Contact your Parish Council

Risk Management

Annual Report

March 2023

Executive Summary

A key principle of good governance is managing the effect of uncertainties on the achievement of our objectives (our risks). Having arrangements in place to identify and manage our risks increases the probability of achieving corporate and operational objectives by controlling risks in balance with resources.  Good risk management also increases our ability to cope with developing and uncertain events and helps to instil a culture of continuous improvement and optimisation.

The Risk Management Framework sets out how the Council identifies, manages and monitors risks.  This includes the risk appetite statement, which articulates how much risk the Council is comfortable with and able to bear.   

The purpose of this report is to provide assurance to Members of Audit, Governance and Standards Committee, that the Council has effective risk management arrangements in place.  Moreover, that risks identified through this process are managed and monitored appropriately. This assurance is vital to enable the Committee to fulfil the responsibilities as set out in the Terms of Reference:

“In conjunction with the relevant Policy Advisory Committee(s) to monitor the effective development and operation of risk management and corporate governance in the Council to ensure that strategically the risk management and corporate governance arrangements protect the Council.”

Roles & Responsibilities

We (Mid Kent Audit) are responsible for facilitating and coordinating the risk management processes across the Council.  Our role includes regular reporting to Officers and Members, through the Corporate Leadership Team (CLT), Corporate Services Policy Advisory Committee (PAC) and the Audit, Governance & Standards Committee.  We also provide workshops, training, and facilitate the effective management of risks throughout the Council. 

Having valuable and up to date risk information enables both Executive and oversight functions to happen effectively. The Corporate Services PAC has overall responsibility for the risks identified through the risk process and will review the substance of individual risks to ensure that issues are appropriately monitored and addressed.

As those charged with governance and oversight the Audit, Governance & Standards Committee are required to seek assurance that the Council is operating an effective risk management process.

Risk Management in Action – 2022/23

Throughout the year the risk management processes have operated in line with the Council’s Risk Management Framework (diag1).  The following risk profile diagrams (diag2) show the current risk profile as reported to Audit, Governance and Standards committee in March 2022 and as at March 2023.  The current risk represents the likelihood and impact of the risk based on our understanding of the future uncertainty at this moment in time.  The diagrams summarise the changes to the profile with further explanation of these changes provided below.

Diag 1                                                                                                                                       Diag2

During the year we completed the roll out of the Council’s risk management software – JCAD.  The software is available to all risk owners and senior management allowing them to view and update their risks.  JCAD provides a more efficient risk management process and more effective reporting of risk information.  Across Maidstone and Swale we delivered 84 training sessions on JCAD.  Participants were surveyed and from the 16/66 (24% return rate) replies the following was noted:

Additionally, we have provided several training sessions during the year to managers, risk owners and as part of the wider Staff Forum.  The training has ranged from specific training on our risk management processes and ‘understanding controls’ to more general training and awareness raising on risk principles.

The Council continues to monitor and update its corporate risks.  The corporate risks are those risks which have an affect across Council services and may affect delivery of the Council’s strategic priorities.  Throughout the year these risks have been routinely updated by risk owners and reported quarterly to CLT and the Corporate Services PAC.  The following table shows the Council’s corporate risks and how the risk score has changed throughout the year (as reported to Corporate Services PAC).

To support the identification of corporate risks the Council monitors risks on the horizon – i.e. those risks which are not yet sufficiently clear to be able to articulate as risks and manage, but which could have a significant affect on the delivery of the Council’s strategic priorities.  The risks on the horizon are monitored quarterly by CLT and the Corporate Services PAC.  The diagram summarises the external threats aligned to each of our priorities with those closest to the centre being those likely to materialise soonest.

Operational risk registers for all services were refreshed during the summer alongside the roll out of JCAD.  All Council services, including shared services, have identified risks which may affect delivery of their service objectives or wider Council priorities.  Risk owners review and update operational risks in line with the Risk Management Framework with the highest (red/black) risks reviewed at least quarterly and reported to Corporate Leadership Team.  The following matrices show the current risk profile at March 2022 and March 2023 – i.e. the risks as understood on those dates – and the Mitigated profile – i.e. the risk after planned actions are introduced.

As can be seen there are two black operational risks which are currently being managed and actions have been identified to reduce the risks.  These risks are routinely monitored by Corporate Leadership Team, and are as follows:

Risk Management in 2023/24

Due to resources within Mid Kent Audit the actual number of risk management days delivered in 2022-23 is lower than planned.  Audit, Governance and Standards Committee agreed 59 days of risk management work.  38 days have been delivered to date and 46 are anticipated to have been delivered by year end.  The focus of the work is as outlined in the previous section of this report, with originally planned work on updating the risk management framework and training Members not having progressed.

The following key areas of work have been identified for 2023-24:

·         Review and update the Council’s Risk Management Framework which has not been reviewed since 2019.

·         Maintain routine risk processes, ensuring risks are reviewed and key risk information is reported in line with the Framework.

·         Provide risk training, with a particular focus on ensuring Members have an adequate understanding of the Framework and their responsibilities.

·         Refresh the Council’s Corporate Risk Register with Members and senior management to ensure risks to the Council’s strategic priorities are adequately captured.

·         Continue to refine and enhance JCAD, in particular building on its reporting capability.

Additionally, the Council could enhance its risk management arrangements in the following areas.  Although, delivery of this work is dependent on Mid Kent Audit resources being available:

·         Project risk management to ensure significant projects are identifying, assessing and managing their key risks in line with the Council’s risk appetite. 

·         To review and update how risk is considered as part of decision-making reports to Members.

The overall number of days for this work would be between 47 and 53 days and have been considered within the context of the wider Mid Kent Audit plans for 2023-24 and the resources available.