Risk Management Policy

z-logo

Last Reviewed May 2024
Next Review May 2025

--

Contents

1.   Objectives
2.   Risk management policy statement
3.   What is risk management
4.   Why the Council needs a risk management policy
5.   The reasoning behind the risk management procedures
6.   What the risk management process is
7.   Options for control of risks
8.   Risk monitoring
9.   How it will feed into the Council’s existing policies
10.   Roles and responsibilities
11.   Future monitoring


1.   Objectives

The aims and objectives of this policy are comprehensive and include the following:

•   To develop risk management beyond health & safety.
•   Integrate risk management into the culture of the organisation.
•   Embed risk management through the ownership and management of risk as part of all decision-making processes.
•   Manage risk in accordance with best practice.

2.   Risk Management Policy Statement

The Council recognises that, in addition to its statutory duties, there are significant economic and ethical reasons to take all reasonable and practicable measures to safeguard the people that it works with, and provides services for; as well as to protect the natural and built environments for which it is responsible.

This policy document establishes:

a.   What is risk management.

b.   Why the Council needs a risk management policy.

c.   The reasoning behind the risk management procedures of the Council.

d.   What the Risk Management process is.

e.   Options for control of risks.

f.   Risk monitoring.

g.   How it will feed into the Council’s existing polices.

h.   Roles and responsibilities.

i.   Future monitoring.

3.   What is risk management

Risk management is essential to good governance. 

“Risk is the threat that an event or action will adversely affect an organisation’s ability to achieve its objectives and to successfully execute its strategies. Risk management is the process by which risks are identified, evaluated and controlled. It is a key element of the framework of governance together with community focus, structures and processes, standards of conduct and service delivery arrangements.”

Audit Commission, Worth the Risk: Improving Risk Management in Local Government, (2001: 5) 

The Council is more likely to achieve its objectives if it manages risk properly. It is critical to recognise that risk management applies to every aspect of the Council’s work and is not just about health and safety. 

Risks can be classified into various types but it is important to recognise that for all categories the direct financial losses may have less impact than the indirect costs such as disruption of normal working. 

Not all these risks are insurable and for some the premiums may not be cost-effective. Even where insurance is available, money may not be an adequate recompense. The emphasis should always be on eliminating or reducing risk before costly steps to transfer risk to another party are considered.

Risk is not restricted to potential threats but can be connected with opportunities. Good risk management can facilitate proactive, rather than merely defensive responses. Measures to manage adverse risks are likely to help with managing positive ones. 

The examples below are high profile but not exhaustive:

Health and Safety Risk 
The Council will adhere to the requirements of the Health and Safety at Work Act 1974; the Regulatory Reform (Fire Safety) Order 2005; the Management of Health and Safety at Work Regulations 1999; and other relevant health and safety legislation and codes of practice. The Council’s policy is detailed in the Health and Safety Policy.

Strategic Risk
Long-term adverse impacts from poor decision-making or poor implementation. Risks damage to the reputation of the Council, loss of public confidence and, in a worst-case scenario, Government intervention.

Compliance Risk
Failure to comply with legislation, laid down procedures or the lack of documentation to prove compliance. Risks exposure to prosecution, judicial review, employment tribunals, increased Best Value inspection, inability to enforce contracts.

Financial Risk
Fraud and corruption, waste, excess demand for services, bad debts. Risk of additional audit investigation, objection to accounts, reduced service delivery, dramatically increased Council tax levels/impact on Council reserves.

Operating Risk
Failure to deliver services effectively, malfunctioning equipment, hazards to service users, the general public or staff, damage to property. Risk of insurance claims, higher insurance premiums, lengthy recovery processes.

4.   Why the Council needs a risk management policy

Risk management will strengthen the ability of the Council to achieve its objectives and enhance the value of services provided.

Risk management will help to ensure that all committees/sections within the Council have an understanding of ‘risk’ and that the Council adopts a uniform approach to identifying and prioritising risks. This should in turn lead to conscious choices as to the most appropriate method of dealing with each risk, be it elimination, reduction, transfer or acceptance. 

Strategic risk management is also an integral part of the Best Value process and as such is an important element in demonstrating continuous service improvement. There is an Audit requirement under the Accounts and Audit Regulations 2003 (SI 2003/533) to establish and maintain a systematic strategy, framework and process for managing risk.

5.   The reasoning behind the risk management procedures 

Whilst it is acknowledged that risk cannot be totally eliminated, it is accepted that much can be done to reduce the extent of injury, damage and financial loss. Therefore, the Council is committed to identifying, reducing or eliminating the risks to both people and the natural and built environments.

The Council will carry insurance in such amounts and in respect of such perils as will provide protection against significant losses, where insurance is required by law or contract and in other circumstances where risks are insurable and premiums cost effective. 

The Council will seek to embed effective risk management into its culture, processes and structure to ensure that opportunities are maximised. The Council will seek to encourage staff to identify, assess and manage risks.

6.   What the risk management process is

Implementing this policy involves identifying, analysing, prioritising, managing and monitoring risks. 

Risk Identification  
Identifying and understanding the hazards and risks facing the Council is crucial if informed decisions are to be made about policies or service delivery methods. The risks associated with these decisions can then be effectively managed.

Risk Analysis 
Once risks have been identified, they need to be systematically and accurately assessed using proven techniques. Analysis should make full use of any available data on the potential frequency of events and their consequences. If a risk is seen to be unacceptable, then steps need to be taken to control it or respond to it.

Risk Prioritisation
An assessment should be undertaken of the impact and likelihood of risks occurring, with impact and likelihood being scored Low, Medium, or High. High scoring risks will be subject to detailed consideration and the preparation of a contingency/action plan to appropriately control the risk.

Risk Control
Risk control is the process of taking action to minimise the likelihood of the risk event occurring and/or reducing the severity of the consequences should it occur. Typically, risk control requires the identification and implementation of revised operating procedures, but in exceptional cases more drastic action may be required to reduce the risk to an acceptable level.

7.   Options for control of risks

Elimination 
The circumstances from which the risk arises are ceased so that the risk no longer exists.

Reduction 
Loss control measures are implemented to reduce the impact/ likelihood of the risk occurring. 

Transfer 
Where the financial impact is passed to others, e.g., by revising contractual terms. 

Sharing 
Sharing the risk with another party or parties.

Insuring 
Insuring against some or all of the risk to mitigate financial impact.

Acceptance 
Documenting a conscious decision after assessment of areas where the Council accepts or tolerates risk a particular risk.

8.   Risk monitoring

The risk management process does not finish with putting any risk control procedures in place. Their effectiveness in controlling risk must be monitored and reviewed. It is also important to assess whether the nature of any risk has changed over time. 

The information generated from applying the risk management process will help to ensure that risks can be avoided or minimised in the future. It will also inform judgements on the nature and extent of insurance cover and the balance to be reached between self-insurance and external protection.

9.   How it will feed into the Council’s existing policies

Initial identification of risks will be by individual staff members, discussing risks with the Clerk and compiling a list of the risks in their service area(s). This will be followed up by brainstorming at staff meetings, supervisory sessions or in the general course of the work. 

Best Value 
The requirements of Best Value means that risk management is more important than ever, as Best Value presents a significant opportunity for the Council to reassess what it does and how. The Council takes into account minimising risk in the way that it operates as part of a commitment to quality and continuous service improvement. 

Projects and Service Changes
The Clerk, in recommending projects or service changes, will ensure that risks are identified and the measures to eliminate or control risks are documented in agenda reports/briefing papers to be considered by the Council and committees. 

Partnership Working 
The Council may enter into a number of partnerships with organisations from the public, private, voluntary and community sectors. Some of these organisations may not have the same sensitivities to the risks that the Council sees as important. Part of the process of setting up future partnerships will be to ensure that all relevant risks are identified and that appropriate control mechanisms are built into the management arrangements for the partnership.

10.   Roles and responsibilities

It is important that risk management becomes embedded into the everyday culture and performance management process of the Council. The roles and responsibilities set out below are designed to ensure that risk is managed effectively across the Council and its operations, and responsibility for risk is located in the right place. Those who best know the risks to a particular service are those responsible for it. The process must be driven from the top but must also involve staff throughout the Council.

Elected Members 

Risk management is seen as a key part of the Elected Member’s role and there is an expectation that Elected Members will lead and monitor risk management. This will include: 

a.   Approval of the Risk Management Policy. 

b.   Analysis of key risks in reports on major projects, ensuring that all future projects and services undertaken are adequately risk managed.

c.   Consideration and, if appropriate, endorsement of the Annual Statement of Internal Control.

d.   Assessment of risks whilst setting the budget, including any bids for resources to tackle specific issues.

Staff 

Members of staff will act as the risk champion for their service area, assisting with identifying all risks in their area. They will manage risk effectively in all service areas or projects and report how threats and risks have been managed to the Clerk. This includes identifying, analysing, prioritising, monitoring and reporting on service risks and any control actions taken.

Members of staff will undertake their jobs to the best of their ability to reduce risks ensuring that the skills and knowledge that they have acquired and that have been passed to them are used effectively. All employees will maintain an awareness of the impact and costs of risks. They will work to control risks or threats within their jobs, monitor progress and report on job related risks to the Clerk.

Proper Officer

The Proper Officer will act as the Lead Officer on Risk Management, overseeing the implementation of the detail of the Risk Management Strategy and will:

a.   Provide advice as to the legality of policy and service delivery choices.

b.   Provide advice on the implications of potential service actions for the Council’s corporate aims, objectives and best value targets.

c.   Update Council and service areas on the implications of new or revised legislation.

d.   Assist in handling any litigation claims.

e.   Provide advice on any human resource issues relating to strategic policy options or the risks associated with operational decisions and assist in handling cases of work-related illness or injury.

f.   Advise on any health and safety implications of the chosen or proposed arrangements for service delivery.

g.   Report progress to Council via the Administration Committee.

h.   Ensure that Risk Management is an integral part of any service review process.

i.   Ensure that recommendations for risk control are detailed in service review reports.

Responsible Finance Officer 

The Council’s Responsible Finance Officer will: 

a.   Assess and implement the Council’s insurance requirements;

b.   Assess the financial implications of strategic policy options;

c.   Provide assistance and advice on budgetary planning and control. 

d.   Ensure that the Financial Information System allows effective budgetary control and informs financial decisions made by the Council.

Role of Internal Audit 

The Independent Internal Auditor provides an important scrutiny role carrying out audits to provide independent assurance to the Council via the Administration Committee that the necessary risk management systems are in place and all significant business risks are being managed effectively. 

Internal Audit assists the Council in identifying both its financial and operational risks and seeks to assist the Council in developing and implementing proper arrangements to manage them, including adequate and effective systems of internal control to reduce or eliminate the likelihood of errors or fraud.

The Internal Audit Report, and any recommendations contained within it, will help to shape the operation of the Council. 

In addition to the roles and responsibilities set out above, the Council is keen to promote an environment within which individuals or groups are encouraged to report adverse incidents promptly and openly.

The adoption of a sound risk management approach should achieve many benefits for the Council. It will assist in demonstrating that the Council is committed to continuous service improvement and demonstrating effective corporate governance.

11.   Future monitoring

The progress of the Policy will be measured on: 

a.   Adjustments to the way in which services are delivered;

b.   Greater satisfaction of Members, staff, volunteers, customers and visitors with the provisions made by the Council;

c.   Improvements to the provisions made by the Council for its buildings and open spaces.