using these risk areas we met with risk owners to distil and define them into key risks. These 9 risks now form the corporate level risks.
A summary of the risk headings and the high level risk matrix – which plots each risk – is set out below:
Changes since 2016/17
Risks change continuously, and this is why it is important to ensure that we keep risks under review. Something that was a significant risk last year may not be this year. As time moves on we understand more about the risk, and the in some cases the uncertainty become less.
As we took a thematic approach across all of the operational risks and the outcomes of the corporate risk exercise there have been a number of changes to the risk profile and the risks as a result.
A summary of the changes that have been made since we last reported to Members in April 2017 is set out below. We have added some narrative as to why these changes have been made:
REMOVED from the register:
|
Risk title |
Comments |
1 |
Failure to deliver commercial strategy |
This risk has been superseded to reflect overall project delivery risk, due to the broader focus the Council takes, not just on commercial opportunities |
2 |
Devolution |
As the prospect of further devolution appears to have receded, this risk has been superseded by a wider risk relating to partnership engagement |
3 |
Over cautious administration |
This risk was initially identified at a point in time when there was less clarity about future strategy and governance |
4 |
Growing Population |
The impact of service performance / quality is monitored through operational risk registers |
5 |
Technology |
This risk has been superseded by a risk relating to system failure or cyber security |
ADDED to the register:
|
Risk title |
Comments |
1 |
Project failure |
Reflects the overall risk to the council of capital projects failing |
2 |
Poor partner relationships |
Reflects the risks to the council of engaging with partners and balancing differing expectations |
3 |
Legal / Compliance Breaches |
Added to recognise the impact to the council of breaching laws / regulations |
4 |
ICT system failure / security |
The risks relating to council systems failing or a breach of network security |
5 |
Increased Housing pressures |
Reflects the various pressures on the council from the housing demand challenges |
The Corporate risk register has therefore been updated to reflect the above changes, and risk owners have been reviewed, updated and assessed the risks.
Corporate Risks
The table below sets out each of the corporate risks in detail. Risk owners have assessed the impact and likelihood (definitions attached in appendix B) of the risks and identified the key controls and planned actions necessary to further manage the risk to an acceptable level:
Risk (full description) |
Risk Owner |
Key Existing Controls |
Inherent rating |
Controls planned |
Mitigated rating |
||||
I |
L |
∑ |
I |
L |
∑ |
||||
Breakdown of Governance Controls
Failure of the governance controls results in the Council making poor decisions or missing significant opportunities |
Angela Woodhouse & Patricia Narebor |
- Framework in Constitution - Committee agendas and work programmes - Process for quick decision making in place (Urgency Committee) - Member and Officer training programme - Legal advice available - Sign-off in modern prior to report release from S151, Legal and Policy and Information Team - Political Awareness and Report writing training |
4 |
2 |
8 |
- Regular review of the constitution - Democracy Committee review of planning referral process |
4 |
2 |
8 |
Legal / Compliance Breaches
Breaches of regulations / laws result in significant financial penalties and damage to Council reputation |
Angela Woodhouse |
- Individual service process designed to ensure compliance and supported by procedures - Information governance group - Training and guidance available
|
5 |
4 |
20 |
- Action plan to manage GDPR specifically - Training - Awareness Raising - Additional resource to support action plan delivery shared with Tunbridge Wells |
5 |
3 |
15 |
Workforce Capacity & Skills
The Council is unable to recruit or retain staff with the specialist, technical or professional expertise necessary to deliver its ambitions. |
Alison Broom & Dena Smart |
- Workforce Strategy monitoring and reporting - Regular benchmarking of salary levels with public sector employers in South East England - Rewards package - Training and development programme - Use of specialist agency staff - Ability to adjust pay / offer market supplements - Recruitment processes - Resilience from shared service arrangements |
2 |
2 |
4 |
- Implementation of actions from Investors In People assessment - Improved agency supplier agreement (Matrix ) - Extended partnership arrangements to ensure greater resilience |
2 |
2 |
4 |
Project Failure
Failure of significant capital projects of a housing and regeneration nature |
Dawn Hudd & William Cornall |
- Use of external specialist expertise such as Employers Agents on complex capital projects - Project management processes adhered to with project board reporting where appropriate with new risks or pressures identified at an early stage - Close working relationships with experienced partners and stakeholders - Specialist training undertaken by the newly formed capital projects team - The purchase of specialist development appraisal software (Proval) to more accurately predict financial returns as well as cash flows - Skills in this area brought in at CLT level - Close working with the Finance team on a well-developed capital programme that carefully considers cumulative exposure and cash-flow management |
4 |
5 |
20 |
- Detailed and consistent analysis of project risks at approval stage, through approval process required at Policy & Resources Committee - Adherence to a suite of financial hurdle rates for new capital projects which are reflective of different sector risk profiles - Growing awareness, expertise and success in bidding for grant monies from government to support the delivery of capital projects, so as to act as a buffer against cost overruns and income shortfalls - The adoption of and adherence to the Housing and Regeneration Investment Plan |
4 |
3 |
12 |
ICT Systems Failure / Security Security breach or system outage resulting in Council systems being unavailable and/or significant fines/ransom demands |
Chris Woodward & Steve McGinnes |
- Regular backups of ICT systems - Disaster recovery plan - ICT Security Policy |
4 |
4 |
16 |
- Procurement of additional security counter measures - Introduce cyber security software to test & improve staff awareness training |
4 |
4 |
16 |
Poor Partner Relationships
Conflicting partner expectations or poor engagement / cooperation leads to difficulty delivering services or other Council ambitions |
Alison Broom |
- Regular meetings / communication with partners - Joint working arrangements - Engagement with members - Governance arrangements for shared services - Governance arrangements for partnerships including Joint Transport Board, Safer Maidstone Partnership and Health and Well-Being Group |
4 |
3 |
12 |
- Increased joint work with KCC highways and waste teams - Protocol for joint working with Kent County Council concerning planning and transport |
3 |
3 |
9 |
Housing Pressures Continue to Increase
The housing crisis in the South East has a growing impact on MBC’s ability to fund and manage not only the homelessness service but also to meet the broader housing need that is emerging as a result of the limited supply of affordable housing. |
John Littlemore & William Cornall |
- Homelessness prevention team has been created in readiness for the Homelessness Reduction Act - MBC purchasing and leasing its own stock of temporary accommodation - MBC building its own portfolio of market rented housing within Maidstone Property Holdings Limited - Closer working with the housing association sector, and in particular Golding Homes - More money was set aside in this year of the MTFS to meet the rising demand |
4 |
5 |
20 |
- The possibility of the Council investing prudential borrowing monies into a JV with a housing association partner to take ownership of more of the affordable housing being delivered through the Local Plan is actively being explored, and an initial proposal will be put to the Policy & Resources Committee on 22nd November 2017 - Affordable housing development plan document within the Local Plan - Homelessness and temporary accommodation strategies have been introduced and are to be reviewed in December 2017 - Closer working with the voluntary sector, targeting the allocation of grants more the delivery of services to this area of need - Closer working with the private rented sector landlords, through the Home Finder scheme, and now starting to explore a more comprehensive offer to them |
4 |
3 |
12 |
Delays in the Local Plan being adopted and subsequently delivering the desired outputs
Delays in delivering the Local Plan as a result of Judicial Review, inadequate infrastructure provisions and the ability to process the necessary quantum of planning consents rapidly. |
Rob Jarman & William Cornall |
- Work plans in place - Communication and liaison with partners - CLT oversight of development management performance to increase the timeliness of application decisions - CLT oversight of S106 delays, this has been much improved of late |
4 |
4 |
16 |
- Learning lessons from other LP examinations - Town centre opportunity areas project to hasten the delivery of the town centre broad locations - Creation of a Major Projects Team in the Planning department to process major applications faster - Joint working protocol relating to S106 and infrastructure delivery close to be singed signed with KCC - Culture and behaviours programme to improve customer care and commerciality within the department - Delivery will largely be dependent upon market conditions, so ensuring an open dialogue with the major housebuilders through the Developers Forum and Breakfast Meetings |
4 |
3 |
12 |
Financial Restrictions
The Council does not achieve its income or savings targets, incurs overspends or does not have the funding to meet standards or deliver aims. |
Mark Green |
- Project management processes - External consultancy support - Programmes of work agreed (e.g. transformation and commissioning) - Budget monitoring processes in place
|
4 |
4 |
16 |
- MTFS adopted by Council - Plans developed to close projected budget gap - Lobbying to avoid Council suffering ‘negative RSG’ |
4 |
3 |
12 |
Risks above the appetite level
The ‘controls planned’ section of the risk register enables risk owners to highlight actions that are either planned, or that need to be taken in order to help manage the impact or likelihood. Any risks that fall into the red and black areas of the matrix signify a level of risk where we would be expecting action to be taken.
You will see that even with planned actions there are 4 risks that still score highly:
· Legal / Compliance breach
· Project failure
· ICT System Failure / Cyber Security
· Housing Pressures
The principle set out in the risk appetite guidance is that these risks will be monitored monthly and escalated to Corporate Leadership Team to ensure that the actions are being taken to appropriately address the risks where possible to do so. In addition, for risk owners to highlight any further support needed to ensure that the risk is being managed.
Risks by definition are uncertain, and it is not possible to remove all uncertainty, especially for the risks that align directly to the achievement of our objectives. We will therefore continue to report to Members and monitor progress over the course of the year to highlight any significant movement of risks over time.
Appendix A
Maidstone Risk Management Process: One Page Summary
Appendix B
Impact & Likelihood Scales