Forward By The Portfolio Holder For Finance

We recognise that excellent organisations have embedded Risk Management Strategies, Systems and Processes. The effective
management of risk can support the organisation in delivering transformed services required within the dynamically changing
environment of local government.

We are committed to driving the organisation forward to achieve excellence. That’s why Rochdale Council has identified ways to
manage risk which enable us to look at forward thinking solutions to complex issues.

The Council look forward to implementing the changes proposed by this new strategy and realising the many benefits Risk
Management brings.

Councillor Allen Brett

June 2015
Vision Statement
 To embed the identification and management of Risk to support the
achievement of the Rochdale Council’s objectives
Why do we do it?
 Regulatory Requirement There is an ongoing
requirement from the Accounts and Audit Regulations to
produce an Annual Governance Statement (AGS) which
is attached to our Annual Accounts, setting out the
processes we have in place for managing the most
significant risks to the achievement of our objectives. Our
risk management processes are an integral part of the
AGS.
 Inspection We are increasingly being held to account by
external audit for the way in which we have implemented
risk management. We need to continue to demonstrate
that we have a structured approach, which is embedded
into our planning and reporting cycles and decision
making processes at all levels.
 Risks need to be taken in order to improve and move
Rochdale Council forward to meet the challenges
currently facing local authorities such as government
budget cuts, increasing demand on services and
changing customer expectations.
 A Risk management process needs to be PACED
Proportionate, Appropriate, Comprehensive, Embedded
and Dynamic.
If it meets these criteria it will;
 Ensure compliance;
 Provide assurance to Members, Chief Executive and
Leadership Team; and
 Contribute to; efficient operations, effective
processes, efficacious strategy (successful delivery
of the plan).
Benefits of Risk Management
There are a number of other benefits that result from a sound system of risk
management, some of which are listed below.

 The reduction in the level of risk which threatens the  Confidence in the rigor of the Annual Governance
delivery of the Authority’s objectives; Statement (AGS);

 The improved use of valuable resources;
 Improved decision making at all levels of the
organisation;
 Increased willingness and confidence in embarking
on innovative projects;
 Suitable insurance or other arrangements to transfer
the impact of unavoidable risks;
 Reduction in the number and cost of claims and
adverse incidents and improve our ability to defend
them; thus controlling insurance costs;
and

 Improved management in the delivery of

organisational change;  Protection of reputation by improved management of
the media.

 Confidence that partnership activities are soundly

and effectively conducted with clear objectives and
outcome monitoring arrangements;
Goals & Objectives
To have risk aware employees
throughout the organisation, trained in Our measureable outcomes will be:
the basics of risk management who;
 To design and provide appropriate training to all staff;

 Identify risk and opportunities at every level of the

organisation in everything they do, including projects,  To provide a framework which supports;
partnerships, policies and strategies - the recording of risks and mitigation at all levels; and
- the communication and reporting of risks;

 Recognise risks from a variety of sources to give the

most informed view  To define the Authority’s risk appetite and ensure
risks are managed within it;

 Evaluate risks and take reasonable action to mitigate

those which are considered to be above the
organisations appetite
 Communicate risks information so it forms part of
decisions made
 Demonstrate that risks have been considered and
proportionate action taken
 Use risk management as an enabler to move the
organisation forward and take challenges which are well
managed
 To provide management and independent assurance
that Rochdale Council’s Risk Management Strategy,
Framework and Policy are followed;
 To reduce the amount of risk faced by the Authority in
what we do; and
 To ensure all key risks to the Authority are recorded
managed and monitored, in a timely way.
Risk Roles & Responsibilities – Leaders
Elected Members of the Council
 All Members have strategic responsibility for risk
management as part of their responsibility for
governing the delivery of local services. The Council
approves the Annual Governance Statement which
includes commentary on risk management, how it has
been applied during the year and how effective the
arrangements are.
 Members, particularly those with key responsibilities,
should seek to explore and understand service risks in
the process of formulating policy and decision making.
 All decisions put before Cabinet Members include
information on the risk impact of making these
decisions, and of not making the decision.
Finance and Corporate Services Portfolio Holders
 Have overall responsibility for the direction of Risk
Management Strategy and Policy. With the top down
approach being crucial to the success of Risk
Management within the organisation, the portfolio
holder(s) also advocate good practice within Cabinet,
Council and Committees.
Audit & Governance Committee
 The Audit & Governance Committee examines the
evidence provided by Internal and External Audit and
other Governance areas to ensure that we demonstrate
that we are actively managing our risks. This provides
independent assurance to the Cabinet and Council.
Leadership Team
 The Leadership Team has overall strategic
responsibility for risk management. The primary
responsibility for identifying and managing significant
strategic risks lies with the Leadership Team. Directors
take personal responsibility for strategic risks relating to
their portfolio and collectively review the effectiveness
of the control measures at Leadership Team meetings
in March each year.
 Directors also have responsibility for operational risks
arising in their Service areas, and cross service risks
pertaining to their directorate responsibility, for example
safeguarding children. They are responsible for
organisation policies to enable the control of risk within
their directorate responsibility , ensuring the risk
management arrangements within their area meet the
required standard and ensuring that risks to the
achievement of their objectives are identified, managed
and included in the performance management system.
Risk Roles & Responsibilities – Leaders
Chief Executive
 Has the responsibility for maintaining a sound system of
internal control which manages the key risks to the
achievement of Rochdale Council’s policies, aims and
objectives. Also has a key role to play in promoting and
supporting the Risk Management Strategy.
Chief Finance Officer
 The Section 151 Officer, has responsibility for coordinating
Rochdale Council’s overall approach to risk management
supported by specialists including Internal Audit and Risk
Management. Is also responsible for ensuring that regular
internal audit takes place to monitor the effectiveness of
the risk management strategy and for monitoring
compliance with controls introduced by Directors.
Monitoring Officer
 The role and responsibilities of the Monitoring Officer are
largely designed to protect Rochdale Council from legal,
financial and reputational damage. Actions taken by the
Monitoring Officer are designed to contribute towards
Rochdale Council’s risk management processes. A core
aspect of the role of Monitoring Officer is to alert the
Council and Cabinet where any proposal or decision is
likely to be illegal or constitute maladministration, thereby
bringing positive benefits to the area of risk management.
Senior Information Risk Owner (SIRO)
 The role of the SIRO is to understand how the strategic
business goals of the Council may be affected by failures
in the secure use of the organisation’s information
systems. The SIRO fosters a culture for protecting
information and data and provides a focal point for
managing information risk and information assurance. The
SIRO is concerned with the management of all information
assets.
Governance Board
 Rochdale BC also has a duty under the Local Government
Act 1999 to make arrangements to secure continuous
improvement in the way in which its functions are
exercised, having regard to a combination of economy,
efficiency and effectiveness.
In discharging this overall responsibility Rochdale BC is
responsible for putting in place proper arrangements for
the governance of its affairs, facilitating the effective
exercise of its functions, which includes arrangements for
the management of risk.
The Governance Board oversees these Governance
arrangements within the Council, ensuring that corporate
standards are subject to challenge and Services are held
accountable for compliance. The Board is led by the
Monitoring Officer and comprises key senior officers from
all Service areas.
Other Statutory Roles – Leaders
 Head of Paid Service
The Head of Paid Service is a statutory appointment
pursuant to Section 4 of the Local Government and
Housing Act 1989. In general their responsibilities are
to; address the staffing needs of the Authority, meet
the staffing needs of the Council and to ensure the
appointment and proper management of the staff.
 Director of Public Health (DPH)
The core purpose of the DPH is independent
advocacy for the health of the population and
leadership for its improvement and protection.
 Director of Children's Services (DCS) and Director of Adult
Social Services (DASS)
The Children Act 2004 requires every top tier local authority to
appoint a Director of Children’s Services and Director of Adult
Social Services. The DCS and DASS have professional
responsibility for the leadership, strategy and effectiveness of
local authority children’s services and social services functions
respectively. As such, these posts should be at first tier officer
level. The relationship between these two posts will be crucial to
ensuring that the needs of both adults and children in families are
met and that services work well together.
 Risk Roles & Responsibilities - Officers
All Employees
 All employees should be involved in the risk identification Strategic and Operational Partners
and management process. Risk management is a
 Have a responsibility to ensure that they manage risks in
collective effort. All our officers are responsible for
an appropriate manner and where there is a direct impact
bringing to the attention of the relevant person key areas
on the achievement of the partnership objectives and
of concern or risks to theirs or their teams objectives.
planned outcomes. Similarly, when we identify a risk
linked to a partner or third party we are responsible for
Managers raising this with our partners and ensuring that it is
managed appropriately.
 Have the responsibility to ensure that risk is discussed
during all team meetings, 121 meetings, PDRs and
Supervisions. To take stock of all risks raised and where Risk Management Group (RMG)
appropriate to report these to their manager. Finally to
 To provide assurance to Directors that risks are being
provide assurance to their manager that risks within their
managed within their services and that processes and
area are identified and managed.
standards set out in the Rochdale Council’s Policy and
Strategy are followed.
Heads of Service
 To advise Senior Managers on policy, strategy and the
 Identification of our key operational risks relies on teams systems available to support Risk Management.
across Rochdale Council regularly taking stock of the
 To communicate services risks and report by exception.
risks which they face and including details of their
significant risks in regular reports. It is the responsibility
of Heads of Service to ensure this happens. Internal Audit
 Play a key role in providing us with an independent
Project Managers assessment of the effectiveness of our risk management
and control framework. This source of independent
 Play a critical role in ensuring that the risks and issues
assurance is a fundamental part of the evidence used to
faced by our projects are actively managed and are
discharge our accountability for reviewing the
reported through the correct channels. Any significant risk
effectiveness of our Governance arrangements.
or issue should be highlighted with the project sponsor.
Action Plan & Resources
 Develop and implement training courses for all roles
 Work with Members, Leadership Team and each
Service Management Team to ensure they have a risk
register relating to their objectives and plan for review
 Link Risk Management closely with the new Corporate
Planning Framework, including identifying risks against
all Key Activities
 Develop appetite and tolerance levels with Members and
cascade to Services
 Develop an effective Risk Reporting Framework
 Check mitigating actions are proportionate against key
risks
 Develop a framework to allow Corporate Risk
Management resources to be targeted at areas of high
risk and weak Risk Management or areas with low
independent assurance
Risk Manager
 To prepare and deliver effective strategic and annual
plans to ensure corporate risk management systems are
operating effectively. Devise and maintain suitable risk
standards, strategy, policy and procedures.
Service Risk Champions
 Ensure the implementation of a successful risk
management programme within services. They act as the
link between risk group and each services management
team in promoting risk initiatives and work streams. To
monitor the adherence to the Risk Management standard
within the services.
Members and Wider Leadership Team
 To support and prioritise Risk Management. To deliver an
effective risk management programme the priority must
be driven from the top of the organisation.
Evaluation
Measuring Performance
In addition to monitoring the delivery of each objective the
following Performance Indicators will be monitored;

 An up to date risks register regularly maintained for every

service, project and partnership

 An implemented framework for the communication of risk

 A trained organisation

Looking at ways to improve

 A Risk self-assessment completed by every service
There are always areas where improvement can be made.
During the program to deliver this vision there will be greater
understanding of what works well and where a different
approach may need to be taken. This information will be
gathered and the Policy, Strategy and Framework reviewed
and revised to ensure they remain current and forward
thinking for the organisation.

The next steps for Risk Management are already being

investigated so when this strategy is delivered the
organisation can be prepared to move forward again.