Agendas, Minutes and Reports

7.2

North Somerset Council

REPORT TO THE Organisational Effectiveness Policy & Scrutiny Panel

Date of Meeting: 8^th September 2005

Subject of Report: Risk Management Action Plan & Position Statement

Town or parish:

Officer/Member presenting: Richard Penska – Interim Director of Finance & Resources Jon Haswell - Strategic Risk Manager

Key Decision: No

RECOMMENDATION

That the Panel notes the progress made against the Risk Management Action Plan & Position Statement.

1. Summary of Report

The report presents the progress made against the Risk Management Action Plan & Position Statement, attached as Appendix 1 to this report.

2. Policy

The Risk Management Action Plan & Position Statement identifies key actions required in order to implement the Risk Management Strategy and embed risk management within the organisation. The Risk Management Action Plan & Position Statement supports the CPA priority for improvement “make improvements to risk arrangements” and the Finance & Resources Directorate key target for 2004-06 “Review Risk Management Strategy and Action Plan”.

3. Details

Background

The Risk Management Action Plan & Position Statement was originally reported to the Panel on 4^th November 2004. Since this date, the Executive Member for Corporate Organisation, who sits on the Risk Management Group, has provided the Panel with verbal progress updates at each meeting.

Risk Management Action Plan & Position Statement

The Risk Management Action Plan & Position Statement is broken down into four key areas:-

Strategy
Strategic Risks
Operational Risks
Projects

Progress

Progress against each of the four key areas is summarised below:-

Strategy

The Risk Management Strategy and Risk Management Methodology were approved by the Executive on 07^th December 2004.

The Council’s Risk Management Group now operates at a strategic level and meets on at least a quarterly basis. The Risk Management Group consists of the Strategic Risk Manager, the Interim Director of Finance & Resources (the Councils Risk Champion) the Executive Member for Corporate Organisation and a 2^nd/3^rd tier officer from each Directorate. Council specialists are co-opted onto the Risk Management Group as and when required.

A review (self assessment) of the Council’s risk management arrangements has been completed in conjunction with Internal Audit. It identified that substantial progress has been made in embedding risk management within the organisation although a number of improvements were proposed to strengthen the Council’s risk management arrangements and reduce the Council’s overall exposure to risk.

A risk management intranet site has been created, from which risk management documentation can be reviewed or downloaded.

Strategic Risks

Guidance for Officers, Members and Directors on Risk Management in Decision Making was approved by Corporate Management Team on 22^nd August 2005. The methodology for incorporating risk management into decision making will be piloted for six months, after which it will be reviewed again by Corporate Management Team.

The facilitated risk workshops with Directorate Management Teams and Council Specialists to identify and evaluate the threats and opportunities to the Councils aims and key corporate priorities have been substantially completed. A facilitated workshop with Executive Members was scheduled for 27^th June 2005 but did not take place.

The initial Strategic Risk Register (Threats) was approved by Corporate Management Team on 20^th June 2005. As this is a live document, it will be approved by the Chief Executive and Executive Member for Corporate Organisation on a periodic basis. The headline risks (threats) from the Strategic Risk Register have been included in Appendix 4 of the Corporate Plan 2005-08.

Operational Risks

Risk summaries (registers) were appended to 2005-06 annual business, service and team plans.

An evaluation of Team Risk (the risk management module of Internal Audit’s Team Mate system) is still ongoing and should enable the production of a fully risk based audit plan for 2006-07. Excel spreadsheets are currently being used to maintain the risk registers and management action plans.

All the risks (threats) identified which were not included in the Strategic Risk Register have been incorporated into the Directorate Operational Risk Registers. These risk registers will also be updated with the risks identified from the risk summaries (registers) appended to each business, service and team plan. The initial Finance & Resources operational risk register (threats) has been compiled and the operational risk registers for other Directorates are in progress.

Projects

A Corporate Killing Working Party was set up to undertake a review to identify all the areas where the Council may be risk of a fatality leading to a corporate killing/ manslaughter charge and provide a framework within which the Council can effectively manage these risks. This Working Party meets on a monthly basis and reports to the Risk Management Group.

The Council’s Project Management Methodology has risk management arrangements incorporated within it. Project risk registers have been compiled for the LSVT housing transfer and the EDRMS project.

A review of the Council’s emergency management and business continuity arrangements has recently been completed by the Strategic Risk Manager and recommendations for improvement have been made.

Review of Risk Management Arrangements

In preparation for the forthcoming CPA inspection in 2006, the Council’s External Auditors are already reviewing the Council’s risk management arrangements, namely “How well does the Council’s internal control environment enable it to manage its significant business risks?” It is evident from their review to date that in order to maintain our existing CPA score for risk management, they are expecting more involvement by Members in monitoring the Council’s risk management arrangements. The Executive Member for Corporate Organisation is the Member responsible for risk management within the Council but it is the Organisational Effectiveness Policy & Scrutiny Panel which has taken on the role as the Member Committee with responsibility for monitoring the Council’s risk management arrangements.

4. Consultation

Regular updates on the progress made against the Risk Management Action Plan & Position Statement have been provided to the Interim Director of Finance & Resources and the Risk Management Group, which includes the Executive Member for Corporate Organisation and the Interim Director of Finance & Resources.

5. Financial Implications

The costs of implementing the key actions contained within the Risk Management Action Plan & Position Statement will be met from the existing risk management budget.

6. Equality Implications

None directly, although the risk management framework will enable key threats and opportunities in relation to equalities and diversity to be identified and managed.

7. Corporate Implications

Risk management will have implications for all Members and Officers as it is embedded within the organisation, as it will form an integral part of the Council’s planning & decision making, service planning, budget setting, project management, procurement and Internal Audit processes.

8. Options considered

None.

Authors

Richard Penska – Interim Director of Finance & Resources

Extension 4629 richard.penska@n-somerset.gov.uk

Jon Haswell – Strategic Risk Manager

Extension 4056 jon.haswell@n-somerset.gov.uk

Background Papers

Risk Management Strategy (December 2004)

Risk Management Methodology (December 2004)