1.2 The Audit and Risk Committee last reviewed the register on 10 th July 2017.

Transcription

1 Subject: CORPORATE RISK REGISTER Report to: Audit and Risk Committee 11 th December 2017 Report by: Corporate Risk Officer SUBJECT MATTER/RECOMMENDATIONS This report asks the Audit and Risk Committee to review the Corporate Risk Register to determine whether the register correctly reflect the risks affecting the Authority 1. INTRODUCTION / BACKGROUND 1.1 The Audit and Risk Committee is responsible for monitoring the arrangements in place for the identification, monitoring and management of strategic and operational risk. 1.2 The Audit and Risk Committee last reviewed the register on 10 th July This report informs the Audit and Risk Committee of the current corporate risk position. 2. MAIN BODY 2.1 The Corporate Risk Register was last reviewed by Departmental Management Team on 21 st August 2017 and Executive Management Team on 20 th vember Three risks have been removed as they no longer considered a risk due to current processes and procedures that are in place to mitigate against the risk: Some areas of the Council averse to change Partnership working Investments n compliance with legislation / contractual obligations 2.3 One new risk have been added, Risk 8 Building design and fire protection system to prevent or limit the spread of fire which has a risk rating of 20 Very High. 1 of 3

2 2.4 There are currently 22 risks included on the Corporate Risk Register. Action plans are in place to reduce the current score to an acceptable level with the exception of two risks that have a risk rating of High, no further action will be taken to reduce the risk. RISK SCORING MATRIX IMPACT OF RISK Reduction in financial resources 2 Reduced spending in Great Yarmouth LIKELIHOOD OF RISK Change Management 21 Sufficient resources and resilience to ensure effective Contract Management 19 - Infrastructure not being able to meet demand 20-5 year Local Plan and timescale Local Plan can be delivered 21 Sufficient resources and resilience to ensure effective procurement 5 - Local/National Economy 6 - Introduction of General Data Protection Regulations (GDPR ) 7 - Event Management 10 - Business Continuity 11 Project Management 12 Reliance on key individuals and capacity of teams 13 - Government policies 14 - Information Security 15 - Delivery of long term strategic objectives 16 - Business improvement in the major leisure facilities under delivers 17 - Lack of community cohesion / community tensions 18 - Data quality 3 - Flooding 4 - Flood and coastal Defence 8 Building design and Fire prevention system to prevent or limit the spread of fire 9 - Lease Expiry dilapidation claim 1 Corporate Risk Appetite Likelihood 5 Very Likely, 4 Likely, 3 Fairly Likely, 2 Unlikely, 1 Very unlikely Impact 5 Severe, 4 Significant, 3 Moderate, 2 Minor, 1 Negligible 2.5 The Corporate Risk Officer will present the Corporate Risk Register after its next review by the Executive Management Team in six months. 2 of 3

3 3. FINANCIAL IMPLCATIONS 3.1 See attached Corporate Risk Register. 4. RISK IMPLICATIONS 4.1 See attached Corporate Risk Register. 5. CONCLUSIONS 5.1 The Corporate Risk register currently reflects the risks affecting the Authority and where applicable action plans have been put in place to reduce the current scores and risk affecting the Authority. 6. RECOMMENDATIONS: This report asks the Audit and Risk Committee to review the Corporate Risk Register to determine whether the register correctly reflect the risks affecting the Authority Areas of consideration: e.g. does this report raise any of the following issues and if so how have these been considered/mitigated against? Area for consideration Monitoring Officer Consultation: Section 151 Officer Consultation: Existing Council Policies: Financial Implications: Legal Implications (including human rights): Risk Implications: Equality Issues/EQIA assessment: Crime & Disorder: Every Child Matters: Comment See attached Corporate Risk Register See attached Corporate Risk Register See attached Corporate Risk Register 3 of 3

4 Corporate Risk Register Last Review Review Date Review By ELT Aug-17 v-17 Impact and Likelihood Matrix Explanation Risks are rated by two factors: IMPACT - the impact to the business of the identified risk should it be realised LIKELIHOOD - the likelihood that a risk will become a business issue Current Score Target Score Risk Vulnerability Trigger Consequence Mitigation Likelihood Impact Risk Rating Risk Description Likelihood Impact Risk Rating Risk Description Action Plan / Progress Update Responsible Officer Due Date Link to Strategic Priority Date Last Updated 1 Reduction in financial resources Major unplanned financial liability Unfunded activity Medium Term Financial Strategy Very High High Digital Council ELT Jun-18 Economic v-17 Loss of external funding Changes to existing income streams Business Strategy Service Reviews Significant reduction in Central Government funding Reduced income from Joint Ventures Reduced income from recycling credits Resources diverted from services have to be reduced Inability to deliver strategic objective Monitoring and scrutiny of all JV operations Working with Partners to maintain arrangements Flexible Working Four year financial settlement Member workshops as part of budget preparations Members budget prioritisation session in January Review of signiifcant contracts 2 Reduced spending in Great Yarmouth Reduction in spending / budget decisions of partner organisations Unfunded activity Working with partners to redesign and streamline service delivery / share resources Very High High Develop Locality Board to plan partnership delivery ELT Ongoing Economic v-17 Consultation around spending reduction Housing related support cuts Devolution Resources diverted from services have to be reduced / withdrawn Working together to build capacity of communities Understanding and responding to proposals Working through LEP Inability to deliver strategic objectives Neighbours that work project Increased demand placed on borough council services Unmet demand 3 Flooding Flood event Disruption of commercial activity Emergency plan Very High High Health and safety issues Business Continuity Plan Failure of flood barriers Inability to deliver services Surface Water Management Plan Communities Partnerships Boards Environment Private sector engagement Appropriate planning policies Local Plan Environment Agency investment plan in place & some funding committed Local surface water flood mitigation schemes under consultation Environmental Ongoing Communities v-17 Economic

5 Surface water flooding Flood defence infrastructure bid submissions to the HCA & NALEP (Homes and Communities Agency & New Anglia Local Enterprise Partnership) 4 Flood and coastal Defence Failure of flood and costal defences Impact on economy and increased business development for the Borough Reducing economic potential for the area Working with businesses to improve awareness Long term plan to review, repair and renew flood defences Very High High Trial of defence refurbishment underway to reduce overall cost Environment Agency investment plan in place and funding committed Environmental Ongoing Economic 21/08/2017 Sea Level Rise Impact on infrastructure across the borough Working with communities to develop options for mitigation Economic study of borough to identify growth with defences renewed Health and Safety Tidal Defences Business Partnership established Investigation of new and innovative models for partnership funding Extending the length of river frontage for which the Council have Loss of property responsibility current proposal of de-maining by the Environment Agency Loss of environmental asset Lack of resources to fund maintenance on watercourses transferred from EA control Tidal Defences Business Partnership Business Case developed Council are part of Coastal partnership East (CPE) improving resilence Review of coastal management Winterton to Great Yarmouth Indepth review of transferred watercourses to enable planning 5 Local/National Economy Downturn in national / local economy Increased workload for Council staff (Benefits/ Economic development) Strong local economy High High Working with funding bodies to mitigate against impact of downturn eg Working Neighbourhoods Fund CEO 31/03/2017 Economic 31/03/2017 Issue of Welfare Reform National Policy - changes on benefit Brexit Increase in bad debts Corporate planning Wind Energy Offer Major projects put on hold Monitoring basket of key indicators Downturn in housing market Communications Strategy Inability to meet requirements of capital programme Work with LEP to secure inward investment Collaborate with DWP to monitor impact and develop improved ways of working to benefit customers Uncertainty lead to a downturn in economy 6 Introduction of General Data Protection Regulations (GDPR) Becomes law on 25 May 2018 Compliance must be published by the live date, all dealings with our clients must follow the new regulations from the live date Publication of new data protection policy High Medium Training for Information Manager Information Manager / Head of Customer 25/05/ /08/2017 n compliance with regulations and security breaches Fines and costs Staff training Briefing for Group Managers Insurance claims Cash Management provider fully compliant Briefing for staff Implementation of chip and pin Business Case Completion Self Assessment Questionnaire 7 Event Management - for large scale events held Failure of event / duty of in the borough by a third care party Cancellation / suspension of event ESAG High Medium Reviewing approach to supporting events and event management Community Development & Regeneration v-17 Major incident Reputational damage / bad publicity Event Management Plan Member & Officer Groups

6 Involvement / consultation of key officers 8 9 Building design and fire protection system to prevent or limit the spread of fire Lease Expiry dilapidation claim 10 Business Continuity Industrial explosion and Major fire Expiry of lease Loss of facilities (flooding, fire etc) Engagement of stakeholders SLA Insurance claims Fire risk assessments High Corporate manslaughter Increased insurance premiums Loss of life Loss of assets Financial burden on Council Service delivery impaired Identification of high rise property within the borough and review of fire prevention Review of new development design and fire prevention Inspections / Risk Assessments Business continuity recently tested High High Dilapidation claim High Medium Ongoing monitoring Further investigation into mitigation & Planning Business Continuity Plans reviewed regularly Property & Asset Management Property & Asset Management Customer & Environmental 21/08/2017 Ongoing Economic Feb-17 Ongoing Delivering the Plan v-17 Loss of IT systems Inability to pay creditors/benefits Business Impact Assessments Major plan review underway including programme of training, supporting services during review and testing readiness Loss of staff (pandemic, fuel strike, industrial action etc) Relocation of services Business continuity plans Insurance Additional resource from NCC Identification of suitable evacuation zone Ensuring action plan is complete and in place 2 additional days from NCC for 6 months from 1st Jan Project Management Failure of project or event Cancellation / suspension of project 12 Reliance on key individuals and capacity of teams Departure of key individual Reputational damage / bad publicity Skills lost Involvement / consultation of key officers Medium Medium Development of Share Point Recruitment of Project and Programme Manager Risk Register Business case BC Plan for single points of failure High Medium Seeking to recruit 2 Project Managers on a 2 year contract To review resources against corporate objectives Project & Programme Manager Ongoing v-17 CEO Ongoing v-17 Negative impact on capacity of other staff Organisational Development Plan Support for Apprenticeships / career grade opportunities Difficulty of recruitment Lack of delivery of service objectives Personal reviews Buying in of consultancy/temporary staff Succession Planning To review recruitment of Health & Safey Post Skills shortage Lack of resource to deliver Health & Safety Failure to comply with Health & Safety legislation and corporate approach not consistenetly applied Fines and costs Business Strategy OD programme New sharing and partnership arrangements for health and safety, emergency planning and coastal management to improve resilience in these key areas Policies updated on a priority basis Discussions regarding increasing Health and Safety hours provided by NCC

7 13 Government policies Insufficient focus of organisation on bigger picture Loss of funding Business Strategy High Medium Political influence & officer engagement in response to national networks CEO Ongoing Economic Aug-17 Insufficient preparation for policy changes/ new responsibilities Resourcing in budget to provide for officer resource 14 Information Security Good management, protection of information DWP refuse to correspond with GYBC electronically Loss of capability to handle Housing Benefits and other issues Information Security manager in post High Medium Review and update of the security policies by the Information Security Manager and the ICT Manager Customer 31 st March 2017 Sep-16 Number of cases of lost information by public and private bodies Information lost/mislaid therefore loss of reputation and potential legal claim Passed initial assessment and go live Internal data sharing processes in place annually reviewed for users able to access data on systems holding DWP/Customer information Need to attain criteria set by government to retain information flow with DWP (Department Works Pensions) Realisation that information includes paper, people and computer PSN compliant Annual Review 15 Delivery of long term strategic objectives Council focuses on the issues of the day rather Short term thinking Medium Term Financial Strategy High Medium than a vision for the future Action plan developed to monitor progress ELT 31/12/2016 Economic Sep-16 Difficulty in taking hard decisions Service Planning Environment Lack of political direction for strategic objectives n delivery of strategic objectives Corporate plan Social Enterprise Zone Working Party Local Plan Core Strategy adopted Investment Business Strategy 16 Business improvement in the major leisure facilities under delivers Internal Audit Report on Governance Appropriate mitigating management action not taken to address concerns Lease documenting high level roles & responsibilities High Medium Business plan developed for Phoenix Pool and in development for Marina Community Development & Regeneration 31/12/2016 Sep-16 Risk Register Operator does not perform in line with new business plans Regular meetings held by Board of Trustees, stakeholder groups and regular users Business Plan Business Continuity Plan Monthly Management Accounts ¼ performance reports to relevant service committee Risk Management Strategy, Policy & Procedure Complaints process New 15 year contract in place Robust Governance arrangements written into documentation Monthly GYBC/Trust management meetings

8 Quarterly meetings of GYBC/Trust Programme Board for redevelopment in place Contract with Development Partner 17 Lack of community cohesion / community tensions Social changes / immigration / increase in unemployment Increased reliance on benefits Reviews of and better alignment of front-line services to ensure residents get the help and support they need High Lie outside risk appetite but no further action to reduce risk based on current demand, incidents of hate crime and community intelligence Community Development & Regeneration May-17 Increased homelessness Neighbourhood Managers in priority neighbourhoods involving residents and helping to find solutions and diffuse tensions Pressure on welfare services Support for those with multiple and complex needs commissioned through the Neighbourhoods that work programme Issues with equality of access to services Targeted work with the police and other partners to address new and emerging issues relating to housing enforcement, domestic abuse, community tensions and ASB 18 Data quality 19 Infrastructure not being able to meet demand Records not maintained accurately or securely Increased crime rates and an increase in hate crime Inaccurate data used for decision making IT security procedures High Data not held securely Data management Data quality action plan IT security policy Accepted by DWP computer security (PSN) Annual renewal Lie outside risk appetite but no further action to reduce risk New development (commercial and housing) Increased traffic congestion Local Plan / Infrastructure Plan Medium Medium Local Plan Core Strategy adopted Lack of services (education/health/social) Ongoing engagement with partner organisations for funding eg New Anglia LEP, Highways England, Clinical Commissioning Group, Anglian Water, Environment Agency, rfolk CC etc Stalling of further investment Work with New Anglia LEP to secure inward investment Commitment from partner agencies (partnership working and financial commitment) 98 million secured from DfT for the Great Yarmouth Third River Crossing Customer Planning & Growth / CEO May-17 Ongoing Economic v-17 People Communities 9million NALEP Sustainable Transport package Major trunk road junction improvement funding secured (A47) Successful 4.7million Pinchpoint bid for A47/A143 link road (opened Dec2015) GY Transport & Infrastructure Steering Group established A47 Alliance, rfolk Rail Group and other partnerships attended

9 New NCC traffic modelling to inform Local Plan Part Year Housing Land Supply and timescale Local Plan can be delivered Inability to complete Local Plan process due to lack of financial/professional staff resource and involvement in other corporate projects Failure to adopt new statutory planning policy guidance to inform planning applications and Development Control Committee Additional resource in terms of professional input and/or creation of Projects Team Medium Medium Financing budget reviewed Planning & Growth Ongoing Economic v-17 Susceptible to unplanned housing development Resources professional planners being recruited but not successful at all levels Environment Re-appraise recruitment offer Social Re-assessment of deliverability and timescale Performance Involvement in EELGA Resourcing in Planning project 21 Sufficient resources and resilience to ensure effective procurement and contract management Corporate procurement approach not consistently adopted Benefits of procurement strategy not realised Corporate Policy Statement adopted Medium Medium Resources & support provision for procurement to be brought forward Finance Director Ongoing v-17 Efficiency savings not made or contract fail Procured service not value for money Procured service is poor Engagement of Procurement Specialist and Procurement about the overall approach of Monitoring Officer and legal support for contracts Working Group Discussions with NP Law Review of Standing Orders Procurement Strategy Staff training ER-procurement system live Procurement targets built into the MTFS & new strand of work Failure to managed contract performance and corporate approach not consistently adopted Breach of EU legislation Staff training and guidance on Intranet High Medium Identification and role out of dedicated contract management roles in services / lead service areas Finance Director Ongoing v-17 Increase budgets Consistent management and publication of Contract Register Training of dedicated contract management roles and development of guidance on Intranet Contract disputes Fines and costs Contract Management Strategy and standing orders Performamce monitoring and reporting to ensure good service quality and better value for money Staff consultation VfM Confidence assessments Appropriate governance principels and risk management in place - Risk Register Dedicated contract management roles within services to improve accountability & capacity for managing major contracts Role of contract manager defined Ensure compliance with legislaton / regulains and Councils processes and procdures

10 22 Change Management Key changes managed ineffectively Service delivery is affected during implementation Staff resource needed to undertake review Business Strategy Medium Medium Application of a formal programme management framework Council fails to capitalise on opportunity Monitoring of project plan Continual review and monitoring assessing outcomes Training Corporate training & Development Strategic Director K Watts Review 31/12/16 Economic 21/08/2017 Targets not achieved Funding is missed Resources wasted POSSIBLE NEW CORPORATE RISK CORPORATE RISKS RECOMMENDED FOR REMOVAL Ongoing assessment of the project risks Organisation Development Departmental Managers Meetings Staff engagement programme