Archived decisions

Hampshire Fire and Rescue Authority

17th September 2008

Strategic Risk Register

Report of the Chief Officer

Contact: Nicki Whitehouse, Deputy Performance Review Team Manager

      Telephone: 023 8062 6850

1 Summary

1.1 The Register of strategic risks is presented to Members annually at the September meeting of the Fire Authority. The current or `active' version (summarised in Appendix 1) identifies four strategic risks where it is felt that sufficient controls have been put in place to justify - subject to Members' agreement - their removal from the active Strategic Register.

2 Recommendations

2.1 That the current version of the Strategic Risk Register be approved, and Members be invited to make any comments or amendments.

2.2 That, as a result of the controls put in place, the following four entries be endorsed as `low risk' and removed from the active Register:

    · Failure to maintain the positive engagement of our staff to deliver our key objectives and priority actions (risk register reference number 02)

    · Failure to comply with and/or properly manage the Authority's legal and regulatory responsibilities. (risk register reference number 06)

    · Failure to recognise and comply with and/or properly manage the Authority's legal and regulatory responsibilities in respect to the Fire Safety Order (risk register reference number 06b

    · Failure to recognise and comply with and/or properly manage the Authority's legal and regulatory responsibilities in respect to the Working Time Directive (risk register reference number 06d)

3 Introduction

3.1 The Risk Management Policy and Strategy was first presented to the Authority on 9th February 2005. It is reviewed on a quarterly basis by Service Management Team and was last reported to the Fire Authority in September 2007, and to Finance and General Purposes Committee in June 2008. The Register is also presented to the Corporate Management Team to provide a further opportunity for Member's input.

3.3 The Strategy applies all the Authority's activities - both (operational) service delivery and support functions. It aims to identify and manage any risks that might impact the Authority's ability to achieve its objectives and targets, and manage its business. Continual review of the Register is a key part of our corporate planning process.

4 Risk Management Policy and Strategy

4.1 The aims of the Risk Management Policy and Strategy are to:

      · Anticipate and respond to changing external and internal pressures to avoid unwelcome surprises.

      · Raise awareness of the need for effective risk management by all those involved in the delivery of our services.

      · Manage risk in accordance with best practice thus helping to ensure the most effective use of our resources.

      · Promote and support well thought through risk taking to ensure innovations and improvement opportunities are maximised.

      · Integrate risk management into the culture of the Authority.

4.2 The approach taken is that Members and senior managers are responsible for identifying and managing any significant strategic risks that could affect the Authority's ability to achieve its corporate aims and objectives. Operational risks are identified and managed within the service delivery and support departments, both as part of their planning processes, and on a day-to-day basis.

4.3 Issues of strategic significance identified at operational levels are escalated to the Service Management Team (SMT) for further assessment. SMT then examines and evaluates the strategies, and controls put in place to mitigate or manage the identified risk to the required level. A current and target risk score is determined, which comprises a score between one to five, and which relates to the perceived likelihood of the event occurring, multiplied by the perceived impact relating to that risk. SMT review the risk entries on the Register, and their scores formally on a quarterly basis, and more frequently if and when required. Risks remain on the Register until they are given a score of ten or less which equates to low or very low risk, and have been reported to the Authority. When a risk is taken off of the `active' Strategic Risk Register, it is retained in a separate `Green Risk Register' which itself is reviewed on an annual basis by SMT to ensure that the low score is still appropriate. If necessary it is returned to the active Strategic Register.

4.4 Members will note that there are currently four risks given a low-/green-risk rating on the Register. It is proposed that these are removed after this report has been accepted.

4.5 The summary of the Strategic Risk Register shown in Appendix 1 illustrates the direction of travel of the risk score since it was last presented to the Fire and Rescue Authority in September 2007. Members will note that that two risks have increased in score. These are:

    · Risk reference number 04 - "Failure to comply with and/or properly manage the Authority's legal and moral responsibilities for the health, safety and welfare of its employees under all relevant Health and Safety legislation and guidance, including the Corporate Manslaughter and Corporate Homicide Act 2007". The increase in this score was prompted by the consideration of the impact of an incident at another fire and rescue authority, and from the Service's own review of processes. However much work has been undertaken to ensure that controls are in place to protect our staff and the public in respect to health, safety, and welfare. Members will note that a report on progress was made to the Governance Committee in June 2008, in which considerable positive progress was reported.

    · Risk reference number 05 - "Failure to identify, interpret, understand, and inform on, demographic and other changes in risk profiles of local communities" has increased from 15 to 16. The importance of operating a risk intelligence-led service is well-understood and strategies and actions are being put in place to provide accurate and enhanced levels of information to ensure that resources are deployed appropriately. This need is recognised in one of the proposed corporate objectives for next year's Service Plan, as detailed in the Report entitled `Our Plan' 2009/10 to 2011/12', also the agenda for this meeting.

4.6 There are two emerging risks for which entries are currently being developed. Once they have been reported to SMT in October and scored, they will be included on the active Register. These risks relate to the future funding for maintenance of the Authority's properties; and, to road transport/driving activities. Whilst neither of these yet appear on the active Register Members may be assured that control measures are already being considered, and actions progressed.

5 Current and future work

5.1 Work is currently underway to update and refresh the Risk Management Policy and Strategy. It is intended that the new strategy takes into account the latest guidance and best practice, as well as reflecting new working practices within the Service in respect to risk intelligence and Group and Departmental planning.

5.2 The training of managers remains a high priority so that good risk management processes are embedded across the organisation. This will include understanding the nature of risk, having the necessary skills to identify potential risks, and to identify, evaluate and assess risks that may impact on areas of responsibility.

5.3 The Performance Review Team maintains the Strategic Risk Register, and facilitates its updating. Members of this team are active on the Fire Sector Service Group of ALARM (Association of Local Authority Risk Managers). The Group is used to benchmark our risk management processes against other Fire and Rescue Services to ensure that we are working towards to current best practice. It has also been a useful vehicle to detect new and emerging risks, and to discuss and benchmark proposed control measures with other Services.

5.4 The Service Delivery Medium Term Plan now incorporates its own risk register as do all of the Group plans. A Service Delivery Risk Register is continuing to be developed to aid risk based service delivery planning.

6 Contribution to corporate aims and objectives

6.1 Whilst all of our corporate aims and objectives seek to reduce, or contribute to reducing risk in our communities, it is essential that these, and their related activities are themselves subject to risk assessment and considered in terms of potential impact.

6.2 We aim to be in the top ten performing fire and rescue services in the country. Sound risk management processes - that are embedded throughout the organisation - are critical to sound decision making. The process (which is an integral part of our strategic planning process and performance management framework) helps to identify new and emerging issues which could impact on existing corporate aims and provide a focus for new ones.

7 Risk Analysis

7.1 It is essential that a risk management policy and strategy is in place across the organisation to ensure that there is a consistent and robust approach to the identification, analysis and treatment of strategic risks. This in turn ensures that major threats are considered and managed appropriately with adequate control measures, and equally that opportunities are identified and considered.

8 Resource implications

8.1 The Authority has a corporate membership with the Association of Local Authority Risk Managers (ALARM), and staff involved with the function have attended training courses and seminars in order to develop their knowledge, and keep up to date with best practices. One member of the team is studying risk management at MSc level. These costs are met from existing Training and Performance Review departmental budgets.

9 Equality Impact Assessment

9.1 Carrying out people impact assessments will strengthen our risk management practices by ensuring that the consequences of our proposed policies and actions comply with current legislation and expectations for improving equality and diversity in the workplace and in the delivery of services to the public.

9.2 The proposals within this report are considered compatible with the provisions of the European Convention on Human Rights, the Human Rights Act 1998, and the Race Relations (Amendment) Act 2000.

10 Conclusion

10.1 Risk management is about the management of threats and opportunities. By managing our threats and opportunities effectively, the Authority is in a better position to deliver its objectives, and make the most effective use of resources. The reporting of the Strategic Risk Register to Members is considered to be an essential part of the risk management process.

12 Background information (Section 100D of Local Government Act 1972)

12.1 The following documents disclose the facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of the report:

      The Risk Management Policy and Strategy and a full copy of the Risk Register (version 15 - August 2008) can be found at is accessible from the Authority's web site at

      www.hantsfire.gov.uk/theservice/corporateplan/corporateplan-strategies/corporateplan-policiesplans.htm

        Note: The list excludes: (1) published works; and (2) documents that disclose exempt or confidential information defined in the Act.

Attachments

Appendix 1 - Strategic Risk Register - Summary