Management of Risk Policy
Resources Directorate
STOKE ON TRENT CITY COUNCIL
MANAGEMENT OF RISK POLICY
Chrissie Johnstone
Team Manager Risk & Insurance
Resources Directorate
2015
1
Management of Risk Policy
Resources Directorate
This page has been left deliberately blank
2
Management of Risk Policy
Resources Directorate
1. Introduction
This Management of Risk Policy forms part of Stoke-on-Trent City Council’s internal
control and corporate governance arrangements.
It confirms the council’s commitment to Risk Management and outlines the strategy
that the council has adopted to ensure that its risk exposures are managed
effectively.
Risks cannot always be avoided and sometimes they have to be embraced in order
to achieve progress. However, by anticipating risks and having suitable measures in
place to deal with them the council will be better placed to:

Make informed decisions

Support the successful delivery of the Council’s priorities

Deliver efficient and effective services
2. Scope of Management of Risk Policy
This policy applies to all directorates and to all areas of operation including all service
provision , initiatives , projects and developments
It requires that all Council Managers and Councillors address the issue of associated
risk whilst making any and all policy decisions.
A separate Policy applies in respect of the City Council’s Health & Safety
arrangements.
3. Definition of Risk and Risk Management
Within the context of the Management of Risk Policy:

Risk is defined as “an uncertain event or series of events that could impact, either
positively or negatively, on our opportunities or on our ability to deliver our
objectives”

Risk Management is defined as “the culture, processes and structures that are
directed towards identifying, evaluating and responding to risks”
4. Policy Statement
Stoke-on-Trent City Council recognises that Risk Management assists achievement
of the Council’s objectives.
The City Council is committed to identifying and responding to the risks which could
impact on its strategic aims, business plans and operations. By managing these
risks it will assist members and officers to deliver the Council’s priorities.
To ensure delivery of this commitment the Executive and Corporate Directors’ Board
have agreed that the City Council’s Management of Risk Policy should be applied
across all council activities and embedded within the processes which support
council decisions, policies, procedures and partnership arrangements. In this way
the management of risk will become established within the culture of the City Council
and underpin the success of all its activities.
3
Management of Risk Policy
Resources Directorate
5. Policy Objectives

Embed effective Risk Management within the culture of the Authority

Manage and report risk in a consistent and controlled manner across the council

Document the roles and responsibilities of those persons tasked with
implementing the policy.
6. Risk Management Strategy
This Risk Management Strategy sets out the arrangements for ensuring that the
policy objectives are achieved. It has been written with reference to Risk
Management Standard ISO 31000.
The strategy comprises the following three components:

An established process for collating and recording risk information
Risk Information must be recorded on the approved risk register template using a
prescribed process that supports the capture of relevant risk information. This
standard approach facilitates the summarising of risk information and the
production of summary risk reports that can keep the Corporate Directors’ Board
and Cabinet informed of the council’s overall risk profile.
The maintenance of risk registers is pivotal to the delivery of the Risk
Management Policy.
The guidance document sets out the process to be adopted and the template to
be used. This guidance will be updated as required to ensure that the adopted
process reflects best practice.

A framework for the reporting and escalation of risks
A risk reporting framework facilitates the reporting and escalation of risk
information .The framework is detailed in Appendix A.

Prescribed roles and responsibilities for those tasked with deploying the
policy and ensuring its application
The effective deployment of the policy is partly dependent on ensuring the clear
identification of roles and responsibilities; these are outlined within Appendix B.
7. Opportunity Risk
There are many definitions of risk. The definition that the council has adopted makes
reference to “an uncertain event that could impact either positively or negatively”. By
choosing this definition the council recognises the upside of risk and includes in its
policy the requirement to anticipate and prepare for opportunities that can bring
benefit and add value.
4
Management of Risk Policy
Resources Directorate
8. Risk Appetite
Risk Appetite is the amount of risk that an organisation is prepared to accept in
pursuit of its objectives.
In an organisation, such as a local authority, where service delivery is diverse and
risks take many forms, risk appetite will vary according to the specific circumstances
being assessed. It is therefore impractical to be too prescriptive in relation to a level
of risk appetite that could be adopted across the whole of the council.
However, risk appetite is important and there are controls in the Risk Management
Strategy that will ensure that decision makers can make informed judgments as to
the levels of risk that is being accepted. These include:
1) All reports recommending decisions should include appropriate consideration of
risk
2) High or significant risks will be escalated to management
3) Summary risk profiles give management the opportunity to review risks across
their divisions and directorates and assess whether action needs to be taken in
relation to an accumulation of risk.
9. Implementation
The Section 151 Officer will ensure that appropriate levels of support, guidance and
training are provided to assist in the implementation of the Management of Risk
Policy. Guidance documents will support those delivering the strategy and provide
direction in respect of significant or emerging risk issues.
10. Policy Approval and Review
In accordance with the City Council’s constitution, and financial regulations, the
Section 151 Officer shall, on behalf of the Chief Executive, determine the council’s
Management of Risk Policy and submit it to the Audit Committee for consideration
and subsequently to the Cabinet for approval.
The policy shall be subject to periodic review and submitted for approval as outlined
above.
11. Benchmarking
It is important to gauge the effectiveness of any policy and to ensure that it follows
best practice within the sector. The City Council is a member of the ALARM and
CIPFA, Risk Management Bench Marking Club.
Appendices:
Appendix A
Appendix B
The Risk Reporting Framework
Roles and Responsibilities
5
Management of Risk Policy
Resources Directorate
Appendix A
The Risk Reporting Framework
This framework sets out how risk information should be reported and escalated.

Each Strategic Manager must maintain a register of the risks that might impact on
their own area of responsibility. These risks might be business, operational,
project or partnership risks. Managers should use their risk register as a tool to
support them in monitoring their Risk Control measures and in communicating
risk information to their line managers.

Each Assistant Director will be responsible for reviewing and approving the Risk
Registers for their division and in addition will supplement these registers with the
risks that pertain to their own overriding business objectives.

High risks should be escalated to the Departmental Management Team for
discussion.

Each Director must ensure that they are aware of their directorates risk profile
and that their Assistant Directors and their Strategic Managers are managing
their risks appropriately.

Where appropriate Directors should add to their Directorate’s Risk Registers.

Directors and Assistant Directors must ensure that reference to the management
of associated risks is embedded within all agenda discussions and that where
appropriate risk registers are updated to reflect these discussions

Each Director will decide which of his directorate’s risks should be escalated to
the Corporate Directors’ Board for discussion.

The Corporate Directors’ Board will maintain the Council’s Strategic Risk
Register. This register will record risks that could affect the Council’s ability to
deliver its strategic aims and which might have a significant impact on the
Council’s ability to deliver its statutory responsibilities.

Risk Registers will be a regularly recurring item on Departmental and Corporate
Directors Board meeting agendas.

All reports to Cabinet (or other decision-making body), and all initiation
documents for major projects must include a suitable and sufficient risk register,
and during the consultation process discussion should include reference to that
register. Used in this way Risk Registers can provide assurance, inform decision
making, and support transparency.
6
Management of Risk Policy
Resources Directorate
Appendix B
Roles, Responsibilities and Resources
The table below outlines the roles of key individuals and groups and their respective
responsibilities for this policy and its deployment. It is expected that all those listed
will acquire an appropriate working knowledge of the Management of Risk through
attending appropriate training.
Position
The Cabinet
Role / Responsibility

Approve the City Council’s Management
of Risk Policy
Ensure that all reports to Cabinet for
decisions on policy, strategy and major
projects and initiatives include a suitably
comprehensive risk register

Chief Executive

Ultimately accountable for the council’s
overall exposure to risk
Section 151 Officer

Senior Lead Officer responsible for the
implementation of the council’s
Management of Risk Policy.
Cabinet Members

Periodically review the risk registers
relevant to their portfolios and liaise with
the relevant council officers to ensure
that risks are managed appropriately
Corporate Directors’ Board

Consider proposed revisions to the
council’s Management of Risk Policy and
processes.
Maintain the Council’s Strategic Risk
Register

Audit Committee

Consider the effectiveness of the
Authority’s risk management
arrangements.
Review revisions to the Management of
Risk Policy prior to submission to the
Cabinet for approval.

Audit Committee Chair

Senior Lead Member for promoting,
deploying and embedding management
of risk policy and procedures.
Ensuring that the Audit Committee fulfills
its responsibilities in assessing the
effectiveness of the council’s
management of risk arrangements.

7
Management of Risk Policy
Resources Directorate
Appendix B cont.
Position
Team Manager Risk & Insurance
Role / Responsibility

Managing the ongoing development,
deployment and embedding of the
Management of Risk Policy.
Providing summary risk reports as
required.

Internal Audit

Reviewing, reporting and advising on the
effectiveness of the council’s
management of risk arrangements within
the council and across its partnership
activity.
Cabinet Member for Finance,
Procurement and Commissioning

In matters of the Management of Risk
Policy approval, undertake a coordinating role between Cabinet,
Overview & Scrutiny, and other partners.
Members

Ensuring that the reports they receive to
support strategic policy decisions and
initiation documents for all major projects
and initiatives include a ‘fit for purpose’
risk assessment.
Directors

.Provide support and resources to the
Section 151 Officer to promote, deploy
and embed management of risk at all
levels of their directorates
Ensure that their directorates risk
registers are maintained in line with the
Management of Risk Policy
requirements
Ensure that all reports submitted on their
behalf, including any reports to Cabinet
or any committee, include a risk
assessment

Assistant Directors

Responsible for maintaining and
approving divisional risk registers.
Strategic Managers

Responsible for maintaining a register of
the risks that might impact on their own
area of responsibility
Responsible for ensuring that there is a
recognition of the risks associated with
partnership
arrangements
including
outsourcing and that these engagements
are supported by suitable Risk
Management Controls which are detailed
within associated Risk Registers.

8