The County Council’s Risk Management Strategy 2011
- Introduction and aims of the Strategy
- Our Risk Management Approach
- Tolerance to Risk
- Risk Management Policy Statement
- Health and Safety Policy Statement
- Setting Targets and Improvement Actions
- Priorities
- Roles, Responsibilities and Reporting on risk
- Measuring Performance and Providing Assurance
Introduction and aims of the Strategy
Hampshire County Council recognises that we live in an uncertain world, where the people, environment and communities of Hampshire may be at risk. Risk Management is the framework by which the County Council can view, manage and respond to risk, both threats and opportunities, in a robust, systematic and documented way.
The County Council has a track record of successful risk management and innovative service delivery initiatives. It has a mature risk management framework and associated policies, dating back to 1999.
The County Council has successfully embedded risk management into many of its business as usual practices. This has been acknowledged by external review by the Audit Commission and Rospa. In 2008 and 2009 the County Council’s risk management arrangements were commended by the Audit Commission and in 2010 the County Council received Rospa’s award in their best Public Sector, Education and Local Authority category. Benchmarking exercises with other public sector organisations in 2010 indicated that the maturity of Hampshire County Council’s risk management framework against the Alarm National Risk Management Performance Model was among the top quartile of County Councils.
The County Council recognises that maintaining a dynamic risk aware culture is vitality important as it goes through a period of significant change, with the increasing need to balance the effects of budget reductions, changes to services provided and possible increased demand. The financial challenges facing the County Council may mean that it will need to adopt positive strategies to risk taking, in order to maintain the resilience of its essential services through a period of change.
In addition, the County Council recognises that there will be changes to the services that the Council provides, as well as changes to the way that these services may be provided, and associated legislative requirements.
The County Council recognises that the way that it manages the many risks facing it contributes towards the implementation of its objectives and the achievement of its priorities:
- Hampshire safer and more secure for all
- Maximising wellbeing
- Enhancing our quality of place
The benefits gained in managing risk effectively are improved strategic, operational and financial management, better decisions and outcome delivery, improved statutory compliance and ultimately improving the services that the people of Hampshire receive.
The aims of this strategy are to support the challenges that the County Council may face allowing it to react dynamically to sharply changing external circumstances by delivering improvements to the capacity for the Council to handle risk effectively and deliver successful outcomes.
Our Risk Management Approach
The County Council is clear that it wants its risk management to: deliver the capacity across the organisation to be more confident with risk so that we can use it to deliver the outcomes we want – even if that means taking more, managed risk.
In delivering that aim, the County Council will also ensure that it continues to provide a safe and healthy place to work.
This strategy aims to ensure that the County Council maintains and improves its safety management system throughout the organisation and its supply chain in accordance with the Health and Safety at Work Act 1974.
The County Council will take a pro-active approach to its business risk – in order for us to take acceptable risk. The County Council believes that risk needs to be managed rather than avoided.
The Council will also ensure that its response to risk is proportionate.
The County Council’s approach to risk is based on the principles outlined in the British Standard, BS31100, the International Standard on Risk Management, ISO 311000 and “Successful Health and Safety Management”, HSG65.
Tolerance to Risk
The amount of risk the County Council is prepared to accept or be exposed to (its risk appetite) will vary according to the perceived significance of particular risks and the timing (it may be more open to risks at different points in time), as well as regulatory or legislative constraints. It may be prepared to take comparatively large risks in some areas and none at all in others.
The Cabinet, and, where appropriate, CMT, are responsible for setting the Council’s overall appetite for risk, having taken into account advice provided by the Risk Management Board. The Board may advise risk appetite levels for specific areas and issue guidelines.
Risk Management Policy Statement
The County Council is already committed to the challenge of managing the risks and uncertainties related to its business. Its approach is founded on the following principles, which are critical success factors for effective risk management:
- Cabinet, Audit Committee, all Members of the County Council and senior management to support, own and lead on risk management.
- Risk management policies and the benefits of effective management to be clearly communicated to all staff.
- Risk management is the responsibility of every person in the organisation. All staff are effectively risk managers. Managing risk should be firmly embedded in everyone’s thinking, behaviour and actions.
- Managing risks to be closely linked to the achievement of business objectives.
- Risk management is a key element of the Council’s corporate governance and performance management framework. Managing risk should be firmly embedded in all core management processes including policy-making, service improvement plans and business planning, project management, operational management and decision making. It should be consistently applied.
- Regular monitoring and reporting of risk on a constructive basis, including early warning of risks likely to have a significant impact on the achievement of the County Council’s objectives, to be carried out by departments, the Risk Management Board and Cabinet.
- Risks and risk treatment progress is regularly reviewed.
- Risk taking, innovation and exploitation of opportunities are encouraged within a well-managed environment, where risks are identified and appropriate mitigation measures are taken.
- Decisions about risk should be grounded in evidence (facts and measurements) whenever possible and a record kept of what factors were taken into account in making the decisions in order to provide an audit trail.
- Departments are responsible for identifying, evaluating, and managing their own risks, contributing towards the management of corporate and cross-cutting risks and explicitly assessing and managing risks associated with working with other partner organisations to realise a common understanding of risks, agree a proper means for handling them and co-ordinating responses.
- Ownership is assigned to a specific person at an early stage for each risk identified. Mitigation measures introduced to control and reduce risks should be effective, appropriate, proportional, affordable and flexible.
Health and Safety Policy Statement
The Council recognises that good health and safety management supports the delivery of our services for the people of Hampshire. As part of the overall Risk Management process and culture, good health and safety management will help reduce injury and loss, help promote a healthy workforce and help protect all who are affected by the Council’s services.
This Policy and the management structure and arrangements that support it, contributes to the achievement of the three Corporate Priorities by reducing injury and loss and promoting a healthy workforce. This supports making Hampshire safer and more secure for all, it reduces injuries and ill health to employees and the wider public, thereby Maximising Wellbeing and reduces potential damage to the environment, supporting Enhancing our Quality of Place.
Hampshire County Council recognises and will meet its common law and statutory health and safety responsibilities. The Council will provide, so far as is reasonably practicable, a safe and healthy environment for its staff and all persons affected by its undertaking. This will be based on providing safe environments for learning, leisure and care work, safe places of work, safe systems of work, safe equipment and materials for use at work and individuals who are competent.
The Council will maintain appropriate health and safety management systems, arrangements and organisational structures to ensure adequate health and safety for all people affected by its operations. The Council has adopted as the model for its health and safety management systems the Health and Safety Executive’s “Successful Health and Safety Management” (HSG 65) and will measure its health and safety management systems against that model. The Council will monitor and review the effectiveness of these systems.
Managers will ensure health and safety matters are an integral part of all activities and health and safety is given due consideration with other service commitments.
The Council will endeavour to consult on significant health and safety issues with the workforce in good time to enable staff to express their views on health and safety issues. All staff must actively support the Council’s efforts by working with due regard to the safety of themselves and others. The Council expects and encourages similar support from contractors, partners and volunteers and co-operation from clients and other visitors who use its facilities or visit premises.
Setting Targets and Improvement Actions
A comprehensive Improvement Plan to deliver this strategy’s priorities will be drawn up by the Risk and Safety Executive Group (RSEG) to be delivered across the County Council to support actions taken in Departments. The Risk Management Board will review the Priorities on an annual basis to ensure that they continue to conform to the overall priorities and needs of the organisation.
Priorities
Priority 1 – Develop capacity across the organisation for handling risk and responding dynamically to uncertainty by:
- Maintaining Streamlined, Dynamic Processes and Infrastructure
- Building confidence in handling risk
- Demonstrating Value for Money
- Learning from success and failure
Priority 2 – Maintain acceptable Health and Safety standards across the organisation, whilst increasing consistency of practice and behaviour against those standards and driving those standards into the organisation’s supply chain by:
- Competence
- Achieving consistent standards
- Driving safe systems of work into the supply chain
- Effectively managing workforce related risks
Priority 3 – Ensure that risk management effectively supports Outcome Delivery, Structural Transformation, Efficiency and Effectiveness by:
- Managing the risks to successful outcome delivery
- Enabling Structural Transformation
- Supporting innovation and reducing costs
Priority 4 – Develop and maintain the County Councils role in terms of community engagement in specific risk areas (e.g. flood management & resilience across partners and supply chain)by:
- Driving resilience throughout partners & the supply chain
- Providing Community Resilience Leadership
How Progress of Improvement Actions Will be Monitored
Regular reports on progress against targets and actions set will be reviewed by RSEG, with an annual report presented to the Risk Management Board/Cabinet.
Roles, Responsibilities and Reporting on risk
A framework for reporting and monitoring risk has been established with clear guidelines on roles and responsibilities.
Overall, Chief Officers have a direct responsibility for ensuring that the risks relating to their services are managed appropriately. In Health and Safety terms, this responsibility extends to ensuring that the services that they are responsible for conform to health and safety legislation and regulation standards.
Group / Individuals |
Roles |
|---|---|
|
Cabinet and Executive Members |
To ensure compliance with the County Councils Policy on Risk Management. |
|
Corporate Management Team (CMT) |
To ensure that the County Council manages risk effectively . |
|
Risk Management Board |
To implement the council’s corporate strategy for managing risk and monitor delivery. To consider strategic cross-cutting risks, balance the portfolio of risk and horizon scan for emerging risks. |
|
Risk and Safety Executive Group |
To share experience on risk management and health and safety, including strategy implementation across the council, benchmarking risk where appropriate. |
|
Corporate Risk Manager |
To manage the performance framework for risk management and ensure compliance with any related performance plans |
|
Departmental Management Teams (DMTs) |
To ensure that risk is managed effectively in each service area within their departments, in accordance with the corporate strategy for managing risk. |
|
Departmental Risk Management Working Groups |
To oversee implementation of the corporate strategy for managing risk in their departments and the risk assessment process. |
|
Departmental Lead Officers |
To support the council and their departments in the effective implementation of risk management. |
|
Service Managers |
To manage risk effectively in their particular service areas and oversee the activities of risk owners. |
|
Risk Owners |
To manage effectively individual risks in their service area or area of expertise, responsibility for which has been devolved to them by their service manager. |
|
Employees |
To manage risk effectively in their job. |
|
Internal Audit |
To review and audit the risk management strategy as part of the Corporate Governance Framework. |
|
Audit Committee |
To monitor the rules, processes and behaviour that affect the way that governance is exercised within the council. |
View flowchart showing reporting lines for risk management
In support of this Strategy, Members, CMT and the Risk Management Board will foster a culture in which well-judged decisions about risks and opportunities can be made and where innovation can be handled with confidence
The Risk Management Board, CMT and Members will take an active lead in:
- driving implementation of the actions set out in this strategy;
- taking key judgements and providing clear direction, for example, in prioritising risks for action;
- ensuring clear accountability for managing risks; and
ensuring managers are equipped with the necessary skills, guidance and other tools needed to undertake effectively their responsibilities for managing risk.
Measuring Performance and Providing Assurance
The County Council has developed performance framework for its business risk management and health and safety management systems. These are based on the Alarm National Risk Management Maturity Model and the Health and Safety Executive’s “Successful Health and Safety Management”.
The County Council will use this performance framework to measure the performance of its management of risk, set robust targets for future improvement, report on progress and demonstrate value for money. Self assessment will be supported by documentary evidence, audits and reviews and performance indicators.
The aim is to develop sustained improvement to so that risk management is fully integrated and continuously improved.
Assurance on our services is provided by Internal Audit and our External Auditors.
Hampshire County Council, The Castle, Winchester, Hampshire, SO23 8UJ
This page was last updated on 19 August 2011. © Copyright Hampshire County Council 2012.