Risk Management

W O R T H T H E R I S K

The Audit Commission promotes the best use of public money by ensuring the proper stewardship of public finances and by helping those responsible for public services to achieve economy, efficiency and effectiveness.

The Commission was established in 1983 to appoint and regulate the external auditors of local authorities in England and Wales. In 1990 its role was extended to include the NHS. In April 2000, the Commission was given additional responsibility for carrying out best value inspections of certain local government services and functions. Today its remit covers more than 13,000 bodies which between them spend nearly £100 billion of public money annually. The Commission operates independently and derives most of its income from the fees charged to audited bodies.

Auditors are appointed from District Audit and private accountancy firms to monitor public expenditure. Auditors were first appointed in the 1840s to inspect the accounts of authorities administering the Poor Law. Audits ensured that safeguards were in place against fraud and corruption and that local rates were being used for the purposes intended. These founding principles remain as relevant today as they were 150 years ago.

Public funds need to be used wisely as well as in accordance with the law, so today’s auditors have to assess expenditure not just for probity and regularity, but also for value for money. The Commission’s value-for-money studies examine public services objectively, often from the users’ perspective. Its findings and recommendations are communicated through a wide range of publications and events.

For more information on the work of the Commission, please contact: Sir Andrew Foster, Controller, The Audit Commission, 1 Vincent Square, London SW1P 2PN, Tel: 020 7828 1212 Website: www.audit-commission.gov.uk

Contents

Introduction
Why has this paper been written?
For whom has this paper been written?
Structure of the paper
How should the paper be used?
Research behind the paper
1 An introduction to risk management and its benefits
What is risk management?
How does risk management fit into the wider aspects of governance?
Why is risk management so important?
How has the public sector responded?
The benefits of good risk management
What about local government?
2 Risk management in local government
Progress to date
Why should all councils respond?
What are the big issues?
The range of risks likely to affect local authorities
3 The role of members
Responsibilities
Key tasks for members
Developing an implementation strategy
Committing the right level of resources
Building on existing processes
Getting the process right
Adopting a ‘top-down’ rather than ‘bottom-up’ approach
Regular monitoring and reporting
Reporting on risk management and internal control

4 What senior officers can do to implement better risk management
Introduction
Who should lead the implementation?
Internal audit’s role
What could the process look like?
Keeping things simple
Linking risks to objectives
Identifying risks
Prioritising the risks
Assessing exposure and establishing appropriate control strategies
Levels of consultation
Actively involve only those employees who can influence significant risk
Listen carefully to what the stakeholders say
Communication throughout the process
Addressing change management issues

5 Pitfalls to be aware of and conclusions
Conclusions

Appendix 1
Private sector developments in governance and risk management

Appendix 2
Implementation checklist

Appendix 3
Members of the advisory group

References

Bibliography

Introduction

Why has this paper been written?

1. Risk is one of life’s certainties, and how successfully organisations deal with it can have a major impact on the achievement of their key business goals. Despite this, relatively little is formally done to evaluate and manage risk. This paper aims to raise awareness about the need to address key strategic business risks and to provide good practical guidance for councils to manage such risks in a more effective and formalised way.

2. The paper has been written at a time when more formal systems of risk management are being established across all parts of the private and public sectors. However, risk management developments in local government have been dependent on initiatives taken by individual authorities rather than as a sector-wide response, and so the sector is in danger of falling behind best practices. The paper is intended to help local government bodies in England and Wales to improve the way in which they identify, evaluate and manage significant risks. It will also help local government members and officers to assess whether their current risk management activities are satisfactory and are developing in line with the best value initiative.

For whom has this paper been written?

3. This guidance is aimed at elected members and officers of local government bodies in England and Wales, all of which are subject to the best value regime. The guidance will also be of interest to a wider group of stakeholders including, for example, the Department of Transport, Local Government and the Regions (DTLR, formerly DETR), the National Assembly for Wales (NAW), the Local Government Association (LGA) and the Welsh Local Government Association (WLGA).

Structure of the paper

4. The paper starts by providing some background on what is meant by risk management, and the interrelationship between risk management, internal control and governance processes generally. It then looks at the elements of a good risk management system, and examines why risk management is currently of crucial importance for local government. The paper then highlights the benefits arising from good risk management.

5. This is followed by a look at risk management in local government, including a review of progress to date. The paper argues that councils need to respond now to demands for more formalised risk management systems covering all types of risk, and considers some of the risks currently facing councils.

6. The final two sections are of direct relevance to members and officers respectively. These sections clarify their roles and provide practical guidance on implementation and key aspects of the suggested risk management process.

How should the paper be used?

7 The guidance is designed to be used as a reference source rather than to provide answers to specific questions or to offer advice on specific issues. It is a practical guide and is not intended to be prescriptive in terms of methodology or structures. Throughout the paper, real examples of good practice help to put risk management into context. The combination of practicality and theory provides a number of suggestions that can realistically be implemented in any council to promote good risk management, thereby increasing confidence that risk is being managed in an effective manner.

8. The paper is intended to complement and not replace existing guidance to local authorities including, for example, Chance or Choice (Ref. 1), the risk management guidance for local authority chief executives issued by the Society of Local Authority Chief Executives (SOLACE) and Zurich Municipal. It also recognises other initiatives and publications being developed while this paper was being prepared. These include Corporate Governance in Local Government: A Keystone for Community Governance: The Framework (Ref. 2), prepared by the Chartered Institute of Public Finance and Accountancy (CIPFA) and SOLACE, and forthcoming British Standards Institute guidance.

Research behind the paper

9. An extensive literature review has been undertaken to identify current thinking and initiatives within the public and private sectors both in the UK and elsewhere (see Bibliography). The paper was developed by drawing on existing best practice guidance, supported by case study examples from a number of site visits and with input from an advisory group (see Appendix 3) whose assistance is gratefully acknowledged. Responsibility for this paper, however, rests solely with the Audit Commission.

1. An introduction to risk management and its benefits

What is risk management?

10. Risk is the threat that an event or action will adversely affect an organisation’s ability to achieve its objectives and to successfully execute its strategies. Risk management is the process by which risks are identified, evaluated and controlled. It is a key element of the framework of governance together with community focus, structures and processes, standards of conduct and service delivery arrangements.

How does risk management fit into the wider aspects of governance?

11. Much has been said and written about governance and internal control in recent years, but before discussing how they inter-relate with risk management it is worth considering what is meant by these terms. Good working definitions of governance and internal control are detailed.

Definitions of governance and internal control

Governance: the system by which local authorities direct and control their functions and relate to their communities. In other words, the way in which organisations manage their business, determine strategy and objectives and go about achieving those objectives. The fundamental principles are openness, integrity and accountability. Internal control: those elements of an organisation (including resources, systems, processes, culture, structure and tasks) that, taken together, support people in the achievement of business objectives. Internal financial control systems form part of the wider system of internal controls. Source: Audit Commission

12. An authority’s system of internal control is part of its risk management process and has a key role to play in the management of significant risks to the fulfilment of its business objectives. It also contributes to the safeguarding of public funds and an authority’s assets, and the promotion of best value. Internal control facilitates the effectiveness and efficiency of operations, helps to ensure the reliability of internal and external reporting, and assists compliance with laws and regulations. Each authority should seek to maintain a sound system of internal control.

13. The principal aim of any internal control system is to manage the risks that are significant to the achievement of a council’s objectives. This paper describes the adoption of a risk management approach to establishing and maintaining a system of internal control and a review of its effectiveness. The main driver for such an approach should not be compliance with an externally imposed requirement, for example, to state publicly that the organisation is achieving appropriate levels of governance. Rather, it should be that it makes sound business sense for councils to manage risk effectively and to embed internal control and risk awareness into the processes they use to pursue their objectives and into the behaviour of their staff.

14. Effective financial controls, including the systems to maintain proper accounting records, are an
important element of internal control. They help to ensure that the authority is not exposed to avoidable financial risk and that financial information used within the authority and for external
publication is reliable. They also contribute to the safeguarding of assets, including the prevention and
detection of fraud.

15. The risk management approach to internal control plays a significant part in securing good
governance structures. Identifying and dealing appropriately with the key strategic risks facing an
authority enables it to identify the key actions it must take to deliver its main goals.

16. It is against this backdrop that the key features of good risk management can be summarised.

The constituents of good risk management

Risk management is an integral part of good governance and is a process whereby:

there is shared awareness and understanding within the authority of: – the nature and extent of the risks it faces; – the extent and categories of risks regarded as acceptable (the authority should formulate a sound policy on its threshold to risk); – the likelihood and potential impacts of the risks materialising; and – its ability to reduce the incidence and impact on the organisation of risks that do materialise;
there is regular and ongoing monitoring and reporting of risk including early warning mechanisms;
an appropriate assessment is made of the cost of operating particular controls relative to the benefit obtained in managing the related risk;
the authority conducts, at least annually, a review of the effectiveness of the system of internal control in place; and
the authority reports publicly on the results of the review, and explains the action it is taking to address any significant concerns that it has identified.

The process should be ongoing, embedded in the culture of the authority and have the potential to re-orient the whole organisation around performance improvement. It is not about eliminating risk but about understanding risk and managing it more effectively. Source: Audit Commission

Why is risk management so important?

17. In recent years there have been a number of high-profile incidents that have increased demands for better risk management processes. The result has been a number of governance and risk management developments in the private sector, summarised in Appendix 1, which culminated in the report of the Turnbull Committee Report Internal Control: Guidance for Directors on the Combined Code (Ref. 3). Such incidents are not confined to the private sector – there have been a number in the public sector and, more specifically, in local government, such as child abuse cases and failing schools.

18. There are also many other forces driving the need for the public sector to improve their business performance by achieving their strategic aims [EXHIBIT 1].

Pressures for improved risk management in the public sector

New pressures are acting as drivers for good risk management.

Source: Audit Commission

19. In order for any organisation to cope with these ever-increasing demands, the key business objectives need to be identified, along with the key risks to achieving those objectives. Effective risk management is then needed to enable the organisation to deliver its objectives in the light of those risks.

How has the public sector responded?

20. It would be incorrect to say that the only response to calls for better risk management has been in the private sector. Indeed, much useful pioneering work has already been undertaken in parts of the public sector. These initiatives demonstrate the progress being made in some areas, and the increased pressure on public sector organisations generally for better governance, including risk management and control.

The public sector response to risk management

Much useful pioneering work has been undertaken in the public sector.

Source: Audit Commission

Initiatives by government to strengthen risk management

Central government departments and executive agencies

In 1999, HM Treasury decided that a more formal and structured approach to risk management in central government was needed. It was recognised that it may take some time for the larger departments to achieve embedded systems, but wherever possible, departments, agencies and nondepartmental public bodies (NDPBs) (including the Audit Commission) are being asked to produce a statement of internal control that indicates a fully embedded and robust system of risk management for 2001/02. The absolute deadline for compliance is 2003/04. To assist in the process, HM Treasury issued Management of Risk: A Strategic Overview (Ref. 4). This guidance outlines a process for public sector bodies to develop a strategic framework for the organisational consideration of risk. It provides some tools and techniques that may be adopted by an organisation as it considers the adequacy of its risk management process across the whole range of risks that have to be dealt with in the course of its day-to-day business. Following on from this, under the Modernising Government Action Plan coordinated by the Cabinet Office, there was a commitment that all departments would make public by September 2000 the framework and procedures that they use for reaching decisions on the risk for which they are responsible.

The NHS

The NHS Executive (NHSE) undertook a controls assurance initiative and produced Guidelines for Implementing Controls Assurance in the NHS (Ref. 5). The then NHS Chief Executive described these guidelines as a ‘…holistic system of risk management and control…’ based on best governance practice. In essence, the guidelines require that chief executives of NHS trusts and authorities sign, on behalf of the board, a statement in respect of the system of internal financial controls in their annual accounts. This requirement has been extended to wider risk management and organisational (non-financial and non-clinical) controls from 1999/2000, and to clinical risks and controls from 2000/01. Controls assurance is a process designed to provide evidence that NHS bodies are doing their reasonable best to manage themselves so as to meet their objectives and to protect patients, staff, the public and other stakeholders from risks of all kinds.

Source: Audit Commission

The benefits of good risk management

21. Good risk management supports the achievement of objectives and has a vital role to play in ensuring that a council is well run. The benefits vary depending on the way in which risk management is planned and implemented. A minimalist approach is likely to deliver limited benefits and could take the form of a bureaucratic tick-box exercise merely for the sake of compliance. Conversely, a comprehensive, wholehearted but misguided approach that is aimed too broadly could waste valuable time and resources, and result in risk overload. The inevitable failure to deal with all of the risks identified by such an approach is likely to result in disillusionment with the risk management process itself. The key for the organisation is to identify the strategic risks while also taking the operational risks that need to be dealt with on a day-today basis into account. Each organisation must decide what benefits it would like as a result of its risk management programme and plan its approach accordingly. The operational benefits of a systematic and consistent approach to risk management are considerable, however.

Better management of change programmes.
More satisfied citizens.
Increased focus on what needs to be done (and not done) to meet objectives.
Supports innovation.
Fewer complaints.
Controlled insurance costs.
Competitive advantage.
Better quality service.
Enhanced ability to justify actions taken.
Delivering best value.
Protection of reputation.
Getting things right first time.

22. The following examples from the health sector demonstrate some of the benefits arising from the introduction of controls assurance.

CASE STUDY 1

Kingston Hospital NHS Trust

In accordance with guidance issued in the sector, Kingston Hospital NHS Trust launched its controls assurance programme in January 2000, performing baseline assessments against agreed standards and developing a risk and control framework for on-going reporting. Controls assurance was positioned centrally as part of the risk management agenda under the auspices of the Chief Executive’s department. The key selling messages were that the process would:

improve the quality of patient care;
target resources to the real issues;
help employees to do their jobs better; and
provide added protection from an employee perspective. A process of consultation in the initial stages, involving staff at various levels of the organisation, the identification of champions for each standard and strong central support resulted in local ownership and buy-in. The benefits have included:
a more positive attitude towards risk;
a shift in emphasis whereby staff are now more responsive to incidents rather than claims – since the introduction of controls assurance there has been an increase in the number of reported incidents;
far greater emphasis on prevention rather than detection;
50 per cent more complaint responses have been formally responded to within 20 days;
greater awareness of the real operational problems; and
new policies and procedures have been written and others have been revised.

In January 2001, the hospital was externally assessed against the controls assurance risk management standard and scored 89 per cent. This compared with a score of 28 per cent at the baseline assessment, and demonstrated the tremendous amount of work that had been carried out in one year to establish a more robust risk management framework.

Source: Audit Commission

BOX D NHS survey on the benefits of controls assurance

Following the introduction of controls assurance, 460 respondents to a recent survey summarised the benefits as follows:

More effective resource targeting 83%
Compliance with laws and regulations 74%
Helps chief executive to discharge his/her duties 74%
Fewer sudden shocks/unwelcome surprises 61%
Underpins clinical governance 59%
Reduction in management time firefighting 56%
Reduction in adverse incidents 54%
Greater likelihood of achieving objectives 53%
Reduction in claims 47%

Source: Department of Health, Controls Assurance Team

What about local government?

23. Councils are also well placed to benefit from the better management of risk given the pace of change under the modernising agenda and the range of existing and new risks that they face due to their diverse and complex responsibilities. However, progress to date in introducing formal risk management systems has been patchy and lacking overall focus. There is, nevertheless, a sound base on which to build, and many councils will already have some of the key elements of risk management in place, as the next section shows.

2. Risk management in local government

Progress to date

24. Local authorities have a great deal of autonomy in the way that they assess and manage risk, and in how they account to stakeholders for how they have done so. Aspects of the modernising agenda have raised the profile of the probity and propriety aspects of governance, although, as yet, there is no formal requirement for an assurance statement on risk and control such as those in other sectors. Nevertheless, councils have become increasingly conscious of the need for effective risk management and internal control, as well as the need to recognise a wider range of risks. Some councils have made good progress in improving their approach to risk management [CASE STUDIES 2 to 4].

CASE STUDY 2 Liverpool City Council

Liverpool City Council has been taking steps to improve its performance using a risk management approach. The main areas of concern identified were:

an excessive number of committees and member groups;
a failure to produce effective corporate plans;
poor communications, especially with the workforce;
poor-quality and high-cost services;
disengagement from local people;
weak or non-existent corporate and strategic management as a result of chronic departmentalism; and
hostility and mutual distrust between councillors and senior officers.

Recognising that better risk management could potentially address all of these areas, the Council produced a strategic risk framework of 42 risks. These were prioritised and the number cut down to include only higher priority risks. Appropriate control strategies were developed to address these specific risks. More use is now to be made of risk assessments and resources are to be re-deployed. The management team has recognised that it needs to make strategic decisions on areas that are subject to best value review and, consequently, that risk management is more important than ever.

Source: Audit Commission

CASE STUDY 3 Brighton and Hove City Council

Brighton and Hove City Council has approved a risk management strategy and has been pro-active in implementing initiatives taken in other sectors. Risk management consultants were employed to work with the Strategic Management Board (SMB) to set the process in motion. A range of strategic and operational risks were identified. These were then prioritised by the SMB, with the help of facilitators, according to the likelihood of risk occurrence and impact. The SMB is currently grouping these risks and planning control strategies and resource allocation to address those identified as being the highest priority. Departmental management teams will now go through the same process as part of the embedding process. This will be followed by awareness sessions for senior managers, which will then be cascaded throughout the organisation. Tangible benefits have resulted:

risks to the achievement of objectives and performance targets have been clearly identified;
clear management actions have been taken to control these risks;
clear roles and responsibilities for managing risks have been assigned;
the empowerment of individuals has occurred throughout the organisation as a result of identifying the risks that they manage in their jobs;
improved co-ordination of risk management activity throughout the organisation;
reduced duplication between departments in managing overlapping risks while also ensuring gaps are identified and managed;
the provision of opportunities for shared learning on risk management across the Council;
a framework has been put in place for allocating resources to identified priority risk areas; and
reinforcement of the importance of effective risk management as part of the everyday work of Council employees.

Risk considerations are now to be incorporated into planning, best value reviews and project management.

Source: Audit Commission

CASE STUDY 4 East Sussex County Council

The Council acknowledges the need to keep risk management processes and systems under regular review. Significant factors have recently emerged which have led to a revision of the Council’s risk management strategy. These include:

recent developments on corporate governance and risk management;
best value, with its emphasis on continuous improvement and change management;
increasing emphasis on partnerships and other relationships with external bodies; and
a desire to build on the good practice developed during a Y2K compliance project, by commissioning a follow-up project for improved business continuity planning.

The Council is to implement a more effective and consistent framework for risk assessment starting with a project to establish a practical business continuity framework. Any service manager will be able to use this to:

identify key functions and processes for services provided by their team;
evaluate the likelihood and impact of risks that could affect service delivery;
devise risk reduction measures;
produce and maintain business continuity plans; and
implement and rehearse the plans.

To implement this framework, a series of briefings for senior managers and nominated business continuity officers is planned. They will, in turn, arrange training for service managers within departments using facilitated workshops. The Council has recognised the importance of the ongoing monitoring and reporting of risk and proposes to:

link the process of business continuity planning directly to the annual cycle of business or service planning;
establish monitoring mechanisms; and
establish arrangements for reporting to the Chief Officers’ Management Team and the Cabinet as appropriate.

Source: Audit Commission

25. Case Studies 2 to 4 demonstrate the progress being made by local government but these examples are not typical, as initiatives to date have tended to focus primarily on insurance related, health and safety or property protection issues. There is little evidence within councils of the widespread use of an holistic risk management approach covering all types of risk.

Why should all councils respond?

26. The general drivers for better risk management were illustrated in the previous chapter, but those specific to local government are described below. Risk management is central to coping with these changes and initiatives. Given the level and pace of change, there is now a real need for all councils to implement effective risk management systems. Councils that avoid risk are unlikely to be good performers. What is required is flair, innovation and the ability to take informed risks and to manage them effectively. Effective risk managers will, for example, be able to deliver:

an appropriate balance between risk and control;
more effective decision making;
better use of limited resources; and
greater innovation.

What are the big issues?

27. A number of major initiatives are facing local government at present which makes good risk management critically important. In particular, the Local Government Act 1999 (Ref. 6) and the Local Government Act 2000 (Ref. 7) both have major implications for the way in which business is conducted. The emergence of new political structures

28. Local authority powers are being increasingly exercised by cabinets of elected members, and there is the possibility of locally elected mayors in the future. The number of leading members who will be responsible for making major decisions decreases under the cabinet model, and it will become far more important for backbench councillors to scrutinise the policies and actions of the cabinet. Such a significant level of change will itself bring new risks which, without proper management, could result in a loss of control, officers making decisions without proper authority and, perhaps, even a political and managerial vacuum which could lead to a lack of scrutiny.

Best value

29. The introduction of a statutory duty of best value is designed to bring about continuous improvement in the delivery of local authority services. Local authorities are required to publish annual best value performance plans that report on past and current performance, and identify forward plans, priorities and targets for improvement. Furthermore, they are required to review all of their functions over a five-year cycle. In order to accomplish this, councils will have to ask themselves fundamental questions in relation to the 4Cs – challenge, compare, consult and compete – about the underlying objectives and priorities of their work and about their performance in relation to other organisations in the public, private and voluntary sectors.

30. The requirements of best value mean that risk management is now more important than ever. They present a unique opportunity for organisations to reassess their objectives and the threats to achieving those objectives. Organisations can build risk management procedures into the way that they operate as part of a quality revolution to demonstrate real improvements in value. Without good risk management processes, authorities are unlikely to achieve competitive advantage and excellent performance in the best value regime.

e-Government

31. The Government’s published information strategy challenges all public sector organisations to innovate following the four guiding principles of building services around citizens’ choices, making government and its services more accessible, social inclusion and using information better. In the private sector, increasing focus is being directed to the identification and management of e-risks. Indeed, it is becoming increasingly clear that to do nothing in the e-business area is one of the biggest risks. This is particularly relevant to the public sector given the Government’s targets for the provision of services electronically.

Partnership working

32. Councils are entering into increasing numbers of partnerships with organisations from the public, private and voluntary sectors. Some of these organisations may not have the same sensitivities to the risks that a council may see as important. Part of the process of setting up partnerships is to ensure that all relevant risks are identified and shared, and that relevant control mechanisms are built into the management arrangements of the partnership. In particular, community planning, crime prevention, caring for those with mental health problems, regeneration schemes and Private Finance Initiative/Public Private Partnership projects are all examples where good partnership working is essential.

The need to innovate

33. Under the modernising government action plan there is much encouragement to innovate. In central government this is an aspect of risk management that is being reinforced by the Cabinet Office Innovation Unit and by the National Audit Office (NAO). The encouragement to innovate is equally relevant to local government. Proper risk analysis can facilitate the process of innovation and increase the likelihood of such innovation being successful.

The range of risks likely to affect local authorities

34. In the context of recent governance developments, consideration should be given to all categories of risk. The broad range of risks and challenges faced by councils are summarised in BOX E.

BOX E Categories of risk (Ref. 8)

Strategic Risks that need to be taken into account in judgements about the medium- to long-term goals and objectives of the council. These may be:

Political: those associated with a failure to deliver either local or central government policy, or to meet the local administration’s manifesto commitments;
Economic: those affecting the ability of the council to meet its financial commitments. These include internal budgetary pressures, the failure to purchase adequate insurance to cover external macro-level economic changesI, or the consequences of proposed investment decisions;
Social: those relating to the effects of changes in demographic, residential or socio-economic trends on the council’s ability to deliver its objectives;
Technological: those associated with the capacity of the council to deal with the pace/scale of technological change, or its ability to use technology to address changing demands. They may also include the consequences of internal technological failures on the council’s ability to deliver its objectives;
Legislative: those associated with current or potential changes in national or European law (for example, TUPEII regulations);
Environmental: those relating to the environmental consequences of progressing the council’s strategic objectives (for example, in terms of energy efficiency, pollution, recycling, landfill requirements, emissions, etc);
Competitive: those affecting the competitiveness of the service (in terms of cost or quality) and/or its ability to deliver best value; or
Customer/Citizen: those associated with the failure to meet the current and changing needs and expectations of customers and citizens.

Managing strategic risks is a core responsibility for senior managers in close liaison with elected members. Strategic risk assessments should be undertaken as part of the community, corporate and service planning process, and as a key element of service reviews. Strategic risk assessment draws on techniques such as group assessment, brainstorming and SWOT or PESTLE III analyses. Operational Risks that managers and staff will encounter in the daily course of their work. These may be:

Professional: those associated with the particular nature of each profession (for example, social work service concerns over children at risk; housing service concerns as to the welfare of tenants);
Financial: those associated with financial planning and control and the adequacy of insurance cover;
Legal: those related to possible breaches of legislation;
Physical: those related to fire, security, accident prevention and health and safety (for example, hazards/risks associated with buildings, vehicles, plant and equipment, etc);
Contractual: those associated with the failure of contractors to deliver services or products to the agreed cost and specification;
Technological: those relating to a reliance on operational equipment (for example, IT systems or equipment and machinery); or
Environmental: those relating to pollution, noise or the energy efficiency of ongoing service operations.

The categories are neither prescriptive nor exhaustive. However, they should provide a framework for identifying and categorising a broad range of risks facing each service. Each category cannot be considered in isolation. For example, changes in the TUPE legislation would affect judgements about the risks associated with the competitiveness of a service. The loss of a contract as a result of a lack of in-house competitiveness may have greater political, economic and social consequences for the council if TUPE did not apply. Similarly, the physical risks associated with the security of a school can have professional consequences for teachers fulfilling their day-to-day duties and financial consequences for the council as a whole. As a result, managers must consider the risks associated with each of the sub-categories and their inter-relationships if a full risk assessment is to be carried out.

Source: Shorten the Odds (Ref. 8)

I For example, changes in interest rates, inflation, borrowing consent or other responses to the global market.
II Transfer of Undertakings (Protection of Employment) Regulations relating to the possible transfer of staff terms and conditions when in-house work is transferred to an external contractor.
III SWOT – Strengths, Weaknesses, Opportunities and Threats. PESTLE – Political, Economic, Social, Technological, Legislative and Environmental.

NEXT PAGE

Farming Politics Government Posters Humour Technology Religion Nature Me Links Email