Risk Management Policy and Strategy

(A pdf version of this policy is available for download here)

St Stephen in Brannel Parish Council recognises that it has a responsibility to manage risks effectively in order to protect its employees, assets, liabilities and community against potential losses; to minimise uncertainty in achieving its goals and objectives and to maximise the opportunities to achieve its goals.

Responsibility for effective Risk Management rests with all Members of the Council, the Proper Officer (Clerk & Responsible Finance Officer), and employees.

Risk management is an integral part of the Council’s management processes. The Council is aware that some risks can never be eliminated fully and it has in place a strategy that provides a structured, systematic and focussed approach to managing risk.

This policy and strategy applies to all Councillors, employees, contractors or others who may be carrying out operations for and on behalf of the Council, and those who may be affected by their work.

Introduction

This document outlines the Council’s Risk Management Strategy. It details:

  • What is risk management;
  • Why does the Council need a risk management strategy;
  • What is the risk management process and its links with existing processes;
  • Roles and responsibilities;
  • Future monitoring

The objectives of this strategy are to:

  • Continually develop the profile risk management across the Council;
  • Integrate risk management into the culture of the organisation;
  • Embed risk management as an integral part of all decision-making processes.
  • Manage risk in accordance with best practice.

What is Risk Management?

“Risk management is the identification, assessment, and prioritisation of risk by the coordinated and economical application of resources to minimise, monitor and control the probability and/or impact of unfortunate events or to maximise the realisation of opportunities.”

In the context of Risk Management Members must;

  • exercise leadership,
  • consider and adopt current and future risk management policies and strategies, and
  • support and monitor the risk management process.

Risk management is an essential feature of good governance. An organisation that manages risk well is more likely to achieve its objectives. Risk management applies to all aspects of the Council’s work not just health and safety.

Risks is not restricted to potential threats but can be connected with opportunities

Risk can be classified into various types but it is important to recognise that the direct financial losses may have less impact than the indirect costs such as disruption of normal working for all the categories described.

Examples include:

Strategic Risk – long-term adverse impacts from poor decision-making or poor implementation. Risks damage to the reputation of the Council, including in the labour market, and loss of public confidence

Compliance Risk – failure to comply with legislation, laid down procedures or the lack of documentation to prove compliance. Risks expose to prosecution, judicial review, employment tribunals and the inability to enforce contracts.

Financial Risk – fraud and corruption, waste, excess demand for services, bad debts. Risk of additional audit investigation, objection to accounts, reduced service delivery, dramatically increased Precept levels/impact on Council reserves.

Operating Risk – failure to deliver services effectively, malfunctioning equipment, hazards to service users, the general public or staff, damage to property. Risk of insurance claims, higher insurance premiums, lengthy recovery processes. Risks to the relationship of mutual trust and confidence between the Council and its Staff

Not all risks are insurable and even where insurance is available, premiums may not be cost effective and the monetary consideration might not be an adequate recompense. The emphasis by Council should always be on eliminating or reducing risk before costly steps to transfer risk to another party are considered.

Why does the Council need a Risk Management Strategy?

Council is fully committed to effective Risk Management, adopting best practices in the identification, evaluation and control of risks, in order to”

  • integrate risk management into the culture of the Council,
  • eliminate or reduce risks to an acceptable level,
  • anticipate and respond to changing social, environmental and legislative Requirements, for example pandemics,
  • prevent injury, sickness, damage and reduce the cost of risk, and
  • raise awareness of the need for Risk Management.

Risk management will strengthen the ability of the Council to achieve its objectives and enhance the value of services provided. The Risk Management Strategy will help to ensure that the Council understands risk and adopts a consistent approach to identifying and prioritising risks, enabling Council to choose the most appropriate method of dealing with each risk.

Risk management is an integral part of the Council audit process and is an important element in demonstrating good governance and continuous service improvement.

There is a requirement under the Accounts and Audit Regulations 2015 to establish and maintain a systematic strategy, framework and process for managing risk.

What is the Risk Management Process?

Implementing the Strategy

Risk management is an on-going activity which requires that all risks should be systematically identified and managed in the most cost-effective manner within overall resources available

Risks and their control are collated into a Risk Register. All projects, changes to services or any partnership agreements will include risks identification and the measures to eliminate or control risks will be documented in agenda reports/briefing papers to be considered by the Council and its committees.

Risk Identification

Identifying and understanding the hazards and risks facing the Council is crucial if informed decisions are to be made about policies or service delivery methods. The risks associated with these decisions can then be effectively managed. Each risk identified by the Council is recorded in the Council Risk Register.

Risk Analysis

Once risks have been identified the impact and likelihood of risks occurring is systematically accessed and their consequences and appropriate control measures are put in place. If a risk is seen to be unacceptable, then steps need to be taken to control or respond to the risk. Action will be taken to address any risks where risk impact is judged to be major. Residual risks will be subject to monitoring. Action will be taken to minimise residual risk in all cases as resources permit.

Risk Control

Risk control is the process of taking action to minimise the likelihood of the risk event occurring and/or reducing the severity of the consequences should it occur. Typically, risk control requires the identification and implementation of revised operating procedures, but in exceptional cases more drastic action will be required to reduce the risk to an acceptable level.

Options for control include:

  • Elimination – the circumstances from which the risk arises are removed so that the risk no longer exists.
  • Reduction – loss control measures are implemented to reduce the impact/ likelihood of the risk occurring.
  • Transfer – the financial impact is passed to others e.g. by revising contractual terms.
  • Sharing – the risk is shared with another party.
  • Insuring – insure against some or all of the risk to mitigate financial impact.
  • Acceptance – documenting a conscious decision after assessment of areas where the Council accepts or tolerates risk.

Risk Monitoring

The risk management process does not finish with putting any risk control procedures in place. The effectiveness in controlling risk must be monitored and reviewed. It is also important to assess whether the nature of any risk has changed over time. The information generated from applying the risk management process will help to ensure that risks can be avoided or minimised in the future. It will also inform judgements on the nature and extent of insurance cover and the balance to be reached between self-insurance and external protection.

Roles and Responsibilities

Risk management must be embedded into the everyday culture and performance management process of the Council. The roles and responsibilities below are designed to ensure that risk is managed effectively across the Council and its operations, and responsibility for risk is located in the right place.

Elected Members

Responsibility for effective Risk Management rests with all Members of the Council who have ultimate responsibility for Risk Management. Members will lead and monitor the approach to risk management adopted by the Council, including

  • Approval of the Risk Management Strategy.
  • Review and monitor Risk Register.
  • Analyse key risks in reports on major projects or national events, ensuring that all future projects and services undertaken are adequately risk assessed and managed.
  • Consider and endorse of the Annual Statement of Internal Control.
  • Assessment of risks whilst setting the budget.

Parish Clerk and Responsible Finance Officer (RFO)

Responsible for overseeing the implementation of the detail of the Risk Management Strategy.

The Parish Clerk/RFO:

  • provide advice as to the legality of policy and service delivery choices;
  • provide advice on the implications for service areas of the Council’s aims and objectives;
  • update the Council on the implications of new or revised legislation;
  • report progress to Council.
  • Assess and implement the Council’s insurance requirements;
  • Assess the financial implications of strategic policy options;
  • Provide assistance and advice on budgetary planning and control;
  • Ensure that the financial information system allows effective budgetary control;

Finance & General Purposes Committee

This committee will ensure continuous review and improvements to the Risk Management Policy and Strategy and will oversee regular reviews of the Risk Register with reports to Council. The committee also has delegated powers to act as Data Controller with regards to the Data Protection Act 2018.

Internal Auditor

Internal Audit provides an important scrutiny role as the auditor carries out an independent audit with written reports detailing recommendations as appropriate. This contributes to good governance arrangements with the Council having the necessary risk management systems in place to effectively manages all significant business risks.

Internal Audit helps the Council to improve and implement proper arrangements to manage both its financial and operational risk, including adequate and effective systems of internal control to reduce or eliminate the likelihood of errors or fraud. The Council will ensure appointment of independent and competent internal auditors.

Training

The Council will aim to ensure that both Members and staff have the skills necessary to identify, evaluate and control the risks associated with the services they provide and receive risk management training as appropriate.

Relationship between the Clerk/RFO and the Council

The Council will ensure that it maintains a relationship of mutual trust and confidence with the Clerk/RFO.

Review and Monitoring

This Strategy will be reviewed by council on an annual basis as part of the Council’s continuing review of its policy documents, Standing Orders and Financial Regulations.

It is crucial that the Risk Register is reviewed and updated annually. New risks will emerge and need to be controlled. Feedback from Internal and External Audit can identify areas for improvement, as can the sharing of best practice via professional bodies, the National Association of Local Councils and relevant local Council forums.

The adoption of a sound risk management approach has a number of benefits. Most importantly, it assists in demonstrating that the Council has in place policies and processes to effectively management its resources. In addition, it indicates a commitment to continuous service improvement and effective corporate governance

In accordance with the Freedom of Information Act 2000, the Risk Management Strategy and Risk Register will be posted on the Council’s Website https://ststephenininbrannel-pc.gov.uk and available for inspection at the Council Offices.

[Adopted by Full Council at the meeting held on Wednesday 15 July 2020 under minute number FPC168/20. Due for review in 2021.]