Spelthorne Borough Council – Governance Assurance / Risk Management Policy and Framework
Policy Statement
Spelthorne Borough Council recognises that it has a responsibility to have effective governance in place and manage the risks it faces in order to:
· Ensure that statutory obligations and policy objectives are met
· Prioritise areas for improvement in service provision and encourage meeting or exceeding customer and stakeholder expectations
· Safeguard its employees, clients and service users, Members, and all other stakeholders to whom the Council has a duty of care
· Protect its property and assets including buildings, equipment, vehicles, information and all other resources
· Identify and manage potential liabilities
· Maintain effective control of public funds and the efficient deployment and use of resources to achieve value for money
· Preserve and promote the reputation of the Council
· Support the quality of the environment
· Engage effectively with its partner organisations and wider community
· Learn from previous threats, opportunities, successes, and failures to inform the continuous improvement in governance and the management of risks
Risk management is an integral part of the Council’s corporate governance arrangements and has been built into the management processes as part of the Authority’s overall framework to deliver continuous improvement. All Members and Officers have a responsibility and a role to play in good governance and managing risk.
The Council is adopting an approach to risk management that focusses on having and maintaining assurances about the effectiveness of our governance arrangements. This provides a greater emphasis on ensuring and being assured that all aspects of the Council’s governance are in place, effective and complied with. Whilst always identifying risks that threaten the achievement of our objectives, our ‘governance assurance’ approach will highlight the responsibilities and accountabilities for our governance and compliance.
The Council will seek to achieve effective governance assurance and risk management by:
· Implementing this Framework which compliments the other governance processes of the Council
· Equipping all employees and Elected Members with the skills required to identify and assess risks, understand the governance needed to deal with them and to communicate this appropriately and effectively
· Acknowledging that risk management and the need for effective governance are shared across partner organisations
· Annually reviewing the effectiveness of our governance arrangements and reporting the results in the Annual Governance Statement
· Having a robust Audit Committee that reviews the effectiveness of the Council’s broader governance arrangements
· Keeping the Council’s governance assurance / risk management approach under continual review to ensure it remains in line with good practice
Signed:
Councillor Joanne Sexton Terry Collier
Leader of the Council Interim Chief Executive
Date: Date:
Governance Assurance / Risk Management Framework 2025 - 2026
1. Introduction
Spelthorne Borough Council recognises the importance of the effective identification, evaluation, and management of all key strategic and operational risks. Risk management is at the heart of good management practice and is a key part of the Council’s corporate governance arrangements.
Our risk management arrangements need to be proactive and permissive to enable and facilitate effective decision-making and day-to-day management and to ensure we are acting in the right way at the right to deliver services to the public.
By implementing effective management of our risks, we will be in a stronger position to
deliver:
· Improved strategic management – greater ability to deliver against objectives and targets within finite resources
· Improved operational management – reduction in interruptions to service delivery and/or in managerial time spent dealing with the consequences of a risk event having occurred
· Improved financial management – informed decision making and reduction in losses or claims against the Council
· Improved customer services and outcomes – minimal service disruption, increased levels of satisfaction and optimal service delivery.
At the heart of effective risk management is having continual assurances regarding the existence and effectiveness of the Council’s governance framework. This framework covers all the Council’s enabling and controlling strategies, policies, and procedures to ensure we utilise our resources and deliver services in the most effective, efficient, and economical way.
This document outlines how the Council will obtain assurances around its governance framework and therefore how we will manage the threats and challenges (risks) and opportunities we face.
The Governance Assurance (Risk Management) Policy adopts a positive and enabling approach to focus on how we will deliver, perform, achieve, and succeed. It sets out:
· What we mean by governance assurance?
· Why we need a governance assurance framework – why is it important?
· An overview of the governance assurance process
· Delivery of the strategy
· An outline of the roles and responsibilities for members, senior officers, and staff
2. Definitions of Governance and Risk – what do we mean by governance assurance / risk management?
As we all know risk is the chance, possibility or concern of loss, damage, injury, or inability to achieve objectives caused by an unwanted or uncertain action or event. Risk is an inevitable part of everyday business and cannot be eliminated – but it can be managed. Risk management as a process sits within the Council’s wider framework of governance.
So, what do we mean by governance. Simply put it is:
“The policies, procedures, practices and importantly the culture, that governs how an organisation ensures it does the right things, in the right way and at the right time, to deliver the services required or expected.”
Achieving assurance around the effectiveness of our governance will comprise a planned and systematic approach to articulating the aspects of governance we are relying on to discharge our responsibilities. It will look at the significant areas of council activity that require a continual focus, any concern about things in the future that we need to prepare for and be assured our arrangements will meet that future requirement, and be able to analyse and reflect when things don’t go as planned to identify why something occurred so we learn and constantly improve our governance arrangements.
3. Why is having effective governance important?
Effective and efficient governance is critical to the success of any organisation and when this does not exist it can lead to significant operational and strategic failures. Ineffective governance is cited as a fundamental cause of failure in a wide variety of organisations in both the public and private sectors. Governance issues that arise may have been because the necessary governance was not in place, or that it was not effective or complied with. Ineffective governance could be a systemic corporate issue or one relating to a specific service.
Spelthorne Council recognises the importance of ensuring we have a robust framework of governance and a continual process that ensures it is in place, effective and being complied with. This manages risk.
As the definition above states, the governance framework enables and controls how we ensure our strategic and service delivery objectives are achieved, and our responsibilities discharged.
Risks increase when organisations fail to identify when an element of the governance framework is not effective or being complied with. The governance assurance approach the Council is adopting aims to create an environment, culture and supporting processes that ensure there is an awareness of what good governance is and what everyone’s responsibilities are within it.
Good governance:
· Facilitates effective decision-making at every level
· Supports appropriate risk taking (given we cannot avoid risk)
· Improves general awareness of governance, controls, and assurance
· Protects reputation and assets - supports organisational resilience
· Embraces opportunities – e.g. new technologies and ways of working
· Challenges potential recklessness
· Improves accountability and compliance
· Provides confidence and assurance, internally and externally (external funding / partnerships)
· Encourages political engagement and support
The Council recognises that it has a responsibility to manage risks effectively to
control its assets and liabilities, protect its employees and community against potential
losses, minimise uncertainty in achieving its goals and objectives and maximise the
opportunities to achieve our vision.
4. The Governance Assurance Process
4.1 Governance Assurance Approach
The governance assurance approach focusses on ensuring we have the right governance arrangements in place and that they are effective and complied with such that we can be assured we deliver our services effectively, efficiently, and economically.
We have a range of significant objectives to meet or deliver, and we need to be assured we have the necessary governance in place to achieve them.
As this is a new approach it will be important to ensure it is quickly embedded into business as usual, where governance issues are discussed, any actions identified, and the assurances updated.
The approach is intended to be simple and straightforward, reducing the subjectivity of traditional risk management.
The means by which we assess the effectiveness of our governance arrangements will be simple utilising templates which are straightforward to complete and easy to access and maintain. The process has a simpler ‘RAG’ (red / amber / green) rating and a greater emphasis on the actions to improve our governance and therefore address any risks. The process is designed to be “self-service” for Managers and their teams, enabling a continual and proactive approach to maintain a focus on the governance arrangements needed to ensure we do the right things, in the right way and at the right time, to deliver the services required or expected.
The approach introduces the concept of ‘areas of continual focus’, ‘concerns’, and ‘issues’. The term ‘risk’ is therefore used generically to cover these three concepts.
4.2 Analysis – Identification, Description and Assessment of Governance
Traditional risk methodologies focus on the avoidance of negatives where risks are described with phrases like, “failure to…”, or ‘inadequate’, or ‘inability’, or loss’.
The governance assurance approach has an emphasis on being more positive, enabling and ensuring. It requires ‘assurance owners’ to demonstrate that the governance arrangements they need to use are in place, effective and being complied with and therefore satisfied and confident that they can discharge their responsibilities effectively, efficiently and economically, i.e. do the right things, in the right way, at the right time.
The key aspects of the governance assurance approach are to consider how we will obtain and maintain assurances regarding the governance arrangement needed relating to the following:
Areas of focus – those areas of council activity, responsibility or a major strategy that are of a long-term nature or even ‘forever’ that require continual assurance. Although these long-term matters can be subject to untoward events, they are fundamentally aspects of the Council’s responsibilities that need continual assurance. Such matters include, for example:
· delivering the medium-term financial plan
· maintaining effective budgetary control
· resisting cyber-attacks,
· maintaining resilience (organisational and emergency)
· minimising health and safety incidents
· maintaining effective collaborations / contracts
· meeting legislative requirements
Areas of focus can also be at a service level where it is necessary to maintain assurances that operational responsibilities are being met, for example ensuring maintenance schedules are maintained, mandatory training is undertaken, or contracts are being managed.
Concerns – something in the future that we need to ensure we can deal with, respond to or prevent. The focus for such matters is to ensure we have the necessary governance arrangements in place that will enable us to deal with future matter. An example of such a matter could be the achievement of a specific objective, or the need to meet future requirements e.g. new legislation or maintaining/meeting specific service levels.
Issues – something that has not gone to plan or an unforeseen event. Such matters are likely to require an immediate and/or specific response. Examples could be dealing with a significant complaint, enforcement action against the Council or a failure of a contractor. In such instances the focus will be to identify and understand what elements of the Council’s governance arrangements did not work or were not complied with that resulted in an issue arising. It may be of course that such a matter was outside the Council’s control, but a response is needed.
Ultimately, in any of the three situations above, the focus is to ensure that the Council’s governance arrangements are in place, effective and complied with that enables a positive outcome.
A narrative assessment of the assurance needed helps to identify the main issues. For an area of focus (the longer-term aspects of service delivery), considerations
include:
• What assurances do we need regarding the project / initiative / objective / duty / responsibility that ensures its successful delivery?
• Are all the arrangements in place to provide the right oversight and timely information that would enable the necessary interventions and influence?
For a concern (the forward look), considerations include:
• What is giving us a concern and why?
• Do we know when the concern may arise?
• What do we need to ensure we have in place that means we can address the concern?
For an issue (the response to something that has already happened), considerations
include:
• Understanding what has gone wrong?
• What was the cause?
• What has not been complied with?
• Is there a missing or ineffective control or is it a matter of non-compliance?
• Could this have been prevented, minimised with improved controls etc?
4.3 Assurance (Risk) Evaluation
The assurance we need in a particular area requires evaluation to determine the relative severity or seriousness of the area of focus, concern, or issue. This in turn aids management to assess the relative prioritisation of any the assurance actions necessary.
The revised approach has a more simplistic and intuitive assessment process:
• Being clear if it is an area of focus that requires continual oversight, a concern about something in the future or an issue, where something has not gone as planned.
• An assessment of how urgently we need to act to be assured – High priority (action required within 1-3 months), Medium priority (action required within 3-6 months) or Low priority (monitoring or up to a 12-month timeframe)
4.4 Assurance (Risk) Management, Actions and Governance Domains
For each area of assurance, managers need understand and identify the actions needed to provide the necessary assurance.
• For areas of focus (strategic or operational), the actions are likely to focus on obtaining assurances to enable the appropriate oversight and influence.
• For a concern, the actions are likely to revolve around getting assurances about the necessary arrangements in place to enable the future matter to be dealt with effectively and therefore avoiding any potential issues.
• For an issue, actions will be largely corrective based on a “diagnosis” of what went wrong, to enable a focus on specific, owned and tracked actions to respond.
Each action includes a description of what is to be done, why, what is the actions intended outcome, by whom (the Action Owner) and by when (completion or review dates). The urgency of the assurance action needed is provided by a simple red/amber/green assessment (as above). A simplistic progress update (red/amber/green) is also included to provide further assurance that the actions are on track to be implemented / reviewed as planned. Any action that is of a duration exceeding 6-months will require a specific review.
Each action will be linked to a governance domain, the framework of policies and procedures that ensure the Council does the right thing, in the right way at the right time to deliver our services and discharge our responsibilities. The governance domains also provide a simple accountability/compliance framework which identifies the underpinning infrastructure of governance and control used across the Council (and indeed all organisations) to manage its finances, people, assets, information, partnerships, performance, contracts, projects, legislative responsibilities, decision making, conduct and resilience.
Linking the assurance actions to a governance domain explicitly recognises that everything that happens in the Council is achieved through these broad themes or domains, and that the management, effectiveness, and compliance with these domains is a key aspect of good governance within the Council. Every manager and ultimately every employee has a responsibility to comply with and ensure good governance in their work and service area of the Council.
Each governance domain has a strategic level owner the “Domain Lead” (someone
accountable for the Council-wide management of that area) e.g. the Director of Finance - is responsible for financial management and has oversight and responsibility for regulation and compliance requirements in that area.
Analysis of assurance actions by governance domain will be shared with the Domain Leads and will form an intrinsic part of the Council’s annual review of governance, in order that trends and areas requiring corporate input or support can be identified.
4.5 Assurance and Review
The Management Team (MAT) will receive quarterly assurance reports to enable strategic oversight [format to be determined].
The relevant service / policy committees will consider the areas of focus, concerns and issues within their remit and will have the opportunity to drill into specific matters with individual senior managers invited to attend to discuss the assurance areas in their services.
The Audit Committee will receive regular updates on the overall management of the assurance process, again having the opportunity to invite senior managers to demonstrate how they are assessing and obtaining the necessary assurances that the governance arrangements needed are in place and effective.
Services will have their own assurance registers. These will be kept under continual review as part of existing management arrangements. Group Heads will review the service assurance registers on at least a quarterly basis.
Internal Audit will undertake periodic reviews to provide independent assurance to the MAT and Audit Committee of the effectiveness and compliance with the governance assurance process.
5 Delivery of the Framework
It is essential that there is a good understanding of the Council’s governance and a strong commitment from both Members and Officers to embed and maintain the new governance assurance approach. The roles and responsibilities to support the delivery of the framework are outlined in Appendix 1.
Guidance materials to support managers with the governance assurance process will be available and include step by step user guides/notes to support the completion of the assurance templates.
Appendix 1
Governance Assurance Roles and Responsibilities
In order to ensure that the Council’s governance assurance arrangements are implemented and delivered successfully, it is important that everyone within the Council understands their roles and responsibilities.
The table below summarise the roles and responsibilities of various groups and individuals across the Council in relation to the delivery, support, and assurance necessary to establish and embed an effective governance assurance process.
The following groups and/or individuals will assist in the delivery of effective governance assurance:
|
Group or Individual |
Roles and Responsibilities |
|
Council |
• Ensure that an effective framework of governance and governance assurance is in place. |
|
Elected members (individually and collectively) |
• Understand the importance of good governance and its benefits, which includes attending relevant training. • Contribute to the identification of assurance needs. • Consider the assurance (risk) requirements / implications contained within reports as part of the Council’s decision-making process. • Promote and demonstrate the behaviours, values and culture that supports good governance. • Ensure open and frank conversations about governance assurances (risks), ensuring appropriate reporting and escalation as required. |
|
Corporate Policy & Resources Committee and Service Committees |
• Review the assurance registers relevant to the Committee’s remit and hold management to account for the identification and implementation of assurance actions. |
|
Audit Committee |
• Provide independent and objective assurances to the Council on the adequacy and effectiveness of the governance framework and assurance process. |
|
Chief Executive |
• Devise, implement and maintain an effective framework of governance and assurance. |
|
Management Team (MAT) |
• Ensure the Council manages its governance assurances effectively through the Governance Assurance Policy • Actively consider and manage the key strategic areas of focus, major concerns, and issues. • Keep the Governance Assurance Framework and Policy under regular review. • Promote and demonstrate the behaviours, values and culture that supports good governance and accountability. • Encourage open and frank conversations about governance (risks), and ensure appropriate reporting and escalation of risks as required |
|
Group Heads |
• Responsible for the effective and robust management of governance and assurance within their areas of responsibility. • Review service Assurance Registers regularly, at least quarterly or more frequently if required, and hold assurance action owners to account for the implementation / provision of the necessary assurance. • Escalate matters to the Management Team as appropriate. |
|
Service Managers / Project Managers |
• Manage compliance with the Council’s governance framework in their service area or project for which they are responsible. • Maintain service assurance registers and keep them under continual review. • Escalate matters to the Group Head or Management Team as appropriate. |
|
Boards / Steering Groups |
• Manage compliance with the Council’s governance framework as appropriate for the remit of the Board or Steering Group. • Maintain an assurance register and keep it under continual review. • Escalate risks to the relevant Group Head/member of Management Team as appropriate. |
|
All Employees |
• Maintain an understanding of the Council’s governance framework and its importance. • Identify any aspects of the Council’s services that require intervention, change or escalation and raise these with their line manager. |
The governance assurance framework is supported by:
|
Group or Individual |
Roles and Responsibilities |
|
Deputy Chief Executive |
• Responsible for the effective delivery and maintenance of the governance assurance framework. • Responsible for ensuring that governance assurance resources are appropriate. • Commission independent assurance and an annual opinion on the adequacy and effectiveness of the Council’s governance framework. |
|
Internal Audit |
• Advise senior management of good governance practice. • Undertake periodic independent reviews of the Council’s governance arrangements including the governance assurance process. • Advise and support the Audit Committee to fulfil its responsibilities for the oversight of the governance assurance process. |
Appendix 2
Framework of Governance
The following table shows the governance domains of the Council.
|
Domain |
Description / Purpose |
|
Financial Management |
The framework of policies, procedures, guidance, and training in place that are complied with, that ensures our financial resources are managed in an efficient and effective way.
This is not about how much money the Council has, what it spends that money on, or if that may change or reduce, it is about the effectiveness of the financial management framework to deal with and respond to changes in whatever resources the Council has as a whole or allocates to particular services or functions. |
|
Workforce / HR Management |
The framework of policies, procedures, guidance, and training that ensures the Council can manage its human resources in an efficient and effective way.
This is about ensuring the Council understands its human assets, their quality, their control, their development, deployment, and wellbeing. |
|
Information Systems Management |
The framework of policies, procedures, guidance, and training that ensures the Council has a suite of information systems and technology that is managed, controlled, accessed, and utilised appropriately to enable the efficient and effective delivery of services and functions.
This is about the quality, suitability, and resilience of IT/IS such that the Council achieves its objectives whilst protecting the integrity and accuracy of its data. |
|
Information Governance / Security |
The framework of policies, procedures, guidance, and training that ensures the Council maintains its information assets to ensure compliance with prevailing data protection laws but also supports and enables the Council to deliver its objectives in an efficient way. This also includes the arrangements to maintain effective levels of cyber security and resilience. |
|
Procurement, Commissioning and Contract Management |
The framework of policies, procedures, guidance, and training that ensures the Council procures, commissions, and manages its contracts in ways that are compliant with legislation, delivers value for money, demonstrates transparency and sustainability, and therefore supports the effective delivery of services and functions.
This is not about what is procured or commissioned but that there is due and consistent regard to deliver value for money, good contract governance, stakeholder accountability, and equity in how the Council secures goods and services to deliver its objectives. |
|
Partnership / Relationship / Collaboration Governance |
The framework of policies, procedures, guidance, and training that ensures the collaborative arrangements in place are effectively governed and managed to support the Council to deliver its objectives.
This is different to contract management to reflect the wider partnership / collaborative arrangements in place with other organisations that we use or use us to deliver services jointly or on our behalf. |
|
Performance Management / Data Quality |
The framework of policies, procedures, guidance, and training that ensures the Council manages its performance at all levels through quality, timely, accurate and reliable data such that performance and accountability is capable of effective measurement and management to drive continuous individual and strategic improvement.
This is not about actual performance; this is about having the confidence to be able to rely on the data and systems in place that identify performance to enable management to make decisions reliably and consistently. |
|
Asset Management (non-IT assets) |
The framework of policies, procedures, guidance, and training that ensures the Council can manage and utilise its physical assets to best effect and demonstrate value for money to support the delivery of services.
This is not about what assets the Council has as such but rather it knows what they are, where they are, can manage them in a way that ensures they are fit for purpose, kept useable and efficient and are disposed of and renewed at the optimum time. |
|
Ethical Standards and Conduct |
The framework of policies, procedures, guidance, and training that ensures its employees and members, and those working with and for the Council discharge their responsibilities with the highest ethical standards meeting in all aspects of public expectations for conduct and integrity.
This also extends to the arrangements for dealing with non-compliance and ensuring stakeholder accountability, transparency, and confidence. |
|
Project and Programme Management |
The framework of policies, procedures, guidance, and training that ensures the effective and efficient management and delivery of the Council’s projects and programmes, and that they are reviewed for lessons learned.
This is about ensuring good governance, accountability and benefits realisation from change, development and transformational projects and programmes. |
|
Health and Safety |
The framework of policies, procedures, guidance, and training that ensures the Council discharges its legislative and good practice responsibilities for the health, safety and welfare of its employees, users/customers, and wider stakeholders. |
|
Business Continuity / Emergency Resilience |
The framework of policies, procedures, guidance, and training that ensures the Council understands its business continuity and emergency resilience arrangements and that employees, partners, and other organisations understand their respective roles should an incident arise and that services are restored as quickly and efficiently as possible. |
|
Safeguarding |
The framework of policies, procedures, guidance, and training that ensures the Council’s responsibilities for the safeguarding of children and adults are discharged as effectively and efficiently as possible.
This extends to ensuring all partner organisations, related parties and contractors meet their responsibilities within the Council’s frameworks. |
|
Legislative Compliance (Operational) |
The framework of policies, procedures, guidance, and training that ensures the Council understands and meets its legislative responsibilities in the delivery of services.
This is beyond those legislative frameworks within other domain areas and relates to specific statutory roles the Council has for service delivery and discharging public services. |
|
Equality, Diversity, and Inclusion |
The framework of policies, procedures, guidance, and training that ensures the Council has due regard for diversity, equality, and inclusion in how it delivers its services, manages its employees, and supports the wider community, meeting legislative and good practice standards in doing so. |
|
Decision-Making Arrangements |
The framework of policies, procedures, guidance, and training that ensures the Council makes sound decisions in a transparent and accountable manner, meeting the requirements of legislation and internal governance arrangements.
This is not about the actual decisions made but relates to the way they are made, scrutinised and reported. |
|
Board Governance |
The framework of terms of reference, operating guidelines and protocols that ensures a Board and any supporting groups operate effectively and efficiently, where all participants understand their individual and collective duties and responsibilities and there is clear evidence of challenge, support and action arising from meetings. |
|
Governance / Risk Management |
The governance assurance framework that ensures the Council has regard to the areas of focus, concerns and any issues that require action assurance. |
|
Compliance with audit and inspection |
Procedures exist and are followed to ensure the timely response to audit or inspection recommendations and that agreed actions are implemented within the agreed timeframes. |