• Home
  • About
  • Subscribe
  • LATIF
  • Conferences
  • Dashboard
  • Edit My Profile
  • Log In
  • Logout
  • Register
  • Edit this post

Room 151

  • 151 BRIEF

    What's New?

  • John Turnbull elected president of the SLT

    May 12, 2022

  • Pension pool identifies biodiversity as a priority

    May 11, 2022

  • TfL latest to face credit-rating downgrade by Moody’s

    May 10, 2022

  • Government proposes ‘fairer, more accurate’ business rates system

    May 10, 2022

  • Queen’s Speech confirms planning reforms

    May 10, 2022

  • 18,000 affordable houses lost through ‘permitted development’

    May 9, 2022

  • Treasury
  • Technical
  • Funding
  • Resources
  • LGPS
  • Development
  • 151 News
  • Blogs
    • David Green
    • Agent 151
    • Dan Bates
    • Richard Harbord
    • Stephen Sheen
    • James Bevan
    • Steve Bishop
    • Cllr John Clancy
    • David Crum
    • Graham Liddell
    • Ian O’Donnell
    • Jackie Shute
  • Interviews
  • Briefs

Graham Liddell: Mastering risk management and not box ticking

0
  • by Graham Liddell
  • in Blogs · Technical
  • — 30 Mar, 2017

Photo (cropped): Wokandapix/pixabay

Councils can find it difficult to grasp risk management. Graham Liddell argues its time for local authorities to undertake an honest appraisal of their management processes.

Why do local authorities so often get risk management wrong? They are exposed to a range of challenging and diverse risks: declining financial resources, keeping vulnerable adults and children safe, providing other essential services, keeping sensitive data secure and so on. But all too often risk management is treated as a yet another box ticking corporate process. How often do senior managers have meaningful conversations about how to manage their key risks?

The text book answer to assessing the effectiveness of risk management is to review the risk maturity of an organisation. And there are a range of diagnostic tools, full of worthy questions, to do this:

  • Is responsibility for risk management included in job descriptions?
  • Does the board regularly review its risks?
  • Has the organisation defined its risk appetite?

But assessing risk management in this way often gives false assurance. Does ticking all the “risk mature” boxes mean that we have identified all our risks and are managing them effectively? I doubt it.

Furthermore, I am not sure that a positive internal audit report on risk management is always that helpful. We auditors like systems and might well report that expected controls are in place and operating as they should. But how often does this consider the quality of the thinking, or the robustness of the risk register? I think it’s time for an honest appraisal of the effectiveness of our risk management arrangements.

Emotions

Pretty much all senior management teams spend some time reviewing their strategic risks, even if it is just once a quarter. So the simplest starting point is to reflect on your emotions following one of these meetings. Which of the following best represents how you feel?

  • Blissfully ignorant, we don’t really bother with the risk register.
  • Gnawing with doubt: we’ve ticked the box but not much more.
  • Cautiously optimistic: we’re beginning to understand some of this stuff.
  • Enthusiastic: some great discussion and now we need to translate these into robust actions.
  • Confident: we’ve identified our key risks and robust plans are in place to bring risks down to an acceptable level.

And just to show that this is a well thought out management tool and not something been dreamt up on a sunny Sussex afternoon, here is a picture to help you decide.

 

 

I suspect that most senior officers would assess themselves as cautiously optimistic. My job as an auditor is to instil some gnawing doubt. So, let’s revisit that self-assessment. Here are four challenge questions. If you want to skip the detail scroll down to another diagram.

1 Does your risk management system really identify all your key risks?

  • What has your risk register management system missed in previous years?
  • Are you fixing stuff that could have been prevented?
  • What are you spending money on that would not have been needed if only pre-emptive action had been taken 5 or 10 years ago?
  • What is your risk register missing now?
  • Does your risk register set out clearly the main things that keep you awake at night?

2 Do you have clear mitigating controls in place?

  • Are these summarised clearly?
  • Can you tell whether these bring the risk down to an acceptable level?

3 Are robust plans in place?

  • Have you set out what level of risk you need to get to?
  • Is there a robust, time bound, action plan in place to achieve this?
  • Does the action plan address both likelihood and impact?

4 Do you have robust assurance that controls are working and actions are on track?

  • How quickly would you find out if controls weren’t working or actions not addressed?
  • Does progress on the action plan form a key part of your one to one meetings with managers?
  • Is the risk register updated on a regular basis?
  • If you have adopted the three lines of defence model, how robust is the assurance you get from your second and third lines?

 

Still feeling confident? If not, perhaps it’s time to start taking risk management seriously. Don’t get me wrong, I’m all for a well-structured risk management process. But don’t be fooled, risk management is about managing risks. It’s not about ticking boxes.

Graham Liddell

Graham Liddell is head of Internal Audit at Brighton & Hove City Council.

Get the Room151 Newsletter

Share

You may also like...

  • Digital infrastructure: The fourth industrial revolution 23rd Nov, 2021
  • Settlement 2022-2023: £53.9bn in ‘one-year’ deal aimed at ‘stability’ 17th Dec, 2021
  • Richard Harbord: ‘Effective governance’ the key to commercial activity 17th Aug, 2021
  • A savvy approach to managing your cash 12th Jan, 2021

Leave a Reply Cancel reply

You must be logged in to post a comment.

  • Register to become a Room151 user

  • Latest tweets

    Room151 6 hours ago

    ‘Urgent consultation’ issued in response to continuing audit delays: CIPFA and the Local Authority Scotland Accounts Advisory Committee (LASAAC) have announced another “urgent consultation” to consider proposals to address the latest issue that has led… dlvr.it/SQJ0kV pic.twitter.com/s6vw0bnGXO

    Room151 1 day ago

    Bags of capacity – now to housing delivery: HRAs have been freed up and councils are starting to invest, but some remain cautious, writes Steve Partridge. He suggests that a minimum of £10bn of additional borrowing could be[...] dlvr.it/SQDvxk pic.twitter.com/yZmoWzHv6U

    Room151 1 day ago

    Bags of capacity – now to housing delivery room151.co.uk/treasury/bags-…

    Room151 2 days ago

    To Michael Gove: a modest proposal: Conrad Hall has written an open letter to the levelling up secretary suggesting an unusual (and tongue-in-cheek) proposal to help councils predict next year’s government grant. Dear Secretary of State,[...] dlvr.it/SQ9GpX pic.twitter.com/mSX1xgeL8a

    Room151 2 days ago

    Queen’s Speech: an ambitious plan hampered by omissions: Richard Harbord examines the impact of the government’s legislative proposals on councils, and concludes that local authorities expect and need more from central government. However you view the… dlvr.it/SQ8hmP pic.twitter.com/BsnziyNPIO

    Room151 3 days ago

    Insights and inspiration from LGPS leaders past and present: Four current and former LGPS leaders have recently given powerful and insightful interviews as part of the Fiftyfaces podcast, which showcases inspiring investors and their stories. Hosted by… dlvr.it/SQ53lC pic.twitter.com/IRYMFPxdA2

    Room151 4 days ago

    Rate rise represents ‘fastest increase in borrowing costs in 25 years’: Partner Content: CCLA Investment Management’s Robert Evans analyses the rationale for the Bank of England’s latest rise in the Official Bank Rate and assesses the likely outcome of… dlvr.it/SQ33k3 pic.twitter.com/A81yiS1UgN

    Room151 4 days ago

    The Liability Benchmark, very much unloved at the recent Room151 treasury briefing, receives a much more positive assessment from Jackie Shute. There’s ‘no better tool for treasury portfolio management’, she says. #localgov #finance room151.co.uk/treasury/in-pr…

    Room151 4 days ago

    In praise of the Liability Benchmark: Jackie Shute responds to recent criticisms of the framework used to plan the future borrowing requirements of a local authority. I’m not suggesting that this debate will have the same[...] dlvr.it/SQ2cGf pic.twitter.com/4rqXTpHC9A

  • Categories

    • 151 News
    • Agent 151
    • Audit
    • Blogs
    • Business rates
    • Chris Buss
    • Cllr John Clancy
    • Council tax
    • Dan Bates
    • David Crum
    • David Green
    • Development
    • Education
    • Forum
    • Funding
    • Governance
    • Graham Liddell
    • Housing
    • Ian O'Donnell
    • Infrastructure
    • Interviews
    • Jackie Shute
    • James Bevan
    • Jobs
    • Levelling up
    • LGPS
    • Mark Finnegan
    • Net Zero
    • Private markets
    • Recent Posts
    • Regulation
    • Resources
    • Responsible investing
    • Richard Harbord
    • Risk management
    • Social care
    • Stephen Fitzgerald
    • Stephen Sheen
    • Steve Bishop
    • Technical
    • Transport
    • Treasury
    • Uncategorized
    • William Bourne
  • Archives

    • 2022
    • 2021
    • 2020
    • 2019
    • 2018
    • 2017
    • 2016
    • 2015
    • 2014
    • 2013
    • 2012
    • 2011
  • Previous story Watchdog says government lacks proof business rates retention will boost economic growth
  • Next story Essex awards £150m infrastructure mandate

© Copyright 2022 Room 151. Typegrid Theme by WPBandit.

0 shares