Meeting: Audit Committee (County Hall, Durham - Committee Room 1a - 09/09/2008 09:00:00 AM)
Item: A4 The Work of Corporate Risk Management in relation to the Quarter Period April 2008-June 2008
Report of Keith Thompson, Head of Internal Audit and Risk Management on behalf of the Corporate Risk Management Group |
1. The purpose of this report is to inform Members of the Risk Management update report presented to Cabinet on 28 August 2008. A copy of the report is attached for information.
Comments
2. The Head of Internal Audit and Risk Management will be attending the meeting and will be available to answer Members questions.
Recommendation
3. That Audit Committee Members note the contents of this report.
Contact: David Marshall, Corporate Risk Manager on behalf of the Corporate Risk Management Group - Tel: 0191 3835726
1. Purpose of Report The purpose of this report is to give an insight into the work carried out by the Corporate Risk Manager and the Corporate Risk Management Group during the period April - June 2008. As well as good management practice, this report also positively responds to the Key Lines of Enquiry in the Use of Resources element of the Comprehensive Performance Assessment. Risks are assessed and managed at both a service and corporate level. Throughout this report all risks are reported as Net Risk, which is based on an assessment of the impact and likelihood of the risk occurring with existing controls in place. 2. Local Government Review (LGR) Risks related to the LGR are being managed within the LGR Programme, and these risks are distinct from the service and corporate risks of the County Council covered by the remainder of this report. The Corporate Risk Manager of the County Council is providing support to the Programme in the management of risk. 3. Current Status of Risks to the Council At the end of June 2008, the major risks being managed were: · Failure to effectively manage the implementation of the LGR Programme. There is a process in place to manage the risks to the Programme. This is part of the overall programme governance structure, which has been established to reduce the impact and likelihood of this strategic risk occurring.
Appendix 1: Implications
To date within the Council, a large amount of work has already been carried out in shaping and developing our approach to risk management. In summary, Cabinet and the Corporate Management Team have designated the Deputy Leader of the Council and the County Treasurer as Member and Executive Risk Champions respectively. Together they jointly take responsibility for embedding risk management throughout the Council, and are supported by Keith Thompson (Assistant County Treasurer), the lead officer responsible for risk management, as well as the Corporate Risk Manager. Each Service also has a designated member of staff (the Service Risk Manager) to lead on risk management at a Service level, and act as a first point of contact for staff who require any advice or guidance on risk management. Collectively, the Risk Champions, the lead officer, Service Risk Managers and the Corporate Risk Manager meet together as a Corporate Risk Management Group. This group monitor the progress of risk management across the Council, advise on corporate and strategic risk issues, identify and monitor corporate cross-cutting risks, and agree arrangements for reporting and awareness training. An Audit Committee is in place, and one of its key roles is to monitor the effective development and operation of risk management and overall corporate governance in the Authority. It is the responsibility of the Chief Officers to develop and maintain the internal control framework and to ensure that their Service resources are properly applied in the manner and to the activities intended. Therefore, in this context, Heads of Service are responsible for identifying and managing the key risks which may impact their respective Service, and providing assurance that adequate controls are in place, and working effectively, to manage these risks where appropriate. In addition, independent assurance of the risk management process, and of the risks and controls of specific areas, is provided by Internal Audit. Reviews by external bodies, such as the Audit Commission, Ofsted and CSCI, may also provide some independent assurance of the controls in place. Risks are assessed in a logical and straightforward process, which involves the Risk Owner (within the Service) assessing both the impact on finance, service delivery or stakeholders if the risk materialises, and also the likelihood that the risk will occur over a given period. The assessment is confirmed by the Service Management Team, and Chief Officers agree their Service Risk Register with the Cabinet Member responsible for their Portfolio Service. |