Risk Management Strategy

RISK MANAGEMENT STRATEGY

 

Hockliffe Parish Council

 

1.0 Introduction

 

1.1  This document forms the Council’s Risk Management Strategy. It sets out:

        • What is risk management;
        • Why does the Council need a risk management strategy;
        • What is the Council’s philosophy on risk management;
        • What is the risk management process;
        • How will risk management feed into the Council’s existing policies;
        • Implementation timetable;
        • Roles and responsibilities;
        • Future monitoring.

1.2  The objectives of this strategy are to:

        • Further develop risk management and raise its profile across the Council;
        • Integrate risk management into the culture of the organisation;
        • Embed risk management through the ownership and management of risk as part of all decision making processes; and
        • Manage risk in accordance with best practice.

2.0  What is Risk Management?

        • 2.1  ‘Risk is the threat that an event or action will adversely affect an organisation’s ability to achieve its objectives and to successfully execute its strategies. Risk management is the process by which risks are identified, evaluated and controlled. It is a key element of the framework of governance together with community focus, structures and processes, standards of conduct and service delivery arrangements.’ Audit Commission, Worth the Risk: Improving Risk Management in Local Government, (2001: 5)
        • 2.2  Risk management is an essential feature of good governance. An organisation that manages risk well is more likely to achieve its objectives. It is vital to recognise that risk management is not simply about health and safety, but applies to all aspects of the Council’s work.
        • 2.3  Risks can be classified into various types, but it is important to recognise that for all categories the direct financial losses may have less impact than the indirect costs such as disruption of normal working. The examples below are not exhaustive:

    Strategic Risk – long-term adverse impacts from poor decision-making or poor implementation. Risks damage to the reputation of the Council, loss of public confidence, in a worst case scenario Government intervention.

    Compliance Risk – failure to comply with legislation, laid down procedures or the lack of documentation to prove compliance. Risks expose to prosecution, judicial review, employment tribunals and the inability to enforce contracts.

    Financial Risk – fraud and corruption, waste, excess demand for services, bad debts. Risk of additional audit investigation, objection to accounts, reduced service delivery, dramatically increased Council Tax levels/impact on Council reserves.

    Operating Risk – failure to deliver services effectively, malfunctioning equipment, hazards to service users, the general public or staff, damage to property. Risk of insurance claims, higher insurance premiums, lengthy recovery processes.

          • 2.4 Not all these risks are insurable and for some the premiums may not be cost effective. Even where insurance is available, a monetary consideration might not be an adequate recompense. The emphasis should always be on eliminating or reducing risk before costly steps to transfer risk to another party are considered.
          • 2.5  Risk is not restricted to potential threats but can be connected with opportunities. Good risk management can facilitate proactive, rather than merely defensive responses. Measures to manage adverse risks are likely to help with managing positive ones.

    3.0  Why does the Council need a Risk Management Strategy?

          • 3.1  Risk management will strengthen the ability of the Council to achieve its objectives and enhance the value of services provided.
          • 3.2  The Risk Management Strategy will help to ensure that all Committees/ sections across the Council have an understanding of risk and that the Council adopts a uniform approach to identifying and prioritising risks. This should in turn lead to conscious choices as to the most appropriate method of dealing with each risk, be it elimination, reduction, transfer or acceptance.
          • 3.3  Strategic risk management is also an integral part of the Best Value process and as such is an important element in demonstrating continuous service improvement.
          • 3.4  There is a requirement under the Accounts and Audit Regulations 2003 (SI2003/533) to establish and maintain a systematic strategy, framework and process for managing risk. Risks and their control will be collated in a Risk Register.

    4.0 Risk Management Policy Statement

    The Parish Council recognises that it has a responsibility to manage risks effectively in order to protect its employees, assets, liabilities and community against potential losses, to minimise uncertainty in achieving its goals and objectives and to maximise the opportunities to achieve its vision.

    The Council is aware that somatic and focussed approach to managing risk. Risk management is an integral part of the Council’s management processes.

     

    5.0  Implementing the Strategy

    Risk Identification Identifying and understanding the hazards and risks facing the Council is crucial if informed decisions are to be made about policies or service delivery methods. The risks associated with these decisions can then be effectively managed. All risks identified will be recorded in the Council’s Risk Register.

    Risk Analysis Once risks have been identified they need to be systematically and accurately assessed using proven techniques. Analysis should make full use of any available data on the potential frequency of events and their consequences. If a risk is seen to be unacceptable, then steps need to be taken to control or respond to the risk.

    Risk Prioritisation – An assessment should be undertaken of the impact and likelihood of risks occurring, with impact and likelihood being scored using a 4×4 matrix. Action will be taken to address any risks with a residual risk greater than 8 or where risk impact is judged to be catastrophic. Residual risks of between 4 and 8 will be subject to monitoring and action will be taken to reduce residual risk in all cases towards the tolerance level [4] as resources permit.

            • 5.1  Risk Control – Risk control is the process of taking action to minimise the likelihood of the risk event occurring and/or reducing the severity of the consequences should it occur. Typically, risk control require the identification and implementation of revised operating procedures, but in exceptional cases more drastic action will be required to reduce the risk to an acceptable level.Options for control include:Elimination the circumstances from which the risk arises are removed so that the risk no longer exists;
              Reduction loss control measures are implemented to reduce the impact/ likelihood of the risk occurring ;Transfer the financial impact is passed to others e.g. by revising contractual terms;
              Sharing – the risk is shared with another party;
              Insuring – insure against some or all of the risk to mitigate financial impact; and
              Acceptance documenting a conscious decision after assessment of areas where the Council accepts or tolerates risk.
            • 5.2  Risk Monitoring – The risk management process does not finish with putting any risk control procedures in place. Their effectiveness in controlling risk must be monitored and reviewed. It is also important to assess whether the nature of any risk has changed over time.The information generated from applying the risk management process will help to ensure that risks can be avoided or minimised in the future. It will also inform judgements on the nature and extent of insurance cover and the balance to be reached between self-insurance and external protection.

    6.0 How will Risk Management feed into the Council’s existing policies?

            • 6.1  The initial identification of Risks will be achieved by the Clerk compiling a list of the risks which will be integrated into a comprehensive corporate Risk Register.
            • 6.2  Best Value The Council will build risk management procedures into the way that it operates as part of a commitment to quality and continuous service improvement. As part of any review process the strategic and operational risks associated with the review will be assessed.
            • 6.3  Projects and Service Changes projects or changes to services will include risks identification and the measures to eliminate or control risks will be documented in agenda reports/briefing papers to be considered by the Council and its committees.
            • 6.4  Partnership Working the Council will continue to enter into a number of partnerships with organisations from the public, private, voluntary and community sectors where necessary. Part of the process of setting up future partnerships will be to ensure that all relevant risks are identified and that appropriate control mechanisms are built into the management arrangements for the partnership.

    7.0 Implementation Timetable

    Risk Management Strategy and Policy Statement was presented for adoption by Council at its meeting in May 2012.

    The Clerk and the Council examine the Council’s risks in March of each year.

    8.0  Roles and Responsibilities

            • 8.1  It is important that risk management becomes embedded into the every day culture and performance management process of the Council. The roles and responsibilities set out below, are designed to ensure that risk is managed effectively right across the Council and its operations, and responsibility for risk is located in the right place. The process must be driven from the top but must also involve staff throughout the organisation.
            • 8.2  Elected Members risk management is seen as a key part of the Elected Member’s stewardship role and there is an expectation that Elected Members will lead and monitor the approach adopted, including
              1. (a)  Approval of the Risk Management Strategy;
              2. (b)  Analysis of key risks in reports on major projects, ensuring that all future projects and services undertaken are adequately risk managed;
              3. (c)  Consideration, and if appropriate, endorsement of the annual Statement of Internal Control; and
              4. (d) Assessment of risks whilst setting the budget, including any bids for resources to tackle specific issues.
            • 8.3  Employees – will undertake their job within risk management guidelines ensuring that their skills and knowledge are used effectively. All employees will maintain an awareness of the impact and costs of risks and how to feed data into the formal process. They will work to control risks or threats within their jobs, monitor progress and report on job related risks to the Parish Clerk.
            • 8.4  Parish Clerk will act as the Lead Officer on Risk Management and be responsible for overseeing the implementation of the detail of the Risk Management Strategy. The Parish Clerk will:
              1. (a)  provide advice as to the legality of policy and service delivery choices;
              2. (b)  provide advice on the implications for service areas of the Council’s corporate aims and objectives;
              3. (c)  update the Council on the implications of new or revised legislation;
              4. (d)  assist in handling any litigation claims;
              5. (e)  provide advice on any human resource issues relating to strategic policy options or the risks associated with operational decisions and assist in handling cases of work-related illness or injury;
              6. (f)  advise on any health and safety implications of the chosen or proposed arrangements for service delivery;
              7. (g)  report progress to Council via the Risk Management Working Party.
            • 8.5  Responsible Finance Officer – as the Council’s Section 151 Officer the Parish Clerk will also:
              1. (a)  assess and implement the Council’s insurance requirements;
              2. (b)  assess the financial implications of strategic policy options;
              3. (c)  provide assistance and advice on budgetary planning and control;
              4. (d)  ensure that the Financial Information System allows effective budgetary control; and
              5. (e)  effectively manage the Council’s investment and loan portfolio.
            • 8.6  Role of Internal Audit Internal Audit provides an important scrutiny role by carrying out audits to provide independent assurance to the Council that the necessary risk management systems are in place and all significant business risks are being managed effectively.Internal Audit assists the Council in identifying both its financial and operational risks and seeks to assist the Council in developing and implementing proper arrangements to manage them, including adequate and effective systems of internal control to reduce or eliminate the likelihood of errors or fraud.Internal Audit reports, and any recommendations contained within, will help to shape the annual Statement of Internal Control.
            • 8.7  Risk Management Working Party Review and future development of the Risk Management Policy and Strategy and compilation of the Risk Register will be overseen by the Risk Management Working Party.
            • 8.8  Training Risk Management training will be provided to Elected Members and staff through a variety of mediums. The aim will be to ensure that both Elected Members and staff have the skills necessary to identify, evaluate and control the risks associated with the services they provide.
            • 8.9 In addition to the roles and responsibilities set out above, the Council is keen to promote an environment within which individuals/groups are encouraged to report adverse incidents promptly and openly.

    9.0  Future Monitoring

            • 9.1 Review of Risk Management Strategy – This Strategy will be reviewed on a regular basis as part of the Council’s continuing review of its policy documents, Standing Orders and Financial Regulations. Recommendations for change will be reported to the Council. The date of the next review will be March 2024.
            • 9.2  Once the initial work to establish a Risk Register has been completed, it is crucial that the information is regularly reviewed and updated. New risks will emerge and need to be controlled. Feedback from Internal and External Audit can identify areas for improvement, as can the sharing of best practice via professional bodies, the National Association of Local Councils and relevant local council forums.
            • 9.3  Reporting on Progress The Clerk will present an annual report to the Parish Council on progress during the year and provide a summary of the Risk Register.

    10.0 Conclusion

    The adoption of a sound risk management approach should achieve many benefits for the Council. It will assist in demonstrating that the Council is committed to continuous service improvement and effective corporate governance.

     

    11.0 Freedom of Information

    In accordance with the Freedom of Information Act 2000, this document will be posted on the Council’s Website – www.hockliffepc.org.uk 

    PARISH COUNCIL RISK MANAGEMENT POLICY STATEMENT

     

    Definition of Risk Management

    Risk is the threat that an event or action will adversely affect an organisation’s ability to achieve its objectives and to successfully execute its strategies. Risk management is the process by which risks are identified, evaluated and controlled. It is a key element of the framework of governance together with community focus, structures and processes, standards of conduct and service delivery arrangements.

    Audit Commission – Worth the Risk: Improving Risk Management in Local Government (2001: 5)

    POLICY STATEMENT

    The Parish Council recognises that it has a responsibility to manage risks effectively in order to protect its employees, assets, liabilities and community against potential losses, to minimise uncertainty in achieving its goals and objectives and to maximise the opportunities to achieve its vision.

    The Council is aware that some risks can never be eliminated fully and it has in place a strategy that provides a structured, systematic and focussed approach to managing risk.

    Risk management is an integral part of the Council’s management processes.

    OBJECTIVES

    The objectives of the Council’s risk management strategy are to:-

    1. Integrate risk management into the culture of the council
    2. Manage risk in accordance with best practice
    3. Prevent loss, disruption, damage and injury and reduce the cost of risk, thereby maximising resources
    4. To inform policy and operational decisions by identifying risks and their likely impact
    5. Raise awareness of the need for risk management.

    These objectives will be achieved by:

    1. Establishing clear roles, responsibilities and reporting lines within the council for risk management
    2. Providing opportunities for shared learning on risk management across the council
    3. Providing risk management training and awareness sessions
    4. Incorporating risk management considerations into the Council’s management processes
    5. Effective communication with, and the active involvement of, employees
    6. Monitoring arrangements on an on-going basis.

    Responsibility for Risk Management

    The Council recognises that it is the responsibility of all Councillors and employees to have regard for risk in carrying out their duties. If uncontrolled, risk can result in a drain on resources that could better be directed to front line service provision, and to the meeting of the Council’s objectives and community needs.

    Reviewed by Council on 11th March 2024
    Next review date – March 2025