-RISK TREATMENT ACTION PLAN

HIGH PRIORITY

S3

Risk of Members not adhering to agreed Planning Policies

High

Development Control Members have had some training

Refresher training – monitoring of member implementation and interpretation

Andrew Ashcroft

June 2003

05

Adequacy of Internal Audit Team

High

Bid for £25k plus existing post made fulltime from existing budgets (£10k)

Changes to structure of the team – inc appointment of Chief Internal Auditor.  Increase of 0.4fte plus bid for whole fte in current budget round

None if bid successful

JP/PW/RS

March 03

O8

High dependence on ICT systems/loss of server enclosure

High

See 09

See 09

Directors/JP/DP

Linked decision

09

Lack of ICT Continuity Planning

High

Public Sector equivalent of bankruptcy

Consultants engaged on two/three year project to work with Council on Corporate Business Continuity (Stage 1 Nov 02 to Feb 03)

Priority to either accept risk to server farm or fast track procurement of ‘box within a box’ with a single preferred supplier

Recognition of organisation wide problem

JP/DP also

Directors

As soon as it can be fitted into an affordable programme

O10

Adequacy and Efficiency of ICT function

High – link to 09

Significant

Ten year investment plan drafted

Members/Directors/HOS to understand egovt agenda/clear statement of requirements and prioities

Proper resourcing of ICT on long term basis

Strategic partnering geared around key priorities

JP/DP

ASAP

As appropriate

011

Adequacy of ICT Systems Security

High

Average estimate per incident $108K (Computer Weekly 3/10/02)

Substantial practical efforts such as anti-virus, firewalls, monitoring

Options;

Live with risk

Appoint extra staff to formal BS7799 accreditation

JP/DP

Review February 03

012

Inadequate Telephone Exchange enclosure

High – link with 09

Not known – significant corporate disruption

Blinds added to windows to reduce risk of vandalism

Options:

Live with risk

Move to server farm if box in box project goes ahead

Initiate major project to review telephony across Council with aim to move to a managed service

JP/DP

Link to 09

O13

Lack of Key Document Management Policy

High

Some work on records to meet statutory requirements

Appointment of skilled information manager with support resources to drive agenda

Investment in relevant technologies

MF/JL

June 03

O14

Lack of Project Delivery Skills – risk of Government Take-back

High

ICT and Property Services have formal mngt methodologies

ICT have training supplier and have arranged for evaluation for end of October

Decision on Corporate approach

Mandatory requirement to use methodology properly

Roll out training programme

Aim for say 20 people formally accredited as PRINCE practitioners

MF/DP

June 03

O15

Adequacy of Health and Safety Implementation

High – link to 016

Decision made to take Health & Safety Advisory Service back in-house wef 1.4.03

Consideration to be given to where day to day responsibility should lie.

MF/MB

1 April 2003

016

Inadequate Corporate Health and Safety Policy Document

High – link with 015 and H36

Identified need for revised policy statement with effect from 1/11/02

Revised document will be printed shortly and distributed

MF/MB

November 2002

O17

Lack of/inadequate succession planning in key Directorates

High -Link with 019

019

Stress related sickness/absence risks

High

Attendance Stress policies  issued  April 2002. Review of policies undertaken.

Awareness training  for current and new managers to be drawn up.  Managers asked to undertake a Stress Audit – results by end of Dec 02

MF/MB

December 02 and review  date to be set

O20

Adequacy of Personnel function

High

Best Value review undertaken. Centrally based = economy of scale.

Identified greater investment in the strategic side of the business to ensure real added value

Consideration of ‘Action Taken’ as part of Best Value review currently subject to external challenge

MF/MB

April 03

O21

Risk resulting from poor staff morale

High - link to 019

Staff attitude survey required to establish baseline for moral/motivation.  Introduction of HR/People Strategy with clear guidelines and standards.

MF/MB

Both by 1 April 2003

H32

Ineffective Lone Worker Policy and mechanism

High

Identified that policy not applied consistently

Reminder of H & S responsibilities to be sent out/cascaded down. Note to be made that non-compliance is a disciplinary offence

MF/MB

H35

Inadequate Security Procedures at principal IOWC buildings

High

Card access system to many but not all principal buildings

Upgrade system and cover all buildings

All Directors

H36

Cost of Injury/Fatality to IOWC Staff

High – link to 016

H & S Training 

MF/MB

April 03

H38

Lack of formal Business Continuity Planning for loss of principal IOWC Buildings

High – link with 08 and 09

Consultants fee for project £56,000 (from Risk Bid Fund)

Part time post approx £10,000 pa

Appointed Marsh Risk Consulting to work with Authority over 21/2 year period

Mike Jolliff identified as co-ordinator.  Part time support post required to assist for time of project

JP?RH/MJ

Stage 1 Nov 02– Jan 03

MEDIUM PRIORITY

S1

Perceived lack of clear Corporate Leadership

Medium

Review 06/03

S2

Perceived lack of meaningful Strategic Planning

Medium

S4

Lack of direction and proactive action by Risk Management Group

Medium

Membership reviewed in 2002/Risk Champion appointed. Risk Bid Funds available

New Risk Group membership wef Jan 03. New Risk Management Strategy and Policy.  Training of new Risk Group then cascade through managers.  RM into Service Planning and onto Executive decision making.

Directors/JP/CMS/JL

Start Jan 03

First training to take place Feb – Apr 2003.

Progress through 2003

O6

Lack of functional Audit Committee

Medium

None but resource in terms of officer/member time

Resources Select Ctte has resolved to establish an audit panel and draft terms of ref have been proposed. First meeting expected Dec 02

Monitor to ensure carries out role

DG to discuss which DA reports to go forward to members

JP/RS/AD

Directors

Dec 02

O7

Lack of adequate Wight Bus Driver assessments/spot checks

O23

Lack of preventive maintenance in Leisure Centres

O24

Industrial Action risk by IOWC employees – risk of failure of Service Provision

F25

Risk of Internal Fraud within IOWC

Change to Medium?

Fraud on the increase

Slight increase to Internal Audit resources

Press for increase as in 05

Audit Ctte to ensure performance monitor role

PW/RS

April 03

F26

Inadequate Highways maintenance budget

F29

Loss of Area Cost Adjustment

Change to Medium

Potentially catastrophic

Done to date

Further action needed in the future

JP

F30

Adequacy of Employee Pension Funds ongoing

Medium

Potential higher contribution rates

Fund valued every 3 years

Regular review

JP and successor

Done but review annually?

H37

Cost of Injury/Fatality to Child in Care

Query change to Medium - Discuss

H41

Risk from a poor standard of IOWC Playgrounds

LOW PRIORITY

O18

Inadequate/Weak Contract Management

O22

Recruitment and Retention risk for Retained Officers in Fire and Rescue

F27

Single Pot Budget allocations in 2003

F28

High Pre-signed Cheque Counter-signature threshold

Not accepted as a risk on the basis of research with other authorities

Need to assess other measures which could be more effective than this control

Research into what other do

PW/RS

Jan 03

F31

Risk of litigation against Fire and Rescue – failure to Duty of Care

H33

Major Coastal Erosion Risks

H34

Lack of Legionella assessment policy/testing

H37

Cost of Injury/Fatality to Child in Care

Query change to Medium - Discuss

H39

Risk from high dependency single site Crematorium

H40

Cost of injury/fatality to public resulting from inadequate seawall protection