Contents
Report 10 of the 15 June 2007 meeting of the Corporate Governance Committee and outlines the progress made by the MPS in the areas of corporate governance, business risk management and insurance management.
Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).
See the MOPC website for further information.
Business Risk Management Team update
Report: 10
Date: 15 June 2007
By: Treasurer and Commissioner
Summary
A report on progress made by the MPS in the areas of corporate governance, business risk management and insurance management.
A. Recommendation
That
- members note progress to end April 2007 on corporate governance, business risk management, and insurance management; and
- note progress as captured by the Audit Commission / ALARM risk management Key Performance Indicator.
B. Supporting information
1. This paper includes a report on activity since the previous update report (Appendix 1) and an update on progress made in relation to compliance with the Audit Commission / ALARM [1] KPI as at end April 2007 (Appendix 2).
Corporate governance
2. The next step in the process of developing an overarching MPS corporate governance framework, as required by CIPFA and the MPA, is the preparation of a policy framework by the Treasurer. However, this is dependent on the publication of the policing version of the new CIPFA/SOLACE governance framework that is not expected to be available until later this year.
3. Work on preparing the 2006/07 MPS Statement on Internal Control is progressing well. At the time of writing (mid-May) the approval of the Director of Strategy, Modernisation and Performance has been obtained to a draft statement, which will shortly be submitted to the Commissioner via the Deputy Commissioner. A draft has been shared with the Deputy Treasurer.
MPS business risk management maturity progress including progress on corporate risk management
4. As stated earlier, the development of good practice corporate risk management in the MPS is both a critical, and challenging, element of the programme for achieving Level 5 (“Minimum Standard”) business risk management. In the previous update report Members were advised of some major developments including the decision to establish the Corporate Risk Review Group (CRRG) as a corporate business risks conduit and filter on behalf of Management Board, and acceptance by the MPA Chief Executive of an invitation to join CRRG. The group has met four times and is developing into its role well. Its agreed terms of reference are at Appendix 3 [2]. The group has tasked the Director of Risk Management to develop an overarching framework for the management of corporate business risks.
5. Progress on matters reported to Members previously is as follows:
- In response to being tasked by the Deputy Commissioner to clarify the MPA’s requirements for the management of corporate business risks, the Director of Strategy, Modernisation & Performance has met with the MPA Chair and the Chair of the Corporate Governance Committee. The future direction of travel for MPS business risk management will at all times reflect the importance that the MPA attach to it as a critical element of corporate governance.
- In response to being tasked by the Deputy Commissioner to outline to him the processes they have in place to ensure the robust identification and management of corporate business risks in their areas of the business, the heads of the Business Groups have each submitted details of their processes to the Deputy and Director of Risk Management.
- The Director of Risk Management has reviewed the responses from the Business Groups referred to at (b) above in the light of good practice and has provided the Deputy with a composite view of the processes. After provision of advice by the Director of Risk Management to two Business Groups, their processes were re-submitted. It can now be confirmed that all the Business Group risk management processes as set out within the responses are fit for purpose. Although there are some differences between the processes, these reflect the diversity of the business and will not affect the ability of the MPS to identify and manage corporate business risks in a connected manner. Work remains to be done to deploy some elements of the Business Group processes. The Corporate Risk Review Group will monitor outstanding deployment activity.
6. The process for escalating corporate risks from business groups to Management Board (MB) requires Business Group command teams to refer any business risks they feel warrant MB attention, including crosscutting risks, to the Corporate Risk Review Group (CRRG). CRRG will review each risk referred to it and determine the process for ensuring appropriate risk mitigation, referring upwards to MB where necessary.
7. In view of the foregoing, Members are asked to note that the MPS has defined the required processes for the identification and management of corporate business risks. This had been the key area preventing the MPS from achieving Level 5 maturity. It remains for certain Business Groups to fully deploy their processes. Work to do so continues apace. We will monitor the processes ‘in action’ for a suitable period of time before giving further consideration to the achievement of Level 5 maturity.
Corporate Risk Register
8. The current Corporate Risk Register is being maintained by CRRG supported by the Business Risk Management Team. The register consists of corporate risks owned and managed by the Business Groups. As the process for identifying and managing corporate risks develops, and we move further in the direction of ‘bow-tie’ based registers, we will undertake a thorough review of the format of the corporate register at the appropriate juncture.
Audit Commission / Alarm Key Performance Indicator
9. An update to the Audit Commission / ALARM risk management Key Performance Indicator (KPI) at end April 2007 is at Appendix 2. The committee is reminded again that the ‘green’ status of the majority of the indicators does not fully reflect the immaturity of the business risk management process.
Insurance management
10. The insurance programme continues to mature to reflect the risk exposure of the MPS/MPA. (See sections 9 to 14 of Appendix 1 for an activity update).
C. Race and equality impact
The MPS business risk management process requires diversity risks and impacts to be identified and managed, enhancing the ability of the MPS to respond to the diversity imperative.
D. Financial implications
1. All work undertaken by BRMT is funded from existing budgets. Interventions to reduce risk exposures identified as a result of the deployment of the business risk management process may have financial implications.
E. Background papers
None
F. Contact details
Report author: Nick Chown, Director of Risk Management, MPS.
For information contact:
MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18
Appendix 1
Progress report - end April 2007
This report covers the three areas where the Business Risk Management Team (BRMT) provides the MPS with a professional lead i.e. corporate governance, business risk management and insurance management. It also includes sections on the Outsourcing Programme, where support is provided in relation to risk management and insurance, and the development of national risk management standards for the police service.
Business risk management
1. Statement on Internal Control (SIC) - The task of preparing the 2006/7 MPS SIC is on track. A first draft statement has been prepared and shared with the MPA.
2. Corporate, Business Group and (B)OCU risk registers – Work on developing the process for identifying and managing corporate business risks has progressed as follows:
- In response to being tasked by the Deputy Commissioner to clarify the MPA’s requirements for the management of corporate business risks, the Director of Strategy, Modernisation & Performance has met with the MPA Chair and the Chair of the Corporate Governance Committee. The future direction of travel for MPS business risk management will at all times reflect the importance that the MPA attach to it as a critical element of corporate governance.
- In response to being tasked by the Deputy Commissioner to outline to him the processes they have in place to ensure the robust identification and management of corporate business risks in their areas of the business, the heads of the Business Groups have each submitted details of their processes to the Deputy and Director of Risk Management.
- The Director of Risk Management has reviewed the responses from the Business Groups referred to at (b) above in the light of good practice and has provided the Deputy with a composite view of the processes. After provision of advice by the Director of Risk Management to two Business Groups, their processes were re-submitted. It can now be confirmed that all the Business Group risk management processes as set out within the responses are fit for purpose. Although there are some differences between the processes, these reflect the diversity of the business and will not affect the ability of the MPS to identify and manage corporate business risks in a connected manner. Work remains to be done to deploy some elements of the Business Group processes. The Corporate Risk Review Group will monitor outstanding deployment activity.
The process for escalating corporate risks from business groups to Management Board (MB) requires Business Group command teams to refer any business risks they feel warrant MB attention, including cross cutting risks, to the Corporate Risk Review Group (CRRG). CRRG will review each risk referred to it and determine the process for ensuring appropriate risk mitigation, referring upwards to MB where necessary.
The agreed proposal to refocus the team’s support activity on the Business Group headquarters and achieve a skills transfer to the HQs to enable them to support their own OCUs and Departments is being actioned. We are pressing ahead with the development of the revised Standard Operating Procedure in quick time to enable us to reflect the new approach in the skills transfer to the HQs.
3. Business risk management awareness/training rollout – The rollout of risk management training is ongoing. We continue to receive very positive responses from delegates to both course content and the quality of Jo Collins’ presentation.
4. Business Risk Management Standard Operating Procedure (BRM SOP) – Much work has gone into the continuing development of the concept of ‘bow-tie’ based risk analysis in view of the very positive response we have had across the Service to their introduction. Unlike traditional risk registers, which are very often a difficult ‘sell’, bow-ties have been met with much enthusiasm hence we are developing a bow-tie based approach to risk registers. The increased focus on bow-ties is in response to customer demand. This focus significantly enhances our ability to mainstream risk management since the technique chimes with police service culture and ways of working. We expect to report on the development of a revised bow-tie based risk register SOP at the September meeting. Aileen Quinton has designed a variant of the bow-tie for analysing opportunities. This has been well received and is now part of the risk toolkit. The team sees much potential for bow-tie type risk analysis.
5. ‘Risk Managers Together’ initiative –The first product of this initiative to demystify risk management and integrate it where appropriate has been a central ‘risk’ intranet site on the AWARE intranet with explanation as to the respective roles of the various teams and links to their own sites, policies and SOPs. The site was up and running less then three months after the decision to develop it, the development work having been undertaken by the Assistant Director of Risk Management, Gordon Mitchell, following attendance on a web design course. Colleague risk managers from across the Service have contributed to the site and thanks are due to all concerned. The site features a standard glossary of risk management terms. The group has also developed a short risk management ‘primer’ intended as a pre-cursor to all risk management training. The primer provides background to wider risk management and positions specific training. Further products will emerge from the group.
6. Support to DoI led ‘gold group’ – As previously reported, BRMT has proved the effectiveness of risk registers in a (non-operational) gold group situation. We are now working with colleagues to determine the criteria to be used to decide where the use of a risk register will add value to a gold group, and to pilot their use in an operational gold group setting to enhance the handling of critical incidents.
7. Partnership risk management – We have developed standard operating procedure for managing risks in a partnership context based on external good practice. The SOP was developed in time to be fed into the development of wider partnership management guidance by Territorial Policing.
8. Risk management competencies for officers and staff – Now that a national risk management framework has been drafted, BRMT is developing an approach to working up risk management competencies for all ranks/grades to be incorporated within national competency frameworks. This piece of work is considered especially important as the introduction of competencies (supported by suitable training) will significantly aid the mainstreaming of risk management. However, the project requires national level support for risk management, which remains an issue. The team is liaising with Skills for Justice.
Insurance management
9 Personal insurance invalidation indemnity policy (PIIP) – As previously advised, the PIIP was renewed by February Finance Committee with a tax and National Insurance issue still outstanding. The MPS insurance manager has subsequently been tasked to investigate the possibility that treating the indemnity policy as a discretionary scheme may avoid the necessity for payments to be grossed up to allow for tax and NI. Work on this continues. BRMT and Accident Claims Branch (ACB) continue to promote the PIIP across the Service.
10. Insurance programme – Discussions continue in relation to the 2007 renewal and a presentation has been arranged to key underwriters in June with subsequent fact finding / awareness visits to Hendon, Gravesend and Wimbledon Tennis Championships to demonstrate key aspects of MPS work to insurers.
11. Insurance Broker Tender – Discussions continue between MPA, ACB, BRMT and Procurement to finalise the timetable, specification and scoring system.
12. Liability claims handling – Work continues to transfer to Legal Services all liability claims handled by ACB where the sum claimed exceeds £5,000.
13. Self-insurance provisions – We are required to calculate for the accounts the possible liability that we have in respect of compensation claims known and yet to be advised. At 31 March 2006, the provision for third party liabilities in this respect was £29.8m. Following a review at the end of the 2006-07 financial year facilitated by the Assistant Director of Risk Management, and based on methodologies agreed with the external auditors, it was agreed that this provision should be increased to £33.6m.
14. Other insurance matters – The three new helicopters have been accepted by the MPS and thus a total of six aircraft is currently stationed at Lippitts Hill. The aviation insurers have been made aware of this temporary increase in risk exposure.
BRMT, ACB and HR are currently in discussion with the South East and Eastern Region Police Insurance Consortium and their insurance brokers, George Burrows, about the feasibility of introducing a personal lines insurance scheme for MPS staff, PCSOs and Specials to complement the existing Federation scheme for officers.
Outsourcing programme support (risk management and insurance)
15. Outsourcing programme – BRMT continue to support the Outsourcing Programme with advice and guidance on risk and insurance matters, subcontracting specialist insurance work to Willis. This ensures that contracts and specifications include robust insurance provisions.
Corporate governance
16. MPS Key Internal Control Framework – The next step in the process of developing an overarching MPS corporate governance framework, as required by CIPFA and the MPA, is the preparation of a policy framework by the Treasurer. However, this is dependent on the publication of the policing version of the new CIPFA/SOLACE governance framework that is not expected until later this year. Work to further develop the MPS framework is in abeyance temporarily.
Development of National Risk Management Standards for the Police Service
17. Work with National Centre for Policing Excellence (NCPE) – There has been no work with NCPE during the reporting period.
18. National business risk management framework for the police service – This project is being led by the ALARM Policing Sector Group. A draft framework has been out for consultation with key stakeholders during the reporting period. A full report on progress will be included in the September meeting update. In the meantime we can advise that both the APA and HMIC have expressed support subject to business risk management being developed alongside the National Intelligence Model as “one process” (HMIC) and to ensuring that the framework fully reflects the key roles of the Police Authority and its Treasurer (APA). To facilitate further progress, the ALARM group will seek meetings with Fionnuala Gill (Chief Executive, APA), Sara Thornton (ACPO NIM lead) and Chris Simms (head of NPIA), and Roger Baker (new head of ACPO Performance Management Business Area. The Chief Executive of ALARM, Lynn Drennan, has agreed to act as liaison between the Policing Sector Group and the CIPFA Better Governance Forum (on whose risk management question set the minimum standards in the framework are based). The ALARM group will continue to seek support for the national framework.
Criminal Justice System risk forum
19. Representatives of Her Majesty’s Courts Service are seeking to inaugurate a risk forum for all the constituent parts of the Criminal Justice System (CJS). The Director of Risk Management has accepted an invitation to chair the new group. It is intended that the new group will meet for the first time in the autumn of 2007. Draft terms of reference for the group are in preparation and will be distributed to all concerned prior to the inaugural meeting. The introduction of this new risk forum is considered to be particularly timely as it enables an end-to-end process view of CJS risk.
Appendix 3
MPS Corporate Risk Review Group
Terms of reference
Objective
To support MPS Management Board (MB) in relation to identification and management of ”Risks to the organisational reputation of the Metropolitan Police, particularly those concerned with public or staff safety, performance, finance and diversity” [3].
The terms of reference for the Corporate Risk Review Group (CRRG) are:
- to act as a corporate business risks conduit and filter on behalf of MB;
- to exercise oversight of the Corporate (Business) Risk Register;
- to propose escalation of corporate business risks to Management Board as necessary from time to time via the relevant member of MB;
- to exercise oversight of the risk management strategy, policy and standard operating procedures;
- to provide direction on business risk content of Corporate Strategic Assessments;
- to consider any strategic issues relating to corporate business risk management.
Ownership
The corporate risk management process is owned by the Director of Strategy, Modernisation and Performance who will chair CRRG. The Director of Strategy will chair in the absence of the Director of Strategy, Modernisation and Performance.
Each Business Group will be represented by the Deputy Assistant Commissioner or equivalent police staff post. Other than in exceptional circumstances substitutes should be of Commander rank or equivalent.
The Director of Risk Management, will support the Director of Strategy, Modernisation and Performance in all aspects of corporate risk management and act as secretary to CRRG. The Assistant Director of Risk Management will substitute for the Director of Risk Management in the latter’s absence.
Meetings
The CRRG will meet in the run up to each monthly MB meeting.
Footnotes
1. ALARM is the National Forum for Risk Management in the Public Sector. [Back]
2. The CRRG’s terms of reference reflect the Commissioner’s focus for MPS business risk management: “Risks to the organisational reputation of the Metropolitan Police, particularly those concerned with public or staff safety, performance, finance or probity”. [Back]
3. The focus for MPS business risk management as set out by the Commissioner. [Back]
Supporting material
- Appendix 2 [PDF]
Audit Commission / ALARM risk management key performance indicator
Send an e-mail linking to this page
Feedback