CAIRNGORMS NATION­AL PARK AUTHORITY

Audit & Risk Com­mit­tee Paper 2 12/06/2020

CAIRNGORMS NATION­AL PARK AUTHORITY

AUDIT & RISK COMMITTEE

FOR DIS­CUS­SION

Title: RISK MANAGEMENT

Pre­pared by: DAV­ID CAMER­ON, DIR­ECT­OR OF COR­POR­ATE SERVICES

Pur­pose

This paper presents an over­view of the Authority’s risk man­age­ment activ­it­ies dur­ing the busi­ness con­tinu­ity response to the COVID19 pan­dem­ic, with­in the con­text of the Authority’s approach to stra­tegic risk management.

Recom­mend­a­tions

The Audit & Risk Com­mit­tee is asked to:

a) Note the cur­rent approach being taken to risk man­age­ment as set out in this paper; b) Review the cov­er­age of the risk register estab­lished in sup­port of the Authority’s Busi­ness Con­tinu­ity Plan­ning and Man­age­ment; c) Con­sider the appro­pri­ate­ness of the approach to and focus of risk man­age­ment while in the cur­rent BCP led oper­a­tion­al circumstances.

Exec­ut­ive Summary

1. The Cairngorms Nation­al Park Author­ity has a well-estab­lished and embed­ded approach to stra­tegic risk man­age­ment. Our most recent stra­tegic risk register is repro­duced as part of the Intern­al Audit Plan for ²⁰²⁰⁄₂₁ con­sidered else­where on the Committee’s cur­rent agenda and is there­fore not repro­duced again with this paper.

2. Dur­ing the cur­rent response to the COVID19 pan­dem­ic, the Author­ity con­tin­ues to pur­sue deliv­ery of the estab­lished pri­or­it­ies of the Cairngorms Nation­al Park Part­ner­ship Plan (CNPPP) for 2017 to 2022 and to coordin­ate work with vari­ous part­ners in deliv­ery of the CNPPP pri­or­it­ies. The Author­ity there­fore con­tin­ues to plan around deliv­ery of its exist­ing stra­tegic object­ives as agreed by the Board and Scot­tish Min­is­ters and set out in our Cor­por­ate Plan for 2018 to 2022. As such, our exist­ing stra­tegic risk register remains a val­id over­view of the stra­tegic risks which may impact our suc­cess­ful deliv­ery of these objectives.

3. The cur­rent COVID19 responses and restric­tions to our pre­vi­ous mode of oper­a­tions have a wide range of impacts on our oper­a­tions as an organ­isa­tion and on our exist­ing resource deploy­ment plans. For the peri­od of our Busi­ness Con­tinu­ity Plan (BCP) response to date in respond­ing to the COVID19 pan­dem­ic, we have taken a decision to estab­lish a spe­cif­ic risk register to map out the vari­ous risks faced in our con­tin­ued deliv­ery of our Cor­por­ate Plan object­ives. Where appro­pri­ate, we have estab­lished pre­vent­at­ive and remedi­al meas­ures to act on those risks and hence min­im­ise their like­li­hood and impact respect­ively. The cur­rent BCP risk register is set out at Annex I to this paper.

4. The BCP Man­age­ment Risk Register is inten­ded to sup­port the man­age­ment of the over­all stra­tegic risk register through estab­lish­ing a focused risk man­age­ment envir­on­ment for the Authority’s oper­a­tions while we respond and adapt to the COVID19 emer­gency. It is neither a replace­ment nor a refresh of the stra­tegic risk register — rather, it estab­lishes an inter­im risk man­age­ment approach to a sud­den and focused risk escal­a­tion across a range of our exist­ing stra­tegic risks and envir­on­ment. Many of the risks set out in this BCP Risk Register are exten­sions of the exist­ing stra­tegic risks. In effect, many of the stra­tegic risks have now sig­ni­fic­antly escal­ated with the event of the COVID19 pan­dem­ic and its impacts, and the BCP Risk Register presents an inter­im, focused means of man­aging those key cur­rent risk impacts.

5. The full stra­tegic risk register has not been amended at this stage. Our sug­ges­ted approach is to con­tin­ue to mon­it­or and val­id­ate the stra­tegic risk register while focus­ing our imme­di­ate risk man­age­ment on the BCP Risk Register presen­ted. An imme­di­ate revi­sion to the stra­tegic risk register while the Author­ity is only 2 months into the responses to the COVID19 pan­dem­ic, and while future dir­ec­tions needed by the Author­ity over the longer term have yet to be determ­ined, is con­sidered too pre-empt­ive at this point in time.

6. As the imme­di­ate BCP risk man­age­ment pos­i­tion is assessed to decline, the full focus will once again be switched to a refresh of the Stra­tegic Risk Register, which will be reviewed in the con­text of resid­ual BCP man­age­ment risks. The Authority’s man­age­ment team cur­rently aims to bring a Cor­por­ate Plan update report to the Board meet­ing in Septem­ber 2020, at which time we will also bring an update on cur­rent risk status of our BCP oper­a­tion­al pos­i­tion and a full refresh of the Stra­tegic Risk Register.

7. The Com­mit­tee is invited to review the cov­er­age of the BCP Risk Register set out in Annex I to this paper and also to con­sider the appro­pri­ate­ness of this approach to and focus of risk man­age­ment while in the cur­rent BCP led oper­a­tion­al circumstances.

Dav­id Cameron 28 May 2020 davidcameron@​cairngorms.​co.​uk