To: GOVERNANCE AND AUDIT COMMITTEE
23 MARCH 2022
straTegic risk update
Head of Audit and Risk Management
1 PURPOSE OF REPORT
1.1 This report presents the updated Strategic Risk Register.
2 RECOMMENDATIONS
2.1 The Governance and Audit Committee to provide feedback for CMT on the strategic risk register attached
3. REASONS FOR RECOMMENDATION
3.1 To ensure Council; has identified all its key risks so that these can be appropriately manages and mitigated.
4 Alternative Options Considered
4.1 There are no alternatives.
5 SUPPORTING INFORMATION
5.1 The Register was reviewed by the Strategic Risk Management Group(SRMG) on 10th February prior to review at CMT on 9th March. The following changes were made to the Register:
· The Finance (Risk 1) was re-graded from a red to amber risk; and
· The COVID risk score (Risk 11) is reduced for consistency with the COVID risk register following review at GOLD meetings.
6. Consultation and Other Considerations
Legal Advice
6.1 There are no specific legal implications arising from the recommendations in this Report.
Financial Advice
6.2 There are no financial implications arising from this report.
Other Consultation Responses
6.3 The register was reviewed by SRMG and CMT on 10th February and 9th March respectively.
Equalities Impact Assessment
6.4 Not applicable.
Strategic Risk Management Issues
6.5 A robust Strategic Risk Register that is a complete and up to date record of the significant corporate risks is essential for effective risk management, enabling the Council to prioritise resources to identify and implement actions to address the threats to the achievement of the Council’s objectives and make informed decisions
Climate Change Implications
6.6 Not applicable.
Health & Wellbeing Considerations
6.7 Not applicable.
Background Papers
Risk Management Strategy
Contact for further information
Sally Hendrick, Head of Audit and Risk Management - 01344 352092
APPENDIX 1
RISK MATRIX- STRATEGIC RISK REGISTER CURRENT RESIDUAL RISK SCORES AND RAG RATING AS RED, AMBER OR GREEN
|
5 |
|
|
|
|
|
|
Likelihood: 5 Very High 4 High 3 Significant 2 Low 1 Almost Impossible
Impact: 5 Catastrophic 4 Critical 3 Major 2 Marginal 1 Negligible
|
|
||
|
4 |
|
|
11. COVIDò
|
1. Finance and economic
2. Staffing
3. Special education needs
4. Adult social care supply chain and socio economic risks
12 Children’s Social care ñ |
|
|
|
|||
LIKELIHOOD |
3 |
|
|
10. control environment
8. Data protection |
7. Cyber
9. Business continuity
|
|
|
|
|||
|
2 |
|
|
6. IT Strategy and Infrastructure
|
5.. Safeguarding children and vulnerable adults
|
|
|
|
|||
|
1 |
|
|
|
|
|
|
|
|
||
|
|
1 |
2 |
3 |
4 |
5 |
|
|
|||
|
|
|
IMPACT |
|
|
|
|
||||
APPENDIX 2
STRATEGIC RISK REGISTER MARCH 2022
Strategic Theme 1:Value for money |
||||||||||
Risk 1: Significant pressures on the Council’s ability to balance its finances whilst maintaining satisfactory service standards |
Risk Owner: Executive Director: Resources |
|||||||||
Risk Rating (Likelihood x Impact) Unmitigated 5 x 5 Current Residual 4 x 4 Target Risk Score 3 x 3 Potential Impact · Strategic objectives and statutory duties not met |
Rationale for current score: Current risk score maintained despite improvement in the financial position and forecast outturn due to ongoing financial concerns and pressures.
Rationale for target risk score Achieving a sustainable financial position is a core responsibility. The target score has been increased slightly reflecting risk appetite.
|
|||||||||
Current Actions (What we are currently doing about the risk) · The approach to budget monitoring has been changed to reflect the level of unpredictability. Now identifying best and worst case scenarios and tracking use of the covid contingency. · Monthly returns are being provided to MHCLG, supporting the need for additional Government resources to be provided to cover the unprecedented additional costs arising from Covid-19 measures · Approved plans are in place to invest in projects that will both provide improved local facilities for residents and reduce costs / increase income to mitigate future spending pressures, e.g. Heathlands and the Property Joint Venture. Regular updates on these projects are provided to CMT. · Preparations have started for the 22/23 budget with significant uncertainty at this stage around the level of resources available |
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
|||||||||
Strategic Theme 1: Value for money Strategic Theme 2: Economic resilience Strategic Theme 3: Education and skills Strategic Theme 4: Caring for residents and their families Strategic Theme 5: A clean, green and responsibly sustainable place Strategic Theme 6: Communities |
|||||||||||||||||||||||||||||||
Risk 2: Staffing pressures |
Risk Owner: CMT |
||||||||||||||||||||||||||||||
Risk Rating (Likelihood x Impact) · Unmitigated 5 x 4 · Current Residual 4 x 4 · Target Risk Score 3 x 3
Potential Impact · Increased financial pressures due to high reliance on locums and agency workers · Increased reliance on market premia and retention payments due to labour market pressures i.e. social workers and specialists post · Potential for weakness in resilience in key areas as locums and agency workers can leave at shorter notice. · The loss of experienced permanent staff and replacement with less experienced agency personnel. |
|
Rationale for current score: Increased turnover of staff in key areas and difficulties in recruiting to key technical posts due to pressures in the market and delays arising from COVID 19.
Rational for target risk score Staff are the key resource in delivering key services and providing support to front line services.
|
|||||||||||||||||||||||||||||
· Current Actions(What we are currently doing about the risk) · Management information on long term, high cost locums/ agency workers now being produced for peer review at CMT. · Retendered neutral agency vendor contract · New campaign out for OTs · Preparing an ongoing campaign for Children’s Social Workers to reduce the number of recruits that are currently coming through from agencies at an extra cost. · New mobile friendly job application form · Regional benchmarking of salary and benefits paid by other local authorities – part of recruitment project which will inform future recruitment and retention strategy · Small budget set aside to boost visibility and target applicants free of charge for specific adverts for traditionally hard to fill posts. · Well-being initiatives and research activity underway that will diagnose support needed to staff · Current HR-OD redesign process is implementing instant win improvements to processes and systems for recruiting · managers and potential applicants i.e. mobile application functionality · People – workforce board – meeting monthly to discuss, plan and optimise staffing budget across services · Exit interviews are undertaken with it being possible to request a full one. Hard to recruit areas are being targeted. · Market premia is being implemented where required plus, where applicable, consultants are being moved to employee status · Staff wellbeing surveys being undertaken on a quarterly basis in response to additional pressures from COVID · Managers Handbook developed and awaiting review before issuing
|
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
||||||||||||||||||||||||||||||
Strategic Theme 3: Education and skills |
||||||||||||||||||
Risk 3: Council unable to ensure children with special education needs receive timely and appropriate support for their education due to the rate at which demand is increasing. |
Risk Owners: People DMT |
|||||||||||||||||
Risk Rating (Likelihood x Impact) Unmitigated 5 x 4 Current Residual 4x 4 Target Risk Score 2 x 3 Potential Impact · Failure to meet demand for support to children with higher level education needs and their parents · Statutory duties not met due to pressure on services · Increased budget pressures owing to market inability to meet demand and competition driving up places |
|
Rationale for current score: Risk level maintained following OFSTED inspection and following steep increase in children with an EHCP. Increased pressures on internal resources to deliver education psychology, undertaking the identification, assessment and monitoring of provision for children that require an Education Health Care Plan (EHCP) 2, parental guidance and dispute avoidance and resolution exacerbated by high staff turnover. Rationale for target risk score Risk appetite is fairly low due to statutory responsibilities to safeguard and educate.
|
||||||||||||||||
Current Actions (What we are currently doing about the risk) · SEN Commissioning Strategy & Plan developed · High Needs Block project progressing: commissioning framework in development, realignment of budget, high levels of scrutiny · Restructure of SEN Team and changes in processes · Review and restructure of SEN Support Services · SEN Task and Finish Group · SEN Improvement Board set up with all stakeholders · Review of current Education Establishment sites and feasibility study to explore what additional provision can be developed within borough, which will reduce cost and provide more local places: Specialist Resource Provision x 8 have been developed to provide on school site specialist units · Increased resources to facilitate development and implementation of improved annual review processes and placement decisions |
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
|||||||||||||||||
Strategic Theme 4: Caring for residents and their families |
|||||||||||||||||||||||||
Risk 4: Council unable to sustain delivery of services to support adult social care needs due to uncertainty of changes in demand arising from socio-economic factors and insufficient external provision for adult social care. |
Risk Owners: Executive Director: People |
||||||||||||||||||||||||
Risk Rating (Likelihood x Impact) Unmitigated 5x4 Current Residual 4 x 4 Target Risk Score 3 x 3 Potential Impact · Failure to meet demand. · Statutory duties not met. · Increased budget pressures · Needing to move people from one setting to another at short notice |
|
Rationale for current score: The unmitigated and current residual scores have both increased due to the impact of COVID 19 which has put pressure on adult social care providers and hence the supply chain.
Rationale for target risk score With changes in the adult social care provider market, the Council will have to accept a higher level of risk.
|
|||||||||||||||||||||||
Current Actions (What we are currently doing about the risk) · People Care Governance board in place to manage any strategic provider safeguarding and quality issues · Continuing rollout and development of contract monitoring toolkit and approach · East Berks Commissioners group developed during COVID is ensuring a collaborative approach to market management including a specific task and finish group reviewing capacity · East Berks COVID Care governance group meets weekly to support providers where there is an outbreak and support a co-ordinated response · Market Position Statement is currently in development · Heathlands due to open in April 2022 · Regular provider forum’s ensure we are kept up to speed with emerging issues · Use of the NHS capacity tracker to assess local supply · Risk and Issue log in place and reviewed across operations, safeguarding and commissioning 3 times a week that includes and market capacity issues and risks · Care home resilience plans developed during pandemic. These were considered to be examples of exemplary practice by the Local Government Association and ADASS (the safeguarding adults network). · Linked into the national social care sector COVID Support Task Force which oversees implementation of the Government’s care home support package . · Financial support provided to social care providers between April and July to meet costs and loss of income associated to Covid outbreak · Review of Adults Conversations Model, conversation 3, as part of transformation project · Assess purchasing intentions based on the current appraisal of the range of support. · Analysis prepared on the annual impact of demographic change as part of the council’s budget setting process · Reducing demand through prevention / reablement / review of existing care packages · Finance tracker reviewed monthly and intelligence used to address pressure points
|
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
||||||||||||||||||||||||
Strategic Theme 4: Caring for residents and their families |
|||||||||||||||||||||||||||||||
Risk 5: The Council does not identify and discharge all its responsibilities for safeguarding children and vulnerable adults
|
Risk Owner Executive Director:People |
||||||||||||||||||||||||||||||
Risk Rating (Likelihood x Impact) Unmitigated: 5 x 5 Current residual: 2 x 4 Target Risk Score 2 x 3 Potential Impact · Death or serious injury · Prosecution · Detrimental impact on council reputation · Censure by inspection · Public dissatisfaction · Relationship with partners impaired
|
Rationale for current score: Active controls in place to mitigate risk.
Rationale for target risk score Increased in Qtr 2 of 20/21 as the Government’s guidance had been that the full suite of safeguarding measures could not be delivered due to COVID-19. . .
|
||||||||||||||||||||||||||||||
Current Actions (What we are currently doing about the risk) · Continue to roll our safeguarding awareness programmes for all internal staff and stakeholders · Adherence to the pan-Berkshire safeguarding children procedures · Training provided for all staff as identified in induction and through appraisal process · All staff have regular supervision as per the council’s policy · Ensure that the audit programme for children’s social care is adhered to · Supervision and appraisal policy in place and applied including review of PDP · Embedding of Family Safeguarding Model of practice to ensure strong evidence-based practice with highly skilled and trained workers · Opportunity for greater collaboration with local stakeholders through the People Safeguarding Board covering Adults and Children is being implemented · Ensure that people are fully involved with the safeguarding process · Promote positive risk management by ensuring people are supported to identify risks associated with those actions and have risk management plans in place · Multi-agency risk framework now in place · Make Safeguarding Personal as per the Care Act 2014 in place · Dedicated work on contextual safeguarding · Identification and delivery of relevant training and development for staff · Regular audits of practice including case audits and supervision files · Regular monitoring of data and information · Annual reporting to DMT, Executive Director for People, Chief Executive and Safeguarding Board · CSE and missing focused work · Work of the Safeguarding Board in prevention / communication · Review of school related policy documents where there is a potential risk of harm, e.g. administration of medicine and review of training · Highlight headteacher and governor responsibilities · School visits / activity logs / systems · Ensuring staff are kept up to date with training and developments in practice, within a partnership environment
|
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
||||||||||||||||||||||||||||||
Strategic Theme 1:Value for money Strategic Theme 2: Economic resilience Strategic Theme 3: Education and skills Strategic Theme 4: Caring for residents and their families Strategic Theme 5: A clean, green and responsibly sustainable place Strategic Theme 6: Communities |
||||||||||
Risk 6: IT Strategy and digital infrastructure fails to meet the needs of the organisation. |
Risk Owners: Executive Director Delivery |
|||||||||
Risk Rating (Likelihood x Impact) Unmitigated 4 x 5 Current Residual 2x4 Target Risk Score 2 x 3 Potential Impact Disruption to services. Failure to meet statutory duties. |
|
Rationale for current score: Having completed the cloud migration project for the key systems of the council, moving services to either Azure and SaaS and the upgrade to EDS / Forestcare, the normal operations of systems has been protected and made more resilient from all but a cyber attacked
y Rationale for target risk score Appetite is low due to dependency on IT for delivery of all services .
|
||||||||
Current Actions (What we are currently doing about the risk) · Improvement programme being implemented and updates being provided and being monitored at CMT on a regular basis
· Networking Strategy developed for approval · Remedial work to fix infrastructure issues continuing. · Cloud migration strategy underway · Phase four of Office 365 programme being scoped, to ensure we maximise the return on our investment in the Enterprise Licensing
|
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
|||||||||
Strategic Theme 1: Value for money Strategic Theme 2: Economic resilience Strategic Theme 3: Education and skills Strategic Theme 4: Caring for residents and their families Strategic Theme 5: A clean, green and responsibly sustainable place Strategic Theme 6: Communities |
||||||||||||||||||||||
Risk 7 IT controls or staff vulnerabilities fail to prevent a cyber attack and/or unable to respond effectively to an attack to enable IT services to be sustained. |
Risk Owners: Executive Director Delivery |
|||||||||||||||||||||
Risk Rating (Likelihood x Impact) Unmitigated 5 x 5 Current Residual 3 x 4 Target Risk Score 2 x 2 Potential Impact · Disruption to services. · Failure to meet statutory duties. · Reputational damage. · Financial loss |
|
Rationale for current score: The inherent likelihood of cyber-attacks against local authorities has risen with more sustained and intense attacks. The current likelihood of the risk materialising has hence increased. The impact of an attack is mitigated by improving cyber security controls in IT, and Disaster Recovery and Business Continuity arrangements. An external review of cyber risk controls is currently ongoing which will identify if this risk can now be reduced.
Rationale for target risk score Appetite is low due to dependency on IT for delivery of all services. .
|
||||||||||||||||||||
Current Actions (What we are currently doing about the risk) · Cyber Security policies all re-written and published on the intranet · Microsoft SCP ATP II Licensing acquired for advanced security on Office 365- Outlook, Office, SharePoint and Teams as well as security and compliance on all Council data. · Windows Defender ATP deployed for the best in class anti-virus protection for all laptops. · MS Intune deployed for protection of smartphones · PSN compliant · Members of government early warning groups such as NCSC (National Cyber-Security Council ) and SEGWARP (Warning, Advice and Reporting Point) · Mandatory Information security and GDPR training before access is given to systems · Disaster Recovery Plan and Action Plan for the systematic recovery of systems. · Disaster Recovery contract with a provider to get systems up and running and an Action Plan for the systematic recovery of systems · Cyber risks monitored through Delivery risk register · Risks of cyber attacks covered regularly in IT newsletter · NCSC Cyber Security training package undertaken by staff in IT and Digital Services · New VPN with Split Tunnelling has been implemented. Microsoft Defender Advanced Threat Protection web filtering has been implemented. · External review of cyber controls is underway. This will deliver recommendations on technical improvements, ICT staff development and organisation-wide staff training that will help to improve our cyber resilience. · New VPN configuration reduces risk of successful cyber-attack. · Cyber training identified · New network strategy developed will enable greater resilience against cyber attacks · Cyber review undertaken and action plan is in development to address recommendations
|
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
|||||||||||||||||||||
Strategic Theme 1:Value for money Strategic Theme 2: Economic resilience Strategic Theme 3: Education and skills Strategic Theme 4: Caring for residents and their families Strategic Theme 5: A clean, green and responsibly sustainable place Strategic Theme 6: Communities |
||||||||||||||||||||||
Risk 8: Council unable to comply with data protection/security requirements to secure data resulting in inappropriate disclosure, loss or theft of sensitive data. |
Risk Owners: Executive Director Delivery |
|||||||||||||||||||||
Risk Rating (Likelihood x Impact) Unmitigated 3 x 4 Current Residual 3 x 3 Target Risk Score 2 x 3 Potential Impact Fines/penalties. Disruption to services. Failure to meet statutory duties. Removal of access to external databases and systems e.g. DWP |
|
Rationale for current score: The ICO follow up inspection of 2021 has been completed with no further comment on the compliance landscape. However, as the volume of sensitive data handled has increased, the opportunities and therefore the risks for breaches has also risen. This risk profile therefore has changed due to increase in quantum rather than lack of effectiveness of control Rationale for target risk score In addition to the financial risk, financial penalties are now very high and will be increasing further hence the Council will seek to minimise the risk of these being incurred.
|
||||||||||||||||||||
Current Actions (What we are currently doing about the risk) · Annual GDPR online training for all staff (95% target achieved for 2021/22) · The Information Management Group with new terms of reference and new membership is meeting regularly to review action plans, corporate lessons learnt and performance data · DPO / SIRO monitoring information security breaches for trends and systemic failures. Working with Information Management Group and reporting to CMT to report issues and roll out process changes. · Monitoring of Subject Access Requests is now a standard agenda item for the Information Management Group and Corporate Management Team. · Information Governance Leads have been identified and trained. Internal review has been completed and changes made following first year of operation. · The Information Asset Register is now complete and CMT have agreed how this will be maintained going forward · CMT have agreed how the Information Asset Register with fit into EDRMS which will provide the retention and destruction framework. · All teams have now migrated their data into the EDRMS (SharePoint) file structures so that all held data now has markers for sensitive data and had a retention schedule attached to it. · Security of data in personal folders has been increased by moving these to the cloud based One Drive with onward programme to see this in EDRMS. · Audit by the Information Commissioner’s Officer complete with no further comments. Action plan and process of continuous improvement now embedded in practise. |
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
|||||||||||||||||||||
Strategic Theme 1:Value for money Strategic Theme 2: Economic resilience Strategic Theme 3: Education and skills Strategic Theme 4: Caring for residents and their families Strategic Theme 5: A clean, green and responsibly sustainable place Strategic Theme 6: Communities |
||||||||||||||||||||||
Risk 9: The Council’s Business Continuity Management (BCM) fails to effectively deal with potential threats and risks. |
Risk Owners: Executive Director: Delivery |
|||||||||||||||||||||
Risk Rating (Likelihood x Impact) Unmitigated 4 x 5 Current Residual 3 x 4 Target Risk Score 2 x 3
Potential Impact · Lack of ability to respond in a coordinated manner during a Business Continuity event, particularly when affecting the whole Council over prolonged periods.# · Enforcement action under the Civil Contingencies Act 2004. · Reputational damage.
|
|
Rationale for current score: The risk remains significant because the improvement programme put in place is not completed as this has been overtaken by events with COVID-19 and planned actions have not yet been completed as originally intended. There will be a need to look at the new ways of working after recovery following COVID-19 as this may mean the new Business Continuity Plan that was due to be developed will be different to what was expected pre-Covid-19. There is also the potential impact of Brexit on service continuity e;g. the impact of the shortage of HGV drivers on delivery of necessary supplies.
Rationale for target score The Council has agreed that as minimum the level of improvement should take the Council to Low risk if not best practice.
|
||||||||||||||||||||
Current Actions (What we are currently doing about the risk) · Following the external review an action plan is now in place to ensure all service and corporate business continuity plans covering essential and critical functions are in place and robust.1 · Service Business Continuity Liaison Officers and Emergency Planning Liaison Officers have been identified to work with the Emergency Planning Unit · Business Impact Analysis Workshops and Drop-in Sessions have taken place. · Recovery Workshops have taken place. · A number of Service Plans are now in place and being reviewed. · The Service Plans which have not been completed are being targeted in order to complete the update of all plans. · From September 2021 the 3 year programme of exercising specific service plans and the corporate plans along with the annual light touch revision and 3 yearly review of the plans will be put in place.
|
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
|||||||||||||||||||||
Strategic Theme 1:Value for money Strategic Theme 2: Economic resilience Strategic Theme 3: Education and skills Strategic Theme 4: Caring for residents and their families Strategic Theme 5: A clean, green and responsibly sustainable place Strategic Theme 6: Communities |
||||||||||
Risk 10: Weaknesses in the internal control environment. |
Risk Owners: CMT/DMTs |
|||||||||
Risk Rating (Likelihood x Impact) Unmitigated 5 x 4 Current Residual 3 x 3 Target Risk Score 2 x 2 Potential Impact Increased potential for financial loss, fraud and safeguarding issues. Reputational damage. External sanction. |
|
Rationale for current score: Risk reducing as action taken is improving the control environment but more time is needed to ensure this is embedded effectively.
Rationale for target risk score Appetite is low is as ensuring that an effective control environment is in place is fundamental to ensuring the organisation’s objectives are met and is a statutory requirement under the Accounts and Audit Regulations.
|
||||||||
Current Actions (What we are currently doing about the risk) · Limited assurance audit reports monitored at DMTs. · Follow up audits of limited assurance areas being completed during 2020/21 · Regular review of reporting to CMT on impact of audit deferrals and outcomes on 20/21 audit opinion |
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
|||||||||
Strategic Theme 1:Value for money Strategic Theme 2: Economic resilience Strategic Theme 3: Education and skills Strategic Theme 4: Caring for residents and their families Strategic Theme 5: A clean, green and responsibly sustainable place Strategic Theme 6: Communities |
|||||
Risk 11: Council unable to deliver essential services and meet the needs of the community due to pressures from coronavirus on internal staff resources and external suppliers providing critical functions and increased demands for support arising from people and groups requiring support. |
Risk Owners: CMT |
||||
Risk Rating (Likelihood x Impact) Unmitigated 4 x 5 Current Residual 4 x 3 Target Risk Score 2 x 3
Potential Impact · Council unable to deliver statutory/ Covid functions effectively to all groups needing support · Reputational damage · Continued loss of income from some income generating services · Staff isolation Exposure to fraud, particularly in respect of administration of emergency Government financial support package · Council is not able to support the Test and Trace , functions and effectively manage Local outbreaks · Sustained increase in Hardship and welfare support requests |
|
Rationale for current score: The sustained prevalence of Covid within the Borough is placing strain on some council services particularly in relation to Hospital Capacity/discharge, Social Care, Education services remain under additional pressure and ongoing Covid responsibilities are drawing some resources away from some planned works and some business as usual which impacts on staffing and is creating backlogs in small areas of the Council. Rationale for target score During a flu pandemic the Council has a key role to play in ensuring that its existing and new essential services to the community are maintained and adapted as well as assisting with Government support initiatives.
|
|||
Current Actions (What we are currently doing about the risk) · Continuing to follow the advice of the Government the UK Health Security Agency (UKHSA) and the East Berkshire Health Protection Board · Coronavirus (COVID-19 ) CMT Gold Group meets once every two weeks to consider the potential impacts on staff, service provision and the wider Bracknell Forest community and coordinate the Council’s response and recovery. Task and Finish Groups set up to feed into the CMT Gold meeting, and aid effective decision making · Public Health Team and covid-19 policy team monitoring central government guidance and best practice · All departments tasked with enacting their Business Continuity Plans when required and adapting them to address the risk of COVID-19 where appropriate · Service areas working with key suppliers ensuring that they have put appropriate business continuity arrangements in place to avoid/mitigate the risk of disruption to critical services · Identifying and working with vulnerable groups/ individuals who may need additional support during the pandemic response · Communication with staff now taking place via teams, email and phone with a large proportion of staff continuing to work remotely (although office space is now available), weekly CX update, and bi-monthly all member briefing · Communication with staff advising them on actions to take if they suspect they have symptoms, testing, self isolation and the methods of recording this, so we have an accurate workforce picture. Those going to the workplace need to undertake testing before doing so. · The council is planning and delivering internal and external communication and engagement to encourage staff and wider population vaccine take up and to home test · Financial reporting changed to enable identification of any Covid-19 related spend, so that the impact is properly recorded and future claims of financial support from Government can be substantiated · IT capacity is under continual review · Many services are now delivering face to face work following appropriate risk assessment, with protective measures such as PPE, increased ventilation, enhanced hygiene). · Monitoring and supporting higher risk settings such as Schools and Care Homes · Staffing matters are being dealt with through an HR Grouping, with regular reporting of absence to CMT Gold · High-level community impact assessment complete and a Covid Resident’s Survey presented to the Executive. The community impact assessment was updated in June 21 and a second Covid Resident’s Survey has now concluded. · Participation in the Local Resilience Forum (when required) · Detailed verification checks introduced around payment of business support grants · Changes to contractual arrangements to provide additional financial support to suppliers include standard anti-fraud clauses, mirroring those adopted by Government · Wokingham BC internal audit team commissioned to review our approach to administering the small business grants, recognising the need to ensure adequate, proportionate anti-fraud measures are being adopted · Outbreak Management Cell has developed a Local Outbreak Management Plan to respond to and manage local outbreaks this has been signed off by the NHS and PHE · Work on recovery/renewal continues · Local contact tracing continues to identify those individuals who have tested positive and not been contacted by NHS Test and Trace. Self Isolation calls are also made to those who have indicated that they require additional support to self-isolate. · Public Health dashboard provides close to real time information on cases and outbreaks · Working with Health on the school and booster vaccination rollout particularly helping with Comms messaging. · Targeted Community Testing Programme focusses on disproportionality impacted groups and under-served communities · Business continuity measures being instigated in the health and care elements of the People department to cover staff shortages, spikes in demand and recruitment difficulties, alongside normal Winter Pressures. · Local Outbreak Engagement Board established and meeting Monthly
|
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
Strategic Theme 3: Education and skills |
|||||||||||||||||||||
Risk 12: Children’s Social Care demand and supply challenges related to the market for services and associated financial pressures |
Risk Owner: Executive Director: People |
||||||||||||||||||||
Risk Rating (Likelihood x Impact) Unmitigated 5 x 4 Current Residual 4 x 4 Target Risk Score 2 x 3 Potential Impact · Statutory responsibilities not met · Significant budget overspends resulting from increased costs of external placements · Harm to individual children who are not in suitably high quality placements · Adverse effect on staff morale · Adverse effect on external inspections / assessments
|
|
Rationale for current score: Risk is now higher due to greater pressure in the supply of places available resulting in difficulties in finding suitable placements for children.
Rationale for target risk score Appetite low due to impact on financial planning
|
|||||||||||||||||||
Current Actions (What we are currently doing about the risk) · Transformation programme focusing on developing in-house foster service · Regular performance monitoring and reporting to DMT, Children’s SMT and Transformation Board · Access to resource team in place to source best possible placements at cost and quality when in-house not available · Strong partnership relationships · Regular reporting to the Safeguarding Board and DMT · Demand increase has had additional resources · Transformation under Family Safeguarding Model has provided additional staff in two of the family safeguarding teams – aiming to reduce number of children who become looked after · Monitoring the data to assess for impact of Covid · Frameworks in place with South East local authorities for residential care, independent foster care and semi-independent accommodation seeking to influence market cost and quality · Access to Resources Team in place to secure VFM from placements |
Further Mitigation (what more should we do to reduce risk to our risk appetite level) and opportunities
|
||||||||||||||||||||
APPENDIX 3
RISK MATRIX
|
5 |
|
|
|
|
|
|
Likelihood: 5 Very High 4 High 3 Significant 2 Low 1 Almost Impossible
|
|
||||
|
4 |
|
|
|
|
|
|
|
|||||
LIKELIHOOD |
3 |
|
|
|
|
|
|
|
|||||
|
2 |
|
|
|
|
|
|
|
|||||
|
1 |
|
|
|
|
|
|
Impact: 5 Catastrophic 4 Critical 3 Major 2 Marginal 1 Negligible |
|
||||
|
|
1 |
2 |
3 |
4 |
5 |
|
|
|||||
|
|
|
IMPACT |
|
|
|
|
||||||
CRITERIA FOR ASSESSING LIKELIHOOD
PROBABLILTY |
SCORE |
DEFINITION |
Almost impossible |
1 |
Rare (0-5%).The risk will material only in exceptional circumstances. |
Low |
2 |
Unlikely (5-25%). This risk will probably not materialise. |
Significant |
3 |
Possible (25-75%). This risk might materialise at some tim |
High |
4 |
Likely (75-95%). This risk will probably materialise at least once. |
Very High |
5 |
Almost certain (>95%). This risk will materialise in most circumstances. |
CRITERIA FOR ASSESSING IMPACT
|
Negligible |
Minor |
Major |
Critical |
Catastrophic |
Score |
1 |
2 |
3 |
4 |
5 |
Disruption to established routines/operational delivery |
No interruption to service. Minor industrial disruption. |
Some disruption manageable by altered operational routine. |
Disruption to a number of operational areas within a location and possible flow to other locations. |
All operational areas of a location compromised. Other locations may be affected. |
Total system dysfunction. Total shutdown of operations |
Damage to reputation |
Minor adverse publicity in local media. |
Significant adverse publicity in local media. |
Significant adverse publicity in national media. |
Significant adverse publicity in national media. Senior management and/or elected Member dissatisfaction. |
Senior management and/or elected Member resignation/removal. |
Political |
Could have a major impact one departmental objective but no impact on a Council Medium Term Objective |
Could have a major impact one or more departmental objective but no impact on a Council Medium Term Objective |
Could have a major impact on a Departments objective with some impact on a Council Medium Term Objective |
Council severely impact the delivery of a Council Medium Term Objective |
Council would not be able to meet multiple Medium Term Objectives.
|
Security |
Non notifiable or reportable incident. |
Localised incident. No effect on operations. |
Localised incident. Significant effect on operations. |
Significant incident involving multiple locations. |
Extreme incident seriously affecting continuity of operations. |
Financial (Council as a whole/ single dept.) |
<1% of monthly budget |
>2% of monthly budget |
<5% of monthly budget |
<10% of monthly budget |
<15% of monthly budget |
General environmental and social impacts |
No lasting detrimental effect on the environment i.e. noise, fumes, odour, dust emissions, etc. of short term duration |
Short term detrimental effect on the environment or social impact i.e. significant discharge of pollutants in local neighbourhood. |
Serious local discharge of pollutants or source of community annoyance in general neighbourhood that will require remedial attention. |
Long term environmental or social impact e.g chronic and significant discharge of pollutants. |
Extensive detrimental long term impacts on the environment and community e.g catastrophic and/or extensive discharge of persistent hazardous pollutants. |
Corporate management |
Localised staff and management dissatisfaction. |
Broader staff and management dissatisfaction. |
Senior management and /or elected Member dissatisfaction. Likelihood of legal action. |
Senior management and/or elected Member dissatisfaction. Legal action. |
Senior management and/or elected Member resignation/removal. |
Operational management |
Staff and line management dissatisfaction with part of a local service area. |
Dissatisfaction disrupts service. |
Significant disruption to services. |
|
Resignation/removal of local management. |
Workplace health and safety |
Incident which does not result in lost time. |
Injury not resulting in lost time. |
Injury resulting in lost time. Compensatable injury. |
Serious injury /stress resulting in hospitalisation. |
Fatality (not natural causes) |
Legal |
Minor breach resulting in small fines and minor disruption for an short period |
Regulatory breach resulting in small fines and short term disruption for an short period |
Major regulatory breach resulting in major fines and short term disruption for an short period |
Severe regulatory breach resulting in severe fines and disruption for an extended period |
Very severe regulatory impact that threatens the strategic objectives of the Council |