Agenda item

To present the report of the Risk and Insurance Manager.

The report of the Risk and Insurance Manager on the outcome and findings of a review of risk management policies, procedures and practice within the Authority undertaken by Caerus Consulting was presented for the Committee’s consideration. The review conclusions which have been made available to the SLT, Penaethiaid and the Executive were attached in full under Appendix 1 to the report.

The Risk and Insurance Manager reported on the primary shortcomings identified within the review in relation to inconsistent application of risk management across the Council; lack of correlation between service and corporate risks; non alignment between risk management and other processes; insufficient coverage of risk within partnerships and joint working and a lack of understanding of roles and responsibilities with regard to risk. The Officer referred to the post review action that had, and is taking place in the form of clarifying scrutiny and audit committee roles in relation to risk; consulting on new risk management and guidance documents and delivering risk management training.

The Committee considered the information and the following points were made:

•           It was acknowledged that the successful entrenchment of risk management practice throughout the Council is a long-standing issue for this Committee and is fundamental to the effective conduct of the Council’s business in so much as every decision needs to be referenced to risk. It was suggested that the profile of risk management within the Council is not sufficiently elevated.

•           It was asked at what point does Management consider it will be able to report back to the Committee that it is satisfied with the status and implementation of risk management within the Authority. In response to the Officer reply that the aim is to have a substantial corporate risk register compiled and in place by March, 2015, the Committee asked for an update for that time.

•           The outcome of the discussions regarding the division of risk responsibilities between the Audit and Corporate Scrutiny Committee. The Risk and Insurance Manager said that to avoid duplication, it is intended that the Audit Committee will focus on the risk register and system whilst the Scrutiny Committee will look at individual risks.

•           The need to simplify risk documentation to make it accessible so that the Audit Committee having an oversight responsibility can easily identify the key sources of risk and be assured that arrangements are in place to manage them, and Management is able to buy into the risk management process and register and take ownership of them as an useful tool.

The Deputy Chief Executive confirmed that she had not been persuaded that risk management is sufficiently embedded within the Authority, hence the review and the post review actions around revision of policy, simplification of the risk matrix and the delivery of training. The Authority needs to focus on its high level risks and ensure that the register remains a live document.  All senior and middle managers have received the risk management training and are to incorporate risk management within the business planning process and service performance reviews. It is important that there is consistency in assessing risk and that risks are evaluated against a common base – the revised matrix will assist with that process.

The Interim Head of Resources and Section 151 Officer said that the Audit Committee needs to receive regular reports on risk management within the Council and could request the relevant managers to give account directly to the Committee for any non-compliance identified. The Executive reporting pro forma also includes a section for reporting on risk and mitigation which is not always completed by report authors; there is an argument for questioning the acceptability of reports that are not properly constituted in terms of accounting for and documenting the consideration of risk.

It was resolved to accept the report and the findings of the review of risk management.

ACTION ARISING: Risk and Insurance Manager/Deputy Chief Executive to report back to the Audit Committee in April, 2015 on the status and implementation of the revised corporate risk register/matrix and associated risk guidance documentation.