The official version of this document can be found via the PDF button.
The below content has been automatically generated from the original PDF and some formatting may have been lost, therefore it should not be relied upon to extract citations or propose amendments.
STATES OF JERSEY
RISK MANAGEMENT – FOLLOW UP (R.150/2022): EXECUTIVE RESPONSE
Presented to the States on 30th January 2023 by the Public Accounts Committee
STATES GREFFE
2022 R.150 Res.
2
REPORT
In accordance with paragraphs 69-71 of the Code of Practice for engagement between Scrutiny Panels and the Public Accounts Committee' and the Executive', (as derived from the Proceedings Code of Practice) the Public Accounts Committee (the Committee') presents the Executive Response to the Comptroller and Auditor General's Report entitled: Risk Management – Follow Up (R.150/2022) presented to the States on 7th October 2022).
The Committee is pleased to note that all of the C&AG's recommendations have been accepted, and that areas highlighted by the C&AG for consideration have received a positive response. However, the Committee has also noted the response in relation to three of the recommendations and two of the areas for consideration in R.150/2022 and has presented comments detailing its views and suggested follow up.
Deputy L. Feltham
Chair, Public Accounts Committee
R.150/2022 Res.
Chief Executive Response to C&AG Review: Risk Management – Follow up - Executive Response to PAC by 22nd November 2022. Summary of response:
The Government of Jersey (GoJ) welcome the Risk Management – Follow-Up report and note the progress highlighted by the Comptroller and Auditor General since the last report in 2017. We agree that effective implementation of the Risk Management Strategy and of the recommendations in this report will be key to further embedding risk management as an integral tool of management. To this end, all 10 recommendations have been accepted and several actions are either underway or have already been completed as set out in the executive response below. Miles tones have been set for those recommendations where a longer target date has been set, to highlight the programme of activity and progress.
We agree that the four areas of planned work we have in place highlighted by the C&AG should be prioritised and all seven areas for consideration will be reviewed across 2023.
Action Plan
Recommendations | Action | Target date | Responsible Officer |
R1 Tailor information provided to strategic groups including CoM, ELT and the Risk and Audit Committee to present key messages more effectively at a strategic level and on a more timely basis. In doing so, ensure streamlining of the quarterly data pack to focus on the risk management of delivery of strategic priorities. | A review of all risk data is underway to pull out strategic messages within the reporting pack, to meet the individual information requirements. This will support discussion on the Corporate Risk Register with both Executive Leadership Team (ELT) and the Council of Ministers (CoM). We are also seeking to ensure timely reporting of risks to the Risk and Audit Committee (R&AC). A programme of workshops with ELT and Council of Ministers is in place. Similar workshops will be diarised for R&AC. This will also address reporting of corporate risks against the new Common Strategic Priorities and | End of Q1 2023 Complete Q1 2023 Q1 2023 (re: changes to ERM system) | Chief of Staff and Head of Risk |
| support the Deep Dive programme around extreme risks. |
|
|
R2 Implement more effective arrangements to consider and integrate risks in States owned entities and arm's length bodies into the Corporate Risk Register. | States Owned Entities (SoEs) risks are reviewed under a Memorandum of Understanding. This includes the Head of Risk meeting with SoEs prior to quarterly shareholder meetings. Arms Length Bodies – the Arm's Length Bodies Oversight Board will progress improvements in Grant Funding Agreements for larger ALBs. These will include a requirement to notify the "sponsor" department of significant risks. | Complete End Q2 2023 | Head of Risk Chief of Staff |
R3 Develop an action plan to implement and monitor delivery of the 2022 Risk Management Strategy particularly around the key objectives, success measures and outcomes identified in the key focus areas. | An Action Plan will be developed as part of the Review of the Strategy for 2023-24 and underpinned with appropriate outcome measures. The ERM Strategy will be expanded to include a KPI section. (Column 1: Key Objectives/Focus Areas, Column 2: Success Measures; Column 3: Stakeholders; Column 4: Target dates). | End Q2 2023 | Head of Risk |
R4 Formally review risk appetite across a range of dimensions on an annual basis. | This is included in the annual review of the ERM Strategy. However, going forward training and work with departments will focus on Risk Appetite as the culture matures. This will also be picked up in the ELT and COM programme of workshops. | Strategy Review by end of Q2 2023 Underway and ongoing | Head of Risk |
R5 Undertake a full review of the Corporate Risk Register to ensure consistent interpretation of risks that may impact on delivery of Common Strategic Policy priorities and the Government Plan. | The review of the Corporate Risk Register will also consider linked risks and is being picked up as part of the ELT and CoM workshops, to ensure alignment through Gap Analysis and consensus on Corporate Risks. | Underway to be completed by end of Q1 2023 | Head of Risk |
| New procedures have been put in place to ensure regular reviews take place with ELT and CoM to maintain a consistent interpretation of risks. Bi-monthly meetings with ELT on the Corporate Risk Register will take place and risk management (including risk appetite) will be a regular agenda item between departments and their Ministers. Quarterly reports will be presented to CoM as highlighted under R1 to review and gain consensus and also check actions are SMART and align with Government Plan prioritisation. A new process is in place for potential escalation of risks from Departmental Risk Registers to the Corporate Risk Register. | Complete and ongoing | Chief of Staff |
R6 Review the Managing Risk section in future Government Plans to ensure that it reflects high level risks of delivering the priorities in the Government Plan rather than a small sample of risks taken from the Corporate Register. | Consideration of risks is an important part of the Government Plan process, and feeds into several other elements of the plan. How risk is covered in the narrative of the Plan document will be reviewed before the drafting of the next Government Plan, to ensure that the recommendations of the C&AG are properly reflected. | End of Q2 2023 | Director of Strategic Finance and Head of Risk |
R7 Include significant risks that may impact on delivery of departmental business plans in these business plans. | Going forward Accountable Officers to include and ensure decision making and prioritisation is risk-based. Significant risks will be developed over 2023 and built into the new Delivery Plans for 2024; as the Delivery Plan template has already been agreed for 2023 and Delivery Plans are nearing completion. | In place Q3/4 2023 | Accountable Officers in consultation with Head of Risk. |
R8 Undertake a full review, led by ELT of all risks on the Corporate Risk Register to confirm that: | Risk Team to update guidance for further clarity around impact scoring. This will include further development of guidance on scoring as part of the 2022-23 review of the Strategy (for example: financial risks and health and safety). | End of Q2 2023 | Head of Risk. |
• inclusion as a risk and scoring is justified and a consistent interpretation of the guidance controls recorded are appropriate and meaningful; and recorded mitigating actions are robust and timetables are realistic. • • | New process and procedure has been developed around gatekeeping of risk escalation to better align Departmental Risk Registers with Corporate Risk Register. Workshops with ELT and Council of Ministers with Gap Analysis (underway October 2022). Initial discussion with Departmental Risk Group to review C&AG findings has taken place and how Risk leads can review scoring, controls and actions in tandem with their Accountable Officers for those risks they have escalated to the Corporate Risk Register. Dedicated session will be diarised with Departmental Risk Group in Q1 2023. Accountable Officers have been asked in the Q3 Risk Report to ensure C&AG recommendations are built into their internal departmental risk governance practice and reviewed monthly. Quarterly reporting has been agreed with the Council of Ministers to review and gain consensus and also check actions are SMART and align with Government Plan prioritisation. | Complete Ongoing Underway Underway – completion due end of Q2 2023. In place | Chief of Staff Head of Risk Head of Risk Accountable Officers Head of Risk |
R9 Enhance mechanisms to hold Accountable Officers to account for the effectiveness of mitigating controls and actions recorded on the risk register. In doing so, review the purpose and operation of the deep dive' processes operated by the Head of Risk and the Risk and Audit Committee to consider | Accountable Officers will present a selection of Deep Dives to ELT and R&AC as appropriate on a regular basis to account for their effectiveness of controls and actions and understand the wider impact on other areas. Deep Dive process has been streamlined by the Central Risk Team to a single template which will be used by both R&AC and ELT. Any R&AC advice will be | End of Q2 2023 | Chief of Staff and AOs |
their effectiveness and ensure that they do not duplicate one another. | included within the Deep Dive presentation to ELT for their consideration. This will avoid duplication. |
|
|
R10 Review the Terms of Reference of the DRG to maximise its effectiveness. In doing so, clarify the purpose and corresponding information and access needs for the DRG as a resource to add value to the corporate risk management framework. | Further review of DRG Terms of Reference will take place in 2023. This process is already in place on an annual process to ensure maximised effectiveness | Complete and in place. | Head of Risk |
P1 Complete the planned update to the Community Risk Register. | The Community Risk register is being updated by Emergency Planning with input from Central Risk Team as part of the ERM Strategy. The register will be updated by the beginning of Q2 2023 in line with latest NSRA guidance. | End of Q2 2023 | AO JHA |
P2 Integrate CLS fully into the Enterprise Risk Management system. | This is underway. Risks, controls and actions were migrated by CLS supported by the Central Risk Team to ERM in Q3 2022. This is to be finalised by CLS in Q4 2022. | End of Q4 2022 | AO CLS |
P3 Complete the development of core objectives for risk management for Tier 1-3 staff, as part of the Performance Management Framework. | This is dependent on the review of the Competency Framework under P4 below. A relevant KPI will be included in the delivery plans for 2024. | End of Q2 2023 | Head of Organisational Development with Head of Risk |
P4 Complete the work on Competency Framework including a reference to risk management as a core competency. | The Competency Framework being reviewed by COO in liaison with Head of Risk. | End of Q2 2023 | Head of Organisational Development with Head of Risk |
A1 Review the detailed content of the Risk Management Strategy alongside its supporting guidance to ensure that balance and level of detail are appropriate for users. | Underway. Developing new guidance to reflect C&AG recommendation will be complete in December 2023. | End of Q4 2023 | Head of Risk |
A2 Review whether any aspects of the risk management guidance should be mandated. | A review of the risk section in the Public Finances Manual will be undertaken to further strengthen the risk management guidance. Consideration will be given as | End of Q4 2023 | Head of Risk |
| to whether certain aspects of the risk management guidance should be mandated and will be discussed with ELT. |
|
|
A3 Include more practical examples in the risk management guidance to help users in interpretation and to promote consistency in application. Areas that should be considered for practical examples include: • population of the risk register • scoring examples • controls; and • mitigating actions. | Underway. Further examples and case studies to be developed following discussion with ELT. | End of Q4 2023 | Head of Risk |
A4 Develop and implement a mandatory training programme on risk management processes. | This work is in development and will be fully completed and uploaded to Virtual College, our online training system, by the end of 2023. | End of Q4 2023 | Head of Risk |
A5 Enhance initial (gross) risk and current (residual) risk the system to document both to provide a better audit trail of risk, mitigating controls and action. | A review of current procedures and assessment criteria within risk assessment form will be undertaken to consider the C&AG recommendation. | End of Q3 2023 | Head of Risk |
A6 Provide some specific training in risk management processes for States Members more widely. | Underway. COM training already underway. Training for States Members will be offered. | End of Q2 2023 | Head of Risk |
A7 Review and determine the best way to improve sharing of risk registers across the States of Jersey risk community to enable additional learning from others in a controlled and measured way. | Underway in consultation with Departmental Risk Group and AOs and will be concluded at the end of Q2 2023. | End of Q2 2023 | Head of Risk |
Recommendations not accepted
Recommendation Reason for rejection