Corporate level risk update

October 2017

The Corporate level risks are those that at the highest level can impede the achievement of our strategic objectives. They are inherently of a higher impact due to the nature of the risks.

Following the last update to Policy & Resources Committee in April 2017 we have facilitated a risk workshop with Senior Officers and Members to review and update the corporate risks. As part of this session, we looked at the existing risks, the external environment, and the three key priorities for 2017/18 – a home for everyone; regenerating the town centre; providing a clean and safe environment. This resulted in a list of risks, some existing and some new, that needed then to be assigned to a risk owner and assessed.  

In addition to this exercise, the Council, as part of service planning, asked all Services to identify their operational risks. These are collated into a single comprehensive risk register and are monitored and reported. A summary of the risk process is attached in appendix A. 

We undertook an exercise to classify and map the corporate and operational risks in order to identify any key risk themes. Collectively this highlighted 9 key risk areas. Using these risk areas we met with risk owners to distil and define them into key risks. These 9 risks now form the corporate level risks.

A summary of the risk headings and the high level risk matrix – which plots each risk – is set out below:

 

 


 

Changes since 2016/17

Risks change continuously, and this is why it is important to ensure that we keep risks under review. Something that was a significant risk last year may not be this year. As time moves on we understand more about the risk, and the in some cases the uncertainty become less.

As we took a thematic approach across all of the operational risks and the outcomes of the corporate risk exercise there have been a number of changes to the risk profile and the risks as a result.

A summary of the changes that have been made since we last reported to Members in April 2017 is set out below. We have added some narrative as to why these changes have been made:

REMOVED from the register:

 

Risk title

Comments

1

Failure to deliver commercial strategy

This risk has been superseded to reflect overall project delivery risk, due to the broader focus the Council takes, not just on commercial opportunities

2

Devolution

As the prospect of further devolution  appears to have receded, this risk has been superseded by a wider risk relating to partnership engagement

3

Over cautious administration

This risk was initially identified at a point in time when there was less clarity about future strategy and governance

4

Growing Population

The impact of service performance / quality is monitored through operational risk registers

5

Technology

This risk has been superseded by a risk relating to system failure or cyber security

ADDED to the register:

 

Risk title

Comments

1

Project failure

Reflects the overall risk to the council of capital projects failing

2

Poor partner relationships

Reflects the risks to the council of engaging with partners and balancing differing expectations

3

Legal / Compliance Breaches

Added to recognise the impact to the council of breaching laws / regulations

4

ICT system failure / security

The risks relating to council systems failing or a breach of network security

5

Increased Housing pressures

Reflects the various pressures on the council from the housing demand challenges

The Corporate risk register has therefore been updated to reflect the above changes, and risk owners have been reviewed, updated and assessed the risks.

 


 


Corporate Risks

The table below sets out each of the corporate risks in detail. Risk owners have assessed the impact and likelihood (definitions attached in appendix B) of the risks and identified the key controls and planned actions necessary to further manage the risk to an acceptable level: 

Risk (full description)

Risk Owner

Key Existing Controls

Inherent rating

Controls planned

Mitigated rating

I

L

I

L

Breakdown of Governance Controls

 

Failure of the governance controls results in the Council making poor decisions or missing significant opportunities

Angela Woodhouse

&

Patricia Narebor

-  Framework in Constitution

-  Committee agendas and work programmes

-  Process for quick decision making in place (Urgency Committee)

-  Member and Officer training programme

-  Legal advice available

-  Sign-off in modern prior to report release from S151, Legal and Policy and Information Team

-  Political Awareness and Report writing training

4

2

8

-  Regular review of the constitution

-  Democracy Committee review of planning referral process

4

2

8

Legal / Compliance Breaches

 

Breaches of regulations / laws  result in significant financial penalties and damage to Council reputation

Angela Woodhouse

-  Individual service process designed to ensure compliance and supported by procedures

-  Information governance group

-  Training and guidance available

 

5

4

20

-  Action plan to manage GDPR specifically

-  Training

-  Awareness Raising

-  Additional resource to support action plan delivery shared with Tunbridge Wells

5

3

15

Workforce Capacity & Skills

 

The Council is unable to recruit or retain staff with the specialist, technical or professional expertise necessary to deliver its ambitions.

Alison Broom

&

Dena Smart

-  Workforce Strategy monitoring and reporting

-  Regular benchmarking of salary levels with public sector employers in South East England

-  Rewards package

-  Training and development programme

-  Use of specialist agency staff

-  Ability to adjust pay / offer market supplements

-  Recruitment processes

-  Resilience from shared service arrangements

2

2

4

-  Implementation of actions from Investors In People assessment

-  Improved agency supplier agreement (Matrix )

-  Extended partnership arrangements to ensure greater resilience

2

2

4

Project Failure

 

Failure of significant capital projects of a housing and regeneration nature

Dawn Hudd

&

William Cornall

-  Use of external specialist expertise such as Employers Agents on complex capital projects

-  Project management processes adhered to with project board reporting where appropriate with new risks or pressures identified at an early stage

-  Close working relationships with experienced partners and stakeholders

-  Specialist training undertaken by the newly formed capital projects team

-  The purchase of specialist development appraisal software (Proval) to more accurately predict financial returns as well as cash flows

-  Skills in this area brought in at CLT level

-  Close working with the Finance team on a well-developed capital programme that carefully considers cumulative exposure and cash-flow management

4

5

20

-  Detailed and consistent analysis of project risks at approval stage, through approval process required at Policy & Resources Committee

-  Adherence to a suite of financial hurdle rates for new capital projects which are reflective of different sector risk profiles

-  Growing awareness, expertise and success in bidding for grant monies from government to support the delivery of capital projects, so as to act as a buffer against cost overruns and income shortfalls

-  The adoption of and adherence to the Housing and Regeneration Investment Plan

4

3

12

ICT Systems Failure / Security

Security breach or system outage resulting in Council systems being unavailable and/or significant fines/ransom demands

Chris Woodward

&

Steve McGinnes

-  Regular backups of ICT systems

-  Disaster recovery plan

-  ICT Security Policy

4

4

16

-  Procurement of additional security counter measures

-  Introduce cyber security software to test & improve staff awareness training

4

4

16

Poor Partner Relationships

 

Conflicting partner expectations or poor engagement / cooperation leads to difficulty delivering services or other Council ambitions

Alison Broom

-  Regular meetings / communication with partners

-  Joint working arrangements

-  Engagement with members

-  Governance arrangements for shared services

-  Governance arrangements for partnerships including Joint Transport Board, Safer Maidstone Partnership and Health and Well-Being Group

4

3

12

-  Increased joint work with KCC highways and waste teams

-  Protocol for joint working with Kent County Council concerning planning and transport

3

3

9

Housing Pressures Continue to Increase

 

The housing crisis in the South East has a growing impact on MBC’s ability to fund and manage not only the homelessness service but also to meet the broader housing need that is emerging as a result of the limited supply of affordable housing.

John Littlemore

&

William Cornall

-  Homelessness prevention team has been created in readiness for the Homelessness Reduction Act

-  MBC purchasing and leasing its own stock of temporary accommodation

-  MBC building its own portfolio of market rented housing within Maidstone Property Holdings Limited

-  Closer working with the housing association sector, and in particular Golding Homes

-  More money was set aside in this year of the MTFS to meet the rising demand

4

5

20

-  The possibility of the Council investing prudential borrowing monies into a JV with a housing association partner to take ownership of more of the affordable housing being delivered through the Local Plan is actively being explored, and an initial proposal will be put to the Policy & Resources Committee on 22nd November 2017

-  Affordable housing development plan document within the Local Plan

-  Homelessness and temporary accommodation strategies have been introduced and are to be reviewed in December 2017

-  Closer working with the voluntary sector, targeting the allocation of grants more the delivery of services to this area of need

-  Closer working with the private rented sector landlords, through the Home Finder scheme, and now starting to explore a more comprehensive offer to them

4

3

12

Delays in the Local Plan being adopted and subsequently delivering the desired outputs

 

Delays in delivering the Local Plan as a result of Judicial Review, inadequate infrastructure provisions and the ability to process the necessary quantum of planning consents rapidly.

Rob Jarman

&

William Cornall

-  Work plans in place

-  Communication and liaison with partners

-  CLT oversight of development management performance to increase the timeliness of application decisions

-  CLT oversight of S106 delays, this has been much improved of late

4

4

16

-  Learning lessons from other LP examinations

-  Town centre opportunity areas project to hasten the delivery of the town centre broad locations

-  Creation of a Major Projects Team in the Planning department to process major applications faster

-  Joint working protocol relating to S106 and infrastructure delivery close to be singed signed with KCC

-  Culture and behaviours programme to improve customer care and commerciality within the department

-  Delivery will largely be dependent upon market conditions, so ensuring an open dialogue with the major housebuilders through the Developers Forum and Breakfast Meetings

4

3

12

Financial Restrictions

 

The Council does not achieve its income or savings targets, incurs overspends or does not have the funding to meet standards or deliver aims.

Mark Green

-  Project management processes

-  External consultancy support

-  Programmes of work agreed (e.g. transformation and commissioning)

-  Budget monitoring processes in place

 

4

4

16

-          MTFS adopted by Council

-          Plans developed to close projected budget gap

-          Lobbying to avoid Council suffering ‘negative RSG’

4

3

12

Risks above the appetite level

The ‘controls planned’ section of the risk register enables risk owners to highlight actions that are either planned, or that need to be taken in order to help manage the impact or likelihood. Any risks that fall into the red and black areas of the matrix signify a level of risk where we would be expecting action to be taken.

You will see that even with planned actions there are 4 risks that still score highly:

·         Legal / Compliance breach

·         Project failure

·         ICT System Failure / Cyber Security

·         Housing Pressures

The principle set out in the risk appetite guidance is that these risks will be monitored monthly and escalated to Corporate Leadership Team to ensure that the actions are being taken to appropriately address the risks where possible to do so. In addition, for risk owners to highlight any further support needed to ensure that the risk is being managed.

Risks by definition are uncertain, and it is not possible to remove all uncertainty, especially for the risks that align directly to the achievement of our objectives. We will therefore continue to report to Members and monitor progress over the course of the year to highlight any significant movement of risks over time.


Appendix A

Maidstone Risk Management Process: One Page Summary


Appendix B

Impact & Likelihood Scales