Lancashire Combined Fire Authority

Audit Committee

Meeting to be held on 27 March 2024

 

Risk Management Framework Update

Appendix 1 – Risk Management Policy

Appendix 2 – Risk Management Procedure

Appendix 3 – Corporate Risk Register

 

Contact for further information – Esma Alicehajic, Senior Business Continuity and Emergency Planning Officer

Tel: 01772 866 6874

 

Executive Summary

Improvements to Lancashire Fire and Rescue Service’s (LFRS) organisational risk management were identified to bolster its robustness. A proposal was presented to the Corporate Programme Board (CPB) in August 2023, outlining a new LFRS risk management policy and procedure aligned with ISO 31000:2018 standards, which introduced a tiered approach to organisational risk and enhanced monitoring and management, as well as the adoption of a new corporate risk register, in line with the National Fire Chiefs Council (NFCC) template. Upon adoption, effective risk management practices are now integrated into quarterly CPB meeting agendas, provide strategic oversight, ensure legislative compliance, optimise resource allocation, and facilitate risk reporting to the Combined Fire Authority.

 

Recommendation(s)

The Committee is asked to:

-       approve the new risk management policy, procedure, and the associated organisational risk register layout.

-       endorse the up-to-date Corporate Risk Register and its content.

 

 

Information

 

The Audit Committee is a cornerstone of the Authority’s governance framework, tasked with providing independent assurance to governance stakeholders regarding the adequacy of LFRS's risk management framework, annual governance processes, and internal control environment. Its primary function includes evaluating the effectiveness of the Authority’s risk management arrangements. Accordingly, this paper outlines recent enhancements to the LFRS risk management framework for your consideration.

 

The Civil Contingencies Act (CCA 2004) sets out the legal framework for contingency arrangements to assess, plan and advise against LFRS organisational risks, be it departmental or corporate, however, there is no prescriptive way within the framework of doing this. Therefore, the Service has the freedom to manage risk using a method that ensures a clear governance structure that best meets the needs of the business. 

 

This moral and statutory duty not only requires LFRS to take all reasonable actions to safeguard its employees, assets, and the public, but also to ensure that it is not financially or operationally disrupted. It can meet this duty by ensuring that risk management plays an integral part in the governance of the Service at a strategic, tactical, and operational level.

 

A comprehensive review of the corporate risk profile revealed adherence to fundamental aspects of risk management at LFRS. However, to ensure compliance with legislative requirements and bolster the robustness of the risk management framework, several proposed changes were identified.

 

In parallel, the NFCC’s Business Continuity group broadened its scope to include risk within its Terms of Reference (ToR) and developed a corporate risk register template to be used across the fire sector.

 

A proposal was presented to the Corporate Programme Board in August 2023, outlining a new risk management policy (Appendix 1), procedure (Appendix 2), and alignment of the LFRS Corporate Risk Register with the NFCC template. This policy and procedure aligned with ISO 31000:2018, to ensure an accurate description and appropriate monitoring and management of LFRS risks. Additionally, a tiered approach to risk was introduced, allowing for escalation or de-escalation as needed.

 

Effective risk management practices aligned with ISO 31000:2018 yield numerous benefits for LFRS, including proactive risk mitigation, enhanced decision-making, clear accountability, and improved financial control.

 

By integrating risk management into quarterly CPB meetings as a standing agenda item, LFRS aims to provide strategic oversight of the risk management process. Overall, these measures enable LFRS to fulfil its legislative duties and optimise resource allocation while providing a structured mechanism for reporting on risk to the Audit Committee.

 

A recent external audit, conducted by Grant Thornton, assessed the changes introduced to the LFRS organisational risk management framework and concluded that significant progress had been achieved.

 

Since its establishment, the new Corporate Risk Register has undergone quarterly review and updates by all pertinent risk managers and owners. It is included as Appendix 3 for your review.

 

In conclusion, recent enhancements to the LFRS risk management framework, outlined in this paper, aim to ensure compliance with legislative requirements, bolster the robustness of risk management practices, and provide a structured mechanism for reporting to the Audit Committee, further optimising resource allocation and strategic oversight.

 

Business risk

The business risk to LFRS of not implementing an efficient and effective risk management system can be catastrophic in terms of financial impacts, service provision, health and safety, service objectives, KPIs, reputation and for government relationships.

 

Sustainability or Environmental Impact

There are no identified impacts on sustainability or the environment.

 

Equality and Diversity Implications

There are no identified implications on equality and diversity.

 

Data Protection (GDPR)

Will the proposal(s) involve the processing of personal data?  N

If the answer is yes, please contact a member of the Democratic Services Team to assist with the appropriate exemption clause for confidential consideration under part 2 of the agenda.

 

HR implications

The long-term outcome of this proposal is that risks will be managed more efficiently therefore having a positive impact on mangers time in dealing with risk impacts. 

 

Financial implications

The long-term implications of this proposal will allow LFRS to make evidence-based decisions and consider the cost benefit of risk versus the acceptance of the risk impacts.

 

Legal implications

Failure to establish robust mechanisms for identifying and managing organisational risks within LFRS could lead to non-compliance with the Civil Contingencies Act (CCA) 2004.

 

Local Government (Access to Information) Act 1985

List of background papers

Paper:

Date:

Contact:

 

Reason for inclusion in Part 2 if appropriate: Insert Exemption Clause