Audit & Scrutiny Committee

Transcription

1 Page 1 Annual Risk Management Report Audit & Scrutiny Committee Agenda Item: 09 Date of Meeting 23 February 2016 Officer Chief Executive Subject of Report Annual Risk Management Report Executive Summary The continual development and promotion of risk management will ensure that the Council is well placed to demonstrate that objective and informed decisions are taken and that the Council is ultimately in a strong position to successfully face and address the challenges ahead. This is particularly important in respect of taking informed decisions in relation to opportunities available to deliver the Forward Together programme. This report provides an update to Audit and Scrutiny Committee of the progress made by the Council in enhancing and embedding risk management during 2015, and specifically to: Provide an update on the most significant risks identified within the corporate risk register; Highlight some of the key activities undertaken, positive recognition received and headline areas of work for the Risk Management function for 2016; Present the draft of the revised Risk Management Strategy. This report also provides members with a progress update on any items that were identified as Amber in last years Local Code of Corporate Governance Compliance Statement and included in the Annual Governance Statement as areas for improvement.

2 Page 2 Annual Risk Management Report Impact Assessment: Equalities Impact Assessment: There is no change in policy, or impact on equalities groups, associated with this report. The Risk Management Strategy has been subject to an equality impact assessment. Use of Evidence: The data from this report is drawn from the Council s Corporate Risk Register which is updated by nominated Risk Leads and Risk Owners from all Council Directorates and the Local Code of Corporate Governance Compliance Assessment which is updated by theme leads. Budget: No budget implications specifically, although unmanaged risks may pose a threat to the Council s financial stability. Identified risk improvement measures may also have direct budget implications, each of which need to be subject to a cost/benefit analysis prior to implementation. Risk Assessment: Having considered the risks associated with this decision using the County Council s approved risk management methodology, the level of risk has been identified as: Current Risk: HIGH Residual Risk: HIGH The risk level is identified as High as Appendix B provides an update on those High level risks which are currently identified within the Corporate Risk Register. Other Implications: None Recommendation That Audit and Scrutiny Committee: Note the performance of the key risks on the Corporate Risk Register and progress made in enhancing the Council s risk management arrangements more generally; Consider and comment on the revised Risk Management Strategy; Note the progress of actions taken to improve areas identified as Amber within the 2014/15 local code of corporate governance compliance statement.

3 Page 3 Annual Risk Management Report Reason for Recommendation Appendices Background Papers Report Originator and Contact To ensure that the Council s risk management methodologies remain current, proportionate and effective in enabling risk informed decisions to be made. Appendix A - Risk Scoring Matrix Appendix B Corporate Risk Register Summary and Exception Report Appendix C Draft Revised Risk Management Strategy Appendix D - Local Code of Corporate Governance Compliance Statement Report to Audit & Scrutiny Committee 10 June 2015 Local Code of Corporate Governance Compliance Local Code of Corporate Governance Compliance Name: Marc Eyre, Senior Assurance Manager (Governance, Risk and Special Projects) Tel: m.eyre@dorsetcc.gov.uk Name: Mark Taylor, Group Manager - Governance and Assurance Tel: m.taylor@dorsetcc.gov.uk 1. Background to the Report 1.1 This annual risk management report is provided to ensure that the Audit and Scrutiny Committee (in accordance with their terms of reference) are updated in respect of the Council s approach and current position with regard to risk management. 1.2 The focus within this years report is to provide: o o o An update on the most significant risks within the corporate risk register (High risks and level risks identified as worsening ); An update on key risk management activity undertaken in 2015 and key actions for 2016; An opportunity to comment on the draft revised Risk Management Strategy, which has been aligned to the Healthy Organisation Model; 1.3 This year s report also provides an update on actions identified as Amber in the Local Code of Corporate Governance Compliance Statement for 2014/15, as reported to Committee on 10 June 2015 and which were subsequently included in the Council s Annual Governance Statement.. 2. Corporate Risk Register (CRR) Summary and Exception Report 2.1 The Council continues to operate risk registers at Corporate, Directorate and Programme level. The CRR provides a snapshot of the key strategic risks to achievement of the Council s identified priority outcomes, and specific risk causes aligned to each Directorate. 2.2 The CRR identifies 16 core corporate risks, which is then broken down in to individual potential risk causes that inform the overall risk. Each of these causes has an identified risk

4 Page 4 Annual Risk Management Report lead (the officer in the best position to actively influence the management of the risk) and a risk owner (the accountable Head of Service or Director). 2.3 Risks continue to be assessed both in terms of the current level of risk and the Risk Lead s view of the acceptable level of risk to tolerate. The prioritisation of risks is based on the matrix included at Appendix A. In determining the level of risk, the risk lead will consider the most appropriate of the five impact categories (financial; strategic priorities and opportunities; health and safety; reputational; service delivery). For a risk to be identified as High, a top level impact would need to be identified in addition to a likelihood greater than 20%. 2.4 The current 16 core risks are as follows: No Risk Risk Level 1 Inadequate finance to meet legislative, political and public High expectations 2 Failure to protect the vulnerable children and young people from abuse or neglect in situations that could have been predicted and prevented 3 Failure to protect the vulnerable adults from abuse or neglect in situations that could have been predicted and prevented 4 Failure to ensure the health and wellbeing of staff, service users and the public 5 Inability of the Council or a key partner to effectively respond to an incident or event 6 Failure in corporate governance which leads to service, financial or reputational damage or failure High 7 Failure to sustain effective relationships across key partnerships High 8 Failure to recognise or respond to commercialisation and income generation opportunities 9 Inadequate infrastructure to meet Council priorities High 10 Failure to deliver service transformation and necessary savings through the Forward Together programme High 11 Failure to manage the commissioning of services 12 Failure to develop services based on evidence and need High 13 Inadequate ICT infrastructure to meet corporate service priorities 14 Failure to develop, recruit or retain suitably competent / qualified staff compromises service delivery Low 15 Rural public transport 16 Information/Data is lost, misapplied or becomes unusable

5 Page 5 Annual Risk Management Report 2.5 Appendix B provides a more detailed schedule that highlights any risk causes noted as either High or Worsening ). This schedule includes a management response from the Risk Owner. 2.6 The CRR remains a live schedule and in this respect a number of new risk causes were added to the schedule during Committee reports include an assessment of the risk associated with the decision to be made, and where identified as High these are escalated to the CRR. New risk causes reflected in the CRR during 2015 are noted below: Core Risk Identified Cause Risk Level Risk Owner 1) Inadequate finance to meet legislative, political and public expectations General balances are depleted to a level below operating range High Head of Financial Services 2) Failure to protect the vulnerable children and young people from abuse or neglect in situations that could have been predicted and prevented 4) Failure to ensure the health and wellbeing of staff, service users and the public Failure to consider the impacts that vulnerable adults have on children and families Change to the defined population for the transfer of 0-5 public health commissioning responsibility (registered to resident population) Low Head of Family Support / Head of Adult Care Director of Public Health 6) Failure in corporate governance which leads to service, financial or reputational damage or failure 7) Failure to sustain effective relationships across key partnerships 13) Inadequate ICT infrastructure to meet corporate service priorities Failure to fulfil our statutory "Prevent" duty to combat radicalisation Failure of the Early Help partnership ICT infrastructure within Children s Services does not meet service needs 15) Rural public transport Impact of changes to public transport on the older people and the vulnerable Head of Partnerships & Performance Head of Learning & Inclusion Head of Strategy, Partnerships & Performance (Childrens Services) Head of Adult Care / Head of Environment 3. Update on Key Risk Management Activity 3.1 The Council s Risk Management Group remains the focal point for facilitating the Council s risk management arrangements, and includes providing challenge and assurance over the management of our most significant risks. A review of the current Corporate Working Groups is likely to result in the remit of this group being embraced within a wider strategic Resilience Group, which will cover risk management, business continuity, emergency planning, information governance, and governance more generally.

6 Page 6 Annual Risk Management Report 3.2 This section highlights the progress made on a number of key activities during 2015 that further enhance the Council s risk management arrangements, in addition to identifying positive recognition of our approach. 3.3 An electronic checklist was developed through Audit and Scrutiny Committee and approved by Cabinet to help ensure that appropriate governance arrangements exist for alternative service delivery models. A number of key governance criteria are assessed, mapped against the Healthy Organisation model, and includes a summary and action plan that can be used to monitor compliance and obtain assurance over the arrangements operated. This will also be a useful tool in establishing whether the Council is content to go-live with new service delivery arrangements. 3.4 The lessons learnt report on the Tricuro implementation that was considered by this Committee in January 2016 highlighted the proactive approach to risk management and the part this played in ensuring successful delivery of the project. The lessons learnt from the Tricuro implementation have been added to the alternative service delivery model governance checklist referred to in 3.3 above. 3.5 The Risk Management Strategy has been reviewed and updated. The draft is included at Appendix C and any comments would be welcomed. The sections of the Strategy have been aligned to the Risk Management theme in the Healthy Organisation model, as a means of demonstrating that our risk management arrangements are fit for purpose. 3.6 In this respect, positive external recognition has been received for the Council s risk and claims management arrangements during The Council s insurers QBE have used the Council as a case study (to quote: by common opinion, internally (within QBE) Dorset County Council is one of the better managed authorities we have on our books ). The published case study is expected shortly. 3.7 In addition there has been significant recognition via ALARM (The National Public Sector Risk Management Association), who have featured two articles on the Council s risk management arrangements within its quarterly Public RM publication. The Council was also asked to present to the ALARM National Conference on a particular risk project that resulted in significant insurance premium savings by challenging premium spend on a risk assessed basis. The Senior Assurance Manager (Governance, Risk and Special Projects) has been co-opted on to ALARM s Educational Committee, providing an opportunity to both share best practice and learn from others. 3.8 The performance of the insurance claims team continues to highlight positive claims management arrangements (another area included within the QBE case study). Participation within the CIPFA benchmarking highlights that the Council is one of the best performing in the management of claims, particular in terms of costs. The claims team are audited by the insurers claims handling agents Gallagher Bassett on an annual basis, and in 2015 were awarded a 98.6% exemplary rating. 3.9 South West Audit Partnership (SWAP) are undertaking a Healthy Organisation healthcheck on the Council, which will include an external assessment of the risk management arrangements. Feedback from this healthcheck is anticipated to be reported to Committee in March 2016, and will help inform further improvements Work continues to further enhance and embed risk management practices, with current activity including a healthcheck of our information governance arrangements and a review of the Council s risk appetite.

7 Page 7 Annual Risk Management Report 4. Local Code of Corporate Governance Compliance Statement 4.1 Members of the committee will be aware that the Local Code of Corporate Governance Compliance Assessment informs the Annual Governance Statement. This statement sets out the key features of the governance framework in place in the Council and provides a review of its effectiveness. The Annual Governance Statement is statutorily required by the Accounts and Audit (England) Regulations 2011 to be prepared in accordance with proper practices in relation to internal control. 4.2 As reported to the Committee on 10 June 2015, the majority of areas in the Assessment provide evidence to demonstrate compliance. There are a small number of areas that have a RAG status of Amber, but none shown as red. For each area identified as Amber further actions for improvement were identified by Theme Leads and progress on delivering these has been set out in Appendix D. 4.3 Action is underway to complete the Compliance Statement for 2015/16, and this will be reported to the Committee in due course. Debbie Ward Chief Executive February 2016

8 Page 8 Annual Risk Management Report Risk Scoring Matrix Appendix A Likelihood HIGH i.e. a greater than 20% chance of: MEDIUM i.e. a greater than 20% chance of: Financial Financial impact > 1 million Financial impact between 500,000-1 million LOW i.e. : Financial impact less than 500,000 Strategic Priorities and Opportunities Major impact (positive or negative on a strategic priority) Moderate impact (positive or negative on a strategic priority) Minor/ negligible impact (positive or negative) on a strategic priority IMPACT Health & safety Fatality or major injury/ illness (long term incapacity / disability) Moderate injury or illness (including RIDDOR reportable) Potential for minor injury/illness (requiring minimal intervention or treatment) Reputational Sustained/long term negative public attention Short to medium term impact on public memory (affecting more than one ward) Short to medium term impact on public memory (affecting one ward) / minor complaints or rumours Service Delivery Unable to deliver critical services (levels one and two) Unable to deliver critical services (level three) Minor disruption to service delivery In using this matrix, the user should consider the extent of impact across each of the 5 impact headings. If there is a 20% chance or more of any of the impacts in the top row occurring, it should be identified as High.