Business risk team update

Report: 14
Date: 22 September 2006
By: Treasurer and Commissioner

Summary

A report on progress made by the MPS in the areas of corporate governance, business risk management, insurance management, and the personal insurance indemnity policy.

A. Recommendation

That

1. members note progress to end July 2006 on corporate governance, business risk management, and insurance management (Appendix 1);
2. note progress as captured by the Audit Commission / ALARM [1] risk management Key Performance Indicator (Appendix 2); and
3. agree that the Treasurer should write to the Association of Police Authorities asking for their support in seeking assistance from Central Government in relation to the Personal Insurance Indemnity Policy.

B. Supporting information

1. This report includes a report on activity since the previous update report (Appendix 1) and an update on progress made in relation to compliance with the Audit Commission / ALARM KPI as at end July 2006 (Appendix 2).

Corporate governance

2. As part of the continuing development of corporate governance within the MPS, a Key Internal Control Framework is to be launched in September 2006 following wide consultation within the Service and with input from the MPA.

3. There is a separate report on the Committee’s agenda on the CIPFA / SOLACE consultation – good governance in local Government. Additionally the Director of Risk Management is undertaking a high-level review of the CIPFA draft governance framework ‘Good Governance in Local Government: A Framework’ – issued for consultation in June 2006 – with the following:

• The Good Governance Standard for the Public Service (on which the CIPFA framework is based)
• The MPS’s approach to corporate governance.

4. It should be noted that, although the Commissioner was a member of the committee that produced the Good Governance Standard for the Public Service, there appears to have been no emergency services representation on the committee convened by CIPFA to prepare the local government version. One example of the significance of this is that the ‘dimensions of a local authority’s business’ – which underpin the CIPFA framework – require adjustment to ensure a framework suitable for a policing context.

5. A report on corporate governance will be submitted to Management Board (MB) in October 2006. This will:

• Propose a high-level corporate governance framework for the MPS based on the CIPFA framework but adjusted to ensure its suitability for us
• Advise on any gaps in corporate governance provision and make recommendations.

6. It is proposed to report to the Corporate Governance Committee’s December 2006 meeting on the outcome of the MB corporate governance report.

MPS business risk management maturity progress

7. Details were provided in the previous quarterly report of the MPS objective to attain maturity Level 5 (‘Baseline Standard’) business risk management by end March 2007. This followed the successful attainment of Level 4 (‘Moving Towards Integration’) by end March 2006.

8. Although there has been some minor slippage in relation to the engagement programme of visits by members of the Business Risk Management Team (BRMT) to all Operational Command Units, we remain on schedule to achieve Level 5 by the self-imposed deadline although as stated previously this is a major challenge. The engagement programme visits should now be completed by end September 2006 (one month’s slippage).

9. It should be noted that BRMT have been requested to provide enhanced support to the Met Modernisation Programme. Although the extent and nature of the support has yet to be agreed, it may encompass the following:

Risk management framework review

• Reviewing MMP risk management strategy, refreshing as necessary and communicating changes
• Reviewing MMP risk management process, refreshing as necessary and communicating changes
• Reviewing the MMP risk register, refreshing as necessary
• Reviewing risk mitigation plans as necessary

Ongoing support for the MMP

• Supporting maintenance and management of MMP risk register
• Contributing towards monthly executive information reports
• Training and coaching of MMP/project personnel.

10. For this and other reasons, it will be necessary for the team to reprioritise and/or reschedule existing risk management programme tasks.

Business continuity management

11. It was previously reported that BRMT are working together with the CO3 Business Continuity Team towards the joint objective of achieving Level 4 business continuity management by end March 2007. We remain on target to achieve this objective by the deadline.

Corporate risk register

12. Members may recall from the previous report that Management Board (MB) had said that the Corporate Risk Register did not yet seem to capture the right group of issues. The Director of Strategy, Modernisation and Performance was tasked to undertake further work on the register to identify the key risks to the Service. Extensive work has been undertaken with the Business Groups culminating in a report on corporate risk management to the September MB meeting dealing with both the register and the underlying process, as well as linking to the environmental scanning function.

13. The Director of Risk Management developed proposals for a new approach to maintaining the register that were approved by the Deputy Commissioner. The Deputy has written to his Management Board colleagues, and other key players, requesting support for the process.

14. Whilst Management Board have yet to agree to a detailed corporate risk management framework they have instead tasked the Director of Risk Management – supported by the Commander, Strategic Planning, Risk & Transition and Director of Strategy, Modernisation & Performance - to develop a set of proposals for such a framework, seek agreement from a Deputy Assistant Commissioner (or equivalent police staff post) representative of each Business Group, and refer the proposals back to MB for final approval.

15. To inform the development of the MPS corporate risk management framework research is being undertaken into the corporate risk management processes of various major public sector entities including Most Similar Forces.

16. In addition, the MPS is convening a Corporate Risk Review Group comprising of the DACs and senior staff equivalents, and chaired by the Director of Strategy, Modernisation & Performance. This group will, inter alia, review the forthcoming corporate risk management framework proposals.

Audit Commission/ALARM key performance indicator

17. An update to the Audit Commission / ALARM risk management Key Performance Indicator (KPI) at end July 2006 is at Appendix 2. Virtually all areas of the KPI are now ‘green’. Whilst to a considerable extent this reflects successful activity to mainstream risk management within the MPS, it also reflects inadequacies within the KPI itself. It is necessary to enhance the KPI to enable it to monitor the quality of the risk management process.

18. Work on the national risk management framework for the police force continues. The framework will include an approach to measuring the quality of the risk management process. Any proposed enhancements to the Audit Commission / ALARM KPI will be discussed and agreed with the Audit Commission, who have now been invited by the ALARM Policing Sector Group to work with it on the development of the national framework.

Insurance management

19. The priority task in the area of insurance is the process leading up to the renewal of the MPA/MPS insurance programme in October 2006. Although the main insurance policies are subject to long term agreements (expiring October 2007 and 2008), we are seeking to negotiate improvements in terms and conditions with the holding insurers wherever possible (via the insurance brokers, Willis). The renewal process is on track to achieve a successful renewal.

Personal insurance indemnity policy

20. Appendix 1 includes an update on developments in relation to the MPA Personal Insurance Indemnity Policy (PIIP). The PIIP does not apply to ‘unaffordable events’ (events that involve mass claims exceeding the Authority’s self-insurance limits) and hence we remain unable to provide full reassurance to personnel engaged in high-risk activities that they and their families will not be adversely affected by the invalidation of their own personal insurances. In the light of the continuing absence of such an indemnity, despite the MPS’s efforts to date, the Treasurer has agreed to write to the Association of Police Authorities asking for their support in seeking assistance from Central Government in relation to catastrophic PIIP events.

21. The solution of choice to the issue of unaffordability is for Central Government to be requested to provide a ‘top-up’ indemnity/contingent liability of last resort for each entity that arranges a PIIP, sitting above self-insured indemnities.

C. Race and equality impact

The MPS business risk management process requires diversity risks and impacts to be identified and managed, enhancing the ability of the MPS to respond to the diversity imperative.

D. Financial implications

All work undertaken by BRMT is funded from existing budgets. Interventions to reduce risk exposures identified as a result of the deployment of the business risk management process may have financial implications.

E. Background papers

None

F. Contact details

Report author: Nick Chown, Director of Risk Management, MPS.

For information contact:

MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18

Appendix 1

Progress report – June 2006

This report covers the three areas where the Business Risk Management Team (BRMT) provides the MPS with a professional lead i.e. corporate governance, business risk management and insurance management. It also includes sections on the Outsourcing Programme, where support is provided in relation to risk management and insurance, and the development of national risk management standards for the police service.

Business risk management

1) Statement on Internal Control (SIC) - All milestone dates relating to the preparation of the 2005/6 MPS SIC have been met. The 2005/06 MPS SIC was approved by the Commissioner and submitted to the MPA to inform the published MPA SIC.

Quarterly updates on the 2005/6 SIC Action Plan for the next 12 months will be submitted to the MPA Corporate Governance Committee.

The 2006/07 SIC development process will be fully joined up with the new Key Internal Control Framework to be launched in September 2006, the SIC being the annual report on the effectiveness of the key MPS internal controls.

2) Corporate, Business Group and (B)OCU risk registers – All Business Groups and most OCUs now have risk registers. BRMT expect to complete phase 1 of the engagement programme of business risk management presentations to all OCUs by end September (slippage of one month against the projected completion date). The general response has been very positive and the significant increase in the number of completed risk registers is testament to the success of the engagement programme. It will be necessary to maintain direct involvement with OCUs to ensure that the risk registers become part of “business as usual” and that the process is a sustainable one.

A report on the refreshed corporate risk register and emerging risks was considered by Management Board at their May 2006 awayday. MB required further work to be done on the corporate risk register to ensure that the risks continue to reflect the most important issues faced by the Service.

Following agreement with the Deputy Commissioner, the register of corporate risks will be rejuvenated using the following process:

• Business group risk registers, being worked up following completion of the OCU registers, are to inform a new MPS Corporate Risk Register;
• We will not lose sight of those risks within the current Corporate Risk Register that still require attention;
• The DACs or equivalent senior police staff, including the business managers, to act as a conduit/filter to members of Management Board.

Whilst Management Board have yet to agree to a detailed corporate risk management framework they have instead tasked the Director of Risk Management – supported by the Commander, Strategic Planning, Risk & Transition and Director of Strategy, Modernisation & Performance - to develop a set of proposals for such a framework, seek agreement from a Deputy Assistant Commissioner (or equivalent police staff post) representative of each Business Group, and refer the proposals back to MB for final approval.

To inform the proposals research is being undertaken into the corporate risk management processes adopted by a range of major public sector entities including MSF forces.

In addition, the MPS is convening a Corporate Risk Review Group comprising of the DACs and senior staff equivalents, and chaired by the Director of Strategy, Modernisation & Performance. The draft terms of reference for this group are as follows:

“Time limited remit (the aim is to have proposals ready for MB in November 2006)

• To assist the Director of Strategy, Modernisation and Performance, Commander, Strategic Planning, Risk & Transition and Director of Risk Management with the task to initiate a discussion with MB members on Corporate Risk Management
• To review the results of research on the Corporate Risk Management processes that exist in other organisations who manage similar risks to the MPS

Ongoing remit

• To act as a conduit and filter between the Business Group Business Risk Registers and the Corporate Risk Register on behalf of Management Board members
• To review emerging business risks, identifying those that require consideration by Management Board
• To review the ongoing management of corporate risks as determined by Management Board
• To review new proposals for mainstreaming business risk management submitted by the Director of Risk Management from time to time.”

3) Business risk management awareness/training rollout – The ‘business as usual’ roll-out of risk management training continues. A major development is the agreement to train a cadre of senior police officers (superintendents and chief inspectors) across all business groups to assist the mainstreaming of risk management across the Service. We aim to have completed the training of these officers by end March 2007.

4) Business Risk Management Standard Operating Procedure (BRM SOP) – Following agreement to the new process for managing corporate risks, the BRM SOP will be amended appropriately. The next review of the SOP will be carried out in June 2007.

5) Risk management ‘bow-ties’ – BRMT have introduced to the MPS a new format for profiling risks called the risk management ‘bow-tie’. This is a simple but effective one-page risk profiling format capturing the risk, its causes, its consequences, and the measures to mitigate both causes and consequences. The bow-tie approach has already been used to prepare strategic assessments of risks such as implementation of National Centre for Policing Excellence doctrine (Management of Police Information and Safer Detention), rape allegations, non-sanction detections, and a major policing operation. It has been very well received wherever it has been used. It will now be used for the reporting of individual corporate risks to Management Board.

Personal Insurance Indemnity Policy

6) Personal insurance invalidation indemnity policy (PIIP) – In January 2006 Finance Committee approved the indemnity for a further 12 months. Various enhancements to the policy were approved by the Committee and it was also noted that the formatting of the policy and its associated Standard Operating Procedure would be reviewed. Since the Committee met BRMT has redrafted the policy and SOP in conjunction with Accident Claims Branch and this is currently at version 5 status, with final comments awaited from the external legal advisors, Bircham Dyson and Bell. All amendments agreed by Finance Committee have been incorporated in the latest version.

It may be recalled that the MPA indemnity excludes ‘unaffordable events’ (events that involve mass claims that exceed the Authority’s self-insurance limits). This principle will apply to all other forces that introduce similar indemnities. The MPS is continuing to work towards the objective of a Central Government indemnity in relation to events that are unaffordable to an individual police authority, brigade or ambulance service. ACPO have yet to receive a positive response from Ministers to the issue of a Central Government indemnity. The Director of Risk Management is liaising with the MPA Treasurer regarding a further approach to Ministers via the Association of Police Authorities. BRMT and Accident Claims Branch continue to promote and make presentations on the PIIP as well as receiving and responding to requests for advice and guidance on personal insurance indemnities from various of the other forces.

Insurance Management

7) Insurance programme renewal – Further renewal meetings have taken place and all renewal information has now been supplied to Willis who will be approaching the insurance market to gather renewal terms.

8) Business interruption (BI) and IT reviews – Both of these projects have been completed and will help clarify some issues for the property insurance and inform the property renewal discussions as to the level and type of insurance cover that the MPA should purchase, with some options to be scoped at renewal. The MPS has complied with all the terms laid down by the property underwriters following last year’s renewal and the Jubilee House claim.

9) Self-insurance fund development – The final version of the risk funding report from the external risk funding expert has been provided and incorporates various changes requested at a meeting held in July 2006. This exercise has confirmed that existing provisions for self-insured losses and claims are essentially adequate on the basis both of accounting and insurance industry standard analytical techniques. This report provides a beneficial external check as to the adequacy of funds.

10) MPS insurance and compensation claim budgets – Work is still underway to develop a scheme of devolved insurance and compensation claim budgets. By ensuring that an element of costs is borne by the area of the business giving rise to the costs we aim to encourage preventative risk management. In line with insurance principles, the corporate centre will retain responsibility for costs above an agreed sum. A pilot exercise in five OCUs is due to commence in late summer 2006. There are strong links with the Prevention Roadshows being planned by the Directorate of Professional Standards (DPS), which also aim to empower personnel across the Service with information to help identify trends and take appropriate action. We are therefore working together with DPS on a joint initiative covering both areas of activity.

11) Other insurance matters – Progress on the Willis survey recommendations of six key locations continues as does the quarterly meetings held with property underwriters. The underwriters have confirmed that the current annual survey programme may move to every 2 years. This is a reflection of the increased confidence insurers have in our property risk management. Accident Claims Support staff now carry out house keeping ‘spot checks’ on the top MPS locations to assist in maintaining high standards of housekeeping and to report any deficiencies to the appropriate persons.

Outsourcing Programme Support (Risk Management and Insurance)

12) Outsourcing programme – BRMT continue to support the Outsourcing Programme with advice and guidance on risk and insurance matters, subcontracting specialist insurance work to Willis. This ensures that contracts and specifications include robust insurance provisions.

A key activity for BRMT during August is to provide input to the Facilities Management Services tender evaluation process (reviewing risk management content).

Corporate Governance

13) MPS Key Internal Control Framework – The Director of Risk Management was tasked to develop a Key Internal Control Framework (initially described as a corporate governance framework) for the MPS based on personal accountabilities. During the development process input to the framework has been received from the Chair of the MPA Corporate Governance Committee, MPA Treasurer, and MPA Director of Internal Audit in addition to many key players within the Service. Following approval by Management Board of the direction of travel the framework is to be launched in September 2006.

The Director of Risk Management is undertaking a high-level comparison of the CIPFA draft governance framework ‘Good Governance in Local Government: A Framework’ – issued for consultation in June 2006 – with the following:

• The Good Governance Standard for the Public Service (on which the CIPFA framework is based)
• The MPS’s approach to corporate governance.

Although the Commissioner was a member of the committee that produced the Good Governance Standard for the Public Service, there appears to have been no emergency services representation on the committee convened by CIPFA to prepare the local government framework. One example of the significance of this is that the “dimensions of a local authority’s business” – which underpin the CIPFA framework – require adjustment to ensure an approach suitable in a policing context.

A report on corporate governance will be submitted to MB in October 2006. This will:

• Propose a high-level corporate governance framework for the MPS based on the CIPFA framework but adjusted to ensure its suitability for us
• Advise on any gaps in corporate governance provision and make recommendations.

It is proposed to report to the Corporate Governance Committee’s December 2006 meeting on the outcome of the MB corporate governance report.

Development of National Risk Management Standards for the Police Service

14) Work with National Centre for Policing Excellence (NCPE) – Work continues on the various national risk management tasks. One of the two Senior Risk Management Advisers commenced a part-time 20-week attachment to NCPE on 1 June 2006. Her work focuses on the development of a modular approach to risk management for use in connection with future NCPE doctrine. NCPE are also now involved with the ALARM Policing Sector Group in connection with the development of the national risk management framework.

15) National business risk management framework for the police service - The ALARM Policing Sector Group are continuing to work on a national standard for risk management in the police service with pro bono assistance from PricewaterhouseCoopers. Version 2 of the outline framework was published in June 2006. Further work will be undertaken at the group’s meeting on 23 August 2006. As stated above, NCPE are now participating in the development activity. The Audit Commission has been invited to participate. The group will shortly issue an invitation to Her Majesty’s Inspectorate of Constabulary.

Send an e-mail linking to this page

Feedback