Contact: Peter Andrews, ext. 01962 847309, [email protected]

1. Summary

1.1. The aim of this report is to update Members on the County Council's programme for management of risk.

1.2. At its meeting on the 26 October, the Governance Committee asked that Officers present a report on the risks that the County Council faces at an early opportunity.

1.3. This report:

· Details the appointment of a Lead Member for risk

· Outlines the initial findings of the annual review of risk

· Compares major risks faced by Hampshire County Council with those of other County Councils

· Explores the principle of creating a register of the key corporate strategic risks that underpin the Corporate Business Plan

· Reviews the outcomes of the risk management strategy 2003-2006

· Outlines the approach that the County Council is taking towards risk with the introduction of the Corporate Risk Management Strategy and performance management framework for risk 2007-2010.


1.4. The County Council's risk management programme aims to deliver improvements to the capacity for the Council to handle risk effectively. It also provides a platform that will enable it to demonstrate the contribution risk management makes to its handling of risk and achieving of outcomes.

1.5. A certain amount of risk taking is both inevitable and essential if the County Council is to achieve its objectives. The way that the County Council manages the many risks facing it ultimately contributes towards the implementation of its Corporate Business Plan and the achievement of it's priorities of:

· Hampshire safer and more secure for all

· Maximising Wellbeing

· Enhancing our Quality of Place

Recommendation

That Members note the contents of this report

2. Appointment of Lead Member for Risk

2.1. Following the discussions at the Governance Committee on 26 October 2006, on the appointment of a lead Member for risk, Councillor Davidovitz has agreed to take on this role.

3. Review of Key Risks

3.1. The foundation of the County Council's risk management programme is a comprehensive set of risk registers. These are managed at Departmental level and contain a list of those risks identified by Departments that may have an effect on the quality of the services that the County Council provides.

3.2. These risks are reviewed on an ongoing basis and reported to the respective Departmental Management Team meetings, with an annual report tracking progress across the year. A full quality assurance is in the process of being undertaken, but initial findings indicate that risk treatment measures are in place for the highest risks and that there are no significant changes from previous years.

4. Comparison with other County Councils

4.1. A national survey on risk management was recently undertaken by Alarm, the National Forum for Risk Management in the Public sector, in conjunction with the Audit Commission. Although the results have not been published, Officers have been given access to the raw data.

4.2. The top 10 risks identified by local authorities nationally are outlined in the table below.

Most frequent 10 Summarised Risks

Critical Incidents/Business Continuity

Partnerships

Financial Capacity

IT Issues

Not achieve objectives/targets

Organisational Change

Income & Funding

Equal Pay/Single Status

Staff Recruitment & Retention

External Review & Inspectorate Judgement

Source; ALARM National Risk Management Survey 2006

4.3. These are very similar to a number of key risks that the County Council faced in 2006:

Risk Area

Major Change Programmes

Financial Risks

Partnership Risks

IT Risks

Emergency Planning & Business Recovery

4.4. It is understood that some comment has been made within the Audit Commission on the national survey results that local authorities may be unduly focusing on risk issues that are internal to the local authority concerned.


4.5. This an issue that has been recognised by Hampshire County Council, with the exploration of a register of Key Corporate Strategic Risks that would concentrate on risks that are outward facing and that affect the people of Hampshire.

5. Key Corporate Strategic Risks 2007

5.1. The existing Departmental and Corporate risk registers focus primarily on tactical and operational risks and those strategic risks that affect service delivery. It has been recognised that the County Council also faces wider strategic risks not only in relation to the services that it provides, but also to the people of Hampshire in general that it has an influence over. These risks represent both threats and opportunities to the organisation, its partners and the people it serves.

5.2. It is proposed that these risks are identified and articulated as a key corporate strategic risk register.

5.3. This risk register would directly reflects the key outcomes that are identified in the Corporate Business Plan, which is the action plan for delivery of the Corporate Priorities, which were formed to reflect the wishes of the people of Hampshire.

5.4. Once drawn up, the Key Corporate Risks would be presented to the Cabinet for endorsement.

5.5. A link would be made to the Departmental risk registers by ensuring that risks that affect the delivery of the key activities identified in the Corporate Business Plan are reflected in Departmental risk registers

5.6. Progress would be reported through the County Council's corporate performance framework.

6. Outcomes from the Corporate Strategy for Managing Risk 2003 - 2006

6.1. In addition to the programme of risk registers, the County Council has been promoting a wide ranging risk management approach. This has been driven through the implementation of its Corporate Strategy for Managing Risk 2003/4 to 2005/06.

6.2. The period for that strategy has come to an end, with a number of significant developments being undertaken at Departmental level, in all areas covered by the risk management improvement plan 2003-2006.

6.3. This was a period of considerable consolidation and development in terms of risk management and a period of challenge and change for the County Council as a whole.

6.4. Considerable progress has been made in integrating risk management into the business processes of the County Council. In particular, the framework for handling risk, both strategic and operational, through Corporate and Departmental risk registers, along with the reporting framework has delivered significant improvements to the performance of risk management.

6.5. This infrastructure provides a firm basis for the development of a risk based culture across the organisation. Of the improvement actions within the plan, some 65% were either fully completed or substantially completed by December 2006. Of those elements delayed, some were not progressed because of the changing business needs of the Council, others were due resource requirement difficulties at a corporate level. These have been addressed through the appointment of the Corporate Risk Manager.

6.6. The major risk management challenge remains the County Council's business preparedness for crisis and business continuity planning. This is being addressed as a matter of urgency.

7. Corporate Strategy for Managing Risk 2007 - 2010

7.1. A review of the strategy for risk management has been undertaken, with the drawing up of a new strategy to cover the period 2007 - 2010.

7.2. The aims of this strategy are to deliver improvements to the capacity for the Council to handle risk effectively and produce a performance management framework that will enable it to demonstrate the contribution risk management makes to its handling of risk and achieving of outcomes.

7.3. The strategy for 2007-2010 builds on the achievements of the previous strategy. It also responds to concerns of risk aversion by focusing on encouraging considered risk taking and a taking a proportional response to risk.

7.4. Although there has been a general fear of the development of a compensation culture, recent statistics show that their has not been a dramatic rise in the number of claims against local authorities, Hampshire County Council's own figures on claims support this national trend.

7.5. The associated Improvement Plan outlines the actions required to improve the quality of the management of risk across the County Council. It has been linked directly to a performance management framework. Achievement of the improvement actions therefore will have a direct effect on overall risk management performance.

7.6. It references a number of improvements that may directly contribute to the CPA Use of Resources Assessment.

7.7. Following the adoption of the Strategy, a detailed project plan will be drawn up, with progress being reported regularly to the Risk Management Board (RMB).

8. Corporate Risk Management Performance Framework

8.1. A framework for assessing the performance of risk management in the County Council has been developed. It is modelled on nationally recognised standards originally drawn up by HM Treasury, suitably amended to meet the needs of the County Council.

8.2. It will be used to identify areas of particularly good or poor practice and in establishing priorities for improvement action.

8.3. The County Council will use this performance framework to measure the performance of it's management of risk, set robust targets for future improvement and report on progress. Self assessment will be supported by documentary evidence, audits and reviews and performance indicators.

8.4. It is proposed that the County Council set itself the target of gaining the highest end of the excellence level by 2010. At this level risk management is fully integrated and continuously improved. A set of milestone targets will also be set with progress against those milestones regularly reported to the RMB and this Committee.

9. Conclusion

9.1. Hampshire County Council has a track record of successful risk management and innovative service delivery initiatives.

9.2. The maturity of the management arrangements for the risk registers, and the robustness of the review and reporting process across Departments, are major strengths in the management of risk for the County Council.

9.3. The linkage of the key corporate risk register to the key actions and outcomes of the Corporate Business Plan will provide a focus for a valuable link between the strategic risks facing Hampshire and the risk registers and associated treatment measures at corporate and departmental level.

9.4. The implementation of the Corporate Strategy for Managing Risk and associated performance management framework will provide a robust platform for further improvements in the handling of risk across the County Council.