Risk Management Policy
Gosberton Parish Council Risk Management Policy
A policy which sets out how the Council will identify, quantify, manage, assess and review
1
1. Introduction
1.1. Gosberton Parish Council has adopted this risk management policy in accordance with guidance set out in Governance and Accountability for Local Councils – a Practitioners’ Guide (England) issued by the Joint Practitioners Advisory Group (JPAG) and also to give effect to the Health and Safety at Work Act 1974.
1.2. This document sets out the:
• Parish Council’s Risk Management Policy
• Objectives of Risk Management
• Types of Risk
• Roles and responsibilities
• Risk Management process
• Approach to future monitoring
1.3. This policy aims to further develop risk management and raise its profile across the Parish Council by:
• Integrating risk management into the culture of the organisation;
• Embedding risk management through the ownership and management of risk as part of all decision-making processes;
• Managing risk in accordance with best practice.
2. The Policy
2.1. Gosberton Parish Council recognises that it has a responsibility to manage risks effectively in order to protect its employees, assets, liabilities and community against potential losses, to minimise uncertainty in achieving its goals and objectives and to maximise its opportunities.
2.2. The Parish Council is aware that some risks can never be eliminated fully and its strategy provides a structured, systematic and focused approach to managing risk.
2.3. Risk Management is an integral part of the Parish Council’s management processes.
3. Objectives of Risk Management
3.1. The objectives of risk management are to:
• Identify, evaluate and manage the opportunities and risks to which the Parish Council is exposed, at strategic and operational level;
• To protect physical assets, promote employee and public safety and maximise resources;
• Embed risk management into day-to-day management and working arrangements;
• Enable effective and safe delivery of services to local people and to minimise the risk of significant failures
• Enable the identification of opportunities and risks associated with the Council’s budget options and business planning to ensure that opportunities and risks are controlled;
• Enable better, more informed decision making at all levels;
• Review, evaluate and implement issues identified from past experience;
• To promote good corporate governance;
3.2. It is the responsibility of all Members and staff to have regard for risk management whilst carrying out their duties.
3.3. This Strategy will enable risks and opportunities to be identified, evaluated, controlled, monitored and reported.
3.4. Seek assurances that action(s) are being taken on risk related issues identified by auditors and inspectors.
4. Types of Risk
4.1. In order to manage risk, the Council needs to know what risks it faces. Identifying risks is therefore the first step in the risk management process.
4.2. The Council will identify the key risks to achieving its priorities and service objectives:
i. financial - loss of money;
ii. security - fraud, theft, embezzlement;
iii. property - damage to property;
iv. legal - breaking the law or being sued;
v. IT – failure of IT systems or misuse; and
vi. reputational – actions taken could harm the authority’s public reputation.
5. Roles and Responsibilities for Risk Management
5.1. All Members and staff of the Parish Council are responsible for risk management.
5.2. All Members:
• Have collective responsibility in understanding the strategic risks which the Parish Council faces.
• Ensure that all identified risks have been considered in decision making and countermeasures and controls are defined.
• Agree and publish a clear Risk Management Policy and oversee the effective management of risks by the Parish Clerk.
• Monitor the effectiveness of the Parish Council’s risk management arrangements by reviewing any risk management reports to Council.
• Know how the Parish Council will manage and operate in a crisis through its approved Scheme of Delegation.
5.3. Parish Clerk:
• The lead officer for risk management and owner of the Risk Management Strategy.
• Has the responsibility to understand the strategic and operational risks that the Parish Council faces and to oversee the effective management of these risks by officers.
• Lead on the corporate governance agenda which includes risk management and with the Council’s Chair approve the Annual Governance Statement.
• Ensure that risks are fully considered in all strategic decision making and that the Risk Management Policy helps the Parish Council to achieve its objectives and protection of assets.
• Provides advice as to the legality of policy and service delivery and update the Parish Council on the implications of new or revised legislation.
• Assess and implement the Council’s insurance requirements.
• Assess the financial implications.
5.4. Parish Council:
• Support the Parish Clerk in all aspects of risk management.
• Understand the strategic and operational risks that the Parish Council faces.
• Ensure that a structured and systematic approach is in place for the identification, recording and reporting of risks and opportunities.
• Ensure that risks are fully considered in all decision making and that the Risk Management Strategy helps the Parish Council to achieve its objectives and protection of assets.
• Assist in embedding a culture of risk management through the Parish Council and encourage appropriate training, including induction and refresher training for staff.
5.5. All Employees:
• Understand their accountability for individual risk.
• Understand how they can enable continuous improvement of risk management.
• Understand that risk management and risk awareness are a key part of the organisations culture.
• Report systematically and promptly to the Parish Clerk any perceived new risk or failure of existing control measures.
• Record areas of risk which fall directly within their day-to-day areas of control and review in line with agreed target dates.
• Provide a pro-active role in the reporting and assessing of physical risks in respect of public, staff and property.
5.6. Role of Internal Audit:
• Provide a scrutiny role by carrying out audits to provide independent assurance to Members, via the Internal Auditor’s annual audit plan and post audit report that the necessary risk management systems are in place.
6. The Risk Management Process
6.1. The process of risk management is straight forward and involves a number of key steps which are outlined below.
7. Step 1: Identification of Risks
7.1. The Parish Clerk is responsible for identifying and recording any risks. Identification will be either via a formal process of planned inspections or ad hoc requests or risks being noted through everyday working situations.
7.2. When changes to working arrangements, new initiatives, events or projects are to be undertaken the Clerk will seek to identify any risks early in the planning process and prior to implementation.
7.3. Each risk should be described and set out on a risk assessment form.
7.4. All risks identified must be recorded on the risk register.
8. Step 2: Evaluation of Risks
8.1. On identification of a risk the Clerk will assign a risk factor by reference to the risk matrix.
8.2. The risk matrix considers the likelihood of a risk materialising and the impact it would have.
Highly likely (3)
Medium (3)
High (6)
Very high (9)
Possible (2)
Low (2)
Medium (4)
High (6)
Unlikely (1)
Very low (1)
Low (2)
Medium (3)
Negligible (1)
Moderate (2)
Severe (3)
8.3. According to the level of risk identified appropriate action should be taken.
8.4. If the level of risk is high it may not be possible to wait until a formal response or action has been agreed by the Council. The risk factor table below provides guidance in assessing appropriate action.
Risk Factor Action
Red Very High/ High Immediate notification to Chair, Vice Chair and
Identify remedial action for consideration and implementation.
Amber Medium Immediate notification to Chair and Vice-Chair
Green Low Notify Chair and Vice-Chair
8.5. Where remedial action incurs non-budgeted costs of £500 or over these should be reported to the Council at the earliest opportunity.
9. Step 3: Mitigation of Risk
9.1. The Parish Clerk should consider what controls are in place to mitigate the risk. These could include controls to reduce the likelihood of a risk occurring or to reduce the impact on the Parish Council.
9.2. Only existing controls that are already in place should be considered and included on the risk assessment/notification form.
10. Step 4: Decide on Any Further Action to be Taken
10.1. Following evaluation there are four main control options to manage the risk:
Terminate the risk – take a decision to discontinue the activity. Transfer the risk – the risk is ‘passed’ on e.g., to an insurer.
Treat the risk – put in place additional effective controls to
reduce the impact or likelihood.
Tolerate the risk – accept the risk but continue to monitor and
evaluate.
10.2. Where additional controls are required, these should be agreed with the Chair and Vice Chair and details entered onto the risk assessment form and the Parish Council notified at its next meeting.
11. Step 5: Allocation of Responsibility
11.1 Each risk should be passed to the Parish Clerk who will be responsible for implementing controls and ensuring they are working. The Clerk will also be responsible for monitoring the risk.
12. Step 6: Completing the Risk Register
12.1 All completed risk assessments must be passed to Chair of the Finance & Strategy Committee for checking prior to entering onto the risk register.
12.2 All risk assessments must be recorded in the risk register. To assist with the management of the risk register, items will be grouped into separate files which may include:
Financial F
Property P
Legal L
Memorial Centre MC
Open Spaces OS
IT IT
Reputational R
Events E
Members & civic activities MM
13. Step 7: Monitoring and Reporting
13.1 The Parish Council’s risk management strategy will be also reviewed as part of the internal control environment within the Annual Governance Statement.
GOSBERTON PARISH COUNCILRISK MANAGEMENT POLICY
This Risk Management Policy was adopted by the Council at a meeting held on 23rd January 2023
1. REPUTATION
The risk to the reputation of the Council is controlled by each member following the Code of Conduct. All councillors will register their interests, and update these annually, declaring them as required under the Code of Conduct.
2. LEGISLATION
The Council will follow the requirements of Standing Orders in the conduct of Council business, to reduce the risk of acting outside the law. Guidance on existing and newly introduced legislation will be obtained from the local association of local councils (LALC). Annual membership of LALC will be maintained to allow this to happen.
3. Finance
The council has adopted Financial Regulations and Internal Controls, which will be complied with in order to reduce the risks from financial losses, mismanagement or fraud. Insurance has been arranged to cover the risks from the following
• Public liability
• Employer’s liability
• Loss of money
• Fidelity guarantee
• Property damage
• Personal accident
• Legal expenses
4. Health and Safety
In order to protect employees, councillors, contractors, visitors and members of the public from accidents or ill-health, risk assessments have been carried out on those council assets which pose more than a trivial risk. The council will implement measures to reduce these risks to an acceptable level. New activities will by considered by the Clerk and if necessary, risk assessed. Records of the assets of the council, the measures required to reduce risks and inspection reports will be recorded in the Council’s Asset Register
5. Review
The Risk Management Policy will be reviewed annually by the Council.
Adopted by Gosberton Parish Council 2nd October 2023