Decision Title: OPCC Risk Management Strategy 2021-22 – Annual review
Decision Reference Number: WPCC3-0013
Lead Officer: Sara Ansell
If force business, date approved by Chief Officer: N/a
Date: 26 July 2021
The PCC’s risk management policy was last reviewed in July 2020, and has been reconsidered and updated as necessary by the Treasurer and Chief Executive in conjunction with the wider OPCC staff as part of an annual review process. A small number of minor updates have been incorporated from this process, to ensure the policy reflects best practice, is fit for purpose and makes provision for the adequate management of risk and the processes for dealing with risk, both strategic and operational, at the OPCC. The risk management strategy was presented to the Joint Audit and Standards Committee (JASC) in July 2021, to seek any further independent feedback, prior to formal sign off by the Commissioner.
Signature: Philip Seccombe
Date: 3 August 2021
1. Background information
The PCC risk management strategy was fundamentally reviewed and subsequently approved in July 2020, following the transition away from the alliance, and the former shared risk management policy with West Mercia. As part of our governance process the strategy has been reviewed as part of an annual process, to ensure that it remains up to date and fit for purpose. Over the last 12 months the risk management process at the OPCC has become more embedded. All OPCC staff have been briefed on the strategy, their risk management responsibilities and their input and discussion on operational risks is used to inform the regular review of strategic risks, which are recorded and reported to the JASC on at least a quarterly basis. The strategy will continue to be refreshed annually to ensure that it remains fit for purpose to mitigate and manage OPCC risks.
The review of the strategy is necessary to ensure that it:
- reflects Warwickshire PCC’s needs and approach to risk management (including process and procedure),
- complies with best practise and appropriate legislation,
- is consistent with the approach taken by the force to make the document more ‘familiar’ to users and enable a more holistic and complete overview of risks facing Warwickshire policing to be considered.
- provides for the appropriate governance arrangements for risk management, so that our risk register accurately reflects the risks for Warwickshire PCC, provides a suitable risk management framework, clearly identifies our risk management objectives and benefits and also outlines the roles and responsibilities for dealing with risk at the OPCC.
The main changes in the risk management strategy as part of this annual review, have addressed where relevant, the key recommendations made in the recent internal audit on risk management, and the current process for managing risk at the OPCC. The audit opinion provided moderate assurance regarding the process and the key actions can be summarised as:
- Policies and procedures – the strategic risk map doesn’t show previous and inherent risk, only current risk
- Risk management training and support, including: regular discussion of operational and strategic risk, training for staff, accountability and recording of operational risks
- Central register of operational risks needs to be fully developed.
- Risk management is not embedded in organisational practice at service area level in line with the ALARM Risk Maturity Model for Risk Management in the Public Services at level 3 which is the accepted level
- Governance and reporting – better oversight of operational and project risks.
JASC have a key responsibility, outlined fully in their terms of reference and is covered under the governance, risk and control principle, whereby the JASC are required to monitor the effective development and operation of risk management, review the risk profile, and monitor progress of the PCC/Chief Constable in addressing risk-related issues reported to them. JASC received a full copy of the report at their July 2021 meeting and have recommended that the reviewed policy be approved by the Commissioner.
2. List of additional information attached as appendices
3. Expected benefits
A relevant and up to date risk management strategy provides the framework to ensure that there are good governance arrangements in place for dealing with risk. It will also help to ensure that appropriate actions and mitigations can be put in place to reduce risk where possible.
4. Impact of not approving the application
The current strategy may become outdated, risks may not be effectively managed and could result in adverse outcomes.
5. Costs (including any identified savings)
There are no direct costs as a result of this policy, but by managing risk effectively this could result in a reduction in costs, or cost avoidance by the OPCC.
6. Equality implications
There are none directly arising from this Agreement.
The PCC’s risk management strategy will help to ensure that the risks associated with the legal and statutory functions of the PCC can be managed effectively and that good governance arrangements are in place.
Information in this form is subject to the Freedom of Information Act 2000 (FOI Act) and other legislation. Unless the information provided is covered by an exemption and stated to be either confidential or partly confidential, the information contained in the form will be published on the OPCC website.
Comments from the Treasurer
Managing risk effectively is essential in promoting good governance. Whilst there are no direct financial implications as a result of this strategy and the annual review process, not having the correct governance arrangements in place for managing risk could result in significant financial and non-financial implications for the PCC.
Comments from the Chief Executive and Monitoring Officer
A relevant and comprehensive risk management strategy will provide the OPCC with a framework to ensure that good governance arrangements are in place for dealing with risk. It will also help to ensure that appropriate actions and mitigations can be put in place to reduce identified risks where possible.