|
Risk Category
|
Risk Owner |
Risk Description
|
LIKELIHOOD
|
IMPACT |
SCORE |
TASKS TO MITIGATE RISKS |
Residual Risk
|
Direction of Travel |
Current Update Qtr 4 |
||
|
|
|
|
|
|
|
|
L |
I |
S |
|
|
|
Programme and Delivery Risks |
|
|
|
|
|
||||||
|
1. DMO - Destination Management Organisation |
|
||||||||||
|
1a DMO 1 |
Sam Hunt |
Failure to maximise tourism in York and deliver marketing activities relating to tourism and conferences. |
4 |
5 |
20 |
· Horizon scanning for funding opportunities to deliver tourism outcomes. · Successful events programme in place. · Advertising campaigns delivered through strong links with partners across York and North Yorkshire. · Media / filming requests handled by an in-house resource. · International marketing in place. · Utilising Innovative flexible approaches to digital and creative marketing. · Campaigns planned and agreed in advance |
3 |
5 |
15 |
|
Haunted Campaign Delivered in partnership with York Park & Ride and York Dungeon, this campaign achieved record-breaking engagement across social media.
Christmas Marketing – Digital and social media content continues to perform strongly, with exceptional engagement levels. The new ‘trader showcases’ are successfully highlighting Yorkshire produce and supporting local businesses.
Starring campaign Set to launch shortly in collaboration with the North York Moors National Park and Castle Howard, featuring London Underground advertising scheduled to go live in the first week of December.
International York’s represented at major global events including: · Civic visit to Nanjing, China · Attendance at World Travel Market, London · Partnership with NYMNP at Travdays, Netherlands · Upcoming participation in Destination Britain North East Asia |
|
1b
DMO 2 |
Sam Hunt |
Visit York membership schemes collapses
|
2 |
4 |
8 |
· Concerted, ongoing effort to maintain existing members, attract new members and grow membership. · Review of member benefits and added value to offers. · CRM system in place to track member information past and present for re engagement if needed. · Marketing Partnership model ongoing implementation to secure revenue opportunity. · Member events take place · Member monthly newsletter produced · Dedicated relationship resources in place. · An annual Conference to engage partners.
|
2 |
3 |
6 |
|
No change to risk
Membership retention 25/25 is at 94%
Marketing campaign plan for 26/27 complete and ready to go to members in December
LVEP money secured for international marketing. |
|
1c
DMO 2 |
Sam Hunt |
Failure to keep partners on board |
1 |
3 |
3 |
· Member Advisory Board in place with regular meetings · Key Account Management · Member Events · Regular liaison with key partners. · Stake Holder Events · Newsletters and Bulletins · Tourism Advisory Board attendance · York Bid partnership working. |
1 |
3 |
3 |
|
No change to risk -
· Member Advisory Board (MAB): Continues to meet regularly. · Retention: Remains strong, demonstrating effective account management. · Member Engagement: Regular events maintained. · TAB (The Advisory Board): Ongoing monthly attendance and active support for the strategic action plan.
|
|
1d
DMO 3 |
Sam Hunt |
Failure of the Local Visitor Economy Partnership to formalise regional working partnerships leading to position York as a leading destination reducing its ability to effectively secure and access funding and support from VisitEngland and Central Government. |
1 |
3 |
3 |
· Regular LVEP meetings in place attended by Managing Director. Deputised by Sam Hunt · York Tourism Strategy in place. · Development of a North Yorkshire Destination Management Plan. · TAB monthly meetings · KIT meetings with Visit England
|
1 |
3 |
3 |
|
No change to risk
The first LVEP Board met at the
end of September. Stuart Paver is the nominated Board
representative. MIY and CYC have met with North Yorkshire Council and the Combined Authority to align priorities and identify joint initiatives that increase collaboration and enhance regional tourism and economic outcomes.
TAB (The Advisory Board): Ongoing monthly attendance and active support for the strategic action plan. LVEP Framework draft is ongoing which merges both York Tourism Strategy and North Yorkshire Destination Marketing Plan.
|
|
|
|
||||||||||
|
2. VED - Visitor sector development |
|
||||||||||
|
2a VSD 4
|
Sam Hunt |
Failure to attract new business tourism to the city. |
2 |
2 |
4 |
· Generic marketing to promote York as a destination for business Conference · Attendance at relevant shows and events |
2 |
2 |
4 |
|
No change to risk
New members joining this financial year
|
|
3. TAB – Tourism Advisory Board |
|
||||||||||
|
3a
TAB 1 |
Sam Hunt |
Failure to Deliver the Tourism Strategy |
3 |
4 |
12 |
· Tourism Strategy based on research from Group NAO report, in collaboration with Tourism Advisory Board, input from residents through CYC’s Our Big Conversation, Visit York Visitor Survey, and key city stakeholders · Strategy has now gone through further consultation with key stakeholders to ensure inclusive and meets city’s needs pre-publication – including Tourism Advisory Board, Culture Exec, MIY Board, BID Board · CYC to adopt in February 2024 · Evidence being monitored - including through Visit York Visitor Survey, footfall data, and partner data · TAB monthly meetings to progress Strategy with independent Chair (YSJ) |
2 |
4 |
8 |
|
No change to risk
Implementation plan in process with TAB board members.
Action Plan reviewed and next stages to be implemented. |
|
4. MAR - Markets |
|
||||||||||
|
4a
MAR 1, 2 |
Lisa Grimbley
|
Failure to Improve Shambles Trading performance
|
3 |
3 |
9 |
· New Markets and City Centre Manager with extensive experience in markets appointed with a priority of recruiting new traders and delivering a sustainable market · Balance of trade policy implemented ensuring high levels of consumer service, trading opportunities and existing business sustainability leading to trader retention. · Monthly budget monitoring in place with accurate forecasting · New Management software implemented. · Proactive business development plan to grow speciality markets. · Rules and Regulations in place with annual reviews. · Development of a Market Strategy.
|
2 |
3 |
6 |
|
The annual review of the Rules and Regulations was reviewed in November 25 with slight amendments following feedback from traders The Retail Group has completed the Market Growth Strategy. Strategy Action Plan and Investment Plan developed and approved by Board.
|
|
4 b
MAR 3 |
Lisa Grimbley |
Failure to operate York’s market charter on behalf of the Council. |
3 |
3 |
9 |
· Monitor and review other proposed Markets in the City · Promote the rules of the Market Charter to ensure other operators understand · Develop a Market Strategy for the City |
2 |
3 |
6 |
|
No change, risk is still the same.
Market Manager has monitoring in place for permitted markets.
Continuing to support Acomb market which is popular and well received by residents and stakeholders.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5. CE - Commercial Events |
|
||||||||||
|
5a
CE 1 |
Lisa Grimbley |
Failure to provide a strong inclusive and diverse events programme to deliver the longer-term aspirations to grow events and speciality markets, deliver exceptional Visitor Experience that keep’s York’s profile high and generates high economic impact for the city. |
3 |
3 |
9 |
· Project Board for all Key projects in place · Budget Monitoring in place and reviewed · Contracts in place and managed · Contingency plans to defer activity · Event evaluations in place · Regular meetings with licencing authorities in place. · Inclusivity, diversity and accessibility are part of event planning and management. · Directly enabling championing, coordinating, programming, promotion and delivery of events that add value to the tourism experience and the local economy. · Partners investing in their events |
2 |
3 |
6 |
|
Risk remains the same
Regular Budget monitoring in place.
Annual events plan developed and approved, with partial completion with full detailed event planning in place.
|
|
5b |
Lisa Grimbley |
Failure to deliver key events due removal/restriction of premises licence resulting in reputational damage and loss of income.
|
3 |
4 |
12 |
· Review of tendering and contract procedures to provide full assurances of compliance with licence conditions by 3rd party provider · Enhanced premises checks to be undertaken by MIY during events to ensure compliance · Scrutiny of 3rd party providers operations to ensure fully compliance. · Scrutiny of Event Management Plans prior to event
|
2 |
4 |
8 |
|
No change, risk is still the same.
Robust monitoring of premise licence is in place.
Reviewed the premise licence for Parliament Street, resulting in additional risk assessments being undertaken for the provision of SIA trained staff.
|
|
5c |
Lisa Grimbley |
Failure to deliver the 2026 Christmas Market as planned due to failure to obtain required Local Authority approvals as a result of ATTRO conditions not aligning with CYC access for all requirements resulting in event cancellation or late withdrawal leading to significant loss of income, increased expenditure, potential contractual disputes with suppliers and vendors and potential reputational damage to MIY.
|
4 |
5 |
20 |
· Early and ongoing engagement with the Local Authority to confirm approval pathways and timelines. · Submission of complete, compliant documentation aligned to Local Authority standards (SAG) · Contingency planning, including scalable or alternative delivery options. · Clear contractual clauses addressing cancellation due to regulatory non-approval to be added to all contracts and terms and conditions. |
4 |
5 |
20 |
|
Risk updated for 2026 event
|
|
5d CE1
|
Lisa Grimbley |
Failure to deliver an event in public spaces because of permanent or temporary ATTRO/CYC ,its implications, associated costs leading to event cancellation or reduction in scope; loss of public engagement and reputational damage; potential financial loss.
|
4 |
5 |
20 |
· Early engagement with CYC/NYP at the event concept stage to identify ATTRO implications. · Identification of any unbudgeted ATTRO-related costs that could make delivery unviable. · Incorporate potential ATTRO requirements, costs, and lead times into event planning · Where events are third-party led, include clauses in agreements that clarify responsibility for ATTRO-related costs and cancellations are responsibility of event provider.
|
4 |
5 |
20 |
|
Risk updated
|
|
5 e CE 1 and CE 3 |
|
Failure to reach agreement with third-party event organisers due to the financial implications of ATTRO requirements and ATTRO conditions not aligning with CYC access for all requirements resulting in organisers withdrawing from planned events resulting in reduced income to MIY and local businesses, loss of public engagement and reputational damage to MIYT and third party event organiser.
|
4 |
4 |
|
· Requirement that third party event organisers undertake a ATTRO feasibility assessment before provisional event approval.
· Where events are third-party led, include clauses in agreements that clarify responsibility for ATTRO-related costs and cancellations are responsibility of event provider.
|
4 |
5 |
|
|
New Risk added |
|
5f
CE 6 |
Lisa Grimbley |
Failure to support Local and Community Events to be delivered safely |
3 |
4 |
12 |
· Community event toolkit has been created to allow event organisers to self-serve including guidance on event management and highlighting where permissions would be required. · Review their event documentation. |
2 |
4 |
8 |
|
No change, risk is still the same.
Number of community bookings being held in the city centre, supported pre-event by the Events Team.
Community events and festival toolkit written to guide which has visibility on Makeityork.com and CYC website.
|
|
5g |
Lisa Grimbley |
Poor contract management in place leading to negative publicity and maximum contract value not being delivered. |
3 |
4 |
12 |
· Contract management process in place · Regular monitoring reviews |
2 |
4 |
8 |
|
Risk remains the same
Regular on-site monitoring with robust checklists. Any issues being logged on specific event logs and where applicable contracts can be.
|
|
6. CCV - City centre vibrancy |
|
||||||||||
|
6a
CCV 1 |
Lisa Grimbley |
Failure to maximise opportunities to commercialise Eye of York, Tower Gardens, Exhibition Square, Kings Square and St Helen’s Square due to constraints - operational and logistical |
3 |
3 |
9 |
· Investment opportunities for the locations to be identified to make areas usable spaces · Liaison with commercial agents · Liaison with community & voluntary groups · Regular e-mail shots to third party organisers · Promotion and advertising plan to be in place · Review of pricing plan
|
3 |
3 |
9 |
|
Restrictions on the noise licence requirements impedes ability to attract commercial event providers.
Termination of racecourse management agreement impacts on event planning. Further clarity from CYC required. |
|
6b CCV 5 |
Lisa Grimbley
|
Failure to improve the management of buskers, street traders, street cafes and pedlars due to policy not being endorsed, approved for implementation and enforced.
|
2 |
3 |
6 |
· Spaces and Places Policy to be developed in conjunction with CYC and Partners to obtain buy in. · Collective partnership working to address issues · Conflict management training for staff · Promotion of the busking rules · Train all front line staff of the rules on busking
|
2 |
3 |
6 |
|
Spaces and Places policy drafted and submitted to CYC. Draft needs to align with CYC - Movement and Place Plan. Ongoing discussions with CYC.
Meeting held with Local Councillors to brief on draft policy.
Further work required on guidelines and enforcement.
|
|
7. CUL - Culture |
|
||||||||||
|
7a
CUL 1 |
Lisa Grimbley |
Failure to contribute to the delivery of the culture strategy along with other partners to enable an ambitious and cohesive programme of cultural development for the city covering the arts, heritage and creative industries from the spaces managed by MIY. |
2 |
2 |
4 |
· Events Calendar in place each year · Delivery of an annual free trail or event · Continue to collaborate with creative networks to diversify the cultural offer at MIY delivered events. |
2 |
2 |
4 |
|
2 trail to be delivered in 2025. |
|
8. EVF – Events Framework |
|
||||||||||
|
8a
EVF 1 |
Lisa Grimbley |
Failure to deliver a city-wide Events Framework that enables the city proactively to identify the events that it wishes to host and attract and enables the Council to respond in an informed way when opportunities are brought forward. |
3 |
3 |
9 |
· Work with business, visitor economy and cultural sector
|
2 |
3 |
6 |
|
Ongoing work, no change, risk is still the same.
|
|
9. UD UNESCO designation |
|
||||||||||
|
9a UD 1 |
Sam Hunt |
Failure to support the Guild of Media Arts as the focal point for UNESCO City of Media Arts designation by Promoting York’s status. |
2 |
2 |
4 |
· Promotion of the designation through MIY digital assets MIY Events Calander, MIY Linked in and member e news. |
2 |
2 |
4 |
|
No change to risk
Support on new UNESCO report with city partners |
|
10. Visitor Information |
|
||||||||||
|
10 a |
Karen Collins |
Visitor Information Service failure to cover costs
|
3 |
3 |
9 |
· Regular budget monitoring · Increase of commission-based Ticketing Offerings (transport, attractions, tours) including re-negotiating of existing Ticket commission rates · Retail Strategy to cover next 18 months mid-production |
2
|
3 |
6 |
|
No change to risk
Established further retail opportunities i.e new souvenirs, local products, branded merchandise. Reviewed commission-based sales for attractions and transport bookings.
|
|
10 b |
Sam Hunt |
York Pass failure to receive income |
3 |
3 |
9 |
· Renegotiating contract/SLA for 2024/25 with TWG · Regular monthly meeting with TWG and TurboPass in place to resolve immediate issues and settle outstanding debt · TurboPass bringing Trade Supplier and Pass Sales experience to maximise pass potential – roadmap ongoing · Robust financial system in place · Increase in web and hotel trade suppliers for additional revenue streams · Overall product analysis and digital review taking place in 2023-2024
|
3 |
3 |
9 |
|
No change to risk level.
New model software agreement contract with Turbo Pass/TWG completed.
Product analysis currently underway exploring options to grow sales of York Pass.
|
|
11. Corporate Risks |
|
||||||||||
|
11 a |
Karen Collins |
Failure to deliver on the SLA with CYC
|
2 |
3 |
6 |
· Monthly Client Meetings · Monthly Officer Meetings · Weekly Executive meeting · ¼ Board meetings · Key Performance Data provided · Risk Register in Place · Service Delivery Plans in place · Action logs introduced · MD attends CMT as requested · MD attends Scrutiny as requested
|
1 |
3 |
3 |
|
No change to Risk
Regular quartely monitoring meetings in place.
Action Log tracked and monitored.
Written report and KPI’s submitted each quarter
|
|
11 b |
Karen Collins |
Change in CYC Governance arrangements impacting on MIY Business Model and reporting requirements |
2 |
3 |
6 |
· Regular Client dialogue with CYC officers and Local Members · Regular Stakeholder meetings in place · Regular local member meetings in place · CYC members on the board
|
1 |
3 |
3 |
|
No change to risk or mitigation |
|
11 c |
Blessing James |
Failure to maintain a balanced budget for the delivery of outcomes in line with SLA. |
3 |
4 |
12 |
· Head of Finance in post. · Quarter Budget Monitoring reports are presented to MiY Board for scrutiny · Monthly budget monitoring reports provided to Heads of Service · Budget monitoring provided to Shareholder · · |
2 |
3 |
6 |
|
No change to risk |
|
11d |
Blessing James |
Unexpected increase in overhead costs and project costs |
2 |
4 |
8 |
· Regular budget monitoring and performance review in place · Budgets are updated as new information is known and in response to any relevant internal and external factors. · A robust structure exists to oversee the budgetary control process from budget setting through to monitoring, · Decisive action to address expenditure increase · Effective tendering and contract management introduced · Project Boards for key projects in place · Contingency plans in place to improve revenue · Key projects have contingency built in.
|
2 |
3 |
6 |
|
|
|
11e |
Blessing James
|
Failure to deliver revenue generation targets
|
3 |
4 |
12 |
· Evidence based targets on realistic assumptions · Regular budget monitoring · Contingency plans for improved revenue generation · Review of charges annually for public spaces · New Markets Management software implemented with live data which address bad debt · |
2 |
4 |
8 |
|
Regular monitoring in place |
|
11 f |
Blessing James |
Reduction in income |
3 |
4 |
12 |
· 3 year Budget produced and monitored. · Exploration of external funding opportunities. · Prudent budget management. · Accurate forecasting prepared. |
2 |
4 |
8 |
|
Budget monitoring in place monthly Bi Monthly board updates Monthly CYC/MIY budget meetings
|
|
11g |
Blessing James |
Ignorance or non observance of agreed governance protocols and/or poor decision making. |
1 |
4 |
4 |
· Annual Audit Report · Board report templates · Articles of Association/Standing Orders/Scheme of Delegation · Service Planning
|
1 |
4 |
4 |
|
No change to risk |
|
11 h |
Karen Collins |
Failure of IT, data Loss, data breach, successful cyber attack. |
2 |
4 |
8 |
· Business Continuity Plans in place. · IT contingency/disaster recovery plan with IT contract. · All PCs, Laptops and Servers are protected by Hornet security and anti viirus Protection Systems and cannot be disabled with automatic updates. · All incoming mail is scanned automatically with quarantine in place for suspicious emails. · External Management of IT provision with security measures in place. · External system back up in place. · Training and Awareness for staff.
|
2 |
3 |
6 |
|
Risk remains the same Robust IT security policies in place. Back up process in place. GDPR training undertaken by all staff. Key elements on key multifactor to protect. Enhanced cybersecurity measures embedded across MIY systems. These include: · Full security review competed with enhanced measures implemented. Including phishing simulations and awareness campaigns by our IT provider. · Mandatory participation in advanced cybersecurity training. · Regular testing of our systems to ensure highest level of protection. · All IT request are required to be through a online secure portal to prevent imitation of individuals.
|
|
11 i |
Karen Collins |
Staff Capacity impacting performance of the business and constrains capacity
|
3 |
3 |
9 |
· Specific budget to enable consultancy or short term employment contracts. · Regular reviews to shift resources around the organisation.
|
2 |
3 |
6 |
|
No change to risk |
|
11 k |
Blessing James |
Legal and Financial Compliance failure
|
3 |
4 |
12 |
· Policies and procedure to promote appropriate use of resources. · Clear delegation of authority. · New advanced purchase order system implemented. · Public Liability assessment and insurance. · Policies and procedure to maintain high standards of behaviour and integrity eg IT useage policy.
|
3 |
3 |
9 |
|
No change to risk |
|
11l |
Karen Collins |
GDPR and date protection compliance failure
|
2 |
4 |
8 |
· Full review of date collection, usage and storage. · Review of policies and procedures in relation to maintaining date. · Policies and procedure to maintain high standards of behaviour and integrity eg IT use policy. · All staff training to be undertaken Data Protection and GDPR.
|
2 |
4 |
8 |
|
No change to risk
Mandatory annual staff training completed
Updated data retention policy. |
|
11 m |
Lisa Grimbley
|
Failure to comply with Health and Safety legislation/practice leading to a) intervention, prosecution by the HSE and other agencies b) injury to employees and other parties c) increase in sickness absence d) liability claims e) damage to reputation f) corporate manslaughter g) reduction in performance and standards
|
1 |
4 |
4 |
· Designated Health and Safety Officer. · Health and Safety Policy with roles and responsibilities clearly defined. · Health and safety consultation and communication with employees. · Health and safety audit (External), monitoring and inspection programmes for high risk areas. · Fire plans in place. · Health and safety training, toolkits and information dissemination. · Process and system for recording and monitoring incidents and accidents. · Health and Safety induction for new starters · Full H&S assessment for events and event management plans. · All events considered by external Safety Advisory Group. · Relevant staff appropriately trained in IOSH and NEBOSH AND crowd Safety. · External experts commissioned where required · Appropriate insurance and public liability insurance in place · Third party events – Risk Assessment, Event Management Plan required and Safety Advisory Group approval required. · Market Traders public liability in place and PAT testing requirement.
|
1 |
4 |
4 |
|
No change to risk
Ongoing H&S staff training H&S Induction training for new staff
Revised Facilities Management monitoring/reporting systems implemented.
More robust Market food trader record management to include LPG and Food Hygiene management as due diligence, also strengthened in the Rules and Regulations. |
|
11n |
Karen Collins |
Failure to retain and recruit adequately trained and experienced staff and or departure of key staff having a negative impact on Business plan, SLA, business transformation, planning performance and delivery etc.
|
1 |
4 |
4 |
· Refresh of our employee engagement to ensure our employment practices are fit for purpose. · Sickness and absence monitoring in place. · Regular 1:1’s introduced. · People Performance Management framework including and annual appraisal process and training needs analysis in place. · Service Planning in place. · Hybrid working implemented. · Benchmark of salaries. · Recruitment process in place. · Annual staff survey undertaken · Able to recruit short term agency staff if required for critical roles.
|
1 |
4 |
4 |
|
No change to risk
Sickness absence monitored Recruitment and selection policy updated Staff survey undertaken with action plan completed
|
|
11 0 |
MD/HOS |
Emergency and continuity planning
Failure to plan and develop processes and keep maintained and updated to ensure business continuity in the event of a significant event occurring, |
|
|
|
· Good partnership working arrangements at all levels to. · Business Continuity plans in place. · Hybrid working for staff · 2 office locations in use. · Business Impact is reviewed at least every 12 months, or when substantive changes in processes and priorities are identified. |
|
|
|
|
No change to risk
BCP in place and tested and reviewed annually. |
|
12. External Threats |
|
||||||||||
|
12a |
MD/HOS |
|
3 |
4 |
12 |
· Ability to reduce activity. · Ability to restructure the organisation.
|
3 |
4 |
12 |
|
No change to risk |
|
12b |
MD/HOS |
Austerity from all sectors reducing revenue generation capability |
3 |
4 |
12 |
· Ability to reduce activity. · Ability to restructure the organisation.
|
3 |
4 |
12 |
|
No change to risk |
|
12c |
MD/HOS |
Adverse media attention – Public perception, Partner perception and Stakeholder perception – reputational damage
|
2 |
2 |
4 |
· Plan for Press Release and Media Response. · Designated Media Responders. · Appropriate Rebuttal and Evidence.
|
2 |
2 |
4 |
|
No change to risk |
|
21d |
MD/HOS |
Factors outside MIY control means key aspects of the SLA are not delivered
|
3 |
2 |
6 |
· Ongoing communication with key Stakeholders. · Regular monitoring of the SLA with corrective. planning if targets are not being hit. · Contingency plans and Business Continuity plans in place.
|
2 |
2 |
4 |
|
No change to risk |
Risk Matrix
|
|
Likehood |
||||
|
Consequence (Impact) |
1 Rare |
2 Unlikely |
3 Possible |
4 Likely |
5 Almost Certain |
|
5 Catastrophic |
5 |
10 |
15 |
20 |
25 |
|
4 Major |
4 |
8 |
12 |
16 |
20 |
|
3 Moderate |
3 |
6 |
9 |
12 |
15 |
|
2 Minor |
2 |
4 |
6 |
8 |
10 |
|
1 Negligible |
1 |
2 |
3 |
4 |
5 |
For grading Risk scores obtained from the risk matrix are assigned grades as follows:
|
1-3 |
Low Risk |
|
Increased Risk |
Risk remains the same |
Decreased Risk |
|
4-6 |
Moderate Risk |
|
|
|
|
|
8-12 |
High Risk |
|
|
||
|
15-25 |
Extreme Risk |
|
|
||
