Risk Management Policy
Background
1. Risk management is detailed in paragraphs 17.1 and 17.2 of the Town Council’s Financial Regulations:
17.1 The Council is responsible for putting in place arrangements for the management of risk. The clerk shall prepare, for approval by the council, risk management policy statements in respect of all activities of the council. Risk policy statements and consequential risk management arrangements shall be reviewed by the council at least annually.
17.2 When considering any new activity the clerk shall prepare a draft risk assessment including risk management proposals for consideration and adoption by the council.
Policy
2. For the purpose of this policy, risk is defined as any thing that has a material impact on delivering the council’s objectives, including the delivery of its day-to-day services.
3. The council will review its risk management policy and consider the risks posed to the organisation as part of a broader framework of internal control.
4. Alongside risk assessment, the internal control framework will consider the control environment, information & communication systems & processes, control activities, and monitoring processes.
5. The council will consider risks against the following heading:
- Political – our ability to deliver local or central government policy
- Governance – the appropriateness of structures and functionality, a clear scheme of delegation, clear objectives and priorities
- Financial – our ability to meet our financial commitments, internal and external audit requirements, project and financial exposures
- Social – our ability to deliver our policy commitments and adapt to demographic, residential, social or economic trends
- Legal – our ability to meet legislative and regulatory requirements
- Technological – our ability to make the best use of technology and adapt to a changing environment
- Environmental – our ability to comply with statutory requirements and best practice
- Partnership – our ability to maximise benefits to the council by developing long-term working relationships with partners
- Contractual – procurement policies, clear specification, strong cost control, robust contract administration and site supervision
- Human Resources – staff competence and development, capacity, commitment
- Operational – service delivery, complaints’ management, compliance with performance standards
- Health & Safety – fire, security, accident prevention, lone working
- Reputational – issues that adversely affect the council’s reputation in the town and with those that we work with
6. A risk register will be established using these headings. Any risks that occur will be added to the register when they occur and if those risks are material, they will be reported to the council’s Strategy and Policy Committee.
7. The risk register will:
- categorise the combined impact and probability of risks as high, medium or low using a numerical score for each category of 1-5, i.e., a maximum total score of 25 can be achieved. Scores 1-8 will be assessed as low risk, scores 9-14 will be assessed as medium risk, and scores 15-25 will be assessed as high risk
- the probability of a risk occurring will be applied to a three-year timeframe
- detail the controls that are in place to mitigate against risks, including any improvements that are required to further mitigate against historic risks
8. The risk register will be reviewed by the management team annually and reported to the council.
9. An annual risk assessment, alongside a statement of internal control, will be reported to the council’s Strategy and Finance Committee in autumn each year. The report will highlight risks identified as high. Any actions requiring budget approval will be considered as part for the forthcoming year’s budget setting process.
Review
- This policy will be reviewed in October 2026.
John Wright
Town clerk
October 2025