Contents
Report 12 of the 14 September 2009 meeting of the Corporate Governance Committee, provides an update on the implementation of the MPS risk management strategy.
Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).
See the MOPC website for further information.
MPS Corporate risk assessment and management
Report: 12
Date: 14 September 2009
By: Director of Resources on behalf of the Commissioner
Summary
This report provides an update on the implementation of the MPS risk management strategy.
A. Recommendation
That
- members note the update provided on the implementation of the MPS risk management strategy; and
- agrees the approach proposed for providing reassurance to the Committee on the Service’s work in respect of risk management
note the report.
B. Supporting information
1. The MPS is committed to working towards a safer London, by ensuring the appropriate assessment and management of threats and opportunities using effective risk management throughout the organisation from strategic to operational levels.
2. The objectives of the MPS risk management strategy are to:
- Improve the delivery of MPS strategic objectives;
- Encourage innovation;
- Improve standards of corporate governance and strategic management;
- Improve service quality and delivery;
- Improve efficiency in resource usage and protect MPS/MPA assets;
- Protect the safety of MPS staff/officers and our customers/ stakeholders;
- Protect the reputation of the MPS.
3. The MPS risk management strategy implementation plan is currently in the process of being delivered.
Summary of progress to date
4. Significant work has been done over the last few months in implementing the strategy and embedding both corporate and business group risk management. In relation to the questions posed in the MPA commissioning brief (attached as Appendix 1) progress is as follows.
Risk management Framework and Roles and Responsibilities
5. We are currently reviewing our risk management framework and making sure that our approach is as effective as possible. We want to make sure that we are as effective as we can be in having:
- clear accountabilities for each risk and mitigation;
- clear management information derived from consistent recording of risks, leading to improved decision making and
- the ability to escalate risks as appropriate.
6. As part of an assessment of the current risk management arrangements at MPS, our developing operating model for risk management within MPS can be summarised as follows:
Chart: operating model for risk management within MPS, see attached
7. Central to this approach, is the SIB risk sub group. The role of this group, with delegated powers of authority from SIB is to oversee the implementation of the risk management strategy and to provide challenge on the efficacy of our process for identifying and escalating risk from the Business Groups and of steps being taken to manage them; to analyse cross cutting risks and emerging “hot spots”; to identify common risks, and to spot potential clashes of risk. The Group will provide a monthly report on risk to SIB which will be used to inform Management Board. The group - business group risk co-ordinators plus other risk specialists - will recommend what risks should go forward to the corporate risk register and will identify and discuss cross-cutting risks.
Escalation of risk
8. Our prime objective in handling risk is that management at any level should manage risks that they/ their staff have identified via their own system of risk registers unless they feel: that the risk falls outside of their span of control/ influence; it is a risk of strategic significance; it affects more than one line of business (or a combination of any of these factors). In those cases the risk should be escalated to the next level, as shown in the diagram above.
9. TP are establishing a reporting framework that facilitates a clear escalation path for operational risks from Borough to TP HQ. We are working with other business groups to ensure they review/adopt TP’s escalation procedures as appropriate.
Risk identification and mitigation
10. We have recently reviewed both our corporate and business group risk registers. Control measures have been updated detailing who will carry out the actions and by when. We are also reviewing the format of our registers to ensure that they continue to comply with good practice.
11. Whilst the Service supports and wishes to develop a robust assurance process with the Authority in terms of how we manage risk, the Commissioner believes that that it would be inappropriate to take such a potentially sensitive document as the Service’s Corporate Risk register to a full meeting of an Authority committee. Following discussions with MPA officers, we propose that the corporate risk register and the Service’s risk management arrangements are reviewed on a regular basis with the MPA through a small group - MPA to advise on their proposed member and officer attendees. Short update papers will then be produced for the Corporate Governance Committee following those review meetings.
12. The MPA Chief Executive currently has sight of the Corporate Risk register and the work being undertaken by the Service on risk management as an attendee at the Service Improvement Board.
Monitoring and review
13. We will carry out quality monitoring reviews every six months, on the Business Group risk registers and on the corporate risk register. The reviews will cover any risks that have materialised and the effectiveness of the control measures as well as identifying any emerging risks.
14. In support of this review, and as part of the rolling out of the risk management strategy across the Business Groups, a maturity model is being developed, which will be used to assess the state of risk management across each of the Business Groups, with a view to provide each of the Groups with their own Risk Management Improvement Plan. We will consult with the MPA to inform the development of the model.
C. Race and equality impact
MPS Race and Diversity policies are taken into account in the development and update of our risk assessments and mitigation actions.
D. Financial implications
The work identified will be delivered within approved budgets.
E. Legal implications
1. There are no legal implications
F. Background papers
None
G. Contact details
Report author: Alan Hughes, Strategy and Improvement, MPS
For information contact:
MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18
Appendix 1
Commissioning brief
MPA committee / date: 14 September 2009
MPS Corporate Risk Assessment and Management
A report is required which: Outlines the MPS approach to risk assessment and management and includes the latest version of the MPS Corporate Risk Register.
In particular the report needs to address:
- the risk management framework in place
- the role of management board
- how risks are identified and assessed
- the process for the escalation of risks
- risk mitigation and management action
- allocation and ownership of risks
- management action - monitoring and review
The Chair has requested that the MPS Corporate Risk Register is submitted to the Committee – if necessary he is content for this to come as an exempt item linked to the covering report which will be considered in the public part of the meeting.
Is this report an open or exempt report?
Potentially a split report – with the covering report considered in the public part of the meeting and the MPS corporate risk register as an exempt item if appropriate.
If the report is exempt please classify under which category the exemption falls – advice can be sought from MPA committee services or MPS Strategy Unit
Source of request: Chair of Corporate Governance Committee
Brief prepared by: Julie Norgrove
Date: 29 July 2009
Supporting material
Send an e-mail linking to this page
Feedback