Audit & Scrutiny Committee

Similar documents
Confident in our Future, Risk Management Policy Statement and Strategy

Bridgend County Borough Council. Corporate Risk Management Policy

The Risk Management strategy sets out the framework that the Council has established.

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Cabinet. Corporate Performance Monitoring Report: Third Quarter Agenda Item: Date of Meeting 16 March 2016

London Legacy Development Corporation s Statement of Risk Appetite September 2015

Risk Management & Business Continuity Manual

People Strategy 2013/17

SUBJECT: Talent Management Strategy Councillor Sandra Walmsley (Cabinet Member for Resources and Regulation)

Appendix 4 - Statutory Officers Protocol

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT

Revised Risk Management Policy and Framework. Report by Head of Finance

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

RISK MANAGEMENT STRATEGY

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

The report rated this area Substantial Assurance and made 2 housekeeping recommendations.

Bedford Group of Drainage Boards

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Risk Management Policy and Process Guide

V1.0 - Eurojuris ISO 9001:2008 Certified

BUSINESS CONTINUITY MANAGEMENT POLICY

Merthyr Tydfil County Borough Council

Risk Management Strategy

Risk Management Within an Organisation

RISK MANAGEMENT POLICY (Revised October 2015)

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

Corporate Risk Management Policy

PM Governance. Executive Team ADCA ADCA

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Team Business Continuity Plan Guide

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

Risk Management Policy

Solihull Clinical Commissioning Group

Risk Management. Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

REPORT 4 FOR DECISION. This report will be considered in public

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Risk Register Policy and Procedure

Performance Detailed Report. May Review of Performance Management. Norwich City Council. Audit 2007/08

Report to: Public Trust Board Agenda item: 11 Date of Meeting: 18 December 2013

Quality Impact Assessment. Executive summary

Avondale College Limited Enterprise Risk Management Framework

Version: 3.0. Effective From: 19/06/2014

Business Continuity Policy. Version 1.0

HARLOW COUNCIL PERFORMANCE MANAGEMENT FRAMEWORK

Manchester City Council Report For Resolution. Report to: Personnel Committee - 25th September 2012

Annual Governance Statement

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

APPENDIX C. Internal Audit Report South Holland District Council Project Management

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management Statement, Strategy and Policy. Index. Risk Management Statement page 2. Risk Management Strategy page 2

MEMBERS CONSIDER THE RISK STRATEGY AND RECOMMEND APPROVAL TO COUNCIL.

SNH/11/11/B CORPORATE RISK MANAGEMENT POLICY AND RISK REGISTER

TRUST POLICY FOR EMERGENCY PLANNING

Risk Management Plan

Appendix 1: Performance Management Guidance

DATA QUALITY POLICY PORTFOLIO RESPONSIBILITY: CORPORATE, CUSTOMER SERVICES AND HUMAN RESOURCES CABINET 10 APRIL 2008

Lancashire County Council Information Governance Framework

Risk Management in the HSE; An Information Handbook

DRAFT Revised Guide to the National CDEM Plan 2015 July 2015

Risk Management Strategy

Commissioning Strategy

Agency Board Meeting 28 July 2015

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Project Risk Analysis toolkit

CAMBRIDGE CITY COUNCIL

Group Risk Management Policy

Quality and Engagement Sub Committee

POLICY : CORPORATE RISK MANAGEMENT

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010

Risk Management Policy

Good Governance Guide. Risk Management in Community and Comprehensive Schools

Risk Management Policy

Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February Governance How we manage our business

NHS Act 2006 Section 75 Agreements 2015

Annual Governance Statement 2013/14

Risk Management and Business Continuity Strategy.

Project, Programme and Portfolio Management Delivery Plan 6

Information Governance Management Framework

Shepway District Council Risk Management Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Report to Cabinet 28 January 2013 Item No 16 Strong and Well: Strengthening Support for Older People in Norfolk

Northern Ireland Blood Transfusion Service

Risk Management Framework

SMS0045 Construction Health and Safety Policy and Procedures

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

Emergency Management and Business Continuity Policy

Risk Management within Chief Executives and Corporate Finance

Strategic Alliance. Business Continuity Policy

1.0 Policy Statement / Intentions (FOIA - Open)

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1

TRUST BOARD - 25 April Health and Safety Strategy Potential claims, litigation, prosecution

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

BUSINESS CONTINUITY STRATEGY

Transcription:

Page 1 Annual Risk Management Report Audit & Scrutiny Committee Agenda Item: 09 Date of Meeting 23 February 2016 Officer Chief Executive Subject of Report Annual Risk Management Report Executive Summary The continual development and promotion of risk management will ensure that the Council is well placed to demonstrate that objective and informed decisions are taken and that the Council is ultimately in a strong position to successfully face and address the challenges ahead. This is particularly important in respect of taking informed decisions in relation to opportunities available to deliver the Forward Together programme. This report provides an update to Audit and Scrutiny Committee of the progress made by the Council in enhancing and embedding risk management during 2015, and specifically to: Provide an update on the most significant risks identified within the corporate risk register; Highlight some of the key activities undertaken, positive recognition received and headline areas of work for the Risk Management function for 2016; Present the draft of the revised Risk Management Strategy. This report also provides members with a progress update on any items that were identified as Amber in last years Local Code of Corporate Governance Compliance Statement and included in the Annual Governance Statement as areas for improvement.

Page 2 Annual Risk Management Report Impact Assessment: Equalities Impact Assessment: There is no change in policy, or impact on equalities groups, associated with this report. The Risk Management Strategy has been subject to an equality impact assessment. Use of Evidence: The data from this report is drawn from the Council s Corporate Risk Register which is updated by nominated Risk Leads and Risk Owners from all Council Directorates and the Local Code of Corporate Governance Compliance Assessment which is updated by theme leads. Budget: No budget implications specifically, although unmanaged risks may pose a threat to the Council s financial stability. Identified risk improvement measures may also have direct budget implications, each of which need to be subject to a cost/benefit analysis prior to implementation. Risk Assessment: Having considered the risks associated with this decision using the County Council s approved risk management methodology, the level of risk has been identified as: Current Risk: HIGH Residual Risk: HIGH The risk level is identified as High as Appendix B provides an update on those High level risks which are currently identified within the Corporate Risk Register. Other Implications: None Recommendation That Audit and Scrutiny Committee: Note the performance of the key risks on the Corporate Risk Register and progress made in enhancing the Council s risk management arrangements more generally; Consider and comment on the revised Risk Management Strategy; Note the progress of actions taken to improve areas identified as Amber within the 2014/15 local code of corporate governance compliance statement.

Page 3 Annual Risk Management Report Reason for Recommendation Appendices Background Papers Report Originator and Contact To ensure that the Council s risk management methodologies remain current, proportionate and effective in enabling risk informed decisions to be made. Appendix A - Risk Scoring Matrix Appendix B Corporate Risk Register Summary and Exception Report Appendix C Draft Revised Risk Management Strategy Appendix D - Local Code of Corporate Governance Compliance Statement Report to Audit & Scrutiny Committee 10 June 2015 Local Code of Corporate Governance Compliance Local Code of Corporate Governance Compliance Name: Marc Eyre, Senior Assurance Manager (Governance, Risk and Special Projects) Tel: 01305 224358 Email: m.eyre@dorsetcc.gov.uk Name: Mark Taylor, Group Manager - Governance and Assurance Tel: 01305 224982 Email: m.taylor@dorsetcc.gov.uk 1. Background to the Report 1.1 This annual risk management report is provided to ensure that the Audit and Scrutiny Committee (in accordance with their terms of reference) are updated in respect of the Council s approach and current position with regard to risk management. 1.2 The focus within this years report is to provide: o o o An update on the most significant risks within the corporate risk register (High risks and level risks identified as worsening ); An update on key risk management activity undertaken in 2015 and key actions for 2016; An opportunity to comment on the draft revised Risk Management Strategy, which has been aligned to the Healthy Organisation Model; 1.3 This year s report also provides an update on actions identified as Amber in the Local Code of Corporate Governance Compliance Statement for 2014/15, as reported to Committee on 10 June 2015 and which were subsequently included in the Council s Annual Governance Statement.. 2. Corporate Risk Register (CRR) Summary and Exception Report 2.1 The Council continues to operate risk registers at Corporate, Directorate and Programme level. The CRR provides a snapshot of the key strategic risks to achievement of the Council s identified priority outcomes, and specific risk causes aligned to each Directorate. 2.2 The CRR identifies 16 core corporate risks, which is then broken down in to individual potential risk causes that inform the overall risk. Each of these causes has an identified risk

Page 4 Annual Risk Management Report lead (the officer in the best position to actively influence the management of the risk) and a risk owner (the accountable Head of Service or Director). 2.3 Risks continue to be assessed both in terms of the current level of risk and the Risk Lead s view of the acceptable level of risk to tolerate. The prioritisation of risks is based on the matrix included at Appendix A. In determining the level of risk, the risk lead will consider the most appropriate of the five impact categories (financial; strategic priorities and opportunities; health and safety; reputational; service delivery). For a risk to be identified as High, a top level impact would need to be identified in addition to a likelihood greater than 20%. 2.4 The current 16 core risks are as follows: No Risk Risk Level 1 Inadequate finance to meet legislative, political and public High expectations 2 Failure to protect the vulnerable children and young people from abuse or neglect in situations that could have been predicted and prevented 3 Failure to protect the vulnerable adults from abuse or neglect in situations that could have been predicted and prevented 4 Failure to ensure the health and wellbeing of staff, service users and the public 5 Inability of the Council or a key partner to effectively respond to an incident or event 6 Failure in corporate governance which leads to service, financial or reputational damage or failure High 7 Failure to sustain effective relationships across key partnerships High 8 Failure to recognise or respond to commercialisation and income generation opportunities 9 Inadequate infrastructure to meet Council priorities High 10 Failure to deliver service transformation and necessary savings through the Forward Together programme High 11 Failure to manage the commissioning of services 12 Failure to develop services based on evidence and need High 13 Inadequate ICT infrastructure to meet corporate service priorities 14 Failure to develop, recruit or retain suitably competent / qualified staff compromises service delivery Low 15 Rural public transport 16 Information/Data is lost, misapplied or becomes unusable

Page 5 Annual Risk Management Report 2.5 Appendix B provides a more detailed schedule that highlights any risk causes noted as either High or Worsening ). This schedule includes a management response from the Risk Owner. 2.6 The CRR remains a live schedule and in this respect a number of new risk causes were added to the schedule during 2016. Committee reports include an assessment of the risk associated with the decision to be made, and where identified as High these are escalated to the CRR. New risk causes reflected in the CRR during 2015 are noted below: Core Risk Identified Cause Risk Level Risk Owner 1) Inadequate finance to meet legislative, political and public expectations General balances are depleted to a level below operating range High Head of Financial Services 2) Failure to protect the vulnerable children and young people from abuse or neglect in situations that could have been predicted and prevented 4) Failure to ensure the health and wellbeing of staff, service users and the public Failure to consider the impacts that vulnerable adults have on children and families Change to the defined population for the transfer of 0-5 public health commissioning responsibility (registered to resident population) Low Head of Family Support / Head of Adult Care Director of Public Health 6) Failure in corporate governance which leads to service, financial or reputational damage or failure 7) Failure to sustain effective relationships across key partnerships 13) Inadequate ICT infrastructure to meet corporate service priorities Failure to fulfil our statutory "Prevent" duty to combat radicalisation Failure of the Early Help partnership ICT infrastructure within Children s Services does not meet service needs 15) Rural public transport Impact of changes to public transport on the older people and the vulnerable Head of Partnerships & Performance Head of Learning & Inclusion Head of Strategy, Partnerships & Performance (Childrens Services) Head of Adult Care / Head of Environment 3. Update on Key Risk Management Activity 3.1 The Council s Risk Management Group remains the focal point for facilitating the Council s risk management arrangements, and includes providing challenge and assurance over the management of our most significant risks. A review of the current Corporate Working Groups is likely to result in the remit of this group being embraced within a wider strategic Resilience Group, which will cover risk management, business continuity, emergency planning, information governance, and governance more generally.

Page 6 Annual Risk Management Report 3.2 This section highlights the progress made on a number of key activities during 2015 that further enhance the Council s risk management arrangements, in addition to identifying positive recognition of our approach. 3.3 An electronic checklist was developed through Audit and Scrutiny Committee and approved by Cabinet to help ensure that appropriate governance arrangements exist for alternative service delivery models. A number of key governance criteria are assessed, mapped against the Healthy Organisation model, and includes a summary and action plan that can be used to monitor compliance and obtain assurance over the arrangements operated. This will also be a useful tool in establishing whether the Council is content to go-live with new service delivery arrangements. 3.4 The lessons learnt report on the Tricuro implementation that was considered by this Committee in January 2016 highlighted the proactive approach to risk management and the part this played in ensuring successful delivery of the project. The lessons learnt from the Tricuro implementation have been added to the alternative service delivery model governance checklist referred to in 3.3 above. 3.5 The Risk Management Strategy has been reviewed and updated. The draft is included at Appendix C and any comments would be welcomed. The sections of the Strategy have been aligned to the Risk Management theme in the Healthy Organisation model, as a means of demonstrating that our risk management arrangements are fit for purpose. 3.6 In this respect, positive external recognition has been received for the Council s risk and claims management arrangements during 2015. The Council s insurers QBE have used the Council as a case study (to quote: by common opinion, internally (within QBE) Dorset County Council is one of the better managed authorities we have on our books ). The published case study is expected shortly. 3.7 In addition there has been significant recognition via ALARM (The National Public Sector Risk Management Association), who have featured two articles on the Council s risk management arrangements within its quarterly Public RM publication. The Council was also asked to present to the ALARM National Conference on a particular risk project that resulted in significant insurance premium savings by challenging premium spend on a risk assessed basis. The Senior Assurance Manager (Governance, Risk and Special Projects) has been co-opted on to ALARM s Educational Committee, providing an opportunity to both share best practice and learn from others. 3.8 The performance of the insurance claims team continues to highlight positive claims management arrangements (another area included within the QBE case study). Participation within the CIPFA benchmarking highlights that the Council is one of the best performing in the management of claims, particular in terms of costs. The claims team are audited by the insurers claims handling agents Gallagher Bassett on an annual basis, and in 2015 were awarded a 98.6% exemplary rating. 3.9 South West Audit Partnership (SWAP) are undertaking a Healthy Organisation healthcheck on the Council, which will include an external assessment of the risk management arrangements. Feedback from this healthcheck is anticipated to be reported to Committee in March 2016, and will help inform further improvements. 3.10 Work continues to further enhance and embed risk management practices, with current activity including a healthcheck of our information governance arrangements and a review of the Council s risk appetite.

Page 7 Annual Risk Management Report 4. Local Code of Corporate Governance Compliance Statement 4.1 Members of the committee will be aware that the Local Code of Corporate Governance Compliance Assessment informs the Annual Governance Statement. This statement sets out the key features of the governance framework in place in the Council and provides a review of its effectiveness. The Annual Governance Statement is statutorily required by the Accounts and Audit (England) Regulations 2011 to be prepared in accordance with proper practices in relation to internal control. 4.2 As reported to the Committee on 10 June 2015, the majority of areas in the Assessment provide evidence to demonstrate compliance. There are a small number of areas that have a RAG status of Amber, but none shown as red. For each area identified as Amber further actions for improvement were identified by Theme Leads and progress on delivering these has been set out in Appendix D. 4.3 Action is underway to complete the Compliance Statement for 2015/16, and this will be reported to the Committee in due course. Debbie Ward Chief Executive February 2016

Page 8 Annual Risk Management Report Risk Scoring Matrix Appendix A Likelihood HIGH i.e. a greater than 20% chance of: MEDIUM i.e. a greater than 20% chance of: Financial Financial impact > 1 million Financial impact between 500,000-1 million LOW i.e. : Financial impact less than 500,000 Strategic Priorities and Opportunities Major impact (positive or negative on a strategic priority) Moderate impact (positive or negative on a strategic priority) Minor/ negligible impact (positive or negative) on a strategic priority IMPACT Health & safety Fatality or major injury/ illness (long term incapacity / disability) Moderate injury or illness (including RIDDOR reportable) Potential for minor injury/illness (requiring minimal intervention or treatment) Reputational Sustained/long term negative public attention Short to medium term impact on public memory (affecting more than one ward) Short to medium term impact on public memory (affecting one ward) / minor complaints or rumours Service Delivery Unable to deliver critical services (levels one and two) Unable to deliver critical services (level three) Minor disruption to service delivery In using this matrix, the user should consider the extent of impact across each of the 5 impact headings. If there is a 20% chance or more of any of the impacts in the top row occurring, it should be identified as High.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information