Local authorities are facing increasing pressure to improve and keep on top of risk management. Liz Taylor explains why comprehensive performance assessments are helping drive improvements in the field
Increasing corporate governance, which places pressure on the public sector to address its risks or face the consequences, has led to risk management fast becoming a priority for public sector organisations.
For example, it is widely anticipated that a corporate killing bill will be passed by the beginning of 2005, with a draft bill due in June 2004.
At the same time, public sector organisations will be required to produce absolute statements of internal control, void of reservations that underline any potential risk management weaknesses.
The onus, therefore, is on public sector managers and members to ensure that all risks are accounted for and tackled. If they fail to do this, elected members and senior management could face harsh penalties in the future - ranging from massive fines to imprisonment.
Local authorities now have to address risk management as an integral part of their comprehensive performance assessments, which were brought in to complement best value performance indicators. They applied initially to London boroughs, unitary, metropolitan and county councils, but now districts and cities are incorporated, with fire authorities to follow in 2005. CPAs are a combination of self-assessment, peer review and external inspection, focusing on core functions. In the case of councils, those core functions might be education; social services; environment, including waste, transport and planning; housing; libraries and leisure; benefits; and resources.
The key lines of enquiry for a council's CPA are based on four questions: what is the council trying to achieve; how has the council set about delivering its priorities for improvement; what has the council achieved or not achieved to date; and what does the council plan to do next, in light of what it has learned?
Risk management is acknowledged as a core component of good performance and organisations are expected to assess the risks inherent in all they do and plan to do, as well as continuing to innovate safely. In other words, CPAs try to ensure that risk management is embedded into every element of an authority's operations. This holistic approach brings together a patchy past where lesser risks might have been over-managed and strategic risks ignored.
Public bodies can help themselves when it comes to proving that risk management has played an integral role in their CPA compliance. Organisations should be able to put forward a realistic vision and set of priorities for future development when figuring out what they are trying to achieve.
They should also be able to demonstrate the ongoing identification of future risks and priorities, and should have strong leadership in place.
In order to illustrate how they have set about achieving their goals, authorities need to show evidence they have the capacity and skills to implement action plans, which must involve a clear assessment of risk.
Finally, an overall risk management strategy must be apparent.
When outlining what has and has not been achieved, public bodies subject to CPAs need to show that improvements have developed in-line with priorities.
Authorities should also understand the reasons for their success or failure.
CPAs require evidence of sustainable service improvement, competence in managing risk during times of change, and innovative risk management strategies.
The final question regarding future plans can be addressed by showing a recognition of current problems. This must be followed up by evidence that there are action plans in place, along with robust review and monitoring arrangements.
Risk management is a fundamental part of meeting CPA requirements and acts as a foundation upon which all other improvements are built. Without it, CPA scores are less likely to improve. Insurers need to be aware of this when considering insurance premiums and range for public sector clients.
Those with better CPA scores have invariably placed a focus on risk management.
The overall improvement in CPA scores from years 2002/3 to 2003/4 is evidence that most authorities are paying attention to risk management at the strategic end. And local authority risk managers are responding favourably to the introduction of CPAs. One risk manager said: "We'd still just be counting fire buckets if it wasn't for the CPA, but now everyone is taking responsibility for their area of risk." Another said: "Now there's a lot of attention on what we need to do, and all the things I've been saying over the past decade are finally being listened to."
The government has set out its intentions to support councils that perform poorly in CPAs; however, is has also stated that "where necessary it will not shirk from taking decisive and tough action". Councils that persistently achieve poor CPA scores will miss out on the flexibilities and freedoms that are offered to those achieving high scores. They will also suffer in terms of efficiency, reputation, innovation and customer satisfaction, leaning towards fire-fighting and a blame culture when unmanaged risks cause problems. And, of course, they may also be subject to higher insurance premiums if they do not get their risks in check.
- Home insurance insurtech Buzzvault launches
- Roundtable: Is a single customer view taking off in insurance?
- Ed unveils CEO Hearn’s replacement and plots Bermuda office
- Stackhouse Poland makes fourth acquisition of the year
- Hyperion hires CFO to replace Oliver Corbett
- CBL Corporation expected to be placed in liquidation, sees further delays to watershed meeting
- Aviva promises to 'reinvent' insurance and end dual pricing