Meeting documents

Corporate Scrutiny Sub-Committee (DCC)
Monday 22 May 2006


            Meeting: Corporate Scrutiny Sub-Committee (County Hall, Durham - Committee Room 1a - 22/05/2006 10:00:00 AM)

                  Item: A6 Corporate Risk Management


         


Scrutiny Sub-Committee for Corporate Management Issues

22 May 2006

Corporate Risk Management
Report of the Deputy Chief Executive (Policy and Improvement) on behalf of the Corporate Risk Management Group


Purpose of Report

1. The purpose of this report is to inform Members of the Risk Management Annual Report. A copy of the report is attached for information.
Comments
2. The Corporate Risk Manager will be attending the meeting and will be available to answer Members questions.
Recommendation
3. That Corporate Scrutiny Sub-Committee Members note the contents of this report.
Contact: David Marshall, Corporate Risk Manager on behalf of the Corporate Risk Management Group - Tel: 0191 3835726



Scrutiny Sub-Committee for Corporate Management Issues

22 May 2006

The Work of Corporate Risk Management in relation to the Year April 2005 - March 2006

Report of the Deputy Chief Executive (Policy and Improvement) on behalf of the Corporate Risk Management Group


Purpose of Report

1. The purpose of this report is to give Members an insight into the work carried out by the Corporate Risk Manager and the Corporate Risk Management Group during the year April 2005 - March 2006.
Background
2. This is the first such annual report to be issued to the Cabinet, who have overall responsibility for risk across the Council, and the Overview and Scrutiny Corporate Sub-Committee. This report positively responds to a Key Line of Enquiry in Use of Resources under the Comprehensive Performance Assessment, and as such, this annual report will be presented to the full Council.
3. To date, a large amount of work has already been carried out in shaping and developing our approach to risk management. In summary, Cabinet and the Corporate Management Team have designated Member and Officer Risk Champions. Together they jointly take responsibility for embedding risk management throughout the Council, and are supported by Keith Thompson (Assistant County Treasurer) and Burney Johnson (Head of Transport Strategy and Design), the lead officers responsible for risk management. Each Service also has a designated member of staff (the Service Risk Manager) to lead on risk management at a Service level, and act as a first point of contact for staff who require any advice or guidance on risk management.
4. Collectively, the Service Risk Managers and the Corporate Risk Manager meet together as the Corporate Risk Management Group, to monitor the progress of implementing and maintaining effective risk management across the Council, advise on corporate and strategic risk issues, and agree arrangements for reporting and awareness training. The objective of the Corporate Risk Management Group is to oversee risk management activity across the Council , ensuring that risk management is embedded in our corporate business processes including strategic planning, financial planning, policy making and review, and performance management.
5. It is the responsibility of the Chief Officers to develop and maintain the internal control framework and to ensure that their Service resources are properly applied in the manner and to the activities intended. Therefore, in this context, they are responsible for assigning managers to identify and manage the key risks which may impact their respective Service, and confirming in the annual Assurance Statement that they can provide assurance on the effectiveness of the internal controls in their Service. This will support the Statement of Internal Control, signed by the Leader of the Council, the Chief Execut ive and the County Treasurer.
Current Status of Key risks
6. Attached to this report in Appendix 2 is a summary of the risks identified by the Services as being the major risks facing their Service at the current time. The Corporate Management Team is currently considering the revised strategic risk register.
Emerging risks
7. One of the roles of the Corporate Risk Management Group is to identify and monitor, both at a Strategic and Service level, issues which are emerging as potential risks for the Council. At present, the major emerging issues which have been identified as raising potential risks are the Government’s White Paper on future education provision, the risks surrounding a Pandemic Flu outbreak, local government reorganisation and the Lyons Inquiry on Local Government.
HIGHLIGHTS DURING THE YEAR

Corporate Risk Manager
8. A Corporate Risk Manager, David Marshall, was appointed in August 2005, and is accountable to the lead officers responsible for risk management, and the Corporate Risk Management Group. This has enabled further progress in developing the risk management arrangements within the Council, and helped us to build upon the Risk Management Implementation Programme already in place. Appendix 3 to this report highlights the planned deliverables for April 2006 - March 2007.
Strategic and Service Risks
  • The revised strategic risk register is currently under consideration by the Corporate Management Team.
  • A revised process has been implemented for Services to update the service risk registers, and develop action plans to address the identified risks.
  • To further improve this process, the Corporate Risk Manager is working closely with Customer Services in the Chief Executive’s Office, in the implementation of their risk management arrangements, with the aim of learning lessons which can then be shared with other Services in their risk management work.
  • The Corporate Risk Manager is assisting in the development of an overall risk register for the new Childrens and Young Peoples Service. Similar assistance will be offered to the Adult and Community Services.
  • The Corporate Risk Manager provided facilitation and support at risk workshops for major projects underway within the Council, namely Building Schools for the Future, Waste Management, Durham Johnston School, and prior to the selection of the Northgate payroll system.
Partnerships
9. The Corporate Performance Management Working Group has developed a Governance Framework for Partnerships. As part of this, a risk assessment framework was developed, tailored to the size and complexity of each Partnership. As well as good management practice and governance, this positively responds to a Key Line of Enquiry in Use of Resources under the Comprehensive Performance Assessment, and also aligns with Audit Commission guidance.
Key Decisions
10. Focusing on a sample of reports, we are piloting a draft process for ensuring that details of any major risks are highlighted in the Key Decision reports. Once the pilot is complete, the process will be recommended to CMT/ Cabinet for approval.

Training and Awareness
  • During September 2005, specialised risk management training was provided to senior managers and appropriate Members with risk management responsibilities by an external training organisation, The Risk Factor.
  • Other specialist training was provided to varying audiences during the year on risk management relating to Insurance, Health and Safety workplace inspections, and the Institute of Occupational Health and Safety.
  • Three risk management newsletters have been issued to members and staff during the year.
  • A plan for risk management training and awareness raising is being developed for 2006-07.
Magique
11. Magique is the risk management system used to record and evaluate risk and controls within an organisation. It also allows the tracking of actions and events as well as linking into Galileo, the audit management system. A summary of the work carried out in the last year is highlighted in Appendix 4 to this report.
Contact with External Bodies
12. Relationships have been established or maintained with a number of external bodies, and this is summarized in Appendix 5 to this report.

Assessment of Performance over the year 2005-06
13. In it’s risk management strategy and policy, the Council recognises the benefits that can be derived from having an effective risk management process in place. The Corporate Risk Management Group is currently working on developing internal risk management performance indicators, which will be measured to confirm the continuous improvements in managing risk. When these performance indicators have been developed, they will be submitted to the CMT and Cabinet for approval.
14. There have been a number of achievements during the year.
  • In the Comprehensive Performance Assessment review in 2006, it was concluded that the Council has robust risk identification procedures in place at service and corporate levels, and issues concerning risk management are reported to the Cabinet.
  • The Corporate Risk Manager has incorporated partnership related risks in the risk management process; reports quarterly to the Overview and Scrutiny Corporate Sub-committee; and is developing an annual risk management training plan for staff and Members. These positively respond to areas identified for improvement following the Comprehensive Performance Assessment review in 2006.
  • For 2006-07, the Council’s insurance premiums and excesses have reduced. In part, this was a result of demonstrating the improved risk management culture to Marsh, our risk and insurance advisers, who were able to use this positively in their negotiations with the Insurance providers.
  • Major projects have been risk assessed, such as Building Schools for the Future, where an initial assessment enabled us to identify risks prior to Gateway Zero review, and demonstrate that we had plans to address them.
Recommendation

The Corporate Scrutiny Sub-Committee Members are requested to note this report.
Contact: David Marshall, Corporate Risk Manager Tel: 0191 3835726
on behalf of the Corporate Risk Management Group


Appendix 1: Implications


Finance

Addressing risk appropriately reduces the risk of financial loss.

Staffing
Staff training needs being identified, and will be addressed in the 2006-07 training plan.

Equality and Diversity
Addressing risk appropriately reduces the risk of failing to achieve the 5 levels of the Equality Standard for Local Government, which the Council has set out as a target to achieve.

Accommodation

None

Crime and disorder
None

Sustainability
None
Human rights
None
Localities and Rurality
Managing the risk surrounding the Local Area Agreement will positively impact localities through better service delivery.
Young people
Managing the risks surrounding Children and Young Peoples Service will improve the quality of service delivery.
Consultation
None
Health

Appendix 2: Status of Key Service Risks - Summary


The following is a summary of the most critical risks for each Service. These are based on an assessment by the Service of the impact and likelihood of the risk occurring with existing controls in place.

In this report, risks are still reported under the Cultural Services, Education Service and Social Care and Health categories. In future reports, the risks for these will be incorporated under Children and Young Peoples Services and Adult and Community Services. Clearly, a major risk for these services is the transition from the existing Service structure to the new Service structure.

Although Customer Services is a division of the Chief Executive’s Office, it has been highlighted separately below due to the dependency on it by the Council.

Chief Executives Office

The major risks facing this Service are the potential reduction over the next two years of external funding which is used to fund Social and Economic Regeneration Projects in County Durham, and a failure to implement effective partnership arrangements, such as the County Durham Strategic Partnership and the County Durham Economic Partnership. Other key risks include failure to implement the Community Engagement and Consultation Action Plan, and failure to engage with ‘Hard to Reach’ groups.


Customer Services

The major risks facing this Division are potential major interruptions to service delivery caused by IT systems failure, and the proposed relocation of the data centre out of County Hall. Another major risk for the Division surrounds the working relationship with any third party IT provider under the Building Schools for the Future Programme.

Corporate Services

The major risks facing this Service are legislative changes and managing the built estate. Other major risks are staff-related, such as the failure to undertake recruitment checks, and the inability to attract and retain skilled staff in specific areas.

Cultural Services

Education

The major risks facing this Service are failure to meet targets in Key Stage 3 and Key Stage 4 attainment and staying on into post-16 structured learning, and a deterioration in judgements in the next Inspection of the LEA / Annual Performance Assessment / Joint Area Review. Other major risks include Schools opting to become foundation or trust schools, and therefore leading to an un-coordinated approach to school admissions and school improvement, and the increasing likelihood that the quality of school buildings will deteriorate at a faster rate than the Council can afford to maintain them. These are linked to the ongoing Building Schools for the Future programme, and the Durham Johnston School project. Failure to promote access to and expansion of service delivery, such as in vocational education, is also considered a key risk.


Environment

The major risks facing this Service are those surrounding the Waste Management contract. Other significant risks are planning enforcement procedures not being procedurally correct, non-achievement of some best value indicators and LTP1 targets, the collapse of a lighting column, and failure to deliver the environmental improvements identified in the Urban and Rural Renaissance Initiative.

Social Care and Health

The major risks facing this Service are insufficient funding to meet the demand for eligible Adult services, and the risks of managing the various changes, such as ‘Managing the Future’, and the change in role and size of the internal provider of Learning Disability, Older People and Physical Disability and Sensory Impairment services. Other major risks focus on a reduction in funding for ‘Supporting People’, failure to deliver the Local Area Agreement target for direct payments, and a reduction in levels of PCT community care funding increasing demand for local authority funded care.

Service Direct

The major risk facing this Service is the proposed relocation to the Meadowfield site. Other key risks include reduced core workload, uneven workflow patterns, and the risks associated with maintaining profit levels and reserve fund.

Treasurers

The major risks facing this Service are failure to deliver final accounts within the statutory date and failure to set a robust budget to manage the Authority’s finances. Other major risks are not delivering the anticipated benefits of Dual Responsibility relationships, not implementing new financial systems by 2008 and failure to achieve the necessary CPA ‘Use of Resources’ Key Lines of Enquiry scores to retain the current four star status.

Appendix 3: Planned Deliverables for coming year April 2006 - March 2007


1. The Efficiency and Improvement Steering Group (EISG) is currently developing an approach for managing projects which will be applied corporate-wide. This approach will include the management of risks associated with a project, and we will be working with EISG on this.
2. The Corporate Risk Management Group have been working closely with the Corporate Policy Unit on linking risk management with performance management, and the Corporate Policy Officer responsible for performance measurement already attends the Corporate Risk Management Group. This work will continue, to enable further integration including the links between the Magique risk management software and the Performance Plus software.
3. The Corporate Risk Management Group will be reviewing the risk management strategy and policy, and the criteria used to assess risks, to ensure they continue to be appropriate for the Council.
4. A manual to guide staff in evaluating and managing risk, which is currently in draft, will be finalised. This will be used as the basis for future staff training on risk management.
5. The plan for risk management training and awareness in 2006-07 will be implemented.
6. A process for including appropriate risk management responsibilities in the job descriptions and competencies of all staff will be developed during the year, and form part of our ongoing review of risk management roles and responsibilities in the Council.

Appendix 4: Magique - Summary of key activities


1. The systems infrastructure has been created to allow risks and controls to be linked to the relevant corporate aim and objective, Service, Business Unit and risk owner.
2. Details of the risks and controls agreed at Service level have been entered to create the Service Risk Registers.
3. Work is ongoing with staff from the Corporate Policy Unit of the Chief Executive’s Office to link Magique to Performance Plus, the Performance Management system.
4. Work is underway to review the capabilities of Magique and to develop a strategy for aligning these to the Council’s risk management approach.
5. A demonstration of the Magique risk management software was provided in August to risk management staff from South Tyneside Council.

Appendix 5: Contacts with External Bodies


Relationships have been established or maintained with the following external bodies:

1. Durham Police, who have been developing their own risk management arrangements. The Corporate Risk Manager continues to provide advice and assistance as required, such as attending sessions with senior managers in the Constabulary to develop and agree a Strategic Risk Register.
2. The Corporate Risk Manager represents the Authority at quarterly seminars of the Association of Local Authority Risk Managers (ALARM), to build networks with other public sector risk managers, and to raise the Council’s profile.
3. The Corporate Risk Manager also meets on a quarterly basis with risk managers from the seven District Councils in the County Durham area, again to build links and share ideas on local risk-related issues.


The major risks currently facing the Service include staff retention, an ageing building stock, escalating costs and commitments, against a finite budget, in areas including recruitment, energy and fuel for buildings and vehicles, and sustaining public access to an IT infrastructure of over 300 machines. Working arrangements and anti social behaviour in some communities continue to present a high risk, in respect of personal safety and vandalism. Managing the risk surrounding the major partnerships with Healthcare providers will positively impact citizens through better service delivery


Attachments


 05-06 - Annual Report - O+S Corporate Sub-Committee 2.pdf;
 05-06 - Annual Report - O&S - covering report.pdf