Meeting to be held on 29 November 2022
Risk Management
(Appendix 1 refers)
Contact for further information:
Keith Mattinson – Director of Corporate Services– telephone 01772 866804.
Executive Summary
The report highlights actions taken in respect of corporate risk since these were last reported to the Audit Committee.
Decision Required
The Committee is asked to note the actions taken and endorse the revised corporate risk register.
|
Information
The latest review of the corporate risk register has identified one new risk which warrants consideration for inclusion on the corporate risk register: -
The Cyber Security
The Cyber Security threat landscape has changed significantly, which has been witnessed globally, regionally and across multiple emergency services and local authorities.
Best practice standards set by the National Cyber Security Centre (NCSC) have adapted according to the change in the threat landscape, which means it's far more challenging to remain compliant.
Government organisations are routinely and relentlessly targeted: of the 777 incidents managed by the National Cyber Security Centre between September 2020 and August 2021, around 40% were aimed at the public sector. This upward trend shows no signs of abating.
We have achieved the Cyber Essentials Plus certification, which must be refreshed every 12 months. The next re certification involves the prompt replacement of aging hardware/software as well as bringing in scope remote working, Wi-Fi security as well as several other areas which have previously been out of scope. The e-mail systems have been fully refreshed and we are going to be migrating all mailboxes to 365 for even better security and feature enhancements.
A Cyber Security Strategy and subsequent options papers has been agreed, identifying areas requiring investment, such as next generation Firewalls. We have been aligning with the National Cyber Security Centre best practice security framework and will continue to do so as that develops.
This is classed as high-risk due to the scale of attack and the potential impact of such attacks.
Existing Risks
Of the existing risks 13 have been reviewed, and an updated corporate risk register is attached as appendix 1, with changes summarised below: -
|
|
Update since last meeting |
Proposed Risk Score |
|
1 |
Insufficient resources due to poor funding settlement, inability to make required savings, additional financial pressures such as Retained Duty System (RDS) pensions etc., plus council tax limits via local referendum resulting in Authority being unable to set a balanced budget. |
No change, not due to report until 31/3/23 |
12 |
Medium |
2 |
Premises Risk Information: That operational staff do not have available adequate and reliable premises information to efficiently resolve operational incidents: Risk information is provided to operational staff based on premises information and premises risk are identified on a continuous basis although this is not consistent throughout the Service. |
No change, not due to report until 31/3/23 |
9 |
Medium |
3 |
Insufficient staffing resources, due to Industrial Action, to deal with operational demand and fulfil statutory responsibilities. |
Continue to monitor the position regarding national pay award. Continue to hold IMT meetings to review situation and on-going plans to minimise the risk. Identify number and location of potential appliances. Develop internal and external communication plans. |
Increase to 20 |
High |
4 |
Lack of availability of water supplies for fire fighting prevents effective fire fighting resulting in additional damage to property and increased risk to life. |
Previously discharged |
|
|
5 |
The increasing age profile of operational staff could adversely affect our ability to deliver effective emergency response. |
Previously discharged |
|
|
6 |
Operational staff do not have the required skills to operate safely at an incident with the potential to result in fire fighter injuries or fatalities. |
Monitor effectiveness of Operational Assurance Performance Report in disseminating information. Additionally, Operational Assurance Officers are mobilised to provide additional assurance at incidents that meet specific criteria, broadly when the risk to fire fighters is increased. For example, this includes operational discretion and critical incidents. Training and Operational Review (TOR) continue to work closely with Service Delivery to ensure attendance on Safety Critical mandatory training, monthly performance reports are sent to HoSD. TOR trainers are skill graded to ensure they operate consistently in terms of identifying training needs. |
Remains at 9 |
Medium |
7 |
Failure of key ICT systems resulting in disruption to services. |
Resilience, backup and recovery measures all constantly evolving to respond to changing threat and vulnerability profiles. Asset replacement policy in place, regularly reviewed. Upgraded firewalls in place to provide perimeter defence, with enhanced email gateway, anti-virus, device control (USB) and removeable hard disk drive encryption measures also rolled out. Windows 10 & Office 365 now rolled out. Patch and update policy in operation to ensure servers and workstations are up to date with latest security developments. Aggressive vulnerability scanning and remediation procedures now in place, regular security reviews and threat intelligence awareness with partner agencies and NCSC feeds. Modern Wide Area Network (WAN) to all administrative and operations sites now in play. Storage Area Network (SAN) data, infrastructure and all essential servers replicated to the disaster recovery site at Service Training Centre (STC). Resilient link from STC to County Hall in order to maintain LCC/One Connect Limited (OCL) supplied services in the event of a failure at Service Head Quarters (SHQ) or the link to County, improved resilience in mobilising infrastructure at North West Fire Control (NWFC). |
Remains at 9 |
Medium |
8 |
Loss of corporate reputation through negative publicity. |
No change, not due to report until 31/3/23 |
9 |
Medium |
9 |
Retention and recruitment of RDS staff impacts on RDS appliance availability. |
No change, not due to report until 31/3/23 |
9 |
Medium |
10 |
Lack of workforce planning resulting in significant over/under provision of staff and resulting impact on service and finances. |
Previously discharged |
|
Medium |
11 |
Lack of compliance with legislation resulting in prosecution or compliance order. |
Previously discharged |
|
|
12 |
Ineffective Health and Safety in the workplace, resulting in prosecution, intervention fees etc. |
No change, not due to report until 31/3/23 |
9 |
Medium |
13 |
Lack of effective Information management impacting on service delivery and support or leading to a breach of data protection/freedom of information or a loss of sensitive/personal information. |
No change, not due to report until 31/3/23 |
9 |
Medium |
14 |
Delayed mobilisation, impacting on service delivery. |
Dynamic Coverage Software (DCS) procurement agreed and will be brought into Service over the next 4-6 months, at first as a stand alone in LFRS and then to plug into NWFC. This will enable appliances to be redeployed based on risk and other incident activity ensuring we have the right fire cover in place at the right time. |
Remains at 9 |
Medium |
15 |
High levels of staff absence due to outbreak of ebola. |
Previously discharged |
|
|
16 |
Lack of clarity on future of FRS, leading to inertia. |
Previously discharged |
|
|
17 |
Failure of Emergency Service Mobile Communication Programme (ESMCP) to deliver a viable communication facility. |
Technical lead colleagues in LFRS and NWFC continue to work closely with the National Fire Chief’s Council (NFCC) team to ensure that our NWFC mobilising system and internal supporting aspects such as station end equipment and vehicle mounted data terminals remain fit for purpose through and beyond ESMCP transition. Work is ongoing at both a service and regional level in order to prepare for transition to ESMCP. This is focussed upon coverage, transition planning, device support requirements and integration with existing systems such as MDT. LFRS is managing the project with a dedicated Project Manager through Home Office allocated funding and key staff members such as Head of ICT are aligned to relevant work packages. Work to evaluate transition planning remains ongoing and includes aspects such as dual device (Airwave and ESMCP) fitting within fire engines, device convergence opportunities, coverage testing and early trials and pilot of the voice product. |
Remains at 9 |
Medium |
18 |
Inability to maintain service provision in spate conditions. |
Previously discharged |
|
|
19 |
Failure to maximise the opportunities that technological advances present due to a lack of capacity within the ICT department, and an inability of staff to keep pace with new developments that are implemented. |
Digital Transformation team now in place to address horizon scanning and new tech introduction. Digital Strategy now published to provide a roadmap for technical enabling of key organisational strategies. A number of new products and data introduced using digital by default, cloud first technology with several more now agreed and in pipeline / flight. Refreshed ICT strategy being drafted. Apprentice onboarding process developed and agreed, to ensure that key skills are maintained. |
Remains at 9 |
Medium |
20 |
Loss of support for Vector Incident Command product with the product name Command Support System (CSS) leading to ineffective command function at large incidents. |
No change, not due to report until 31/3/23 |
9 |
Medium |
21 |
Risk of rapid external fire spread in high rise premise resulting in a major incident
|
Following the introduction of a dedicated AM Prevention and Protection along with GM for Protection the Protection function has undergone a second stage of transformation which saw the introduction of Built Environment and Ops Liaison Officers (centrally managed) to implement the requirements of the Building Safety Regulator, manage premises in Interim Measures and oversee the life span of high rise, high risk premises. The legislation introduced following the initial Building Risk Review work has now come in to force with training provided to all Inspecting Officers and Operational crews. The Built Environment and Ops Liaison Team (BEOLT) continue to work with Responsible Persons to understand their external wall systems and their prioritisation of replacement in line with the NFCC Fire Risk Assessment Prioritisation Tool for wall systems. The risk of external wall systems contributing to significant fire spread remains and will do so for some time to come due to unprecedented demand on competent professionals to undertake wall surveys, the need to raise significant funds and the availability of products.
|
Remains at 10 |
Medium |
22 |
Failure to maximise collaborative opportunities presented by Policing and Crime Act 2017.
|
No change, not due to report until 31/3/23 |
9 |
Medium |
23 |
Lack of leadership capacity impacting on delivery of services. |
The Service continues to offer leadership development to supervisory and middle managers. The identification of talented individuals and the creation of a development pathway is currently ongoing at a local level to ensure that there are suitably qualified competent staff to fill future leadership positions. A revised grading structure has been implemented for Green Book employees which should aid recruitment and retention. |
Remains at 9 |
Medium |
24 |
Insufficient preparation for inspection programme leading to opportunities being lost in terms of national learning and Lancashire’s ability to effectively communicate its progress and awareness. |
Previously discharged |
|
|
25 |
The outcome of the EU court ruling on the Matzak case relating to on-call arrangements in Belgium has a detrimental impact on service provision and/or cost. |
Previously discharged |
|
|
26 |
Increase in costs of and/or lack of availability of goods and services, following Brexit. |
We are still continuing to see extended lead times on the majority of items, as an example LGV fleet vehicle lead times for chassis deliveries are currently 12-18 months. Costs continue to increase reflecting inflation, with many items increasing at a much higher rate, energy being the most significant of these, where costs have more than doubled. |
Increases to 16 |
Medium |
27 |
Increase in costs and administration associated with changes to pensions. |
We have completed the necessary actions for backdating the payment of increased benefits and measures are in place to collect amended contributions. As a result of guidance from the Home Office, the National Scheme Advisory Board and the LGA that the proposed Immediate Detriment remedy was not confirmed and carried financial risk to both the Fire Authority and individuals concerned, the Service has paused its actions awaiting both clarification and/or a new ID framework before proceeding. It is possible that the issue cannot be resolves until the Governments formal proposal for resolution is enacted in October 2023. We have set up our own Pension Team to support these exercises who are progressing the various strands, but the extent of the changes and complications are extremely resource intensive. We are liaising with our Pension Provider on costs and timescales for undertaking the work. We are liaising with Govt via LGA about meeting the costs of the administrative burden (some funding has been made available for this) and the additional net pension costs. |
Remains at 16 |
High |
28 |
Discontinued or long-term malfunction in the KPI management software product (CORVU). |
No change, not due to report until 31/3/23 |
6 |
Low |
29 |
High levels of staff absence due to pandemic.
|
No change, not due to report until 31/3/23 |
25 |
High |
30 |
Changes to Emergency Response Driver Training leading to a reduction in trained appliance drivers and hence impacting pump availability. |
No change, not due to report until 31/3/23 |
12 |
Medium |
31 |
Increase in costs associated with major Property projects due to changes in Building Regulations. |
No change, not due to report until 31/7/23 |
12 |
Medium |
32 |
Increase in energy costs. |
No change, not due to report until 31/3/23 |
10 |
Medium |
33 |
Removal of DCP/Outcome of Emergency Cover Review (ECR). |
No change, not due to report until 31/3/23 |
15 |
High |
34 |
Future of NWFC |
The Deputy Mayor of Greater Manchester had written to the Chairs of other constituent Fire Authorities (Cumbria, Cheshire and Lancashire) advising of their intent to review existing arrangements at NWFC. The outcome of this will not be known for some time, but clearly this may have a longer-term impact on the future of NWFC and therefore how the Authority discharges the function. |
12 |
Medium |
35 |
Outcome of the White Paper impacting on Governance arrangements. |
The Government was consulting on its proposals to reform the fire sector in England which included the potential to transfer fire functions to a single elected individual. Once the outcome was known it may impact on governance and therefore needed to be on the risk register for awareness. |
9 |
Medium |
36 |
Increase in pay costs |
Pay awards were separately set nationally for green and grey book staff and a 2% award had been estimated in the budget. A pay offer of 5% has been made by the employers in respect of grey book pay. The FBU has recommended that their members reject this offer, and at the time of writing we were awaiting the outcome of this. A pay offer of £1925 per FTE had been made by the employer in respect of green book pay. Unison had accepted the offer however at the time of writing Unite and GMB were awaiting the outcome of their consultations. Both these offers significantly exceed the budget provision and would therefore lead to significant cost pressures in the current and future years budgets. |
16 |
High |
Financial Implications
None
Human Resource Implications
None
Equality and Diversity Implications
None
Environmental Impact
None
Business Risk Implications
The improvement in risk management arrangements should result in reduced business risk
Local Government (Access to Information) Act 1985
List of background papers
Paper:
Date:
Contact:
Reason for inclusion in Part 2 if appropriate: N/A