City & County of Swansea
Risk Management Policy Purpose This policy sets out the framework for managing and communicating risk, detailing the main principles to ensure that risk management is effectively implemented throughout the City and County of Swansea. The Council recognises that it has a responsibility to manage business risks effectively in order to reduce uncertainty in achieving its goals and objectives and to benefit from opportunities. This policy applies to all Council staff and its principles should be applied when working internally or externally with partners and other stakeholders.
Approval Title
Reference No.: Date: Author: Website
Date
Version 0.5 “Draft� 04/11/09 Strategic Risk Group http://staffnet/riskmanagement
Risk Management Policy
Contents No 1 2 3 4 5 6
Title
Page No. 2 2 2 2 3 3
Risk Management Statement What is Risk Management? Aims of Risk Management Principles of Risk Management Risk Management Communication Corporate Risk Management Strategy
Document Control Version No.
Revision Date
Summary of Changes
N/A
1
Risk Management Policy 1. Risk Management Statement The City and County of Swansea is aware that the nature and range of its responsibilities and the environment in which it exercises them present a wide range of risks. Such risks may threaten the achievement of the Council’s aims and objectives as set out in the Corporate Improvement Plan and affects its employees, service users, Council tax payers and other stakeholders. The Council also recognises the need to strike the right balance between encouraging innovation and avoiding risk. It is appropriate to take and manage calculated risks in pursuing opportunities to improve services and to obtain better value for money. While the elimination of risk entirely is neither feasible nor desirable, the Council is committed to the continuing management of risk through a cost-effective formal process which involves risk identification, evaluation, and treatment to eliminate or mitigate either the likelihood of risks or their impact.
2. What is Risk Management? The term ‘risk management’ incorporates all the activities required to identify and control the exposure to risk which may have an impact on the achievement of the Councils business. Risk Management is a structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analysing, evaluating, controlling and responding to risk. Definition of Risk “Risk is an event, action, or lack of action that could adversely affect the Council’s ability to achieve objectives and to successfully execute its strategies. Risk arises as much from failing to capture opportunities whilst pursuing business objectives as it does from a threat that something bad will happen”
3. Aims of Risk Management Through this Policy, the Council aims to: • Provide an effective/consistent approach to evaluating risk across all activities; • Adopt realistic strategies for achieving aims and objectives; • Achieve better utilisation of staff time and resources; • Place greater emphasis on prevention rather than detection and correction; • Improve management and member awareness of strategic and operational risks; • Enhance the ability to justify the Council’s decisions (including the incurring of insurance costs).
4. Principles of Risk Management The Council views risk management as essential to improving services and enhancing accountability as well as securing compliance with formal policies and procedures. Risk will therefore be managed positively rather than in a purely reactive manner. Risk management is a key element in corporate and service planning requiring both a ‘top down’ and ‘bottom up’ approach. Management responsibility for delivery lies with the Chief Executive with members reviewing its effectiveness on an annual basis. Risk management is a continuous, evolving process which the Council will integrate into its other management and planning processes which support the achievement of its aims and objectives. 2
Risk Management Policy 4.1 Corporate Risks Risks that have a potential impact on the Council as a whole will be documented and managed via a corporate risk register. This will be frequently monitored by the Corporate Management Team (CMT) chaired by the Chief Executive. For risk management to be effective, it must be championed at a strategic level to ensure the business is aligned and responsive to the challenges the Council will face. A Strategic Risk Group will be established to ensure risks are identified, managed and responded too and the group will be responsible for supporting the implementation of the risk management process. 4.2 Directorate Risks Risks that have a potential impact on a Directorate will be documented and managed via a directorate risk register. This will be frequently monitored at Departmental Management teams (DMT) and by Performance & Financial Monitoring (PFM). A risk co-ordinator for every Directorate will be in place to ensure risks are identified, managed and responded too and they will support with colleagues the implementation of the risk management process. 4.3 Programme and Project Risk Risk is a major factor to be considered during the management of any Programme or Project. If they stand any chance of being successful, Programme/Project Managers are expected to create and maintain a Risk Tracker to ensure all risks are identified, managed and responded too. Every Programme and Project within the Council has a duty to identify and manage risks in a certain way. 4.4 Performance Risks Risk is one of the main drivers behind the Wales Programme for Improvement and agreeing an annual joint-risk assessment (JRA) with our regulators is statutory. The Council’s performance team will be responsible for undertaking this process.
5. Risk Management Communication This policy can only be fully effective if risk management becomes embedded in the Council’s culture. This will require effective communication and training and where a clear business case is made for treatment of a particular risk(s) or the pursuit of a specific opportunity, the commitment of resources is essential. Risk management must be costeffective and where resources are committed, their effectiveness in achieving their specific purpose will be monitored. The Council will disseminate best practice in risk management to all operational areas from its own experience and that of others.
6. Corporate Risk Management Strategy The policy should be read in-conjunction with the corporate Risk Management Strategy which aims to help managers and members at all levels apply risk management principles consistently across their areas of responsibilities. Implementation of the risk management strategy will require input from staff across the whole range of the Council’s activities, in order to cover all risks that threaten its objectives and strategies, and which may affect any of its stakeholders.
3