Add to collection(s) Add to saved
  1. Business
  2. Management

Risk Management Strategy - Allerdale Borough Council

advertisement 
Risk Management Strategy
September 2011
Page 1 of 7
1. What is Risk Management?
Risk management is not solely concerned with the mitigation of risks but is a tool to drive
improvement across the authority. Involving people management, communications,
cultures and behaviours both within and external to the organisation, it is a key part of
corporate governance, which is essentially the way an organisation manages its
business, determines strategy and objectives, and goes about achieving objectives.
Good risk management helps to identify and deal with the key risks facing the Council in
the pursuit of its goals and provide assurance to the Annual Governance Statement
concerning the effectiveness of internal control systems.
Risk management is not something separate from the day-to-day management of the
Council and it is not just one activity – it is made up of planning, reviewing and revising
cycles over different timescales and at different levels in the organisation. For example,
a longer term cycle that sets and reviews council strategy and annual service planning
that includes risk management as an integral part of the process.
Why is effective risk management important?
Effective risk management is essential if an organisation is to achieve its corporate
objectives. Often risk management is seen as a governance and audit requirement and
not as an effective performance tool. The Council through this strategy will develop its
thinking on the latter approach. The public sector is a complex environment and effective
risk management can help in a number of areas including:







Helping to identify potential risks across all areas of operations
Dealing with identified risks through mitigation
Improving the ability to forward plan
Helping managers to make better decisions at times of crisis
Reducing the amount of time spent on emergency action
Helping to manage resources more efficiently
Preventing serious disruptions to services
Culture
Everyone has a role to play in managing the risks that the Council is exposed to. The
Council encourages a certain level of risk in order to take advantage of opportunities that
arise. It is important that everyone is able to identify where things have gone wrong in
order to improve and learn to mitigate any further risks. The Council encourages a culture
of openness, honesty and learning from employees and members alike. The Council’s
revised values demonstrate this and it is important that everyone works by those values
and that a culture of blame does not develop.
2. The Corporate Planning Process
Risk Management should be embedded within the daily operation of the Council, from
strategy formulation and capital projects, through to operational planning and processes.
The Council has two key strategic documents :–
Council Plan – this is the core document stating the strategic objectives and priorities for
the organisation over four years. It is reviewed each year to establish new actions
required to progress towards achieving the longer term objectives.
Page 2 of 7
Organisational Improvement Plan – an internally focused programme detailing how the
Council is going to achieve its objectives and improve as an organisation to deliver
excellent services. It will focus on how the Council develops its workforce and how it will
develop robust, challenging and effective business and financial planning processes.
The Council’s strategic objectives are translated into more specific actions and targets
through service plans that set out the key actions and performance targets that the
service will achieve to contribute to the objectives outlined in the Council Plan. The
Council has a service planning template and guidance document to assist in the
production of service plans. The assessment and ongoing management of risk fits within
this process.
3. Risk Management Objectives
The Council’s objectives for risk management are as follows;

Create an environment where risk management becomes an integral part of planning,
management processes and the general culture of the Authority rather than being
viewed or practised as a separate function.
 Achieve better quality decision making that will see a reduction in costs and an
increase in the probability of delivering the quality services which the Council is aiming
for.
 Work with partners, providers and contractors to develop awareness and a common
understanding of the Council’s expectations on risk management
 Minimising possible failure through a thorough knowledge and acceptance of potential
impacts of each major decision taken.
To achieve these objectives, the Council will:
Develop a systematic and consistent risk management approach that will:





Implement effective risk management as a key element of good governance and
rigorous performance management.
Consider risk is an integral part of corporate and business planning and service
delivery.
Encourage considered and responsible risk taking as a legitimate response to
opportunity and uncertainty.
Achieve better outcomes for the Council through a more realistic assessment of the
challenges faced, through improved decision-making and targeted risk mitigation and
control.
Engender, reinforce and replicate good practice in risk management.
4. Roles and responsibilities for Risk Management
Executive
The Executive is responsible for creating a positive culture for the proactive practice of
managing risk and for reviewing the effectiveness of risk management.
Audit Committee
The Audit Committee provides independent assurance of the risk management
framework and the associated control environment, independent scrutiny of the
Page 3 of 7
authority’s financial and non-financial performance to the extent that it affects the
Council’s exposure to risk and weakens the control environment and it oversees the
financial reporting process, including the operations of the Internal Audit service. This
strategy should be considered by the Committee when it is developing its work
programme.
Strategic Management Team (SMT)
The SMT is responsible as a whole for the identification, mitigation and management of
strategic risks and for the maintenance of a strategic risk register. The SMT is
responsible for ensuring that the Council manages risk effectively through the
development of an integrated risk management strategy. The Deputy Chief Executive is
responsible for preparing the authority’s risk management strategy and in association
with other Chief Officers, for promoting it throughout the authority and overseeing its
implementation across the authority and for advising the Executive on proper insurance
cover where appropriate.
Strategic Managers
Strategic Managers are responsible for the operational performance of their group of
services and their contribution to corporate objectives. Strategic Managers must monitor
service plans ensuring there is ownership throughout their group of services and that
their staff are fully aware as to how they contribute to the delivery of the corporate
objectives. This includes the identification, mitigation and management of risk in the
areas for which they are responsible.
Service Managers
Service Managers are responsible for the operational performance of their service areas
including the management of risk and the contribution they make to the corporate
objectives. Service Managers must ensure that there is ownership of the service plan
throughout their service area and that everyone is fully aware as to how they contribute
to the effective management of the risks in the service area.
Individual Employees
Employees have a responsibility to manage the risks that they face on a day to day basis
as well as the wider risks that affect the service area. Employees should be encouraged
to be involved in the identification, mitigation and management of risks within the service
area as a whole.
Further information about roles and responsibilities at different levels can be found in the
Roles and Responsibilities document on the intranet within the Risk Management area.
4. The Risk Management Process
Risk management is something that everyone within the Council undertakes almost daily,
in varying degrees. Although it is difficult to draw clear boundaries around risk
management areas because of the cross-cutting nature of risk, risk management within
the Council falls into four main areas:




business risks: i.e. risks identified that could prevent the Council achieving its
priorities, either top-level priorities, or operational-level priorities
project risks (including partnership working): both physical and strategy-related.
This area is closely aligned to and may overlap with business risk
health and safety risks
emergency planning/business continuity planning
Page 4 of 7
Further information relating to the management of these four areas of risk can be found
in the “Risk Management Process” document on the document store.
The approach to risk management by the Council is based on the best practice outlined
in A Risk Management Standard (IRM/AIRMIC/ALARM: 2002) and consists of seven
steps:






knowing the strategic and operational priorities
identifying risks
scoring risks
treating risks
compiling a risk database and register
monitoring and reporting risks
reviewing risks.
Detailed guidance on how to carry out each step can be found in the “Risk Management
Process” document on the document store and advice and assistance is available from
the Risk, Continuity and Insurance Officer.
Risk Appetite
It is important to recognise that the aim is to effectively manage risk rather than eliminate
it, so some retained risks could have financial implications. The Council’s approach to
risk financing seeks to optimise levels of self funding and reduce loss of its asset value
by minimising its overall cost of risk. The Council’s Policy for Risk Financing details its
methodology for managing various levels of loss.
It is important that the Council takes advantages of opportunities that may present
themselves and is not restricted by an aversion to risk. The process for assessing risks
and their impacts allows a sensible approach to risk and ensures that opportunities can
be taken advantage of. Once a risk has been identified and a target score agreed that
becomes the level of risk that is acceptable and actions will be put in place to achieve
that level.
5. Risk Reporting and Monitoring Process
Reporting and monitoring risk is a key element in the risk management process. Each of
the Council’s plans in the corporate planning process contains an element of risk and
each risk is closely linked to the Council’s performance and the achievement of its
objectives. Risk reporting is linked to the Council’s Performance Management
Framework.
Risk monitoring and reporting needs to be appropriate for different levels in the
organisation – not all detail can be looked at every level.
This strategy will be reviewed on an annual basis by the Deputy Chief Executive, SMT
and the Portfolio Holder.
Page 5 of 7
An overview of the Council’s risk monitoring and reporting arrangements is given in the
following table:
Level of Risk
Recorded
Strategic
Strategic risk
Register
Timescale Reported
to
Monthly
SMT
Responsibility Accountability
SMT
Executive
Council
Quarterly
Executive
At least
annually
Strategic
Managers
Service
Managers
SMT
Team Leaders
/ Service
Managers
Service
Managers
Operational
Service Risk
Register
Individual /
Team
Individual work
objectives
Ongoing
Team
Leaders /
Service
Managers
All
Governance
Statement (to
include element
of risk
management)
Annual
Audit &
Governance
Governance
Group
Manager
Council
Covalent
Risks at both strategic and operational are to be recorded on, and managed through
Covalent, the Council’s performance management system which holds performance
information from action plans, performance indicators and is available to every member
of staff. It is the responsibility of Strategic and Service Managers to ensure that this
system is kept up to date. Information on the system should be updated on an ongoing
basis.
Further information on recording risk can be found in Risk Management Process
document on the document store and guidance on operational risk data and risk
recording on Covalent is available on the intranet.
6. Training & Development
The effectiveness of the Council’s Risk Management Strategy is wholly dependent
on ownership and accountability for risks. Although responsibility ultimately sits at
senior level, responsibility for managing risks rests with all levels throughout the
Council. Full details can be found in the Risk Management Process document.
One of the core principles of the local code of corporate governance is the
development of Members’ capacity and capability to be effective and ensuring that
officers – including statutory officers – also have the capability and capacity to
deliver effectively. With regard to roles and responsibilities for risk management
the Council is committed to:


identifying the core competencies required by Members and officers
to enable roles to be carried out effectively and arranging training to
ensure those competencies are attained.
ensuring that the statutory officers have the skills, resources and
support necessary to perform effectively in their roles and that these
roles are properly understood throughout the authority.
Page 6 of 7


providing induction programmes tailored to individual needs and
opportunities for Members and officers to update their knowledge on a
regular basis..
developing skills on a continuing basis to improve performance,
including the ability to scrutinise and challenge and to recognise when
outside expert advice is needed;.
Useful Information
All documents referred to can be accessed in the document store.
Risk Management Process
Guidance on Risk Recording on Covalent
Guidance on Operational Risk Data
Roles and responsibilities
Risk Financing Policy
A Risk Management Standard (IRM/AIRMIC/ALARM: 2002)
Council Plan
Oranisational Improvement Plan
Further information
For any further information on performance management please contact the Risk,
Continuity and Insurance Officer.
Page 7 of 7
Related documents
RISK MANAGEMENT POLICY STATEMENT
RISK MANAGEMENT POLICY STATEMENT
Authorizing Leadership: Models of School Leadership in
Authorizing Leadership: Models of School Leadership in
Activity Area Prioritisation Tool
Activity Area Prioritisation Tool
Risk and Compliance Manager – Role Profile
Risk and Compliance Manager – Role Profile
MM Assignment briefing - Jun-Sep 2013
MM Assignment briefing - Jun-Sep 2013
Proposed standard for minimising the health risks of climate change
Proposed standard for minimising the health risks of climate change
View/download - Governance Toolkit
View/download - Governance Toolkit
Public Leadership
Public Leadership
Risk & Opportunities Management Strategy 2013-16
Risk & Opportunities Management Strategy 2013-16
Download
advertisement