Corporate Risk Team update

Report: 12
Date: 17 October 2005
By: Treasurer and Commissioner

Summary

This is a report on progress made by the Metropolitan Police Service (MPS) Corporate Risk team in the areas where it provides a professional lead for the MPS:

• Business risk management
• Insurance management.

The Corporate Risk business continuity team transferred to Central Operations in April 2005. Corporate Risk took on a formal role in supporting continuous improvement of MPS corporate governance from September 2005.

A. Recommendation

That

1. the progress report for the first half of the 2005/06 financial year be noted; and
2. that the first quarterly report on MPS corporate risks be submitted to the committee in December 2005.

B. Supporting information

1. Since the previous update report on activity by the MPS Corporate Risk team, Management Board has transferred responsibility for business continuity management to Central Operations. This transfer reflected the close fit between business continuity and the then new command’s contingency planning and London Resilience liaison responsibilities. The transfer also enables the Corporate Risk team to exercise oversight of business continuity risks, which is the role that it has in relation to other MPS corporate risks.

2. In September 2005, it was agreed that Corporate Risk would assume a formal role in supporting continuous improvement of MPS corporate governance. This is a logical development, as Corporate Risk is responsible for the MPS Statement on Internal Control that will drive the work of the MPS Corporate Governance Strategic Committee (CGSC). The Director of Risk Management is secretary to CGSC (formerly the Quality, Performance and Risk Management Group) so the new remit represents an extension of an existing role.

3. The Corporate Risk team has recently been restructured to better enable it to discharge its responsibilities. The team now consists of three experienced business risk managers, and a senior police officer who will take the lead in seeking wider engagement with the business risk management process – including the further development of risk registers and action plans.

4. This report includes the following appendices:

1. Appendix 1 - Report on activity since previous update report;
2. Appendix 2 - Draft update of Audit Commission/ALARM risk management Key Performance Indicators (KPIs) as at end September 2005;
3. Appendix 3 – Visual representation of MPS risk management process;
4. Appendix 4 – Revised Corporate Risk ‘What we do’ statement reflecting the changes in respect of business continuity and corporate governance.

Deployment of Risk Registers

5. The Service is deploying business risk registers at Corporate, Business Group and Borough Operational Command Unit (BOCU)/Department level as part of the implementation of a top-down (senior management direction) and bottom-up (escalation of risks) approach to embedding business risk management within the management process.

6. At this stage the deployment is patchy, as would be expected with a new initiative involving a ‘new’ technique. However, the additional resource at his disposal enables the Director of Risk Management to put together an extensive programme of visits to command team and Senior Management Team (SMT) personnel with the objective of improving buy-in to the risk register/action planning process.

7. Corporate Risk are revising the current Business Risk Management Standard Operating Procedure and will deploy the new, improved version alongside an Microsoft Excel risk register spreadsheet in advance of the next planning round.

Deployment of Statement on Internal Control

8. The Accounts and Audit Regulations 2003 require the Metropolitan Police Authority (MPA), and by extension, the MPS, to have a “sound system of internal control including risk management” and to conduct an annual review of its system of internal control, preparing a statement of its findings for publication.

9. For 2003-04, the MPA submitted an interim Statement under transitional arrangements. The Corporate Risk team has led the development of an MPS Statement for 2004/05, signed off on behalf of the Commissioner in support of the Statement in the annual accounts.

10. The MPS Statement focuses on areas of risk control critical to future service delivery and hence inherently adds value as a continuous improvement tool. A programme of activity over the next six months to review, and where necessary improve, the control environment has been developed as part of a longer term approach to assurance and continuous improvement.

11. Significant additional emphasis has now been given to the Statement on Internal Control and the issue has been highlighted in the covering report on the draft accounts at the July meeting of this Committee. It is, however, important to continue the momentum now achieved and it will now be appropriate to report separately on this issue to Members in July 2006 as well as including the Statement in the draft accounts.

Linking Risk Registers and Internal Control Statement

12. The Service’s risk registers support the annual preparation of its Statement on Internal Control, and both registers and Statement will be embedded within the Integrated Planning Process at Management Board request. The process underlying the Statement will enable the MPS to identify key controls and thus to focus scarce resource where it will provide best value.

13. The visual representation of the MPS risk management process at Appendix 3 demonstrates the links between risk registers, internal controls, the Statement on Internal Control, inspection, risk reporting and internal auditing.

Refreshing and enlivening the Corporate Risk Register

14. Management Board has agreed to receive quarterly corporate risk reports. These reports will be based on a quarterly feed into the Corporate Risk Register and a process for ensuring that a risk mitigation strategy for each corporate risk is deployed, monitored and reported.

15. Following a review of corporate risks in the light of the new MPS corporate strategy, Service Review recommendations and the new corporate change programme, a report on corporate risks will be submitted to Management Board in November 2005 and to MPA Corporate Governance Committee (CGC) in December 2005.

16. A simple but structured process for refreshing the corporate risk register will be deployed in time for the next and subsequent quarterly corporate risk reports to Management Board and MPA CGC.

Miscellaneous

17. The committee may also wish to note the following:

• HM Inspector of Constabulary, Denis O’Connor, in his review of the current policing structure in England and Wales – ‘Closing the gap’ - recommends that “the MPS ‘risk management model’ be considered by the National Centre for Policing Excellence with a view to developing and agreeing a common risk assessment process to be used nationally”.
• The Corporate Risk team were highly commended in the 2005 Strategic Risk Magazine Risk Management Awards in the category of Best Approach to Risk Management in the Public Sector [1];
• The Director of Risk Management has inaugurated a Policing Sector Group under the auspices of the National Forum for Risk Management in the Public Sector and was elected chair for the first 12 months;

List of abbreviations

MPA

Metropolitan Police Authority

MPS

Metropolitan Police Service

BOCU

Borough Operational Command Unit

CGSC

Corporate Governance Strategic Committee

KPI

Key Performance Indicator

NIM

National Intelligence Model

C. Race and equality impact

Managing risks to achievement of race and equality objectives will support performance in this critical area. The MPS Business Risk Management Standard Operating Procedure requires that consideration be given to specific diversity risks and to the diversity impacts of all other risks.

D. Financial implications

All current activity is being undertaken from existing budgets. Interventions to reduce identified risk exposures may have financial implications.

E. Background papers

None

F. Contact details

Report author: Nick Chown, Director of Risk Management.

For information contact:

MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18

Appendix 1

Progress report - October 2005

This report covers the two areas where the team currently provides the Service with a professional lead – business risk management and insurance management - together with a section on the Outsourcing Programme where support is provided in relation to both areas.

Business risk management

1) Statement on Internal Control – It was decided to prepare a separate MPS Statement on Internal Control (SOIC) on behalf of the Commissioner to support the published Statement. This sets out clearly the respective responsibilities of the Commissioner and Director of Risk Management. The Statement was finalised and submitted to the Authority by the due date and was duly integrated into an overall Authority SOIC. Work is proceeding in respect of a programme of risk and control assurance activity linked to the ‘key control areas’ identified and referred to in the Statement.

2) (B)OCU and Business Group risk registers – A significant number of risk registers have now been developed at (B)OCU and Business Group level to complement the existing Corporate Risk Register. However, much work is still needed to ensure that all Units are engaged with the risk register process. To that end the Corporate Risk team’s Superintendent and one of the team’s professional risk managers (newly recruited from Cambridgeshire Constabulary where she was their risk manager) are working on an extensive programme of visits to command team and SMT members across the Service.

3) Corporate Risk Register - The refreshed Corporate Risk Register will be reviewed in the light of the corporate strategy, Service Review findings, and new corporate change programme and a report submitted to Management Board in November. It has therefore been agreed with the Treasurer to submit the first report on MPS corporate risks to MPA Corporate Governance Committee in December 2005.

4) NIM and business risk – Although the National Intelligence Model (NIM) Programme Board agreed to a proposal to embed business risk management within the National Intelligence Model, and draft business risk enhancements to the NIM Code of Practice and Minimum Standards, prepared by the Corporate Risk team, had been shared with SCD9 (NIM team), it has subsequently been decided that there are advantages in embedding both NIM and business risk alongside each other within an Integrated Planning Process. Corporate Risk is working with the Interim Head of Corporate Planning and others to embed business risk in planning.

5) Business risk management awareness/training rollout – The Corporate Risk team continue to deploy risk management training sessions. The addition of the two risk professionals in support of the Director has enabled the team to bring training delivered by an external provider in-house. The non-renewal of the external training contract in October 2005 has led to a substantial annual cost saving and will also result in improved delivery quality.

6) Teamstat (formerly COMSTAT) – We have worked with colleagues to consider linking business risk management with Teamstat. In view of the operational focus of Teamstat meetings, we are now seeking an alternative method of ensuring that the management of business risk is the subject of personal performance management. The approach decided upon will form part of a revised Business Risk Management Standard Operating Procedure to be issued in advance of the next round of forward planning.

7) Business Risk Management Standard Operating Procedure – The team are working on improvements to the current Standard Operating Procedure in the light of lessons learned from the initial introduction of risk registers across the Service. An MS Excel spreadsheet tool with macros to automate as much of the process of preparing a risk register as possible and embedded context sensitive help will be rolled-out with the new Standard Operating Procedure.

8) Risk registers and Freedom of Information Act – In view of the risks to the public of business risk registers being placed in the public domain, we have agreed with the Head of Information Management that all registers will be placed in the MPS Freedom of Information Act Non-Disclosure Log. In discussion with ACPO, it has been agreed that risk registers will not be included in the list of documents to be published [2] to minimise the risk of dangerous precedents being created by other forces publishing registers.

Insurance management

9) Insurance invalidation indemnity policy – Following approval by Management Board and MPA Finance Committee the policy has been published together with a detailed Standard Operating Procedure. Awareness sessions have been delivered by Corporate Risk in conjunction with the Head of Accident Claims in the Directorate of Professional Standards. No problems have been experienced since the indemnity became operational [3]. The approach has been shared with the other forces and there are signs that a number are now making progress with their own similar indemnities. We are continuing to work with the London Fire Brigade, London Ambulance Service, British Transport Police and City of London Police towards the submission of a request to Central Government for an indemnity for unaffordable events. To that end a draft submission has been shared with the interested parties. At the request of the Office of the Deputy Prime Minister, a background briefing was provided on this matter in advance of a meeting between the Deputy Prime Minister and the Association of British Insurers.

10) Insurance programme renewal – All policies have been renewed with cost savings in some areas funding increases in others. The main (primary) property insurance policy showed a slight increase in premium due to new locations being added and increases in the property portfolio sum insured although a new 3 year long term agreement will produce a 10% discount. There was a further cost saving on the excess property layers. The liability insurances have been renewed at the expiring premiums despite recent terrorist events putting pressure on perceived MPS/MPA risks and increased wage-roll figures of 8% (insurers calculate these premiums on the basis of wage-roll). The motor and contractors all risks insurances have essentially been renewed at expiring premiums.

The provision of triangulations (an insurance company claims experience formatting technique) for the first time and the continuing relationship building exercise with insurers has greatly increased the MPS/MPA profile in the insurance market and increased underwriter confidence in the way in which we do business.

11) Business interruption insurance review – Willis (the MPA’s external insurance advisors) have been commissioned to complete this review and are currently obtaining information from Property Services.

12) Self-insurance fund development – The first draft of a report in respect of a detailed actuarial analysis of the liability elements of the self-insurance fund carried out by Hollandbury Limited (specialists commissioned by Corporate Risk) has been submitted and is being reviewed before circulation to those concerned. This work will aid future insurance renewals by assisting the understanding of the risk in the current level of self-insurance and would help identify the level of reserves necessary should the MPA ever consider earmarking reserves for liability risks.

13) Outside bodies – We have reissued the notice on the insurance implications of Met personnel taking roles on external bodies.

Business risk and insurance support

14) Outsourcing programme – Corporate Risk continue to support the Outsourcing Programme with advice and guidance on risk and insurance matters, subcontracting specialist insurance work to Willis. This will ensure that the contracts and specifications include robust insurance provisions. The responsibility for the provision of advice and guidance on business continuity matters now rests with the Central Operations Business Continuity Team.

Appendix 4

Corporate Risk Team

'What we do’

The Corporate Risk Team in the Deputy Commissioners Command provides a professional lead for the Service in three key areas:

• Corporate governance
• Risk management
• Insurance management.

We work together with internal and external colleagues for a safer London by:

Corporate governance

• Raising awareness and understanding of corporate governance matters across the organisation
• Supporting the Director of Strategic Development in the embedding and continuous improvement of good governance

Risk management

• Raising awareness and understanding of risk and risk management matters across the organisation
• Supporting the Commander, Strategic Planning, Risk & Transition in the embedding of risk management within management processes
• Exercising oversight of corporate risks

Insurance management

• Supporting the MPA Treasurer in the design and implementation of a robust insurance programme in conjunction with the insurance brokers, Willis.

Corporate Governance

There are legal requirements associated with corporate governance including the requirement on the MPA for an annual Statement on Internal Control (the MPA require a similar annual statement on behalf of the MPS from the Commissioner).

The Corporate Governance Strategic Committee (CGSC) owns policies relating to the various elements of corporate governance and exercises oversight over governance matters and ongoing continuous improvement of governance. The Statement on Internal Control priorities inform the CGSC’s agenda.

The Director of Risk Management provides the day-to-day professional lead on corporate governance matters and acts as Secretary to the CGSC.

The Director of Risk Management reports to the Director of Strategic Development (Management Board member).

The Assistant Director of Risk Management, deputising for the Director, leads on the Statement on Internal Control.

Risk Management

This is a legal requirement but also good business practice.

The Corporate Governance Strategic Committee owns the risk management policy and exercises oversight over the work of mainstreaming risk management.

The Director of Risk Management, assisted by the Assistant Director, provides the professional lead on risk management matters including a lead to the local risk management facilitators [4].

The Director of Risk Management reports to the Commander, Strategic Planning, Risk & Transition.

The Corporate Risk Team Superintendent leads on securing engagement of OCU commanders.

A Senior Risk Management Adviser leads on securing engagement of support unit heads.

Insurance

There is no legal requirement for the Authority to insure but, to protect its financial position, it arranges an insurance programme. This involves the MPA paying (self-insuring) the majority of claims, with insurers only paying the very largest claims.

As almost all property and liability claims are self-insured, the need for a strong focus on the management of insurable risks is reinforced.

The MPA/MPS Insurance Group, chaired by the Treasurer (and in his absence by the Director or Assistant Director of Risk Management) exercises oversight of insurance matters.

The Assistant Director of Risk Management provides the day-to-day professional lead on insurance matters as deputy to the Director with the Head of Accident Claims in the Directorate of Professional Standards and his team as the practitioners.

The Director of Risk Management reports to the MPA Treasurer.

Specialist risk areas

This includes health and safety, security (physical, personnel and information) and business continuity, each of which has a separate head of profession.

The Corporate Risk Team’s role is to work alongside the specialist risk teams to ensure that corporate risks in these areas are given appropriate focus within the Service’s overall focus on business risk, and to consider ‘integration’ issues.

The Director and Assistant Director of Risk Management sit on various related committees (e.g. Resilience & Business Continuity Board and Strategic Health & Safety Committee).

Outsourcing

The Corporate Risk Team provides risk management and insurance support to the Outsourcing Programme delivering second-generation outsourcing contracts (ICT, pay and pensions, property services and transport). Some specialist insurance work is sub-contracted by the Corporate Risk Team to the MPA insurance brokers.
 

Send an e-mail linking to this page

Feedback