Toggle menu

Risk and Opportunity Management Strategy

Risk and Opportunity Management is the culture, processes and structures that are directed towards effective management of potential opportunities and threats to an organisation achieving its objectives.

This strategy is intended to

  • reaffirm and improve effective Risk and Opportunity Management within the Council,
  • comply with good practice; and
  • effectively manage potential opportunities and threats to the organisation achieving its objectives.

Executive Summary

Note: This strategy applies to both South Hams District and West Devon Borough Council. Where referenced within this document, the "Council" means either or both Councils.

The Council, like all organisations faces a wide range of risks. The aim of this policy is to communicate why Risk and Opportunity Management is important, why it must be carried out and to provide an explanation of the approach that is to be taken.

Risk is defined as an uncertain event, or set of events, that should it occur will have an effect on the ability to achieve objectives. Generally, risks are perceived as negative, but that is not always the case. There are occasionally uncertainties that could have a positive impact, referred to as Opportunities.

Risk Management is the systematic application of principles and processes to identify and assess risk, along with the planning and implementation of responses. It is an integral part of internal control and for local government is a statutory requirement, defined in the Accounts & Audit Regulations 2015.

Embedding risk management throughout the Council is not just about legal requirements. Effective risk management will lead to:

  • improved performance by contributing to fewer shocks and unwelcome surprises;
  • more efficient use of resources;
  • better, more informed decision-making and;
  • an ability to exploit opportunities.

Risk and Opportunity Management is both a statutory requirement and an indispensable element of corporate governance and good management. It has never been more important to have an effective Risk and Opportunity Management Strategy in place to ensure the Council is able to discharge the Council's various functions and deliver public services efficiently and cost effectively. The last risk strategy was prepared in 2013 and this strategy is a complete re-work, based on feedback received from the Devon Audit Partnership.

Risk is unavoidable. It is an important part of life that allows us all to move forward and develop. Successful risk management is about ensuring that the Council has the correct level of control in place to provide sufficient protection from harm, without stifling development.

The Council's overriding attitude to risk is to operate in a culture of creativity and innovation, in which all key risks are identified in all areas of the business and are understood and proactively managed, rather than avoided.

Risk and opportunity management therefore needs to be taken into the heart of the Council and its key partners and stakeholders.

The Council needs to have the structures and processes in place to ensure the risks and opportunities of daily Council activities are identified, assessed and addressed in a standard way. The Council does not shy away from risk but instead seeks to proactively manage it. This will allow it not only to meet the needs of the community today, but also be prepared to meet future challenges.

The Council will record the significant risks identified as potential threats to the delivery of its objectives within Risk and Opportunity Registers and incorporate mitigation controls within action plans to include details of any opportunities that may arise from the successful management of each risk. Risks will be monitored every six months and findings reported via the Council's Audit Committee.

The benefits gained with a Risk and Opportunity Management Framework are improved strategic, operational and financial management, better decision-making, improved compliance and, most importantly, improved customer service delivery and better outcomes for the residents of South Hams and West Devon.

The Council embraces risk and opportunity management to support the delivery of the Council's vision and to enable the provision of high quality services to the residents of South Hams and West Devon.


The Risk and Opportunity Management Strategy

1. Definitions

Note: This strategy applies to both South Hams District and West Devon Borough Council. Where referenced within this document, the "Council" means either or both Councils.

What is a Risk?

Risk is most commonly held to mean "hazard" and something to be avoided but it has another face - that of opportunity. Improving public services requires innovation - seizing new opportunities and managing the risks involved. In this context risk is defined as uncertainty of outcome, whether positive opportunity or negative threat of actions and events. It is the combination of likelihood and impact, including perceived importance.

What is Risk and Opportunity Management?

Risk and Opportunity Management is the culture, processes and structures that are directed towards effective management of potential opportunities and threats to an organisation achieving its objectives.
This strategy is intended to reaffirm and improve effective Risk and Opportunity Management within the Council, comply with good practice and in doing so, effectively manage potential opportunities and threats to the organisation achieving its objectives.


2.Types of Risk - Strategic and Operational

Strategic risks affect or are created by the Council's business strategy and strategic objectives. They can be defined as the uncertainties and untapped opportunities embedded in strategic intent and how well they are executed. As such, they are key matters for the Council's Senior Leadership Team (SLT) and impinge on the whole organisation, rather than just an isolated department or community of practice. Inclusion of a risk in the strategic risk and opportunity register indicates that it is one of a number of risks that the Council (particularly elected members and the extended leadership team) need to be aware of and ensure appropriate management arrangements are in place to manage/mitigate them.

Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people and systems or from external events. Operational risks should link to each service area's business / service plan.


3. Risk Analysis and Monitoring Arrangements

The SLT will monitor and manage the delivery of the Risk and Opportunity Management Strategy at a strategic level.

The purpose of this is to effectively embed Risk and Opportunity Management within the ethos of the Council's culture as an integral part of strategic planning, decision-making and its performance management framework.

The SLT will also be responsible for the development and monitoring of the Strategic Risk and Opportunity Registers, supported by the Statutory Officers Group.

The Extended Leadership Team (ELT), under the direction of the SLT, will be responsible for the delivery of this strategy at an operational level and for the development and monitoring of service level Operational Risk and Opportunity Registers.


4. Corporate Governance

Risk and Opportunity Management is essential to effective corporate governance. Key risks are included in the Annual Governance Statement which is published alongside the Statement of Accounts.


5. Health and Safety

The Risk and Opportunity Management Strategy supports the corporate Health and Safety Policy in its commitment to the continuous improvement of health and safety performance, in particular by identifying key priorities and areas for improvement in health and safety management and risk control.


6. Embedding Risk and Opportunity Management

The Risk and Opportunity Management Strategy is to be reviewed annually to ensure it remains up to date. The Finance Portfolio holder and SLT will jointly champion the process.


7. Benefits of  Good Risk and Opportunity Management

Integration of risk and opportunity management into the culture and working practices of the Council and its delivery partnerships has numerous benefits, which include:

  • Protecting and adding value to the Council and its stakeholders by supporting the achievement of the Council's vision and corporate priorities
  • Improved strategic, operational and financial management
  • Contributing to more efficient use/allocation of resources within the Council and its partners
  • Keeping the Council within the requirements of the law
  • Mitigation of key threats and taking advantage of key opportunities
  • Protecting and enhancing assets and reputation
  • Improving decision-making (making the right decisions), planning and prioritisation by comprehensive and structured understanding of activity and volatility
  • Enabling future activity to take place in a consistent and controlled manner
  • Promotion of innovation and change
  • Improved customer service delivery
  • Continuity of knowledge and information management processes
  • Developing and supporting people and the Council's knowledge base
  • Optimising operational efficiency and therefore delivering efficiency gains and value for money
  • Better allocation of time and management effort to major issues
  • Avoiding nasty surprises, shocks and crises
  • Ensures the Council's approach is aligned to 'Best Practice'
  • Satisfying stakeholder/partner expectations on the Council's internal controls

8. Culture

The Council will be open in its approach to managing risks and will seek to avoid a blame culture. Lessons from events that lead to loss or reputational damage will be shared as well as lessons when things go well. Discussion on risk in any context will be conducted in an open and honest manner.


9. Guidance and Assistance

The Statutory Officers Group, in conjunction with SLT and ELT will promote and monitor good practice, provide guidance, support, advice and information and organise training.


10. Risk and Opportunity Management Policy Statement

The Council is aware that it is exposed to a very wide range of risks and threats to community service delivery. The Council recognises that it has a responsibility to identify, evaluate and manage risk whilst still creating a fertile climate for innovation. It therefore supports a structured approach to risk and opportunity management through its corporate Risk and Opportunity Management Strategy, the aims and objectives of which are described below:

  • Integrate and raise awareness of risk and opportunity management for all those connected with the delivery of Council services
  • Embed risk and opportunity management as an integral part of strategic, service, information use, financial and project planning and policy making
  • Establish a standard systematic approach to risk identification, analysis, control, monitoring and reviewing
  • Provide a process for identifying threats or drawbacks that also aids finding and considering opportunities
  • Provide a robust and transparent framework for managing risk and supporting decision-making
  • Support well thought-through risk taking
  • Anticipate and respond to changing external and internal environment
  • Embed risk and opportunity management as an integral part of delivering and aligning successful partnerships

The objectives of the Risk and Opportunity Management Strategy are:

  • To embed Risk and Opportunity Management as part of the Council's culture of governance
  • To provide a robust and systematic framework for identifying, managing and responding to risk
  • To provide a robust and transparent track record of managing, communicating and responding to risk
  • To encourage staff to think creatively about ways to work better, simpler and more effectively

11. Framework

The Council maintains two different types of Risk and Opportunity Register - Strategic and Operational.

The Strategic Register records risks that affect the aims and objectives of the corporate body - risks that hinder or stop successful achievement of corporate priorities and aims and are generally of a medium to long term nature. The Operational records those risks affecting the day to day departmental operations.

Both registers detail the following:

  • possible consequences of the risks identified, both negative (risks and threats) and positive (opportunities)
  • potential impact and likelihood of the risk identified
  • existing controls in place to mitigate the risks
  • actions planned to mitigate the risks with relevant timescales and the responsible officers

The Strategic Register is owned by SLT. Operational Registers are maintained by the relevant Head of Practice or the project board.


12. Risk and Opportunity Identification.

Before risks and opportunities can be identified, the Council must first establish the context by looking at what it is trying to achieve and what the proposed outcomes are.

Depending on the area under review, the relevant objectives and outcomes will usually be detailed in existing documents such as department business plans, project plans or partnership agreements.

There are a number of different types of risks that an organisation may face including financial loss, failure of service delivery, physical risks to people and damage to reputation.

Opportunities can arise from areas within the organisation and externally. Internal sources of opportunity include how the authority structures itself, partnerships with other entities, operational changes and technological innovation. External sources of opportunity include changes to political, legal, social and environmental forces.

Opportunities can also be identified by giving consideration to those that have been neglected because of perceived, but unexamined risk. These include:

  • Learning from the past - whilst experience cannot necessarily be a predictor for future performance, signals that were ignored, and opportunities that were missed can provide insight into organisational blind spots.
  • Customer sensitivity - trying to understand customer needs and creating systems to exploit this information can lead to great gains.
  • Learning from others - exploring and sharing best practice with other organisations can lead to benefits.
  • Scenario planning - can be a powerful tool for generating new ideas.
  • Once the opportunity has been identified it should be described to include the expected benefits, contributions to business objectives and stakeholders.

13. Risk Description

The risks and opportunities identified need to be recorded in a structured format. A description covering the Cause, Event and Effect is used to scope a risk or opportunity. Some typical phrasing or statements are listed below:

CauseEventEffect

Because of
As a result of
Due to

<an uncertain event i.e. risk or opportunity> may occurwhich would lead to <effect on objective>

 

EventCauseEffect

Risk of
Failure to
Failure of
Lack of
Loss of
Uncertainty of
Delay in
Inability to
Inadequate
Partnership with
Development of
Opportunity to

due toleads to
and/or
result in

 


14. Risk Analysis

Once risks have been identified they need to be assessed systematically and accurately. The process requires as assessment of the level of risk by considering the probability of an event occurring - "likelihood" and the potential outcome of the consequences should such an event occur - "impact."

The assessment will cover each element of the judgement and determine the score - with the worst child being the score that determines the overall risk score. The tables below give the scores and indicative definitions for each element of the risk ranking process: 

NumberLikelihoodImpact
1Rare - Unlikely to occur under normal circumstances
-10%
Is never likely to occur
Very unlikely this will ever happen e.g. Once in 100 years
Insignificant Risk
Financial: Financial loss of less than £10k
Service Quality: Drop in performance or delays to a process or temporary loss of an access route to a service
Reputation: Limited local interest, single story
Legal/Regulatory: Not reportable to regulator/Ombudsman, simple fix
Health & Safety: Minor first aid required
Morale/Staffing: Isolated staff dissatisfaction
2Unlikely - Potential to occur however likelihood remains low
10 - 25%
May occur only in exceptional circumstances
Not expected to happen, but is possible e.g. Once in 25 years
Not known in this activity
Minor Risk
Financial: Financial loss of between £10k & £100k
Service Quality: Drop in performance or delays to a service area or sustained loss of access routes for services
Reputation: Local or 'industry' interest, single story over multiple news outlets
Legal/Regulatory: Reportable to regulator/Ombudsman, no or little follow up needed
Health & Safety: Minor injuries to employees or third parties
Morale/Staffing: Pockets of staff morale problems and increased turnover
3Possible - Could occur
25 - 50%
Could occur in certain circumstances
May happen occasionally, e.g. Once in 10 years
Has happened elsewhere
Moderate Risk
Financial: Financial loss of between £100k & £500k
Service Quality: Drop in performance or delays to delivering a wide range of services
Reputation: Short term negative media exposure
Legal/Regulatory: Regulator/Ombudsman report with immediate correction to be implemented, or risk of prosecution
Health & Safety: Simple 'medical professional' type care for employees or third parties, e.g. GP visit, minor injuries unit visit
Morale/Staffing: General staff morale problems and increased turnover
4

Likely - Most likely will occur
50 - 80%
Will probably occur in many circumstances
Will probably happen, but not a persistent issue e.g. Once in 3 years
Has happened in the past

Major Risk
Financial: Financial loss of between £500k & £1Mill
Service Quality: Major drop in performance or inability to deliver discretionary services
Reputation: Sustained negative media coverage, or South West or 'affected industry' publication exposure
Legal/Regulatory: Regulator/Ombudsman report requiring major project to correct or prosecution with fines, etc.
Health & Safety: Limited hospital care required for employees or third parties
Morale/Staffing: Widespread morale problems and high turnover. Not perceived as employer of choice

5Almost certainly will occur
80 - 100%
Is expected to occur in most circumstances
Will undoubtedly happen, possibly frequently e.g. Annually or more frequently Imminent/near miss
Catastrophic
Financial: Financial loss of over £1Mill
Service Quality: Major drop in performance or inability to deliver mandatory services
Reputation: Long term negative media coverage, or national media exposure
Legal/Regulatory: Significant prosecution or fines, incarceration of directors
Health & Safety: Significant injuries or fatalities to employees or third parties
Morale/Staffing: Some senior leaders leave / high turnover of experienced staff, insufficient staff to complete statutory functions


The risk ratings for each part of the assessment are then combined to give an overall ranking for each risk. The ratings can be plotted onto the risk matrix (see below), which assists in determining the risk priority and the amount of attention it deserves.


15. Risk Ranking Table

A table measuring the relationship between the impact and severity of a risk and the likelihood of it occurring.

ColourScoreResponse
Red
(High risk)
20-25Must be managed down urgently
Amber
(Medium risk)
11-19Manage - Seek to influence short to medium term reduction or mitigation of risk
Yellow
(Medium low risk)
7-10Acceptable - Monitor and Manage in order to influence reduction in risk
Green
(Low risk)
2-6Acceptable - Continue to Monitor & Regrade as circumstances change
Close
(Minimal risk)
1Remove from register

16. Risk Appetite

Risk appetite is the amount of risk, on a broad level that the Council is willing to accept in pursuit of value. It is strategic and reflects the organisation's risk management philosophy, and in turn influences the organisation's culture and operating style. Risk appetite guides resource allocation and provides the infrastructure necessary to effectively respond to and monitor risks.

The Council aim to consider all options to respond to risk appropriately and make informed decisions that are most likely to result in successful delivery of benefits whilst also providing an acceptable level of value for money.

The acceptance of risk is subject to ensuring that all potential benefits and risks are fully understood and that appropriate measures to mitigate risk are established before decisions are made. The Council recognises that the appetite for risk will vary according to the activity undertaken and hence different appetites and tolerances to risk apply.

Specifically, the Council approach is to minimise exposure to compliance, regulation, safeguarding and reputation risk, whilst accepting and encouraging an increased degree of risk in other areas in pursuit of the Council's strategic and business objectives as illustrated in the diagram and statements below:

Risk score12 -6 7 -10 
FinancialAccept and CloseAccept but monitorManage and Monitor
Service Quality/OperationalAccept and CloseAcceptManagement effort worthwhile
ReputationAccept and CloseAcceptManage and monitor
Legal / Regulatory / Governance / SafeguardingAccept and CloseAccept but monitorManagement effort worthwhile
Health and SafetyAccept and CloseAccept but monitorManage and monitor
Morale and staffingAccept and CloseAcceptManagement effort worthwhile
Risk Score11-1920-25
FinancialManagement effort requiredConsiderable management essential
Service Quality/OperationalManagement maybe essentialExtensive management essential
ReputationManagement effort worthwhileExtensive management essential
Legal / Regulatory / Governance / SafeguardingManagement maybe essentialConsiderable management essential
Health and SafetyManagement effort worthwhileConsiderable management essential
Morale and staffingManagement maybe essentialExtensive management essential

 

Lower RiskAccept
 Accept but monitor
Manage and monitor
Management effort worthwhile
Management effort required
Considerable management required
Higher RiskExtensive management essential

 

Risk appetite scale definitions
Extensive management essentialEscalate to Strategic Risk Register - Monthly review at SLT level - formal review at Audit Committee / Overview & Scrutiny Panel level every 6 months.
Considerable management requiredConsider escalation to Strategic Risk Register - Monthly review at ELT level - formal review at SLT level every 6 months;
Project/Programme/Portfolio Risks - Monthly review at Project Board level and consider escalation to Strategic Risk Register.
Management effort requiredAdd to Operational Risk Register and review at least quarterly at Community of Practice / Group Manager level (consider escalation to Strategic Risk Register if risk cannot be mitigated at CoP level) - formal review at SLT level every 6 months.
Management effort worthwhileAdd to operational risk register and review quarterly at CoP level - formal review at SLT level every 6 months;
Project/Programme/Portfolio Risks - Monthly review at Project Board level and consider escalation to Operational Risk Register.
Manage and monitorAdd to operational risk register - formal review every 6 months.
Accept but monitorCan be managed locally within Team but consider adding to risk register if controls are likely to change;
Project/Programme/Portfolio Risks - Project/Programme Manager manage risk.
AcceptCan be managed locally within Teams.


Risk Classification & Appetite for Risk Statement

Financial - The Council acknowledges the responsibility it has for administration of public funds, and wishes to emphasise to both the public and its employees the importance it places upon probity, financial control and honest administration. Financial Regulations provide the framework for managing the Council's financial affairs and should be adhered to at all times. All schemes must be fully financed and approved by SLT. Finance should be consulted when planning any new project.

Operational/Service Quality - The Council accepts a moderate to high level of risk arising from the nature of the Council's business operations and service delivery to deliver an appropriate level of service at value for money, whilst minimising any negative reputational impact.

Reputation - It is regarded as essential that the Council preserves a high reputation and hence it has set a low appetite for risk in the conduct of any activities that puts its reputation in jeopardy through any adverse publicity.

Legal, Regulatory, Governance and Safeguarding - The Council recognises the need to place high importance on compliance, regulation and public protection and has no appetite for breaches in statute, regulation, professional standards, ethics, bribery or fraud.

Health & Safety - The Council has a continuing obligation to look after the health and wellbeing of its staff and the residents affected by its service delivery. The Council has little appetite for risk in making the council a safe place to work and to do business with.

Morale & Staffing - The Council recognises that staff are critical to achieving its objectives and therefore the support and development of staff is key to making the Council an inspiring place to work. It has moderate to high appetite for decisions that involve staffing or culture to support transformational change and ensure the Council is continually improving.

The Council's Risk Appetite statement will be continually monitored to ensure it supports the organisation's risk and opportunity management strategy. Risk appetite is an important tool for effective risk monitoring and provides the following benefits:

  • Forms an integral part of corporate governance
  • Guides the allocation of resources
  • Guides the infrastructure of an organisation, supporting its activities related to identifying, assessing, responding to and monitoring risks in pursuit of organisational objectives
  • Is multi-dimensional, including when applied to the pursuit of value in the short term and the longer term of the strategic planning cycle
  • Requires effective monitoring of the risk itself

17. Risk Response

There are four basic ways of treating risk, which are:

  1. Treat: Ensuring effectiveness of existing controls and implementing new controls where considered necessary and cost effective.
  2. Transfer: Involves another party bearing or sharing the risk i.e. via insurance
  3. Tolerate: Where it is not possible to treat or transfer. Consideration needs to be given to how the risk and consequences of such are to be managed should they occur.
  4. Terminate: Deciding where possible not to continue or proceed with the activity in view of the level of risks involved.

Opportunity Response

There are four basic ways of treating opportunity, which are:

  1. Enhance: Seek to increase the likelihood and/or the impact of the opportunity in order to maximise the benefit.
  2. Ignore: Minor opportunities can be ignored, by adopting a reactive approach without taking any explicit actions.
  3. Share: Find a partner/stakeholder to manage the opportunity, which can maximise the likelihood of it happening and increase the potential benefits
  4. Exploit: Find a way to make the opportunity definitely happen. Aggressive measures to ensure the benefits from the opportunity are realised.

18. Monitoring Arrangements for Key Risks

The reason for monitoring key risks is to create an early warning system for any movement in risk - key risks are defined as those which score 16 or above in accordance with the risk ranking table in section 15. High level red risks may be referred to the Overview & Scrutiny Panel subject to Audit Committee recommendation. Risks scoring below 16 are considered to be managed effectively and therefore within the Council's "risk tolerance". Any risk scored 1 can be removed from the risk register and archived.

Risk Registers are living documents and therefore must be regularly reviewed and amended. The Risk and Opportunity Management Strategy requires risks recorded on the Strategic Risk and Opportunity Register and service level Operational Risk and Opportunity Registers to be formally monitored every six months by the Head of Practice in consultation with group managers and the Statutory Officers Group.

Monitoring reports are presented for approval to the SLT and to the Audit Committee. Operational red risks may be referred to the Overview and Scrutiny Panel. The questions asked during monitoring are:

  • Is the risk still relevant?
  • Is there any movement in the risk score?
  • Are the controls still in place and operating effectively?
  • Has anything occurred which might change its impact and/or likelihood?
  • Have any significant control failures or weaknesses occurred since the last monitoring exercise?
  • If so, does this indicate whether the risk is increasing or decreasing?
  • If the risk is increasing do I need to devise more controls or think of other ways of mitigating the risk?
  • If the risk is decreasing can I relax some existing controls?
  • Are controls / actions built into appropriate documented action plans?
  • Are there any new or emerging risks?
  • Have any of the existing risks ceased to be an issue (and can therefore be archived?)
  • Have potential opportunities been considered and maximised?

19. Roles and Responsibilities

Elected Members

  • Approve the Council's Risk and Opportunity Management Strategy
  • Receive and approve monitoring reports on the Strategic Risk and Opportunity Register and an annual Risk and Opportunity Management report

Senior Leadership Team

  • Identify, evaluate, prioritise and control risks and opportunities facing the Council in achieving its objectives
  • Ensure the Council implements and manages risk effectively through the delivery of the Risk and Opportunity Management Strategy and consider risks affecting delivery of services
  • Ensure risk and opportunity management is considered by SLT on a quarterly basis
  • Provide assurance to Audit Committee regarding risk and opportunity management compliance
  • Be responsible for and monitor the Strategic Risk and Opportunity Register
  • Appoint to the Statutory Officers Group
  • Receive and approve risk and opportunity management status reports from the Statutory Officers Group
  • Approve and monitor the progress and effectiveness of the Risk and Opportunity Management Strategy and the Statutory Officers Group
  • Support the embedding of risk and opportunity management within the culture of the Council as an integral part of strategic/business planning, decision-making and performance management framework
  • Approve risk and opportunity management monitoring reports to Audit Committee

Lead Member for Risk and Opportunity Management

  1. The portfolio holder for Finance will act as Member risk champion
  2. Ensure that the Council manages risk effectively through the development of a robust and comprehensive Risk and Opportunity Management Strategy

Statutory Officers Group

  • Support the Council and its Head of Practices in the effective development, implementation and review of the Risk and Opportunity Management Strategy
  • Share experiences across the Council and partners, promoting, facilitating and overseeing the arrangements for managing and monitoring of risk
  • Provide training and guidance in Risk and Opportunity Management
  • Lead and direct the work of the Group

Head of Practice / ELT

  • Identify, evaluate, prioritise and control risks and opportunities facing the Council in achieving its objectives
  • Monitor, review and communicate information on operational and strategic risks within their CoP / area of control
  • Ensure risk and opportunity management is embedded within departmental business / operational plans
  • Review cross cutting operational issues
  • Report to Statutory Officers Group every six months
  • Include staff without direct responsibility for owning and managing risk in risk discussions to ensure teams identify potential risks associated with service delivery

Audit Committee

  • Provide independent assurance to the Council on the effectiveness of the Council's risk and opportunity management, internal control and overall assurance framework
  • Overview & Scrutiny Panel
  • Provide independent assurance to the Council on the effectiveness and appropriateness of Council actions towards mitigating / resolving / managing red risks. This may be at the request of the Audit Committee, officers or elected Members

All Staff / Officers

  • Assess and manage risks effectively in their job and report hazards / risks to their service managers
  • Undertake their job within contractual, policy and statutory guidelines
  • Consult with department risk champion as necessary

Devon Audit Partnership

  • Provide a risk based Audit Plan to monitor the effectiveness of Internal Controls and provide a trigger and action plan for management intervention
  • Audit the Risk and Opportunity Management Strategy and processes

Share this page

Share on Facebook Share on Twitter Share by email