To consider the approval of the Strategic Risk Register.

1.  That the Strategic Risk Register, as set out at Appendix 1 to the report of Head of Audit Partnership, be adopted.

2.  That the process for monitoring and reporting action on the Risk Register be agreed.

3.  That the respective responsibilities for the risk management process (as shown in the body of the report of Head of Audit Partnership) be agreed.

4.  That the risk owners of risk scenario 2 to be the Head of Change and Scrutiny and the Cabinet Member for Corporate Services and the risk be re-scored to a) Very Low for likelihood and b) Severe for impact.

The report of the Head of Audit Partnership sets out the strategic risks to the delivery of the Council’s key objectives. The risks have been identified through risk workshops with the Corporate Leadership Team and a similar session at an informal Cabinet Away Day.

The risk workshops were facilitated by a risk consultant from Zurich Risk Management Services Ltd and were funded by the allowance that the Council receives from Zurich under the terms of its insurance contract.

Strategic Risk can be defined as: Those risks, at a corporate level, which could materially affect the Council’s ability to achieve its aims and objectives.

Risks which do not meet the above criteria are by definition operational risks. Operational risk can be defined as: Those risks faced in the day-to-day delivery of services. Operational risks are identified and addressed as part of the annual service planning process.

The Council has adopted an established methodology for risk analysis and prioritization based around an approach which has been developed by Zurich Management Services Ltd, which conforms to best practice guidance from the Association of Local Authority Risk Managers (ALARM).

As part of the initial risk workshop exercise with the Corporate Leadership Team, the attendees were asked to agree which senior officer should have ‘ownership’ of the individual risks. Ownership in this sense means that the allocated senior officer will take responsibility for ensuring that the risk is properly managed. This involves the completion of a management action plan, which needs to be updated on a regular basis.

In the course of the informal Cabinet Away Day on the 14 January 2013, it was agreed that the appropriate Portfolio Holder would take joint ownership of the risk.

The register itself needs to be similarly ‘owned’. The collective ownership of the Strategic Risk Register rests with the Corporate Leadership and with Cabinet. The Audit Committee then performs the role of ‘monitoring the effective development and operation of risk management’.

The draft strategic risk register identifies six risk areas and shows the officers and members who will be responsible for managing the risk and taking the necessary risk mitigation measures:

·  Having the right resources which are used in the right way (Paul Riley/Alison Broom/Chris Garland

·  Delivering services in a way that increases the satisfaction of residents with the place they live (Angela Woodhouse/Eric Hotson)

·  Economic downturn/austerity agenda (Zena Cooke/John Wilson/Malcolm Greer)

·  Creating the place we want to be (David Edwards/Stephen Paine)

·  Delivering services in partnership with others (Alison Broom/Chris Garland)

·  Impacts arising from political change (Angela Woodhouse/Chris Garland)

In accordance with the Council’s risk assessment methodology, each risk has been assessed in terms of the likelihood of each strategic risk occurring on a scale of 1 (minimal) to 6 (very high) and on the potential impact, on a scale of 1 (negligible) to 4 (major). The assessments are shown in the draft Strategic Risk Register (set out in Appendix 1 to the report of the Head of Audit Partnership) and the Risk Matrix (set out in Appendix 2 to the report of the Head of Audit Partnership).

Since the informal Cabinet Away Day on 14 January, further consideration has been given to Risk Scenario 2. Initially this risk related almost exclusively to the channel shift proposals to deliver a significant number of services on-line. In discussion with the Chief Executive it was agreed that the risk scenario needed to be expanded to include satisfaction with Maidstone as a place to live and the way that services are provided to residents. This is a significant change to the original risk scenario and Cabinet was therefore asked to agree who is the most appropriate owner for this changed risk and whether the broader risk needs to be re-scored in terms of likelihood and impact.

Management Action Plans

Management Action Plans will be completed by the risk owners. The ‘current risk score’ will incorporate a traffic light approach (red, amber, green) to reflect where the risk appears on the risk matrix.

Six-monthly action plan updates will be sought from the risk owners. This will result in a report to Cabinet via Corporate Leadership Team (“CLT”).

It is important that the strategic risk process becomes an embedded part of the governance and strategic management cycle and that it remains fresh and meaningful. Reports to CLT and Cabinet on risk will therefore be scheduled to coincide with reports on the Council’s Corporate Plan (June and November).

New strategic risks will need to be added to the register as they emerge and older risks may no longer need to be managed at a strategic level and may therefore be dealt with operationally. The changes to the risk register need to occur as part of the six-monthly reporting process.

Cabinet was asked to endorse this reporting process.

The respective responsibilities for the risk management process

In order to ensure accountability, which is vital to the effectiveness of the process, it is essential that the roles and responsibilities of those involved in the process are clear. The following definition of responsibilities is proposed:

a)  The Head of Audit Partnership (together with the Audit Manager) is responsible for coordinating the strategic risk management process and reporting on the actions being taken to manage the identified risk.

b)  The individual senior officer ‘risk owners’ are responsible for taking action to manage their risks and for providing periodically updated action plans to the Head of Audit Partnership for subsequent reporting to Corporate Leadership Team and Members. Portfolio holders are responsible for agreeing the completed action plans with the responsible officer.

c)  Corporate Leadership Team is collectively responsible with Cabinet for the Strategic Risk Register and ensuring that strategic risk is properly managed.

d)  Cabinet is responsible for agreeing the Risk Strategy and adopting the Strategic Risk Register.

e)  The Audit Committee is responsible for monitoring the effective development and operation of risk management.

Cabinet was asked to agree the respective roles for the risk management process as shown above.

The alternative action would be to not have a strategic risk register, however this was not thought appropriate as it would bring into question the adequacy of the Council’s governance and business planning arrangements.