To present the report of the Head of Audit and Risk.
Minutes:
The report of the Head of Audit and Risk updating the Committee on the risk management position was presented for consideration. The report provided an overview of developments in respect of managing risks since the last report on the corporate risk register was presented to the Committee in December, 2020 and included the new strategic risk register at Appendix C.
The Risk and Insurance Manager reported that since the corporate risk register was last presented to the Committee, the Senior Leadership Team (SLT) has undertaken a thorough review of the entire risk register and a decision has been made that the SLT’s focus should be on those risks to the achievement of the strategic priorities, hence a new strategic risk register aligned to the corporate priorities has been developed and replaces the corporate risk register. The risk assessment matrix (presented as Appendix B to the report) has also been reviewed and all of the “Likelihood” descriptors have been amended as have several of the “Impact” descriptors. The new strategic risk register contains 14 risks which is half the number on the previous corporate risk register and each risk has a designated SLT member leading on it. A detailed review of the wording, scores/priorities, control measures and further action required to mitigate each risk has been carried out with each new risk owner; the SLT has then reviewed the strategic risk register in its entirety.
The SLT will continue to review a small number of strategic risks on a monthly basis and will review the strategic risk register in its entirety twice a year. Those risks that are common to several service areas (e.g. in relation to collaboration and partnership working, health and safety contracts, sickness absence and fraud) have been removed and where not already the case will be included in individual service risk registers. The SLT recognises however that cumulatively these risks could have a significant impact on the Council as a whole and will therefore monitor those risks as part of normal performance monitoring arrangements.
The SLT has identified the top five red/critical residual risks to the achievement of the Council’s corporate and strategic objectives and these relate to workforce management, IT continuity, cyber-security, school modernisation and the ongoing suitability of physical assets.
The Committee welcomed the streamlined strategic risk register as less cluttered than the previous corporate risk register making the register easier to understand in terms of the most significant risks faced by the Council. The effectiveness of the control measures in terms of reducing both likelihood and impact was discussed as was the sufficiency of the control measures with regard to school modernisation with it being noted that there was no specific measure in relation to the supply and demand for school places. The Committee was advised that the control measures outlined for school modernisation are those which the risk owner considers appropriate to meet the level of risk at this time.
It was resolved to note the amendments made in relation to risk management and in particular the strategic risk register and to confirm that the Committee takes assurance that the Senior Leadership Team has recognised and is managing the risk to the achievement of the Council’s priorities.