Source · Select Committees · Public Accounts Committee
Recommendation 8
8
The NAO found that, before the pandemic, departments lacked an agreed understanding of risk tolerance,...
Conclusion
The NAO found that, before the pandemic, departments lacked an agreed understanding of risk tolerance, such as which consequences of a pandemic they deemed acceptable and which consequences they needed to mitigate. The Cabinet Office agreed that government reached a shared understanding of the objectives and priorities they 3 Qq 28, 55–60, 74, 80–83 4 C&AG’s Report, para. 3.14; Q 70. 5 C&AG’s Report, para. 4.2; HM Government, The Orange Book: Management of Risk – Principles and Concepts, February 2020 6 Qq 86–95 7 Government Finance Function, Good Practice Guide: Risk Reporting, August 2021; Risk Appetite Guidance Note, October 2020, revised August 2021; Risk Management Skills and Capabilities Framework, August 2021 8 HM Government, The Orange Book: Management of Risk – Principles and Concepts, February 2020 9 Qq 49, 84–85 Government preparedness for the COVID-19 pandemic: lessons for government on risk 11 should focus on only at the start of a pandemic, following the establishment of its crisis response structures. Government officials told the NAO that a shared understanding of risk tolerance for many cross-government issues is still being developed.10 Communication of the main risks facing the UK
Government Response
Not Addressed
HM Government
Not Addressed
2.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2022 2.2 The government is committed to the development of a training programme for risk professionals (expected by September 2022) and non-experts (expected by Spring 2023), which will help ensure that the application of the principles in The Orange Book is well understood across departments. In addition, the Risk Centre of Excellence has published a number of pieces of guidance to help officials apply the Orange Book in practice (for example, guidance on risk appetite, published in August 2021). From April 2022 the government has revised reporting of principal risks to the Civil Service Board (CSB) to better reflect an assessment of risks outside appetite and management strategies to address them and will continue to refine this approach with the CSB and departments in each quarter. The steps set out in the Risk Management Strategy and Delivery Plan that we shared with the Committee on 31 January 2022, to better integrate risk management into wider government processes over the next 2-3 years, will also include embedding the active use of clear risk appetites. 2.3 The National Security Risk Assessment (NSRA) sets out the government’s understanding of the most serious malicious and non-malicious risks facing the UK. The NSRA process involves government departments and assessment bodies, Chief Scientific Advisers, Local Resilience Forums, Devolved Administrations and a range of external experts. It identifies the common consequences of risk scenarios, and the Civil Contingencies Secretariat develops the National Resilience Planning Assumptions (NRPAs) to outline the capabilities needed to manage impacts. The NSRA and the NRPAs are shared with departments, Local Resilience Forums and Devolved Administrations to ensure a shared understanding of risks and response requirements. The 2022 NSRA is currently underway and is set to be completed in late Spring. 2.4 Responsibility for the management of resilience risks, including ministerial ownership of and input into risk tolerances, will continue to be the responsibility of departments under the Lead Government Department principle.