Archived decisions

Hampshire Fire and Rescue Authority

26th September 2007

Strategic Risk Register

Report of the Chief Officer

Contact: Nicki Whitehouse, Deputy Performance Review Team Manager

    Telephone: 023 8062 6850

1 Summary

1.1 This version of the Register identifies three strategic risks where it is felt that sufficient controls have been put in place to justify - subject to Members' agreement - removal from the current Register.

1.2 The Register of strategic risks is presented to Members annually at the September HFRA meeting. In addition to this, the Corporate Management Team review the register at regular intervals. Given the Register's importance to the overall corporate planning process, it is recommended that a further formal opportunity for Members' input be provided by reporting the Register to the June meeting of the Finance and General Purposes Committee.

2 Recommendations

2.1 That the current version of the Strategic Risk Register be approved, and Members be invited to make any comments or amendments.

2.2 That the following two risks be removed from the current Register as following the placement of controls they are now deemed to be low risks:

    · Failure to comply with and/or manage the Authority's legal and moral responsibilities for the health, safety and welfare of its employees under health and safety legislation.

    · Failure to comply with and/or properly manage the Authority's legal and regulatory responsibilities in respect to the Civil Contingencies Act 2004.

2.3 That the following risk be removed from the Register as, in terms of compliance with legislation, it is deemed to be of low risk.

    · Failure to comply with and/or properly manage the Authority's legal and regulatory responsibilities in respect to equalities legislation.

2.4 It is further recommended that a new risk be added that relates specifically to equalities issues with respect to service delivery.

2.5 That the Register be reported to the Finance and General Purposes Committee on an annual basis at its June meeting.

3 Introduction

3.1 The Risk Management Policy and Strategy was first presented to the Authority on 9th February 2005.

3.2 The Strategic Risk Register is reviewed on a quarterly basis by Service Management Team and was last reported to the Authority in September 2006. The Register is also presented to the Corporate Management Team to provide a further opportunity for Member's comment.

3.3 The Risk Management policy and strategy encompasses all business activities, as well as those specifically aimed at preventing, protecting, and responding. The policy and strategy aims to identify any risks that may impact upon the Service meeting its objectives. Continual review of the Register is a key activity in our overall corporate planning process.

4 Risk Management Policy and Strategy

4.1 The aims of the Risk Management Policy and Strategy are to:

    · Anticipate and respond to changing external and internal pressures to avoid unwelcome surprises.

    · Raise awareness of the need for effective risk management by all those involved in the delivery of our services.

    · Manage risk in accordance with best practice thus helping to ensure the most effective use of our resources.

    · Promote and support well thought through risk taking to ensure improvement opportunities are not lost.

    · Integrate risk management into the culture of the Authority.

4.2 The approach taken is that Members and senior managers are responsible for identifying and managing any significant strategic risks that could affect the Authority's ability to achieve its corporate aims and objectives. Operational risks will be identified and managed within the service delivery and support departments, both as part of their planning processes, and on a day-to-day basis.

4.3 Issues of strategic significance identified at operational levels are escalated to the Service Management Team (SMT) for further assessment. SMT then examine and evaluate the strategies, and controls put in place to mitigate or manage the identified risk to the required level. A current and target risk score is determined, which comprises a score between one to five, and which relates to the perceived likelihood of the event occurring, multiplied by the perceived impact relating to that risk. Risks remain on the Register until they are given a score of ten or less which equates to low or very low risk, and have been reported to the Authority.

4.4 Members will note that there are four risks given such a rating currently on the Register. It is proposed that three of these are removed after this report has been accepted. Although the entry referenced no 6 on the Register - `Failure to recognise and comply with and/or properly manage the Authority's legal and regulatory responsibilities', has been given a low score rating, it provides an introduction to a series of risks concerning specific pieces of legislation, and for this reason it is proposed that it remains on the Register.

4.5 Risk reference no 6a - `Failure to comply with and/or properly manage the Authority's legal and regulatory responsibilities in respect to equalities legislation' has been scored as low risk. A new entry to the Register is being developed which relates to risks and impacts regarding equalities issues that we face in terms of service delivery and reputation. This entry is to be agreed by Service Management Team in October. It is therefore proposed that the current entry (6a) be removed on the condition that this new entry is added to the Register.

4.6 It is recommended that the Risk Register continues to be presented to the Authority annually at its September meeting to enable any budget implications to be considered ahead of the budget process. This process is seen as a key part of the review of the Strategic Risk Register. To enhance this process, it is proposed that the Register be monitored by the Finance and General Purposes Committee in future. As the Statement of Internal Control is presented to this Committee, it would seem appropriate for it to receive the Strategic Risk Register as well.

5 Current and future work

5.1 Officer training remains ongoing to facilitate the further embedding of the process into day-to-day work. This will include understanding the nature of risk, having the necessary skills to identify potential risks, and to identify, evaluate and assess risks that may impact on areas of responsibility.

5.2 An awareness session is being offered to Members after this meeting to enable them to gain an appreciation of their role in managing strategic risks.

5.3 The Performance Review Team maintains the Strategic Risk Register, and facilitates its updating. Members of this team are active on the Fire Sector Service Group of ALARM (Association of Local Authority Risk Managers); using this to benchmark our risk management processes against other Fire Services to ensure that we are working towards to current best practice. The Team will be visiting another Service to identify any further practices that could be adopted to improve our own processes.

5.4 The Service Delivery Directorate is developing a Community Risk Register to aid risk based service delivery planning. It will be an externally facing Risk Register.

6 Strategic Risk Register

6.1 The Strategic Risk Register is used to maintain information on identified risks considered of strategic risk to the Authority. A copy of the current version is attached to this report as Appendix A.

7 Contribution to corporate aims and objectives

7.1 Whilst all of our corporate aims seek to reduce risk to the communities we serve, it is essential that these, and their related objectives and activities are themselves subject to risk assessment and considered in terms of potential impact.

7.2 We aim to be in the top ten performing fire and rescue services in the country. Sound risk management processes - that are embedded throughout the organisation - are critical to sound decision making. The process (which is an integral part of our strategic planning process and performance management framework) helps to identify new and emerging issues which could impact on existing corporate aims and provide a focus for new ones.

8 Risk Analysis

8.1 It is essential that a Risk Management policy and strategy is in place across the organisation to ensure that there is a consistent and robust approach to the identification, analysis and treatment of strategic risks. This in turn ensures that major threats are considered and managed appropriately with adequate control measures, and equally that opportunities are identified and considered.

9 Resource implications

9.1 The services of an external risk management consultant has been and is continuing to be used for advice and internal training.

9.2 The Authority has a corporate membership with the Association of Local Authority Risk Managers (ALARM), and staff involved with the function have attended training courses and seminars in order to develop their knowledge, and keep up to date with best practices. These costs are met from Training and Performance Review departmental budgets.

10 Equality Impact Assessment

10.1 Carrying out equality impact assessments will strengthen our risk management practices by ensuring that the consequences of our proposed policies and actions comply with current legislation and expectations for improving equality and diversity in the workplace and in the delivery of services to the public.

10.2 The proposals within this report are considered compatible with the provisions of the European Convention on Human Rights, the Human Rights Act 1998, and the Race Relations (Amendment) Act 2000.

11 Conclusion

11.1 Risk management is about the management of threats and opportunities. By managing our threats and opportunities effectively, the Service will be in a better position to deliver our objectives, and make the most effective use of our resources.

12 Background information (Section 100D of Local Government Act 1972)

12.1 The following documents disclose the facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of the report:

    Risk Management Policy and Strategy is accessible from the Authority's 2agenda, reports and minutes2 web pages /decisions/decisions-docs/050209-fireau-R0202104346

      Note: The list excludes: (1) published works; and (2) documents that disclose exempt or confidential information defined in the Act.

Attachments

Appendix A - Strategic Risk Register