Agenda Item No. 10
The Vale of Glamorgan Council
Audit Committee: 1st May 2018
Report of the Managing Director
Corporate Risk Register Quarter 3 Update
Purpose of the Report
- To update Audit Committee on the quarter 3 position (April- December 2017) of risks contained within the Corporate Risk Register, as outlined in the Corporate Risk Summary Report.
- To provide an overview of the emerging risk themes and issues as outlined in the Risk Register.
- That Audit Committee note the current position of corporate risks, the emerging risk themes and endorses the associated recommendations made by the Corporate Management Team, as contained in this report.
- That Audit Committee refer this report to Cabinet for their consideration and endorsement.
Reasons for the Recommendations
- To identify the current position of corporate risks across the Council and highlight any emerging risk themes and issues.
- To ensure Cabinet receives an up to date position on the Corporate Risk Register and endorses the recommendations contained within this report.
- During June 2017 the Insight Board reviewed our approach to Risk Management through developing a new approach to Risk Management.
- As a result of this review, a new risk methodology has been adopted alongside a revised Risk Register template. The new Corporate Risk Register and its associated Reporting tool was endorsed by Audit Committee on 31st January 2018.
- As a result of reviewing our Corporate Risk Management approach we also undertook a full refresh of the associated Risk Management Strategy. The draft Risk Management Strategy was developed in consultation with the Insight Board and endorsed by Corporate Management Team on 9th April. This report should be read in conjunction with the Risk Management Strategy report that seeks consideration and approval for the proposed Strategy.
Relevant Issues and Options
Corporate Risk Summary
- There are currently 15 Corporate Risks on the Register, as outlined within the within Annex A of the Register. Since the last update, one risk has been removed from the Register (Local Development Plan) and two new risks have been added (CR10: Public Buildings Compliance and CR15: Welsh Community Care Information System).
- Of the 15 Corporate Risks, in terms of risk status, one risk was scored high, one risk was scored medium/high, 11 risks scored medium and two risks scored medium/low in terms of their risk status.
- In terms of the exceptions:
Deprivation of Liberty Safeguards
- This risk is reporting a high status. The Risk Summary Report (within Annex A) provides further detail. We continue to experience pressure on our existing resources, especially Council budgets as a result of increased demand for Best Interest Assessments which continues to escalate this risk. Although good progress has been made in relation to the procurement of Independent Professional Advocacy, this alongside the other existing controls have had a limited effect on controlling the demand. Therefore, we anticipate that this risk is unlikely to diminish over time, but is more likely to be sustained at a high status for at least the short to medium term.
- Public Buildings Compliance
- This risk scored an 8, giving it a Medium/High status. This is a newly adopted Corporate Risk that has been added to the Risk Register at the request of the Director of Environment and Housing which was endorsed by Audit Committee on 31st January 2018. Good progress has been made during the quarter by putting in place robust controls to further mitigate the risk.
- These controls include the:
- Successful appointment a Compliance Officer and two trainees to oversee Corporate Building Compliance across the Council and with our Third Sector commissioned providers.
- Development of an E-form for the collection of compliance data from schools.
- Development of a spreadsheet of schools that have signed up to an SLA with the Council to manage building compliance on their behalf.
- Inspection of over 10 school sites to establish their compliance position with appointments made with the majority of the other schools.
- Production of an inventory for Social Services premises (including those used by commissioned Third Party providers) to identify a clear compliance position is now 90% complete.
- Although good progress has been made in implementing appropriate controls to mitigate this risk, it still remains a medium/high risk on the Register. This reflects how as a newly acquired risk on the Register actions continue to be progressed in relation to the Risk Management Plan. Over the next quarter we will continue to focus on progressing the actions associated with the development of a Master List for all Public Buildings and its associated 'weighted formula' for calculating recharge costs for Premises Managers (Duty Holders) who have signed up to an SLA with the Council. We will also focus on progressing the roll out of the IPF system for use by Premises Managers (Duty Holders) as well as the roll out of a new corporate approach in relation to building compliance of non-school premises. It is forecast that this risk will continue to remain medium/high for at least the short term.
Safeguarding and Contract Management
- Both the safeguarding risk and the contract management risk remain medium/low (3) in terms of their risk score.
- The safeguarding risk has a robust set of controls in place that are effectively mitigating against this risk. The establishment of a corporate-wide policy on safeguarding covering all council services has provided strategic direction and clearer lines of accountability in terms of our safeguarding practice. The establishment of the safeguarding hotline has further reinforced our safeguarding responsibilities by providing staff with a single point of contact to report any safeguarding concerns. During Safeguarding Week in November 2017, over 100 members of staff attended a conference to further stress how safeguarding is 'everyone's responsibility'. The conference aimed to raise awareness amongst staff not just across Social Services but across the Council as a whole. At the end of the event attendees were encourage to complete an evaluation where 100% of Social Services respondents and 86% of non-Social Services respondents said they felt that they could put their learning into practice after the event. Although this risk remains relatively low, it continues to feature on the Risk Register due to the volatile nature of the risk. Safeguarding is of the utmost importance and our approach to safeguarding needs to be regularly reviewed and updated to ensure we can effectively manage the risk.
- In relation to the contract management risk, the existing controls are proving to be particularly effective. There has been cross-directorate training on procurement and contract management as part of the Management Competency Framework that to date over 300 staff have attended. There is regular review of the completion of contractual paperwork and a system has been established for monitoring non-compliance against agreed service targets. During the quarter, a new electronic Contract Register has been developed and work has commenced on populating data within the system. This outstanding work alongside the review of contract monitoring by Internal Audit will continue into quarter 4. It is forecast that this risk will reduce over time and that it will be removed from the Register once all actions within the Risk Management Plan have been completed.
- Annex A contains the full Risk Register along with a Risk Summary Report outlining the position of all Corporate Risks.
Risk Heat Map Summary
- The Corporate Risk Summary report (Annex A) has heat maps that plot on a matrix the residual risk scores for each corporate risk. For quarter 3, the overall heat map on page 3 shows that the majority of corporate risks congregated around Medium. However, when the risks are evaluated by their risk categories there continue to be more risks grouped within medium to medium/high bracket for reputation-based risks. This compares to the legislative/political, service delivery and resources risks where on the whole there were more corporate risks sitting within the medium end of the risk quadrant.
- Deprivation of Liberty Safeguards continues to sit in the high category part of the quadrant (with a residual score of 12) across three of the four risk categories with the exception of reputation where it scored medium/high (9). This is closely followed by the Public Buildings Compliance risk which is positioned within the medium/high category of the quadrant (with a residual score of 8) across three of the four risk categories with the exception of resources where it scored medium (4). In relation to resources-based risks associated with Public Building Compliance the overall risk score is lower. This reflects that the controls that have already been put in place are effectively mitigating against the resource-based risks for Public Buildings Compliance.
Reputational risks continue to score more highly across the spectrum of corporate risks because they are governed more by the perceptions of our performance by customers/residents and regulators. This highlights how there needs to be a greater focus on controls that can further address the reputational aspects of corporate risks.
Risk Management Plan Summary
- During the quarter, strong progress has been made in relation to the Risk Management Plans across all aspects of the Register. In total there are 117 actions currently being monitored via the Register that are linked to a corporate risk. The majority of these are also actions that are aligned to the delivery of our Corporate Plan priorities. During quarter 3 we have been able to assign a RAG status to 112 of these mitigating actions.
- 67% (75) of mitigating actions outlined in the Risk Management Plans have a green status and are on track (in terms of progress) for completion within the designated timescales. There are also 12.5% (14) actions that have been completed during the quarter. Where this is the case, these completed actions will be removed from the Risk Management Plan and incorporated as controls within the relevant sections of the Register.
- A small proportion of actions, 2.7% (3) have been assigned an Amber status to reflect that there has been some minor slippage during the quarter. The Amber status reflects that although some minor slippage has been reported, these actions have the potential to become Green within the designated timescales if remedial action is taken to progress the actions.
During quarter 3, 17.9% (20) of actions were assigned a Red Status (where progress slipped against the designated timescales). The areas of slippage during the quarter were in relation to CR2: Legislative Change &Local Government Reform (two actions), CR3: School Reorganisation & Investment (one action), CR4: Housing Improvement Programme (two actions), CR5: Waste (five actions), CR6: Workforce (one action), CR7: Information Security (three actions), CR8: Environmental Sustainability (three actions), CR11: Safeguarding (one action), and CR12: Integrated Health & Social Care (two actions). The greatest proportion of slippage/Red Status actions was in relation to CR5: Waste, where five of the seven (71.4%) mitigating actions within the Risk Management Plan were assigned a Red Status. In all cases where a Red or Amber status has been reported in relation to these actions, appropriate remedial action has been identified to progress the actions and get their performance back on track. No red status was assigned to actions in relation to CR9: Welfare Reform, CR10: Public Buildings Compliance, CR13: Unauthorised Deprivation of Liberty Safeguards (DOLs), CR14: Contract Management and CR15: Welsh Community Care Information System (WCCIS).
Across each of the Risk Management Plans, an overview of progress (RAG Status) in relation to the mitigating actions is provided in Annex B.
Feedback from Corporate Management Team
- CMT considered the Quarter 3 Risk Register update and the associated Risk Summary Report at its meeting on the 18th April 2018. A variety of emerging workforce issues were raised by a number of service areas, specifically the challenges in attracting and retaining staff in key roles within Internal Audit, Learning & Skills and Social Services.
- CMT recommended that: The update of the existing corporate workforce risk for Q4 to incorporate emerging issues relating to the recruitment and retention of key staff in some service areas (notably Internal Audit, Learning & Skills and Social Services) including any mitigating actions to address these.
Emerging Issues & Risks
Legislative Change & Local Government Reform
- Up until recently the emphasis has been on regional working/collaboration. The areas of regional working focus around economic development, strategic land use planning and strategic transport in relation to three larger regions; North Wales, Central and South West Wales and South East Wales with scope for sub-regional working.
- Although the quarter 3 update provided within the Register still reflects this position outlined above, since then the situation has moved on. More recently the Welsh Government announced that merger arrangements are back on the agenda through the rationalisation of Local Authorities in Wales. On the 20th March 2018, the Welsh Government published a Green Paper for consultation on the proposals for reforming local government in Wales. One of these proposals would see a merger between the Vale of Glamorgan Council and the Cardiff Council. Although our focus on developing more regional ways of working will continue, this change in direction by the Welsh Government would completely alter the local government landscape in the future. The Council is currently formulating a response to the Welsh Government's consultation which is due to be submitted by June 2018. An update and analysis of the impact of these potential changes in relation to the Legislative Change & Local Government Reform risk will be considered in greater detail as part of the quarter 4 Risk Report.
- Although good progress has been made in relation to the implementation of WCCIS, there are some emerging issues to be aware of that have moved on since the quarter 3 period. The resilience of staffing is an ongoing issue which has the potential to impact on the transition and development of the system locally. There is also an emerging issue in relation to the print function. This could cause difficulties in relation to the printing of care plans/assessments for service users. Whilst this problem is investigated and resolved, a workaround has been developed that enables us to provide documents to service users in a different format (via Word). A more detailed update and analysis of these issues will be reported in the next Risk Register Update (Quarter 4).
- Emerging Risks
- No further emerging risks have been identified during the quarter. Any emerging risks that have been identified via the Council's Corporate Self-Assessment process will be considered by Insight, CMT and Audit Committee during the next cycle of quarterly reporting (quarter 4).
Resource Implications (Financial and Employment)
- Managing and reducing risks effectively helps prevent unnecessary expenditure for the Council, reduces insurance claims and premiums and provides better protection for the Council and its staff and members.
Sustainability and Climate Change Implications
- Corporate risks are considered in the context of the Wellbeing of Future Generations Act in terms of the impact they could potentially have on our contribution to the Wellbeing Goals. The five ways of working are also a key consideration in relation to our corporate risks to show how mitigating actions can be put in place as part of the risk management plans within the Risk Register.
Legal Implications (to Include Human Rights Implications)
- Identifying, managing and reducing risk effectively mitigates against potential legal challenge.
Crime and Disorder Implications
- None directly.
Equal Opportunities Implications (to include Welsh Language issues)
- Mitigating actions and controls to counteract any equalities related risks are outlined in each risk template in the Risk Register and monitored by the Insight Board, CMT, Audit Committee and Cabinet.
- Risk management is an intrinsic part of corporate governance and integrated business planning which underpins the delivery of the Council's Corporate Plan and wellbeing outcomes.
Policy Framework and Budget
- The proposals are within the Council's Policy Framework.
Consultation (including Ward Member Consultation)
- Consultation has taken place with nominated risk owners and Corporate Management Team.
Relevant Scrutiny Committee
- Corporate Performance and Resources
Corporate Risk Register
Huw Isaac, Head of Performance and Development.
Corporate Management Team
Corporate Risk Owners
Head of Performance and Development
Operational Manager, Performance and Policy
Operational Manager, Internal Audit
Rob Thomas, Managing Director.