TYDD
ST MARY PARISH COUNCIL
Hedgeview, 231 Broadgate, Sutton
St Edmund, Spalding, Lincs, PE120LT
E mail tyddstmarypc@gmail.com
Risk Management Policy
1. Objectives
The aims and objectives of this policy are comprehensive beginning
with the need to develop risk management beyond Health & Safety.
Integrate risk management into the culture of the organisation.
Embed risk management through the ownership and management of risk
as part of all decision-making processes.
Manage risk in accordance with best practice.
2. Introduction - Risk Management Policy Statement
Tydd St Mary Parish Council recognises that, in addition to its
statutory duties, there are significant economic and ethical reasons to take
all reasonable and practicable measures to safeguard the people that it works
with, and provides services for, and to protect the natural and built
environments for which it is responsible.
This policy document first establishes:
a) What is risk management?
b) Why the Council needs a
risk management policy?
c) The reasoning behind the
risk management procedures of Tydd St Mary Parish Council
d) What the Risk Management
process is.
e) Options for control of
risks.
f) Risk monitoring.
g) Roles and responsibilities.
h) Future monitoring.
a) What is Risk Management?
Risk management is essential to good governance.
‘Risk is the threat that an event or action will adversely affect an organisation’s ability to achieve its objectives and to successfully execute its strategies. Risk management is the process by which risks are identified, evaluated and controlled. It is a key element of the framework of governance together with community focus, structures and processes, standards of conduct and service delivery arrangements.’ Audit Commission, Worth the
Tydd St Mary Parish Council is more likely to achieve its
objectives if it manages risk properly. It is critical to recognise that risk
management applies to every aspect of the Council’s work and is not just about
Health & Safety.
Risks can be
classified into various types, but it is important to recognise that for all
categories the direct financial losses may have less impact than the indirect
costs such as disruption of normal working.
Not all these risks are insurable and for some the premiums may
not be cost-effective. Even where insurance is available, money may not be an
adequate recompense. The emphasis should always be on eliminating or reducing
risk, before costly steps to transfer risk to another party are considered.
Risk is not restricted to potential threats but can be connected
with opportunities. Good risk management can facilitate proactive, rather than
merely defensive responses. Measures to manage adverse risks are likely to help
with managing positive ones.
The examples below
are high profile but not exhaustive:
Health & Safety Risk - The Council will adhere to the requirements of the Health and Safety at Work Act 1974; the Regulatory Reform (Fire Safety) Order 2005; the Management of Health and Safety at Work Regulations 1999; and other relevant health and safety legislation and codes of practice.
Strategic Risk - long-term adverse impacts from poor decision-making or poor implementation. Risks damage to the reputation of the Council, loss of public confidence, and in a worst-case scenario Government Intervention.
Compliance Risk - failure to comply with legislation or laid down procedures or the lack of documentation to prove compliance. Risks exposure to prosecution, judicial review, employment tribunals, inability to enforce contracts.
Financial Risk - fraud and corruption, waste, excess demand for services, bad debts. Risk of additional audit investigation, objection to accounts, reduced service delivery, dramatically increased Council tax levels/impact on Council reserves
Operating Risk - failure to deliver services effectively, malfunctioning equipment, hazards to service users, the general public or staff, damage to property. Risk of insurance claims, higher insurance premiums, lengthy recovery processes.
b) Why the Council needs a Risk Management Policy?
Risk management will strengthen the ability of the Council to
achieve its objectives and enhance the value of services provided.
Risk management will help to ensure that the Council has an
understanding of ‘risk’ and that the Council adopts a uniform approach to
identifying and prioritising risks. This should in turn lead to conscious
choices as to the most appropriate method of dealing with each risk, be it
elimination, reduction, transfer or acceptance.
There is an Audit
requirement under the Accounts and Audit Regulations 2003 (SI 2003/533) to
establish and maintain a systematic strategy, framework and process for managing
risk.
c) Why Risk Management?
Whilst it is acknowledged that risk cannot be totally eliminated
it is accepted that much can be done to reduce the extent of injury, damage and
financial loss. Therefore, Tydd St Mary Parish Council is committed to identifying,
reducing or eliminating the risks to both people and the natural and built
environments.
The Council will carry insurance in such amounts and in respect of
such perils as will provide protection against significant losses, where
insurance is required by law or contract and in other circumstances where risks
are insurable and premiums cost effective.
The Council will
seek to embed effective risk management into its culture, processes and
structure to ensure that opportunities are maximised. The Council will seek to
encourage staff to identify, assess and manage risks.
d) What is the Risk Management Process?
Implementing the Policy involves identifying,
analysing/prioritising, managing and monitoring risks.
Risk Identification – Identifying and understanding the hazards and risks facing the Council is crucial if informed decisions are to be made about policies or service delivery methods. The risks associated with these decisions can then be effectively managed.
Risk Analysis – Once risks have been identified they need to be systematically and accurately assessed using proven techniques. Analysis should make full use of any available data on the potential frequency of events and their consequences. If a risk is seen to be unacceptable, then steps need to be taken to control it or respond to it.
Risk Prioritisation - An assessment should be undertaken of the impact and likelihood of risks occurring, with impact and likelihood being scored Low, Medium, or High. High scoring risks will be subject to detailed consideration and the preparation of a contingency/action plan to appropriately control the risk.
Risk Control – Risk control is the process of taking action to minimise the likelihood of the risk event occurring and/or reducing the severity of the consequences should it occur. Typically, risk control requires the identification and implementation of revised operating procedures, but in exceptional cases more drastic action may be required to reduce the risk to an acceptable level.
e) Options for control of Risks
Elimination – the circumstances from which the risk arises are ceased so that the risk no longer exists.
Reduction – loss control measures are implemented to reduce the impact/ likelihood of the risk occurring.
Transfer – where the financial impact is passed to others e.g., by revising contractual Terms.
Sharing –sharing the risk with another party or parties.
Insuring – insuring against some or all of the risk to mitigate financial impact.
Acceptance – documenting a conscious decision after assessment of areas where the Council accepts or tolerates risk a particular risk.
f) Risk Monitoring
The risk management process does not finish with putting any risk
control procedures in place. Their effectiveness in controlling risk must be
monitored and reviewed. It is also important to assess whether the nature of
any risk has changed over time.
The information
generated from applying the risk management process will help to ensure that
risks can be avoided or minimised in the future. It will also inform judgments
on the nature and extent of insurance cover and the balance to be reached
between self-insurance and external protection.
How will it feed into the Council’s existing polices?
Initial Identification of risks will be by individual Councillors,
the Clerk, members of the public, contractors or volunteers.
g) Roles and Responsibilities
It is important that risk management becomes embedded into the
everyday culture
and performance
management process of the Council. The roles and responsibilities set out
below, are designed to ensure that risk is managed effectively across the
Council and its operations, and responsibility for risk is located in the right
place. Those who best know the risks to a particular service are those
responsible for it. The process must be driven from the top but must also
involve staff throughout the Council.
Elected Members
Risk management is seen as a key part of the Elected Member’s
stewardship role and there is an expectation that Elected Members will lead and
monitor risk management. This will include:
Approval of the Risk
Management Policy.
Analysis of key risks in
reports on major projects, ensuring that all future projects and services
undertaken are adequately risk managed.
Consideration, and if
appropriate, endorsement of the Annual Statement of Internal Control.
Assessment of risks whilst
setting the budget, including any bids for resources to tackle specific issues.
Clerk
The Clerk & RFO will act as the Lead Officer on Risk
Management, overseeing the implementation of the detail of the Risk Management
Strategy and will:
Provide advice as to the
legality of policy and service delivery choices.
Provide advice on the
implications of potential service actions for the Council’s corporate aims and
objectives.
Update Council and service
areas on the implications of new or revised legislation.
Assist in handling any
litigation claims.
Advise on any health and
safety implications of the chosen or proposed arrangements for service
delivery.
Responsible Finance Officer
The Clerk as the Council’s Responsible Finance Officer will:
Assess and implement the
Council’s insurance requirements.
Assess the financial
implications of strategic policy options.
Provide assistance and
advice on budgetary planning and control.
Ensure that the Financial
Information System allows effective budgetary control and informs financial
decisions made by the Council.
Role of Internal Audit
The Independent Internal Auditor provides an important scrutiny
role carrying out audits to provide independent assurance to the Council via
the Full Council that the necessary risk management systems are in place and
all significant business risks are being managed effectively.
Internal Audit assists the Council in identifying both its
financial and operational risks and seeks to assist the Council in developing
and implementing proper arrangements to manage them, including adequate and
effective systems of internal control to reduce or eliminate the likelihood of
errors or fraud.
The Internal Audit Report, and any recommendations contained
within it, will help to shape the operation of the Council.
The adoption of a sound risk management approach should achieve
many benefits for the Council. It will assist in demonstrating that the Council
is committed to continuous service improvement and demonstrating effective
corporate governance.
h) Future Monitoring
The progress of the Policy will be measured on:
Adjustments to the way in which services are delivered.
Greater satisfaction of Members, staff, volunteers, customers and
visitors with the provisions made by the Council.
Improvements to the provisions made by the Council for its open
spaces.
Reviewing this Policy
This Policy will be reviewed every two years as part of the
Council’s continuing review of its Policy Documents, Standing Orders and
Financial Regulations. Recommendations for change will be reported to the full
Council.
|
Version number |
Date Approved |
Amendments Made |
Next Review Date |
|
V1 |
April 2021 |
|
March 2023 |
|
V2 |
April 2023 |
Yes |
April 2025 |
|
|
|
|
|
|
|
|
|
|