APPENDIX 2 GENERIC OPERATIONAL RISKS RISK TABLES & ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006

Transcription

1 APPENDIX 2 GENERIC OPERATIONAL S TABLES ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006

2 GENERIC S AFFECTING MOST OR ALL SERVICES OPERATIONAL S OF HYNDBURN BOROUGH COUNCIL PROFESSIONAL LIKELI- HOOD IMPACT RATING CONTROLS LIKELI- HOOD IMPACT RATING ACTIONS RESPONSIBLE PRIORITY Failing to recruit and retain suitably qualified staff Risk of inappropriate professional judgement or advice given by Officers FINANCIAL * Investors in People accreditation * Job Evaluation * Professional, Trained and Qualified staff * Investors in People * Maintain Review of conditions compare to external markets * Undertake a pay and grading review for implementation by March 2007 * Compare Market Rates * Recruitment and selection procedures * Continue training programmes and IIP * Support CPD Failure to monitor and ensure spending is within budgetary limitations Failure to manage projects effectively and ensure contracts are VFM Failure to properly budget for the termination or continuation of fixed term contract posts * Budget Statements issued to Heads of Service by Accountants * Competent/Qualified Staff * Contracts Standing Orders * Staff Training * Contract Specifications and monitoring * Cascade apply project management skills * HR Policies and Procedures * Accountancy Budget Advice * Improved Management Information * Ensure training updated as required * Review of Procurement Strategy * Ensure all Officers are aware of Standing Orders for Contracts * Dev. of PM Protocol * Budget Planning * Sourcing of continuation funds * Redeployment options if applicable New Financial Risk Failure to insure Council buildings for rebuild value in the event of fire or other incident * Limited Insurance Cover * Review Insurance Cover * Review process and security of buildings e.g. remote sites * Review sums insured by starting annual valuation review Corporate Property Manager

3 programme using specialist quantity surveyor support ( 5000 allocated for 2006/07 to re-start this programme) OPERATIONAL S ACTION PLAN GENERIC S AFFECTING MOST OR ALL SERVICES PROFESSIONAL Failing to recruit and retain suitably qualified staff Risk of inappropriate professional judgement or advice given by Officers FINANCIAL Failure to monitor and ensure spending is within budgetary limitations Failure to manage projects effectively and ensure contracts are VFM Failure to properly budget for the termination or continuation of fixed term contract posts ACTION PLAN Respond to the requirement to produce a Pay and Workforce Strategy (including Workforce Development Plan) by March 2007 Ensure that Hyndburn receives \ good CPA rating and its attractiveness as an authority is retained. Equal pay review needs to ensure that salaries remain attractive Taking Part in the National Graduate Development Programme Undertake Job Evaluation and make recommendations for Pay Policy and pay and reward arrangements Review Employee Benefit Schemes Implementation of Redeployment Policy to provide a commitment for fixed term workers Regular Supervision Meetings Appointment of appropriately trained and professionally qualified staff. Identify training and development needs at appraisals Professional Indemnity Cover Keep abreast of legislative change and CPD requirements via professional bodies Undertake Service Quality Questionnaires with internal service users Ensure that staff are fully trained through IIP appraisal process and that proper management lines of supervision are followed. Appropriate profiling of year s budget using efinancials system, and in-year re-profiling if/where appropriate, exist and need to be maintained and monitored. Improved financial information for service managers is a key corporate priority. New Service Managers in particular need training on financial and budget management Line Managers have role in this and E-Financials usage training can be obtained from the Service Accountant and Principal Accountant (Systems) Regular (monthly) budget monitoring and forecasting addressing under/overspends Devise coping strategy for services affected by financial changes Ensure Accountancy colleagues have opportunity to input into external funding bids to ensure staffing and related costs are properly identified. IT intention to develop own project management framework if corporate approach does not materialise. Use competent staff. Completion of the review of the procurement strategy Introduction of in-house project management methodology Recruiting managers to be made fully aware of the financial implications of recruiting to fixed term contract posts, with a view to making appropriate budgetary provision. The Redeployment Policy has been revised to make it clear that employees with at least 2 years continuous service are protected by the provisions of the RP, including redundancy entitlement. Colleagues with less than 2 years continuous service (and therefore no redundancy entitlement) will be considered for alternative posts without ring fenced protection. HR to provide a guidance and advisory note on the above New Financial Action Plan Failure to insure Council buildings for rebuild value in the event of fire or other incident Level of Insurance should be reviewed and consideration be given to insuring those premises deemed to be important or revenue generating for the Council Review security of remote buildings and consideration of alternatives to insurance also considered to ensure value for money in use of resources There is a possibility of insurance claims being prejudiced if insurance valuations are not monitored and reviewed as part of an annual valuation programme. This process has started and needs to be kept under review. OPERATIONAL S

4 OF HYNDBURN BOROUGH COUNCIL GENERIC S AFFECTING MOST OR ALL SERVICES LEGAL LIKELI- HOOD IMPACT RATING CONTROLS LIKELI- HOOD IMPACT RATING ACTIONS RESPONSIBLE PRIORITY Risk of litigation arising from poor advice or work carried out by Officers or non-compliance with legislation PHYSICAL * Competent / Qualified Staff * Management Supervision of Staff * Staff Training * Continue existing processes * Ensure training kept up to date * Legislation reviews for updates Failure to comply with Health Safety Legislation both in and around the workplace. Risk on personal safety when dealing with members of the public both in, around or outside the workplace Loss or damage of facilities or buildings occupied by the Council by fire or other resulting in short to long term unavailability Failure to protect buildings from criminal damage Failure to deliver core business activities for several weeks due to high levels of staff absenteeism resulting from infectious disease, flu pandemic or similar * Health Safety Officers * Health safety is part of employee induction * Health Safety Policy Procedures * Health Safety Policy Procedures * Protocols for working alone * Protocols for dealing with the public *Fire alarms / equipment installed and regularly tested / maintained. *Trained Fire Marshalls Boarding up clearance property Intruder alarms CCTV Inspection * Regular Training * Implement Corporate HS plan of action agreed by Cabinet Dec04 * Annual Programme Health Safety refreshers * Continue existing arrangements * Programme of Risk Assessment Reviews appropriate to Service *Temporarily relocate staff into other accommodation. *Check maintenance contracts *Regular alarm tests and evacuation procedures. *Check feasibility of renting private office space. *Review insurance cover. * Devise disaster recover plan by April Clarify responsibility to protect Crime prevention surveys (cost implication) * Develop Business Continuity Strategy * Devise disaster recovery plan by April 2006 Service Managers

5 OPERATIONAL S ACTION PLAN GENERIC S AFFECTING MOST OR ALL SERVICES LEGAL Risk of litigation arising from poor advice or work carried out by Officers or non-compliance with legislation PHYSICAL Failure to comply with Health Safety Legislation both in and around the workplace. Risk on personal safety when dealing with members of the public both in, around or outside the workplace Loss or damage of facilities or buildings occupied by the Council by fire or other resulting in short to long term unavailability Failure to deliver core business activities for several weeks due to high levels of staff absenteeism resulting from infectious disease, flu pandemic or similar ACTION PLAN Appointment of appropriately trained and professionally qualified staff. Identify training and development needs at appraisals Professional Indemnity Cover Keep abreast of legislative change and CPD requirements via professional bodies Training for other technical staff authorised to issue enforcement notices e.g. Duty of Care s74 EPA (Environmental Health) Ensure that proper management advice and supervision is applied to all professional activity Annual Programme Health Safety Refreshers New premises risk assessments 2006 Joint initiative/partnership with HSE to improve corporate health and safety performance. Plan of action approved by Cabinet Dec 04. The Community Services Directorate manages Health Safety in accordance with Corporate Health Safety Policies. Through representation on CHAST, training needs for staff have been identified to strengthen knowledge particularly regarding risk assessment, COSHH and manual handling. Training courses arranged before March 04. Service site specific induction, new plant, equipment, vehicles and work practices training regimes in place. Continual review of training requirements and continuous review of risk assessments Ensure that regular Health Safety checks are carried out and action taken in case of non-compliance Programme of Risk Assessment Reviews appropriate to Service Arrangements for staff to move cars nearer building when working late / alone Site specific risk assessments give consideration to both employees and others who may be affected by the Council s operations Provision of suitable support, counselling and training Circulate and brief Team on guidance on dealing with disruptive members of the public Devise Disaster Recovery Plan by April 2006 Review Insurance cover annually Civil Contingencies Group preparing Service Continuity Planning arrangements. Draft Plan and Policy prepared together with response plans for critical services. Emphasis on planning for human flu pandemic. Progress reported quarterly to CMT. Draft SCP Plan and Policy submitted to CMT 6/12/06 Civil Contingencies Group preparing Service Continuity Planning arrangements. Draft Plan and Policy prepared together with response plans for critical services. Emphasis on planning for human flu pandemic. Progress reported quarterly to CMT. Draft SCP Plan and Policy submitted to CMT 6/12/06

6 OPERATIONAL S OF HYNDBURN BOROUGH COUNCIL GENERIC S AFFECTING MOST OR ALL SERVICES TECHNOLOGICAL Unexpected system failures impacting onto the delivery of services Lack of investment in technology refresh programme prevents compliance with minimum machine specifications dictated by software suppliers. Failure to adequately protect against IT abuse (e.g. virus infection, hacking, sabotage, accessing unsuitable material, unlicensed software, misuse of personal data, breach of law, theft, fraud) * Software Maintenance Contracts * IT Support * Backup Procedures * Emergency Plan * Competent/Qualified Staff * Purchase or otherwise utilise (by swapping) minimum number of machines required that confirm with suppliers software minimum specification when required * Refresh taking place based on essential users first * Virus protection software * Network protection * Internet monitoring * Communications Policy * IT Standards Guidelines * Good communications between System Owner, ICT and Software Company * Revise disaster recovery plan by September 2006, in liaison with Business Continuity Working Group * Regular reminder to CPWG and CMT to request that budget allocations are prioritised to this need * Ask Services to realign their own budgets to self fund any PC replacements required * Continue existing controls * Ongoing review of adequacy of controls and policies and guidelines * Improve software licensing arrangements and procedures Head of ICT Head of ICT Head of ICT With support from Legal Service Audit Services

7 OPERATIONAL S ACTION PLAN GENERIC S AFFECTING MOST OR ALL SERVICES TECHNOLOGICAL Unexpected system failures impacting onto the delivery of services Lack of investment in technology refresh programme prevents compliance with minimum machine specifications dictated by software suppliers. Failure to adequately protect against IT abuse (e.g. virus infection, hacking, sabotage, accessing unsuitable material, unlicensed software, misuse of personal data, breach of law, theft, fraud) Downtime definition to be agreed with customers to allow appropriate monitoring / reporting Help Desk system is monitoring responsiveness and driving improvement Customer interfaces to be given priority Ensure that files are saved regularly and that back-up copies are made of all important projects Investigate possibility of outsourcing data management Revise disaster recovery plan by September 2006, in liaison with Business Continuity Working Group Refresh is taking place on an essential need basis due to funding available. Priority is being given to the users of systems not being properly supported by existing PC s. This is issue will continue to be pursued with. The Head of Audit has access to and reviews the Surf Control reports to ensure compliance with the policy. a) Internet monitoring software b) Software inventory to be created (timescale to be agreed after hardware inventory finalised) c) Virus protection software d) Investigating new firewall technologies completed. A DMZ between outside world and back office systems created September 2005

8 OPERATIONAL S OF HYNDBURN BOROUGH COUNCIL GENERIC S AFFECTING MOST OR ALL SERVICES ENVIRONMENTAL Failure to conserve energy thus resulting in excess costs to the Council and a negative impact on the environment * Some use of energy efficient lighting * Increased use of energy efficient lighting * SAP rating of each Council building * Devise implement energy reduction plan as part of rationalisation of offices 2006 INFORMATION ] Failure to ensure that personal data is kept securely in accordance with Data Protection Act and Freedom of Information Act * Staff Training * Personal Data kept securely with access restricted * Data Protection Officer Registration * Freedom of Information Act Procedures * Maintain reviews of information held to ensure retention is in accordance with the Policy * Ensure that information is retrievable in accordance with the provision of the Freedom of Information Act * Review data sharing issues with transfer of functions to external agencies 2006 * Review FOI requirements with transfer of functions 2006

9 OPERATIONAL S ACTION PLAN GENERIC S AFFECTING MOST OR ALL SERVICES ENVIRONMENTAL Failure to conserve energy thus resulting in excess costs to the Council and a negative impact on the environment INFORMATION Failure to ensure that personal data is kept securely in accordance with Data Protection Act Freedom of Information Act Inter-departmental staff group Changing the Climate meets on regular basis to initiate and co-ordinate improved environmental performance. Group has secured plot energy audits of Town Hall and Cannon Street offices and drafted action plans for these buildings. Build sustainable resources into procurement process. Switch lights and pc s etc. off when leaving buildings Review energy supply contracts Brief staff through Newsround on energy efficiency measures. Service managers to monitor and remind. Awareness campaigns through budget savings. Devise Implement energy reduction plan as part of rationalisation of offices 2006 Management plans for control of contamination, asbestos, legionella etc Appropriate staff aware of responsibilities Ensure that staff are aware and all records kept in accordance with data Protection Legal staff available to advise about requirements for disclosure of some third party information under Freedom of Information Act 2000 Ensure good housekeeping in terms of clear information storage to allow retrieval for a FOI request and also ensure that information not required to be kept is properly disposed of. Review data sharing issues with transfer of functions to external agencies 2006 Review FOI requirements with transfer of functions 2006