Risk Management Within an Organisation

Transcription

1 COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority provide services to a diverse range of people and organisations, in an ever changing environment. In these circumstances the potential for disruption to services or loss/damage to assets from a vast range of risks is inherent. It is therefore essential that the Authority takes appropriate action to minimise the potential for loss or damage through effective risk management. 1.2 The Authority recognises that risk management is an essential component of effective corporate governance. The process should be continual, embedded within the culture of the Service and provide a focus for the whole of the organisation. 2. POLICY STATEMENT 2.1 Risk management is the process of identifying significant risks to the achievement of the organisations strategic and operational objectives, evaluating their potential consequences, and implementing the most effective way of controlling them. 2.2 The Authority is committed to embedding risk management through effective leadership and the development of a risk aware culture. 3. OBJECTIVES 3.1 Effective risk management will assist the Authority to deliver on its objectives and will ultimately enable the Authority to Have increased confidence in achieving its desired outcomes; Manage threats to acceptable levels; Make informed judgements about embracing new challenges and opportunities; Page 1 of 7

2 Anticipate and respond to changing social, cultural, environmental, and legislative requirements; (e) Safeguard the employees, the public and others affected by the Authority s activities by preventing injuries, damage and loss. 3.2 These objectives will be achieved by Raising the awareness and integrating risk management into the culture of the organisation; Incorporating risk management into the decision making, business planning and performance management processes; Allocating roles and responsibilities with clear reporting lines; Monitoring risk management and corresponding control arrangements on a regular basis. 4. RISK APPETITE AND RISK TOLERANCE 4.1 The Authority s corporate aims and objectives are influenced strongly by our risk appetite. Risk appetites and tolerances dictate the nature and level of risks that are acceptable. 4.2 Risk appetite represents the risks that we are prepared to take in the delivery of our corporate objectives and fulfilment of our vision 4.3 Risk tolerance represents the threshold of risk that is acceptable based on the capabilities and resources to manage the identified risks. 5. DEFINITIONS 5.1 Risk is the uncertainty of an event occurring that could have an impact on the achievement of objectives. 5.2 Qualitatively, risk is defined as being proportional to the expected impact which can be caused by an event and to the probability of this event occurring. The greater the impact and the more likely the event, then the higher the overall risk. 5.3 Risk = Likelihood of an event x Impact when it occurs 5.4 Residual risk is defined as the exposure arising from a specific risk after action has been taken to manage it and making the assumption that the action is effective Page 2 of 7

3 6. ROLES AND RESPONSIBILITIES 6.1 Duties of the Combined Fire Authority Appoint a member champion who will act as the advocate to the Authority for effective risk management; Hold the Service Leadership Team (SLT) accountable for the effective management of risk; To ensure that funds and facilities are available to meet the requirements of the risk management policy. 6.2 The Chief Executive has the overall responsibility for County Durham and Darlington Fire and Rescue Service with regard to the implementation of the Service s Risk Management policy, including reference to the following main responsibilities To lead by personal example in their actions and decision making at work, in order to reinforce the principles of effective risk management; To monitor the administration of the policy; To advise the Combined Fire Authority of the development and priorities of significant risks, particularly the allocation of resources required, preventative measures undertaken and any other relevant matters. 6.3 Duties of the Service Leadership Team (e) (f) Ensure the adequate level of resources to implement this policy and any procedures that support its implementation; Monitor and Review the Corporate Risk on a regular basis including the scrutiny of mitigating actions; Take responsibility for risks in their area of responsibility; Identify areas of emerging risk from a local, regional and national perspective; taking cognisance of the National Risk and the Community Risk for County Durham and Darlington; Carry out a full review of review of the Corporate Risk on an annual basis; Ensure corporate risks are focussed on strategic priorities and managed through the IRMP. Page 3 of 7

4 6.4 Duties of the Service Management Team (Performance) Report to SLT periodically on updates to the Corporate Risk ; Report to SLT on risks that have been elevated from Section Risk s to the Corporate Risk, including patterns of risk, estimated cost to the Service if the risk was realised and the proximity (i.e. the timing of the risk, when it may happen and when its threat will cease); Scrutinise the mitigating actions to address risks; reporting on these actions to SLT on an exception basis; Scrutinise and determine which risks from Section Risk s should be elevated to the Corporate Risk and periodically notifying SLT of any risks that are added to, or removed from, the Corporate Risk. 6.5 Duties of Section Heads Identify and manage risks in their own section; Escalate perceived strategic risks to their Head of Service or SMT (P) for further assessment. 6.6 Duties of the Risk Audit Manager Periodically request the status of each risk from the Risk Owner (or appointed holder). Notification of the change of status of a risk shall be accompanied with information relating to the amended impact on the Service, any changes to the delivery mechanism, mitigating actions, proximity and the residual risk score. The day to day management of the Corporate Risk to ensure all data remains valid. Producing reports to all relevant stakeholders 6.7 Duties of all employees Identify risks in their own area of work Escalate perceived risks to their line manager for further assessment. Page 4 of 7

5 7. RISK REGISTERS 7.1 Four types of risk register are maintained by the Service: The Corporate Risk is the main register used to control and monitor the strategic risks facing the Service. Risks that are contained within the Corporate Risk are those risks that are identified as Key Business Risks, which comprise circumstances or factors which would have a negative impact on the operation of the Service if they were to occur. The Section Risk maintains risks that have been identified and which can be managed at a section level. Risks managed within each section risk register are not identified as Key Business Risks that need to be monitored through the Corporate Risk. Project Risk s maintain the risks associated with the completion of individual projects that the Service is progressing. Risks at this level are usually managed as part of the ongoing project risk management. If a project risk is deemed to be significant, then it will be escalated to the Section Risk and ultimately the Corporate Risk if required. The Community Risk is maintained by the Joint Emergency Liaison Group. The nature of the Community Risk may result in risks being included within Section Risk s and the Corporate Risk. 8. THE HIERARCHY OF RISK REGISTERS 8.1 Risks within the risk registers can flow vertically between each register as risks are reviewed, identified and re-scored. Risk Management within the Service is dynamic and risks within each register will change as the risk profile changes over time through implementation of mitigating actions or as the environment changes. Section Risk Corporate Risk Project Risk Page 5 of 7

6 9. IDENTIFICATION AND REVIEW OF RISKS 9.1 The identification of risks to the organisation is a fundamental aspect of the corporate planning cycle. On an annual basis, as part of the Authority s review of strategic priorities, existing risks are reviewed by the SLT and any new risks are identified. 9.2 Whilst the identification of risks by SLT is a fundamental component of risk management, ongoing risk management and risk identification by all managers is essential to the ongoing management of the process. 9.3 The process of risk management will identify significant risks to the Service and communities of County Durham and Darlington, and will help to identify the IRMP projects required to mitigate corporate risks. Corporate Risk New Risks Identified through assessment of Strengths, Weaknesses, Opportunities and Threats to the Service Risk Review Exercise (Part of strategic priority review) Revised Corporate Risk Delivery mechanism of mitigating actions (E.g. Corporate Plan, Integrated Risk Management Plan, etc) Page 6 of 7

7 10. AUDIT AND REVIEW 10.1 This Policy will be subject to an annual review to ensure that procedures highlighted within, continue to remain current and appropriate. Any recommendations resulting from such reviews will be implemented into the existing policy by a member of the Risk Reduction Section. Risk Audit Manager July 2010 Page 7 of 7