Agenda item

The Executive Director Core Services will submit a report presenting a draft report to be submitted to Cabinet on the 3^rd May, 2017 on a review of the Strategic Risk Register undertaken in March, 2017.

The Executive Director Core Services submitted a report presenting a draft report to be submitted to Cabinet on the 3^rd May, 2017 on a review of the Strategic Risk Register undertaken in March, 2017.

The report, which was presented by Mr A Hunt, Risk and Governance Manager, formed part of the Committee’s assurance process where it was agreed that following the completion of the review of the Strategic Risk Register, the Committee consider the latest version and provide appropriate comments thereon.

The Register contained those high level risks that were considered significant potential obstacles to the achievement of the Authority’s Corporate Objectives.  It was important that the Register remain up to date and be reviewed regularly in order to accurately reflect the most significant risks to the achievement of objectives and facilitate timely and effective mitigations to those risks.

Following a review of the Strategic Risk Register in October 2016, a further review had been undertaken in March 2017 the outcomes of which were detailed within the report.  Mr Hunt outlined in some detail the way in which the register had been reviewed and he commented on the main components of the review and the items included.

The report outlined:

·         The key risks across the six ‘concern’ rating classifications

·         The changes to the risks logged since the last review

o   It was noted that the number of risks had decreased by one since the last review in October 2016 with the removal of Risk 3842 (Failure to ensure the transfer of 0-19 services…) as this was now being managed at a Business Unit Level

o   Two risks had a reduced risk rating:

§  Risk 3023 (Failure to engage with Stakeholders) – due to the revised Community Engagement Strategy that had been approved by Cabinet recently

§  Risk 3514 (Failure to be able to deliver the ambitions and outcomes associated with the Community Strategy Implementation (CIS) Programme) – due to the improved confidence to deliver the CIS programme

o   Details of the average risk score for the Register, from the ‘zero-based’  review undertaken in 2013 were detailed.  There was a slight variance in the average concern rating which was directly attributable to the removal of risk 3842 allied to changes to risks 3023 and 3514 as detailed above

·         The significant/red risks and new and emerging risks and the risk mitigating actions.  Whilst no new risks had been included, a number of emerging issues had been identified following conversations with Risk Owners in relation to Data Quality, Adult Social Care and Brexit and further details would be included within the next iteration of the Register presented in October

·         Other significant changes to the Strategic Risk Register

A further review of the Register was now programmed with other governance related reports such as those relating to Corporate Finance and Performance Management in order for the Cabinet to receive and consider governance related reports as a broad suite of documents.

The report and Register indicated how assurance against significant risks was being managed appropriately and Appendices to the report provided details of:

·         The background to the Strategic Risk Register

·         The improved risks

·         The ‘direction of travel’ trends

·         The risks that had been completed

·         The new mitigation actions

·         A copy of the full Strategic Risk Register

In the ensuing discussion, particular reference was made to the following mitigations:

·         In relation to risk 3034 (Failure to deliver the MTFS and associated KLoE/Budget Savings ‘Failure of Future Council to achieve the required level of savings’) it was noted that this had received a red rating and that there was a low level compliance with a computerised budget management system.  This issue was being addressed and a wide ranging training programme was being developed along with performance metrics to assess future compliance.  A further review was due by the 30^th September, 2017

·         Risk 3023 (Failure to Engage Stakeholders) had been highlighted as a potential emerging risk by the Chief Executive and Executive Director Communities due to the potential for increased community tensions as a result of the Brexit decision which could result in the loss of community cohesion and increased incidents of hate crime.  This matter would be investigated fully and a further report presented in October.  It was noted that the Council’s Community Cohesion Champion was undertaking a lot of work in this area

·         It was suggested that the consequences associated with Risk 3792 (Failure to be prepared to assist in the event of an emergency resilience event in the region) be re-worded to refer to ‘potential industrial action’ given that industrial action was seldom taken.  Arising out of this, the Director of Core Services referred to the small resilience team and to the recent ‘success’ of that team as demonstrated by the action instigated as a result of the fire at the Chicago Rock night club.  It was felt, however, that processes and procedures in relation to emergencies and the action required needed to be more embedded within services.  This matter was being addressed.  The Risk and Governance Manager commented that recent improvements might mean that this risk should be re-evaluated in terms of its rating

·         Arising out of the discussion, the Committee noted that Information Governance was now included within the Terms of Reference (subject to Annual Council approval), it might, therefore, be appropriate to receive a briefing/awareness session on Information Governance linked to the risks detailed on the Strategic Risk Register.  The Head of Internal Audit and Corporate Anti-Fraud commented that some of the Strategic Risks were the responsibility of Senior Management Team members.  The owners of those risks could be invited to this Committee to explain their role and the action being taken to mitigate risks

RESOLVED

(i)            that the report on the outcome of the recent review of the Strategic risk Register in relation to the management, challenge and development of the Register be noted and the Committee continue to receive periodic updates as to the progress of the actions taken and their impact on the Strategic Risk Register; and

(ii)          That the report be referred to Cabinet on the 3^rd May, 2017 for consideration.