– February 2016 Draft Corporate Risk Register February 2016 PRMB
advertisement
PRMB – February 2016 Draft Corporate Risk Register February 2016 Summary Register Ref. Current Score Target Score Medium Term Financial Plan 015(CR) 20 12 Karen Sly - Head of Finance Coastal Erosion - (the effects of) 002(CR) 20 12 Rob Goodliffe - Coastal Management Team Leader Transformation Agenda/Business Transformation Work 003(CR) 16 8 Sheila Oxtoby - Chief Executive Property assets (the condition of)/ Asset Management 001(CR) 12 9 Duncan Ellis - Head of Assets & Leisure Procurement - (lack of value for money) 009(CR) 9 3 Karen Sly - Head of Finance Information - (loss of) 008(CR) 8 4 Sean Kelly - Head of Business Transformation and IT Housing Delivery 010(CR) 6 6 Nicola Turner - Strategic Housing Team Leader Operational disruption - (significant event) 013(CR) 6 6 Richard Cook - Civil Contingencies Manager, Steve Hems - Head of Environmental Health Homeworking - security, staff health and safety 019(CR) 6 6 Sean Kelly - Head of Business Transformation and IT Disclosure and Barring Checks (DBS) for staff 020(CR) 6 4 Julie Cooke - Head of Organisational Development Risk Officer Proposal to remove Individual Electoral Registration causing potential disenfranchisement 021(CR) from the Corporate Risk Register as there is no longer a risk of IER failing. Potential New Risks Recruitment (inability) Ref. Current Score Target Score Officer Julie Cooke - Head of Organisational Development 1 PRMB – February 2016 Draft Corporate Risk Register February 2016 KEY Impact Type Objectives Financial Impact (Loss) Likelihood Catastrophic - 5 The key objectives in the Corporate Plan will not be achieved. Critical - 4 One or more Key Objectives in the Corporate Plan will not be achieved. Moderate - 3 Significant impact on the success of the Corporate Plan. Marginal - 2 Some impact on more than one Service. Negligible - 1 Insignificant impact on more than one Service. Over £1m £400K - £1m £200K - £400K £10K - £200K £0-10K Very High - 5 High - 4 Moderate - 3 Low - 2 Very Low - 1 Probability Over 90% 60 - 90% 40 - 60% 10 - 40% below 10% Timing Within six months This year Next year Probably within 15 years Probably over 15 years 2 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Medium Term Financial Plan 015(CR) 1. Uncertainty around the Governments spending reduction programme and the impact on the Council’s funding. The business rates retention system has shifted the risk of business rates fluctuations to the local level, meaning that Local Authority funding will be impacted directly from decline in business and also planned reductions to the revenue support grant and reliance on New Homes Bonus funding influenced by delivery of new homes and reductions in long term empty properties. 2. Failure to produce a balanced budget position and funded future projections in the medium term and to deliver a freezing of Council Tax increases. 3. The Corporate Plan may not be delivered to the identified timescales. The level of service currently provided could be at risk, unplanned use of reserves which is unsustainable in the longer term. Higher level of savings requirement in future years. Existing Controls Controls that have been implemented since the last review are shown in green Policy work Lobbying Central Government Medium Term Financial Strategy Corporate Planning / Service Planning Budget Process / Budget Monitoring Regular monitoring system of the impact of the business rates retention and the localised council tax support system Utilisation of (part of) the New Homes Bonus grant within the base budget from 2014/15 Annual review of the Councils reserves Reporting - New legislation and consultation Timely agreement of the annual Localised Council Tax Support Scheme Score (with controls) Impact x Likelihoo d = Total 5x4=20 Action (to achieve target score) and progress to date Growth forecasting models to be developed for housing and business rates to inform future financial forecasts and budget. – Some Problems - Business rates forecasting has been informed by the annual NNDR returns and also outcome of appeals. Timing of businesses coming on track to be reviewed with Planning and also informed by visiting officers progress. Housing forecast updated annual as part of the Tax Base setting and monitoring of the collection fund position, monthly CTB reports for Long term empties to be reviewed for new property reporting also. Target Score Impact x Likelihood = Total 4x3=12 Corporate Objective / Service Priority Officer Delivering the Vision Karen Sly Head of Finance Early update of the Financial Strategy to inform the 2017/18 budget process Impact of changes to the NHB scheme from 2017/18 to be quantified and considered within future budgets. Project Management Plans Short term budget surplus forecast (2016/17 and 2017/18) 3 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Coastal Erosion - (the effects of) 002(CR) The Pathfinder Project Shoreline Management Plan (SMP) 1. Lack of Government funding to maintain coast defences and / or to support local compensation claims 2. Coastal erosion and blight of coastal settlements through loss of public and private infrastructure and assets. The Council has devoted significant resources to pursuing sustainable answers to coastal management issues. There is a considerable Health and Safety context here which serves to increase the reputational risk for the Council at the same time. 3. Increased coastal erosion through loss of defences presents a reputational risk to the authority in the eyes of local communities and direct loss of Council owned assets / infrastructure which are fundamental to the district's tourism offer and therefore the economic wellbeing of the district. Loss of confidence in respect of business investment and residential property market; blight of properties in erosion zone; direct loss of tourism assets and infrastructure promenades, beach chalets, cafés, public toilets, car parks etc.; loss of tourism income / employment. Repairs & Maintenance Programme Procurement practices Health & Safety checking and monitoring Score (with controls) Impact x Likelihoo d = Total Action (to achieve target score) and progress to date 5x4=20 Cromer Sea Defence Works – On Track - Works are progressing with programmed finish date end of March 2016 dependent on external influences e.g. weather. Programme risk actively managed. Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer 4x3=12 Coast, Countryside and Built Heritage Rob Goodliffe Coastal Manageme nt Team Leader DEFRA funding of capital schemes Coast monitoring Control of coastal management schemes through procurement and regular checking 4 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Transformation Agenda/Project 003(CR) 1. It is clear that there is a new urgency about change in local government driven by the current financial pressures and the ambition to ignite community engagement. Previous incremental change is being replaced by a more wholesale restructuring of local government and its place in local service delivery. 2. The risk is that in moving to a new agenda so quickly there is no basic framework within which the new arrangements can be undertaken. 3. Vision and action may not be fully supported by a sound assessment and a solid understanding of policy implications at national and local level. Existing Controls Controls that have been implemented since the last review are shown in green Training, learning & policy initiatives Strategies Reporting - New legislation and consultation Network development Maintain technical competence Medium Term Financial Strategy Approval of the Business Transformation Programme Appointment of a Head of Business Transformation to deliver the programme Business Transformation Board monitoring projects progress Score (with controls) Impact x Likelihoo d = Total 4x4=16 Action (to achieve target score) and progress to date IT transformation work that is currently being undertaken – Some Problems - Potential imbalance between resources and workload remains. Of particular concern are the recruitment difficulties relating to highly technical positions. Funding was approved by Cabinet on 30 November 2015 for additional project and technical resources to provide access to short term resource. However the longer term skilled resource availability to sustain the business benefits delivered by the Digital Transformation remains to be addressed. The Planning BPR is currently being implemented. Target Score Impact x Likelihood = Total 2x4=8 Corporate Objective / Service Priority Officer Delivering the Vision Sheila Oxtoby Chief Executive Managing delivery of workstreams as included in the Transformation programme – On Track – Overall the programme remains broadly on track. However, conflicting priorities and resource demands will have to be closely monitored to ensure planned timelines remain viable. 5 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Property assets - (the condition of) 001(CR) 1. A lack of investment and sound decision-making. 2. Deteriorating property assets may lead to a loss of revenue and possible legal liability. 3. The Council does not achieve value for money from its investment and/or possible legal liabilities either directly or through its leasing arrangements. This scenario is detrimental to the local tourism economy as well as damaging to local communities contributing to a lack of community pride and possible increase in vandalism. The capital tied up in assets cannot be released to support wider Council initiatives and income streams are not maximised. Existing Controls Controls that have been implemented since the last review are shown in green Work is on-going in relation to the R&M schedules and inputting this detail onto the Concerto system. The schedules were used to support the update of the Asset Management Plan and the capital works highlighted within the plan were included as part of the capital budget for 2015/16 (subject to further businesses cases where appropriate). Score (with controls) Impact x Likelihoo d = Total 4x3=12 Action (to achieve target score) and progress to date Managed risk Target Score Impact x Likelihood = Total 3x3=9 Corporate Objective / Service Priority Officer Delivering the Vision Duncan Ellis – Head of Assets and Leisure Rolling asset condition surveys continue to be undertaken to ensure that the R&M schedules remain up to date. Various policies are in place to help manage property risks and risk assessment inspections and review works continue to be developed and improved and officers are currently working on the introduction of a new compliance contract that will further support this area which is expected to be in place from the summer of 2016. Regular routine inspections take place on all of the Council’s car parks for example to review, monitor and help manage a number of risks and these visits are logged on Concerto to help provide an audit trail.. The majority of the new posts are now in place following the restructure, part of which includes a 6 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Score (with controls) Impact x Likelihoo d = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer dedicated resource to progress the Concerto Asset Management system. While the Asset Strategy Manager post remains unfilled at the start of March 2016 interviews are imminent and these will hopefully result in an appointment. The Asset Management Plan has been updated and agreed by Cabinet and Full Council, this contains an improvement plan which is currently being implemented and forms part of the Ten performance monitoring system. The procurement of a Strategic Asset Development Partner is almost complete with the contract due to start in April 2016. This partner will help to provide the Property Services team with additional skills, expertise and capacity to help take forward some of the current projects, the partner will review the current asset portfolio and help to bring additional challenge as to why we are holding certain assets and what we might consider doing differently, as well as advising on potential acquisitions. This partner will provide a contract for the Property team to access skills which are not available internally, such as architectural support, quantity surveyors, structural engineers and land agents etc. 7 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Procurement - (lack of value for money) - 009(CR) Procurement Strategy Procurement Framework 1. The current financial climate, recent resourcing issues causing an absence of a focus for this work, together with a reduction in the available accountancy resources going forward increase the risk of a lack of continuous improvement in this area. 2. Failure to adopt new procurement practices and delivery of efficient and timely procurement processes could mean that the Council will not achieve value for money procuring the goods and services it uses. 3. The Council may not achieve value for money, financial/procedural inefficiencies possible challenge to contracting procedures. Joint procurement protocol and opportunities for joint/shared procurement with other authorities where possible Advice for external suppliers Procurement responsibility assigned to the Chief Accountant Regular procurement refresh and review of procedures Score (with controls) Impact x Likelihoo d = Total 3x3=9 Action (to achieve target score) and progress to date A procurement evaluation – On Track - An increased awareness of the location and use of the Toolkit (including the Quotation Value Path) has been undertaken including presentations to Management groups and on one-to-one basis. Target Score Impact x Likelihood = Total 3x1=3 Corporate Objective / Service Priority Officer Delivering the Vision Karen Sly – Head of Finance Analysis of procurement outcomes and the value for money achieved has started. Note – Chief Accountant left in May and post is yet to be filled. Joint procurement support options to be considered, similar format to the Internal Audit Consortium. 8 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Information - (loss of) - 008(CR) Information Management Strategy 1. Lax security - Information may be lost, mislaid or stolen. Increased use of mobile technology such as I Pads etc. Implement data security protocols on mobile devices ICT Security Policy 2. There exists an inherent potential for the loss of organisational information at any security level. ICT is responsible for ensuring electronic data is secure (in conjunction with system owners who control access to their databases), 3. Information may be inappropriately used. Fraud or data corruption may occur. Systems may suffer damage. The Council's reputation may be harmed. IT Monitoring Data Protection training Score (with controls) Impact x Likelihoo d = Total 4x2=8 Action (to achieve target score) and progress to date Interim generic information on information security and data protection to be shared with staff through intranet. – On Track Has been mitigated by the implementation of the e-learning system which has some InfoSec content. All posts with a requirement for increased awareness will be identified and appropriate an appropriate learning plan implemented. Target Score Impact x Likelihood = Total 4x1=4 Corporate Objective / Service Priority Officer Delivering the Vision Sean Kelly - Head of Business Transform ation and IT Code of Connection compliance Regular audits of IT security arrangements rd Regular 3 party data protection and integrity testing Information security and data protection training - Implemented 9 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Housing Delivery - 010(CR) 1. A combination of lack of developer confidence because of recession / weak financial markets and pressure on public finances meaning reduced availability of grant funding for affordable housing provision. Existing Controls Controls that have been implemented since the last review are shown in green Use of capital Partnership work with Registered Providers Local Investment Plan Score (with controls) Impact x Likelihoo d = Total Action (to achieve target score) and progress to date 3x2=6 All controls are implemented and risk is currently under control, to be reviewed in six months. Target Score Impact x Likelihood = Total 3x2=6 Corporate Objective / Service Priority Officer Housing and Infrastructure Nicola Turner Housing Team Leader Strategy Local Development Framework (LDF) policies 2. Inability to secure planning permission for provision of affordable housing. Internal planning protocol 3. A challenge over the Council's ability to deliver sufficient affordable homes Housing Strategy discussion document (2010) Increased Focus Enhance Housing Association delivery 10 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Operational disruption - (significant event) - 013(CR) Response & Recovery Planning Continuity Planning 1. Both the National and Community Risk Registers have more information regarding the risk of specific events (e.g. Pandemic) occurring. 2. Any Internal or external event that has a significant impact on the ability of the Council to deliver services. Corporate Business Continuity key role training Critical Services Business Continuity Plans completed. Score (with controls) Impact x Likelihoo d = Total 3x2=6 Action (to achieve target score) and progress to date All controls are implemented and risk is currently under control, to be reviewed in six months. Target Score Impact x Likelihood = Total 3x2=6 Corporate Objective / Service Priority Officer Delivering the Vision Richard Cook Civil Contingenc ies Manager, Steve Hems Head of Environme ntal Health 3. a) Loss of staff for 'usual' service delivery b) Loss of premises c) Loss of key partners/suppliers d) Loss of infrastructure services A reduction in the ability of the Council to deliver services, possibly at a time of increased demand from the community. 11 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Homeworking - security, staff health and safety - 019(CR) 1. All aspects of remote working not covered by corporate policies. There are procedures in place for IT risks. 2. Security put at risk. Cost of home working not adequately budgeted for. All managers have a responsibility for their staff working from home. 3. Remote staff unable to access technology needed to do their jobs and for business continuity. Existing Controls Controls that have been implemented since the last review are shown in green Score (with controls) Impact x Likelihoo d = Total 2x3=6 IT Monitoring Action (to achieve target score) and progress to date Produce and implement staff policies and procedures for homeworking – On Track - Agile Working document drafted and being reviewed by senior managers. Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer 2x2=4 Delivering the Vision Sean Kelly - Head of Business Transform ation and IT A range of standard technology solutions available to meet the needs of identified patterns of agile working. All solutions configured using best practice and tested by thoird party for security. 12 PRMB – February 2016 Draft Corporate Risk Register February 2016 Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Disclosure and Barring Checks (DBS) for staff - 020(CR) Pre employment checklist 1. Management and HR not adhering to set internal processes around applying/ renewing DBS checks, particularly in a timely manner. 2. Specific jobs require pre-employment checks and on-going (minimum every 3 years) checks to comply with the relevant legislation where the post holder has works with or has access to children and vulnerable adults. Reminder process to the service manager. Reporting of lack of compliance with agreed process. The process includes escalation to the relevant Head of Service and to the Head of Organisational Development if the check is not initiated/completed within the relevant timescales. Score (with controls) Impact x Likelihoo d = Total 3x2=6 Action (to achieve target score) and progress to date Update report – managed risk? Target Score Impact x Likelihood = Total Corporate Objective / Service Priority 2x2=4 Delivering the Vision Officer Julie Cooke Head of Organisati onal Developme nt 3. If checks aren't completed in a timely way there is the risk that someone who may be barred from working with children/ vulnerable adults has access to those groups through Council activities. 13 PRMB – February 2016 Draft Corporate Risk Register February 2016 Proposed New Risks Risk 1. Cause of risk 2. Description of Risk or potential event 3. Consequence of risk happening Existing Controls Controls that have been implemented since the last review are shown in green Recruitment (inability) Reviewed relocation policy 1. Needs discussion 2. Difficulty recruiting into key posts, particularly in Planning Services 3. Not able to recruit skills and knowledge to deliver plans – corporate plan, business transformation, planning performance and delivery etc. Increased stress levels on existing staff, Increased workload in HR of repeated recruitment exercises Score (with controls) Impact x Likelihood = Total Action (to achieve target score) and progress to date Target Score Impact x Likelihood = Total Corporate Objective / Service Priority Officer Further reviews of the outcomes of the amended policies. Pay Policy has been updated to reflect Golden Hello’s’ and retention payments Julie Cooke Head of Organisati onal Developme nt Recommendation to remove the following from the register: - Individual Electoral Registration 14