Corporate risk register
Reviewed and updated January 2020
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 1 of 29
1 Introduction 1.1 This is the latest Corporate Risk Register. Please refer to the Council’s Corporate Risk Strategy for further information about how the Council approaches risk management. Actions and comments for each risk have been revised and other changes are highlighted in green.
2 Risk Management process 2.1 Risk Management is designed to identify what could affect the achievement of objectives, and to plan a proportionate response. 2.2 The Council’s approach to Risk Management is documented within the Risk Management Framework. It aims to ensure that risks are identified for both strategic and operational activity. This includes: corporate and service priorities; project management; decision-making and policy setting; and financial and performance monitoring and planning.
2.3 The Risk Management Framework provides tools to manage risks for the different types of system and control environment; such as the Corporate Risk Register to capture and summarise significant and strategic risks; team risk registers which help inform service planning and actions; risk and hazard identification documents are shared with management as appropriate during audit reviews; and health and safety risk assessments which are updated annually by teams. 2.4 The frequency and mechanism for monitoring risks reflects the type of monitoring system, and the pace of changing circumstances, for example: Project risks will be recorded in project risk registers, and are reviewed frequently throughout the projects life. Operational risks are identified through audit and inspection work, and are assigned dates and ownership. Operational risks are identified through service planning and are linked to the service plan actions. These are typically monitored monthly through team meetings as part of the Councils Performance Management framework. 2.5 The Annual Governance Statement records governance actions, which are reviewed biannually as good practice. The Corporate Risk Register comprises strategic and significant risks. The register can both inform and reflect risks recorded in other risk management systems. It may refer to more detailed analysis of risks, presented to committees, such as the Medium Term Financial Strategy. Appropriately, mitigation may be linked to specific actions recorded and monitored through service plans, or committee forward plans. 2.6 Risks are categorised, and scored according to their impact and likelihood. This activity allows managers, to prioritise resources to mitigate them. Strategic and significant risks are defined by the Councils risk appetite. 2.7 The outcomes of this process are reported to the Corporate Governance Committee at least twice each year in the form of the attached Corporate Risk Register.
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 2 of 29
2.8 The review of the Risk Management Framework, Policy and Strategy, will be reported to the Corporate Governance Committee at least annually. The Risk Management process, and register, will provide assurance for the Annual Governance Statement.
3. How risks are scored
3.1 The Council has adopted a consistent scoring mechanism for all risk identification, as it enables risks identified from other systems to be escalated to the Corporate Risk Register.
3.2 The probability - “likelihood”, and effect - “impact”, of each risk must be identified in order to help assess the significance of the risk and the subsequent effort put into managing it.
3.3 The risk score is calculated by multiplying the impact score by the likelihood score:
IMPACT LIKELIHOOD Score Classification Score Classification 1 Insignificant 1 Highly unlikely 2 Minor 2 Unlikely 3 Moderate 3 Possible 4 Major 4 Probable 5 Catastrophic 5 Very likely
IMPACT x LIKELIHOOD = RISK SCORE
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 3 of 29
3.4 The impact and likelihood of risks is scored with regards the below levels:-
Score 1 2 3 4 5 Criteria Insignificant Minor impact Moderate Impact Major Impact Catastrophic impact Impact Objectives still Partial Additional costs Unable to achieve Unable to achieve achieved with achievement of required and or corporate corporate
minimum extra objectives with time delays to objectives or objectives and/or
cost or compensating achieve objectives statutory corporate inconvenience action taken or – adverse impact obligations obligations. reallocation of on PIs and targets. resulting in resources. significant visible
impact on service Performance provision such as closure of facilities.
Insignificant Some disruption Noticeable Major disruption Loss of service disruption on on internal disruption affecting affecting delivery for more internal business – business only – no customers. customers. than seven days. no loss of loss of customer Loss of service up Loss of service for customer service. service. to 48 hours. more than 48
hours. Service Delivery Service
No injury/claims. Minor injury/claims Violence or threat Extensive multiple Loss of life. (first aid or serious injuries/claims. treatment). injury/claims (medical treatment Physical required).
No reputational Minimal coverage Sustained Coverage in Extensive damage. in local media. coverage in local national media. coverage in
media. National Media. Reputation
Insignificant Minor damage to Moderate local Major damage to Significant environmental local environmental local environment. environmental damage. environmental. damage. damage attracting national and or international
Environmental concern.
Financial loss Financial loss Financial loss Financial loss Financial loss < £200,000 >£200,000 >£600,000 >£1,000,000 >£4,000,000
<£600,000 <£1,000,000 <£4,000,000 Financial
Minor civil litigation Minor regulatory Major civil litigation Major civil litigation Section 151 or or regulatory enforcement and/or local public setting precedent government criticism enquiry and/or national intervention or
Legal public enquiry criminal charges
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 4 of 29
4. Monitoring and escalation framework
4.1 The following diagram illustrates the key stakeholders for different classification of risk management: .
Continuously monitor new Advice from and referral to risk management group risks arising from: Strategic planning CMT P’folio Holder/ Cabinet/ Committee Heads of Corp. decisions Service Gov. Cmttee.
Performance Staff First Line monitoring Mgmt.
External / Internal changes
Operational planning
Operational decisions
Projects Project Project Team Manager
Budget Mgmt Accountant Chief Accountant S.151
Team Officer
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 5 of 29
5.0 Risk appetite and tolerance levels
5.1 Risk appetite and tolerance is the amount of risk an organisation is prepared to accept, or be exposed to at any point in time. It can indicate where action is required to reduce risk to an acceptable level, plus opportunities for positive outcomes which can be monitored.
5.2 The Council has adopted the approach and definitions used by CIPFA and the Institute of Risk Management:
Risk appetite “The amount of risk an organisation is willing to seek or accept in the pursuit of its long- term objectives”.
An example may be consideration of the funds or resources that an organisation is prepared to invest in a venture where success is not guaranteed but that would yield benefits.
Risk tolerance “The boundaries of risk taking outside which the organisation is not prepared to venture in the pursuit of its long-term objectives”.
An example may be a Treasury Management Strategy that rules out certain types of investment options.
5.3 Typically an individual’s perception of an acceptable risk is the same irrespective of which definition is used. Differences may occur where risks cannot be controlled or completely eliminated. For example political and legislative change is an external driver which cannot be fully mitigated. In this instance the risk tolerance, and ability to manage the risk, may be greater than risk appetite.
5.4 It is recognised that the tolerance or appetite is subjective, and may change according to the environment, internal and external drivers. Consequently it is important, regardless of the terms used, that everyone has a consistent approach to risk taking to prioritise resources effectively.
5.5 The Councils risk appetite is set by the Corporate Management Team and is reviewed periodically. This provides guidance to everyone on acceptable levels of risk taking, to encourage a consistent approach to risk management.
5.6 Different risk appetites can be illustrated on a five by five matrix as three levels: high, medium and low. The Council is risk aware and the current level is determined by CMT as medium. This provides guidance that any inherent risk scored at 15 or greater is to be considered for the Corporate Risk Register.
1.7 Once controls are in operation the risks can be scored again to illustrate the residual risk
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 6 of 29
6. The corporate risk register at a glance 6.1 Please see below for a summary of current risks and their scores. More detail follows in section 7 of this document, in which the individual risks are ordered by severity of current risk, in descending order.
Ref Risk Risk if no action Current risk Page in this Impact Likelihood Score Impact Likelihood Score register 1 Legislative changes 5 5 25 2 5 10 15 2 Brexit 5 5 25 2 3 6 16 3 Failure of contractors and suppliers working on the Council’s 4 4 16 3 4 12 12 behalf 4 Failure of IT systems 5 5 25 4 3 12 9 5 Insufficient staff to provide Council services 4 5 20 2 3 6 25 6 Breach of ICT security causes loss of service 5 5 25 4 3 12 10 7 Lack of access to Council premises prevents services being 5 5 25 2 3 6 26 delivered 8 Funding changes make Council unsustainable 5 5 25 3 3 9 17 9 The Council’s ability to cope with a natural disaster 5 4 20 4 4 16 8 10 Major health and safety incident 4 4 16 4 3 12 13 11 Fraud and error committed against the Council 5 4 20 3 3 9 18 12 Failure of external investment institutions 5 4 20 2 4 8 24 13 Failure of Governance in major partners or in the Council as a 4 5 20 3 3 9 19 result of partnership working 14 Failure to achieve required savings targets 4 5 20 3 3 9 20 15 Over-run of major Council projects in time or cost 4 5 20 3 2 6 27 16 Service provision affected by organisational change 4 5 20 3 4 12 14 17 Political changes in national priorities 5 4 20 3 4 12 11 18 Capital funding strategy failure 5 4 20 3 3 9 21 19 Poor communications with stakeholders 4 5 20 3 3 9 22 20 Failure of the Council’s Commercialisation and Investment 5 4 20 3 3 9 23 Strategy
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 7 of 29
7 Corporate risk register Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 9 Risk:- 5 4 20 Emergency plan 4 4 16 CMT Regularly test Key senior staff attend regular multi-agency The Council’s Emergency Emergency Plan briefing and planning meetings. ability to cope planning with a natural exercises Test Service Management Team conduct periodical exercise to disaster. beyond the Business Continuity test the Councils readiness for an emergency. district Plans Effects:- Business Recovery Training has been delivered in-house to Natural disaster; continuity plans Ensure key Management Team in January 2020. Additional malicious or Regular emergency training is in progress (Rest Centres, Incident accidental exercise and planning staff Officers and Tactical Management) during 2020. incident affects joint public attend regular support required sector liaison meetings Recovery Training has been delivered to all senior by civilians or workshops for and training managers by the Cambridge and Peterborough disrupts existing Emergency Local Resilience Forum (CPLRF); additional Council services. Planning training is in progress (Loggist, Recovery and Emergency Tactical Management). Planning Communication The Council’s Emergency Management and Rest s Strategy Plan have been updated. We have increased and Review of trained the number of volunteer rest centre staff approach with available. partner organisations as The Council will retain the use of each of the four a result of Leisure Centres for rest centre sites. lessons learned from ‘near miss’ The Council will be implementing a rota for officers flood events. to be ‘on call’ in the event of an emergency. The Local Resilience Council’s response will complement and support Forum by the coordinated CPLRF and Public Sector response to any such incident.
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 8 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 4 Risk:- Data protection Carol Effective auditing of GDPR is live, see risk 1. 5 5 25 4 3 12 Failure of IT policy and Pilson / systems and data systems procedure Peter held. An additional internet feed to Fenland Hall has Freedom of Catchpole been installed to improve resilience. Effects:- Information Data backed-up Failure to secure publication securely off-site. The likelihood score has been reviewed and and manage scheme increased due to the increase globally of cyber data leads to Data retention Regular penetration crime loss of/ policy and testing. corruption of / procedure for The Council’s internet and email protocols have inaccuracy of archive and Regular review of been updated. data, results in disposal business continuity disruption to Information plans services and breach Disaster Recovery breaches of response plan testing is undertaken security. Monitoring at regular intervals A further Officer role consequence comprises could be financial Senior penalties and Information Risk reputational risk. Officer function Business continuity plans ICT system security
Public Services
Network
compliance
Paperless office
project Countywide information sharing framework
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 9 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 6 Risk:- Anti-virus Peter Effective auditing of The Council has subscribed to the National Cyber 5 5 25 4 3 12 Breach of ICT software Catchpole systems and data Security Centre’s (NCSC) Web Check service that security causes Geographically held. helps public sector organisations fix website loss of service distributed threats. This service regularly scans public sector servers Data backed-up websites to check if they are secure. NCSC have Effects:- Tested disaster securely off-site. advised that the Fenland Council site is secure. Major IT physical recovery plan hardware failure Back-ups stored Regular penetration Council IT systems and website are as secure as or electronic off site testing. possible with current anti-attack software and attack, such as Secondary processes up to date. When vulnerabilities are viruses, hacking power supply made known by software vendors, software is or spyware, Revised updated to reduce the risk of malicious attack. causes security policies disruption to Critical services’ The likelihood score has been reviewed and services and business increased due to the increase globally of cyber breaches of continuity plans crime security. A include manual further operation consequence could be financial penalties and reputational risk.
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 10 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 17 Risk:- Financial & Paul Understanding and The risks of legislative change remain high as a 5 4 20 3 4 12 Political changes workforce Medd acting on result of the effects of the ongoing Brexit transition in national planning intelligence from process, albeit that Brexit itself has been identified priorities Monitoring by LGA, CIPFA and as a risk to the Council. (see reference number 2) CMT and other local Effects:- resultant government The recent election has lessened the potential Changes in Cabinet reports sources. likelihood of significant changes, but the Council national political Clear corporate will continue to scrutinise this. priorities may planning and Resources result in regular identified, approved immediate performance and implemented changes that monitoring without delay. require additional Effective service Constant resource to & financial monitoring achieve and fail planning Horizon scanning to reflect Respond to via professional priorities national bodies determined by consultation on Joint/collaborative consultation. key policy working changes Membership of LGA as a Council Outside Body
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 11 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 3 Risk:- Procurement CMT Regular monitoring The Leisure service was outsourced in December 4 4 16 3 4 12 Failure of processes – of contracts and 2018 Included within the contact is the requirement contractors and including performance by for contingency in case of service failure. suppliers working financial Managers. on the Council’s aspects/ Potential contractors are always checked for behalf contract Ensure that financial stability by the Accountancy team before standing orders/ contracts have risk contracts are let. Effects:- equality registers and Failure of standards mitigation in event Individual Council services share their own contractor or Contract of contract failure. contingency to cover for contractor failure, and this partners to process – is part of the Business Continuity Plan for each deliver services creation of Service Area. or meet agreed robust contracts performance Accountability We are carefully monitoring risks of supplier failure objectives leads and risk such as Capita issuing a profits warning over to additional ownership recent months. costs or failed documented objectives. Service Level We have a Contract Manager in post whose role is Agreements to manage/monitor the performance of the main Contract Grounds Maintenance contract and the Leisure monitoring Service contract. Trained/skilled staff All other shared services/contracts have a full Project review and governance process in place to ensure management ongoing delivery and performance standards.
Relationship The likelihood rating has been revised and Management reduced given the mitigation in place and the Business established nature of the contracts. Continuity Plans
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 12 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 10 Risk:- 4 4 16 Health & Safety 4 3 12 CMT Ensure health and A thorough Health and Safety regime at the Major health and (H&S) Panel safety is standard Council ensures that the residual risk remains safety incident H&S agenda on all team carefully managed procedures – meetings. Effects:- addressed at Programme of targeted health and safety refresher Major Health & every service Ensure equipment training is in place as per service specification Safety incident at area inventory and Council leads to H&S audits in inspections are up Flu jabs are being provided for employees costs for inquiry, all services to date. disruption to Specialist H&S service and advisor Review Risk possible Corporate wide Assessments and prosecution H&S training Action Plans. Insurance Aligned Port Capture Port near Health and misses and asses Safety learning points arrangements Port Management Group and annual independent audit Robust sickness management processes
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 13 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 16 Risk:- Working Peter Business continuity Plans regularly checked and tested. 4 5 20 3 4 12 Service provision environment / Catchpole plans for each affected by org culture service. Services have reviewed their Business Continuity organisational Staff Committee Plans in the light of wider local government change Consultation Culture of Council lessons learnt from the Grenfell Tower fire. with Staff Side remains effective Effects:- Flexible working Workforce planning, All services have up to date Business Continuity Service provision Established which includes Plans in place. and performance suite of people succession affected by policies & planning for key All organisational changes are considered by the organisational procedures roles an talent senior management and a wider project group to change, Business management ensure all service provision issues are properly industrial action continuity plans A comprehensive considered and managed. This project and/or staff Management programme of management approach is maintained for all such sickness training health surveillance changes/programmes. resulting in “Springboard” for groups of complaints, poor The Council has a health and wellbeing appraisal for all employees who performance and programme in place which supports the existing staff support work in certain possible further suite of Policies, Codes of Practices and and service areas (e.g. costs. processes, this includes a wide range of support development refuse drivers, to help promote and encourage their good health CMT monitor workshop, port and wellbeing, such as: and lead on staff, etc.) A dedicated Occupational Health Advice human resource Trained Mental and guidance support service available for management. Health First Aiders all colleagues; Regular in place Access to a health care plan for all performance Stress awareness employees (at nil cost to the Council) to monitoring and training enable financial support to access a wide management Resilience training range of health care specialists and IIP Staff engagement interventions (e.g. chiropractic services, Access to and consultation processes dental treatment, acupuncture, reflexology, interim chiropody etc.) arrangements A confidential Employee Assistance Robust sickness Programme (EAP), which provides a absence counselling service to staff where needed. management A dedicated on line platform offering a Project wide range of support and advice for all management employees of a comprehensive range of processes issues.
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 14 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 1 Risk:- 5 5 25 Monitoring 2 5 10 Carol Use intelligence to Officers continue to horizon-scan for legislative Legislative Officer Pilson identify impending changes and their effects. changes Horizon changes and their scanning by effects. The Council has compiled an Information Asset Effects:- Legal/CMT/Mgt Register of all records it hold in both paper and Changes arising Team Ensure staff trained electronic form, worked with IT system suppliers from Central Service and procedures and conducted a staff awareness campaign to Government or Manager changed. ensure that staff understand and are compliant EU legislation responsibilities with GDPR. requiring Financial & Use professional significant workforce networking to The majority of information held by the Council is alteration to planning identify best held with a legal basis for holding such as election organisational Membership of practice for and Council Tax records. capacity, such as professional/ responding to impact of welfare Local Gov change. All staff undergo GDPR training, and opportunities reform and bodies aids for further Member training in this area are universal credit, horizon We respond to currently being explored effects of scanning government devolution, Mgt of change consultations on The Council now has a dedicated GDPR Officer, introduction of approach to changes to and each service is required to have a dedicated new burdens. mitigate legislation or policy GDPR lead significant to influence its Risk of GDPR impact to the development. breach and ICO organisation sanction/fine and its staff Detailed project plans to change implementation
Respond to
consultations on new legislation
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 15 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 2 Risk:- 5 5 25 Horizon 2 3 6 Peter Understanding and Government Withdrawal Agreement Bill has been Brexit scanning by Catchpole acting on passed lessening the possibility of a No-Deal Legal Services / / Carol intelligence from situation, and the UK is now in transition phase - Effects:- CMT / Heads of Pilson LGA, CIPFA and hence the likelihood rating has been revised to 3 Uncertainty Service other local The Council continues to monitor progress and during transition Financial & government take account of any effects on local government as period, followed workforce sources. they emerge. by potential planning legislative, Membership of Identifying policies The Council is actively preparing for the likely funding and professional that require outcomes of ongoing Government Brexit policy changes and Local Govt changing, their negotiations: after UK leaves bodies aids effects and EU may horizon governance as The Council has a Corporate Brexit adversely affect scanning Brexit effects start. Project group; the Council and Management of The Council is an active partner of the its ability to change Cambridge and Peterborough Local provide services. approach to Resilience Forum (CPLRF), who have mitigate against been tasked with looking at the potential significant impacts of a “No Deal” Brexit, and the impact to the associated local Impact. This is being led organisation by the Cambridgeshire Fire and Rescue and its staff Service Detailed project The Council is a member of the plans to Cambridgeshire Public Service Board, manage (This is the Executives of the partner implementation organisations within the county, and Brexit of changes is a standing item on their current agenda).
The Council has fully reviewed information on its workforce and the requirements for any EU workers; we are also liaising with all partners to ensure their preparedness in this area.
The Council have also promoted Community awareness in this area by providing signposting information via Community Support teams
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 16 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 8 Risk:- S151/ Chief Peter Using intelligence to We are closely watching local government finance 5 5 25 3 3 9 Funding changes Finance Officer Catchpole model and plan for and the Council’s current budget and Medium make Council Financial future changes and Term Financial Plan reflects how the Council will unsustainable Regulations & risks and move away balance its budget and maintain appropriate Standing Orders from reliance on Govt reserves. Effects:- Appropriately funding to balance our Economic trained staff budget. The Fair Funding Review and Business rate changes, MTFS Regular monitoring of Retention Scheme is being reviewed nationally, imposed savings Professional current position and and there is some potential for this to impact on requirements, economic reporting to Members. the Council’s long-term financial position. The changes to local forecasts Workforce planning Council will continue to monitor the risk rating. government Community covers all scenarios. funding systems, consultation on Inclusion in national The Council now has an agreed uncertainties of service priorities working groups, Commercialisation and Investment Strategy which pilot pension Our CSR modelling and lobbying will enable the Council to generate additional fund. programme for funding system after income.
Political RSG ceases. Financial Mgt of Each service is required to review and identify any decisions linked Sharing Council’s NNDR, CTS opportunities for transformation, commercialisation to budget Efficiency Plan with the leads to change and efficiency strategies Government allows in income CMT efficiency guaranteed multi-year /spending planning grant settlement raising making Council funding certainty. unsustainable. Efficiency Plan and CSR plan. Shared services and Executive steer of partnership working service /capital priorities. Review fees /changes. Reserves Financial Mgt System Budget monitoring.
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 17 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 11 Risk:- Anti-fraud & Peter Increase staff The Council has assisted with each annual 5 4 20 3 3 9 Fraud and error corruption Catchpole vigilance National Fraud Initiative, cross-matching committed policy/ strategy / Carol information with records held nationally. against the Financial Pilson Fraud awareness Council Regulations / training for The Fraud team within the Anglia Revenues Standing Ord Managers Partnership (ARP), have continued to work on this Effects:- Codes of area, and identified £295,041 of fraud up until Potential for conduct Raise profile October 2019. fraud, corruption, Appropriately internally and malpractice or trained staff externally for Anti-Fraud and Corruption Strategy is currently error, by internal Appropriate successful being reviewed. or external culture and risk prosecutions A fraud awareness training programme for all staff threats. In awareness is currently being developed additional to Segregation of immediate duties The Council’s ICT systems have also been financial loss, Supported reviewed and updated to provide better protection this could harm financial mgt against potential fraud – please see risk 6 (Page reputation and system 21) lead to additional Budget inquiry costs and monitoring penalties. regime
Internal Audit
review of sys
/and controls
Bribery & corruption / fraud risk assessments Indemnity insurance Whistle-blowing procedure Annual Governance Statement ARP fraud resource National Fraud Initiative Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 18 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 13 Risk:- FSP, Fenland Carol The Annual Governance Statement being reported 4 5 20 3 3 9 Assurance that Failure of Public Service Pilson / governance models to Corporate Governance Committee shows the Governance in Board, Cabinet Peter correctly followed Council is in a strong governance position. major partners or and O&S, bi- Catchpole and in the Council’s in the Council as annual interests. Scrutiny of ARP and Planning takes place on an a result of stakeholder annual basis and Cabinet members sit on Boards partnership events ensure to ensure the effective delivery of partnership working accountability Support Members in arrangements such as CNC Board for building governance of ARP Joint control. partnership bodies. Effects:- Committee and
Partnership Operational . governance not Improvement Internal Audit adopted or Board, Cabinet, partnership followed, leading O&S, joint risk arrangements. to unachieved registers priorities and CNC Joint Ensure that the poor Members Council’s interests performance by Board, Cabinet are protected as major partner plus O&S Members of the agencies:- Shared Combined Authority Cambs and Planning Board, and as Officers Peterborough Cabinet plus working on joint Combined Overview and projects. Authority, Scrutiny, joint Anglia Revenues Ensure all Partners performance have robust Business Partnership, indicators CNC Building Continuity Plans in Project plans / place Control, perf’ monitoring Shared Planning, shared risk GDPR compliance Payroll delivered registers Robust ICT by Bedford BC. PCCA governance Membership. processes
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 19 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 14 Risk:- Heightened CMT Robust control of Delivery of Council Efficiency targets continue 4 5 20 3 3 9 Failure to analysis of corporate including delivering savings planned for in the achieve required budgets and Transformation Plan. Council’s annual budget and medium term savings targets services by financial strategy. CMT Regular progress Effects:- Implement reports and Cabinet have considered the Council’s projected Failure to Service assurance to positive financial outturn position. achieve Transformation Members. efficiency saving, Implement Service maximise Procurement transformation income, or Strategy projects performance Corporate plan Commercialisation targets, results in Pursue action to and Investment greater than increase income Strategy budgeted costs streams and potential risk Performance of Council not Management being able to set Framework a balanced Budget and budget. performance monitoring
Robust
Workforce
planning
Project
Management
processes
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 20 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 18 Risk:- Asset mgt plan Peter Forward planning The Council’s capital funding programme is 5 4 20 3 3 9 Capital funding Asset disposal Catchpole and horizon regularly reviewed by Officers and by Cabinet. strategy failure linked to capital scanning. programme The current projected funding deficit will be met by Effects:- Corporate Asset Regular high level borrowing and the relevant annual financing cost Financial risks of Team monitoring of has been included in the Council’s Medium Term capital funding CMT monitoring direction of travel and Financial Plan. shortfalls leading of capital mitigation required. to increased receipts/effect Should resources from external funding and/or burden to the on capital prog’ Asset Management capital receipts not generate the level of receipts Council. Regular Cabinet Plan. forecast, or there is a delay in disposal of assets, Potential for review of the then the capital programme will need re-visiting to marginal deficit capital prog’ , Asset disposal ensure funding is sufficient to meet proposed in capital member with strategy expenditure. program if future responsibility for funding is not assets Reviews of the programme and resources realised Additional available are carried out regularly during the year. funding opp’s identified and pursued where possible Project lead monitors site valuations linked to econ’ dev’ proposals. Marketing and identification of potential land purchasers, flexibility of planning guidance aligned to market needs Continued consultation with econ ptners
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 21 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 19 Risk:- Internal and Carol CSE Action Plan. The Council’s CSE performance is assessed each 4 5 20 3 3 9 Poor external regular Pilson year by an external expert. The Council has a communications publications Staff survey. dedicated project team to ensure ongoing progress with stakeholders Staff and against CSE requirements/actions across all management Public consultations service areas to ensure consistent and effective Effects:- meetings on key issues. communication to our customers. Poor Regular staff communication communication 3cs refresher All change projects are supported by a robust with stakeholders from the Chief training project management approach, which includes a and staff leads to Executive communication programme to ensure that
poorly informed Key stakeholder stakeholders are fully informed. direction of networks for Team meetings resources and consultation lack of support Forums for “What’s Breaking” for change perceived hard communication and Reputational to reach groups “Horse’s Mouth” damage Co-ordinated updates from the Staff turnover press releases Chief Executive to Increased Comments, all staff sickness Compliments absence and Complaints monitoring and reporting procedure Customer Service Excellence accreditation Consultation strategy Management, Trade Union and Staff Partnership group (MTSP)
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 22 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 20 Risk:- Robust CMT All governance The Council’s Risk Appetite is currently being 5 4 20 3 3 9 Commercial oversight and requirements have reviewed uncertainties governance been put in place and associated with arrangements will be robustly This new risk will be closely monitored to enable decisions taken Expert reviewed going any new actions for mitigation to be identified and as part of the professional forward put in place Council’s advice Commercial and Robust budget Investment management Strategy. Thorough project Effects:- management Reputational and business damage cases process Financial loss Impact on services, staff and community
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 23 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 12 Risk:- Policy for Peter Effective Treasury The Council’s treasury management position is 5 4 20 2 4 8 Failure of maximum Catchpole Management regularly reviewed and is currently showing a good external investment/ strategy. position. investment borrowing levels institutions limits liability Robust auditing of The Treasury Management Strategy was Credit ratings processes and considered is currently being reviewed. Effects:- Financial policies. Failure of management Updates are provided to Cabinet and Council on a external Reserves half-yearly basis investment Insurance institutions Medium Term . affecting Financial availability of Strategy funds or return Treasury on investment Management reducing cash Strategy flow and resource availability
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 24 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 5 Risk:- Learning & CMT Ensure all services All services have published service plans, learning 4 5 20 2 3 6 Insufficient staff Development have effective requirements and workforce plans for 2019-20 to to provide framework / Workforce plans ensure teams are staffed according to current Council services Training incorporated into establishment and to take account of priorities and Working Service Plans, longer-term trends. Insufficient environment which ensure all leadership and/or /culture work is prioritised management Staff Committee capacity to MTSP Effective deliver Council Flexible working succession priorities Established planning. suite of people Effects:- policies & Effective use of Constraints to Procedures project effective Business management workforce continuity plans approaches/ planning Management principles when lead to poor training delivering priorities/ standards of 121s strategies service or /Springboard disruption to staff service. development Service and appraisals transformation and Service commissioning planning can help build process resilience, but Access to could also lead interim staff via to a loss of frameworks qualified and Effective knowledgeable sickness staff, which management exposes the Effective council to risk of Governance service failure structures and legal challenge.
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 25 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 7 Risk:- Alarm and Peter Regularly test Emergency plans – ongoing programme of review, 5 5 25 2 3 6 Lack of access to security Catchpole Emergency Plan testing and training of staff involved in a response Council premises systems prevents Fire drills Test service Plans regularly checked and tested and
services being Business Business Continuity emergency planning exercise was conducted last delivered continuity plans Plans month.
Emergency Effects:- planning Ensure key Improved ICT systems provide better/increased Disruption of network emergency opportunities for remote/agile working service provision. planning staff ICT disaster recovery and attend regular offsite testing liaison meetings and training Relocation procedures - Provision of ‘drop critical and down’ facilities for staff support services Geographically distributed sites
Remote working
Statutory building
inspection and checks Corporate
Business Continuity Plans
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 26 of 29
Risk if no Current risk
action
Risk Actions being taken to Risk and effects Mitigation Comments and progress of actions
Owner managing risk
Score Score
Impact Impact
Likelihood Likelihood Reference 15 Risk:- Project CMT Robust project Effective project management remains a Council 4 5 20 3 2 6 Over-run of Management management. priority. major Council methodology projects in time Contract Effective risk Major projects are closely monitored by CMT and or cost Standing Orders registers for projects. Cabinet members and progress is reported to & Financial Council via Portfolio Holder briefings. Effects:- Regulations Failure to Service plans manage projects Budgetary effectively leads control to overruns on Management time or cost and and Portfolio failure to achieve Holder oversight project aims. Reputational damage
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 27 of 29
Heat Map – Residual Risk 1-Legislative changes
5 LIK ELI HO OD 12-Failure of external investment 4-Failure of IT systems 9–The Councils ability to cope with a SC institutions 3- Failure of contractors and suppliers working on the natural disaster OR Council’s behalf 4 E 16-Service provision affected by organisational change 17-Political changes in national priorities
5-Insufficient staff to provide Council 8-Funding changes make Council unsustainable 4-Failure of IT systems services 11-Fraud & error committed against Council 6-Breach of ICT security causes loss of 7-Lack of access to Council premises 13-Failure of Governance in major partners/the Council service 3 prevents services being delivered as a result of partnership working 10-Major health and safety incident 2-Brexit 14-Failure to achieve required savings targets 18-Capital funding strategy failure 19-Poor communications with stakeholders 20-Failure of Commercialisation & Investment Strategy.
15-Over-run of major Council projects in time or cost
2 Ris k Ap peti te
This heat map illustrates where the corporate risks reside within the organisations risk appetite 1
IMPACT SCORE
1 2 3 4 5 Risk Appetite Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 28 of 29
Fenland District Council – Corporate Risk Register – Updated July 2019 - Page 29 of 29