GEDNEY
PARISH COUNCIL
HEDGEVIEW,
231 BROADGATE, SUTTON ST EDMUND, LINCOLNSHIRE, PE12 OLT
E Mail
the.clerk@outlook.com
Risk Management
Policy
1. Objectives
The aims and
objectives of this policy are comprehensive beginning with the need to develop
risk management beyond Health & Safety.
Integrate
risk management into the culture of the organisation;
Embed
risk management through the ownership and management of risk as part of all
decision making processes;
Manage risk
in accordance with best practice.
2. Introduction - Risk Management Policy
Statement
Gedney
Parish Council recognises that, in addition to its statutory duties, there are
significant economic and ethical reasons to take all reasonable and practicable
measures to safeguard the people that it works with, and provides services for,
and to protect the natural and built environments for which it is responsible.
This policy
document first establishes:
a) What is risk
management?
b) Why the Council needs a risk management policy?
c) The reasoning
behind the risk management procedures of Gedney Parish Council
d) What the Risk
Management process is;
e) Options for
control of risks;
f) Risk monitoring;
g) Roles and
responsibilities;
h) Future monitoring.
a) What is Risk Management?
Risk
management is essential to good governance.
‘Risk is
the threat that an event or action will adversely affect an organisation’s
ability to achieve its objectives and to successfully execute its strategies.
Risk management is the process by which risks are identified, evaluated and
controlled. It is a key element of the framework of governance together with
community focus, structures and processes, standards of conduct and service
delivery arrangements.’ Audit
Commission, Worth the
Gedney
Parish Council is more likely to achieve its objectives if it manages risk
properly. It is critical to recognise that risk management applies to every
aspect of the Council’s work, and is not just about Health & Safety.
Risks
can be classified into various types but it is important to recognise that for
all categories the direct financial losses may have less impact than the
indirect costs such as disruption of normal working.
Not all
these risks are insurable and for some the premiums may not be cost-effective.
Even where insurance is available, money may not be an adequate recompense. The
emphasis should always be on eliminating or reducing risk, before costly steps
to transfer risk to another party are considered.
Risk is not
restricted to potential threats but can be connected with opportunities. Good
risk management can facilitate proactive, rather than merely defensive
responses. Measures to manage adverse risks are likely to help with managing
positive ones.
The
examples below are high profile but not exhaustive:
Health & Safety Risk - The Council will adhere to the
requirements of the Health and Safety at Work Act 1974; the Regulatory Reform
(Fire Safety) Order 2005; the Management of Health and Safety at Work
Regulations 1999; and other relevant health and safety legislation and codes of
practice.
Strategic Risk -
long-term adverse impacts from poor decision-making or poor implementation.
Risks damage to the reputation of the Council, loss of public confidence, and
in a worst case scenario Government Intervention.
Compliance Risk -
failure to comply with legislation, or laid down procedures or the lack of
documentation to prove compliance. Risks exposure to prosecution, judicial
review, employment tribunals, inability to enforce contracts.
Financial Risk - fraud and corruption, waste,
excess demand for services, bad debts. Risk of additional audit investigation,
objection to accounts, reduced service delivery, dramatically increased Council
tax levels/impact on Council reserves
Operating Risk -
failure to deliver services effectively, malfunctioning equipment, hazards to
service users, the general public or staff, damage to property. Risk of
insurance claims, higher insurance premiums, lengthy recovery processes.
b) Why
the Council needs a Risk Management Policy?
Risk
management will strengthen the ability of the Council to achieve its objectives
and enhance the value of services provided.
Risk
management will help to ensure that the Council has an understanding of ‘risk’
and that the Council adopts a uniform approach to identifying and prioritising
risks. This should in turn lead to conscious choices as to the most appropriate
method of dealing with each risk, be it elimination, reduction, transfer or
acceptance.
There
is an Audit requirement under the Accounts and Audit Regulations 2003 (SI
2003/533) to establish and maintain a systematic strategy, framework and
process for managing risk.
c) Why
Risk Management?
Whilst it is
acknowledged that risk cannot be totally eliminated it is accepted that much
can be done to reduce the extent of injury, damage and financial loss.
Therefore, Gedney Parish Council is committed to identifying, reducing or
eliminating the risks to both people and the natural and built environments.
The Council
will carry insurance in such amounts and in respect of such perils as will
provide protection against significant losses, where insurance is required by
law or contract and in other circumstances where risks are insurable and
premiums cost effective.
The
Council will seek to embed effective risk management into its culture,
processes and structure to ensure that opportunities are maximised. The Council
will seek to encourage staff to identify, assess and manage risks
d) What
is the Risk Management Process?
Implementing
the Policy involves identifying, analysing/prioritising, managing and
monitoring risks.
Risk Identification – Identifying and understanding the hazards and risks
facing the Council is crucial if informed decisions are to be made about
policies or service delivery methods. The risks associated with these decisions
can then be effectively managed.
Risk Analysis –
Once risks have been identified they need to be systematically and accurately
assessed using proven techniques. Analysis should make full use of any
available data on the potential frequency of events and their consequences. If
a risk is seen to be unacceptable, then steps need to be taken to control it or
respond to it.
Risk Prioritisation - An assessment
should be undertaken of the impact and likelihood of risks occurring, with
impact and likelihood being scored Low, Medium, or High. High scoring risks
will be subject to detailed consideration and the preparation of a
contingency/action plan to appropriately control the risk.
Risk Control –
Risk control is the process of taking action to minimise the likelihood of the
risk event occurring and/or reducing the severity of the consequences should it
occur. Typically, risk control requires the identification and implementation
of revised operating procedures, but in exceptional cases more drastic action
may be required to reduce the risk to an acceptable level.
e)
Options for control of Risks
Elimination –
the circumstances from which the risk arises are ceased so that the risk no
longer exists.
Reduction –
loss control measures are implemented to reduce the impact/ likelihood of the
risk occurring.
Transfer
– where the
financial impact is passed to others e.g. by revising contractual Terms.
Sharing –sharing the risk with another party or
parties.
Insuring
– insuring against
some or all of the risk to mitigate financial impact.
Acceptance –
documenting a conscious decision after assessment of areas where the Council
accepts or tolerates risk a particular risk.
f) Risk
Monitoring
The risk
management process does not finish with putting any risk control procedures in
place. Their effectiveness in controlling risk must be monitored and reviewed.
It is also important to assess whether the nature of any risk has changed over
time.
The
information generated from applying the risk management process will help to
ensure that risks can be avoided or minimised in the future. It will also
inform judgments on the nature and extent of insurance cover and the balance to
be reached between self-insurance and external protection
How will it feed into the Council’s existing
polices?
Initial
Identification of risks will be by individual Councillors, the Clerk , members
of the public , contractors or volunteers.
g) Roles
and Responsibilities
It is
important that risk management becomes embedded into the everyday culture
and
performance management process of the Council. The roles and responsibilities
set out below, are designed to ensure that risk is managed effectively across
the Council and its operations, and responsibility for risk is located in the
right place. Those who best know the risks to a particular service are those
responsible for it. The process must be driven from the top but must also
involve staff throughout the Council.
Elected Members
Risk
management is seen as a key part of the Elected Member’s stewardship role and
there is an expectation that Elected Members will lead and monitor risk
management. This will include:
Approval of the Risk Management Policy.
Analysis of key risks in reports on major
projects, ensuring that all future projects and services undertaken are
adequately risk managed.
Consideration, and if appropriate, endorsement
of the Annual Statement of Internal Control.
Assessment of risks whilst setting the budget,
including any bids for resources to tackle specific issues.
Clerk
The Clerk
& RFO will act as the Lead Officer on Risk Management, overseeing the
implementation of the detail of the Risk Management Strategy and will:
Provide advice as to the legality of policy
and service delivery choices.
Provide advice on the implications of
potential service actions for the Council’s corporate aims and objectives.
Update Council and service areas on the
implications of new or revised legislation.
Assist in handling any litigation claims.
Advise on any health and safety implications
of the chosen or proposed arrangements for service delivery.
Responsible Finance Officer
The Clerk as
the Council’s Responsible Finance Officer will:
Assess and implement the Council’s insurance
requirements.
Assess the financial implications of strategic
policy options.
Provide assistance and advice on budgetary
planning and control.
Ensure that the Financial Information System
allows effective budgetary control and informs financial decisions made by the
Council.
Role of Internal Audit
The
Independent Internal Auditor provides an important scrutiny role carrying out
audits to provide independent assurance to the Town Council via the
Administration Committee that the necessary risk management systems are in
place and all significant business risks are being managed effectively.
Internal
Audit assists the Council in identifying both its financial and operational
risks and seeks to assist the Council in developing and implementing proper
arrangements to manage them, including adequate and effective systems of
internal control to reduce or eliminate the likelihood of errors or fraud.
The Internal
Audit Report, and any recommendations contained within it, will help to shape
the operation of the Council.
The adoption
of a sound risk management approach should achieve many benefits for the
Council. It will assist in demonstrating that the Council is committed to
continuous service improvement and demonstrating effective corporate governance
h) Future
Monitoring
The progress
of the Policy will be measured on:
Adjustments
to the way in which services are delivered.
Greater
satisfaction of Members, staff, volunteers, customers and visitors with the
provisions made by the Council.
Improvements
to the provisions made by the Council for its open spaces.
Reviewing this Policy
This Policy
will be reviewed on an annual basis as part of the Council’s continuing review
of its Policy Documents, Standing Orders and Financial Regulations.
Recommendations for change will be reported to the full Council.
Version Number |
Date Approved |
Amendments made |
Next review Date |
V1 |
April 2015 |
|
January 2020 |
|
May 2020 |
None |
May 2022 |
|
September 2023 |
None |
September 2025 |
|
|
|
|