Meeting documents
Devon County Council - Committee Report
Code No: SC/15/13
Related Documents:
PDF Version Supplementary Information
SC/15/13
Audit Committee
30 June 2015
Report of the Corporate Risk Management Group
Report of the Head of Services for Communities
Recommendations
Audit Committee to consider the Corporate Risk Register
Audit Committee to note the future developments to the Corporate Risk Register
1. Summary
This report of the Corporate Risk Management Group provides an update on risk management practice in the Council.
2. Introduction
Corporate Risk Management Group reports to Audit Committee as necessary by exception to provide information on significant changes recorded on risk registers.
3. Risk Registers
Risks recorded in the Corporate Risk Register (CRR) are shown in appendix A of this report. There have been no changes to the risk status of any of these risks since the last Audit Committee meeting in March 2015.
4. Work to Update Strategic Risks
The response to the 2012-13 internal review of Risk Management arrangements established our current strategy, policy and governance infrastructure, which were agreed in October 2013. These remain fit for purpose.
Wider performance management arrangements are being updated to meet the requirements of Corporate Leadership Team (CLT) to present a clearer perspective across the "three lenses":- strategic; operational and community. Aligned to this our risk arrangements also need to develop in parallel.
The current Corporate Risk Register reflects an overwhelmingly operational/service perspective on key risks to the Council. They are risks which, in the view of the relevant Head of Service, present a significant threat to the wider organisation (generally as a result of financial or reputational impact). This is developed from good risk management arrangements across the Council, facilitated from the Corporate Risk Management Group's ongoing work.
CLT, in line with the Risk Management strategy, have two key roles in considering the Corporate Risk Register and its ongoing development.
Firstly, to consider the risks presented and whether the organisation is doing what it can to effectively manage and mitigate that risk. If this is happening effectively the Corporate Risk Register should be fluid to reflect ongoing risk identification, management and reduction. Secondly CLT should consider the register through its "strategic Lens" to ensure that it reflects priorities, emergent risks and projects across the Council as a whole.
Following review in May, CLT have commissioned work to assess and where appropriate add a number of key strategic risks.
5. What risks are important to other organisations?
Zurich Municipal's publication "New world of risk: change for good" shows the areas of risk that local government senior managers identify as most important.
| Changes in local government senior management team | Risk Ranking | |
|
| 2014 Local Govt leaders | 2010 all public sector leaders |
| Budget pressures* | 1 | 1 |
| Changes in government policy, legislation and regulation | 2 | 2 |
| Workforce (attracting and retaining the right skills, performance, reward package) | 3 | 5 |
| Business and organisational transformation (statement added in 2014 study - no comparison available) | 4 |
|
| Working with other organisations (for example supply chains, outsourcing and partnership working) | 5 | 6 |
| Reputation management | 6 | 3 |
| Social risk e.g. population changes, crime, antisocial behaviour | 7 | 7 |
| Data protection or security | 8 | 8 |
| Operational risk management including health & safety | 9 | 4 |
| Environmental challenges, e.g. extreme weather events, climate change | 10 | 9 |
Their "Risk and Response" publication identifies the following, along with major weather events, as major incident risks
Supply chain risks evolving from the increasing number of partnerships and outsourcing arrangements where commissioning local authorities have less control over service delivery and their suppliers' risk management and resilience strategies.
Financial crisis and the effects on leveraging and the adequacy of reserves which could compel the more vulnerable local authorities to make some unpalatable decisions on essential services cuts.
Data integrity failure, leading to the breach of data security, particularly around sensitive data, accompanied by financial penalties and significant reputational damage and loss resulting from technology 'downtime'.
Devon County Council continues to actively benchmark with local Risk leads, work which has been supported recently through Devon Audit Partnership. Members of the SW Risk Managers Group (public sector risk leads) have identified the following as the most significant risks:
| Finances / Budget Management | Safeguarding Children |
| Evidence base for decision making (including engagement) | Emergency Planning / Civil Contingencies / Weather response |
| Transformation programmes | Health, Safety and Wellbeing |
| Care Bill / Adult Social Care Budgets (Dilnott) / Better Care | Partnerships and Shared Services |
| Information governance | Business continuity |
In addition, the current Risk Register from the Devon and Cornwall Local Resilience Forum has been considered. Its five highest risks are identified as: Tsunami Wave/Seismic/Meteor impact; Flooding Major fluvial; Localised fluvial flooding (flash flooding); Influenza-Type Disease (Pandemic); Flooding: Major coastal/tidal
6. Risk to future capacity and opportunities.
Better Together and the Operating Model articulate key themes which demonstrate the Council's vision and future direction. CLT have commissioned further work to ensure the following emergent risks are articulated and assessed with a view to them being added to the Corporate Risk Register.
- Change Capacity - Reductions and how they are prioritised across DCC and with partners, limit capacity and skills to deliver required change and innovation resulting in poor outcome and failure to deliver Better Together and the Operating Model
- Prevention - Investment and delivery does not reduce demand and create behaviour change to keep pace with demographic change, citizen's needs and technological change required to make sustainable future models of delivery.
- Communities - Capacity and learning from communities is not realised resulting in missed opportunity, failure to meet local expectations and inability to deliver organisational objectives
- Digital - DCC does not have the capacity to keep pace with citizen behaviour and practice relating to accessing information and services resulting in inequality of access and engagement and failure to realise costs and efficiencies.
The Audit Committee will be able to see the outcomes from this extensive review at future meetings.
John Smith
Head of Services for Communities
Appendices
Appendix A: Corporate Risk Register Summary