Documents

Risk Assessment, Risk Management & Internal Control Policy

Policies & Procedures Uploaded on January 8, 2025

Risk Assessment, Risk Management & Internal Control Policy

Financial Risk Assessment

The Parish Council has looked at the financial risks that it must deal with and resolved to adopt the following policy.

  1. Handling Cash

The Parish Council does not handle cash on a daily basis.  The only regular income is precept, bank interest and annual VAT return.  All of these are paid directly into the Parish Council’s bank account.  Cash received from allotment tenancies is recorded, receipted and paid into the bank at the earliest opportunity and within 5 working days.

The Parish Council has insurance to a maximum of £350 for cash in transit.

  1. Employers liability

The Parish Council employs 1 employee: Clerk

Its insurance policy with provides employers liability cover up to £5 million.

  1. Public liability

The Parish Council has public liability cover to £10 million under its policy with BHIB. The selection of insurer is reviewed annually based on comparable and sufficient cover.

  1. Fidelity guarantee

The Parish Council has fidelity guarantee cover to £100,000 see also point 3.

  1. Contracts and tendering

The Parish Council has financial regulations in place for contracts of seeking 3 quotes which is a mandatory default position. (See standing orders and financial regulations).

  1. Banking arrangements

There are 5 signatories on the banking mandate (5 Councillors and the Clerk).  Two Councillor signatures are required by the bank and in law.  Cheques are only signed at meetings of the Parish Council. The Clerk also has access to online banking.  She is the only person registered to use this service and it can only be used to transfer money between accounts and check balances.

The Parish Council uses the BACS system to make payments, the measures in place to minimise risks in this process are a password to log on to the banking system and then a fob generated pass code, the fob itself is password protected. The banking systems allows 3 attempts after which the log on is disabled.

  1. Bank reconciliation

The Parish Council receives a monthly budget against spend statement, including bank balances, and there are quarterly independent checks of bank statements to reconcile with balances reported.

  1. Cash book records

The Parish Council uses Rialtas software to manage its financial records including the cashbook.

  1. Internal audit

The Parish Council has appointed an independent internal auditor.  An audit is carried out at year end

  1. Internal control

The Parish Council has established a system of internal control where the Clerk reports in writing prior to each meeting and verbally at the meeting. All payments are supported by an invoice or summary of the reasons for a payment eg to accompany petty cash receipts.  All invoices and payment requests are initialled by the Chairman of the meeting at which authority to make payment is given. An Internal Control Checklist is completed and reviewed quarterly between the Clerk, Chairman and one other Parish Councillor.

  1. PAYE and Workplace Pensions Compliance

The council receives evidence of PAYE payments to HMRC via print outs of the P32 forms and compliance with its duties in respect of automatic enrollment and workplace pensions (i.e. declaration of compliance and list of monthly pension payments

Financial Risk Assessment adopted on 19th December 2024

Chairman ……………………………… Responsible Financial Officer …………………………….

 CASSINGTON PARISH COUNCIL – RISK ASSESSMENT/MANAGEMENT DOCUMENT 2024/25

 Risk assessment is a systematic general examination of the activities of the Parish Council to enable potential risks to be identified.

  • The Parish Council, based on the recorded assessment, will take all practical and necessary steps to reduce or eliminate the risks identified.
  • This document has been produced to enable Cassington Parish Council to assess the risks inherent to its activities and satisfy itself that it has taken all reasonable steps to minimise them.
AREA IDENTIFIED RISK LEVEL OF

RISK

  CONTROLS ACTION REQUIRED
FINANCIAL

 

         
Precept Adequacy of precept in order for Council to carry out Statutory duties L

 

 

Annual budget produced. Council receives monthly budget report.

Monthly information and budget monitoring allow Council to estimate standing costs and costs of projects for the subsequent years.

No action required.

Existing procedure adequate

Financial Records Inadequate records leading to financial irregularities L

 

Financial Regulations sets out requirement for production of records at meetings. No action required.

Existing procedure adequate

 Bank and Banking Inadequate checks/ bank mistakes L

 

Financial Regulations set out setting out banking requirements and controls in place for electronic banking.

Monthly bank reconciliation statement

No action required.

Existing procedure adequate

Reporting and Auditing Communication of information L  

 

Financial matters are a regular item on the agenda of the Council monthly meeting.

Monthly checks by Councillors in PC meetings

 

 

No action required.

Existing procedure adequate

Wages and associated costs Salaries paid incorrectly

 

 

 

Incorrect HMRC NI and PAYE payments

L  

 

 

Salary payments included in monthly invoices listed for payment checked by designated Councillor.

HMRC quarterly payments included in monthly invoices listed for payment.

 

 

No action required.

Existing procedure adequate

Best Value Accountability Work awarded incorrectly.

 

 

Overspend on services

L  

 

Parish Council procedure (as per Financial Regulations) to seek 3 quotes for all work estimated to cost over £1000.

For major  projects, competitive tendering process would be initiated (as per Financial Regulations)

 

 

No action required.

Existing procedure adequate

VAT Unclaimed VAT refunds L  

 

Refunds from HMRC for reclaimed VAT noted in lists of monthly income.

VAT incurred displayed in cash book.

 

 

No action required.

Existing procedure adequate

EMPLOYMENT ISSUES      
Working hours Over payment of wages for hours worked L • Council has responsibility for monitoring of hours worked for all employees

• Wage cost submitted on a monthly basis as invoices to be presented for payment

No action required.

Existing procedure adequate

Working conditions Council non-compliant with contractual obligations; leading to discontented workforce. M • Regular reviews of staff performance and working relationship with the Council. Ensure all staff have access to telephone conversations & reviews etc
Health and Safety Injury to staff in the working environment M • Provision for regular reviews of staff working procedures, risks involved and adequate direction on the safe use of any equipment required to undertake roles.

• Extensive health and safety guidance provided to all staff.

• Reviewed on a regular basis in conjunction with regular reviews of working practices and risk assessments

Ongoing reviews as necessary

 

Fraud Fraud by employees L • Requirements of Fidelity Guarantee within insurance provision.

• Regular checks and internal controls on financial activity

No action required.

Existing procedure adequate

INSURANCE PROVISION

 

     
Adequacy Insurance provision inadequate for the risk identified

 

L • Annual review is undertaken of all insurance arrangements  

No action required.

Existing procedure adequate

 

Cost Best value practice not undertaken L • Cost of insurance provision and service provided by said provider reviewed annually.  

No action required.

Existing procedure adequate

 

 
FREEDOM OF

INFORMATION

PROVISION

 

Non-compliance with Freedom of Information

Act statutory requirements

L • Council has Model Publication scheme available on website and hard copy from the Clerk

• Freedom of Information Request Policy in line with statutory requirements.

 

 

No action required.

Existing procedure adequate

DATA PROTECTION  Non-compliance with Data Protection Act and GDPR statutory requirements for registration as data controller

 

 

L • Clerk/RFO and members undertaken training

• Council registered with ICO as a Data Controller

• Data/information audit complete and reviewed regularly

• Privacy notices available on website

• Consents records

• Policy for review of consents in place

• Retention and disposal policy adopted.

• Security Incident Procedure/policy in place

 

 

No action required.

Existing procedure adequate

ANNUAL RETURN (HMRC) Submission within time limits to avoid financial penalties L • Employers Annual Return to HMRC completed and submitted online within the required time frame by Clerk/RFO  

 

No action required.

Existing procedure adequate

 

ANNUAL RETURN (TO EXTERNAL AUDITORS) Submission within time limits to avoid financial penalties L • Sent to internal auditor for completion and signing.

• Presented to Council for approval and signing before being sent for External Audit.

 

 

No action required.

Existing procedure adequate

LEGAL POWERS Illegal activity and/or payments L  

 

 

• All actions of the Parish Council noted in Minutes presented to all members.

• Any action not within legal powers to be noted ‘against Clerk’s advice’

• All resolutions for payment resolved at monthly meetings of Parish Council.

 

 

No action required.

Existing procedure adequate

STATUTORY

OBLIGATIONS

REGARDING

DOCUMENTS

Accuracy and legality of notices, agendas,   minutes L   • Minutes produced in the prescribed manner by the Clerk and adhere to legal requirements.

• Minutes are approved, signed and dated at the next meeting of the Council.

• Agendas and notices are produced in the prescribed manner by the Clerk and adhere to legal requirements.

• Agendas and notices are displayed according to legal requirements.

 

 

No action required.

Existing procedure adequate

MEMBERS

INTERESTS 

Non-registration of Disclosable Pecuniary  interests leading to criminal prosecution M  

 

 

 

 

• Request for all members to declare any interests in business to be considered at all meetings.

•Registration of interests by members on prescribed form. Responsibility of individual member to declare said interests.

• Register of interest forms displayed of Parish Council website.

  No action required.

Existing procedure adequate

ASSETS MAINTENANCE Loss or damage. Risk damage to third party L • Annual review of assets undertaken for both insurance provision and external audit requirements.

• Agenda item as required – assets considered by council when purchase or disposal is advised.

 

 

No action required.

Existing procedure adequate

ASSETS Poor performance of assets L • All assets owned by Parish Council are regularly reviewed.

All repairs and relevant expenditure authorised in accordance with correct procedures of the Parish Council.

• Significant assets insured.

• Insurance provision reviewed annually.

 

 

No action required.

Existing procedure adequate

 
MEETING LOCATION Premises inadequate for needs of Council and inaccessible for members of the public L • All meetings of Cassington Parish Council are held in The Village Hall which has adequate facilities for the hosting of meetings. St Johns School Hall is used as an alternative.

• Both are fully DA compliant.

 

 

No action required.

Existing procedure adequate

COUNCIL RECORDS

 

       
PAPER RECORDS Loss of essential records through theft and/or fire damage.

Council Minutes, leases and historical correspondence.

 

L

 

 

 

• All pre-2009 Parish Council Minutes are archived in Archive Centre, Cowley along with all other minutes, leases and historical correspondence are stored in lockable metal cabinet. Deeds and leases and lodged with solicitors  

 

 

 

 

No action required

Existing procedure adequate

 

 
  Current financial records. L • All current Parish Council financial records are stored securely at home of clerk   No action required.

Existing procedure adequate

ELECTRONIC RECORDS Loss through; theft, fire damage or   corruption of computer L Parish Council electronic records are stored on laptop computer of Clerk and RFO.

Backups of electronic data are made at regular intervals

Data transferred to an encrypted portable hard drive on monthly basis drive held by Clerk & to the cloud

 

 

No action required.

Existing procedure adequate

 

TRANSITION TO NEW CLERK/RFO Impact on business continuity M Handover programme in place

Induction programme in place

Outgoing RFO remaining in place for a few months

Named Parish Cllr line manager

  Ongoing review

KEY  LEVEL OF RISK: L: LOW M: MED  H:HIGH