Corporate risk management group update

Report: 8
Date: 08 April 2005
By: Treasurer and Commissioner

Summary

This report is the first quarterly progress report on activity led by the MPS Corporate Risk Management Group in the three areas where it provides a professional lead for the Service:

• Business risk management
• Business continuity management
• Insurance management.

A. Recommendation

That members note the progress report for the final quarter of 2004/05 and the key achievements planned for 2005/06.

B. Supporting information

1. It is proposed to submit a quarterly report to the Committee on the progress made by Corporate Risk Management Group (CRMG). The report will also include progress in developing insurance solutions and on the management of insured risks (to achieve cost savings and to support the marketing of the insurance programme).

2. It is also proposed to submit to the final meeting of the Committee in each financial year an annual report of the projected key achievements for the following year in the areas for which CRMG has the lead.

3. This paper includes the following appendices:

• Appendix 1 - Report on activity during final quarter of 2004/05;
• Appendix 2 - Report on the CRMG work programme for 2004/05;
• Appendix 3 - Draft update of Audit Commission/ALARM risk management key performance indicator as at end March 2005;
• Appendix 4 - Provisional listing of key achievements planned for 2005/06 (subject to necessary MPA/MPS approvals).

4. It should be noted that the key performance indicator shows the expected position at end March 2005 this report having been prepared on 14 March. I confidently expect the final position to be as reported.

C. Race and equality impact

None provided.

D. Financial implications

None provided.

E. Background papers

None

F. Contact details

Report author: Nick Chown, Director of Risk Management, MPS.

For information contact:

MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18

Appendix 1

Progress report - March 2005

This report is sub-divided into the three areas where the team provides the Service with a professional lead together with a section on external activity.

Business risk management

1) Risk registers – The (B)OCU risk registers are due on 1 April, with Business Group registers on 1 May. We shall refresh the Corporate Risk Register alongside the work on the Statement on Internal Control. A risk register already received is being quality assured for compliance with the Standard Operating Procedure and for general fitness for purpose.

2) NIM and business risk – At a meeting earlier this month the NIM Programme Board agreed to parent the working group being set up by CRMG to take this forward. Draft business risk enhancements to the NIM Code of Practice and Minimum Standards, prepared by CRMG, has been shared with SCD9 (NIM team) prior to formal consideration by the working group.

3) Business risk management awareness/training rollout – The final roll-out training session was delivered this week. Lessons learned from the roll-out have been identified and reviewed by the Risk Management Programme Board. [The sessions are targeted at local ‘risk management facilitators’. Increasing demand for training from SMT members reflects increasing awareness of the need for business risk management. This is particularly encouraging. Whilst training for the Quality Assurance Officers who provide the majority of the facilitators is on hold pending the completion of a review of the QAO function, in view of the relatively early development of business risk management it is considered essential to maintain the risk training. CRMG is therefore taking steps to maintain the delivery of the training.]

4) Teamstat (formerly COMSTAT) – We are working with colleagues to link business risk management with Teamstat. The aim is to embed business risk within the process underlying the six-weekly performance management meetings (B)OCU commanders have with their line managers.

5) Risk registers and Freedom of Information Act – In view of the risks to the public of business risk registers being placed in the public domain, we have agreed with the Head of Information Management that all registers will be placed in the MPS Freedom of Information Act Non-Disclosure Log.

6) Statements on Internal Control – An approach to deploying the necessary assurance to facilitate the preparation of the MPS’s 2004/05 Statement is in deployment following approval by the Risk Management Programme Board and Corporate Governance Strategic Committee. A working group has been set up to facilitate this. An interim progress report will be submitted to the MPA Corporate Governance Committee on 8 April.

Insurance management

7) Insurance invalidation indemnity policy – We have finalised the Standard Operating Procedure and are putting the final touches to the arrangements prior to officially ‘launching’ the policy in April. This will be a low key launch in view of the nature of the policy. Briefing sessions will be offered to SCD and SO since the policy responds to issues arising from covert duties.

8) Insurance invalidation indemnity policy exclusion – The policy excludes terrorism situations in view of the catastrophe potential. A central government indemnity is needed to fill this ‘gap’. With sponsorship from DAC Peter Clarke, we are arranging a meeting at AC level with London Ambulance Service and London Fire and Emergency Planning Authority with a view to securing agreement to a multi-agency approach to ministers.

9) Insurance register – The register has been published (minus details of an insurance subject to a confidentiality agreement with insurers).

10) Business interruption insurance review – Work ongoing to check adequacy of existing insurance coverage for ‘increased cost of working’ in the event of a major fire or other insured incident involving our premises. The review is on track to enable a report to be issued on 31 March.

11) G8 summit accommodation contract review – CRMG reviewed this contract, to which the MPA are a party, from an insurance perspective.

12) Self-insurance process development – We are due to meet with the MPA, DPS, and DLS to agree areas for intervention.

13) Outside bodies – We are doing the ground-work to enable the reissue of the notice on insurance implications of Met personnel taking roles on external bodies.

Business continuity management

14) Operation Reassemble – This is the programme of electrical testing at New Scotland Yard. CRMG are quality assuring the contingency plans of affected OCUs / departments.

15) Business Continuity High Risk Self Review – All returns have been received and analysed. Where a business continuity plan fails to meet the ACSO approved 90% pass mark I have written personally to the OCU commander / department head. The team are working with those concerned with a view to bringing their plans up to the minimum required level.

Business risk, business continuity and insurance

16) Outsourcing programme –CRMG continue to work alongside Willis to ensure that the contracts and specifications appropriately reflect the need for resilience and business continuity, and to finalise insurance requirements.

External

17) National stance on external publication of risk registers – Sir Ian Blair wrote to the President of ACPO on this issue at CRMG’s request. We are now working with the ACPO national FOIA team (Hampshire Police).

18) Invitation to chair external group – I have accepted an invitation from the Chief Executive of the National Forum for Risk Management in the Public Sector (ALARM) to chair their new policing sector group. This will be open to all risk managers across the 43 forces.

19) Articles – Our article on the external publication of risk registers in light of the Freedom of Information Act appeared in ALARM Matters this month. Later this month an introductory piece on business risk management, jointly authored with the ALARM Chair, will feature in Policing Today.

20) Riot Damages Act – Current position is that potentially very heavy financial liabilities are uninsured. This is a national issue. CRMG have suggested, and are arranging, a joint meeting with the Association of Police Authorities and Association of British Insurers to seek an insurance solution.

Appendix 4

Key achievements planned for 2005/06

1. Corporate Risk Management Group (CRMG) has the lead responsibility for Risk Management, Business Continuity Management and Insurance. Although the following projected key achievements are provisional, they are considered unlikely to differ significantly from the list to be finalised in early March.

2. Business Risk Management - key achievements planned for 2005/06 are:

• Statement on Internal Control (SIC) – The Accounts and Audit Regulations, 2003 require the Commissioner to sign off a statement setting out the effectiveness of the MPS’s system of internal control and risk management. The organisation needs to get used to a proactive approach to identifying risk exposures and control weaknesses. A first draft Statement is required by 15 June 05.
• Risk registers – Continued deployment of risk registers to better enable the Service to understand its key risks, and underpin the SIC. We aim to quality assure registers for robustness on a dip sample basis.
• National Intelligence Model embedding – Business risk management should be part of existing process. We will be working with the NIM team to set NIM minimum standards for managing business risk. We will develop standards that could be adopted as national standards.
• Teamstat (formerly COMSTAT) – We are working with colleagues to link business risk management with Teamstat. The aim is to embed business risk within the process underlying the six-weekly performance management meetings (B)OCU commanders have with their line managers.
• National Competency Framework – We aim to embed consideration of risk management within the National Competency Framework as deployed within the MPS.
• ACPO Risk Management Group – We aim to convince ACPO to set up a risk management group to consider matters of national importance. This could be a vehicle for influencing HMIC and Audit Commission.
• Partnership risk management – We aim to develop tools and techniques for managing risk in a partnership context including information sharing.
• Project risk management – We aim to work with Internal Consultancy Group and Corporate Change Co-ordination to further develop the Service’s ability to manage change risks.
• Outsourcing Programme support – We will continue to ensure that the outsourcing contracts reflect MPS risk management strategy.

3. Business Continuity Management - key achievements planned for 05/06 are:

• OCUs that failed to achieve the 90% pass mark in the 04/05 High Risk Self Review – ACSO has expressed concern about failure to achieve the pass mark. We will take appropriate remedial action.
• Civil Contingencies Act – Business continuity planning is now a statutory requirement for emergencies services. The Act introduces requirements for Community Risk Registers and multi-agency planning. We aim to support the Service with practical advice in these areas.
• Business Continuity plans (BCPs) – Currently units are required to produce plans for time-critical functions only. We will ensure that all units produce plans to an appropriate level, proportionate to criticality.
• Review of BCPs for senior officers’ private offices [1] – We shall review the BCPs for private offices and ensure they are fit for purpose.
• Operation Re-assemble – We will continue to support the New Scotland Yard electrical testing project (to meet statutory health and safety requirements). This presents an opportunity to check the BCPs of units within NSY and ensure they are fit for purpose.
• BCP High Risk Self Review – Review, refresh and relaunch.

4. Insurance - key achievements planned for the next 12 months are:

• Successful insurance renewal – We will provide the professional lead1 in renewing the insurance programme to achieve best value coverage.
• Self-insurance fund project – A project to restructure the MPA’s self-insurance arrangements to follow insurance company methodology i.e. management of insured risks and claims to achieve cost savings.
• Survey programme – Agree survey programme for main locations.

Send an e-mail linking to this page

Feedback