How To Run East Seussex County Council

Transcription

1 Version 2.0 CORPORATE GOVERNANCE IN EAST SUSSEX COUNTY COUNCIL POLICY STATEMENT DRAWING ON THE CIPFA & SOLACE RECOMMENDED FRAMEWORK FOR CORPORATE GOVERNANCE IN LOCAL GOVERNMENT

2 1. INTRODUCTION 1.1 This policy statement sets out for members and officers the main principles of corporate governance for East Sussex County Council. It is based on good practice developed within the County Council and the work carried out by the joint working party on Corporate Governance by the Local Government Association sponsored by CIPFA and SOLACE. The Corporate Governance framework prepared by the working party has been welcomed and supported by the Minister for Local Government and has been endorsed by both the Local Government Association and the Audit Commission. 1.2 The modernising agenda for local government (including the need to demonstrate best value in service provision, changes to political structures and the implementation of the new ethical framework) re-emphasises the continuing need for the County Council to have sound corporate governance arrangements in place. The Government s modernising agenda has the following components, all of which have an impact on arrangements for corporate governance: democratic renewal community leadership engagement with the local community, consultation and partnership working outward-looking, accountable and responsive services continuous improvement (including value for money and best value) high standards of conduct and probity 2. WHAT IS CORPORATE GOVERNANCE? 2.1 The definition suggested in the CIPFA/SOLACE framework is as follows: Corporate governance is the system by which local authorities direct and control their functions and relate to their communities. Corporate Governance in Local Government - Framework (2001) 2.2 This definition is adopted within this policy document for East Sussex County Council. 3. PURPOSE OF THIS ESCC POLICY STATEMENT 3.1 The purpose of this policy statement is summarised within the following key points: to set out the principles underpinning the governance of the County Council; to provide and implement a high-level framework for corporate governance; to assist the County Council to review the effectiveness of its corporate governance arrangements against this framework. 4. THE FUNDAMENTAL PRINCIPLES OF CORPORATE GOVERNANCE IN EAST SUSSEX COUNTY COUNCIL 4.1 The key principles of openness, integrity and accountability have been adopted by the County Council to underpin its approach to corporate governance : Openness is required to ensure that stakeholders can have confidence

3 in the decision-making and management processes of local authorities, and in the approach of the individuals within them. Being open, through genuine consultation with stakeholders and providing access to full, accurate and clear information, leads to effective and timely action and lends itself to necessary scrutiny. Openness also requires an inclusive approach which seeks to ensure that all stakeholders 1 and potential stakeholders have the opportunity to engage effectively with the decision making processes and actions of local authorities. It requires an outward focus and a commitment to partnership working. It may also call for innovative approaches to service provision. Integrity encompasses straightforward dealing as well as being based upon honesty, selflessness and objectivity. High standards of propriety and probity in the stewardship of public funds and management of the Council s affairs are expected. Integrity is dependent upon the effectiveness of the control framework and on the personal standards and professionalism of the members and staff within the Council. It is reflected in the Council s decision-making procedures, in its service delivery and in the quality of its financial and performance reporting. Accountability is the process whereby the Council, and its members and staff, take responsibility for their decisions and actions, including their stewardship of public funds and all aspects of performance, and submit themselves to appropriate external scrutiny. It is achieved by all parties having a clear understanding of those responsibilities and having clearly defined roles. This can only come about through a robust corporate governance structure. 5. DEVELOPING THE LEADERSHIP NEEDED TO ACHIEVE THESE PRINCIPLES 5.1 Positive leadership overarches all the principles outlined in section 4 because these can only be adhered to if effective leadership is exercised through: the County Council providing vision and leading by example in its decision making processes and actions members and officers conducting themselves in accordance with high standards of conduct. 5.2 East Sussex County Council has identified key aspects of positive leadership behaviour which are summarised as follows: being customer driven being outcome orientated continuously learning and improving having clear standards and expectations encouraging leading edge delivery having a can do mentality 5.3 Examples of behaviours of individuals within the County Council consistent with each of these characteristics of leadership are set out in Appendix 1 to this policy statement. The examples of positive behaviour given are fully consistent with the need for all to contribute the proper conduct of public business, and to the accountability of the County Council to local people. These behaviours are reinforced through recruitment and selection, performance management, appraisal, and learning and development processes. 1 Stakeholders will include the local electorate, local businesses, service users, other public bodies, resource providers, employees and the wider community.

4 6. ANTI FRAUD AND CORRUPTION 6.1 In administering its responsibilities, the County Council is set against fraud and corruption, whether attempted from within or outside the Council, and is committed to an effective Anti- Fraud and Corruption Strategy designed to: encourage prevention; promote detection; and identify a clear pathway for investigation. 6.2 The Council s expectation with regard to propriety and accountability is that Members and staff at all levels will lead by example in ensuring adherence to legal and financial requirements, rules, procedures and practices. 6.3 The Council also expects that individuals and organisations (eg suppliers, contractors, service providers) with whom it comes into contact, will act with integrity in their dealings with the Council and without fraudulent and corrupt actions or intentions. 6.4 The Council s Anti-Fraud and Corruption Strategy is summarised within the accompanying Operational Framework Document and set out in full within the documents supporting the Conduct category within the overall set of corporate governance codes and documents (see the summary or map in Appendix A to the Operational Framework Document

5 Version 2.0 CORPORATE GOVERNANCE IN EAST SUSSEX COUNTY COUNCIL THE OPERATIONAL FRAMEWORK DRAWING ON THE CIPFA & SOLACE RECOMMENDED FRAMEWORK FOR CORPORATE GOVERNANCE IN LOCAL GOVERNMENT

6 1. INTRODUCTION 1.1 Fundamental principles of openness, integrity and accountability are described in the accompanying Policy Statement on Corporate Governance. This Operational Framework seeks to describe how these principles are translated into practice and fully integrated within the conduct of the County Council s business. It also describes the means by which the Council will demonstrate compliance with the requirements of good corporate governance. It is important that the framework demonstrates that its systems and processes are: monitored for their effectiveness in practice; subject to review on a continuing basis to ensure that they are up to date. 1.2 The fundamental principles of corporate governance described above will also need to be reflected in all the various dimensions of a local authority s business. These include community focus, structures, processes, risk management, internal control and standards of conduct as well as the effective management of the performance of services in order to meet the needs and expectations of the people of East Sussex. Accordingly the various codes, standards and guidance referred to within this Framework document are applicable to all members and employees of the Council. 1.3 To complement the various dimensions of the Council s business, the codes, standards, and guidance in use within the Council have been organised, in line with the CIPFA/SOLACE framework into the following categories: Community Focus Service Delivery arrangement Structure and Process Risk Management and Internal Control Standards of Conduct 2. THE ROLES OF MEMBERS IN CABINET AND SCRUTINY 2.1 The roles of elected members in cabinet and in scrutiny are set out in the County Council s constitution. 3. THE STANDARDS COMMITTEE 3.1 [The Council has a Standards Committee with a membership of three County Councillors plus one independent person who also chairs the Committee. The role of the Committee is to promote the highest standards of conduct by members of the Council and to advise it on the adoption and implementation of a Code of Conduct for the Council. The Committee s terms of reference include.dealing with any reports of Ethical Standards Officers of the Standards Board on allegations of breaches of the Council s Code of Conduct that are referred to the Monitoring Officer for local determination and any such allegations referred to the Monitoring Officer for local determination. (See the following section for statutorily defined officer roles.)] 4. MANAGEMENT STRUCTURE 4.1 The three statutorily defined roles are: Head of Paid Service = Chief Executive: Cheryl Miller Monitoring Officer = Director of Law and Performance Management: Andrew Ogden Chief Finance Officer = Deputy Chief Executive and Director of Corporate Resources: Sean Nolan

7 The interaction of these three officers, their understanding of their responsibilities and their subsequent actions is critical to good governance in the County Council. This is facilitated, in no small part, through the operation of the Corporate Governance Policy and this Framework, aided by their senior representatives on the Corporate Governance Group described below. 4.2 The set of corporate governance documents which collectively represent the Council s policies, codes, procedures and guidance for members and officers are set out in the Corporate Governance Operational Framework Document. This overview divides the documents into categories community focus, service delivery arrangement, structures and processes, risk management and internal control, and standards of conduct. Chief Officers are responsible for those documents which fall within their functional responsibilities. Each chief officer is supported by senior managers, named in Corporate Governance Documentation Update calendar, who are responsible for ensuring that the documents within each category are up to date and available to all who need to have access to them. 4.3 The Corporate Governance Group is a group of senior managers which is responsible for the direction and review of corporate governance within the County Council, and is normally chaired by the Director of Law and Performance Management. 5. RISK MANAGEMENT STRATEGY 5.1 The current risk management strategy, was approved by Cabinet in October The Audit Commission has described risk management as an integral part of good governance and as something which should be embedded in the culture of the authority. It is not about eliminating risk but about understanding risk and managing it more effectively. ( Worth the Risk, Audit Commission, 2001). East Sussex County Council s risk management strategy includes the following policy statement: The authority will take all necessary action to protect and preserve its assets from any loss or damage that could affect its ability to discharge its responsibilities to its employees and the community. The Authority will use risk management to identify the risks to which it is exposed, implement the most appropriate measures to avoid, reduce and control those risks and to manage them at the lowest reasonable cost. The Risk Management Group is fundamental to this process and has the full support of the Chief Executive, Chief Officers and Heads of Departments, and staff must be fully supportive of the initiative. It is the responsibility of every Department and Business Unit to implement the Council s Risk Management Strategy. Management at every level is responsible and accountable for managing the risks to which its area is exposed. 6. ANTI-FRAUD AND CORRUPTION STRATEGY 6.1 The Council s Anti-Fraud and Corruption Strategy is a key strand within the set of corporate governance documents shown. It is set out in full within the Conduct category of documents and, in outline, it is a series of comprehensive and inter-related procedures designed to frustrate any attempted fraudulent or corrupt act. The strategy covers: Culture Prevention Detection and Investigation Training

8 6.2 The Council is also aware of the high degree of external scrutiny of its affairs by a variety of bodies and people including: Standards Board Local Government Ombudsman Public/Council Tax Payers Annual Inspection of Accounts Public/Service Users through, for example, the County Council s Complaints Procedures Central Government Departments and Parliamentary Committees HM Customs and Excise; Inland Revenue Contributions Agency External Inspectorates (Best Value Inspection Service of the Audit Commission, Social Services Inspectorate, OfSTED) 6.3 As part of the District Auditor s statutory duties he or she is required to ensure that the County Council has in place adequate arrangements for the prevention and detection of fraud and corruption. 7. EMPLOYEE CONDUCT 7.1 In addition to the Anti-Fraud and Corruption Strategy, the Conduct section of the Framework contains the Code of Conduct for Employees, which sets out the standards of conduct of Council staff as public employees and the principles of propriety which they are expected to observe. Each employee s contract of employment contains a specific reference to the importance of each individual member of staff observing the requirements both of the Strategy and of the Code, as well as other important corporate policies and procedures. 8. MONITORING, CONTINUOUS IMPROVEMENT, AND ASSURANCE 8.1 The County Council has a quality management approach to monitoring, reviewing and ensuring continuous improvement in the development and implementation of the Framework described within this document. The components of this quality management approach are as follows: Assurance Statement: The County Council will make a statement annually in its financial statements (and refer to this in the Council Plan) on how it is complying with its Corporate Governance Framework, including how the County Council has monitored the effectiveness of this in the year, and any planned changes for the coming year. The Director of Law and Performance Management, as Monitoring Officer, will make an annual report to the Governance Committee on the health of the Corporate Governance Framework in support of making the annual statement. To provide a back up to this process, the owner of each code and procedure will complete a selfassessment form. Benchmark audits of compliance with the Framework will be conducted from time to time using, for example, the Local Government Association s guidance. Training and development programmes devised and implemented by Personnel Services as appropriate. Every code, standard, or guidance should be recorded using the following essential and desirable criteria for each record: Essential: title of document and category links with other codes, standards or guidance reviews, changes made to codes, standards and guidance version & date marked frequency of review or event trigger for review

9 the owner : the Responsible Senior Officer (for day-to-day matters) who has authority to change or update (e.g. chief officer or Governance Committee) up-to-date audience and circulation list method of storing master document (e.g. word & version/location) method of distribution (e.g. electronic or paper) method of promotion or rollout (e.g. training, coaching, team brief, self learning) Desirable: quality check on distribution name of person checking, date and outcome quality check on the understanding and practice of content (impact) name of person checking, date & outcome type of document issued and style to be adopted available on Intranet (yes or no) size of document (e.g. number of words) New codes, standards or guidance may be suggested to the Corporate Governance Group [via Lead Officers]. (Legislation or internal continuous improvement may prompt these.) Compliance checks on effectiveness of distribution and impact may be carried out by internal auditors. These in turn may lead to continuous improvement.

10 APPENDIX B Introduction to Risk Management Strategy 1. The first strategy document addressing the issue of risk management for East Sussex County Council was produced in It was subsequently revised very slightly in 1998 as part of an updating process that was undertaken before making it available to members. Since 1993 risk management has developed significantly and the manner in which it is carried out has also changed significantly. In the light of these changes it was deemed necessary to update the County Council s Risk Management Strategy. 2. The Cadbury Report published in 1992 changed the way in which organisations thought about corporate governance. Corporate governance itself is simply the system by which organisations are directed and controlled. It is not therefore a new concept but it came to prominence in 1992 when the Cadbury Report sought to enshrine the principles of good corporate governance in a set of procedures. Whilst the Report was concerned with the private sector there were at the same time concerns about the public sector and the lack of accountability of public service bodies and public servants. This led to the setting up of the Nolan Commission on standards in public service that began by taking on board the findings and recommendations of the Cadbury Committee. 3. After Cadbury came Hampel in The Hampel Report did not really change any of the principles enunciated in the Cadbury Report but it did contain the following statement: The importance of corporate governance lies in its contribution both to business prosperity and to accountability. In the UK the latter has preoccupied much public debate over the last few years. We would wish to see the balance corrected. 4. In the public sector we can see the above concerns being addressed through the government s modernisation agenda for public services that is about addressing this same balance. The government s white paper addressed performance management (best value), political structures and the ethical framework. It takes tangible form as Best Value and the drive for continuous improvement. Internal control and the process of accountability remain essential to good governance; but leadership, innovation and partnership are crucial too. 5. The Cadbury Report began to raise the profile of risk management by recommending that directors should make a statement in their annual reports on the effectiveness of their internal control systems but the real risk management watershed came with the Turnbull Report in Under this regime listed companies have to comment in their annual reports on all controls including financial controls operational controls, compliance controls and risk management. Turnbull requires that the risk management and control process should be embedded in the normal management and governance procedures and not be done as a separate procedure simply to meet regulatory requirements. Since the Turnbull Report was published it has become apparent that the Audit Commission will be likely to use many of the recommendations in the Report as a guide to best practice for the public sector. The important change to corporate governance recommended in the Turnbull Report is the close involvement in and responsibility for risk management by Chief Officers. 6. In the early 1990 s risk management in the public sector was primarily about the protection of physical assets with some emphasis on the systems necessary to ensure compliance with the then emerging Health and Safety legislation to minimise the impact of liability claims. Since that time the concept of holistic risk management has come into being and it is now accepted as the norm. Organisations are now accepting that risk management relates to everything they do and does not relate solely to insurable risks. 7. The challenge for local government is made even greater by the significant changes in the way in which it provides local services. Traditionally public sector bodies have both planned and delivered services. The Government s modernising agenda looks to see much more of a mix in the future. While the public sector may retain its role as the senior body responsible for the planning

11 and management of services, an external provider may well provide delivery. This may take the form of a Private Finance Initiative (PFI) or one of a number of different public, private or voluntary partnerships. 8. In all of these cases the treatment and management of risk will be much more complex than was the case when everything was done in-house and made much more complex still by the fact that public and private sector bodies see risk in very different ways. The long term commitments that local authorities are entering into in respect of PFI undertakings are already posing some pertinent questions concerning value for money, continuous improvement and the maintenance of flexibility for long term strategic planning. Aims and Objectives 9. The operations of all departments of the County Council already require risk management input from line managers on a daily basis as part of the routine responsibilities of their job and the next logical step is to include a reference to risk management in all line managers job descriptions along with business planning objectives. 10. In addition, some functions and activities of the County Council have very specific Risk Management connotations, these are: Insurance and risk management relating to insurable risks. Health and Safety Emergency Planning Business Continuity Planning Internal Audit Project Management Contract Management 11. Major risks to the operations and assets of the County Council are spread across all Departments but fall into five broad categories as follows: People Knowledge and Skills Premises Plant and Equipment Information Finance Supplies or Services provided by third parties 12. The main aim of risk management within the County Council is to identify, analyse, control and monitor all these risks such that the authority can safeguard its assets, minimise its liabilities and ensure the maintenance of service delivery. 13. Due to the fact that Risk Management impacts in many different ways upon different parts of the organisation a small number of groups with responsibility for monitoring and controlling the management of risk in certain key areas need to be maintained. Such Groups include: Risk Management Group Health and Safety Liaison Group Emergency Planning Group Business Continuity Planning Group 14. The first three already exist, and the fourth is being proposed as part of improved business continuity planning arrangements. 15. Internal audit activities support the Section 151 responsibility to ensure that the Authority's financial affairs are properly administered. In this Authority this has been delegated by the County Council to the County Treasurer. There is regular dialogue with chief officers and

12 senior finance managers and specific reporting to the Audit Scrutiny Committee. In addition internal audit issues will continue to be discussed with chief officers and senior managers through the annual consultation process on the internal audit plan. 16. All of these groups will invariably have a cross-departmental role and will help to focus the attention of different departments upon a particular risk management issue. All of the Groups should report to Chief Officers through COMT and to Cabinet where appropriate. Information Base 17. No organisation can operate a satisfactory risk management strategy without an adequate information base. The key elements of the County Council s information base are: a) A Claims Handling System and Policy Register b) A Property Register c) An Inventory of all General Fleet Vehicles and Leased Cars d) An Inventory of all other Major Assets (Computer equipment represents the major part of the County Council s physical assets after buildings and vehicles). e) The annual internal audit assessment of risks supporting the internal audit plan f) Health and Safety Policies g) Health and Safety Risk Assessments h) Training Records i) Personnel Records j) Codes of Conduct such as Standing Orders and Financial Regulations 18. Some of these databases are already complete and self contained within an existing computer system. Others such as the inventory of all major assets are fragmented and contained within a mixture of mechanised and manual systems. The maintenance and integrity of these databases will be critical to successful risk management. Evaluation of Exposures 19. The general message of the Turnbull report is that there should be a formalised procedure for the identification, analysis, control and monitoring of risk in the organisation concerned. The key features of the procedure need to include:- A systematic, structured process to identify, assess, and manage risks Consideration of all risks including business reputation and operational risks in addition to financial risks A highly focused and effective system to minimise disruption and resultant additional costs A clear and concise system for reporting key risks and issues to Chief Officers 20. In order to achieve these objectives a series of steps are required including the following: Definition of Business Risk Units Setting up of a risk ranking and prioritisation scheme Identification of threats, assessments of risks and identification of control measures Categorisation and identification of key risks Definition of control measures and monitoring of effectiveness Formalised systems for introducing the above procedures will be pursued. Loss Control 21. Loss control within the County Council takes many forms and has evolved considerably over the last two or three years, partly in response to changes in risk management thinking, partly due to changes in risk and partly due to changes in legislation. Potential risk exposures fall into

13 five main categories as mentioned in section 2, i.e. People, Knowledge and Skills, Premises, Plant and Equipment, Information, Finance and Supplies or Services provided by third parties. Examples of current loss control measures in each of the above areas are set out below: 1) People, Knowledge and Skills. Health and Safety at Work legislation has led to a significant reduction in the number of accidents at work and the County Council is now very pro-active in promoting and implementing a comprehensive portfolio of policies covering all aspects of the working environment. Risks to the County Council due to staffing issues are not limited to accidents, however, as it is quite possible to lose significant numbers of key staff through commercial pressures. Personnel policies and remuneration in particular also need to be taken into account in the assessment of staffing risks. People, Knowledge and Skills includes the manner in which personnel operate. Good risk management includes controls and checks on the manner in which staff perform and systems are operated. Loss Control Audits are carried out by Loss Control Consultants appointed by the County Council s Liability insurers. Examples of systems that have been audited are the system for the implementation of the Highways Maintenance Policy and the system for the implementation of Health and Safety policies in schools 2) Premises Plant and Equipment. Departments with large property holdings have their own Buildings Officers who preside over major capital development programmes and sizeable maintenance budgets. Many risk management initiatives such as CCTV at County Hall are funded in whole or in part from this source. The County Council s Property insurers carry out loss control surveys on all major properties and the implementation of any required loss control action points arising from these surveys is monitored and controlled by the Insurance and Risk Management Officer. The risk management budget is the main source of funding available to carry out these loss control improvements. Schools have access to money from the Standards Fund to effect improvements in security and the Education Department has a small budget devoted specifically to security improvements. 3) Information. In so far as computer systems are concerned measures to counter business interruption are constantly being reviewed in the light of the prevailing circumstances. The Year 2000 compliance project carried out during 1999 was an excellent example of pro-active risk management in action. It has been followed up this year with the more broadly based Business Continuity Management project to develop practical arrangements for risk assessment, management and business continuity (see Appendix 2). 4) Finance. Much of the planned internal audit work is designed to gain assurance on the adequacy of internal control within departments. Whilst internal control can include all management controls particular emphasis is placed upon the main financial systems when gathering evidence to enable the auditor to reach a conclusion on the effectiveness of financial controls. Planned systems audits are a key source of evidence of the adequacy of internal control and an important aspect of corporate governance. 5) Supplies or Services provided by third parties. Both of these groups can present significant risks to local authorities and measures need to be taken to ensure that the County Council s position is protected. Due to the fact that a sizeable proportion of the County Council s activity is now undertaken through partnerships and outsourcing, in some shape or form, the following section has been included to deal with these issues in more detail. They are also the areas with the least formalised management controls. Partnerships and Outsourcing 22. Partnerships are very prevalent in local government at present and they do undoubtedly provide the means to undertake certain ventures that would not be practicable on a standalone basis. Partnership ventures can incur liabilities, however, and although this may not be much of a problem when the partners are organisations of some substance, of comparable status and backed by insurance policies with large limits of indemnity, it can become a significant problem if for example, one or more of the partners is a small unincorporated body or voluntary association

14 with little or nothing in the way of assets or insurance protection. When circumstances such as this arise it is most important that the County Council carries out some form of risk assessment relating to its exposures arising out of the partnership arrangement. Currently the PRINCE model is the County Council s adopted method of risk assessment and control for project management and this method provides for the maintenance of a risk log for the duration of the project. No partnership project will be undertaken unless a reasonable system of risk assessment and control can be maintained. 23. The introduction and the preceding section on Loss Control referred to the fact that external providers undertake an increasing proportion of local authority activity. When work is outsourced to third party contractors it is easy to assume that any liabilities arising out of the work will automatically fall upon the contractor. This is far from being the case and the County Council will need to ensure that a whole series of risk management initiatives are in place in order to protect its position. 24. The contract for externalised services is a vitally important document and the skill with which it is drawn up will dictate how successful an authority is in protecting its position in the event of claims from third parties. There are many important clauses in contracts for externalised services but the most important, from a risk management perspective, is the indemnity clause whereby the contractor agrees to compensate the principal for any loss or damage that may arise due to the work being carried out. The terms of this indemnity are vital as a weakly worded indemnity will allow the contractor to avoid dealing with and paying claims which may then fall back onto the principal. There is an emerging trend for contractors to attempt to contract out of responsibilities for their actions. The trend started in the IT industry where service providers were worried about the ramifications of mistakes which could lead to large claims due to cessation of operations caused by the failure of computer systems. The trend is spreading, however, and some general contractors now seek to limit their liability to 100,000 or less. Whilst one cannot contract out of liability for bodily injury to third parties, under Part 1 Section 2 of the Unfair Contract Terms Act 1997 it is possible to do so for third party property damage and financial loss. The County Council will resist any such attempt by a contractor to limit its liability. Funding 25. The funding of risk within the County Council is addressed in three different ways. The first two relate to insurable risks only but the third encompasses all risks both insurable and uninsurable. 1) The first method of funding is simple risk transfer to an insurance company. 2) The second is risk financing through the establishment and maintenance of the internal insurance fund. Substantial assets and potential liabilities are financed by the County Council as follows:- a) 105,000 each and every loss for property claims b) 50,000 each and every claim for liability claims c) All motor own damage claims Stop loss protection is in place for a) and b) at levels of 500,000 and 1,250,000 respectively. This means that the retention of the County Council is limited in the aggregate to 500,000 and 1,250,000. 3) The third method is risk retention and this is where the loss is borne by the department concerned or the County Council centrally, from a revenue budget or from reserves. 26. The County Council is likely to continue to finance its small insurable losses as it is not economic for large organisations to insure small attrition losses where the insurer s premium will include a loading for profit, expenses and insurance premium tax. The risks associated with larger insurable losses will continue to be transferred to insurers.

15 27. It is possible that some form of insurance may be sought against the risk of deterioration in the loss experience of the County Council s insurance fund and investigations are currently under way to ascertain whether this might be a viable proposition. Risk Management Priorities 28. When the first risk management strategy was produced in 1993 this was a relatively easy issue to address with property and potential legal liabilities coming at the top of the list of priorities. Today areas such as business continuity planning and best value compliance are becoming equally important. Taking a more holistic approach to risk management demands that adequate attention be paid to all areas of significant potential risk. Whilst property and potential legal liabilities are still important risk management in the areas of operational efficiency, financial probity, public relations, contract and project management, and planning for disasters are now all regarded as critical issues. The Audit Commission s interpretation of the Turnbull Report is likely to expect line managers and top executives in the public sector to have a firm grip on the identification, analysis and control of risk in their areas of responsibility. The challenge to the County Council is to achieve this objective through the implementation of this strategy. Policy Statement on Risk Management 29. The authority will take all necessary action to protect and preserve its assets from any loss or damage that could affect its ability to discharge its responsibilities to its employees and the community. 30. The Authority will use risk management to identify the risks to which it is exposed, implement the most appropriate measures to avoid, reduce and control those risks and to manage them at the lowest reasonable cost. 31. The Risk Management Group is fundamental to this process and has the full support of the Chief Executive, Chief Officers and Heads of Departments, and staff must be fully supportive of the initiative. 32. It is the responsibility of every Department and Business Unit to implement the Council s Risk Management Strategy. Management at every level is responsible and accountable for managing the risks to which its area is exposed.