Paper7Annex1StrategicRiskRegisterV31
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 7 Annex 1 06/09/19
CAIRNGORMS NATIONAL PARK AUTHORITY STRATEGIC RISK REGISTER
| Risk | Ref | Resp | Mitigation | Comments | Trend Nov 18 | Trend Mar 19 | Trend Aug 19 |
|---|---|---|---|---|---|---|---|
| Cross-over risks | |||||||
| Resources: public sector finances constrain capacity to allocate sufficient resources to deliver corporate plan. | A1 | DC | Ongoing liaison with Scottish Government highlighting achievements of CNPA. Focus resource on diversification of income streams to alternate, non-public income generation. Continuing to support “delivery bodies” such as Cairngorms Nature, LAG and OATS in securing inward investment. Corporate plan prioritised around anticipated Scottish Government budget allocations, taking on Board expectation of funding constraints. | Work with Scottish Government has successfully secured resources adequate to cover Corporate Plan expectations into the second year of the current 4 year Corporate Plan period. We also continue to take forward ideas for alternate income streams to support future investment, including collective work with all UK National Parks and now supporting work on charitable activities through Cairngorms Trust. Executive team has now commenced discussions with Government on 20⁄21 budget. | ➡️ | ➡️ | ➡️ |
| Governance: changes to Board membership cause mission drift away from agreed priorities. | A3 | GM | Focus in agendas to maintain overall strategic direction and relevance of papers; Board induction and training plans to be developed and delivered; On-Board training delivered Apr 19; Ongoing Board training programme in development / delivery. Board self-evaluation to be undertaken again once changes complete. | Key decisions on NPPP and Corporate Plan timed through existing Board therefore risk significantly mitigated. Board change management process now well in hand following completion of changes in membership in March 19. | ➡️ | ➡️ | ➡️ |
| Government and Policy: wider national political changes and policy direction force change away from current objectives. | A2 | GM | Invest time in maintaining key government contacts and relationships gaining notice of potential policy shifts. Work to get full government backing to NPPP which gives longer term strategy commitment. | Spending Review settlement for 2018⁄20 favourable for CNPA, therefore increasing confidence around capacity to deliver existing Corporate Plan objectives to 2022 and also on Government commitment to CNPA Strategic goals. NPPP and 18⁄22 Corporate Plan now approved. Monitoring ongoing potential impacts of EU exit and forward budget and policy developments, although no escalation at present. | ➡️ | ➡️ | ➡️ |
| Resourcing: UK vote to leave EU disrupts project delivery and financing plans and exposes Authority to longer term financial liabilities as a result of loss of EU funds. | A12 | DC | Risk management analysis of specific EU funded activities – particularly of Authority’s exposure as Accountable Body for LEADER. Instructions issued on timetable for funding commitments to be covered by CNPA. Invest management time in opportunities to engage in new funding programmes designed to replace EU funding programmes. | LEADER funding contracts tailored to meet expected EU exit timetable. Greater clarity on Scottish Government position now in place. Good access to other project funding for time being. Plans for replacement of current EU grant funds remain uncertain, and risk escalation now indicated to reflect this strategic future funding risk. | ➡️ | ➡️ | ➡️ |
| Resourcing: lead body role for multiple large scale externally funded projects is unable to be supported through available cash flow and ICT systems. | A9.2 | DC | Review staffing structures and capacity of ICT systems, e.g. SAGE finance and payroll, to support required services. Enhanced focus on cash flow forecasting and management. | Added April 2018 by Heads of Service. No significant issues arising to date. Review of functionality and capacity of key systems initiated and cash flow monitored closely. LEADER cash flow now unlocked repayment of grants broadly up to date. Risk retained for time being looking toward National Lottery Heritage Funds closure of Tomintoul and Glenlivet Landscape Partnership project and potential cash flow impact | ⬇️ | ⬇️ | ⬇️ |
| Staffing: additional externally funded projects strains staff workload capacity with increased risks of stress and reduced morale. | A9.3 | DC | Ongoing review of Operational Plan with explicit identification of projects which can/must slip to accommodate successful funding bids. Importance of staff management and task prioritisation reinforced through leadership meetings. | Added April 2018 First Operational Plan review completed May 2018. Pressure points and reprioritisation reviewed. Second Operational Plan established March 2019. No current awareness of organisational issues. Test through forthcoming staff survey. | ➡️ | ➡️ | ➡️ |
| Resourcing: Role as Lead / Accountable body for major programmes (e.g. LEADER, Landscape Partnership) has risk of significant financial clawback should expenditure prove to be not eligible for funding, while CNPA carries responsibilities as employer for programme staff. | A11 | DC | Ensure financial controls in place for programme management include effective eligibility checks. Test processes with funders if required and also undertake early internal audit checks. Workforce management plans must incorporate programme staff considerations. Utilise internal audit resources | Very positive movement in resolution of monitoring and eligibility issues over summer 2018. Enhanced by full acceptance of all CNPA interpretations during 2019 with no eligibility issues outstanding at programme level. Residual risk around dispute resolution processes and uncertainty over eligibility judgements and interpretation made by SG audit. | ➡️ | ➡️ | ➡️ |
| Technical: Increasing ICT dependency for effective and efficient operations is not adequately backed up by ICT systems support. | A17 | DC | ICT Advisory review commissioned from internal audit. Consultancy work also underway through ThinkWhere for GIS and Avendris for customer management and electronic records management. | Added April 2018 Operational Management Group review. Cyber security and wider ICT functionality reviews completed. Some ongoing delays around IT elements of project delivery. | ➡️ | ➡️ | ➡️ |
| Technical: Cyber security is inadequate to address risk of cyber-attack on systems | A18 | DC | Implementation of Scottish Government Cyber Security Action Plans and internal audit recommendations on IT security. Ongoing review of systems and procedures in tandem with LLTNPA. | Added by MT / OMG April 18. Cyber security plus accreditation received. Work underway to complete residual internal audit actions. | ➡️ | ➡️ | ➡️ |
| Resourcing: CNPA IT services are not sufficiently robust / secure / or well enough specified to support effective and efficient service delivery. | A13 | DC | We will develop and consult on the forward plans for ICT service development to ensure these meet service requirements. Commissioned external review of out IT and data management processes to be implemented to give assurance. | Risk added through staff consultation with Staff Consultative Forum Sep 2016. Actions implemented on Cyber Security. Very high levels of service availability. Some outstanding improvement actions and IT project implementation to be delivered, however, overall level of risk declining. | ⬇️ | ⬇️ | ⬇️ |
| Reputation: the Authority’s reputation is impacted by a small number of vociferous social media opinion leaders | A14 | GM | Staff and Board training on use of social media to best support organisational aims in communications and reputation management. Ongoing delivery of communications strategy. Social media profile also represents an opportunity to boost reputation. | Added by Board Dec 16. Implementation of communications strategy and wider organisational delivery, including promotion of recent successes, effective in maintaining organisational profile. | ➡️ | ➡️ | ➡️ |
| Reputation: high profile incidents or one off stories, such as those associated with wildlife crime, mountain hares, affordable housing can have an undue influence on the Authority’s wider reputation. | A15 | GM | Maintain good balance of traditional and social media releases. Close partnership working to seek to balance incident reporting and appropriately reflect Authority’s position and work. | Added by MT Jan 18. Wildlife crime initiative now launched. Other positive media around Snow Roads and Cairngorms as a destination. This risk diminishing in impact as wider balancing information becomes more widespread. | ⬇️ | ⬇️ | ⬇️ |
| Resourcing: scale of asset responsibilities such as for paths, outdoor infrastructure is not adequately recognised and does not secure adequate forward maintenance funding. | A16 | DC | Review of accounting procedures and asset recognition policy; review of forthcoming accounting technical guidance. Ensure full consideration is given in budget reviews. Alternate funding sources such as visitor giving to be explored more actively. | Added by MT / OMG April 18. Infrastructure maintenance issues exacerbated by end of existing agreement over Speyside Way Long Distance Route and end of maintenance period for some large scale investments – East Cairngorms Access Project (ECAP) for example. | ⬆️ | ⬆️ | ⬆️ |
| Resources / Staffing: failure to effectively manage staffing numbers with a view to the long term business need will reduce the capacity for the Authority to deploy adequate financial investment toward priority projects in the National Park. | A19 | DC | Workforce Management Strategy developed and in place. Analysis of staffing contract position over three year period completed with actions established. | Added by Staffing and Recruitment and Audit and Risk Committees Feb / Mar 2019. Staff contract position now established and subject to ongoing monitoring through HR, with review at point of any vacancies arising. Ongoing management of staff numbers underway with some highlighted areas now resolved. | ➡️ | ➡️ | ➡️ |
| Resources: change in financing IT services and the switch from capital to revenue provision places an unmanageable pressure on the Authority’s budget capacity. | A20 | DC | Monitor pattern of IT Investment costs as regards the capital and revenue split of resourcing requirements; build impacts into ongoing budget deliberations with Scottish Government. | Added by Audit Committee 8 March 2019 following “deep dive” IT risk review. Analysis of position to be undertaken in lead up to 20⁄21 budget. | ➡️ | ➡️ | ➡️ |
| Reputation: the Authority is not perceived to be appropriately addressing the potential for conflict between 4 statutory aims. | A21 | GM | Ensure Board policy papers and Planning Committee papers are explicit in recognising strategic policy conflicts between 4 statutory aims and in addressing the evaluation of the conflict. | Added by Audit Committee 8 March 2019 following internal audit report on strategic planning processes. | ➡️ | ➡️ | ➡️ |
| Resourcing: Business Continuity Plans (BCP) are inadequate to deal with significant impacts to normal working arrangements and result in service failure. | A22 | DC | Overhaul of BCP developed in 2014 with reporting on development of plans through Management Team and Audit and Risk Committee. Test BCP arrangements once plan in place and communicated. | Added by Audit Committee May 2019 following internal audit review of BCP. | ➡️ | ➡️ | ➡️ |
| Specific Service Risks | |||||||
| Partnerships: Conservation partnerships, crucial to delivery of priorities across land owned by others, are not formed or sufficiently developed to deliver conservation priorities. | C1 | PM | Prioritise investment of time in establishing and maintaining working relationships; develop clear focus on requirements of partnerships, their purpose, objectives and resources. | Moorland Partnership and Cairngorms Connect progressing well; growing relationships with individual estates re woodland expansion proposals; recent input to engage more widely with keepers and raptor study groups. | ➡️ | ➡️ | ➡️ |
| Staff and communications: partners’ staff are not engaged with or do not buy into the Authority’s conservation NPPP priorities. | C2 | PM | Clear and consistent messaging of CNPA priority and intended outcomes / impacts; clear, prompt and focused responses to partner concerns. | Increased levels of joint working with FCS and SNH on priority issues of woodland expansion and designated sites; Partnership Plan completion reaffirmed shared priorities among partner agencies. Audit and Risk Cttee agreed to retain this risk May 2018. | ➡️ | ➡️ | ➡️ |
| Reputational: the Authority’s leadership reputation will be damaged if East Cairngorms Moorland Partnership fails as a consequence of failure or perceived failure to deliver objectives. | C3 | PM | Establish and communicate clear partnership objectives. Maintain clarity within partnership on actions and their associated delivery responsibilities. | Added through Management review April 2018. Work ongoing in this area, with no evidence as yet of changes to likelihood or impact. | ➡️ | ➡️ | ➡️ |
| Partnerships: transfer of Crown Estates may result in significant disruption to established patterns of partnership working with key land-owners and reduced effectiveness in delivery with this key stakeholder group | C4 | PM | Monitor progress of Crown Estates transfer and potential impacts on CNP Partnership operations, taking preventative actions as required. | Added at Board meeting 11 December 2015. Moved to service specific risk from general risk through management review April 18 | ⬆️ | ⬆️ | ⬆️ |
| Partnerships: competing priorities act to prevent or delay delivery of Cairngorm and Glenmore Strategy. | V1.1 | MF | Re-initiate momentum on project. Regular partner contact and early joint planning for delivery priorities, seek to expose potential conflicts at early stages and collaborate to identify remediation. | Cairngorm and Glenmore Strategy agreed among partners but changing partner capacity risks less joined-up and less ambitious delivery. Lack of movement on implementation and problems with Cairngorm Funicular are resulting in heightened risk. | ⬆️ | ⬆️ | ⬆️ |
| Resourcing: delivery of strategic path networks / tourism infrastructure is not achieved or delayed as insufficient resource is allocated to project development or delivery stages. | V2 | MF | Focus given to ensuring project development and specification is planned and resourced; and early liaison with partners re strategic funding opportunities and bidding into these. | Funds now secured for a number of strategic path investments over this and next year. Residual issues on maintenance and reinstatement covered by risk A16 around revenue financing. | ➡️ | ➡️ | ➡️ |
| Resources and Partnerships: HLF funded Tomintoul and Glenlivet Landscape Partnership and Capercaillie Framework fail to fully deliver to the expectations of funders and communities. | L1 | PM | Ensure sufficient staff resources are dedicated to supporting project boards. Ensure regular project monitoring and evaluation. | Broad range and scale of TGLP projects combined with wide diversity of partner input is challenging to manage and TGLP staff team at full stretch. However monitoring of workloads and project progress is in place and responded to. These risks will be replicated within new Capercaillie project and need equivalent management. | ➡️ | ➡️ | ➡️ |
| Governance: Board and stakeholders do not adequately understand and appreciate landscape scale land management issues | L2 | PM | At Board level, continue to use Board self-assessment and skills matrix to guide member recruitment, training and informal briefing sessions. Use partnership mechanisms to ensure stakeholder understanding and appreciation. | Added by Audit and Risk Committee May 2018 Work ongoing and no change in risk assessment at this stage. | ➡️ | ➡️ | ➡️ |
| Resources and Partnerships: the broad partnership, policy combination and financial resources required to address challenges of housing delivery are not sufficient. | R1 | MF | Strategic focus on establishment of the partnership approach, policy changes and resources required in development of next NPPP. | National Park Partnership Plan consultation successful. Local Development Plan progressing well. Mitigation actions therefore progressing well, but overall no change to risk trend as yet. | ➡️ | ➡️ | ➡️ |
| Resourcing and partnerships: current LEADER programme will end within Corporate Plan period with uncertainty over resources to allow continuation of Community Led Local Development (CLLD) work, preventing the Authority and community organisations from effective planning and investment in priority CLLD actions. | R2 | DC | Influence through existing LEADER networks to emphasise importance of CLLD funding in supporting delivery of priority investments within local communities. Communicate key successes of the LEADER process. | Added during management review April 2018 Promotion of effectiveness of CLLD approach; input to Scottish Government consultation over summer 2018. Various strands of policy work ongoing and being influenced. However, no change in risk assessment at this stage. | ➡️ | ➡️ | ➡️ |
Notes:
- Aiming to keep strategic risk register to around 12 to 15 high level strategic risks
- Cross-cutting risks impact potentially throughout all priorities
- Strategic Risks around corporate priorities focus on risk impacts throughout each of the three themes – hence require a coordinated overview at Director / MT level. Not expecting a strategic risk against each specific Corporate Plan priority.
- More specific risks are expected to be captured in more operational risk registers – e.g. risk management around delivery of office extension.
- Full risk register the collective responsibility of full MT to manage, however each risk allocated to one specific member of the team to take lead responsibility.
- Aim through mitigation to reduce Likelihood (LL) multiplied by Impact (IM) risk score to below 10 as acceptable risk value.
- Reference key: “A” items are risks impacting on all aspects of the Corporate Plan; “C” items are Conservation only risks; “V” risks relate specifically to Visitor Experience; “L” risk relate to Land Management; “R” risks relate to Rural Development risks.
Key
- Managed risk: (green downward arrow in greyed-out field): risk assessment that risk is effectively managed and no longer a strategic risk posing potential to inhibit achievement of corporate strategic objectives. Risk can be removed from risk register.
- Lowering risk: (green downward arrow): risk impact and / or likelihood is declining resulting in overall strategic risk assessment of mitigation actions effective with ongoing monitoring of risk environment still required.
- Static risk: (amber horizontal arrow): risk impact and likelihood is stable. Overall strategic risk assessment is stable indicating that strategic risk remains, requiring ongoing management and continued implementation of proposed mitigation and controls.
- Increasing risk: (red upward arrow): risk impact and / or likelihood is increasing resulting in increasing risk of achievement of strategic objectives being inhibited. Management action, and possibly resource investment, required to address risk environment and possibly introduce new mitigation action, in order to reduce risk impact and / or likelihood.
Version Control
- 3 Board Cycle December 2019
- 3.0 Board adopted version June 2019 for MT / OMG review
- 3.1 Audit Committee review 6 September 2019