Most of the content on this intranet is made up of ex county council information due to the county intranet being turned off. Please read the blog to find out more about how we have developed this new intranet and where you can go to find information that relates to you.
Summary of Roles and Responsibilities
Roles and responsibilities summary.
Risk management is the responsibility of everyone within the Council.
Risk management should be a standard agenda item on Directorate and Service Management Team meetings to allow for the identification of new, emerging risks and for the escalation of significant operational risks.
Formal reviews of Service operational risk registers should be undertaken quarterly.
A summary of the key management roles and responsibilities required to embed, support and use the Risk Management Framework are outlined below:
Senior Leadership Team
- Overall leadership and accountability for the effective delivery of the Council’s risk management function, approving the Risk Management Framework and Improvement Plan on an annual basis.
- Ensuring the Strategic Risk Register is an up to date record of the current risk exposure and monitoring progress against Service level significant operational risks.
- Provide oversight and resolution for the escalation of key risks from the Transition and Transformation Board and Capital Programme Board(s) and receive updates on projects and programmes considered by the Strategic Programme Panel.
Assistant Directors
- Ensure adherence with risk management requirements, champion the benefits of effective risk management and develop a risk aware culture across their respective service areas.
- Take ownership for risks within their function and service areas and ensure risk registers are in place, regularly discussed, reviewed, updated, planned activity is delivered and risks escalated as appropriate.
Programme Management Office
- Formal governance arrangements are in place for the monitoring and reporting of Corporate and Service transformation programme risks, with a Gateway approach from project concept, definition, delivery and closure phases.
- The Gateway approach is overseen by the Strategic Programme Panel, the Transition and Transformation Board and the Capital Programme Board(s).
- Inter Authority Agreement Joint Officer Board, Joint Executive and Joint Overview and Scrutiny Committees oversee the risks related to Joint Disaggregation Programme with Westmorland and Furness highlighted by individual Project Delivery Groups via the Joint Disaggregation Group.
Head of Internal Audit and Risk Management / Risk Manager
- Champion the development of an effective risk management culture and support the embedding of risk management within Directorates and across Council Services.
- Annually review arrangements for risk management and governance and advocate best practice in risk management through training and awareness.
- Produce Strategic Risk Reports for the Audit Committee and oversee the escalation of risks from Directorate/ Service areas to Senior Leadership Team for monitoring and for consideration of inclusion onto the Strategic Risk Register. Identify and monitor any strategic emerging risks.
Service Managers
- Ensure adherence with the minimum risk management requirements, encourage risk aware behaviours with staff and be open about risk taking so that response actions can be agreed.
- Identify and act upon the key risks that could significantly impact on the achievement of their service priorities and objectives.
- Regularly review and report on risk response actions and escalate risks as required.
All employees
- Have an understanding of the risks that impact their role and local working environment, including their own personal Health, Safety and Wellbeing, and be able to manage those risks adequately.
- Have an understanding of the key risks that affect their service delivery and achievement of their objectives and being aware of what contribution they make to mitigate or control the risks that support service outcomes.
Risk Management Framework Risk Response
Risk tolerances are defined in terms of Severe (Red), Significant (Amber), Mitigable (Yellow) and Manageable (Green) risk exposure and are responded to proportionately.
This approach guides staff on the level of risk permitted and encourages consistency of approach across the Council.
In the main, Intolerable risks are those that:
- Negatively affect the safety of customers/ clients and staff.
- Have a direct impact on the Council’s reputation.
- Lead to a breach of laws or regulations.
- Endanger the sustainability of Council services.
- Have a significant financial impact.
Escalating Programme Management Office Risks
Formal governance arrangements are in place for the monitoring and reporting of Corporate and Service transformation programme risks. As projects are developed, key risks are considered by the Strategic Programme Panel before determining whether to allocate resources to deliver the projects. Once in delivery, the Transition and Transformation Board and Capital Programme Board(s) report the escalation of risks to the Senior Leadership Team (see Roles and Responsibilities). If there are significant changes required to project scope, time or cost, project adjustment requests are considered by the Strategic Programme Panel.
Escalating Operational Level Risks
Directorates and Assistant Directors are responsible for developing appropriate operational risk registers for their area of service delivery and these should be reviewed quarterly at Service Management Team meetings to monitor the risk environment and the progress on the implementation and effectiveness of the risk controls.
Any identified areas of concern, where risks exceed the significant risk threshold (15-25 score – Amber to Red), are to be escalated as a Significant Operational Risk by the relevant Assistant Director to their Director for monitoring; and, where risks have a wider implication on the Council, the Director can escalate the risk to the Senior Leadership Team for review, until sufficient mitigating controls have been introduced to limit the level of risk exposure. The escalation process allows service areas to highlight areas of concern with senior management to enable assistance and support in resolving the issues.
A Significant Operational Risk Register template should be completed to record the details of these risks, the future actions which are being taken to reduce the risk to target and the contingency actions which are in place should the risk occur. The Head of Internal Audit and Risk Management should be informed of all escalated risks so that they can be monitored and the adequacy of control actions assessed.