Mission and Objectives

SMDC Risk Management Policy and Statement 2005-06 DRAFT

Contents Appendix A

Page

Risk Management Policy Statement 1

Strategy

1. Introduction 2

2. Identification 3

3. Quantification 4

4. Avoidance 5

5. Financing 6

6. Communication and Reporting 7

7. Responsibilities for Risk Management 8

8. Risk Management Proposals 10

9. Funding of Risk Management 10

10. Benefits of Risk Management 11

11. Action Planning 11

Appendices

A Organisation of the Risk Management Process 12

B Risk Thresholds 13 Risk Profile 14

Updated October 2005


STAFFORDSHIRE MOORLANDS DISTRICT COUNCIL

RISK MANAGEMENT POLICY STATEMENT

Staffordshire Moorlands District Council recognises that good risk management practices are an integral part of management responsibilities, if the highest quality services are to be delivered to the community in the most cost effective way.

Good risk management practices will identify and quantify risks arising from Council activities, leading to steps being taken to avoid or reduce such risks. This will help to ensure continuity of services, and reduce costs, which can be re-directed into front line services. Risk management is a fundamental part of good business practice and is essential to Best Value and promoting the reputation of the area.

Risk management is inherently part of corporate governance thus ensuring the Council has good internal controls so it can achieve its operational and strategic objectives. By being innovative and improving services it is accepted that risks have to be taken and these have to be appropriately dealt with.

The Council is committed to manage all of its activities in a way, which minimises risks to people, property, services and its finances. To achieve this, a Risk Management Strategy will be formulated by which all departments will seek to identify, quantify, control and continually re-evaluate the risks from their activities. It is recognised that risk management should embrace all aspects of the Council’s activities, including:

Decision making; Health and safety of employees and the general public; The maintenance of physical assets; and The protection of the Council’s financial position and reputation.

This policy is fully supported by Members, the Chief Executive and the Strategic Management Group.

Updated October 2005 1


STAFFORDSHIRE MOORLANDS DISTRICT COUNCIL

RISK MANAGEMENT STRATEGY

1. Introduction

1.1 The purpose of Risk Management (RM) is to mitigate loss. Losses are often measured in money terms but they also include costs of disruption, inconvenience, lowering of morale, adverse publicity, public dissatisfaction etc.

1.2 The 2005 Comprehensive Performance Assessment, the Civil Contingencies Act and the Corporate Governance Agenda, all place great important on the role of risk management within an organisation. This strategy sets out the Authority’s approach to the management of risk.

Mission and Objectives

1.3 The Council is committed to Strategic Risk Management (SRM) which is ‘the management of integrated or ‘holistic’ business risk ….it is about making the most of opportunities (making the right decisions) and about achieving objectives once these decisions are made. The latter is achieved through controlling, transferring and living with these risks.’

1.4 There are a number of reasons why effective SRM is essential for the Council:

Support for Corporate Governance (CG being ‘the system by which local authorities direct and control their functions and relate to their communities’):

To aid compliance with the Civil Contingencies Act; To reinforce best practice as measured by the Comprehensive

Performance Assessment; Support for business planning and decision-making.

1.5 This strategy ensures the areas of highest risk are identified, appropriate remedial action is considered, and where necessary, financial assistance is made available to implement risk minimising measures. This will be done by regular consultation and liaison with departments and other responsible bodies, to ensure that all relevant parties are involved in the overall process. Funding mechanisms to aid Departments are detailed at Section 5.



1.6 This strategy ensures that two types of risk are addressed:

Direct threats (damaging events) which could lead to a failure to achieve objectives; and

Opportunities (constructive events) if exploited can offer an improved way of achieving objectives, but which are surrounded by threats. Examples include areas such as partnership arrangements.

Source: Treasury Orange Book – January 2001

1.7 The Council’s RM Strategy addresses five processes to ensure that it meets the overall objectives of loss minimisation, and the Council’s Corporate Standard ‘Using Resources Wisely’:

Identification of risks (Section 2); Quantification of risks and action planning (Section 3); Avoidance of risks (Section 4); Financing of risks (Section 5); Communication of risk management (Section 6).

1.8 RM involves a number of differing disciplines such as Health and Safety, crime prevention, fire prevention, Information Technology, internal audit etc. Certain policies within the Council Policy and Procedures Manual form an important element in the management of the Council’s risks, particularly:

Management of Workplace Stress; Use of Display Screen Equipment; Health and Safety Policy and Procedures; and Personal Protective Equipment (PPE); Lone Working

This strategy compliments the above and is the vehicle for delivering the Council’s RM Policy.

2. Identification

2.1 The Council must identify the risks, which threaten its ability to achieve its objectives. Service Managers are required to define the risks they face in their service risk catalogue. These together with the over arching risks identified by SMG are brought together into the Authority’s Corporate Risk Register, which is reported to Cabinet twice a year.



2.2 The process of risk identification is achieved by considering risks on 3 levels, strategic, project based and operational.

2.3 All reports and strategies should include a section in which risk management is considered. The resultant recommendations and conclusions should reflect these risk considerations.

2.4 The Council is committed to the Prince 2 method of Project Management. This is a risk-based approach requiring risks to be continually considered during the life of a project. A number of employees hold the necessary accreditation to manage projects under this approach thus increasing the likelihood of success.

2.5 Service Managers are required to maintain the service risk catalogues on the shared (S:\) directory updating them when new risks become apparent or existing risks change. It is recommended that risk be discussed at team meetings in order to gain input from all levels of the organisation.

2.6 The service risk catalogues for an integral part of a service’s business planning process. Risks to service objectives are incorporated into the service plan with the necessary actions identified.

2.7 The quarterly claims report sent to Directorates should be used to update the service risk catalogue with any issues emerging from recent claims.

2.8 Information and recommendations arising our of internal audit reports, health and Safety audits, Best Value Reviews, Asset Management Planning and Community Safety Partnerships, should all be fed into the service risk catalogues.

2.9 Information obtained through liaison with other authorities, external insurers, professional bodies and national associations, such as the National Forum for Risk Management in the Public Sector (ALARM), should be incorporated into the service awareness of risk.

The whole process is illustrated at Appendix A.

3. Quantification and Action Planning

3.1 Risks identified and defined in the risk register are quantified in terms of:

Severity of impact Probability of occurrence



3.2 The resultant ratings will designate each risk a High, Medium or Low risk status. Risks emerging as medium or low are already below the Council’s acceptable risk threshold and need monitoring to ensure they remain there. Risks classified as high status require actions specified to address the risk.

The ratings and acceptable risk profile of the Authority is at Appendix B

3.3 The risk register requires a SMART approach to action planning. Consequently, each risk action requires, wherever possible: -

A measurable output A target date A designated risk owner

3.4The analysis will be reviewed annually and reported to the Strategic Management Group (SMG).

4 Avoidance

4.1The Council needs to avoid exposure to risk by:

Promoting the concept of risk avoidance throughout the Council. Primary responsibility for this will rest with the Corporate Director (CFO) along with the Risk Management Group (see paragraph 4.2);

Ensuring Service business plans compulsorily have a section on Risk Management, so that fundamental risks are addressed;

Getting managers to take greater financial responsibility for the consequences of claims arising from their work areas. Internal insurance recharges now form part of service budget targets;

Recharging premiums, where appropriate, on the basis of claims experience;

Assessing the cost/benefit of eliminating or reducing significantly the impact of risks;

Ensuring that suitable training is provided for high risk activities; Ensuring that Service Managers are aware of their RM

responsibilities as set out in their job descriptions.

4.4A Risk Management Group (RMG) is maintained, chaired by the Corporate Director (CFO), involving the Cabinet member for Performance Management and the following employees: Financial Manager (RM); Health and Safety Advisor; Audit Services Manager; One Head of Service from each Directorate; Head of ICT Services; Head of Property Services.



5 Financing

5.4Total elimination of risks is not possible. Funding action to address risks is a key part of the RM Strategy. Funding points of the strategy are:

Strategic and Project Management

Areas requiring significant spend should be reported via SMG to either the Revenue or Capital Budget Groups.

Operational

The Financial Manager will ensure annually that appropriate insurance cover, either from the internal Insurance fund or external insurance is in place for all identified risks;

The financial impacts of the risk actions identified will be fed into the budgetary process as potential growth items.

Funding will be made available from the Insurance and Risk Management Fund to help services to address high risks. This will be in the form of loans to be repaid over an agreed number of years. In certain circumstances the fund will finance actions directly where the risk is crosscutting. The decision in these cases will reside with the CD (CFO) and RMG.

External insurance will be limited to protection against large claims. Insurance funding should be used for non personal-injury claims between £100 and £500 unless the insurance policy excess is within these parameters.



6 Communication and Reporting

6.1 The strategy requires a suitable reporting and monitoring system, which will report effectively on all aspects of the strategy.

6.2Reporting of RM will be as follows:

Author Recipient Frequency Report

Corporate Director (Chief Finance Officer) Cabinet Six Monthly Summary of previous year’s RM activities, results and Risk Register

Corporate Director (Chief Finance Officer) Cabinet As Required Newly agreed RM initiatives

Corporate Director (Chief Finance Officer) Cabinet As Required Strategic matters

Corporate Director (Chief Finance Officer) SMG Annually Report overall funding proposals.

Corporate Director (Chief Finance Officer) SMG Annually Report on RM activities and results

Corporate Director (Chief Finance Officer) SMG Annually Report on numbers, cost and type of insurance claims

Corporate Director (Chief Finance Officer) SMG Six Monthly Report progress on RM activities

Corporate Director (Chief Finance Officer) SMG Six Monthly Half yearly update on insurance claims history

Financial Manager (DRR) Heads of Service

Quarterly Insurance claims update reports for Directorates



6.3The communication of risk management issues within the Authority is facilitated by:

Corporate Risk Management Group members acting as risk champions within the directorates communicating issues via departmental management team (DMT).

Heads of service/Service Managers cascading RM information via team briefings and section meetings.

Financial Manager (Risk Manager) communicating with services directly when specific issues arise.

The production of a risk management bulletin/newsletter developed to communicate with employees via the Intranet.

7 Responsibilities For Risk Management

7.1The following have responsibilities for Risk Management:

Cabinet (via Finance and Performance Portfolio Holders)

- To approve the RM Policy, Strategy and Action Plan.

- To agree changes to the RM Strategy.

- To champion among the member body the concept and practice of Risk Management

Strategic Management Group

- To receive six monthly and annual reports from the. Corporate Director (Chief Finance Officer)

- To provide corporate comment on the RM Budget.

- To give corporate commitment to strategic RM issues.

Corporate Director and Chief Finance Officer

-To ensure RM funding initiatives are in accordance with the RM Strategy.

-To report RM proposals that impact upon the RM Strategy and Action Plan, for approval by SMG and the Cabinet.

-Chair of RM Group



Financial Manager (RM)

-Overall control of the RM Function;

-To prepare reports on RM activities and results, and loss ratio analysis (i.e. cost of insurance claims compared to the cost of premiums).

-To manage the insurance fund and external insurance contract.

-To promote the implementation of the Council’s Risk Management Strategy on a corporate basis.

-To consider the value of new Risk Management initiatives.

-To bring together the specialist skills needed for the promotion of successful RM within the authority.

-To manage, propose and co-ordinate RM loans from the insurance fund and RM budget.

-To consult regularly with Departments and external bodies about developing the RM programme.

-To devise programmes of RM activities and to monitor and report the results of the activities to the Director and SMG.

-To co-ordinate the maintenance/update of corporate risk register.

-To liase with external insurers to ensure that future premiums reflect all RM activities being undertaken by Council services.

-To continually look at the feasibility of increasing self-insurance.

-To ensure premiums are appropriately recharged to services using a ‘risk’ basis.

Heads of Service and Service Managers

-To ensure risk management is considered within service business plans;



-To maintain and update the service risk catalogues -To ensure the concept of risk management is communicated to

all employees (and that the process is both ‘bottom-up’ and ‘top-down’).

8 Risk Management Proposals

8.1Where significant funding is required then the proposal must be put forward to either the Council’s Revenue or Capital Budget group.

8.2The Insurance and Risk Management Fund will make available funding for crosscutting initiatives, which help reduce the Authority’s exposure to risk. The Corporate Risk management Group will consider bids for such funding.

8.3Services are also above to bid for funding from the Insurance and Risk Management Fund, on a repayable loan basis, to address high risks identified in their service risk catalogues.

8.4Projects targeted will be those where the highest benefits will accrue to the Council. Some of the prioritised projects may originate from strategic areas highlighted elsewhere such as Community Safety, Best Value reviews, the Asset Management Plan or Service Business Plans.

8.5RM loans will be used to supplement provisions within Service budgets (e.g. security, revenue/capital maintenance budgets etc). Services must be able to demonstrate that such budgets are fully committed. These loans will be reviewed on an annual basis ensuring they are allocated on a consistent and equitable basis, which maximises the benefit of the funds available.

9 Funding of Risk Management

9.1 If a solution to a risk management issue involves significant expenditure it will have to be accounted for within either the Council’s revenue or capital budgets.

9.4The insurance account receives all premiums charged to Departments and pays out all premiums for external insurance cover.

9.5The internal premiums recharged to Departments form part of Service targets. The basis of the recharge will include an element for claims history if the number of claims starts to increase dramatically. This is so that services are made more accountable and aware of the implications of RM.

9.6In total advances from the RM budget and loans from the Council’s insurance fund will not exceed £50,000. This will be reviewed annually as the insurance fund is also in place in case payments are



necessary for outstanding claims in relation to Municipal Mutual Insurance (MMI), the Council’s insurers up until 1992 when they went into liquidation.

10 Benefits of Risk Management

10.1 Benefits of SRM include:

To achieve objectives by identifying barriers to achievement; Being less risk averse and more innovative; A better assessment of business opportunities; Improved business planning through a risk based decision making

process; Focusing on outcomes not processes; Enhanced performance – it should be part of the performance

management framework; The Buy-in of employees, to ensure it is embedded within the

culture of the council; Better governance, and demonstration of it to stakeholders.

10.4 The RM Strategy enables risks and losses to be managed and controlled, thus allowing funds to be used in the most efficient manner and possible savings to be generated. It also helps to minimise premium increases or even decrease them. The ultimate aim being to reduce the ‘total cost of risk’ i.e. both premiums and the cost of losses.

10.5 The control of loss through risk management has the added benefit of improving safety for employees of the Authority and members of the public.

10.6 By embracing risk management the Authority makes the most of the opportunities which it faces, whilst operating within a risk-aware environment.

11 Action Plan

11.1 An action plan will be drawn up each year to set out the activities and actions for the coming year,



APPENDIX A

ORGANISATION OF THE RISK MANAGEMENT PROCESS


PROJECTISSUES

STRATEGIC ISSUES

OPERATIONAL ISSUES

PORTFOLIO HOLDER

PERFORMANCE MANAGEMENT

CORPORATE DIRECTOR &

CHIEF FINANCE OFFICER

2 / 3 HEADS OF SERVICE

AUDIT / PROPERTY SERVICES

SMG / MEMBERS

PRINCE2 PROJECT

BOARD

CMT / SERVICE MANAGERS /

STAFF

MEMBER SMG CMT

FINANCIAL SERVICES /HEALTH & SAFETY

SPECIALISTS OTHER

LOSS CONTROL SPECIALISTS(as necessary)

EXTERNAL

RISK MANAGEMENT GROUP

CORPORATE RISK REGISTER


APPENDIX B

Risk Thresholds

1. Risk Consequences – Threats and Opportunities

High (I) Financial impact > £50,000 Significant impact on Council’s strategy or operational activities Significant stakeholder concern e.g. real risk of fatality / severe

injuryMedium (II)

Financial impact between £10,000 and £50,000 Moderate impact on the Council’s strategy or operational activities Moderate stakeholder concern e.g. low risk of injury

Low (III – IV)

Financial impact less than £10,000 (IV = < £5000) Low impact on the Council’s strategy or operational activities Low stakeholder concern

2. Probability of Occurrence – Threats

Estimation Description IndicatorsHigh (Probable – A to B)

Likely to occur each year or > 25% chance of occurrence

Potential of it occurring > 3 times in 10 years;Has occurred in past two years

Medium (Possible – C to D)

Likely to occur in a 10 year time period or less than 25% chance of occurrence

Could occur up to 3 times in 10 years. Could be difficult to control due to some external influences.Is there a history of occurrence ?

Low (Remote – E to F)

Not likely to occur in 10 year time period or less than 2% chance of occurrence

Has not occurred.Unlikely to occur.

3. Probability of Occurrence – Opportunities

Estimation Description IndicatorsHigh (Probable – A to B)

Favourable outcome likely to be achieved in 1 year; or better than 75% chance of occurrence.

Clear opportunity, which can be relied upon with reasonable certainty, to be achieved in the short term based on current management processes.

Medium (Possible – C to D)

Reasonable prospect of favourable results in one year of 25% to 75% chance of occurrence.

Opportunities achievable with careful management.Opportunities which may arise over and above the plan.

Low (Remote – E to F)

Some chance of favourable outcome in the medium term or less than 25% chance of occurrence.

Possible opportunity which has yet to be fully investigated by management.Opportunity for which the likelihood of success is low on the basis of management resources currently applied.



Risk Profile

A

B

C

D

E

F

Prob- IV III II Iability

Severity

Key

Red line = risk threshold (i.e. line of tolerance)

Grey = risks we can tolerate (low Risk)Green = risks we can tolerate (medium risk)Blue = risks we can’t tolerate (high risk)

Updated October 2005

High Risk

Low Risk

14

Mission and Objectives

Business

Transcript of Mission and Objectives