1. This is the Rother District Council Risk Management Policy. It sets out the Council’s approach to Risk Management and how this will be monitored. It also outlines the principles of operation for risk.
2. Risk management is the way that the Council responds to uncertainty in the external environment. Risk management allows the Council to:
a. Identify risks in the context of Corporate objectives, including potential opportunities.
b. Assess risks to determine the likelihood and impact of each risk.
c. Determine the response to each risk individually.
d. Develop the necessary actions, controls and processes to implement the chosen response to each risk.
e. Communicate the approach to risk management and the results of risk management activity.
f. Deal with each risk – either avoid, reduce, share or accept it.
g. Exercise the contingencies for managing risks.
3. A strong business wide risk culture is an important aspect of strong corporate governance. Risk Culture is the shared values, attitudes and practices that characterise how the Council considers risk on a day to day basis.
a. Awareness of risks faced by the Council.
b. Understanding of the business and the relevance of risk.
c. Clear ownership of risks.
d. Clearly defined responsibilities for risk management activity.
e. Effective monitoring and reporting of the effectiveness of risk.
4. Whilst the Council should not be risk averse, the principles contained within this policy ensure that the Council strikes the right balance in its approach to business opportunity and risk management.
5. It is also important to set a boundary between risk management and operational management activity, which by its nature has an element of risk management. Generally the boundary adopted by this policy is where the impact becomes Corporate, whilst also acknowledging that there are service based activities whose impact should be considered a Corporate Risk.
6. The Council’s Risk framework is based on a number of elements, closely linked to the Council’s Business Continuity Planning process and also the Corporate Plan project management programme. The principle here to enable a live, easy to use framework that emphasises a flexible response based on experience from exercises. The elements are:
a. The Council’s Risk Management Policy.
b. Risk Matrix.
c. Established contingencies.
d. Corporate Project Management.
e. Business Continuity Plan.
7. The Council works on the basis of a 3 Tier framework of Risk:
a. Corporate Risks – risk that potentially impact on the whole operation of the Council.
b. Service Based Risks – risk that have a specific impact on a Service within the Council, without necessarily impacting on all our operations.
c. Project Based Risks – risk that are around key Corporate Plan Projects. As such these form part of the project management plan for the project.
8. This is a live framework and will be subject to regular change, in line with the business operations of the Council.
Responsibility & Reporting
9. The responsibilities within this policy are outlined below:
Any policy decisions on Risk are fed through to full Council, via the Audit and Standards Committee. Policy updates will be brought forward as required.
Audit and Standards Committee
The Audit Committee is the body responsible for monitoring the Council’s strategic risk management. An annual report will be considered by the Audit and Standards committee on our progress with Risk Management.
Corporate Management Team
Corporate Management Team has the following responsibilities:
a. Implementing the risk management policy.
b. Reviewing the management of strategic risk.
c. Monitoring the effectiveness of the controls developed to implement the chosen risk response.
d. Integrating risk management into project and service planning process.
e. Ensuring that appropriate training is put in place for appropriate officers and that it is reflected in the Member Development programme.
This will be formally considered on a 6 monthly basis, and whenever specific risk issues arise. The Assistant Director, Resources will lead on this for Rother, reporting to CMT.
Heads of Service and Corporate Core
Heads of Service and senior managers within the Corporate Core are key in maintaining our ability to manage risk. They are responsible for working with CMT to maintain the corporate risk matrix. They also maintain a Service based risk register (as required). Finally they ensure projects based within their Service area have risk management in place.