Contents
Report 11 of the 8 December 2008 meeting of the Corporate Governance Committee and outlines a proposed joint MPA/MPS Risk Management Statement, together with associated risk management strategies for both MPA and MPS.
Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).
See the MOPC website for further information.
MPA/MPS corporate risk management strategic statement
Report: 11
Date: 8 December 2008
By: Treasurer and Director of Resources on behalf of the Commissioner
Summary
This report outlines a proposed joint MPA/MPS Risk Management Statement, together with associated risk management strategies for both MPA and MPS.
A. Recommendation
That
- the Committee approve the joint MPA/MPS Risk Management Statement at Appendix 1;
- agree the MPA Risk Management Strategy and Implementation Plan at Appendix 2 and 3;
- endorse the MPS Risk Management Strategy and Implementation Plan at Appendix 4 and 5; and
- note the role of the new MPS Service Improvement Board.
B. Supporting information
Risk management statement and strategy
1. Since December 2005 the MPA and MPS have had a joint risk management strategy, which sets out purpose, aims and objectives in relation to risk management. This strategy is now due for review in line with good practice and internal audit recommendations.
2. Given the developing maturity of risk management within both the MPA and MPS and their differing responsibilities, it is proposed that a joint high-level risk management statement be agreed. The purpose of this is to set out the vision and objectives for risk management and the differing roles of the MPA and MPS. The proposed statement is attached at Appendix 1.
MPA and MPS risk strategies and implementation plans
3. The joint strategic statement should be supported by separate MPA and MPS risk strategies and implementation plans which should set out further details of how the risk management vision and responsibilities will be delivered in order to achieve the desired objectives. The MPA Risk Strategy and Implementation Plan can be found at Appendices 2 and 3 and the MPS Risk Strategy and Implementation Plan are at Appendices 4 and 5. It is intended that the implementation plans remains living documents monitored by the MPA Senior Management Team and the MPS Service Improvement Board (SIB) respectively.
MPS management of corporate risks
4. On 27 August 2008, the MPS Management Board (MB) approved the governance arrangements for corporate risk, with further agreement that the role of the Corporate Risk Review Group could be subsumed into the MPS Service Improvement Board (SIB). This paper sets out further mechanics for managing corporate risk through SIB:
- MB risk leads nominate corporate operational risk leads at Deputy Assistant Commissioner (DAC) (or equivalent) level.
- Analysis of each corporate risk area is carried out, enabling the development of related action plans. This could be achieved in a variety of ways from using structured workshops to interviews or questionnaires to relevant stakeholders. Each operational risk lead, with assistance from their local business group risk management co-ordinator, should ensure that an action plan, aligned with recognised risk management processes, is developed for their risk area. (The Corporate Risk Manager within Strategy and Improvement Department can assist with advice where needed.)
- Results of the risk analysis and critical actions required to reduce the risk to an acceptable level will be reported to SIB by the operational risk lead.
- SIB agrees owners for critical action areas and seeks regular update reports.
- Analysis of each corporate risk area should be refreshed at least annually.
- Management Board are expected to take an overview of the corporate risk profile annually.
5. An action plan with timescales will be developed to ensure that risk analysis and action planning has been completed in all prioritised risk areas.
Acronyms
- SIB
- Service Improvement Board
- MB
- Management Board
- DAC
- Deputy Assistant Commissioner
- OCUs
- Operational Command Units
- (B)OCUs
- Borough Operational Command Units
- CRM
- Corporate Risk Management
- BG
- Business Groups
- SMTs
- Senior Management Teams
- ILAU
- Inspection Liaison & Analysis Unit
C. Race and equality impact
There are no adverse equality and diversity implications arising from this report. Impact on diversity is considered as part of the analysis of business risks, and hence the risk management process supports the diversity imperative.
D. Financial implications
.There are no specific financial implications from this report. In terms of overall risk management, time and resources are required to carry out analysis work and implement interventions to reduce risk exposures and improve controls, but this should result in the more efficient use of the MPA/MPS’s resources. Any costs arising from interventions will be dealt with as part of the MPA/MPS normal budget and decision-making processes.
E. Background papers
None
F. Contact details
Report author: Ken Hunt Treasurer, MPA, Richard Morris and Jo Collins, Strategy and Improvement Department MPS
For information contact:
MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18
Appendix 1
MPA and MPS risk management statement
Vision
The MPA and MPS are committed to working towards a safer London, by ensuring appropriate assessment and management of threats and opportunities using effective risk management from strategic to operational levels.
Risk management responsibilities
Risk Management is central to the strategic management and direction of the MPA and MPS. It is an integral part of the planning and performance framework key to the production of the Policing
London Business Plan and is a fundamental element of Corporate Governance. It is a means of maximising opportunities and minimising the costs and disruption caused by undesired events. The MPA and
MPS internal control arrangements have the effective management of significant risks as a principal aim linking all policies and procedures. Effective risk management enables the Service and
Authority to respond appropriately to significant business, operational, financial and other risks.
Risk can be defined as ‘the combination of the probability of an event and its consequences or the chance of something happening that may have an impact on the achievement of objectives’.
Recognising that some risks cannot be eliminated, the Authority and Service adopt a planned and systematic approach to the identification, evaluation and economic control of risk. There is a tendency
to think of risk only in the negative context i.e. an event or action that will adversely affect the Service and Authority’s ability to meet their objectives. However, effective risk management
is about making the most of opportunities, making the right decisions and achieving objectives once those decisions are made.
The Service and the Authority jointly recognise that they have a responsibility to manage risks effectively. Risk Management in the Service and Authority is a continuous process, demanding awareness
and response from all individuals at all levels, to identify, measure and cost-effectively control risks that threaten the assets, finances, efficient operation, and achievement of the objectives and
reputation of the Service and Authority.
The Authority’s Risk Management Strategy and Implementation Plan demonstrate how it is to discharge its statutory responsibility in relation to risk management whilst managing its own risks
effectively. The Authority has a responsibility to ensure that there is an adequate framework in place for managing risk and that it is functioning effectively. Commenting on the adequacy of the risk
management framework is a key part of the Authority’s Annual Governance Statement. The MPS take operational responsibility for managing priorities and strategic issues that it faces. The
Service Risk Management Strategy and Implementation Plan demonstrate how risk management will be embedded throughout the MPS in support of achieving its objectives.
The MPA and MPS explicitly acknowledge the risk management responsibility of senior officers and staff in the execution of their duties, and a joint accountabilities and reporting framework for risk
management also supports this statement.
Objectives
In summary, the objectives underpinning the approach of the respective risk management strategies of the Authority and Service are:
- Improving the delivery of MPA/MPS strategic objectives;
- Encouraging innovation;
- Improving standards of corporate governance and strategic management;
- Improving service quality and delivery;
- Improving efficiency in resource usage and protecting MPA/MPS assets;
- Protecting the safety of MPA/MPS staff/officers and our customers/stakeholders;
- Protecting the reputation of the MPA/MPS.
This risk management statement is supported by the following documents:
- MPA Risk Management Strategy and Implementation Plan
- MPS Risk Management Strategy and Implementation Plan
- MPA/MPS Risk Management accountabilities and reporting framework
- MPS Risk Management policy
- MPS Risk Management toolkit
Appendix 2
MPA risk management strategy
The Authority has a joint vision with the MPS in that it is committed to working towards a safer London by ensuring the appropriate assessment and management of threats and opportunities using effective risk management throughout the organisation. This Strategy and Implementation Plan demonstrate how the Authority exercises its statutory oversight of the MPS’s management of risk and how risk management is embedded within its own business processes.
Risk management aims and objectives
The main objectives are to:
- Integrate risk management within the corporate strategic planning process to improve delivery of the MPA and MPS strategic objectives
- Work with the MPS to ensure the alignment of risk assessment and management within the Service and Authority
- Ensure effective risk management underpins the corporate planning and performance framework
- Improve the effectiveness of risk management within the Service
- Integrate effective risk management into the business culture of the Authority, managing risk in accordance with recognised best practice
- Inform policy decisions by identifying risks and their likely impact
- Anticipate and respond appropriately to changing social, environmental and legislative requirements
- Minimise loss, disruption, damage and injury and reduce the cost of risk, thereby maximising resources
- Exploit opportunities
- Safeguard staff and protect property, cash and other tangible assets
- Protect the corporate image and reputation of the MPA
These will be achieved by:
- Implementing, monitoring and reviewing a Strategic Risk Management Process within the Authority
- Conducting effective risk assessments in support of the corporate planning and performance process
- Reviewing the Service assessment of risk in determining Authority risks
- Demonstrating effective oversight and leadership on risk management
- Endorsing the Risk Management Strategy for the MPS and monitoring and reviewing the effectiveness of implementation arrangements
- Embedding effective risk management in key MPA business processes
- Establishing clear roles, responsibilities and reporting lines for risk management within the MPA
- Ensuring risks are considered by the MPA Senior Management Team who have overall responsibility for identifying, reviewing and mitigating risks
- Providing appropriate risk management training and promoting risk awareness
Authority risk management procedure
MPA Oversight
The MPA Corporate Governance Committee receives appropriate reports on behalf of the Authority for consideration and action to ensure it:
- Considers the financial risks to which the Authority is exposed and approves measures to reduce or eliminate them or to insure against them.
- Approves the corporate risk management strategy and framework; ensuring that appropriate systems are in place for assessing and managing key risks to the Authority and the Service. (This will include regular review, at least annually of the Authority and Service assessment of key strategic risks).
- Considers proposed corporate programmes of risk management activity and monitors progress, including those that relate to business continuity and disaster recovery.
MPA Management of Risk
The following key measures have been agreed by the MPA Chief Executive, MPA Treasurer and the MPA Senior Management Team.
- All staff are encouraged to contribute to the identification of risks to the achievement of the Authority’s objectives. Risk identification is included on all key internal Authority meetings.
- Risks are considered in drafting corporate objectives, team objectives and work plans. These are then periodically reviewed at Management and Team Meetings.
- The use of a consistent template in the form of a risk register facilitates a comprehensive process of identification, analysis and evaluation, treatment and monitoring of risk.
- MPA SMT members are responsible for referring significant risks identified by their Teams to SMT to consider inclusion on the Authority’s Corporate Risk Policy Scan.
- An analysis of each risk area within the Corporate Policy Scan is carried out on a regular basis. This enables the development of an action plan incorporating a monthly update, an assessment of the business impact, public affairs impact and equalities impact. Each risk area is given a responsible owner.
- The MPA Corporate Risk Policy Scan is maintained by the MPA SMT. New risks and changes in status are reported to each meeting of SMT and an updated Corporate Risk Policy Scan is circulated each month.
- The Chief Executive and Treasurer update the MPA Business Management Group with the Authority’s key risks at each of its meetings. Risks are subsequently evaluated and actions agreed.
- The Chief Executive and Treasurer inform the Business Management Group of any emerging risk or change in rating of any current risk that is considered of such significance that to delay notification to Corporate Governance Committee would be critical to the organisation.
- The Chief Executive and Treasurer report all key risks to the MPA Corporate Governance Committee annually.
Appendix 4
MPS risk management strategy
Vision
The MPS is committed to working towards a safer London, by ensuring the appropriate assessment and management of threats and opportunities using effective risk management throughout the organisation from strategic to operational levels.
Objectives
The objectives of the risk management strategy are to:
- Improve the delivery of MPS strategic objectives;
- Encourage innovation;
- Improve standards of corporate governance and strategic management;
- Improve service quality and delivery;
- Improve efficiency in resource usage and protect MPS/MPA assets;
- Protect the safety of MPS staff/officers and our customers/ stakeholders;
- Protect the reputation of the MPS.
These objectives will be achieved by ensuring:
- Effective risk management processes are in place through:
- Developing and implementing a strategic risk management framework and toolkit, which introduces good practice techniques throughout the MPS in line with British Standards.
- Implementing clear risk management accountabilities and reporting structures for individuals and relevant Boards.
- Measuring performance in risk management against a maturity model based on continuous improvement.
- Risk Management is embedded in service delivery by:
- The integration of risk management into strategic decision making, business planning and performance management.
- Developing links between inspection/audit processes and the risk management process.
- Working with programme and project managers to ensure that risks are effectively managed within change programmes.
- Working with OCUs that provide specialist and operational risk management advice to ensure appropriate use of risk assessment and management techniques, improving clarity and reducing bureaucracy.
- Risk management is supported and understood internally by all staff and externally by our stakeholders through:
- Engaging the support of management board members, business groups and (B)OCUs by raising risk awareness through engagement and training using a network of risk co-ordinators.
- Making relevant risk management information accessible to all staff.
- Working with partners, suppliers, contractors and other stakeholders to ensure good risk management practice
- Working with the MPA to ensure alignment of risk management processes and key risk areas.
This strategy supports the joint MPA/MPS Risk Management Statement and is in turn supported by the MPA/MPS risk management accountabilities and reporting framework, the MPS risk management implementation plan, policy, and toolkit.
Supporting material
- Appendix 3 [PDF]
MPA implementation and development plan - Appendix 5 [PDF]
MPS Implementation Plan
Send an e-mail linking to this page
Feedback