Your Councillors

Policy and Resources Committee Risk Update – October 2018

Corporate Risks

The Council’s corporate risks are those risks which could impede the achievement of our strategic objectives.  The corporate risk register was last reported to Members in April 2018. 

The matrices below provide a snapshot of the corporate risk profile, with the location on the matrix being dependent on the score of risk likelihood and impact.  This is based on the inherent risk, i.e. the risk impact and likelihood (as defined in Appendix 1C) considering any existing controls in place to manage the risk, but before any further planned controls are introduced.  For a base comparison we have included the profile from the previous risk update:

 

The following table illustrates the risk heading and summarises how the risk score has moved between April and October 2018: 


There has been an increase in the partner relationship risk (f) as a result of the KCC judicial review.  The management of this risk is outlined on the next page.

The reduction in the legal /compliance breaches risk (b) is due to the implementation of planned controls. 

While there has been no change in the overall risk score of the remaining risks, action has been taken to implement some of the planned controls.



There are two BLACK corporate risks – i.e. risk that sit above the Council’s tolerance (Poor Partner Relationships and Housing Pressures).  Controls have been identified to manage these risks down to a more acceptable level as required by the risk appetite guidance.  Furthermore, these risks are being closely monitored by the Corporate Leadership Team through the following:

·         Poor Partner Relationships: The relationship with partners, and KCC in particular, is something which senior officers keep under review as part of the different areas of work the Council participates in.

·         Housing Pressures: Corporate Leadership Team receive monthly updates from the Housing Service which allows them to monitor progress and provide guidance, support and focus where needed. 

Further detail on the corporate risks, including a description of the risk and details of existing and planned key controls can be found in Appendix 1A.

 

What’s on the Horizon?

The identification and management of potential risks is an essential task for any successful local authority.  Anticipating trends not only helps to build resilience against harmful events, but also means we are in a good position to take advantage of valuable opportunities.  While not a formal process, we maintain an awareness of issues on the horizon.  Consideration can then be given to whether these issues are crystallising into risks that need to be recognised within our comprehensive risk register.

The following table outlines the key external factors we are facing and how we maintain our awareness of changes in these areas.  The process for developing the new Strategic Plan has more broadly enabled consideration of external factors on the horizon.

 

Factor

Maintaining Awareness

Brexit

Operational group to review available information and assess risks.

Climate change

Flood risk management and Emergency Planning processes.

Population change

Work with health and social care partners, understanding poverty impact of universal credit.

Technological change

IT Strategy development identified potential and risk.

Utility failure

Business continuity planning.

 

 

Operational Risks

All Council services maintain an operational risk register. Operational risks are the responsibility of the services to manage, and so fall within the remit of our Managers and Heads of Service. The following matrix shows the operational risk profile for the Council. This is based on the inherent risk, i.e. the risk impact and likelihood (as defined in Appendix 1C) considering any existing controls in place to manage the risk, but before any further planned controls are introduced.  The table shows the number of risks for each colour category.

These risks are managed in accordance with the Council’s Risk Appetite Statement, whereby services routinely monitor their risks based on the risk score (see Appendix 1B).  Quarterly risk updates are presented to Corporate Leadership Team (CLT) on all risks above the Councils appetite – i.e. those risks which are RED or BLACK (24 in total).

The BLACK risk relates to political inter-organisational consensus on implementing Local Plan actions and has been impacted by the KCC judicial review.  This is monitored by CLT through the same routes as for the corporate risk relating to partner relationships. Should the circumstances for an existing risk change such that the score is increased into BLACK this will be escalated to CLT and a decision made as to any further action needed and how the risk is best monitored.  Monitoring of these high level risks enables more effective challenge on the effectiveness of controls, and also means that support can be put in place to help manage the impact of the risk.


 

Next Steps

Risk management is a continuous process, and to be valuable it must be updated and maintained. Moving forward into 2018/19, the following areas will be our focus in order to further strengthen the risk management process and develop a positive risk culture across the Council:

1.      To undertake the first full review of the framework: The framework has been operating for nearly 3 years, and so it is the right time to review and where necessary update the framework to ensure that it remains fit for purpose.

2.      Develop a training programme: We (Mid Kent Audit) have continued to facilitate workshops, and deliver risk sessions as and when requested. However, developing the overall knowledge and expertise for risk management across the Council requires a wider approach. We will be looking to develop a training session for managers and officers on the principles of risk management, and to tailor that to the framework and procedures.

3.      Planning risks: The process for identifying planning risks and their associated mitigating actions will be reviewed.

4.      Refresh of Corporate Risks: In light of the work to update the Council’s strategic plan a workshop will be run in the new year to refresh the Corporate Risks. 

Risk management is adding real value and insight, this wouldn’t have been possible without the great deal of positive engagement and support from Senior Officers and Managers in the Council. So, we’d like to take this opportunity to thank officers for their continued work and support.

 


 


Appendix 1A

Corporate Risks

The table below sets out each of the corporate risks in detail. Risk owners have assessed the impact and likelihood of the risks and identified the key controls and planned actions necessary to further manage the risk to an acceptable level: 

Risk (full description)

Risk Owner

Key Existing Controls

Inherent rating

I       L      

Controls planned

Residual rating

I      L      ∑

Breakdown of Governance Controls
Failure of the governance controls results in the Council making poor decisions or missing significant opportunities

Angela Woodhouse
&
Patricia Narebor

- Framework in Constitution with processes for regular review
- Committee agendas and work programmes
- Process for quick decision making in place (Urgency Committee)
- Member and Officer training programme
- Legal advice available with additional full time senior staff in place
- Sign-off in modern prior to report release from S151, Legal and Policy and Information Team
- Political Awareness and report writing training
- Development of Annual Governance Statement and Local Code of Corporate Governance review

4

2

8

- Democracy Committee review of Committee System
- Legal to review process for making comments on reports submitted in Modern to make it more efficient

4

2

8

Legal / Compliance Breaches
Breaches of regulations / laws result in significant financial penalties and damage to Council reputation

Angela Woodhouse
&
Patricia Narebor

- Individual service process designed to ensure compliance and supported by procedures
- Information governance group
- Training and guidance available and specific training given on report writing
- Weaknesses identified by Internal Audit and action taken
- Legal advice available with additional full time senior staff in place
- Annual Governance Statement action plan in place

4

2

8

- Share the Annual Governance Statement action plan more widely with staff through the Unit Managers

4

2

8

Workforce Capacity & Skills
The Council is unable to recruit or retain staff with the specialist, technical or professional expertise necessary to deliver its ambitions, or this delivery is hindered by the implications of managing long-term sickness.

Alison Broom
&
Bal Sandher

- Workforce Strategy monitoring and reporting
- Regular benchmarking of salary levels with public sector employers in South East England
- Rewards package reviewed regularly
- Training and development programme (including sickness absence, difficult conversations and resilience)
- Use of specialist agency staff
- Ability to adjust pay / offer market supplements
- Recruitment processes
- Resilience from shared service arrangements
- Regular monitoring & reporting of sickness absence levels and use of Kent Healthy Business Awards self-assessment tools and HSE Stress survey
- Attendance Management Policy  
- Occupational Health Service, Employees Assistance Programmes and employee well being timetable/
Funding for training through apprentice levy

2

2

4

- Implementation of actions from Investors in People assessment
- Review of workforce strategy
- New intranet page to enable staff to access information on health & wellbeing
- Roll out mental health first aider training
- Total reward statements being developed - communicate full benefit package/financial wellbeing benefit /manager induction being developed -  being clear on roles/responsibilities

2

2

4

Project Failure
Failure of significant capital projects of a housing and regeneration nature

Dawn Hudd
&
William Cornall

- Use of external specialist expertise such as Employers Agents on complex capital projects
- Project management processes adhered to with project board reporting where appropriate with new risks or pressures identified at an early stage
- Close working relationships with experienced partners and stakeholders
- Specialist training undertaken by the newly formed capital projects team
- The purchase of specialist development appraisal software (Proval) to more accurately predict financial returns as well as cash flows
- Skills in this area brought in at CLT level
- Close working with the Finance team on a well-developed capital programme that carefully considers cumulative exposure and cash-flow management
-  Awareness, expertise and success in bidding for grant monies from government to support the delivery of capital projects, so as to act as a buffer against cost overruns and income shortfalls
- The adoption of and adherence to the Housing and Regeneration Investment Plan
- Projects monitored through the CLT Corporate Projects Group

4

4

16

- Detailed and consistent analysis of project risks at approval stage, through approval Process required at Policy & Resources Committee
- Adherence to a suite of financial hurdle rates for new capital projects which are reflective of different sector risk profiles

4

3

12

ICT Systems Failure / Security
Security breach or system outage resulting in Council systems being unavailable and/or significant fines/ransom demands

Chris Woodward
&
Steve McGinnes

- Regular backups of ICT systems
- Disaster recovery plan
- ICT Security Policy

4

4

16

- Procurement of additional security counter measures
- Introduce cyber security software to test & improve staff awareness training

- Corporate Leadership Team monitoring of Performance Indicators around cybersecurity

4

4

16

Poor Partner Relationships
Conflicting partner expectations or poor engagement / cooperation leads to difficulty delivering services or other Council ambitions

Alison Broom

- Regular meetings / communication with partners
- Joint working arrangements
- Engagement with members
- Governance arrangements for shared services
- Governance arrangements for partnerships including Joint Transport Board, Safer Maidstone Partnership and Health and Well-Being Group, Thames Gateway Kent Partnership Board and other similar groups
- Continued horizon scanning in respect to devolution
- Working in the spirit of the protocol for joint working with Kent County Council concerning planning and transport

4

5

20

- Increased joint work with KCC highways and waste teams
- Strategic Board with KCC for Leads Langley relief road & alternatives
- Remedies sought through judicial review on transport issues
- CLT looking at how to increase the level of political engagement

4

4

16

Housing Pressures Continue to Increase
The housing crisis in the South East has a growing impact on MBC’s ability to fund and manage not only the homelessness service, as it implements to Homelessness Reduction Act, but also to meet the broader housing need that is emerging as a result of the limited supply of affordable housing.

John Littlemore
&
William Cornall

- Homelessness prevention team has been created and staff resources increased
- MBC purchasing and leasing its own stock of temporary accommodation
- MBC building its own portfolio of market rented housing within Maidstone Property Holdings Limited
- Closer working with the housing association sector, and in particular Golding Homes
- More money was set aside in this year of the MTFS to meet the rising demand
- Temporary Accommodation Strategy has been reviewed and updated
- Agreed to acquire some additional Temporary Accommodation
- Report to CLT agreed the implementation of an in house Housing Management Team

4

5

20

- The possibility of the Council investing prudential borrowing monies into a JV with a housing association partner to take ownership of more of the affordable housing being delivered through the Local Plan is actively being explored
- Affordable housing development plan document within the Local Plan
- Homelessness strategy to be reviewed in December 2018
- Closer working with the voluntary sector, targeting the allocation of grants more the delivery of services to this area of need
- Closer working with the private rented sector landlords, through the Home Finder scheme, and now starting to explore a more comprehensive offer to them

3

4

12

Delivery of the Local Plan Review by April 2022
Following the adoption of the LP by Full Council in Oct 2017, the focus in now upon delivering the LP Review, which will be a significant and complex project, involving the commissioning of refreshed evidence and policy development work. This project will be of a corporate / cross cutting nature, and could also encompass extending the LP period to 2036 or even 2041. Furthermore, the focus will also shift to the delivery of the outputs of the current LP too, predominantly in terms of housing numbers and supporting infrastructure.

Rob Jarman
&
William Cornall

- Work plans in place
- Communication and liaison with partners
- CLT oversight of development management performance to increase the timeliness of application decisions
- CLT oversight of S106 delays, this has been much improved of late
- Major Projects Team in the Planning department to process major applications faster
- The Developers Forum and Breakfast Meetings ensure an open dialogue with the major housebuilders
- The approach to the LP review has been set out within the MBC Local Development Scheme that was agreed by SPS&T.  This was supported by a comprehensive Gantt Chart detailing the various work-streams, commissions, consultation and decisions that will be required to meet the April 2022 target date.

3

3

9

- Learning lessons from other LP examinations workshop planned for April 2019
- Town centre opportunity areas project to hasten the delivery of the town centre broad locations
- Culture and behaviours programme to improve customer care and commerciality within the department

3

3

9

Financial Restrictions
The Council does not achieve its income or savings targets, incurs overspends or does not have the funding to meet standards or deliver aims.

Mark Green

- Project management processes
- External consultancy support
- Programmes of work agreed (e.g. transformation and commissioning)
- Budget monitoring processes in place
- Processes in place for setting budgets including scenario planning and approval of MTFS by Council

4

4

16

- Plans developed to close projected budget gap
- Lobbying to avoid Council suffering ‘negative RSG’
- Ensure MTFS is closely aligned to new Strategic Plan

4

3

12

General Data Protection Regulations (GDPR)
Non-compliance with GDPR could result in significant monetary fines and damage to Council reputation

Information Management Group

Angela Woodhouse

- GDPR Action plan in place and being worked on
- Monitoring of action plan by CLT; IMG and AGS Committee
- IT Commissioning Group review of new / updates to systems
- New e-learning module for staff and guidance for Members

4

3

12

- Deliver actions from the GDPR action plan
- Reviewing resources available to deliver GDPR action plan

3

3

9

Major contraction in Retail and Leisure Sectors
Maidstone Town Centre fails to attract commercial investment, vacancy rates rise due to failure of retail chains such as BHS and Maplin.  Such a decline may lead to a loss in social cohesion and a reduction in business rates.

Dawn Hudd
&
William Cornall

- Cross departmental approach
-  Town Centre Strategic Advisory Board established.
- Property acquisition completed (Royal Mail/Grenada House)
-Funding secure for public realm work
- Work commissioned to promote Maidstone as a business destination
- Supporting the One Maidstone Business Improvement District
- Established a multi-agency group focussing on impact of out of area placements into MBC

4

3

12

- Work commissioned to promote Maidstone as a business destination
- Work commenced to develop town centre opportunity sites
- Considering an article 4 directive to remove permitted development rights for the conversion of offices to residential use
- Study to be commissioned in to the future of Maidstone Town Centre

3

3

9


 

Appendix 1B

Maidstone Risk Management Process: One Page Summary



Risk Appetite – Monitoring Process

We illustrate our risk appetite and tolerance in the matrix below. The RED shaded area represents the outer limit of our risk appetite, and the BLACK area indicates the tolerance. As a Council we are not willing to take risks that have significant negative consequences on the achievement of our objectives.

The matrix also illustrates how we monitor risks. The Council’s highest level risks (those with a combined score of 12 and above) are reported to Corporate Leadership Team for consideration and guidance.

 

 

 

 

 

 

 

 

 

 

 

 

Risk Rating

Guidance to Risk Owners

20-25

Risks at this level sit above the tolerance of the Council and are of such magnitude that they form the Council’s biggest risks.

 

The Council is not willing to take risks at this level and action should be taken immediately to manage the risk.

 

Identify the actions and controls necessary to manage the risk down to an acceptable level.

If still scored above 20, report the risk to the Audit Team and your Director.

 

Steps will be taken to collectively review the risk and identify any other possible mitigation (such as controls).

 

Risks that remain at this level will be escalated to CLT, who will actively monitor and provide guidance on the ongoing management of risks at this level.

12-16

These risks are within the upper limit of risk appetite. While these risks can be tolerated, controls should be identified to bring the risk down to a more manageable level where possible.

 

 

Identify controls to treat the risk impact /likelihood and seek to bring the risk down to a more acceptable level.

 

These risks should be monitored and reviewed monthly.

If unsure about ways to manage the risk, consult with the Internal Audit team.

 

Risks at this level will feature in a quarterly risk update to CLT who will provide oversight and support if needed.

5-10

These risks sit on the borders of the Council’s risk appetite and so while they don’t pose an immediate threat, they are still risks that should remain under review. If the impact or likelihood increases then risk owners should seek to manage the increase.

 

 

Keep these risks on the radar and update as and when changes are made, or if controls are implemented.

 

Movement in risks should be monitored, for instance featuring as part of a standing management meeting agenda.

 

Responsibility for monitoring and managing these risks sits within the service.

3-4

These are low level risks that could impede or hinder achievement of objectives. Due to the relative low level it is unlikely that additional controls will be identified to respond to the risk.

Keep these risks on your register and formally review at least once a year to make sure that the impact and likelihood continues to pose a low level.

1-2

Minor level risks with little consequence but not to be overlooked completely. They are enough of a risk to have been assessed through the process, but unlikely to prevent the achievement of objectives. 

No actions required but keep the risk on your risk register and review annually as part of the service planning process.

Impact: 5

Likelihood: 1

Rare events that have a catastrophic impact form part of the Council’s Business Continuity Planning response.

Record on your risk register and Internal Audit will co-ordinate with Business Continuity officers.  

 


 

Appendix 1C

Impact & Likelihood Scales

         

Risk Impact

         

Risk Likelihood