EQUALITY COMMISSION FOR NORTHERN IRELAND. November 2011 REVIEW OF CORPORATE RISK REGISTER AND RISK MANAGEMENT UPDATE

Transcription

1 EQUALITY COMMISSION FOR NORTHERN IRELAND November 2011 REVIEW OF CORPORATE RISK REGISTER AND RISK MANAGEMENT UPDATE Purpose To update Commissioners on changes to the Corporate Risk Register and progress on developing risk management across the Commission. Background Since June 2006, the Corporate Risk Register has been presented at each Audit and Risk Committee (ARC) meeting and in August 2007 it was agreed that it would be presented to the full Commission twice-yearly, usually in May and November. Risk is a standing item on the Management Board agenda and considered formally on a monthly basis. The Corporate Risk Register is updated on an ongoing basis. The present Register was reviewed by the Management Board recently. It will be reviewed again by the Audit and Risk Committee at its next meeting in February and at the May 2012 Commission meeting. Due to the continuing impact of budget reductions and the potential for reputational risk arising from ongoing political and press focus on ALBs the ratings for CR1 and CR 5 continue to be high. 1

2 As a result of the steady progress being made in business improvement and financial and other control, the rating for CR4 has been further decreased. The most significant risk relates to the delivery of our business plans and objectives resulting from the continuing likelihood and potential impact of further budget cuts across the public sector. The Risk Register summarises the key steps being taken to mitigate this and other risks. Following publication of new NIAO guidance on risk management, we have made some amendments to the wording and colour coding of the risk map and risk ratings. Following completion of the current corporate planning process, a more fundamental review of the Commission s overall approach to addressing risk will be undertaken. Decision / Action To consider and approve the updated Corporate Risk Register. Keith Brown Head of Corporate Services November

3 Equality Commission for Northern Ireland EC/11/9/7 Corporate Risk Register November

4 Key Corporate Risks to Commission s ability to deliver corporate objectives CR1 Impact of reductions in funding CR2 Weaknesses in business planning, budgeting and performance management CR3 Threat to business continuity CR4 Failure to ensure and maintain effective financial and other control environment CR5 Failure to effectively demonstrate impact and relevance to key stakeholders and wider community 4

5 Introduction The purpose of the Commission s Corporate Risk Register is to identify and evaluate the key risks threatening the achievement of our corporate objectives. Each risk has been assessed for its severity to the Commission and for the effectiveness of the controls currently operating. This risk assessment has been undertaken using: the impact that the risk would have on the Commission s objectives should it occur; and the likelihood of the risk materialising. Each risk has then been placed on a risk map to show their relative positions. Further analysis for each risk is detailed including the controls currently in place to mitigate the risk, with assignment of responsibility and ownership. 5

6 Rating Scale EC/11/9/7 Risk Likelihood Ratings Probability Description Risk rating Very Low Rare Occurrence (> 10%) 1 Low Unlikely but not impossible to occur (11-30%) 2 Medium Possible (30%) 3 High Likely to happen/probable (60-84%) 4 Very High Almost certain to occur (85%+) 5 Risk Impact Ratings Impact Description Risk Rating Very Low Insignificant 1 Low Medium High Minor consequences - delay, inconvenience or interruption. Short term effect. Moderate consequences -significant waste of time and resources. Medium term effect which may be difficult or expensive to recover. Major consequences - impact on costs, objectives and /or reputation. Medium to long term effect and difficult or expensive to recover. Very High Catastrophic consequences

7 Key Corporate Risks EC/11/9/7 Impact Likelihood Insignificant Minor Moderate Major Catastrophic Very High (85%+) High (60-84%) Medium (30%) Low (11-30%) Very Low (> 10%) CR3 CR2 CR4 CR1 CR5 7

8 Corporate Risk Summary EC/11/9/7 Key Corporate Risk Current Risk Rating and Target Comment Impact L hood Overall (IxL) Target CR1 Impact of reductions in funding Risk rating remains high due to continuing wider financial and administrative uncertainty. Mitigation of impact ongoing. CR2 Weaknesses in business planning, budgeting and performance management Risk rating maintained pending outcome of current corporate planning process. CR3 Threat to business continuity Risk rating maintained due to ongoing moves to a single location. CR4 Failure to ensure and maintain effective financial and other control environment Risk rating further reduced following continued progress in audit and external accreditation outcomes. 8

9 CR5 Failure to effectively demonstrate impact and relevance to key stakeholders and wider community Risk rating maintained in the context of likelihood of continuing focus during review of Arms Length Bodies. 9

10 CR1 Impact of reductions in funding Risk Rating Leading to: Impact L hood Overall ( IxL ) Target (3x4) Failure to deliver statutory remit and business objectives. Failure to attract sufficient funds to fund future business plans and key projects. Shortage of staff skills through failure to recruit, retain and develop high quality staff with appropriate skills and competencies Status Impact rating unchanged to reflect continuing uncertainty over future financing position. Control Action Risk Owner Review / Completion Date Progress Engagement with OFMDFM on budget plans for and proposals for delivery of efficiency savings Chief Executive Evelyn Collins Ongoing Budget forecasts for 2011/ /15 have been prepared and plans are in place to control salaries costs, reduce premises costs, continue to control other overheads and maximise the amount that can be made available to support operational programmes. Further feedback from OFMdFM is being pursued. 10

11 Contingency of 220k made for potential severance/retirement costs in 2011/12. Discussions with OFMdFM and other ALBs, aimed at vacancy management, reducing premises costs and increasing shared services are ongoing. Await outcome of OFMdFM business case for relocating bodies on a shared site. Older Persons Advocate and NICCY now located in Equality House. OFMdFM have confirmed 3% efficiency savings requirements for 2011/12 and 2012/13. Further discussion of position post 2013 to take place. Maintain confidence of Sponsoring Department Evelyn Collins Ongoing Effective stewardship of public funds, and value for money being demonstrated. Confidence of Sponsoring Department remains high. Minimise shortage of staff skills through retaining and developing high quality staff with appropriate skills and competencies Keith Brown Ongoing Planned staff reductions will continue to be supported by assessment of business needs. Focus on cost effective learning and development strategy is being maintained. 11

12 CR2 Failure to effectively business plan, budget and manage performance Leading to: Impact L hood Risk Rating Overall ( IxL ) Target (3x2) Weaknesses in objective setting and financial profiling and in management and reward of employee performance. inefficiency, ineffective delivery, poor customer service and high customer dissatisfaction and complaint Status Progress continues to be made. Risk rating maintained until outcomes of current corporate and planning processes achieved. Control Action Risk Owner Review / Completion Date Progress Clear timetables and processes for Business Planning in place. CEO Keith Brown January /12 Business Plan and monitoring arrangements in place. Next quarterly report to be presented to the Commission in January. 2012/15 Corporate Planning process, ongoing. Internal Audit of Business Planning processes completed and Satisfactory assurance provided. Some improvements have been made to business planning processes in light of recommendations. 12

13 Time Recording and Activity based costing Keith Brown January 2012 Electronic attendance recording system has been rolled out across Commission and being reviewed following user tested. Progress on Activity Based Costing system limited due to impact of audit preparations at start of year and involvement of IT staff in major change process resulting from relocation of Commission staff and ALBs. Improvements to arrangements for reward and recognition and better regulation of staff performance and conduct Keith Brown February 2012 Internal audit of Commission s Performance Management processes completed. Satisfactory assurance provided. New appraisal scheme reviewed. Progress on further amendment delayed until relocation process complete and additional staff redeployed to Business Improvement team in line with Organisational Review recommendations. Review of Staff Code of Conduct still to be completed. 13

14 CR3 Threat to business continuity Risk Rating Leading to: Impact L hood Overall ( IxL ) Target (2x2) Failure to take adequate action or plan contingencies to cope with potential threats to business continuity. Leading to unnecessarily prolonged disruption to service delivery and high customer dissatisfaction and Complaint Status Risk level maintained pending development of new arrangements and review and testing following possible relocation of additional organisations to Equality House. Control Action Risk Owner Review / Completion Date Progress Up to date and fit for purpose Business Continuity Plan in place Head of Corporate Services Keith Brown November 2011 Work on new ICT continuity and disaster recovery arrangements ongoing in context of relocations to Equality House. 14

15 CR4 Failure to ensure and maintain effective financial and other control environment Risk Rating Leading to: Impact L hood Overall ( IxL ) Target Increased risk of over/under spending, poor value for money and low levels of assurance from internal and external audit. Loss of confidence of key stakeholders. Failure to comply with legislative obligations placed on the Commission as a public sector employer and service provider Leading to increased risk of damaging litigation. Status Risk rating further reduced. The Commission s general control environment has seen significant improvement over past few years and this has been reinforced by satisfactory internal audit assurance reports and external accreditation reports. 15

16 Control Action Risk Owner Review / Completion Date Progress Effective internal and external audit programmes and evidence of remedial action being taken where recommended. CEO Keith Brown April 2012 Positive outcome reported in 2010/11 Report to those Charged with Governance. Satisfactory assurance obtained from 2010/11 internal audit annual report. Internal Audit Programme for 2011/12 well underway and mixture of Substantial and Satisfactory assurances being provided. A high standard of financial planning and control Keith Brown July 2012 Satisfactory Assurance provided by Internal Audit reviews of Purchasing and Procurement, Financial Reporting and Budgetary Control, Fixed Asset Management, Gifts and Hospitality, Travel and Subsistence. Substantial Assurance for Payroll. Risk Management Heads of Division January 2012 Corporate Risk Register up to date. Regular Stewardship reporting. Overall review of approach to risk management to be undertaken during 2011/12. Ensure effective control of legal complaints budget.. Eileen Lavery January 2012 Strategic Enforcement Policy in place and implemented by staff and Legal Funding Committees. Finance reporting to full Commission and OFMdFM on quarterly basis. Monitoring of 2011/12 casework allocation ongoing. 16

17 Data Protection and data security Keith Brown Ongoing Data Protection, Records Management and Freedom of Information arrangements reviewed and updated. Programme of staff refresher training undertaken. DFP sponsored selfassessment review of Data Protection completed. 17

18 CR5 Failure to effectively demonstrate impact and relevance to key stakeholders and wider community Risk Rating Leading to: Impact L hood Overall ( IxL ) Target (3x3) Inadequate profile for the Commission and its work, leading to lack of awareness or confusion about Commission s role and work, perceptions of weak performance and reputational damage Status Risk rating maintained, in context of current environment of political and administrative uncertainty. Control Action Risk Owner Review / Completion Date Progress Development of new more impact focused Corporate Plan CEO Evelyn Collins February 2012 Corporate planning process ongoing. Consideration being given to key messages 18

19 Development and implementation of effective communications and stakeholder management strategies in support of corporate objectives. Strategy to have particular focus on communications: - with politicians - on value for money and our effectiveness Libby Kinney Ongoing Programme of engagement with new MLAs and political advisors to be planned and delivered during 2011/13. Business Plan and communications outcomes monitored to ensure continuing alignment and regularly reported to Commission and Management Board. Action to address going gap between legislative framework in Northern Ireland and rest of United Kingdom Eileen Lavery February 2012 Response being considered in context of corporate planning discussions. Programmes and projects to be better coordinated with corporate communications structures and objectives Heads of Division Ongoing New internal and external communications structures to be implemented following restructuring of Communications and Promotions work. Improvement in composition of applicants and workforce and evidence of progress in delivering affirmative action plan objectives. Keith Brown April 2012 No recruitment took place during 2010/11, nor is any external recruitment currently planned for 2011/12. Report on progress against Action Plan objectives presented at October Commission meeting. A number of work experience placements have been delivered. 19

20 Maintain confidence of staff Keith Brown Ongoing Provide open and transparent information on financial position and action to address it to staff and trade union side through use of: - monthly core brief - monthly wider leadership group - updates on intranet - face to face all staff briefings - JCNC and other informal communications with trade union side 20