Thanet District Council is committed to adopting best practice in the identification, evaluation and cost effective control of risks to ensure that they are reduced to an acceptable level or eliminated, and also maximise opportunities to achieve the Council’s objectives and deliver core service provisions. It is acknowledged that some risks will always exist and will never be eliminated.
All employees must understand the nature of the risk and accept responsibility for risks associated with their area of work. In doing this they will receive the necessary support, assistance and commitment from Senior Management and Members.
The Council’s Risk Management Objectives are a long term commitment and an inherent part of good management and governance practices. The Objectives need the full support of Members and active participation of Managers.
The Council, as a corporate body, is bound by legal obligations to provide for the health and safety of its Members, employees and those that it serves. The Council is also obliged to protect its material assets and to minimise its losses and liabilities.
Governance is the system by which local authorities fulfil their purpose and achieve their intended outcomes for citizens and service users and operate in an effective, efficient, economic and ethical manner. Good governance leads to good management, good performance, good stewardship of public money, good public engagement and, ultimately, good outcomes for citizens and service users
Ensuring that the right thing is done in the right way, for the right people, in an open, honest and timely manner.
Risk is the chance or possibility of loss, damage, injury or failure to achieve objectives caused by an unwanted or uncertain action or event. Risk management is the planned and systematic approach to the identification, evaluation and control of risk. The objective of risk management is to secure the assets and reputation of the organisation and to ensure the continued financial and organisational well-being of the Council.
Risk the chance of something happening that will have an impact on the Council’s business or objectives.
Good risk management is about identifying what might go wrong, what the consequences might be of something going wrong and finally, deciding what can be done to reduce the possibility of something going wrong. If it does go wrong, as some things inevitably will, making sure that the impact is kept to a minimum.
Risk management should ensure that an organisation makes cost effective use of a risk framework that has a series of well-defined steps. The aim is to support better decision making through a good understanding of risks and their likely impact.
Risk management should be a continuous and developing process which runs throughout the organisation’s strategy and the implementation of that strategy, methodically addressing all risks surrounding the council’s activities past, present and future.
The process of identifying and managing risk, is to increase the probability of success and reduce the opportunity of failure.
Thanet District Council is committed to establishing and maintaining a systematic approach to the identification and management of risk.
The council’s risk management objectives are to:
- Ensure that risk management is clearly and consistently integrated and evidenced in the culture of the council.
- Manage risk in accordance with best practice.
- Anticipate and respond to changing social, environmental and legislative requirements.
- Consider compliance with health and safety, insurance and legal requirements as a minimum standard.
- Prevent death, injury, damage and losses, and reduce the cost of risk.Inform policy and operational decisions by identifying risks and their likely impact.
- Raise awareness of the need for risk management by all those connected with the council’s delivery of service.
These objectives will be achieved by:
- Clearly defining the roles, responsibilities and reporting lines within the council for risk management.
- Including risk management issues when writing reports and considering decisions.
- Continuing to demonstrate the application of risk management principles in the activities of the council, its employees and members.
- Reinforcing the importance of effective risk management as part of the everyday work of employees and members.
- Maintaining a register of risks.
- Maintaining documented procedures of the control of risk and provision of suitable information, training and supervision.
- Maintaining an appropriate system for recording health and safety incidents and identifying preventative measures against recurrence.
- Preparing contingency plans to secure business continuity where there is a potential for an event to have a major impact upon the council’s ability to function.
It is essential that a single risk management approach be utilised at all levels throughout the council. The council will consider and record operational risks with the service plans, and project risks within project plans. If an operational risk or project risk becomes significant enough it will be escalated via the line manager, Head of Service and Director to CMT for inclusion on the Corporate Risk Register until such time that management action is able to reduce the risk score to a desirable level. By effectively managing our risks and opportunities, which is all part of good governance, we will be in a stronger position to deliver our objectives, provide improved services to the public, work better as a partner with other organisations and achieve value for money. This approach to risk management will inform the council’s business processes, including:-
- Strategic planning
- Financial planning
- Service planning
- Policy making and review
- Performance management
- Project management
- Partnership working
For those with responsibility for achieving objectives, there is also responsibility for identifying and assessing risks and opportunities; developing and implementing controls and warning mechanisms; and reviewing and reporting on progress. The identified risks and relevant control measures will be managed through the council’s performance management system.
Some objectives could be reliant upon external groups that the council may work with, such as other organisations, partners, contractors etc. This partnership working could affect the achievement of an objective and therefore the risk management process has been incorporated into the way the council works within these partnerships.
The management of risk will become an integral part of corporate policy decisions and the initiation of major projects, which will include a statement on risk to help inform the decision making process.
This will assist members and officers to ensure that new risks are detected and managed, by providing more detail on the process for managing risk, where each stage builds upon the other and provides basic practical guidance on how to identify, assess and treat risks, and monitor their progress. To assist with this approach to risk management and to ensure consistency across the council, a guidance document on the risk management process has been prepared, which will be reviewed every three years (or sooner if required) and reported to the Governance and Audit Committee for approval and adoption.
Roles and responsibilities
Responsibility for risk management should run throughout the council. Clear identification of roles and responsibilities will ensure the successful adoption of risk management and demonstrate that it is embedded in the culture of the council.
Everyone has a role to play in the risk management process.
Roles and responsibilities detailed
- Member Risk Management Champion, Cabinet – To understand the importance of risk management in all that the council does and to champion the cause of risk management. Oversee the effective management of risk throughout the council and gain an understanding of its benefits, ensuring officers develop and implement an all encompassing approach to risk management.
- Elected Members – Gain an understanding and promote risk management and its benefits throughout the council.
- Governance and Audit Committee – Provide independent assurance of the risk management framework and associated control environment, independent scrutiny of the council’s financial and no-financial performance, to the extent that it affects the authority’s exposure to risk and weakens the control environment, and to oversee the financial reporting process. As stated in Audit Committees: Practical Guidance for Local Authorities, produced by CIPFA
- Corporate Management Team – Gain an understanding and promote the risk management process and its benefits, oversee the implementation of the risk management strategy and agree any inputs and resources required to support the strategy. Support the development of the risk management process, share experience on risk, and advise on the review of risk management issues. Identify areas of overlapping risk and share good practice on all aspects of risk management.
- Officer Risk Management Champion – Champion the risk management process throughout the council with both members and officers ensuring the process is embedded and effective.
- Section 151 Officer – Ensure the risk management processes are considered as specified in the Finance Procedure Rules.
- Directors – Ensure that the risk management process is promoted, managed and implemented effectively in their service areas within the organisation. Liaising with external agencies to identify and manage risk. Disseminating relevant information to service managers and employees. Escalate any significant risks appropriately to CMT.
- Heads of Service and Project Managers – Raise awareness, manage and implement risk management process effectively in their service areas, recommending any necessary training for employees on risk management. Incorporating risk ownership through the appraisals scheme with employees and share relevant information with colleagues in other service areas. Escalate any significant risks appropriately to the Director.
- Employees – Manage risk effectively in their jobs, liaising with their manager to assess areas of risk in their job. Identify new or changing risks in their job and feed these back to their line manager. Keep up to date with e-learning tools.
- East Kent Audit Partnership – Challenge the risk management process, including the identification and evaluation of risk and provide assurance to officers and members on the effectiveness of controls.
Ensure that the processes and procedures operate in an orderly and efficient manner, statutory and management requirements are complied with, assets are safeguarded, completeness and accuracy of records are secured and identifies and corrects when something has gone wrong.
Systems of internal control
A term to describe the totality of the way an organisation designs, implements, tests and modifies controls in specific systems, to provide assurance at the corporate level that the organisation is operating efficiently and effectively.
The control environment comprises the systems of governance, risk management and internal control. The key elements of the control environment include:
- establishing and monitoring the achievement of the organisation’s objectives;
- the facilitation of decisions that ensure compliance with established policies, procedures, laws and regulations – including how risk management is embedded in the activity of the organisation, how the risk management process is led, and how staff are trained or equipped to manage risk in a way appropriate to their authority and duties;
- ensuring the economic, effective and efficient use of resources and ensuring continuous improvement in the way in which its functions are exercised;
- the financial management of the organisation and the reporting of financial management;
- the performance management of the organisation and the reporting of performance management.
Managers will be responsible for ensuring that proper controls are in place to ensure that resources are used appropriately, to provide value for money and to deliver the council’s objectives. The controls will be reported through the Annual Governance Statement, to ensure that the systems and services they are responsible for deliver consistent, predictable, effective results in or to meet service or corporate objectives.
An audit process exists which independently monitors the controls and procedures across the council to enhance value for money, ensure systems’ reliance, minimise risk and act upon suspicion of fraud or corruption. External Audit relies on the audit processes in place in formulating their opinion of the council’s control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the organisation’s objectives.
Performance monitoring of risk management activity will ensure that the treatment of risk remains effective and the benefits of implementing risk control measures outweigh the costs of doing so. Performance monitoring is a continuous review not only of the whole process, but also of individual risks or projects and of the benefits gained from implementing risk control measures. The section regarding the communications process includes reporting, which aids the achievement of performance monitoring.
Ensuring that we are capable of delivering major and complex projects across many of our services is key to achieving the council’s objectives. Achievement of these projects is only possible because good managers take the time to plan, organise and manage their projects well. A project management toolkit has been established for the council, which draws on many areas of good practice that already exist across the council and provides a practical reference point for managers and staff embarking on projects. This tool includes provision for undertaking and continually reviewing the risk management process throughout the life of the project.
The council needs to ensure that the data we use for performance monitoring and to inform decision making is accurate, reliable and fit for purpose. If the information is misleading, decision making may be flawed, resources may be wasted, poor services may not be improved and policy may be ill-founded. These could represent significant risks to the council. There is also a danger that good performance may not be recognised and rewarded. The council has a Data Quality framework which sets out the measures in place to ensure that data is fit for purpose.
Anti-Fraud and Corruption
The council has an anti-fraud and corruption framework, which will direct the council towards ensuring a professional and ethical approach to combating fraud. The council has adopted a strategic approach in order to minimise the risk of losses through fraud and corruption.
To further ensure a comprehensive approach to tackling fraud and corruption, it is paramount that the full range of action is taken, integrating all the different strands. The council recognises that this is an ongoing process, with each element building and feeding back to others in a continuous improvement cycle.
Thanet District Council is committed to the highest possible standards of propriety and accountability in the conduct of its activities for the community. Employees are often the first to realise that something wrong may be happening within the council. The Whistleblowing Code is intended to help employees who have concerns over any potential wrong‑doing within the council.
The council is committed to the prevention, deterrence and detection of bribery. We have zero-tolerance towards bribery. We aim to maintain anti bribery compliance ‘business as usual’, rather than as a one off exercise.
The council’s policy is to do all that it can to prevent, wherever possible, the organisation and its staff being exposed to money laundering, to identify the potential areas where it may occur, and to comply with all legal and regulatory requirements, especially with regard to the reporting of actual or suspected cases.
The business continuity process is essentially risk management applied to the whole organisation and its ability to continue with its service provision in the event of a catastrophic event. The council must ensure risk management processes are applied throughout the business continuity lifecycle.
The structure for reporting risk management effectively is as follows:
|Risk Register reports to Governance & Audit Committee with responsibility for risk management||Member Risk Management Champion
Governance & Audit Committee
|Annually||Annual review of corporate risk||Governance & Audit Committee
|Every Three Years
|Review of the risk management strategy and process document to identify and agree major changes||Governance & Audit Committee
|Ad hoc||Risk / opportunity reviews||Risk / control measure owners|