Archived decisions
Hampshire Fire and Rescue Authority Item 11
16th September 2009
Strategic Risk Register
Report of the Chief Officer
Contact: Nicki Whitehouse, Deputy Performance Review Manager
Telephone: 023 8062 6850
1 Summary
1.1 The Strategic Risk Register is presented to Members annually at the September meeting of the Fire Authority. The current or `active' version (summarised in Appendix 1) identifies two strategic risks where it is felt that sufficient controls have been put in place to justify - subject to Members agreement - their removal from the `active' Register. These risks and the primary reasons for this are detailed below.
1.2 The Authority's adoption of the Chief Fire Officers Association Enforcement Policy, and associated work done to clarify the implications of the regulations indicates that the risk relating to the Authority's legal and regulatory responsibilities in respect to the Regulatory Enforcement & Sanctions Bill and Compliance Code 2008 should now be classified as `low risk'.
1.3 Following the installation of radios in vehicles as part of the national Firelink project, the risk relating to the Authority's transition period to that project is no longer relevant.
2 Recommendations
2.1 That the current version of the Strategic Risk Register be approved, and Members be invited to make any comments or amendments.
2.2 That risk reference number 05 `failure to comply with, and properly manage the Authority's legal and regulatory responsibilities in respect to the statutory duties imposed by the Regulatory Enforcement & Sanctions Bill and Compliance Code 2008', be endorsed as `low risk', and removed from the active Register.
2.3 That risk reference number 07a `failure to ensure that the transition to Firelink will not adversely affect the delivery of service', be removed from the Register.
3 Introduction
3.1 The Risk Management Policy and Strategy was first presented to the Authority on 9th February 2005. The Register is reviewed on a quarterly basis by Service Management Team and was last reported to the Fire Authority in September 2008. It is also presented to the Corporate Management Team to provide a further opportunity for Members input.
3.2 The strategic risk management process aims to identify, prioritise and manage any risks to the Authority's ability to achieve its objectives and targets, and manage its business. Continual review of the Register is a key part of our corporate planning process.
4 Risk Management Policy and Strategy
4.1 The aims of the Risk Management Policy and Strategy are to:
· Anticipate and respond to changing external and internal pressures to avoid unwelcome surprises.
· Raise awareness of the need for effective risk management by all those involved in the delivery of our services.
· Manage risk in accordance with best practice thus helping to ensure the most effective use of our resources.
· Promote and support well thought through risk taking to ensure innovations and improvement opportunities are maximised.
· Integrate risk management into the culture of the Authority.
4.2 The approach taken is that Members and senior managers are responsible for identifying and managing any significant strategic risks to the Authority's ability to achieve its corporate aims and objectives. Operational risks are identified and managed within the Service Delivery and support departments, both as part of their planning processes, and on a day-to-day basis.
4.3 Issues of strategic significance identified at operational levels are escalated to the Service Management Team (SMT) for further assessment. SMT examine and evaluate the strategies and controls put in place to mitigate or manage the identified risk to the required level. A current and target risk score are determined, which comprise a score between one to five, and which relate to the perceived likelihood of the event occurring, multiplied by the perceived impact relating to that risk. SMT review the risk entries on the Register, and their scores formally on a quarterly basis, and more frequently if and when required. It should be noted that members of SMT are also informed by their teams, who also review the Register regularly. Risks remain on the Register until they are given a score of ten or less which equates to low or very low risk, and have been reported to the Authority. When a risk is taken off the `active' Strategic Risk Register, it is retained in a separate `Green Risk Register' which itself is reviewed annually by SMT to ensure that the low score is still appropriate. If necessary it can be returned to the active Strategic Risk Register.
5 Review of the current Register
5.1 Members will note that there are currently two risks classified as low-/green on the 'live' Register, and defined in paragraphs 2.2 and 2.3. It is proposed that they are removed after this report has been accepted for the following reasons.
5.1.1 Risk reference number 05, relating to the statutory duties imposed by the Regulatory Enforcement and Sanctions Bill and Compliance Code; when the risk was first identified, one of the main concerns was that the impacts of the new regulations were unclear, and therefore Service may fail to comply in some way. Since that time, greater clarity has been achieved with the publication of the Chief Fire Officers Enforcement Policy, which has been adopted by the Service. The Service is also represented on the Forum that is reviewing the impact of the legislation, which means that we can remain up to date with future developments.
5.1.2 Risk reference number 07a relates to the Service's management of the transition to the national `Firelink' communication system. Now that the phase of the project concerned with the fitting of vehicle radios is complete, the risk as defined in this entry has been removed.
6.2 The summary of the Strategic Risk Register shown in Appendix 1 illustrates the direction of travel of the risk score since it was last presented to the Fire and Rescue Authority in September 2008. Members will note that no risks have increased in score since that time, but there are five new entries. These are outlined in the following paragraphs:
5.2.1 Failure to have the appropriate policies and procedures in place to manage driving and vehicle related risks. (reference number 06h). A project is in place to identify and implement the necessary control issues to treat this risk. Considerable work has already been undertaken. Policies in respect to many of these will be completed and in place soon.
5.2.2 Failure to adequately fund and deal with the increasing burden and cost of repairing, maintaining and improving the Authority's properties. (reference number 12). Property condition surveys are undertaken on a three-year rolling basis. Needs are regularly reviewed and prioritised in consultation with the Authority's property management advisers to ensure that the most urgent needs are identified and addressed.
5.2.3 Failure to collect, maintain/ store and provide relevant, timely and accurate site specific risk information to adequately inform the risk assessment at an incident. (reference number 13). A significant step has been made in respect to mitigating this risk. The Mobile Data Terminal solution, provided by the Department of Communities and Local Government has been agreed, and a delivery date of 10th November 2009 confirmed.
5.2.4 Failure to anticipate, plan and react to the implications of changes in the economic environment (reference number 14), is a risk that Members would rightly expect to be closely examined. A sensitivity analysis has been undertaken and shared with the Corporate Management Team. This details possible scenarios and potential financial gaps which might be faced in the future, depending mainly on grant and inflation trends and decisions about levels of council tax
5.2.5 Failure to develop, implement and maintain information communications technology systems that are resilient, support the achievement of the Service objectives and capitalise on the benefits in terms of efficiency, economy and effectiveness of our systems. (reference number 15).
5.3 The risks that have been added to the Register since September 2008 have all been discussed and scored by SMT. They all have action plans for the implementation of controls to reduce their risk ratings, a few of which have been mentioned above. SMT will continue to monitor the progress of the proposed controls for all the risks on the Register.
5.4 More detail relating to the individual risk entries, the controls in place and proposed can be found on the Strategic Risk Register itself which can be accessed from the link mentioned in paragraph 12 of this report.
6 Current and future work
6.1 Work is ongoing to update and refresh the Risk Management Policy and Strategy. It is intended that the new strategy takes into account the latest guidance and best practice, as well as reflecting new working practices within the Service in respect to risk intelligence, project management, and group and departmental planning.
6.2 The Performance Review Team maintains and updates the Strategic Risk Register. Members of this team are active on the Fire Sector Group of Alarm, the Public Risk Management Association. The Group is used to benchmark our risk management processes against other Fire and Rescue Services and ensure that we are working towards current best practice. It has also been a useful vehicle to detect new and emerging risks, and to discuss and benchmark proposed control measures with other Services.
7 Contribution to corporate aims and objectives
7.1 We want to be the best fire and rescue service in the country and make life safer for everyone by reducing risks in the community. Sound risk management processes - that are embedded throughout the organisation - are critical to sound decision making. The process (which is an integral part of our planning process and performance management framework) helps to identify new and emerging issues which could impact on existing corporate aims and objectives, and provide a focus for new ones.
8 Risk Analysis
8.1 It is essential that a risk management policy and strategy is in place across the organisation to ensure that there is a consistent and robust approach to the identification, analysis and treatment of strategic risks. This in turn ensures that major threats are considered and managed appropriately with adequate control measures, and equally that opportunities are identified and considered.
9 Resource implications
9.1 The Authority has a corporate membership with the Public Risk Management Association (Alarm), and staff involved with the function have attended training courses and seminars in order to develop their knowledge, and keep up to date with best practices. One member of the team is studying risk management at MSc level, as is a member of the Risk Intelligence Team in Service Delivery. These costs are met from existing training and departmental budgets.
10 People Impact Assessments
10.1 Carrying out people impact assessments will strengthen our risk management practices by ensuring that the consequences of our proposed policies and actions comply with current legislation and expectations for improving equality and diversity in the workplace and in the delivery of services to the public.
10.2 The proposals within this report are considered compatible with the provisions of the European Convention on Human Rights, the Human Rights Act 1998, and the Race Relations (Amendment) Act 2000.
11 Conclusion
11.1 Risk management is about the management of threats and opportunities. By managing our threats and opportunities effectively, the Authority is in a better position to deliver its objectives, and make the most effective use of resources. The reporting of the Strategic Risk Register to Members is considered to be an essential part of our risk management, and overall corporate governance processes.
12 Background information (Section 100D of Local Government Act 1972)
12.1 The following documents disclose the facts or matters on which this report, or an important part of it, is based and has been relied upon to a material extent in the preparation of the report:
The Risk Management Policy and Strategy and a full copy of the Risk Register (version 20 - August 2009) can be found, and is accessible from, the Authority's web site at
www.hantsfire.gov.uk/theservice/corporateplan/corporateplan-strategies/corporateplan-policiesplans.htm
Note: The list excludes: (1) published works; and (2) documents that disclose exempt or confidential information defined in the Act.
Attachments
Appendix 1 - Strategic Risk Register - Summary
Sec/WP/W/C/HFRA/2009 2009 09 16 HFRA Risk Register NW/JMW/8/9/09