ANNUAL REVIEW OF RISK MANAGEMENT ARRANGEMENTS
Since the financial year 2018/19 the annual turnover of Melton Parish Council has exceeded £200k. Therefore, the Council automatically meets the requirements for an intermediate level audit review by the External Auditor. For 2018/19, as part of that, the Council was required to provide the relevant minutes and agenda papers from the meeting at which the annual review of risk management arrangements during 2018/19 was discussed. Whilst that has not been a specific requirement in the years since, there is an expectation that the Council maintains an annual review of risk management arrangements, as implied by Assertion 5 of the Annual Governance Statement (see below). Councillors confirmed the assertions contained in the Annual Governance Statement for 2022/23 at the Annual General Meeting held on 10 May 2023 (see Minute MPC(23)56.02).
The annual review of risk management arrangements is expected to be an overview, demonstrating a culture of positive risk management across the Council, rather than evidence of individual risk assessments in place.
Assertion 5 in the Annual Governance Statement states that: “We carried out an assessment of the risks facing this authority and took appropriate steps to manage those risks, including the introduction of internal controls and/or external insurance cover where required.”
The Practitioners’ Guide (Governance and Accountability for Smaller Authorities in England) issued in March 2022, states that in order to warrant a positive response to that assertion, the authority needs to have the following arrangements in place:
1.31 Identifying and assessing risks — The authority needs to identify, assess and record risks associated with actions and decisions it has taken or considered taking during the year that could have financial or reputational consequences.
1.32 Addressing risks — Having identified, assessed and recorded the risks, the authority needs to address them by ensuring that appropriate measures are in place to mitigate and manage risk. This might include the introduction of internal controls and/or appropriate use of insurance cover.
It is accepted in a larger Council, that risk management may be primarily delegated to a Committee, in which case the minutes of a Committee should be available to Full Council, which in turn should have the latest summary of risk management arrangements as an Agenda paper to support the Annual Governance Statement response. Where such evidence is available, the auditor will accept a “Yes” response.
Within Melton Parish Council, responsibility for managing risk normally lies with Finance, Employment and Risk Management (FERM) Working Group but ultimately it lies with Full Council. All specific risks identified are recorded, assessed as High, Medium or Low risks; and actions for management / mitigation of those risks are identified and monitored on a regular basis until either they no longer exist, or the level of risk is reduced to a residual and manageable level. Emerging or potential risks are flagged up for monitoring as well. Reports on risk are provided both to FERM Committee and to Full Council, with the result that risk issues are always put before Members on a monthly rather than annual basis as required by the Practitioner’s Guide. Matters discussed by FERM are presented to Full Council for discussion where necessary and the minutes of Full Council are published on the Council’s website.
A separate risk matrix is kept under six monthly review for risks associated with data protection compliance.
The Practitioners’ Guide treats as identifiable risks many issues which it identifies as insurable, and in practice Melton addresses these separately by reviewing insurance cover and ensuring that it is up to date.
Full Council (as well as FERM) considers insurance issues at least annually when the renewal/payment is due, and additionally on major changes to income/assets such as the acquisition of additional land and property and/or increases in income due to eg. Community Infrastructure Levy (CIL) income.
Exposure to risk in relation to:
- Financial loss (in particular fraud/theft/fidelity guarantee matters)
- Damage to property via fire etc.
- Legal risks (in particular public liability)
- Reputational risks
- Loss of key staff
is addressed via having adequate comprehensive insurance in place, and, in relation to financial systems, an up to date set of financial regulations which are legally compliant and fit for the needs of the organisation, and its ways of working – which are continuously evolving – both with embracing new technology (eg internet banking) and doing new and additional activities (eg being a commercial landlord). Full Council reviews its Financial Regulations and Standing Orders at least annually and also receives an annual report setting out the Council’s Internal Control Policy.
The current position
Elsewhere on the Agenda for this meeting is to be found the updated Risk Register for June 2023. All the high and medium level risks identified have active strategies for mitigation/resolution, or where the risk is anticipated or contingent, the Register provides a focus for regular monitoring. Key risks over the last 12 months have related to the Pavilion Project, ASB, managing financial risks and the development of new staff. The Council has continued to risk assess all aspects of its activities to ensure as far as possible, both the health and safety of Councillors and staff, and users of its facilities. The next twelve months will see challenging times with the rapid rise in the cost of living. The Consumer Prices Index (CPI) rose by 7.8% in the 12 months to April 2023. The Council has raised the Precept for 2023/4 and has increased the Budget Risk EMR. In addition it reviews costs and finds savings where it can to mitigate some of these rises but careful budgeting will be required.
Melton Parish Council already adopts a comprehensive approach in relation to risk management. There is no reason to change these arrangements which have not attracted any negative comment from auditors. Indeed in paragraph 6.3 of the Internal Audit report dated 24 May 2023, it is stated that the Council demonstrates ‘good practice by having a standing agenda item at each meeting to formally consider risk issues.’ It is considered that Councillors are able to assert with complete honesty that:
- The Council both assesses all risks facing the Authority and takes appropriate steps to manage them, via a combination of management arrangements, internal controls and insurance
- It has in place appropriate robust mechanisms to identify new and potential risks
- It has a business strategy which aims to optimise and protect income and provide the most cost effective and efficient services to serve and protect its community via a combination of service contracts and direct labour.
Full Council is recommended to comment on this report, and either confirm the current approach to risk management, or with any additional steps added to strengthen further the arrangements already in place.
Clerk and Executive Officer to the Council