BOROUGH OF POOLE
RESOURCES OVERVIEW GROUP
13th May 2004
PROGRESS UPDATE ON DEVELOPMENT OF A STRATEGY TO MANAGE BUSINESS RISK IN THE COUNCIL
The report will include a presentation from – Steve Howarth (AuditCommission)
1.Purpose & Policy Context of Report
1.1To update members on progress to developing a strategy to manage business risk in the Council.
2.Recommendations
2.1To support the proposed approach to developing a Risk Management strategy within the Council.
2.2To agree the timetable for development as set out in Appendix A.
3.Background
3.1Risk Management is not new and is not therefore another “Corporate Initiative” passed down on “high” to add more to the workload of service and operational managers. In reality, managing risk is something that strategic and operational managers in local authorities have been doing for centuries.
3.2The spectacular and well publicised business failures of the 1980’s in the private sector such as Maxwell Communications, BCCI and Polly Peck has led to requirements to improve the standards of governance in the private and public sector. Local Government has received guidance on the underlying principles of good governance (Accountability, Effectiveness, Inclusively, Openness and Up to date). These principles are reflected within different dimensions one of which is Risk Management and Internal Control.
3.3The 2004/2005 Financial Statements will require a Statement of Internal Control to be signed by the Chief Executive and Leader of the Council which provides assurances of Corporate Governance and will be largely based upon the Council’s embedded Risk Management Strategy.
3.4The challenge for all public sector organisations is to be in a position to demonstrate that there is a formal framework in place for managing risk.
3.5The problem with “informal and intuitive” risk management is that it often fails to identify all risks involved in particular projects or service areas.
3.6There are many definitions to Risk Management the following from SOLACE is one:
- Risk Management is the management of integrated or holistic business risk in a manner consistent with the virtues of economy, efficiency and effectiveness. In essence it is about making the most of opportunities (making the right decisions) and about achieving objectives once those decisions are made. This is achieved through:
- Controlling Risk
- Transferring Risk
- Living with Risks
3.7Risk management must be integrated. To be effective risk management must be integral to policy planning and operational management. It should not be a “bolt on”; It must be embedded into the culture of the organisation. It also needs to holistic, concerned with the whole range of business risks faced by the Council.
3.8This definition has influenced the development of the Council’s proposed Strategy for developing a formal framework towards Risk Management.
4.Development of a Risk Management Strategy
4.1The first step on the risk management “journey” for an organisation is to develop a strategy on how it will approach the introduction of risk management procedures and processes.
4.2The proposal is to develop the risk management strategy under the broad umbrella of the Council’s Corporate Strategy and Business Plan. This immediately connects Risk Management to the heart of the Council’s strategic and operational goals.
4.3The development of the Corporate Strategy and Business Plan developed by Members and Senior Management has identified the strategic objectives of the Council. The risks these objectives face are identified and actions are proposed to be in place to mitigate them through Major Step Projects and associated developments. In turn a risk assessment will be undertaken of each Major Step Project.
4.4To further develop the strategy it is intended to rollout to Service Units and operational managers a framework for inclusion within Business Plans in 2005/2006.
4.5Within 12 months the Council should have established a comprehensive and strategically led Risk Management framework, which will support the Council’s requirements as set out in Accounts and Audit Regulations 2003 for a Statement of Internal Control.
5.Timetable
5.1A detail timetable for development of the Risk Management Strategy is set out in Appendix A.
R L JACKSON
HEAD OF FINANCIAL SERVICES
Background Documents
- “A Sign Post To Success” – Developing a best Practice Strategy to manage business risk in public bodies – CiPFA
- Guidance on Internal Control and Risk Management in Principal Local Authorities and Other relevant bodies to support Compliance with the Accounts and Audit Regulations 2003 - CiPFA
- “Striving for Excellence” – A discussion paper for Council: 20th April 2004 on proposals for a Corporate Strategy and Business Plan for the Borough of Poole
Officer Contact
Bob Jackson, Head of Financial Services, 01202 633105
R & O-ProUpDtOnDev-13-May-04
29 APRIL 2004
Appendix A
TIMETABLE
Date
Strategic Risks
Corporate Plan 2004 – Links to Strategic Risks Assessment July 2004
Resources Overview Group
- Approve development of Risk Management Strategy May 13, 2004
(Supported by Steve Howarth – Audit Commission)
Resources Overview Group – Endorse Strategic Risk Appraisal July 2004
Operational Risks
Financial Services Pilot within 2004/05 Business Plan June 2004
Business Plans 2004/05
- Include Actions set out from Strategic Risk Assessment June 2004
A Guide to Risk Management Produced for
2005/2006 Business Plans September 2004
A programme of Training arranged for Managers September 2004
Rollout operational Risks within all 2005/06 Business Plans April 2005
Review of Risk Management Strategy – Scrutiny Committee June 5
Statement of Internal Control included within
2004/2005 Statement of Accounts June 2005