1 HONITON TOWN COUNCIL Business Risk Register 2015 2 Processes In line with best practice, the Council has adopted a seven-step process to support the implementation of risk management and help maintain impetus. Steps 1 Identifying risk Risks will be identified during the service delivery planning process and cross-referenced, where possible, to key tasks and to the achievement of corporate objectives. 2 Analysing risk Risks will be assessed against probability and impact of the identified risks using the Council’s approved evaluation criteria to give a risk score. 3 Profiling risk The evaluation exercise will result in a risk score from which significant risks can be established. 4 Prioritising action Risks will be entered in the risk register detailing the inherent risk score, existing controls and residual risk score. 5 Determining action Further actions required to reduce the threat of the risk occurring or minimise its impact will be stated in the risk register. Target dates and assignment of responsibility will also be stated. 6 Controlling risk The specified actions will be carried out as stated in the risk register. 7 Monitoring The risk management working group will keep the risk register under review and progress against further actions identified will be monitored quarterly. The register will be updated as actions are achieved and risk scores amended as appropriate. The identification of risks should be a continual process and risks emerging throughout the year should be evaluated and, where necessary, added to the register. 3 Risk Management Matrix 4 5 Minor Moderate 3 Major 2 Catastrophic 1 Negligible Assessment Impact Financial (F) Reputation (D1) Stakeholder (D2) Under £500 Minimal loss of public trust Minimal impact on stakeholder business arrangements £501 _ £1000 Slight loss of trust with no lasting impact. Little adverse publicity Minor impact on stakeholder business arrangements £1001 _ £5000 Moderate loss of trust that receives significant adverse publicity locally with no lasting impact Moderate disruption to stakeholder’s arrangements. £5001 _ £10000 Significant loss of trust and receives local media attention. Potential for lasting impact Significant disruption to and opposition from stakeholders Over £10000 Significant loss of trust and receives national media attention with potential for persisting impact. Major disruption to and strong opposition from stakeholders who represent vulnerable clients Community/ Customers (D3) Minimal impact or disruption to community contained within a community area Minor impact to community and community dissatisfaction. Limited service disruption. Moderate impact to community and customer dissatisfaction. Moderate service disruption. Significant service disruption and community opposition. Threat of legal action. Major service disruption. Significant community opposition. Legal action. Long-term public memory. Mild health effect for short period. Minimal environmental impact. Minor injury (worker or third party). Medical treatment beyond first aid. Reversible health effect. Minor illness. Local impact requiring response, but from which there is a natural recovery. Irreversible health effect for example loss of hearing. Serious illness from which there is full recovery. Moderate environmental impact, requiring response to aid recovery. Reportable to authorities. Life shortening health effect. Health effect causing significant irreversible disabilities. Major environmental incident resulting in significant impact requiring management by external authorities Death Extreme environmental incident, resulting in irreversible long term or widespread harm Moderate First aid case, with no lost time. Negligible safety impact Single major injury, 4 Major Environmental (E) Multiple major injuries which may result in permanent disabilities 5 Catastrophic 2 Health (H) Negligible 1 Safety (S) Minor 4 3 Death Assessment Impact 5 Likelihood Ranges Guidance Probability Range 1 Improbable Very remote probability that the event would occur 1% 2 Remote Event may occur only in exceptional circumstances 1 – 10% 3 4 Possible Probable Event could occur at some time Event should occur at some time 11 - 50% 51 – 90% 5 Almost Certain Event will occur in most circumstances 90% Impact Description 5 10 15 20 25 4 8 12 16 20 3 6 9 12 15 2 4 6 8 10 1 2 3 4 5 Likelihood Red Risk: (20-25) Unacceptable risk. Reduce risk by mitigation. Amber Risk (12-16) Reduce risk by mitigation. Regularly review Yellow Risk (8-10) Tolerate risk. Review control measures Green Risk. (1-6) Acceptable Risk. Monitor risk. Transfer risk. .D. Risk/Event Cause Consequence/Impact D D D F L R 1 2 3 S H E Mitigation Preventative Actions Residual Risk 6 Governance Risk (Overall Inherent Risk) Inadequate Financial arrangements. Poor organisational structures. The risk is poor or inadequate Governance Poor understanding of legal requirements Poor decision making Poor forward and contingency planning. Poor operational management Loss of community/stakeholder confidence. Adverse Reputation. Negative Media Attention. INHERENT RISK Poor Audit reports Loss of service provision. Financial Investigations. Breach of legislative requirements. Legal Actions. Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact D D D F L R 1 2 3 S H E Mitigation Preventative Actions Residual Risk 7 Financial Risks Loss of community/stakeholder confidence. Adverse Reputation. The risk is poor or inadequate financial management Poor financial procedures. Negative Media Attention. INHERENT RISK Poor Audit reports Loss of service provision. Financial Investigations Loss of community/stakeholder confidence. 101 The risk is the precept is not adequate to meet council requirements. Adverse Reputation. Poor forward planning Set appropriate Precept Manage Accurate Budget Forward Planning. Negative Media Attention. Unexpected finance requirements (see risk 106) Poor Audit reports 102 The risk is poor financial record keeping Inadequate Records Loss of service provision Poor Audit reports. Financial Regulations in placed and reviewed annually by Finance Financial Irregularities Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact D D D F L R 1 2 3 S H E Mitigation Preventative Actions Residual Risk 8 committee and ratified by full council. Financial data recorded using Sage by RFO 103 The risk is poor banking methods Inadequate procedures 104 The risk is the misuse of council funds Fraud 105 The risk is Income streams fail to meet expected budget requirements. (Town market) Details and procedures contained in the Financial Regulation. Poor Audit reports All Members of Town Council to have an understanding of the recording system. Review Annually Expenditure above £20,000 requires authorisation by full council Loss of financial asset. Down turn in service requirements Unrealistic target budget Impact on council reserves. Prudent Budgeting See Risk 301 &302 (Public car park) Loss of community/stakeholder confidence. 106 The risk is insufficient reserves are maintained to meet unexpected expenditure Poor precept management. Adverse Reputation. Poor of forward planning Negative Media Attention. Adequate Insurance Prudent budgeting Sensible reserves Poor Audit reports Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact D D D F L R 1 2 3 S H E Mitigation Preventative Actions Residual Risk 9 Loss of service provision 107 108 109 110 The risk is loss of council funds held in Bank Accounts The risk is the loss of council Assets The risk is nonpayment of regular expenditure The risk is additional costs incurred through legal actions Errors made by bank. Impact on finances Reconciliation of bank accounts conducted quarterly by finance. committee. Split reserves for £85,000 FCS Addition costs Sufficient Insurance to cover repair or replacement of assets Review Annually Adverse Reputation. Negative Media Attention. Prudent financing Collapse of bank Theft Vandalism Poor Financial Management See risk 106 Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact S H E D D D F L R 1 2 3 Mitigation Preventative Actions Residual Risk 10 Compliance Risks Loss of community/stakeholder confidence. Adverse Reputation. The risk is failing to comply with legislation and council policies Poor Management Negative Media Attention. 5 5 5 4 5 5 5 5 25 INHERENT RISK Legal Action Fines Imprisonment Negative Media Attention. 201 The risk is failure to meet Health and Safety Regulations. Lack of council knowledge and understanding of requirements Legal Action Robust Health & safety Policy Review annually Broaden H&S to encompass Car Park and other HTC owned land Robust Health & safety Policy Review annually Broaden H&S to encompass Car Park and other HTC owned land Fines Imprisonment Negative Media Attention. 202 The risk is failure to meet Fire Regulations Lack of council knowledge and understanding of requirements Legal Action Finds Imprisonment Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact S H E D D D F L R 1 2 3 Mitigation Preventative Actions Residual Risk 11 Negative Media Attention. 203 The risk is failure to meet Environmental Regulations Lack of council knowledge and understanding of requirements Legal Action Robust Health & safety Policy Review annually Broaden H&S to encompass Car Park and other HTC owned land Training Policy Training Plan Train Councillors on Governance & Accountability Act Adequate Polices upheld Training Plan Induction Training for all councillors Adequate Polices upheld Training Plan Induction Training for all councillors Fines Imprisonment Loss of community/stakeholder confidence 204 The risk is failure to meet Financial Regulations Lack of council knowledge and understanding of requirements Negative Media Attention. Legal Action Fines? Imprisonment 205 The risk is failure to meet council policies Lack of council knowledge and understanding of requirements Loss of community/stakeholder confidence. Adverse Reputation. Negative Media Attention. Adverse Reputation. 206 The risk is failure to meet Employment Regulations Lack of council knowledge and understanding of requirements Negative Media Attention. Legal Action Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact S H E D D D F L R 1 2 3 Mitigation Preventative Actions Residual Risk 12 Fines Adverse Reputation. 207 The risk is failure to comply with Local Government Acts Lack of council knowledge and understanding of requirements Negative Media Attention. Trained Clerk and staff Legal Action Training Plan updated regularly Fines? Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact S H E D D D F L R 1 2 3 Mitigation Preventative Actions Residual Risk 13 Operational Risks Loss of community/stakeholder confidence. The risk is failing to deliver services effectively Poor Management Adverse Reputation. 4 4 4 4 4 16 INHERENT RISK Negative Media Attention. Down turn in service requirements. 301 302 The risk is the street market fails to perform to its expected level Insufficient Councillors Poor Management Failure to recognise the changing needs and expectations of the community Multi Resignations Unable to fill through election or co-option Negative Media Attention. Loss of community/stakeholder confidence. Employ Street Market Manager Market Committee Set regular objectives Loss of revenue Council not quorate Adverse Reputation Negative Media Attention. Loss of community/stakeholder confidence. Regularly promoting the work of the council Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact S H E D D D F L R 1 2 3 Mitigation Preventative Actions Residual Risk 14 303 304 305 306 The risk is loss of key council staff The risk is loss of CCTV coverage The risk is deterioration of: Footpaths Flower Beds Bus Shelters Community Seats The risk is failure to maintain community events: Hot Pennies Charter Day Long term illness. Unexpected death Vandalism Lack of Maintenance and/or funds Vandalism Lack of Maintenance and/or funds Vandalism Lack of funds Lack of Interest Produce a Business Continuity Plan Impact on key council services Adverse Reputation Negative Media Attention. Possible legal action Regular maintenance Prudent Budgeting Adverse Reputation Negative Media Attention. Possible legal action Regular maintenance Prudent Budgeting Adverse Reputation Negative Media Attention. Prudent Budgeting Promotion of events Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating .D. Risk/Event Cause Consequence/Impact S H E D D D F L R 1 2 3 Mitigation Preventative Actions Residual Risk 15 Strategic Risks The risk is failing to make Strategic Decisions 401 402 Poor decision making. Poor Horizon Scanning Loss of community/stakeholder confidence. Adverse Reputation. 4 4 4 4 4 16 INHERENT RISK Negative Media Attention. The risk is failure to deliver key council objectives. Use of political allegiance to influence Council polices 403 The risk is failure to recognise the changing needs and expectations of the community 404 The risk is failing to protect the community and environment during emergency situations See 101 See 205 & 207 No forward planning Major emergency situations Loss of community/stakeholder confidence. Adverse Reputation. Negative Media Attention. Loss of Life Loss of Services Adverse Reputation. Negative Media Attention. Community Engagement Strategy Continuous monitoring of Strategy Emergency Plan Review Plan Annually Risk Assessment Key S = Safety H = Health E = Environment D1 = Reputation impact D2 = Stakeholder impact D3 = Community/Customer impact F = Financial Impact L= Likelihood of event occurring R = Risk Rating