Contact your Parish Council

 

MAIDSTONE BOROUGH COUNCIL

 

CABINET

 

13 FEBRUARY 2013

 

REPORT OF HEAD OF AUDIT PARTNERSHIP

 

Report prepared by Brian Parsons 

 

 

1.           STRATEGIC RISK REGISTER 2013 - 2015

 

1.1        Issue for Decision

 

1.1.1   A fresh draft Strategic Risk Register has been created which Cabinet is asked to adopt on behalf of the Council.

 

 

1.2        Recommendation of the Head of Audit Partnership

 

1.2.1   That Cabinet adopts the Strategic Risk Register shown as an appendix to this report.

 

1.2.2   That Cabinet agree the process for monitoring and reporting action on the Risk Register

 

1.2.3   That Cabinet agree the respective responsibilities for the risk management process (as shown in the body of the report)

 

1.2.4   That Cabinet agrees the ‘ownership’ of risk scenario 2 and whether the risk needs to be re-scored in terms of likelihood and impact.

 

1.3        Reasons for Recommendation

 

1.3.1   The report sets out the strategic risks to the delivery of the Council’s key objectives. The risks have been identified through risk workshops with the Corporate Leadership Team and a similar session at an informal Cabinet meeting.

 

1.3.2   The risk workshops were facilitated by a risk consultant from Zurich Risk Management Services Ltd and were funded by the allowance that the Council receives from Zurich under the terms of its insurance contract.

 

1.3.3   Strategic Risk can be defined as: Those risks, at a corporate level, which could materially affect the Council’s ability to achieve its aims and objectives.

 

1.3.4   Risks which do not meet the above criteria are by definition operational risks. Operational risk can be defined as: Those risks faced in the day-to-day delivery of services. Operational risks are identified and addressed as part of the annual service planning process.

 

1.3.5   The Council has adopted an established methodology for risk analysis and prioritization based around an approach which has been developed by Zurich Management Services Ltd, which conforms to best practice guidance from the Association of Local Authority Risk Managers (ALARM).

 

1.3.6   As part of the initial risk workshop exercise with the Corporate Leadership Team, the attendees were asked to agree which senior officer should have ‘ownership’ of the individual risks. Ownership in this sense means that the allocated senior officer will take responsibility for ensuring that the risk is properly managed. This involves the completion of a management action plan, which needs to be updated on a regular basis.

 

1.3.7   In the course of the informal Cabinet meeting on the 14 January 2013, it was agreed that the appropriate Portfolio Holder would take joint ownership of the risk.

 

1.3.8   The register itself needs to be similarly ‘owned’. The collective ownership of the Strategic Risk Register rests with the Corporate Leadership and with Cabinet. The Audit Committee then performs the role of ‘monitoring the effective development and operation of risk management’.

 

1.3.9   The draft strategic risk register identifies six risk areas and shows the officers and members who will be responsible for managing the risk and taking the necessary  risk mitigation measures :

 

·         Having the right resources which are used in the right way (Paul Riley/Alison Broom/Chris Garland

·         Delivering services in a way that increases the satisfaction of residents with the place they live (To be agreed)

·         Economic downturn/austerity agenda (Zena Cooke/John Wilson/Malcolm Greer)

·         Creating the place we want to be (David Edwards/Stephen Paine)

·         Delivering services in partnership with others (Alison Broom/Chris Garland)

·         Impacts arising from political change (Angela Woodhouse/Chris Garland)

1.3.10                 In accordance with the Council’s risk assessment methodology, each risk has been assessed in terms of the likelihood of each strategic risk occurring on a scale of 1 (minimal) to 6 (very high) and on the potential impact, on a scale of 1 (negligible) to 4 (major). The assessments are shown in the draft Strategic Risk Register (Appendix 1)and the Risk Matrix (Appendix 2)

 

1.3.11                 Since the meeting of informal Cabinet on 14 January, further consideration has been given to Risk Scenario 2. Initially this risk related almost exclusively to the channel shift proposals to deliver a significant number of services on-line. In discussion with the Chief Executive it was agreed that the risk scenario needed to be expanded to include satisfaction with Maidstone as a place to live and the way that services are provided to residents. This is a significant change to the original risk scenario and Cabinet is therefore asked to agree who is the most appropriate owner for this changed risk and whether the broader risk needs to be re-scored in terms of likelihood and impact.

 

 

Management Action Plans

 

1.3.12                  Management Action Plans will be completed by the risk owners. The ‘current risk score’ will incorporate a traffic light approach (red, amber, green) to reflect where the risk appears on the risk matrix.

 

1.3.13                 Six-monthly action plan updates will be sought from the risk owners. This will result in a report to Cabinet via Corporate Leadership Team.

 

1.3.14                 It is important that the strategic risk process becomes an embedded part of the governance and strategic management cycle and that it remains fresh and meaningful. Reports to CLT and Cabinet on risk will therefore be scheduled to coincide with reports on the Council’s Corporate Plan (June and November).

 

1.3.15                 New strategic risks will need to be added to the register as they emerge and older risks may no longer need to be managed at a strategic level and may therefore be dealt with operationally. The changes to the risk register need to occur as part of the six-monthly reporting process.

 

1.3.16                 Cabinet is asked to endorse this reporting process.

 

The respective responsibilities for the risk management process

 

1.3.17                 In order to ensure accountability, which is vital to the effectiveness of the process, it is essential that the roles and responsibilities of those involved in the process are clear. The following definition of responsibilities is proposed:

 

a)   The Head of Audit Partnership (together with the Audit Manager) is responsible for coordinating the strategic risk management process and reporting on the actions being taken to manage the identified risk.

 

b)    The individual senior officer ‘risk owners’ are responsible for taking action to manage their risks and for providing periodically updated action plans to the Head of Audit Partnership for subsequent reporting to Corporate Leadership Team and Members. Portfolio holders are responsible for agreeing the completed action plans with the responsible officer.

 

c)   Corporate Leadership Team is collectively responsible with Cabinet for the Strategic Risk Register and ensuring that strategic risk is properly managed.

 

d)   Cabinet is responsible for agreeing the Risk Strategy and adopting the Strategic Risk Register.

 

e)   The Audit Committee is responsible for monitoring the effective development and operation of risk management.

 

               

1.3.18                 Cabinet is asked to agree the respective roles for the risk management process as shown above.

 

 

 

1.4        Alternative Action and why not Recommended

 

1.4.1   The alternative action would be to not have a strategic risk register, however this would bring into question the adequacy of the Council’s governance and business planning arrangements.

 

1.5        Impact on Corporate Objectives

 

1.5.1   The Strategic Risk Register process provides a means of managing the risks to the delivery of the Council’s corporate objectives.

 

1.6        Risk Management

 

1.6.1   The Council is a complex organization responsible for many £ millions of public expenditure. It is also a tax collector receiving substantial levels of income. The actions of the Council have a major impact on the community for which it is responsible. It is therefore vital that the strategic risks to the Council’s objectives are identified and properly managed.

 

1.6.2   Risk, where managed correctly, is not necessarily undesirable. Riskier models of delivery can often be the most innovative and effective. The key to setting a positive risk appetite is the knowledge that the organization is able to manage risks effectively.

 

 

1.7        Other Implications

 

1.7.1    

1.      Financial	X
2.           Staffing	X
3.           Legal	X
4.           Equality Impact Needs Assessment
5.           Environmental/Sustainable Development
6.           Community Safety
7.           Human Rights Act
8.           Procurement
9.           Asset Management

 

 

1.7.2   The Risk Register identifies a number of risks that have a potential financial impact. 

 

1.7.3   The Risk Register identifies a number of risks that will impact on and need to be managed by, staff.

 

1.7.4   The Risk Register identifies a number of risk that have potential legal implications.

 

 

1.8        Conclusions

 

1.8.1   A draft Strategic Risk Register has been compiled to reflect the risks identified by Members and senior managers. The register now needs to be formally adopted, ownership and accountability needs to be clear and proper arrangements need to be put in place to monitor and report progress on the management of strategic risk.

 

1.9        Relevant Documents

 

1.9.1   Appendices

 

Appendix 1: Maidstone BC Strategic Risk Register – 2013 to 2015

 

Appendix 2: Risk Prioritization Matrix

 

1.9.2   Background Documents

 

Cabinet Members Strategic Risk Register Refresh – Draft workshop report – January 2013 – Zurich Management Services Ltd.

IS THIS A KEY DECISION REPORT? x     Yes                                               No     If yes, when did it first appear in the Forward Plan?   ..     This is a Key Decision because: ..   .       Wards/Parishes affected: ..   ..