Waverley Borough Council Home Page Waverley Borough Council Home Page


Waverley Borough Council Committee System - Committee Document

Meeting of the Executive held on 11/10/2005
RISK MANAGEMENT POLICY



Summary & Purpose
This report reviews Waverley’s Risk Management Policy and proposes a strategy to achieve the objectives set out in this policy.

Quality of Life Implications
Natural Resource Use
Pollution Prevention and Control
Biodiversity and Nature
Local Environment
Social Inclusion
Safe Communities
Local Economy
Natural
Resource Use
Pollution
Prevention and Control
Biodiversity
and Nature
Local
Environment
Social
Inclusion
Safe, Healthy
and Active
Communities
Local
Economy
Positive
Positive
Positive
Positive
Positive
Positive
Positive


APPENDIX C
WAVERLEY BOROUGH COUNCIL

EXECUTIVE – 11TH OCTOBER 2005
________________________________________________________________________
Title:
RISK MANAGEMENT POLICY
[Wards Affected: N/A]
________________________________________________________________________
Summary and purpose:

This report reviews Waverley’s Risk Management Policy and proposes a strategy to achieve the objectives set out in this policy.
_________________________________________________________________________
Quality of life implications – social, environmental & economic (sustainable development):

Natural Resource Use
Pollution Prevention and Control
Biodiversity and Nature
Local Environment
Social Inclusion
Safe, Healthy and Active Communities
Local Economy
Positive
Positive
Positive
Positive
Positive
Positive
Positive

E-Government implications:

There are no e-government implications.

Resource and legal implications:

There are no direct resource implications arising from this report.
________________________________________________________________________
Introduction and Background

1. All organisations face risks in undertaking their business. Local authorities, with their wide-ranging responsibilities and duties, face a significant number of risks. A risk is the threat that an event or action will adversely affect an organisation’s ability to achieve its objectives. Clearly, Waverley has been, and always will be, faced with many potential risks in all areas of its business. In December 2002, the Council, for the first time, formally agreed its approach to the management of these risks.

2. This Policy is reviewed each year by Waverley’s cross-departmental Risk Management Group and is subject to a comprehensive review by Members every three years, or sooner if major change is necessary. In accordance with this Policy, in 2003 officers developed detailed registers of the key strategic and operational risks facing the Council. These registers are key corporate documents and help the Council to identify particular areas of concern and to ensure that a managed approach is taken to mitigate these risks as far as possible.


The Risk Management Policy and Strategy

3. The revised Policy for managing risk and the proposed Strategy for implementing the Policy are set out in Annexe 1. The Policy sets out why it is necessary to have a corporate approach to managing risks and the Strategy provides the details of the processes and actions required to implement the Policy objectives.

4. The Risk Management Officer Group is responsible for overseeing the implementation of Waverley’s Risk Management Strategy and to report to the Chief Officer Group, and Members if necessary, on any areas of concern.

The Key Risks

5. In June 2005, with the assistance of external facilitators, Waverley’s senior managers and key Members considered the strategic risks currently facing the Council. As a result, the Strategic Risk Register was updated in accordance with the procedure described in Section 4 of the attached Strategy. The evaluation of the key risks facing Waverley enabled officers to determine which risks currently require the greatest management attention. A summary of these risks is shown at Annexe 2. There are a number of other key risks identified in the Risk Register which are currently assessed as being managed effectively or they are risks that are outside of the direct control of the Council.

6. To ensure that Members are engaged in the process and can properly oversee the management of risk, it is important that a Member ‘champion’ for risk management is agreed. Ideally, this should be a member of the Executive. The Risk Management Group would contact this Member at key times during the year to discuss the implementation of the strategy.

Recommendation

It is recommended that the Executive:

1. considers and agrees the Risk Management Policy and Strategy set out in Annexe 1;

2. agrees on Waverley’s Member ‘champion’ for risk management; and

3. notes the summary of key strategic risks as shown in Annexe 2.

________________________________________________________________________
Background Papers (DoF)

There are no background papers (as defined by Section 100D(5) of the Local Government Act 1972) relating to this report.
________________________________________________________________________

CONTACT OFFICER:

Name: Brian Gilmour Telephone: 01483 5232
E-mail: bgilmour@waverley.gov.uk

Graeme Clark Telephone: 01483 523236
E-mail: grclark@waverley.gov.uk


Comms/Executive/2005-06/121 45825

ANNEXE 1
RISK MANAGEMENT POLICY

All organisations face risks in undertaking their business. Local authorities, with their wide-ranging responsibilities and duties, face a significant number of risks. A risk is the threat that an event or action will adversely affect an organisation’s ability to achieve its objectives.

Clearly Waverley has been, and always will be, faced with many potential risks in all areas of its business. This Policy statement recognises Waverley’s responsibility for the management of these risks and sets out the framework for achieving this effectively.

A managed approach to dealing with risk is important to help Waverley:

- Ensure compliance with statutory obligations - Safeguard the Council’s employees, Members, service users and all other persons to whom the Council has a duty of care

- Ensure that good quality services are delivered

- Maintain effective control over the Council’s resources and assets and prevent damage or loss

- Develop innovative ways of service delivery and maximise opportunities

- Promote and protect the image and reputation of the Council

- Protect the Borough’s environment This Policy and Strategy aims to:

- Embed good risk management practice into the culture of the Council - Ensure that any actions necessary to minimise the likelihood of risks occurring and/or reducing the impact on the Council if they do occur, are identified and carried out

- Communicate risk issues to staff, Chief Officers and Members

- Provide a framework which gives the necessary assurance required under Waverley’s corporate governance responsibilities

Waverley’s Strategy for managing risk details the roles and responsibilities and the proposed activity for achieving the Policy aims. This Policy and Strategy will be reviewed each year to ensure that it continues to provide the necessary framework for managing Waverley’s risks effectively.

RISK MANAGEMENT STRATEGY

1. INTRODUCTION

Effective management of risk should be a key part of every manager’s day-to-day job. Whilst there are currently many well-established areas of good practice across the Council, it is often easy to overlook some of the common vulnerable areas where the organisation can be particularly exposed to the consequences of risk. This can be major strategic risk areas or service specific operational risks.

Waverley’s risk management framework is a ‘tool’ that should help individual mangers, Chief Officers and Members to identify and assess potential risks facing the Council and from this, prioritise actions necessary to protect the Council, its staff and stakeholders and its resources. The Risk Management Strategy does not sit in isolation and it should be used to support the normal achievement of service and corporate objectives through the Corporate Plan, Service Plans and individual staff appraisals.

2. OBJECTIVES OF THE STRATEGY

- To develop the existing structured framework for the identification, evaluation and control of risks - To clearly identify the roles and responsibilities for managing risk

- To raise awareness of potential risks and to support officers in managing them

- To encourage the sharing of good practice across the Council

- To help improve the Council’s performance

- To help inform decision-making at all levels by considering risk issues

- To support innovative working practice and encourage opportunities to be taken in a controlled way 3. WHAT SORT OF RISKS COULD WAVERLEY FACE?


The diagram shown above illustrates some of the main categories of risk that Waverley could face. This diagram was provided by Zurich Municipal Management Services (ZMMS) who have provided assistance in developing and reviewing Waverley’s risk management framework.

Risks can arise in any of Waverley’s services across any of these categories. Risks can be external, such as risks arising from Government changes, or internal, such as health and safety of staff and buildings. The changing environment in which local authorities operate make it increasingly difficult to manage risks without a formal strategy and process in place. Factors such as limited resources, increasing responsibilities and demands from customers, new legislation and more litigation against Councils are all examples.

4. WHAT IS WAVERLEY’S RISK MANAGEMENT FRAMEWORK?

A risk is the threat that an event or action will adversely affect Waverley’s ability to achieve its objectives. Waverley’s approach to managing its risks involves the identification, evaluation and controlling of the risks. This process is taken at a point in time and the existence and impact of risks often change over time. Therefore it is important to monitor and review the risk assessment on a regular basis to focus on those risks which present the greatest threat. Waverley’s cross-department Risk Management Group coordinates the delivery of the Strategy aims.

i) Identification
Waverley maintains a register of key Strategy risks which are the major issues that could potentially have a significant impact on the Council. These risks were last identified in June 2005 in an exercise facilitated by ZMMS which involved key Members and senior managers.

Waverley also maintains a register of operation risks which tend to be specific to certain service areas or functions. These risks were identified at workshops for managers from all services. In addition, major projects such as the East Street development, are subject to a separate risk identification exercise.

Pro-actively identifying areas of risk before any loss or event occurs enables preventative actions to be taken and/or actions which minimise the impact on services or resources.

ii) Evaluation
The risks identified are evaluated in terms of:
- the likelihood of the loss or event occurring; and,
- the impact on the Council or the service if the risk does materialise.

The evaluation process enables the overall severity of the risk to be assessed and consequently, any action necessary to be determined, prioritised and reported on.

The combined likelihood/impact evaluation of each risk is plotted against a predetermined acceptability threshold. Risks above this threshold will be reported to members and those that require management action do so as a matter of priority.

iii) Control
Once the risk has been identified and evaluated, it is determined whether any action is required to control the risk or mitigate its impact. The following are the general options that are considered:
- Accept the risk and live with the consequences if a problem does occur
- Eliminate the risk by stopping or radically changing a service or activity
- Transfer the risk to a third party, such as insurance or contracted-out services
- Mitigate the risk by taking action to reduce the likelihood or impact

The risk registers should include an action plan, where action was deemed necessary, which identifies the action, risk owner and timescale for completion.
The Council must accept that, whatever action is taken, risk cannot be eliminated entirely. Actions must be proportionate to the risk and not obstruct service provision. It is also important that any system to manage risks supports managers and not introduces unnecessary bureaucracy.

iv) Monitoring and review
The risks identified may change over time, as may the evaluation of their likelihood and impact. Therefore, it is essential to review the registers of risks and the action plan on a regular basis. The following is the proposed review timetable:

Strategic Risk Register
- Risk Management Group review on 6-monthly basis and report to COG
- COG and senior managers review strategic risks annually and report to Members on the key risks above the acceptable threshold
- New risks or sudden changes to risks or evaluations reported on an exception basis

Operational Risk Register
- Risk Management Group review on a 6-monthly basis and report to DMT’s
- Risk Management Group report above threshold risks to COG on 6-monthly basis
- Manager workshops to comprehensively review risks every 2 years
- New risks or sudden changes to risks or evaluations reported on an exception basis

5. WHO IS RESPONSIBLE FOR MANAGING RISK?

The responsibility for managing risk extends throughout the Council. It is important that there is high level support and that all managers and staff are aware of their role. The following summarises the roles and responsibilities.

Members
- To oversee and scrutinise the effective management of risk by officers
- To consider risk issues when making key decisions

Chief Officer Group
- To ensure that the Risk Management Strategy is fully implemented
- To ensure that the agreed action plan is completed
- To ensure that risk issues are properly considered when making decisions
- To ensure that an effective control mechanism is in place and adhered to

Risk Management Group
- To coordinate to actions necessary to implement the Risk Management Strategy
- To maintain and update the risk registers and report to COG and DMTs in accordance with the agreed Strategy framework
- To raise awareness of risk issues across the Council and promote good practice
- To provide support to managers in implementing effective solutions to managing risk
- To facilitate training for key managers to develop skills in tacking risk issues
- To liaise with the Member champion for risk management
- To review the Policy and Strategy each year and report to Members if necessary

Service Managers
- To identify the risk of loss, damage or injury in services and seek to manage them to minimise their likelihood of occurring and/or their impact in the Council
- To encourage staff to be risk-aware and to raise risk issues at team meetings/DMTs
- To ensure that an effective control environment exists in all service areas
- Effective communication of the Risk Management Strategy in their service areas.



Comms/Executive/2005-06/121 45825