Risk management

Risk management arrangements have been put in place to enable us to identify and analyse significant risks and to ensure that the controls we put in place are effective, economic and proportionate to the risks they're designed to manage.

Our risk management framework includes:

  • a risk management methodology - this gives us a consistent approach to describing, analysing and scoring risks, so that risks from all areas can be assessed and prioritised relative to each other
  • a risk management system where we can create individual risk profiles and combine them together into risk registers. We can then link these to our action plans and performance measures, and manage and monitor them all in real time
  • a strategic risk register that brings together all of the most significant risks to the council, its objectives and priorities, and its service delivery
  • a hierarchy of departmental, service and project risk registers and an agreed means of escalating risks onto and between these different risk registers
  • an agreed timetable for monitoring and reporting risks to those responsible for managing the risks and taking decisions

We've adopted a neutral, rather than a negative, definition of risk as something that might prevent us from achieving our objectives.

We distinguish between:

  • strategic risks, which are risks to the council's medium to long-term objectives. Strategic risk management is a core responsibility for the executive
  • operational risks, which are those risks that officers encounter in their business planning and day-to-day service delivery
  • different categories of risk, such as political, economic, social, technological, legal, environmental and reputational

Our approach is to be risk aware rather than risk averse, aiming to take a balanced approach to risk and risk management. The important thing is to take an informed view about the risks we are faced with.

Risk management priorities

We've identified four strategic priorities for risk management:

  • to contribute to the council's governance arrangements
  • to contribute to the delivery of the council's corporate priorities
  • to integrate risk management into our business planning, service delivery and performance management
  • to contribute to successful partnerships and shared working arrangements by encouraging everyone we work with to adopt good risk management arrangements