APPENDIX 3

 

 

FOURTH Quarter Risk Update 2020/21
 

 

 

 

 

 

 

 


June 2021

 

 

 

 

 

Maidstone Borough Council

Introduction

Risk management is concerned with the impact of uncertainties on objectives. Effective risk management is a key principle for good corporate governance and its importance is recognised explicitly in the Local Code of Governance, the Annual Governance Statement, the Internal Audit Charter and through the Risk Management Framework. By being aware of risks, and actively seeking to manage risks to acceptable levels, we are more likely to achieve objectives, safeguard our resources and be better prepared in the event of major uncertainty.

The Council has embedded risk management at the corporate (strategic) and operational levels and reports risks openly and confidently to Members via the Policy & Resources Committee and the Audit, Governance & Standards Committee. Since November 2020 we have reported the corporate risk portfolio each quarter as part of the wider financial and performance monitoring. This enables us to flag risk issues and to keep Members up to date with any changes to the risk profile as they arise. This report includes the most recent updates to the existing corporate risks but also explores in more detail the outcomes of the operational risk refresh completed March 2021.

Corporate risk issues are formulated by reviewing risk themes across the Council at the operational level. As we develop these themes over the coming months, they will take the place of the existing corporate risks, this ensures that corporate risk issues remain up to date and accurately reflect the uncertainties being faced across the Council services.

The risk management framework is the guide that sets out how the Council identifies, manages, and monitors risks.  This includes the risk appetite statement, which articulates the Council’s appetite for and tolerance of risk. In summary, the risk management process for the Council can be broken down into the following key components: 

The guidance used to inform the evaluation of risks is included in Appendix 3B.

Risk levels

We currently identify risks across 3 levels, corporate (strategy), operational and projects. All Council services maintain an operational risk register, including Shared Services. These risks are updated, monitored, and reported through Wider and Corporate Leadership Team. As we move into a period of recovery from the Pandemic and refocus priorities, we will be looking to evolve the risk levels to more explicitly link external risks to the delivery of our priorities, as well as to escalate risk themes to the corporate level. This will ensure greater clarity over the strategic level risks facing the Council and will enable us to more clearly articulate and measure risk issues.

We will continue to draw up corporate risk themes from across the Council but will link them specifically to individual operational risks (including those from project, contracts, and other specialist risk registers). Oversight will be provided by the Corporate Leadership Team and Members, but risks will be more dynamic and able to be adjusted based on the real time movement of operational risk issues.

The illustration below shows how this will work and how the relationships between the different levels will work in practice:

PRIORITY RISKS

Strategic recovery & corporate priorities 
These external risks are directly linked to the areas of focus and delivery of our corporate priorities
 

 


 

 

CORPORATE RISKS
Corporate risk themes 
These risks are drawn together through thematic review of the operational risks and weighted based on risk exposure and risk tolerance.  
,OPERATIONAL RISKS
These risks are concerned with the day to day delivery of service objectives 
,PROJECT RISKS
These risks are concerned with specific risks over delivery of major projects
 

 

 

 

 

 

 

 

 

 

 

 


Corporate risk profile

Our corporate risks are reported to Corporate Leadership Team on a regular basis to ensure effective oversight. Since the last update in January we have maintained a watching eye on the top risks and updated controls accordingly to reflect any changes. A desktop review of these risks was undertaken in advance of the annual risk management report to the Audit, Governance and Standards Committee in March 2021.

As the table below illustrates, we continue to bear uncertainty from 11 top scoring risks (those scored 12 and over). Further detail on the corporate risks, including a description of the risk and details of existing and planned key controls can be found in Appendix 3A.

Risk Title

Score before mitigation

 

Nov 20

Jan 21

Jun 21

Movement

Contraction in retail & leisure sectors

25

25

25

-

Financial restrictions

20

20

20

-

Environmental damage

16

16

16

-

Brexit / EU transition

16

16

16

-

Major unforeseen emergency

15

15

15

-

Covid-19: Restrictions to Council operations

12

12

12

-

Covid-19: Community & business recovery

12

12

12

-

Housing pressures increasing

12

12

12

-

IT security failure

12

12

12

-

Not fulfilling residential property responsibilities

12

12

12

-

Major contractor failure

12

12

12

-

We have not made any significant changes to corporate risks since their last review earlier in the year. This is because we continue to face increased threats and uncertainties following the Pandemic, and as such, they remain as high-level risks for us and under regular review and monitoring.

We will be running a risk workshop with the Corporate and Wider Leadership Teams in July 2021 which will include a refocussed look at the risks facing our recovery and corporate priorities. This workshop, which we usually run annually, gives us chance to re-cast the corporate risks and to look ahead at future risk issues. We include a ‘risk horizon’ scan on the next page.

 

 

Risk Horizon

Long-term horizon scanning allows us to be aware of key risks which are, as yet, too uncertain to assess or quantify. By keeping our eye on and tracking these issues we are able to consider their impact and likelihood when the timing is right and add them to the relevant risk register for monitoring and review.

The chart below shows some of issues we are keeping on our radar:

 

Economic Resilience
Including balance of sector recovery and the Council’s role in recovery
Grant Administration
Including the management & oversight of various grants funding streams 
Community Cohesion
Including the role of Local Plan & Community Partners 
Workforce 
Including skills needed for plan making, reinvention and delivery
Public Sector 
Reform
Including uncertainties over how Public Sector will look post-pandemic

Having a longer-term view of these risks also enables us to be aware of local, sector-wide, and even global issues.

 

 

Operational risk profile

Operational risks are directly linked to the delivery of services across each Council department. Between January and March 2021, we ran workshops with Managers to facilitate the review and refresh of all operational risk registers. In total, there are 30 operational risk registers to support Council service areas, a full list is attached at Appendix 3C.

The table below shows the overall output and the total number of risks at the operational level:

Risk Severity

Total Risks

Inherent

Total Risks

Residual

BLACK

5

0

RED

26

6

AMBER

83

86

GREEN

34

53

BLUE

1

4

PURPLE

1

1

TOTAL

150

150

 

 

 

 

 

 

 

 

As an overall illustration of the direction of travel for risks, it is possible to see (in the charts above) the reduction in risk exposure, this happens as risks move from red to amber, and from amber to green. While this is positive, there are still a high proportion of risks in the amber line, this line is where our risk owners and managers apply their judgement whether to take further action or not. The general rule applied to these risks, is that they are reviewed every 6 months.  

As outlined above, we are seeking to draw risks together from other sources, as such, the risk data above does not include individual project risks. The Councils project management toolkit requires corporate level projects to have full regard of risks and issues. This process currently sits with project sponsors and project boards, so we will be looking to incorporate projects risks into the overall risk profile in due course.

There are also some other specific risk registers that are reported separately. One example is the budget risk assessment which is reviewed quarterly by the Audit, Governance and Standards Committee. We have also been running risk workshops for key contracts (starting with the Leisure Centre and parks). This work has been well received and has generated a handful of additional risk registers which will also be integrated into the risk profile in the near future.

Operational risks: matrix view

The risk matrix below shows all operational risks for the Council across Maidstone and shared services. The matrix shows inherent risks, these are risks that are current (as they stand now). The numbers in each box on the matrix represent the total number of risks from the register that fall into that category. This summary seeks to provide a high-level view of the overall operational risk profile across the entire risk register:

Impact

5

1

5

 

 

1

4

7

12

13

7

4

3

9

23

32

4

2

2

 

17

9

2

 

1

1

 

1

 

 

 

1

2

3

4

5

 

Likelihood

The risk framework requires our risk owners to actively seek to reduce high level risks. Generally, our response is the treat the risk, meaning risk owners will put additional controls in place or take actions with a view to reduce the overall risk impact or likelihood:

Risk Rating

Guidance to Risk Owners

20-25

The Council is not willing to take risks at this level and action should be taken immediately to treat, transfer or terminate the risk.

 

Identify the actions and controls necessary to manage the risk down to an acceptable level.

Report the risk to the Audit Team and your Director.

12-16

These risks are within the upper limit of risk tolerance. While these risks can be tolerated to a degree, controls should be identified to bring the risk down to a more manageable level where possible.

Identify controls to treat the risk impact / likelihood and seek to bring the risk down to a more acceptable level. Consideration can be given to transferring or terminating the risk.

5-10

These risks sit on the borders of the Council’s risk appetite and so while they don’t pose an immediate threat, they should remain under review. If the impact or likelihood increases, then risk owners should seek to manage the increase.

 

Keep these risks on the radar and update as and when changes are made, or if controls are implemented.

Movement in risks should be monitored, for instance featuring as part of a standing management meeting agenda.

3-4

These are low level risks that could impede or hinder achievement of objectives. Due to the relative low level it is unlikely that additional controls will be identified to respond to the risk.

 

Keep these risks on your register and formally review at least once a year to make sure that the impact and likelihood continues to pose a low level.

1-2

Minor level risks with little consequence but not to be overlooked completely. Unlikely to prevent the achievement of objectives. 

No actions required but keep the risk on your risk register and review annually as part of the service planning process.

 

Operational risks: Top 5

Based on the outcomes of the operational risk update there are 5 risks that sit in the highest section of the risk matrix. Details of these top 5 are set out below. These risks will be regularly reviewed by the service and reported to the Corporate Leadership Team as part of their quarterly monitoring and review of risks across the Council.

Tourism Numbers & Economy

Service Area:

Visitor Economy

Ownership:

John Foster

Score:

I5 x L5

25

Risk

As a result of national and local lockdown measures, tourism visitors to Maidstone reduces, negatively impacting the local economy

Existing Controls

·         Marketing Maidstone as a destination both to leisure and business visitors and our own residents

·         Engaging with local audiences

·         Developing new products, helping businesses pivot

·         Working with partners such as Visit Kent Tourism South East and Visit England on campaigns.

·         Supporting national campaigns - Eat out to Help Out, Good to Go etc

·         Delivery of Tourism Destination Management Plan

·         Commissioning Cambridge Model research on data from 2019 and 2020

·         Business support grants

Risk Response

·         Revision of the DMP and Actions

·         Revision of tourism marketing plan - recovery 

·         Support national campaigns, Escape the Everyday etc. - Prioritisation of tasks

·         Review market segments

·         Continued monitoring and reporting

Risk review:

July 2021

Risk direction over time:

Score:

I3 x L3

9

Infrastructure Improvements

Service Area:

Economic Development

Ownership:

John Foster

Score:

I4 x L5

20

Risk

Infrastructure improvements to road, rail, public transport, cycling and broadband fail to take place due to lack of investment or change to government priorities

Existing Controls

·         Work with KCC on Broadband

·         Work with KCC, Network Rail, DfT to secure Thameslink services and further improvements

·         KCC Transport Planner seconded to MBC

·         KCC MBC Strategic working in place to deliver improvements to Loose Road corridor

Risk Response

·         Continue to monitor what will replace the SE Rail franchise  

·         Helen Grant to raise with the Minister the need to safeguard High Speed Services and not to delay further the introduction of Thameslink Services

·         Dedicated officer will be appointed to deliver the Integrated Transport Strategy. Ongoing agenda item in RED Manager regular 121's

Risk review:

May 2021

Risk direction over time:

Score:

I4 x L3

12

Business Rates Volatility

Service Area:

Revs & Bens

Ownership:

Sheila Coburn

Score:

I4 x L5

20

Risk

Council is unable to respond to volatility in business rates, or financial modelling is inaccurate, not identifying all business not on valuation list causing uncertainty in appeal provision. Uncertainty has increased during the Covid-19 pandemic.

Existing Controls

·         Proactive business support through economic development initiatives

·          Appeal monitoring and modelling

·          Kent business rates pool

·         Analyse local - providing more accurate provision data

·         Joint working with finance teams

·         KIN board

·         Additional resources available to respond to Govt business relief schemes

Risk Response

·         Plan for property identification and closer working with other services (licensing, commercial waste.

·         To call on resources from departments elsewhere in the Council.

·         Service to review quarterly

Risk review:

July 2021

Risk direction over time:

Score:

I3 x L3

9

Collection Rates (Pandemic)

Service Area:

Revs & Bens

Ownership:

Sheila Coburn

Score:

I4 x L5

20

Risk

Collection rates for CT, NDR and HB overpayments may continue to decrease during the Covid-19 pandemic

Existing Controls

·         Robust recovery plan in place

·         In discussions with courts as to scheduling cases

·         Different methods of engagement e.g. discussions over the phone, discussing arrangements

Risk Response

·         Continuing to aid those financially vulnerable e.g. signpost to debt advice agencies

·         Work with consultants to target help towards the most vulnerable Review progress

Risk review:

April 2021

Risk direction over time:

Score:

I3 x L3

9

Covid-19 Grant Processing

Service Area:

Revs & Bens

Ownership:

Sheila Coburn

Score:

I4 x L5

20

Risk

The service may not be able to respond effectively to the continuing effects of Covid-19, e.g. introduction of further grants/relief schemes, increase in CT support claims. This may significantly impact on resources and the chances of fraudulent payments

Existing Controls

·         Regular meetings to discuss grants

·         Monitoring the situation nationally and locally

·         Partnership working - e.g. with Finance, Digital team, senior leadership

Risk Response

·         Increase preparedness e.g. identifying resources available now and those to call on in future

·         Set aside some normal work to deal with urgent work Weekly meetings with Revenues/Director of Mid Kent Services/Economic Development/Finance

Risk review:

April 2021

Risk direction over time:

Score:

I3 x L3

9

Next Steps

This is the first time that we are reporting the outcomes of the operational risk registers since being updated in March 2021. We will continue to work with and support risk owners and Council services to keep their risks up to date. Over the next couple of months, we will develop the new priority risks, corporate risk themes and continue work to collate all risk data into a single format to enable greater reporting and monitoring. Risk updates will be reported quarterly to the Corporate Leadership Team including any changes to our risk profile or risk exposures.

In November 2020 the Council adopted a risk management plan for 21/22 which outlined 6 priority areas for the year. This work included refreshing operational risks, corporate risks, and ensuring that processes were implemented to keep risk registers and actions up to date. In addition, the plan included ongoing work to improve risk culture, including exploring the use of risk software to improve efficiency, engagement, and accountability.   

We will report progress throughout the year as we progress through this plan and include updates as part of our quarterly reporting to Members. An extract of the plan is attached below:

 

 


Appendix 3A                                                         Corporate Risk Register

The table below sets out each of the corporate risks in detail. Risk owners have assessed the impact and likelihood of the risks and identified the key controls and planned actions necessary to further manage the risk to an acceptable level where possible: 

Risk (title & full description)

Risk Owner

Key Existing Controls

Current rating

( I x L)

Controls planned

Mitigated rating

( I x L)

Major unforeseen emergency with national / international impact (e.g. new pandemic, environmental disaster)

Alison Broom

·         Strong existing emergency planning framework

·         Active engagement with Local Resilience Forum

·         Flexible, committed and appropriately trained workforce

·         Quarterly oversight & monitoring through the Emergency Planning Group (EPG)

·         Some financial reserves

·         Good partnership working as demonstrated during Covid-19 pandemic

·         Continued update to Business Continuity Plans and arrangements 

 

(5 x 3)
15

·         Plan for dealing with different types of major emergencies

·         Review of the level of financial reserves

·         Review and update of the Council’s IT Disaster Recovery arrangements

·         Embedding arrangements over the quarterly review of emergency threats and risks through the EPG including horizon scanning and early warnings

 

(5 x 3)
15

Covid-19: Restrictions impact negatively on our ability to deliver core / statutory services

Alison Broom

·         Strong existing business continuity planning arrangements

·         Emergency response plans have been made Covid secure

·         Learning from current pandemic has been captured

·         Member Covid-19 consultative forum established

·         Risk assessments in place for all Council buildings

·         Plans in place to enable staff who cannot work from home to work safely in our workplaces/activities including grounds maintenance, street cleansing, museum, and some office activities

·         Plans in place to enable return to work in our offices safely when appropriate

·         Flexible / remote working arrangements in place and embedded

·         Regular internal communications with all staff

·         Embedded performance monitoring and reporting

 

(4 x 3)
12

·         Build up stocks of appropriate equipment and PPE

·         Regular review of flexible and remote working arrangements

·         Ongoing review and development of new ways of working because of Covid-19

(4 x 2)
8

Covid-19: Inability to support the response and recovery from Covid for the community and local businesses

Alison Broom

·         Active engagement with Local Resilience Forum

·         Member consultative forum on recovery arrangements

·         Continued engagement with community groups and volunteers

·         Continuing engagement with local public health officers to ensure rapid response

·         Support model for residents and businesses is well embedded

·         Enforcement with respect to non-compliant businesses is in place

·         Funding has been provided to the Council 

·         Core officer group established for recovery

·         Joint working with partners through the Inclusion Board & Maidstone Economic Business Partnership

·         Strategic approach to engagement with voluntary sector agreed by Communities Housing and Environment Committee in November 2020

(4 x 3)

12

·         Continued scanning of horizon with respect to changes to legislation, regulations, and guidance

·         Implementation, development and strengthening of the agreed strategic approach to engagement with community groups

·         Completion and monitoring of action plan themes for recovery

(4 x 3)

12

Increased effects from climate change or reduction in air quality causes environmental damage
reducing residents' quality of life and increasing risks from adverse weather events

Angela Woodhouse

·         Biodiversity and Climate Change Strategy and action plan in place

·         Air Quality Action Plan in place
(2) Emergency planning arrangements
(3) Parks strategy

·         Budget available to deliver actions

·         Communication / engagement strategy for adverse weather events

·         Member of the Kent Climate Change Network

·         Fixed-term Biodiversity and Climate Change officer in post

(4 x 4)
16

·         Review by Carbon Trust towards the Council becoming carbon neutral by 2030

·         Implementation of the B&CCS action plan

·         Review of our own estate in line with ambition to be carbon neutral by 2030

·         Seeking to recruit into a permanent Biodiversity and Climate Change officer

·         Review of governance for delivery and oversight of BD&CC Strategy

 

(4 x 4)
16

General financial downturns, unexpected changes to government funding or failure to achieve income or savings targets places further financial restrictions on the Council resulting in difficulty maintaining standards or meeting aims.

Mark Green

·         Agreed work programmes in transformation and commissioning

·         Budget monitoring in place

·         MTFS in place and monitored

·         Scenario planning in budget setting

·         Financial independence strategy to maximise our income

·         Strategies for maintaining income (e.g. pricing policies and purchase of Lockmeadow)

·         Commercial investment strategy

·         Holding reserves to mitigate impact of financial restrictions

(4 x 5)
20

·         Currently updating MTFS to reflect impact of Covid-19 and need to support recovery due to go to Policy and Resources in November 2020

·         Review of reserves policy as part of MTFS development

·         Lobbying to avoid unfavourable financial changes to government funding

·         Cost recovery through bidding for additional government support for one-off costs (e.g. Brexit)

·         Identifying measures to address future budget gaps

 

(4 x 4)
12

Security breach or system weakness leading to IT security failure results in system unavailability and increased legal and financial liability.

Steve McGinnes

·         Regular backup programmes

·         External testing of IT security by specialists –resulting findings and actions are implemented and tested

·          ICT policies & staff training, including disaster recovery plan

·         Mandatory cyber security training was rolled out and completed

·         CLT monitoring of performance indicators, including ICT incidents

·         Nessus scanning software reporting daily on system vulnerabilities

·         New firewall tested and installed

(4 x 3)
12

·         Ongoing programme of awareness raising through Cyber events, training, and tests

·         Ongoing programme of IT campaigns including phishing

·         IT infrastructure replacement programme being considered to ensure that IT equipment is fit for purpose

(4 x 3)
12

The broader housing crisis leads to housing pressures increasing on the Council, affecting both costs associated with homelessness and ability to meet wider housing needs in the borough.

William Cornall

·         Homelessness prevention team in place with increased resource

·         Access to our own housing stock to use for temporary accommodation & market rented housing (within Maidstone Property Holdings)

·         Closer working with private sector & housing
associations

·         Key policies are in place: Temporary Accommodation Strategy

·         Implementation of Housing Management Team

·         CHE approval in place for MBC to develop up to 250 affordable homes of its own

·         We work closely with the voluntary sector and community partners

·         Home Finders scheme in place and supported through Government funding

·         Affordable Housing supplementary guidance adopted in Summer 2020

(4 x 3)
12

·         Continued progress towards the temporary accommodation acquisition programme funded through the MBC capital programme

·         Approval secured to provide hostel and ‘move on’ type TA in the town centre

·         Purchase of more housebuilder stock off plan. Recent approval to acquire a further 21 units of PRS accommodation

(3 x 3)
9

Insufficient awareness / expertise leads to not fulfilling residential property responsibilities resulting in possible health & safety breaches.

William Cornall

·         Faithfull Farrell & Timms have been retained as a critical friend to allow the new housing management function to up skill.

·         West Kent Housing Association (WKHA) engaged to provide an asset management service for the whole MBC residential portfolio.

·         The whole MBC residential portfolio is now being managed by a single team within Housing & Communities, where previously it was split between Housing & Property.

·         H&S KPI’s are now recorded and reported through an interim software solution, FIXFLO.

·         The H&S KPI’s are reported monthly to Corporate Leadership Team.

·         Good level of awareness from officers around H&S obligations and compliance

(4 x 3)
12

·         A permanent replacement housing management software package has been procured and be implemented early 2021. This will incorporate KPI and management information. This will take over from the previous system, and the interim system (FIXFLO).

·         Possible due diligence review by Mid Kent Audit to advise on integrity with respect of KPI production and reporting.

·         Eventual goal of real time reporting in terms of gas safety, via the WKHA contractor.

·         Review of existing resources and skills underway to support the housing portfolio and management of properties

(3 x 3)
9

General and localised economic pressure leads to contraction in retail & leisure sectors, limiting the appeal of Maidstone town centre threatening social cohesion and business rates income.

William Cornall

·         Working with Key stakeholders including One Maidstone to safely reopen the High Street.

·         Regular network meetings with town centre retailers

·         Town Centre strategic advisory board

·         Public realm improvement work

·         Supporting One Maidstone Business Improvement District

·         Acquisition of key property (Royal Mail / Grenada House)

·         Work commissioned to promote Maidstone as business destination

·         Planning Guidelines documents have now been approved by SPI for the Five town Centre Opportunity sites

·         Active management of Lockmeadow to enhance the local economy

·         Support delivered to the sector through Business Rates grants and assistance grants

·         Town Centre Opportunity guidance published and actively being used

(5 x 5)
25

·         Taking advantage of opportunities to support infrastructure investment

·         Consider a targeted programme of place promotion campaign activities

·         Launch of town centre shop fronts improvement grant scheme closer to being made available

·         Development of a Town Centre action plan to guide the reallocation of land uses within the Town Centre (including retail)

 

(4 x 5)
20

Failure of a major contractor: One of the Councils contractors goes into liquidation / administration  

Mark Green

·         Regular contract monitoring and communication with contractors

·         Procurement expertise made available through the Partnership with Tunbridge Wells

·         Financial performance and sustainability embedded into the procurement process

·         Contactor business continuity plans in place

·         'Exit plan' included as a requirement in the ITT document for all relevant contracts

(4 x 3)

12

·         Ongoing financial performance and resilience checks of our suppliers and contractors

·         Risk register work being completed for each of the Council’s strategic contracts

(4 x 3)

12

Exit of EU on unfavourable terms results in adverse short-term Brexit / EU transition impacts disrupting the Council's ability to offer services and increasing liabilities.

Mark Green

·         Close working with other members of KRF on the EU transition planning

·         Regular briefings for officers & members

 

(4 x 4)
16

·         Continued liaison with partners

·         More frequent updates and communication in the run up to 31.12.20 with Members and Officers

·         Liaison with local business about the support that could be provided

·         Refresh business continuity and contingency plans to reflect possible impacts of EU transition, specifically with regards to transport

(3 x 4)
12

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Appendix 3B - Impact and Likelihood Definitions

The Risk Management Framework provides guidance on the Councils risk management processes.  The framework sets out the definitions of the impact and likelihood scales:

 

 

Appendix 3C                  Council Services with Risk Registers

Council Services

MBC CIL & Section 106

MBC Building Control

MBC Communications

MBC Community & Strategic Partnerships

MBC Customer Services

MBC Democratic & Electoral Services

MBC Development Management

MBC Economic Development

MBC Emergency Planning

MBC Environment & Public Realm

MBC Finance

MBC Housing

MBC Museum

MBC Parks & Open Spaces

MBC Policy & Information

MBC Procurement

MBC Property & Facilities

MBC Strategic Planning

MBC Transformation & Digital Services

MBC Visitor Economy

MKS Enforcement Services

MKS Audit

MKS Compliance

MKS Environmental Health

MKS HR

MKS ICT

MKS Legal Services

MKS Planning Support

MKS Revenues & Benefits

Parking Services Partnership