ANNUAL REVIEW OF RISK MANAGEMENT ARRANGEMENTS
Since the financial year 2018/19 the annual turnover of Melton Parish Council has exceeded £200k. As a consequence, the Council automatically meets the requirements for an intermediate level audit review by the External Auditor. For 2018/19, as part of that, the Council was required to provide the relevant minutes and agenda papers from the meeting at which the annual review of risk management arrangements during 2018/19 was discussed. Whilst that has not been a specific requirement in the years since, there is an expectation that the Council maintains an annual review of risk management arrangements, as implied by Assertion 5 of the Annual Governance Statement (see below). Councillors confirmed the assertions contained in the Annual Governance Statement for 2020/21 at the Annual General Meeting held on 5 May 2021 (see Minute MPC(21)52.02).
The annual review of risk management arrangements is expected to be an overview, demonstrating a culture of positive risk management across the Council, rather than evidence of individual risk assessments in place.
Assertion 5 in the Annual Governance Statement states that: “We carried out an assessment of the risks facing this authority and took appropriate steps to manage those risks, including the introduction of internal controls and/or external insurance cover where required.”
The Practitioners’ Guide (Governance and Accountability for Smaller Authorities in England) issued in March 2021, states that in order to warrant a positive response to that assertion, the authority needs to have the following arrangements in place:
1.31 Identifying and assessing risks — The authority needs to identify, assess and record risks associated with actions and decisions it has taken or considered taking during the year that could have financial or reputational consequences.
1.32 Addressing risks — Having identified, assessed and recorded the risks, the authority needs to address them by ensuring that appropriate measures are in place to mitigate and manage risk. This might include the introduction of internal controls and/or appropriate use of insurance cover.
It is accepted in a larger Council, that risk management may be primarily delegated to a Committee, in which case the minutes of that Committee should be available to Full Council, which in turn should have the latest summary of risk management arrangements as an Agenda paper to support the Annual Governance Statement response. Where such evidence is available, the auditor will accept a “Yes” response.
Within Melton Parish Council, responsibility for managing risk normally lies with Finance, Employment and Risk Management (FERM) Committee. All specific risks identified are recorded, assessed as High, Medium or Low risks; and actions for management / mitigation of those risks are identified and monitored on a regular basis until either they no longer exist, or the level of risk is reduced to a residual and manageable level. Emerging or potential risks are flagged up for monitoring as well. Reports on risk are provided both to FERM Committee and to Full Council, with the result that risk issues are always put before Members on a monthly rather than annual basis as required by the Practitioner’s Guide. Minutes of FERM Committee are always made available to Full Council and published on the Council’s website.
A separate risk matrix is kept under six monthly review for risks associated with data protection compliance.
The Practitioners’ Guide treats as identifiable risks many issues which it identifies as insurable, and in practice Melton addresses these separately by reviewing insurance cover and ensuring that it is up to date.
Full Council (as well as FERM Committee) considers insurance issues at least annually when the renewal/payment is due, and additionally on major changes to income/assets such as the acquisition of additional land and property and/or increases in income due to eg. Community Infrastructure Levy (CIL) income.
Exposure to risk in relation to:
- Financial loss (in particular fraud/theft/fidelity guarantee matters)
- Damage to property via fire etc.
- Legal risks (in particular public liability)
- Reputational risks
- Loss of key staff
is addressed via having adequate comprehensive insurance in place, and, in relation to financial systems, an up to date set of financial regulations which are legally compliant and fit for the needs of the organisation, and its ways of working – which are continuously evolving – both with embracing new technology (eg internet banking) and doing new and additional activities (eg being a commercial landlord). Full Council reviews its Financial Regulations and Standing Orders at least annually and also receives an annual report setting out the Council’s Internal Control Policy.
The current position
Elsewhere on the Agenda for this meeting is to be found the updated Risk Register for June 2022. All the high and medium level risks identified have active strategies for mitigation/resolution, or where the risk is anticipated or contingent, the Register provides a focus for regular monitoring. Key risks over the last 12 months have related to the impact of Covid-19, the Pavilion Project, ASB, managing financial risks and the retirement of the previous Clerk and employment of new staff. As the country emerges from lockdown and into a new “normal” state, the Council has continued to risk assess all aspects of its activities to ensure as far as possible, both the health and safety of Councillors and staff, and users of its facilities, as well as remaining fully compliant with changing Government requirements and guidelines. The next twelve months will see challenging times with the rapid rise in the cost of living. The Consumer Prices Index (CPI) rose by 9.0% in the 12 months to April 2022, up from 7.0% in March. On a monthly basis, CPI rose by 2.5% in April 2022, compared with a rise of 0.6% in April 2021. The Council is reviewing costs and finding savings where it can to mitigate some of these rises but careful budgeting will be required.
Melton Parish Council already adopts a comprehensive approach in relation to risk management. There is no reason to change these arrangements which have not attracted any negative comment from auditors. Indeed in paragraph 6.3 of the Internal Audit report dated 26 May 2022, it is stated that the Council demonstrates good practice by reviewing risks monthly. It is considered that Councillors are able to assert with complete honesty that:
- The Council both assesses all risks facing the Authority and takes appropriate steps to manage them, via a combination of management arrangements, internal controls and insurance
- It has in place appropriate robust mechanisms to identify new and potential risks
- It has a business strategy which aims to optimise and protect income and provide the most cost effective and efficient services to serve and protect its community via a combination of service contracts and direct labour.
Full Council is recommended to comment on this report, and either confirm the current approach to risk management, or with any additional steps added to strengthen further the arrangements already in place.
Clerk and Executive Officer to the Council
9th June 2022