To present the report of the Head of Audit and Risk.
Minutes:
The report of the Head of Audit and Risk incorporating the revised Corporate Risk Register was presented for the Committee’s consideration.
The Head of Audit and Risk reported that in May, 2019 the Senior Leadership Team (SLT) reviewed the corporate risk register and considered that a number of risks were no longer relevant and that some risks could be amalgamated being mindful also of the recommendations made during the recent Zurich Municipal Risk Management Health Check about the Corporate Risk Register being overpopulated with risks. The outcome of the SLT’s review resulted in the net closure of 19 risks – these comprised of risks where significant progress has been made to mitigate the risk, risks of a similar nature which have been merged, and risks that are no longer considered a risk because circumstances have changed. Details of the individual risks thereby affected are provided in the report. The SLT has identified the top (red) residual risks to the Council as YM28, YM40 and YM41. Additionally, the SLT has also agreed that rather than reviewing the entire corporate risk register quarterly, it will review a small number of risks every month.
The Committee considered the information presented and raised the following matters –
• The Committee queried how the SLT would determine which risks it would be reviewing each month.
The Head of Audit and Risk clarified that risks have been prioritised according to their inherent and residual risk rating with priority being given to Red Inherent/Red Residual risks followed by Red Inherent /Amber Residual risks; Red Inherent/Yellow Residual risks and Red Inherent/Green residual risks. Whilst mitigating actions are key to reducing residual risk it is considered that Red inherent risks need to be monitored on a regular basis.
• The Committee queried whether the Council is happy to tolerate 3 major risks that remain Red as residual.
The Head of Audit and Risk clarified that there are times when a risk will remain red and that it is not unusual for a risk register to contain red inherent and red residual risks. This reflects the Council’s risk appetite as set out in the risk matrix but does not mean that the risks are not being managed.
• The Committee discussed the use of the term “catastrophic” to describe the highest level of impact were a risk to materialise and whether it overstated the potential effects; the Committee queried whether it would be sensible to focus on identifying measures to reduce any residual risks to below the catastrophic level.
The Head of Audit and Risk explained that the use of the term catastrophic is not uncommon; she clarified that with all risks, the SLT has determined that the amount of resources that it is willing/able to put in to manage risks is at the level reflected in the risk matrix which is the level it is willing to tolerate.
• The Committee queried at what point did the Council intend to introduce measures to mitigate Brexit.
The Committee was informed that the Council has a designated Brexit Officer and that regular meetings are held across North Wales to consider Brexit related issues and how these are, and will be mitigated across the region. The Brexit Officer also maintains a separate Brexit risk register down to service level and regular reports are made to the Welsh and UK Governments.
It was resolved to note the contents of the report and that the Committee takes assurance that the risks to the Council’s aims and objectives are being recognised and managed by the Senior Leadership Team.
NO ADDITIONAL ACTION WAS PROPOSED.