Contents
Report 9 of the 12 June 2008 meeting of the Corporate Governance Committee containing the Internal Audit review of Corporate Risk Assessment and Management
Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).
See the MOPC website for further information.
Internal audit review of corporate risk assessment and management
Report: 9
Date: 12 June 2008
By: the Director of Internal Audit
Summary
The outcome of the Internal Audit review of Corporate Risk Assessment and Management is attached in the report at Appendix 1. Internal Audit conclude that although a framework is in place for the assessment and management of risk, it is not effective in supporting the integration and embedding of risk management across the MPS. Areas for improvement to the existing arrangements and approach have been identified and recommendations made. The report also recognises the steps the MPS has taken to address a number of issues since the review was conducted.
A. Recommendation
That
1. members note the content of the internal audit report and action plan at Appendix.
2. request an updated Risk Management Strategy from the MPA Treasurer and Commissioner for approval.
B. Supporting information
1. Internal Audit has concluded that although a framework is in place for the assessment and management of risk, it is not effective in supporting the integration and embedding of risk management across the MPS. An up to date risk management policy is not in place and the current focus on business risk does not encourage a more integrated approach to managing risk.
2. There is a need for a shift in strategy to secure buy-in from senior managers and to ensure risk management is part of day-to-day management of the Service. The structures and procedures supporting the risk management process are not fully effective and in particular, a more robust process needs to be put in place for escalating risk through the organisation.
3. At the time of the review adequate controls were not in place to ensure that risks were properly identified, evaluated and appropriately managed. Risk assessment was also not adequately and effectively integrated into the business planning and performance management process.
4. Since the review steps have been taken to address a number of audit findings. The Corporate Risk Review Group attended by senior representatives of the MPA and MPS has been established, revised standard operating procedures introduced and a corporate risk register compiled highlighting the top ten risks to the Service. The methodology for arriving at the top ten risks is, however, unclear and there is a need to ensure that the corporate risk register remains dynamic and reflects current risks as they arise. The recent structural changes made to the corporate centre within the MPS also support the aim of integrating risk management within the business planning and performance framework under the direction of the Director of Resources.
5. Management have responded positively to our report and all fifteen audit recommendations, including two categorised as high risk, have been agreed and an Action Plan drawn up for their implementation.
6. Key audit recommendations include:
- reviewing the approach to business risk management to incorporate a process based on integrating all risk activities across the organisation
- clearly defining the strategy for implementing risk management based on a framework that is integrated within the planning, performance and day to day management of the service
- setting clear accountabilities across the MPS
- embedding risk management into the business planning and performance management framework
- applying a generic risk management cycle based around policing plan objectives and targets
- designing and implementing a structure that acknowledges the need to simplify reports and escalate significant risk through the command chain in quick time.
7. Corporate Governance Committee approved the current risk management strategy in December 2005. We are recommending, following our review and in light of the recent structural changes made
within the MPS, that a revised Risk Management Strategy be submitted to the Corporate Governance Committee for approval.
8. I am expecting to see substantial signs of progress at the time of our follow up review which will take place in six months time and I plan to report back to the Committee as appropriate.
C. Race and equality impact
There are no direct implications for race and equality arising from the internal audit report. There is, however, a need to ensure that in implementing audit recommendations, and in particular those that relate to planning and performance, they are applied equally and fairly across the organisation.
D. Financial implications
There is a risk of loss, waste and inefficiency if Internal Audit recommendations are not effectively implemented.
E. Background papers
None
F. Contact details
Report author: Peter Tickner, Director of Internal Audit.
For information contact:
MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18
Supporting material
- Appendix 1 [PDF]
Internal Audit Review of Corporate Risk Assessment and Management
Send an e-mail linking to this page
Feedback