Subject: |
Strategic Risk Focus Report: SR36, SR23 and SR21 |
|||
Date of Meeting: |
28th September 2021 |
|||
Report of: |
Executive Lead Officer, Strategy, Governance & Law |
|||
Contact Officer: |
Name: |
Kat Brett |
Tel: |
01273 293846 |
|
Email: |
Kat.Brett@brighton-hove.gov.uk |
||
Ward(s) affected: |
All |
FOR GENERAL RELEASE
1. PURPOSE OF REPORT AND POLICY CONTEXT
1.1 To report to the Audit & Standards Committee on the latest quarterly update to the city council’s Strategic Risk Register (SRR).
1.2 The Committee have agreed to focus on at least two strategic risks (SRs) at each of their meetings. For this meeting there are three SRs risks to receive focus and to enable Members’ questions to be asked there will be attendance by Risk Owners as detailed below:
The Executive Director, Economy, Environment & Culture (ED EEC) in respect of:
SR36 Not taking all actions required to address climate and ecological change and transitioning our city to carbon neutral by 2030.
SR23 Unable to develop and deliver an effective Regeneration and Investment Strategy for the seafront and ensure effective maintenance of the seafront infrastructure.
The Executive Director, Housing, Neighbourhoods & Communities (ED HNC) in respect of:
SR21 Unable to manage housing pressures and deliver new housing supply.
2. RECOMMENDATIONS:
That the Audit & Standards Committee:
2.1 Note the SRR detailed within Table 1 of this report.
2.2 Note Appendix 1 the CAMMS Risk report with details of the three SRs and actions taken (‘Existing Controls’) and actions planned.
2.3 Note Appendix 2 which provides:
i. a guide on the risk management process;
ii. guidance on how Members might want to ask questions of Risk Owners, or officers connected to the strategic risks; and
iii. details of opportunities for Members, or officers, to input on Strategic Risks at various points and levels.
2.4 Make recommendations for further action(s) to the relevant council body.
3. CONTEXT/ BACKGROUND INFORMATION
3.1 The city council’s SRs are reviewed quarterly by the Executive Leadership Team (ELT) taking on board comments from quarterly risk reviews carried out at Directorate Management Teams. This process ensures the currency of the city council’s SRR.
3.2 The Audit & Standards Committee has a role to monitor and form an opinion on the effectiveness of risk management and internal control.
3.3 The initial risk score takes account of the existing controls in place to mitigate the risk (current score). The revised risk score assumes that all risk actions are successfully delivered (target score). The ‘likelihood’ score ranges from Almost Impossible (1) to Almost Certain (5) and the ‘impact’ score ranges from Insignificant (1) to Catastrophic (5). These scores are multiplied to give the risk score.
3.4 At ELT’s review of the SRR on 14 July 2021 no risks were removed, no new risks were proposed or agreed. There remain 16 Strategic Risks. There were no changes to the Strategic Risk Register.
The risk heat map and Table 1, below, shows the current 16 Strategic Risks in the highest Revised Risk order which takes account of future actions to reduce or mitigate the risks.
Risk Nos. |
Risk Title |
Initial Risk Score Likelihood (L) x Impact (I) & Direction of Travel (DOT) |
Revised Risk Score Likelihood (L) x Impact (I) & Direction of Travel (DOT) |
Committee (s) |
Risk Owner |
SR 2 |
The Council is not financially sustainable
|
5 x 4 ◄►
RED |
4 x 4 ◄►
RED |
Policy & Resources Committee
|
Acting Chief Finance Officer |
SR 36 |
Not taking all actions required to address climate and ecological change and transitioning our city to carbon neutral by 2030 |
5 x 4 ◄►
RED |
4 x 4 ◄►
RED |
Environment, Transport & Sustainability Committee
|
Executive Director, Economy, Environment & Culture |
SR 20 |
Failure to achieve health and social care outcomes due to organisational and resource pressures on the Clinical Commissioning Group (CCG) and Brighton & Hove City Council (BHCC) |
5 x 4 ◄►
RED
|
4 x 4 ◄►
RED
|
Health & Wellbeing Board |
Executive Director, Health & Adult Social Care |
SR 37 |
Not effectively responding to and recovering from COVID-19 in Brighton and Hove including building resilience for future pandemics
|
4 x 4 ◄►
RED |
3 x 4 ◄►
AMBER |
Health & Wellbeing Board and Policy & Resources (Recovery) Sub-Committee |
Executive Director, Health & Adult Social Care
|
SR 32 |
Challenges to ensure health & safety measures lead to personal injury, prosecution, financial losses and reputational damage
|
4 x 4 ◄►
RED
|
3 x 4 ◄►
AMBER
|
Policy & Resources Committee |
Assistant Director Human Resources & Organisational Development |
SR 33 |
Not providing adequate housing and support for people with significant and complex needs |
4 x 4 ◄►
RED
|
3 x 4 ◄►
AMBER
|
Health & Wellbeing Board and Housing Committee
|
Executive Director, Health & Adult Social Care
|
SR 18 |
The organisation is unable to deliver its functions in a modern, efficient way due to the lack of appropriate technology |
4 x 4 ◄►
RED |
3 x 4 ◄►
AMBER
|
Policy & Resources Committee
|
Assistant Director Human Resources & Organisational Development |
SR25 |
Insufficient organisational capacity or resources to deliver all services as before and respond to changing needs and changing circumstances
|
4 x 4 ◄►
RED |
3 x 4 ◄►
AMBER |
Policy & Resources Committee
|
Chief Executive |
SR 13 |
Not keeping vulnerable adults safe from harm and abuse
|
4 x 4 ◄►
RED |
3 x 4 ◄►
AMBER |
Health & Wellbeing Board
|
Executive Director, Health & Adult Social Care
|
SR 15
|
Not keeping children safe from harm and abuse |
4 x 4 ◄►
RED |
3 x 4 ◄►
AMBER |
Children, Young People & Skills Committee
|
Executive Director Families, Children & Learning |
SR 10 |
Corporate information assets are inadequately controlled and vulnerable to cyber attack
|
4 x 4 ◄►
RED |
4 x 3 ◄►
AMBER
|
Policy & Resources Committee
|
Chief Executive |
SR 21 |
Unable to manage housing pressures and deliver new housing supply
|
4 x 4 ◄►
RED |
3 x 3 ◄►
AMBER
|
Housing Committee
|
Executive Director, Housing, Neighbourhoods & Communities
|
SR 24 |
In the context of Covid-19 the needs and demands for services arising from the changing and evolving landscape of welfare reform is not effectively supported by the council
|
4 x 3 ◄►
AMBER |
3 x 3 ◄►
AMBER |
Policy & Resources Committee
|
Acting Chief Finance Officer
|
SR 23 |
Unable to develop and deliver an effective Regeneration and Investment Strategy for the seafront and ensure effective maintenance of the seafront infrastructure |
3 x 4 ◄►
AMBER
|
3 x 3 ◄►
AMBER
|
Environment, Transport & Sustainability Committee and Tourism, Equalities, Communities & Culture Committee |
Executive Director, Economy, Environment & Culture |
SR 29 |
Ineffective contract performance management leads to sub-optimal service outcomes, financial irregularity and losses, and reputational damage
|
3 x 4 ◄►
AMBER |
3 x 3 ◄►
AMBER |
Policy & Resources Committee |
Acting Chief Finance Officer |
SR 30 |
Not fulfilling the expectations of residents, businesses, government and the wider community that Brighton & Hove City Council will lead the city well and be stronger in an uncertain environment
|
3 x 4 ◄►
AMBER |
2 x 4 ◄►
AMBER |
Policy & Resources Committee |
Chief Executive |
4. ANALYSIS & CONSIDERATION OF ANY ALTERNATIVE OPTIONS
4.1 Through consultation with ELT the Risk Management process currently in operation was deemed to be the most suitable model.
5. COMMUNITY ENGAGEMENT & CONSULTATION
5.1 This is an internal risk reporting process and as such no engagement or consultation has been undertaken in this regard.
6. CONCLUSION
6.1 The council must ensure that it manages its risks and meets it responsibilities and deliver its Corporate Plan, risk management is evidence for good governance.
7. FINANCIAL & OTHER IMPLICATIONS:
Financial Implications:
7.1 For each Strategic Risk there is detail of the actions already in place (‘Existing Controls’) or work to be done as part of business or project plans (‘Risk Actions’) to address the strategic risk. Potentially there may have significant financial implications for the authority either directly or indirectly. The associated financial risks are considered during the Targeted Budget Management process and the development of the Medium Term Financial Strategy
Finance Officer Consulted: Jeff Coates Date: 17/08/2021
Legal Implications:
7.2 All Strategic Risks which are reported to the Audit & Standards Committee may potentially have legal implications. Members are referred to Appendix 1 of this Report for the detailed description (a description which normally makes reference to any legal implications of a direct nature) provided of the Strategic Risks being focused on in this Committee cycle.
7.3 The Council has delegated to its Audit & Standards Committee its powers and duties in relation to risk management, and as a result, this is the correct body for considering this Report.
Lawyer Consulted: Victoria Simpson Date:19/08/2021
Equalities Implications:
7.4 Risk owners are requested to ensure that equalities implications are considered in describing strategic risks, their potential consequences and when developing mitigating actions. This will be part of regular ELT & DMT risk review sessions.
Sustainability Implications:
7.5 SR36 has a key focus on sustainability. There are additional strategic risks, such as SR23 and SR21, which have sustainability implications. Risk owners will be requested to continue considering sustainability implications and this will also be part of regular ELT & DMT risk review sessions.
Any Other Significant Implications:
7.6 None.
SUPPORTING DOCUMENTATION
Appendices:
1. Appendix 1: CAMMS Risk report SR36, SR23 and SR21.
2. Appendix 2: A guide on the risk management process and how Members might want to ask questions of Risk Owners in relation to Strategic Risks.
Background Documents
1. None.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Causes |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Link to Corporate
Plan 2020-23. Outcome 1 'A city to call home'. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Potential Consequence(s) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1. Changes in
Government legislation require council intervention to prevent
homelessness at an earlier stage. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Existing Controls |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
First Line of
Defence: Management Controls |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
including the questions Members might want to ask of Risk Owners in relation to Strategic Risks
1. Across the council there are a number of risk registers which prioritise risks consistently by assigning risk scores 1-5 to the likelihood (denoted by ‘L’) of the risk occurring, and the potential impact (denoted by ‘I’) if it should occur. These L and I scores are multiplied; the higher the result of L x I, the greater the risk.
e.g. L4xI4 which denotes a Likelihood score of 4 (Likely) x Impact score of 4 (Major), which gives a total risk score of 16.
2. A colour coded system, similar to the traffic light system, is used to distinguish risks that require intervention. Red risks are the highest, followed by Amber risks and then Yellow, and then Green.
3. The Strategic Risk Register (SRR) mostly includes Red and Amber risks. Each strategic risk has a unique identifying number and is prefixed by ‘SR’ representing that it is a strategic risk.
4. Each risk is scored twice with an Initial ‘Current’ level of risk and a Revised ‘Target’ risk score:
a) The Initial ‘Current’ Risk Score reflects the Existing Controls already in place under the ‘Three Lines of Defence’ methodology. This represents good practice as it identifies the First Line – Management Controls; Second Line – Corporate Oversight; and Third Line – Independent Assurance and the currency and value of each control in managing the risk. Therefore the Initial Risk Score represents the ‘as is’/ ‘now’ position for the risk, taking account of existing controls.
b) The Revised ‘Target’ Risk Score focuses on the application of time and expenditure to further reduce the likelihood or impact of each risk. It assumes that any future Risk Actions, as detailed in risk registers, will have been delivered to timescale and will have the desired impact.
c) The Risk Owners are asked to consider the 4Ts of Risk Treatments – Treat, Tolerate, Terminate, Transfer. Risk actions should reduce the likelihood and/or impact – if neither are true, there will not be any reason to undertake the action.
Suggested questions for Members to ask Risk Owners and officers on Strategic Risks
The Audit & Standards Committee has a role to monitor and form an opinion on the effectiveness of risk management and internal control. As part of discharging this role, the Committee focuses on at least two Strategic Risks at each of their meetings.
The Committee invite the Risk Owners of Strategic Risks to attend Committee and answer their questions based on a CAMMS Risk report appended to each Report. In the CAMMS Risk report, the Risk Owner:
1. Describes the risks, the cause and potential consequences and the officers involved and provides an Initial ‘Current’ Risk Score which takes account of the existing controls in place to mitigate the risk.
2. Existing Controls are set out using the Three Lines of Defence model:
· 1st line: management controls
· 2nd line: corporate oversight
· 3rd line: independent assurance
This is provided in order that Members can identify where the assurance comes from, and how frequently it is reviewed and in the case of the 3rd line, then whether audits of inspections have happened and if so when that did it happen and what the results were. Risk Owners ensure that existing controls continue to operate effectively.
3. (Future) Risk Actions then are detailed and allocated to individuals with percentages achieved against target dates, with commentary on the current position. This provides the Revised ‘Target’ Risk Score which assumes that all the risk actions have been successfully delivered.
The Risk Owners of Strategic Risks will always be an Executive Leadership Team (ELT) officer. They may bring with them to Committee other officers who are more closely connected to the mitigating work.
Three areas of enquiry are suggested to be explored by the A&S Committee:
1. Is the Risk Description appropriately defined? Does the Committee understand the cause and potential consequences?
2. Is the Committee reassured that each (future) Risk Action either reduces the impact or the likelihood of the risk? Are members reassured that risk actions are actually being delivered?
3. In respect of the Initial ‘Current’ and Revised ‘Target’ Risk Scores, does the Committee feel comfortable with Risk Owner’s assessment? This represents the risk level that the organisation is prepared to accept.
How Members and officers can input on Strategic Risks (SRs)
The risk management process benefits from input by Council Members and by staff at all levels. The opportunities to do this are:
Members to ELT leads:
· Each SR is discussed between Members and ELT leads at the regular meetings with Committee Chairs
· Members are responsible for raising risks that they identify with their contact officers, often the Head of Service, Assistant Director or Executive Director
· Any risk suggestion from Members will be reviewed by ELT and any actions taken will be reported back to the relevant Member(s).
Officers to Line Manager, Directorate Management Team (DMT) or corporate risk management lead:
· The Behaviour Framework expects all officers to escalate risks and/or or suggest mitigations to their line managers. If officers feel they do not have appropriate access to their line managers, they may escalate the risk to the corporate risk management lead
· Risks may get discussed as part of staff meetings, PDPs/121s/ team and service meetings or part of projects or programmes. Any significant risks to be escalated through to their Head of Service/ Assistant Director to raise through the management chain and discuss at quarterly DMT risk reviews.
· The ELT lead within a directorate will discuss escalated risks with the DMT at least on a fortnightly basis and will seek assistance as required. They have access to ELT and determine the way forward in consultation with the Risk Management Lead.
DMT to ELT:
· The quarterly SR review at ELT includes a summary of Directorate Risks reviewed at DMTs
· The ELT lead within a directorate will discuss escalated risks with the ELT and determine the way forward i.e. whether to amend the Strategic Risk Register