Review of Corporate Risk Register - Scottish Fire and Rescue Service

Agenda
Item: 13
NOT PROTECTIVELY MARKED
Report to:
AUDIT AND RISK ASSURANCE COMMITTEE
Report Number: C/ARAC/08-15
Date:
4 MARCH 2015
Report By:
DIRECTOR OF FINANCE & CONTRACTUAL SERVICES
Subject:
REVIEW OF CORPORATE RISK REGISTER
1.
PURPOSE
1.1
The purpose of this report is to provide the Audit & Risk Assurance Committee with
an update on the Corporate Risk Register.
2.
RECOMMENDATIONS
2.1
The Committee is asked to note the contents of this report.
3.
BACKGROUND
3.1
The Audit and Risk Assurance Committee is responsible for advising the Board and
Accountable Officer on the arrangements for risk management and has oversight of
the Service’s Corporate Risk Register.
3.2
The Strategic Leadership Team have responsibility for the identification and
management of strategic risk and will ensure that the risk register presents a fair and
reasonable reflection of the most significant risks impacting upon the organisation.
The SLT will champion the importance of risk management in supporting the
achievement of the Service’s strategic aims and objectives.
3.3
A report was presented to the Audit and Risk Assurance Committee on 9th December
2014 asking the Committee to note the updates/changes made to the Corporate Risk
Register (CRR).
3.4
The CRR, which is integral to the risk management framework, is intended to provide
a profile and record of the significant risks facing the SFRS.
The CRR is now
supported through the development of Directorate and Project Risk Registers,
identifying the significant risks impacting upon each Directorate of the service.
04/03/2015-ARAC/Report/ReviewOf
CorporateRiskRegister
Page 1 of 5
Version: 1.0 25/02/2015
NOT PROTECTIVELY MARKED
4.
REVIEW OF 2014/15 CORPORATE RISK REGISTER
4.1
The September Committee Report detailed that the 2014/15 CRR would remain live
for 18 months, until 1st April 2016, and would be subject to quarterly reports to the
Audit & Risk Assurance Committee. Similar reporting would also be put in place for
Directorate Risk Registers.
4.2
The 2014/15 CRR currently identifies 15 Strategic Risks and Appendix 1 to this
report provides a copy of the Corporate Risk Register.
4.3
Each risk was assigned to a member of the SLT and these responsible officers have
each provided an update. The update has considered the current description and
assessment of the risk and reviewed the actions in place and those still to be
completed.
4.4
The risks have each been assessed based upon the controls currently in place at the
date of review. The service recognises that it cannot entirely eliminate risk from
service provision and that a residual level of risk will always remain. The purpose of
assessing the risk, based upon the current controls in place, is to ensure that we
understand the current potential likelihood and impact of the risk today and how this
can be managed going forward.
4.5
Following a review by each risk owner there have been no change to the risk ratings
following the last report. Whilst the risk ratings have not altered a number of the
Additional Management Actions have been completed and the register has been
updated to reflect this. Information on some of these actions has been outlined
below:
4.6
Corporate Risk 2 – there is a risk for SFRS where it fails to standardise and align
resources, taking account of national and local factors.
Action 1 in relation to a Specialist Resources report to the Board is complete with the
report forwarded to the meeting on 29 January 2015.
The reports aim was to
improve equity of access to fire and rescue resources and to deliver required
efficiencies across Scotland. The recommendations forwarded from the report will
ensure a more balanced disposition of specialist resources across Scotland, based
on risk and activity.
The approved recommendations will see some resources
increased where gaps have been identified and decreased where clear overlaps or
unnecessary overprovision exists.
4.7
Corporate Risk 6 – there is a risk to SFRS where it fails to meet performance targets
set within both the Strategic and the Annual Operating Plan.
A Senior Management Group comprising Heads of Functions, DACO’s and others
has been established to ensure that agreed corporate strategy is implemented
04/03/2015-ARAC/Report/ReviewOf
CorporateRiskRegister
Page 2 of 5
Version: 1.0 25/02/2015
NOT PROTECTIVELY MARKED
across the organisation.
This forum will also be used to measure performance
across sectors/LSO areas and to identify and learn from best practise.
In addition to this forum a Performance Improvement Group will meet monthly to
consider progress against actions detailed in the Annual Operating Plan and to
consider progress against actions identified thorough recommendations contained
within HMFSI reports and any recommendations from Audit Scotland or other
Auditors.
Progress against actions plans will be reported to the Audit & Risk
Assurance Committee and wider performance matters scrutinised through a new
Performance Sub-Committee.
4.8
Corporate Risk 8 – There is a risk to SFRS where it fails to attract and retain staff
with the appropriate skills.
The risk has 4 separate approved managed actions. Three of these actions remain
on target to achieve completion dates with the 4th action (Develop and implement a
plan to embed the SFRS working Together Framework) revised from April 2015 to
December 2015. An action plan has been develop to further embed the Working
Together Framework and work with trade unions is continuing to progress this action.
The revised date reflects delays experienced due to changes within the trade union
structure.
Action in relation to the implementation of a working structure is continuing with a
workforce plan and action plan produced and supported by a Workforce Planning
Forum.
In relation to the development of a succession planning model the
introduction of DACO’s, in support of Gold Command, will support succession
planning at a strategic level.
Separate work is being undertaken to develop a
projected retirement database which will be able to look ahead to anticipated
retirements to forecast and address potential skills gaps.
A change management team continues to support Directorates in relation to the
implementation
of
organisational
change
management
plans
and
regular
communications are published to ensure effective engagement with staff.
4.9
Corporate Risk 11 – There is a risk to SFRS where communication and engagement
with partners, both National and Local, fails to deliver on identified priorities.
The appointment of new DACO’s in the 3 SDA’s will support better engagement with
the 32 Local Authorities. A number of new LSO’s will also be appointed in February
and March and will enhance the engagement programme. SFRS are revising the
Service Delivery Engagement Loop to ensure it can maximise the value of our
engagement and the contribution of Board Members. This will be further discussed
at the Local & Stakeholder Engagement Committee in March 2015.
04/03/2015-ARAC/Report/ReviewOf
CorporateRiskRegister
Page 3 of 5
Version: 1.0 25/02/2015
NOT PROTECTIVELY MARKED
A new Business Engagement Forum Framework 2015-2018, a Business Plan and
Action Plan 2015-2016 have been developed and agreed by the group.
documents will go live as of 1
st
These
April 2015 and assist in strengthening the links
between SFRS and Scotland’s Business Community.
4.10
Corporate Risk 12 – There is a risk to SFRS where the Transformation Programme
fails to achieve its stated objectives.
Action 15 (develop and implement a SFRS ICT Technical Security Strategy) and
Action 24 (Develop and implement ICT Software Licence Management policies and
procedures) have both been removed from the register and incorporated within
Action 16 – Deliver all ICT projects, including capital and transitional projects within
the agreed programme.
Changes to actions and project delivery times are managed through the programme
office and Service Transformation Programme Board.
This will ensure that the
impact from any delay or change is mitigated and does not compromise the delivery
of the overall programme. Where a delay is significant this is highlighted to the
Transformation Committee so that effective scrutiny of the programme can take
place.
Particular attention is given to those projects that have been assessed
through the scrutiny value as a key project.
5.
PROPOSSED NEW CORPORATE RISK
5.1
Discussions with Board Members and Senior Officers have identified that the Firelink
Replacement Project is an area which should be considered further within the
Corporate Risk Register.
5.2
A draft risk profile is included within the attached risk register as Corporate Risk 16
for further discussion.
6.
MONITORING AND REVIEW
6.1
The 2014/15 CRR will be monitored over a period of 18 months with a new CRR
prepared for 1st April 2016, and annually thereafter.
6.2
Over this 18 month period, from September 2014, the CRR will be reported quarterly
to the SLT and the Audit & Risk Assurance Committee. Directorate Risk Register will
be submitted quarterly to the SLT for review.
7.
EMPLOYEE IMPLICATIONS
7.1
There are no employee implications directly associated with this report
04/03/2015-ARAC/Report/ReviewOf
CorporateRiskRegister
Page 4 of 5
Version: 1.0 25/02/2015
NOT PROTECTIVELY MARKED
8.
FINANCIAL IMPLICATIONS
8.1
There are no financial implications directly associated with this report.
9.
LEGAL IMPLICATIONS
9.1
There are no legal implications directly associated with this report.
SARAH O’DONNELL
DIRECTOR OF FINANCE & CONTRACTUAL SERVICES
4 March 2015
04/03/2015-ARAC/Report/ReviewOf
CorporateRiskRegister
Page 5 of 5
Version: 1.0 25/02/2015