- Overview
- Strategies
- Risk Management Plan 2011 – 2013
- Community Safety Strategy 2009 – 2014
- Equality and Diversity Strategy 2008 – 2013
- Risk Management Strategy
- Medium Term Financial Strategy 2010 – 2011/2014 – 2015
- Workforce Development Strategy 2008 – 2011
- Consultation Strategy
- Corporate Communication Strategy
- Climate Change and Environment Strategy
- Risk Reduction Strategy for Older People 2010 – 2014
- Deliberate Fire Risk Reduction Strategy
- Business Continuity
- Policies
- Plans
- Performance
- Financial Documents
- Publication Scheme
Policy Statement
Risk Management is the process of identifying significant risks to the achievement of the organisations strategic and operational objectives, evaluating their potential consequences and implementing the most effective way of controlling them.
Risk Management Objectives
The risk management policy is designed to safeguard the achievement of the Services objectives through the effective control of risks, which threaten their achievement. The policy is intended:
* To ensure best value and best practice are achieved in the management of risks.
* To regard compliance with legal and regulatory requirements as a minimum standard.
* To identify and respond to changing social, environmental and legislative requirements.
* To prevent injury, damage and loss to stakeholders and employees or their property.
* To reduce the overall cost of risk.
* To integrate risk management into the culture of the Authority
* To support staff in their efforts to manage the risks to which they are exposed.
* To ensure compliance with the Authority’s Code of Corporate Governance.
Responsibilities
The variety of risks to which the Authority is exposed is such that a multi-layered approach will need to be adopted to ensure full integration of the risk management culture into all levels of the Authority.
Elected Members have a responsibility to ensure the implementation of appropriate risk management structures and processes, and to provide sufficient resources to meet agreed objectives.
The Service Management Team has overall responsibility for ensuring that the Authority manages risk effectively through the development of a comprehensive corporate risk management strategy and that decisions taken by both the Authority’s Members and management give full consideration to the risks associated with those policies.
The Service’s Risk Management Working Group is responsible for developing, implementing and reviewing a risk management strategy, setting out the specific programmes, procedures and activities designed to ensure that policy objectives are met.
Heads of Departments and other Service Management are each responsible for ensuring that proper procedures are in place to effectively identify, evaluate and manage risks within their service areas.
Individual managers and employees are each charged with the effective management of the risks associated with their particular roles and duties, and for ensuring that significant risks are identified to senior management as soon as they become known. The risk management group is available to support this activity through the provision of training, information, and technical assistance as required.
Risk Management Process
The basic principles of risk management are the identification, analysis, control and monitoring of risks. The processes associated with these are: -
Risk Identification
In order to enable risk to be effectively managed, the nature of the risk must first be identified. This can be done by reviewing the Services/Departments strategic and operational objectives and identifying all risks, which could impact upon their achievement.
Risk Analysis
Once risks have been identified they need to be assessed in terms of their likelihood and their potential impact on the Service/Department.
Based on this assessment the risks which require the greatest level of management can be identified, ie those with a high likelihood of occurrence and a major impact on the Service/Department.
This can be done using a risk matrix, which scores the likelihood of occurrence and the severity of impact, with the overall risk assessment being the two scores multiplied together. The following scoring is suggested:-
| Score
|
1
|
2
|
3
|
4
|
5
|
| Likelihood
|
Very low | Low | Medium | High | Very high |
| Impact
|
Very low | Low | Medium | High | Very high |
Thus if a risk is assessed as a high likelihood but low impact the score will be 4 x 2 = 8. It follows that the higher the score out of a maximum of 25 the more important it is to ensure effective risk management arrangements are in place.
An example of the outcome of this scoring system is given below:-
|
High Likelihood
|
Score 5
High probability that this will happen, but little impact if it does, therefore action is dependant upon management being prepared to accept the consequences |
Score 25
High probability with big impact, needs careful managing |
| Low Likelihood
|
Score 1
Little chance of it happening and little impact if it does, therefore no need for action |
Score 5
Little chance of it happening but if it does it will have a big impact, therefore needs some managing |
| Low Impact
|
High Impact
|
The benefit of this approach is that it is relatively simple to understand and use and it will help to inform discussion about which risks are most significant and what action is required to address them.
Types Of Risk
The following list sets out a framework for identifying and categorising a broad range of risks facing the Service: -Strategic risks, need to be taken into account in judgements about the medium to long term objectives of the Service, and are identified as falling within the following categories:
* Political – associated with failure to deliver central government policy
* Economic – the ability of the Service to meet its financial commitments, ie budgetary pressures
* Social – relating to the effects of changes in demographic, residential or socio-economic trends on the ability of the Service to deliver its objectives
* Technological – associated with the capacity of the Service to deal with pace/scale of technological scale. This may also include the consequences of internal technological failures affecting the Service’s ability to deliver its objectives.
* Legislative – those associated with current/potential changes to national or European law, eg Human Rights/Disability Discrimination Acts.
* Environmental – relating to the environmental consequences of progressing the Service’s strategic objectives, eg energy efficiency, recycling etc.
* Competitive – affecting the competitiveness of the Service and its ability to deliver Better Value.
* Customer/Citizen – those associated with failure to meet the current and changing needs and expectations of our customers and citizens
Operational Risks, are those which managers and staff will encounter in the daily course of their work and are identified as falling within the following categories:
* Professional – those associated with the particular nature of each profession, eg the Human Rights Act.
* Legal – those associated with possible breaches of legislation
* Financial- those associated with financial planning
* Physical – those related to fire, security, accident prevention and Health and Safety, eg risks associated with buildings, vehicles, plant and equipment.
* Contractual – those associated with the failure of contractors to deliver services or products to the agreed specifications or within agreed timescales.
* Reputational – those relating to the organisations reputation and the public perception of the organisations efficiency and effectiveness
* Technological – those relating to the reliance on operational equipment, eg IT equipment/systems
* Environmental – those relating to pollution, noise or energy efficiency of ongoing service operation
Risk Control
Risk control is the process of taking action to minimise the likelihood of the risk event occurring, the frequency with which it might occur and/or reducing the severity of the consequence should it occur. This will involve for example risk avoidance, risk transfer and/or introduction of operating controls.
The control arrangements already in place and any additional controls required will be identified and recorded for each of the key risks. (Note, the benefit of controls should always be evaluated against the additional cost of these.)
Risk Recording and Monitoring
The risks and control measures will be recorded in a Risk Register in the prescribed format. A process for review of the risks and related controls will be established, to assess how effective the policy has been. The register will contain the following information:
* description of risk
* assessment of likelihood
* assessment of impact
* risk score
* controls in place
* controls planned
* risk owner
* date controls last reviewed
The risk register should be maintained on a regular basis by updating it to reflect changes to existing risks and for inclusion of any significant new risks identified, whilst maintaining an audit trial of changes.
The register will be reviewed on an annual basis and the success of the control measure evaluated and reported on.
The Inclusion of Risk Management Implications in Reports
Risk Management implications must be included in all reports so that these can be taken into account in the decision making process. As such a separate section should be inserted in all Committee/Management Team reports in which the author states what, if any, risks have been identified and how these will be managed. If appropriate these should feed into the corporate risk register, for on-going monitoring.
If no risks have been identified a statement should be made to that effect.
Risk Management Working Group
The Risk Management Working Group is chaired by the Chief Fire Officer and is attended by a nominated Member of the Combined Fire Authority, the Director of Finance and other members of the Senior Management Team.