|
Project: E13
– York Community Energy
|
Date:
21/06/2023
|
|
No.
|
Risk Title (event)
|
Risk Detail (cause)
|
Implications (consequence)
|
Risk Category
|
Risk Owner
|
Gross Score
(before
mitigating action has taken place)
|
Gross Rating
|
Controls
|
Net Score
(assessment of the
risk at the current level present time)
|
Net Rating
|
Actions - (Owner Due Date Priority)
|
|
Example
|
Failure to comply with Statutory
Duties
|
• Weather event - snow prevents
inspections
• Insufficient staff with relevant training
- unable to have multi-skill flexibility
• Failure of technology
|
• Injury to a member of the
public
• Increased claims and an inability to
defend them
• Reputational damage
• HSE fines
• Inability to obtain future
funding
|
02 - Legal & Regulatory
|
Andy Binner
|
19
|
|
01 - Mobile working solutions
02 - Performance management data collected and
monitored
|
18
|
|
|
|
1
|
Loss of key
staff/staff illness
|
Senior members of
staff leave their positions and/or are not available due to
illness
|
Loss of experience
and operational/historical information. Management and delivery
suffer.
|
01 –
Governance and Management
|
Tom de Simone
& Andrew Bebbington
|
14
|
|
1. Notice
periods permit succession planning
2. Regular
meetings between management and staff for YCE and CYC so they are
familiar with processes and project details
|
9
|
|
|
|
2
|
Capacity of staff
team
|
The required
outputs and outcomes of the project presents challenges on the work
capacity of the staff team
|
Delivery is not
completed or is completed unsatisfactorily. Staff are overburdened
and become ineffective due to stress/illness
|
03 – Health
& Safety;
07 – System
& Technology
|
Tom de
Simone,
Will
Clarke,
Andrew
Bebbington
|
18
|
|
1. Expected
outputs and outcomes have been set so that they are
manageable
2. Hiring of staff
has enabled additional capacity
3. Capacity levels
are monitored at regular meetings between CYC and YCE
|
8
|
|
|
|
3
|
Lack of
referrals/customer base
|
Referrals for
energy advice service and installations are very low
|
The project will
not deliver on the required outputs and outcomes of the grant
agreement
|
04 –
Financial and Efficiency
|
Tom de Simone,
Andrew Bebbington
|
18
|
|
1. Monitoring of
referrals at regular catch-up meetings
2. Additional
marketing support available if referrals drop-off
3. Relationships
exist with other advice and support services that can offer
additional referrals
|
8
|
|
YCE to provide an
update on referral numbers at meetings – ongoing
Social media
postings to be drafted in preparation for any extra support
required (WC) – 18/09/23
|
|
4
|
Dissatisfaction
with service
|
Customers
receive/complain of poor service in terms of advice and
instalments
Customers complain
of being contacted multiple times and/or by multiple organisations
for evaluation and/or audit purposes
|
Negative
reputation generated for YCE and CYC. Referral and customer base
decline threatening expected outputs and outcomes.
|
10 –
Reputational
|
Tom de
Simone
|
18
|
|
1. Monitoring of
referrals at regular catch-up meetings
2. YCE collect
feedback from customers
3. Collect all
data on customers as set out in the grant funding agreement and
data sharing agreement so that YCE and/or CYC hold it, meaning
customers may not have to be contacted.
4. Record the
customers that are contacted for evaluation/audit purposes. This
can enable a variety of customers to be contacted rather than the
same people.
|
13
|
|
Check feedback YCE
get from customers – ongoing (WC/AB)
YCE to set-up a
process in which they record which customers have been contacted
for evaluation/audit purposes – 18/09/2023
|
|
5
|
Loss of
data
|
Carelessness or
theft/hacking leading to YCE data being lost or stolen
|
Breach of GDPR
regulations and poor reputation generated for YCE and CYC. Lack of
trust with YCE and CYC resulting in reduced impact of
project
|
02 – Legal
and Regulatory
10 -
Reputational
|
Tom de
Simone
|
19
|
|
1. GDPR training
undertaken by CYC staff involved in the project
2. Data
sharing agreement in place
3. YCE are
registered with the Information Commissioners Office and have
undertaken research on GDPR matters
|
18
|
|
|
|
6
|
Cyber
Security
|
The NCSC has
warned of the increased number of cyber-attacks on charitable
organisations and organisations with home-working staff
|
A cyber security
attack could result in reputational issues, data breach and/or
loss, and a loss of access to internal systems and
processes
|
02 – Legal
and Regulatory
10 -
Reputational
|
Tom de
Simone
CYC
|
19
|
|
1. CYC has a ICT
Security Incident Management Procedure that is regularly reviewed.
The CYC ICT team would deal with any suspected/real cyber
attacks
|
18
|
|
YCE to consider
Cyber Essentials/ Cyber Essential readiness toolkit –
18/09/23
|
|
7
|
Failure to comply
with UKSPF branding, reporting and evaluation
requirements
|
Not compiling with
required SPF branding with any media coverage. Not returning
monitoring reports at agreed deadlines. Not working alongside DLUHC
appointed contractors for evaluation purposes
|
CYC fails auditor
tests which results in reputational issues and impacts relationship
with DLUHC
|
02 – Legal
and Regulatory
10 –
Reputational
|
Will
Clarke
|
19
|
|
1. Requirements
for branding, reporting and evaluation are clearly defined in the
grant agreement
2. Regular
meetings with YCE and CYC to check that requirements are being
followed
|
13
|
|
WC to check that
YCE are compiling with SPF branding requirements at meetings
– ongoing
|
|
8
|
Fraud, bribery or
corruption
|
A third party
wants to report fraud, bribery or corruption but the local
authority does not have sufficient external fraud reporting
routes
|
Allegations are
not investigated. Loss of public funds and reputation.
|
01 –
Governance and Management, 02 – Legal & Regulatory, 04
– Financial and Efficiency, 06 – Stakeholder, 10 -
Reputational
|
CYC
|
18
|
|
1. CYC has an
anti-fraud team, Veritau, that can deal with any allegations of
fraud, bribery or corruption. They can be contacted immediately
on 0800 9179 247 or fraud@york.gov.uk
|
12
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
