POLICY : CORPORATE RISK MANAGEMENT



Similar documents
Risk Management Policy and Process Guide

Bridgend County Borough Council. Corporate Risk Management Policy

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

The Risk Management strategy sets out the framework that the Council has established.

CORPORATE RISK MANAGEMENT POLICY

Risk Assessment Tool and Guidance (Including guidance on application)

Risk Management Within an Organisation

RISK MANAGEMENT POLICY. Version 3

Business Continuity Management Policy

Cost improvement plans Quality Impact Assessment (QIA)

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

RISK MANAGEMENT STRATEGY

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Version: 3.0. Effective From: 19/06/2014

Business Continuity Management

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

RISK MANAGEMENT POLICY

Northern Ireland Blood Transfusion Service

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

How To Manage Risk In Ancient Health Trust

Risk Management Policy

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Bedford Group of Drainage Boards

Quality and Engagement Sub Committee

Solihull Clinical Commissioning Group

PROCEDURE Health and Safety - Incident Investigation. Number: J 0103 Date Published: 18 March 2015

Ratified by: Fully ratified via committee 2008

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

RISK MANAGEMENT AND COMPLIANCE

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Business Continuity Management; Guidance for Policy Implementation

39 GB Guidance for the Development of Business Continuity Plans

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

Project Risk Analysis toolkit

Information Governance Strategy

The Lowitja Institute Risk Management Plan

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT

RISK MANAGEMENT POLICY

How To Ensure That Sovini Is A Successful Business

Fire Safety Policy. This section must be completed for all documents. Mark Garthwaite, Fire Team Manager, SERCO ASP

Project Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee

Information Governance Policy

Risk Management Strategy and Guidelines

V1.0 - Eurojuris ISO 9001:2008 Certified

Corporate Risk Management Policy

ERM Program. Enterprise Risk Management Guideline

Consultation on financial management guidelines for defined benefit schemes

Risk Management in the HSE; An Information Handbook

Managing Risk in Procurement Guideline

IS INFORMATION SECURITY POLICY

Aberdeen City Council IT Security (Network and perimeter)

CCG: IG06: Records Management Policy and Strategy

Equality with Human Rights Analysis Toolkit

Performance Management Unit. Performance Management Framework

Liverpool Hope University. Equality and Diversity Policy. Date approved: Revised (statutory changes)

Specification for Learning and Qualifications for Common Security Industry Knowledge

CCG CO11 Moving and Handling Policy

Business Continuity Management Framework

JOB DESCRIPTION. Corporate Governance Manager. 45 hours per week. Director of Compliance & Governance. London with national responsibilities

Information Governance Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

RISK MANAGEMENT STRATEGY

Business Continuity Policy

London Legacy Development Corporation s Statement of Risk Appetite September 2015

NHS Commissioning Board: Information governance policy

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Shepway District Council Risk Management Policy

Business Continuity Policy

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

The Human Rights Impact Assessment for Security Measures

RISK MANAGEMENT FOR INFRASTRUCTURE

Business Continuity Policy

EQUALITY AND DIVERSITY POLICY & PROCEDURE MICHAEL W HALSALL (SOLICITORS)

Information & ICT Security Policy Framework

Slips, Trips and Falls Policy. Documentation Control

Corporate governance framework and toolkit for working in partnerships

How To Help The Council With Its Finances

Risk Management Policy and Framework

Initial Equality Impact Assessment

Security Management of Government Buildings

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

CCG CO11 Moving and Handling Policy

ENTERPRISE RISK M A NAGEMENT POLICY

The Newcastle upon Tyne Hospitals NHS Foundation Trust. IT Change Management Policy and Process

Risk Management Strategy

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Corporate Health and Safety Policy

Business Planning, Risk Management and Quality. Mike Harris Immediate Past Chairman, AOQ-QLD Manager Business Systems, AECOM

Ethical Sourcing Policy

Asbestos Management Policy

University of New England Compliance Management Framework and Procedures

Annual Leave Policy. Document Owner East and North Herts Clinical Commissioning Group. 2 supercedes all previous Annual Leave Policies

Guide to Developing Risk Management Plans for Sport & Active Recreation Clubs

North East Ambulance Service NHS Foundation Trust. Job Description

General Functions Committee. Meeting Date 22 July 2013 Subject. Insource May Gurney Recycling TUPE Transfer StreetScene Director.

Business Continuity Policy

INFORMATION GOVERNANCE STRATEGY

Transcription:

APPENDIX 5 POLICY : CORPORATE RISK MANAGEMENT 1 Scope This is a Service wide policy. 2 Aims and Objectives Lancashire Combined Fire Authority provides services to a diverse range of people and organisations, in an ever-changing environment. As such the potential for disruption to services or the loss or damage to assets from a vast range of risks is inherent. Therefore, it is essential that the Authority takes appropriate action to minimise the potential for loss or damage through active risk management. 3 Policy POLICY STATEMENT Risk Management is the process of identifying significant risks to the achievement of the organisation s strategic and operational objectives, evaluating their potential consequences and implementing the most effective way of controlling them. RISK MANAGEMENT OBJECTIVES The risk management policy is designed to safeguard the achievement of the Service s objectives through the effective control of risks, which threaten their achievement. In addition the policy is intended: To ensure best value and best practice are achieved in the management of risks. To regard compliance with legal and regulatory requirements as a minimum standard. To identify and respond to changing social, environmental and legislative requirements. 1

To prevent injury, damage and loss to stakeholders and employees or their property. To reduce the overall cost of risk. To integrate risk management into the culture of the Authority. To support staff in their efforts to manage the risks to which they are exposed. To ensure compliance with the Authority s Code of Corporate Governance. RESPONSIBILITIES The variety of risks to which the Authority is exposed is such that a multi-layered approach will need to be adopted to ensure full integration of the risk management culture into all levels of the Authority. Elected Members have the responsibility to ensure the implementation of appropriate risk management structures and processes, and to provide sufficient resources to meet agreed objectives. An elected member sits in the Risk Management Group, to ensure appropriate member input to this group. The Audit Committee has overall responsibility for risk management within the Authority. It is responsible for agreeing the risk management strategy and the risk management policy, as well as reviewing the risk register on a regular basis. This culminates in the Committees consideration of the Annual Governance Statement, which includes reference to risk management arrangements. The Executive Board has overall responsibility for ensuring that the Authority manages risk effectively through the development of a comprehensive risk management strategy and policy and those decisions taken by both the Authority s Members and management give full consideration to the risks associated with those policies. The Service Management Team is responsible for reviewing departmental risks on a regular basis. The Services Risk Management Group is responsible for developing, implementing and reviewing a risk management strategy, setting out the specific programmes, procedures and activities designed to ensure that policy objectives are met, for reviewing actions taken to address key risks and for updating/reviewing the risk register. The Group is also responsible for reviewing departmental risk registers to ensure that any key risks are included on the risk register. Heads of Departments and other Service Management are each responsible for ensuring that proper procedure are in place to effectively identify, evaluate and manage risks within their Service areas. All departments should prepare and maintain a departmental risk register, based on the analysis, in line with this policy and the scoring mechanisms outlined NB: All major projects undertaken will have an associated project risk register as per the Project Management Framework. Heads of Departments and other Service Management should make recommendation as to which departmental risks are transferred to the risk register. Individual managers and employees are each charged with the effective management of the risks associated with their particular roles and duties, and for 2

ensuring that significant risks are identified to senior management as soon as they become known. The risk management group is available to support this activity through the provision of training, information and technical assistance as required. RISK MANAGEMENT PROCESS The basis principles of risk management are the identification analysis, control and monitoring of risks. The processes associated with these are: Risk Identification In order to enable risk to be effectively managed, the nature of the risk must first be identified. This can be done by reviewing the Services/Departments strategic, operational and project objectives and identifying all significant risks, which could impact upon their achievement. This also includes risks associated with business continuity issues. Risk Analysis Once risks have been identified they need to be assessed in terms of their likelihood and their potential impact on the Service/Department/Project. Based on this assessment the risks which require the greatest level of management can be identified, i.e. those with a high likelihood of occurrence and the severity of impact, with the overall risk assessment being the combination of the two scores, as set out below (Note, the risk scores are a guide only and some subjective judgement may be required to better reflect the magnitude of the overall risk): Likelihood 5 4 Certain Almost certain Very likely 5 10 15 20 25 4 8 12 16 20 3 Likely 3 6 9 12 15 2 Unlikely 2 4 6 8 10 1 Rare/Very Unlikely 1 2 3 4 5 Minor Noticeable Significant Critical Catastroph ic 1 2 3 4 5 Impact The overall scores represent the relative importance of the combination of impact and likelihood. This feeds a traffic light system which categories risk, in order to identify the relative priorities and the need for action, as follows: 3

high red (a score of 15 or more) medium amber ( score of between 7 and 14) low green (a score of less than7) In order to assess this the following criteria should be applied: Likelihood Probability 5 Certain/Almost certain Greater than 90% 4 Very likely 65% to 90% 3 Likely 35% to 65% 2 Unlikely 5% to 35% 1 Rare/Very Unlikely Less than 5% 1 2 3 4 5 Minor Noticeable Significant Critical Catastrophic Financial 0k - 100k - 100k 250K Service No impact No impact Provision Health Safety Objectives KPIs & Cuts & bruises No impact on objectives No impact on Key Performa nce Indicators Broken bones/illness departmental objectives not met Key Performance Indicators not met by less than 10% 250k - 1m 1m - 2m 2m+ Services reduced but still able to meet statutory duties Loss of life/ major illness One objective not met Key Performance Indicator not met by between 10% & 20% Reputation - - Adverse local media leader Government Relations - - Poor assessments Services suspended and unable to meet statutory duties for a short period Significant loss of life/ major illness Two objectives not met Key Performance Indicators not met by between 20% and 50% Adverse national publicity Service taken over temporarily Services suspended and unable to meet statutory duties for a long period Major loss of life/ large scale major illness objectives not met Key Performance Indicators not met by more than 50% Adverse national publicity for an extended period Service taken over permanently 4

Risk Mitigation Risk mitigation is the process of taking action to minimise the likelihood of the risk event occurring, the frequency with which it might occur and/or reducing the severity of the consequence should it occur. This will involve for example risk avoidance, risk transfer and/or introduction of operating controls. The controls already in place and any additional controls required will be identified and recorded for each of the key risks. (Note the benefit of controls should always be evaluated against the additional cost of these). Risk Recording The risks and control measures will be recorded in a Risk Register in the prescribed format. A process for review of the risks and related controls will be established, to assess how effective the policy has been. The register will contain the following information: Description of risk Assessment of likelihood and impact to determine the risk score Controls in place Controls planned Risk owner Review date Risk Review and Monitoring Corporate and departmental risk registers should be maintained on a regular basis by updating them to reflect changes to existing risks, or to reflect the identification of new risks. On as rolling basis departmental risk registers will be presented to Service Management Team, including a recommendation as to which risk are referred to the Risk Management Working Group for inclusion the risk register. Where risks are referred to the Risk Management Working Group the relevant risk owner must submit a report detailing: What the risk is What the inherent risk is What action has been taken to mitigate against it, including any change since the risk was last reported What the level of residual risk is What further action is recommended and the timeframe for this The Corporate Risk Management Working Group will consider risks flagged up by departmental managers and agree remedial or mitigating actions, determining the overall priority and monitoring progress until such time as the risk is effectively brought under control and can be discharged from the risk register. An audit trail of all changes to the risk register should be maintained. The risk register will be reviewed on an annual basis by the Audit Committee and the success of the control measures evaluated. 5

Note: Projects risks are monitored by the project manager regularly through the life of the project via the Project Risk register and therefore additional reports are not required. The Inclusion of Risk Management Implications in Reports Risk Management implications must be included in all reports so that these can be taken into account in the decision making process. As such a separate section should be inserted in all Committee/Management Team reports in which the author states what, if any, risks have been identified and how these will be managed. If no risks have been identified a statement should be made to that effect. Opportunity Risk The above process deals with risk relating to threats to the organisations achievement of objectives. In addition to these there are also opportunity risks. These arise where there is uncertainty in terms of the outcome of issues, but where there is a potential opportunity to improve services dependant upon the final outcome. In these instances a similar process should be undertaken to that described above: Identify the opportunity Identify which objective it links into Identify what likelihood and impact arising from this are Identify what controls are in place to ensure the opportunity materialises in a positive way Identify an owner to progress and monitor this An example of this is the potential to second lifing of crew cabs and bodies. This provides an opportunity to reduce costs and improve our environmental impact. These would mitigate against the risk of inefficient use of resources and also the impact of our actions on the environment. However, at the present time more work is required and we need to explore more fully the long term cost implications of implementing this policy. Ultimately a decision may need to be made considering the cost of taking the opportunity against the benefits received. In this case if the long term costs of second lifing cabs and bodies does not deliver any savings it may still be work considering from an environmental impact. If, on the other hand it costs more in the long term a decision would need to be made as to whether the additional costs were outweighed by the environmental benefits. 4 Equality and Diversity Impact Assessment The changes do not impact on the previous Equality and Diversity impact assessment which did not identify any issues for further consideration. 5 Reference Documents None 6

6 Approval Agency Audit Committee 7

7 Approval Dates This Policy was originally approved in March 2006 This version was approved in Jan 2011 This version takes effect from Jan 2011 This Policy was reviewed in Jan 2011 Next review date March 2012 8 Policy Sponsor Director of Finance 9 Diversity and Equality Statement Lancashire Fire and Rescue Service is committed to the principles of diversity and equality and the elimination of discriminatory practices. These principles are applied to the treatment of all individuals, whether members of the public, or own staff, be those fire officers, support staff or volunteers. This policy will be implemented in a non-discriminatory manner. Members of Lancashire Fire and Rescue Service administering this policy are responsible for ensuring that in their application, those to whom the policy applies, shall not receive less favourable treatment because of their age, colour, disability, ethnic or national origin, gender reassignment, marital status, nationality, race, religion, sex or sexual orientation. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information