Agenda item

The Executive Director Core Services will submit a report prefacing a report to be submitted to Cabinet on the 10^th January, 2018, on the latest review of the Strategic Risk Register undertaken in October 2017.

The Executive Director Core Services submitted a report prefacing a report ot be submitted to Cabinet on the 10^th January, 2018 on a full review of the Strategic Risk Register undertaken in October 2017 and presenting the outcomes of that review.

The report, which was presented by Mr A Hunt, Risk and Governance Manager formed part of the Committee’s assurance process where it was agreed that following the completion of the review of the Strategic Risk Register, the Committee consider the latest version and provide appropriate comments thereon.

The Register contained those high level risks that were considered significant potential obstacles to the achievement of the Authority’s Corporate Objectives.  It was important that the Register remain up to date and be reviewed regularly in order to accurately reflect the most significant risks to the achievement of objectives and facilitate timely and effective mitigations to those risks.

Following a review of the Strategic Risk Register in March 2017, a further review had been undertaken in October, 2017 the outcomes of which were detailed within the report.  Mr Hunt outlined the way in which the register had been reviewed together with the role of the Senior Management Team in this process.  He commented on the main components of the review and the items included.

The report outlined:

·         The introduction and background to the Strategic Risk Register

·         The distribution of the risks across the six concern rating classifications

·         The changes since the last review with the inclusion of an additional risk 4103 (Waste PFI Insurance Risk) which had been added following its escalation from the operational risk register for Environment and Transport.  It was noted that increased insurance premiums applied to Waste PFI Operators were passed back to the Partnership which, in turn, would put pressure on the Medium Term Financial Statement as there was currently no additional finance available to fund any increase experienced by the Operator. Whilst this was not a strategic risk in nature, it had been included due to the significant impact this could have.  It was anticipated that discussions which were ongoing with external advisors to the Waste PFI project would be completed shortly following which there would be further discussions with all parties including SMT and appropriate Service Directors and Executive Director

·         The significant /red risks and new and emerging risks and the risk mitigation actions.  In relation to this, particular reference was made to the work that had been undertaken in relation to the following risks:

o   Risk 3026 (Failure to Achieve a reduction in health inequalities)

o   Risk 3792 (Failure to be prepared to assist in the event of an emergency resilience event in the region

o   Risk 3793 (Failure to ensure that appropriate disaster recovery arrangements are in place to ensure the Council is able to recover in the event of a business continuity threat)

·         Other significant risks to the Strategic Risk Register

A further review of the Register was now programmed with other governance related reports relating to Corporate Finance and Performance Management in order for the Cabinet to receive and consider governance related reports as a broad suite of documents.

The report and Register indicated how assurance against significant risk was being managed appropriately and Appendices to the report provided details of:

·         The background to the Strategic Risk Register

·         The ‘direction of travel’ trends

·         The risks that had been completed/closed

·         The new risk mitigation actions

·         A copy of the full Strategic Risk Register as at October 2017

In the ensuing discussion, particular reference was made to the following:

·         A new and emerging risk would be in relation to the Glassworks project.  It was noted that the scheme was well managed and there was good governance, however, SMT had wanted this expressed as a strategic risk given the significance for the economic regeneration of the area and the impact this would have on the Town Centre.  Arising out of this, there was a discussion of:

o    the underlying concerns/risks identified with both and of the action taken to ameliorate as far as was possible, the issues identified

o   the funding arrangements and within this context, the  identification of appropriate strategies, contingency and reserves arrangements

o   the action being taken to secure tenants, the letting arrangements and the timescales associated therewith

·         in relation to Risk 3792 (Failure to be prepared to assist in the event of an emergency resilience event in the region), it was noted that an assurance had been made to the Senior Management Team that matters were being addressed appropriately.  A further update for the Committee would be provided

·         a written protocol and adequate and appropriate relationships were in place and had been refreshed between all necessary departments and agencies in order to respond to incidents identified within the completed/closed Risk 3035 (Loss of Assets and resources as a result of a one-off incident of fraud/corruption/bribery or sustained or widespread occurrences).  The arrangements were working well as anticipated and currently one case was being pursued because of the significant nature of the matter involved. 

·         Arising out of the above, reference was made to the Data Protection Act arrangements currently in place and to those being developed in order to comply with the General Data Protection Regulations 2018 information about which had been provided to the workshop meeting held on the 1^st December, 2017. 

o   The Information Governance Board had the necessary plans and resources in place and the Head of Internal Audit and Corporate Anti-Fraud was to be the designated Data Protection Officer.  Further reports would be submitted to this Committee as work progressed. 

o   The voluntary assessment of the Authority by the Information Commissioner last month had been both positive and constructive and gave a reasonable level of assurance.  Whilst some recommendations had been presented for improvements, the inspection had generally been happy with the Authority’s approach to the General Data Protection Regulation arrangements

RESOLVED that the report on the outcome of the recent review of the Strategic Risk Register in relation to the management, challenge and development of the Register be noted and the Committee continue to receive periodic updates as to the process of the actions taken and their impact on the Strategic Risk Register.