You are in:

Contents

Report 10 of the 12 June 2008 meeting of the Corporate Governance Committee report on progress made by the MPS in the areas where the Business Risk Management Team (BRMT) provide a professional lead for the Service

Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).

See the MOPC website for further information.

Business risk management team update

Report:10
Date: 12 June 2008
By: the Treasurer and Commissioner

Summary

This is a further report on progress made by the MPS in the areas where the Business Risk Management Team (BRMT) provide a professional lead for the Service i.e. business risk management and insurance management.

A. Recommendation

That

1. Members note progress to end April 2008 on business risk management and insurance management;

2. note progress on the measurement of MPS risk management; and

3. note that BRMT received the StrategicRISK ‘European Risk Management Team of the Year’ award for 2008.

B. Supporting information

1. This report includes a detailed report on activity by the team since the previous update report (Appendix 1).

Measuring MPS business risk management performance

2. The suite of corporate health indicators was deployed from 1 April 2008 including four risk management and internal control performance measures:

  • Percentage of (B)OCUs/departments with a risk register (and action plan) conforming to standard operating procedure
  • Percentage of (B)OCUs and departments with a tested business continuity plan conforming to standard operating procedure
  • Percentage of accepted Internal Audit high-risk recommendations discharged within the agreed timeframe
  • Internal Audit annual average assurance score on internal control environment.

3. No further risk measures are required at this juncture, however, the measures will be reviewed upon publication in due course of the refreshed Audit Commission / ALARM risk management key performance indicators.

MPS corporate risk management

4. The review of the current Corporate Risk Register (CRR), the process of reporting the top MPS corporate business risks to MB and the MPA, and the associated governance arrangements began with benchmarking visits to the other members of the GLA Group. To bring a private sector perspective into play we met with the then Head of Risk Management at Rolls Royce, choosing this company as – perhaps surprisingly – they face similar cultural issues to the MPS. We also reviewed the list of top public sector risks compiled by this Committee’s co-opted risk management adviser, Linda Duncan. We compared these risks with those in the current CRR and the Business Group risk registers.

5. The preparatory work set out above led to the development of a ‘straw man’ risk register that was presented to the April meeting of the Corporate Risk Review Group (CRRG). The MPA Treasurer attended this meeting. CRRG were also asked to consider associated governance arrangements including arrangements for reporting risks to MB and the MPA. CRRG approved the direction of travel in all respects. The proposals were then discussed with the Director of Resources who provided a directional steer.

6. Immediately prior to the May CRRG meeting the Director of Strategy and Improvement and Director of Risk Management met with the London Fire Brigade’s Assistant Commissioner responsible for Strategy and Risk (AC Nick Collins) to learn lessons from the Brigade’s recent (successful) submission of a similar set of proposals to their board. AC Collins’s advice was discussed at CRRG and a way forward approved by the committee. The Director of Risk Management was charged with preparing proposals for the Director of Resources based on the committee’s discussions. A draft of the proposals is to be considered by the members of the committee off line prior to their submission to the Director of Resources.

7. During the period under review, Management Board agreed to make some changes to the position of corporate risk and insurance management work within the MPS as a result of a review of the Strategy, Modernisation and Performance Directorate, which previously had responsibility for these topics. As part of an approach to embedding risk management across the organisation whilst establishing a robust framework and procedures for the identification, evaluation, monitoring and management of risks, Management Board decided that primary responsibility for operational advice and compliance for risk and insurance management should move to Finance Services within Resources Directorate, where it will sit comfortably with related work on corporate governance and sharing good practice. The Director of Business Performance will have responsibility for corporate risk management planning and co-ordination within the newly established Strategy and Improvement Department.

Review of MPS risk management process

8. The review of the rest of the current MPS approach to management of strategic business risks against the requirements of the British Standards Institution Code of Practice for Risk Management and national police service framework (reflecting the agreed recommendations from the internal audit of MPS risk management) will be a priority task for the new strategic risk management lead in Strategy and Improvement. The publication date for the new Code of Practice has been put back to October 2008.

Internal Audit of MPS risk management

9. A management response to the internal audit of MPS risk management has been submitted to Internal Audit following approval of the response by the Director of Resources and Director of Strategy and Improvement. Some actions have already been taken. All other agreed recommendations have been embedded in BRMT forward planning for 2008/09 (see below).

Insurance management

10. The renewal of the insurance programme for 2008 continues with meetings and a strategy (together with OJEU compliance) to reflect the full tender of the property, contractors all risks and excess layer liability programme.

11. Heath Lambert Group took over from Willis as the MPA insurance broker with effect from 1 April 2008. A formal handover meeting and associated activity has ensured a smooth transition to the new brokers. Careful oversight of the new brokers’ performance is a priority task for the MPS's insurance lead. Vetting of numerous staff in Heath Lambert continues.

12. Insurance advice in procured contracts (including THR) continues as does the insurance aspects of the four sports clubs.

Business risk management forward planning

13. The following programme of work for 2008/09 will be embedded within the Annual Assurance Statement action plan for risk management.

  • Development of (B)OCU level maturity model
  • Review and refresh of risk management strategy and policy
  • Review of application of Enterprise Wide Risk Management principles
  • End to end review of DPS led reputation risk management process
  • Formal quarterly reviews of Business Group progress in mainstreaming business risk management and Business Group risk registers
  • Quality assuring of (B)OCU risk registers by Business Groups on the basis of a quality assurance checklist
  • Various enhancements to the business risk management standard operating procedure and training programme
  • Development of a guide to Control Risk Self Assessment undertaken in support of the Annual Assurance Statement.

Insurance management forward planning

14. Key tasks for the coming financial year relating to insurance management are:

  • Bedding down of new insurance broking contract
  • Main property insurance renewal (October 2008)
  • Embedding of good insurance practice in procurement contracts
  • Engagement with Boroughs
  • Insurance in partnership arrangements.

Strategic risk European risk management awards 2008

15. BRMT received the ‘European Risk Management Team of the Year’ award at the recent StrategicRISK European Risk Management Awards. The MPS approach to strategic business risk management and its risk management training programme were both highly commended.

C. Race and equality impact

The MPS business risk management process requires diversity risks and impacts to be identified and managed, enhancing the ability of the MPS to respond to the diversity imperative.

D. Financial implications

All work undertaken by BRMT is funded from existing budgets. Interventions to reduce risk exposures identified as a result of the deployment of the business risk management process may have financial implications.

E. Background papers

None

F. Contact details

Report author: Nick Chown, Director of Risk Management, MPS

For information contact:

MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18

Appendix 1

 Progress report - end April 2008

This report covers the areas where the Business Risk Management Team (BRMT) provide a professional lead for the MPS - business risk management and insurance management – and various associated matters.

Business Risk Management

1. Corporate Risk ManagementThe review of the current Corporate Risk Register (CRR), the process of reporting the top MPS corporate business risks to MB and the MPA, and the associated governance arrangements began with benchmarking visits to the other members of the GLA Group and we also met with the then Head of Risk Management at Rolls Royce, choosing this company as – perhaps surprisingly – they face similar cultural issues to the MPS. We reviewed the list of top public sector risks compiled by this Committee’s co-opted risk management adviser, Linda Duncan. These risks were compared with the current CRR and the Business Group risk registers.

This preparatory work led to the development of a ‘straw man’ risk register that was presented to the April Corporate Risk Review Group (CRRG). The MPA Treasurer attended this meeting. CRRG were also asked to consider associated governance arrangements including arrangements for reporting risks to MB and the MPA. CRRG approved the direction of travel in all respects. The proposals were then discussed with the Director of Resources who provided a directional steer.

Immediately prior to May CRRG the Director of Strategy and Improvement and Director of Risk Management met with the London Fire Brigade’s Assistant Commissioner responsible for Strategy and Risk (AC Nick Collins) to learn lessons from the Brigade’s recent (successful) submission of a similar set of proposals to their board. AC Collins’s advice was discussed at CRRG and a way forward approved by the committee. The Director of Risk Management was charged with preparing proposals for the Director of Resources based on the committee’s discussions. A draft set of proposals has been shared with the members of the committee and other key players. No adverse comments have been received.

The ‘straw man’ register has been converted into ‘heat map’ form for presentation to MB, reflecting further input from the Director of Resources. The Director of Strategy and Improvement subsequently tasked the Director of Risk Management to bring the new register and governance proposals together in a board report by end June.

2. Business Risk Co-ordinators’ Forum
This forum was created to support the Business Group Business Risk Leads in their task of mainstreaming business risk management within their parts of the business, and to provide business risk management practitioner support for CRRG. The Forum has been chaired by the Director of Risk Management.

A meeting of the Forum was held recently to seek to complete the tasks on its action plan prior to the transfer of BRMT into the Resources Directorate, the tasks being:

  • Review of the forum’s terms of reference
  • Preparation of a risk register information management protocol
  • Preparation of a risk management health indicator admin protocol.

The terms of reference were generally considered fit for purpose however, various relatively minor amendments and additions were agreed. The document has been revised accordingly. Draft information management and health indicator protocols were considered by the meeting. Here again, they were considered generally fit for purpose and agreed by the group subject to minor amendments. The terms of reference and protocols now require approval by the parent group, CRRG.

3. Business Case Improvement
BRMT continues to work with the Investment Board support team to further improve the risk analysis content of business case guidance.

4. Business Risk Management Training
Three senior officer courses were run during April with a total of 23 delegates. The course and risk management tools and techniques were well received. Further courses are scheduled for the next quarter.

87 delegates were trained in six Introduction to Business Risk Management courses from October to March. Over 90% of delegates rated the course good or excellent in terms of the objectives met, personal benefit, overall satisfaction, course structure, materials and handouts and trainers.

Project/Programme Risk Management: A bespoke course was run for the Emerald and Herald Project Office Staff, a master class in risk management for Olympic staff and a training course for Olympic Members.

The National School of Government ran a three-day Office of Government Commerce Management of Risk (MoR) course in-house for the MPS in March. 11 delegates attended this course (nine from SM&PD, the Olympics Security Directorate risk management adviser and one SCD colleague. All concerned passed the MoR end of course Foundation exam.

5. Borough Risk Workshops
Workshops have been carried out with SMTs at Islington and Croydon Boroughs and the Five Borough Alliance Information Strand. The largest problem area still appears to be TPHQ being seen as a blocker rather than an enabler by Borough Commanders.

Meetings with Borough Commanders at Lambeth and Harrow have led to appointments for butterfly strategic analysis workshops around major projects being carried out on each Borough.

6. Olympic Programme
BRMT continues to support the Olympics Security Directorate including close support and mentoring of the Directorate’s risk management adviser.

7. Other Risk Management Support
The team continues to support the following areas of activity (amongst others):

  • Improving Policing Information Programme
  • CO3 Business Continuity Team
  • Corporate Manslaughter Working Group
  • Performance Directorate (non sanctioned detections)
  • The Five Borough alliance (information sharing strand).

8. Miscellaneous Support
We continue to support to the Investment Board Appraisal Panel, reviewing all Business Cases considered by the panel and providing advice and guidance to the panel on risk related matters. We are represented on the Corporate Strategic Assessment (CSA) Steering Group, business risk being one of the key inputs to the CSA. We are also involved with the Corporate Governance Co-ordination Group and the Reputation Risk Management System. Further work has taken place with the corporate centre business planning and benefits management teams.

9. ‘Risk Managers Together’ initiative
There have been no developments to report on the possible development of an MPS operational risk assessment register. The group has offered its full support to Cmdr Sawyer and stands ready to assist if required to do so.

10. Partnership risk management
The BRMT developed procedure for managing risks in a partnership context has been shared with key players and developments are awaited.

11. Reputation Risk Management System
Corporate Risk Review Group (CRRG) has approved the submission to MB of a recommendation to merge itself with the Diamond Risk Management Committee (DRMC). This approach will further integrate reputation risk management into the overall MPS risk management framework and avoid the need for two sets of monthly risk meetings. The Chair of the DRMC (Cmdr Osborne) is now a member of CRRG, has participated in the group’s debate, and approves the way forward.

Following discussion with Cmdr Osborne, it is understood that he agrees with BRMT that an end-to-end review of the Reputation Risk Management System should form part of the overall review of the MPS risk management framework.

Insurance Management

12. Personal insurance invalidation indemnity policy (PIIP)
Following discussions with the Director of Resources, Director of Strategy and Improvement, and the MPA Treasurer, the Director of Risk Management has written to the Home Office requesting a ‘mass claims’ indemnity in relation to the MPA PIIP. At the Treasurer’s request, the Director of Risk Management has also drafted a letter for the APA to consider sending to the Home Office regarding a similar indemnity for all Home Office forces. The draft letter is currently under review by the Treasurer.

13. Insurance programme
The renewal of the insurance programme for 2008 continues with meetings and a strategy (together with OJEU compliance activity) to reflect the full tender of the property, contractors all risks and excess layer liability programme.

14. Insurance Broker Tender
Heath Lambert Group took over from Willis as the MPA insurance broker with effect from 1 April 2008. A formal handover meeting and associated activity has ensured a smooth transition to the new brokers. Careful oversight of the new brokers’ performance is a priority task for the MPS’s insurance lead. Vetting of numerous Heath Lambert staff continues.

15. Procurement
The team continues to provide insurance advice in relation to procured contracts (including THR) and to advise on the insurance aspects of the sports clubs.

16. Miscellaneous
The insurance team (currently part of Directorate of Legal Services) is in the process of being transferred to Exchequer Services (Directorate of Resources). A report was submitted to the MPS Strategic S&H Committee on general housekeeping issues. Discussions continue with the GLA on insurance implications of a pandemic. The merger of Accident Claims Branch with Legal Services is on track. Discussions over recharging to British Airports Authority of the airside liability premium continues.

Outsourcing Programme Support (Risk Management and Insurance)

17. Outsourcing programme
We continue to support the Outsourcing Programme with advice and guidance on risk and insurance matters, subcontracting specialist insurance work.

Development of National Risk Management Standards

18. Work with National Policing Improvement Agency (NPIA)
There has been no work with NPIA during the reporting period.

19. ALARM / Audit Commission risk management KPIs
An excellent response has been received from ALARM members to an invitation to join the new KPI group. There are volunteers from a wide cross-section of the public service. The process for taking the group forward is to be considered at a joint workshop with the parent Benchmarking Group on 19/20 May.

Criminal Justice System

20. Criminal Justice System Risk Forum
No developments since the previous report. The forum has considerable potential to introduce an end-to –end process perspective on operational risk across the CJS but requires high-level support from each of the parties involved to get off the ground.

Send an e-mail linking to this page

Feedback