Risk Assessment, Risk Management & Internal Control Policy
Financial Risk Assessment
The Parish Council has looked at the financial risks that it must deal with and resolved to adopt the following policy.
- Handling Cash
The Parish Council does not handle cash on a daily basis. The only regular income is precept, bank interest and annual VAT return. All of these are paid directly into the Parish Council’s bank account. Cash received from allotment tenancies is recorded, receipted and paid into the bank at the earliest opportunity and within 5 working days.
The Parish Council has insurance to a maximum of £350 for cash in transit.
- Employers liability
The Parish Council employs 1 employee: Clerk
Its insurance policy with provides employers liability cover up to £5 million.
- Public liability
The Parish Council has public liability cover to £10 million under its policy with BHIB. The selection of insurer is reviewed annually based on comparable and sufficient cover.
- Fidelity guarantee
The Parish Council has fidelity guarantee cover to £100,000 see also point 3.
- Contracts and tendering
The Parish Council has financial regulations in place for contracts of seeking 3 quotes which is a mandatory default position. (See standing orders and financial regulations).
- Banking arrangements
There are 5 signatories on the banking mandate (5 Councillors and the Clerk). Two Councillor signatures are required by the bank and in law. Cheques are only signed at meetings of the Parish Council. The Clerk also has access to online banking. She is the only person registered to use this service and it can only be used to transfer money between accounts and check balances.
The Parish Council uses the BACS system to make payments, the measures in place to minimise risks in this process are a password to log on to the banking system and then a fob generated pass code, the fob itself is password protected. The banking systems allows 3 attempts after which the log on is disabled.
- Bank reconciliation
The Parish Council receives a monthly budget against spend statement, including bank balances, and there are quarterly independent checks of bank statements to reconcile with balances reported.
- Cash book records
The Parish Council uses Rialtas software to manage its financial records including the cashbook.
- Internal audit
The Parish Council has appointed an independent internal auditor. An audit is carried out at year end
- Internal control
The Parish Council has established a system of internal control where the Clerk reports in writing prior to each meeting and verbally at the meeting. All payments are supported by an invoice or summary of the reasons for a payment eg to accompany petty cash receipts. All invoices and payment requests are initialled by the Chairman of the meeting at which authority to make payment is given. An Internal Control Checklist is completed and reviewed quarterly between the Clerk, Chairman and one other Parish Councillor.
- PAYE and Workplace Pensions Compliance
The council receives evidence of PAYE payments to HMRC via print outs of the P32 forms and compliance with its duties in respect of automatic enrollment and workplace pensions (i.e. declaration of compliance and list of monthly pension payments
Financial Risk Assessment adopted on 19th December 2024
Chairman ……………………………… Responsible Financial Officer …………………………….
CASSINGTON PARISH COUNCIL – RISK ASSESSMENT/MANAGEMENT DOCUMENT 2024/25
Risk assessment is a systematic general examination of the activities of the Parish Council to enable potential risks to be identified.
- The Parish Council, based on the recorded assessment, will take all practical and necessary steps to reduce or eliminate the risks identified.
- This document has been produced to enable Cassington Parish Council to assess the risks inherent to its activities and satisfy itself that it has taken all reasonable steps to minimise them.
AREA | IDENTIFIED RISK | LEVEL OF
RISK |
CONTROLS | ACTION REQUIRED | |||||||||
FINANCIAL
|
|||||||||||||
Precept | Adequacy of precept in order for Council to carry out Statutory duties | L | •
•
|
Annual budget produced. Council receives monthly budget report.
Monthly information and budget monitoring allow Council to estimate standing costs and costs of projects for the subsequent years. |
No action required.
Existing procedure adequate |
||||||||
Financial Records | Inadequate records leading to financial irregularities | L | •
|
Financial Regulations sets out requirement for production of records at meetings. | No action required.
Existing procedure adequate |
||||||||
Bank and Banking | Inadequate checks/ bank mistakes | L | •
|
Financial Regulations set out setting out banking requirements and controls in place for electronic banking.
Monthly bank reconciliation statement |
No action required.
Existing procedure adequate |
||||||||
Reporting and Auditing | Communication of information | L |
|
Financial matters are a regular item on the agenda of the Council monthly meeting.
Monthly checks by Councillors in PC meetings |
|
No action required.
Existing procedure adequate |
|||||||
Wages and associated costs | Salaries paid incorrectly
Incorrect HMRC NI and PAYE payments |
L |
|
Salary payments included in monthly invoices listed for payment checked by designated Councillor.
HMRC quarterly payments included in monthly invoices listed for payment. |
|
No action required.
Existing procedure adequate |
|||||||
Best Value Accountability | Work awarded incorrectly.
Overspend on services |
L |
|
Parish Council procedure (as per Financial Regulations) to seek 3 quotes for all work estimated to cost over £1000.
For major projects, competitive tendering process would be initiated (as per Financial Regulations) |
|
No action required.
Existing procedure adequate |
|||||||
VAT | Unclaimed VAT refunds | L |
|
Refunds from HMRC for reclaimed VAT noted in lists of monthly income.
VAT incurred displayed in cash book. |
|
No action required.
Existing procedure adequate |
|||||||
EMPLOYMENT ISSUES | |||||||||||||
Working hours | Over payment of wages for hours worked | L | • Council has responsibility for monitoring of hours worked for all employees
• Wage cost submitted on a monthly basis as invoices to be presented for payment |
No action required.
Existing procedure adequate |
|||||||||
Working conditions | Council non-compliant with contractual obligations; leading to discontented workforce. | M | • Regular reviews of staff performance and working relationship with the Council. | Ensure all staff have access to telephone conversations & reviews etc | |||||||||
Health and Safety | Injury to staff in the working environment | M | • Provision for regular reviews of staff working procedures, risks involved and adequate direction on the safe use of any equipment required to undertake roles.
• Extensive health and safety guidance provided to all staff. • Reviewed on a regular basis in conjunction with regular reviews of working practices and risk assessments |
Ongoing reviews as necessary
|
|||||||||
Fraud | Fraud by employees | L | • Requirements of Fidelity Guarantee within insurance provision.
• Regular checks and internal controls on financial activity |
No action required.
Existing procedure adequate |
|||||||||
INSURANCE PROVISION
|
|||||||||||||
Adequacy | Insurance provision inadequate for the risk identified
|
L | • Annual review is undertaken of all insurance arrangements |
No action required. Existing procedure adequate
|
|||||||||
Cost | Best value practice not undertaken | L | • Cost of insurance provision and service provided by said provider reviewed annually. |
No action required. Existing procedure adequate
|
|||||||||
FREEDOM OF
INFORMATION PROVISION
|
Non-compliance with Freedom of Information
Act statutory requirements |
L | • Council has Model Publication scheme available on website and hard copy from the Clerk
• Freedom of Information Request Policy in line with statutory requirements. |
|
No action required.
Existing procedure adequate |
||||||||
DATA PROTECTION | Non-compliance with Data Protection Act and GDPR statutory requirements for registration as data controller
|
L | • Clerk/RFO and members undertaken training
• Council registered with ICO as a Data Controller • Data/information audit complete and reviewed regularly • Privacy notices available on website • Consents records • Policy for review of consents in place • Retention and disposal policy adopted. • Security Incident Procedure/policy in place |
|
No action required.
Existing procedure adequate |
||||||||
ANNUAL RETURN (HMRC) | Submission within time limits to avoid financial penalties | L | • Employers Annual Return to HMRC completed and submitted online within the required time frame by Clerk/RFO |
|
No action required.
Existing procedure adequate
|
||||||||
ANNUAL RETURN (TO EXTERNAL AUDITORS) | Submission within time limits to avoid financial penalties | L | • Sent to internal auditor for completion and signing.
• Presented to Council for approval and signing before being sent for External Audit. |
|
No action required.
Existing procedure adequate |
||||||||
LEGAL POWERS | Illegal activity and/or payments | L |
|
• All actions of the Parish Council noted in Minutes presented to all members.
• Any action not within legal powers to be noted ‘against Clerk’s advice’ • All resolutions for payment resolved at monthly meetings of Parish Council. |
|
No action required.
Existing procedure adequate |
|||||||
STATUTORY
OBLIGATIONS REGARDING DOCUMENTS |
Accuracy and legality of notices, agendas, minutes | L | • Minutes produced in the prescribed manner by the Clerk and adhere to legal requirements.
• Minutes are approved, signed and dated at the next meeting of the Council. • Agendas and notices are produced in the prescribed manner by the Clerk and adhere to legal requirements. • Agendas and notices are displayed according to legal requirements. |
|
No action required.
Existing procedure adequate |
||||||||
MEMBERS
INTERESTS |
Non-registration of Disclosable Pecuniary interests leading to criminal prosecution | M |
|
• Request for all members to declare any interests in business to be considered at all meetings.
•Registration of interests by members on prescribed form. Responsibility of individual member to declare said interests. • Register of interest forms displayed of Parish Council website. |
No action required.
Existing procedure adequate |
||||||||
ASSETS MAINTENANCE | Loss or damage. Risk damage to third party | L | • Annual review of assets undertaken for both insurance provision and external audit requirements.
• Agenda item as required – assets considered by council when purchase or disposal is advised. |
|
No action required.
Existing procedure adequate |
||||||||
ASSETS | Poor performance of assets | L | • All assets owned by Parish Council are regularly reviewed.
All repairs and relevant expenditure authorised in accordance with correct procedures of the Parish Council. • Significant assets insured. • Insurance provision reviewed annually. |
|
No action required.
Existing procedure adequate |
||||||||
MEETING LOCATION | Premises inadequate for needs of Council and inaccessible for members of the public | L | • All meetings of Cassington Parish Council are held in The Village Hall which has adequate facilities for the hosting of meetings. St Johns School Hall is used as an alternative.
• Both are fully DA compliant. |
|
No action required.
Existing procedure adequate |
||||||||
COUNCIL RECORDS
|
|||||||||||||
PAPER RECORDS | Loss of essential records through theft and/or fire damage.
Council Minutes, leases and historical correspondence. |
L
|
• All pre-2009 Parish Council Minutes are archived in Archive Centre, Cowley along with all other minutes, leases and historical correspondence are stored in lockable metal cabinet. Deeds and leases and lodged with solicitors |
|
No action required
Existing procedure adequate
|
||||||||
Current financial records. | L | • All current Parish Council financial records are stored securely at home of clerk | No action required.
Existing procedure adequate |
||||||||||
ELECTRONIC RECORDS | Loss through; theft, fire damage or corruption of computer | L | Parish Council electronic records are stored on laptop computer of Clerk and RFO.
Backups of electronic data are made at regular intervals Data transferred to an encrypted portable hard drive on monthly basis drive held by Clerk & to the cloud |
|
No action required.
Existing procedure adequate
|
||||||||
TRANSITION TO NEW CLERK/RFO | Impact on business continuity | M | Handover programme in place
Induction programme in place Outgoing RFO remaining in place for a few months Named Parish Cllr line manager |
Ongoing review | |||||||||