The Executive Director Core Services will submit a report presenting a draft report to be submitted to Cabinet on the 16th May, 2018 on a review of the Strategic Risk Register undertaken in March, 2018.
The Executive Director Core Services submitted a report presenting a draft report to be submitted to Cabinet on the 16th May, 2018 on a review of the Strategic Risk Register undertaken in March, 2018.
The report, which was presented by Mr A Hunt, Risk and Governance Manager, formed part of the Committee’s assurance process where it was agreed that following the completion of the review of the Strategic Risk Register, the Committee consider the latest version and provide appropriate comments thereon.
The Register contained those high level risks that were considered significant potential obstacles to the achievement of the Authority’s Corporate Objectives. It was important that the Register remain up to date and be reviewed regularly in order to accurately reflect the most significant risks to the achievement of objectives and facilitate timely and effective mitigations to those risks.
Following a review of the Strategic Risk Register in October 2016, a further review of the approach to reviewing and updating the Strategic Risk Register had been undertaken as part of the review of the register itself in October 2017 the outcomes of which were detailed within the report. Mr Hunt outlined in some detail:
· The implementation of a ‘Gateway’ process to ensure the Strategic risk Register contained strategic risks rather than operational issues.
· The future possible developments including the adoption of visualisation and graphical methods to demonstrate direction of travel
· The greater involvement of the Senior Management Team and Barnsley Leadership Team to give an officer perspective of the risks and to give greater challenge
He then went on to outline the way in which the current register had been reviewed and he commented on the main components of the review and the items included.
The report outlined:
· The key risks across the six ‘concern’ rating classifications
· The total number of risks logged since the last review which remained stable
o It was noted that Risk 4103 (Waste PFI – Insurance Risk) had been removed following its de-escalation; Risk 3027 (Failure to manage organisational change – risk of Destabilisation of the Organisation) had been replaced with Risk 4154 (Failure to achieve the full benefit of our change work to date and to ensure it is sustainable in the future); Risk 4170 (Failure to ensure the Glassworks Programme delivers etc.) had now been included as a new risk
o Risk 3029 (Failure to safeguard information) had its risk concern rating increased, from ‘4’ and was now logged as ‘3’ to reflect the possible exposure to areas of non-compliance relating to the General Data Protection Regulations due to come into force in May 2018
o Details of the average risk score for the Register, from the ‘zero-based’ review undertaken in 2013 were detailed. There was a slight variance in the average concern rating which was directly attributable to the removal of risk 4103 and the addition of risk 4154 and 4170 allied to changes to risk 3029 as detailed above
· The significant/red risks and new and emerging risks and the risk mitigating actions.
· Other significant changes to the Strategic Risk Register
A further review of the Register was now programmed with other governance related reports such as those relating to Corporate Finance and Performance Management in order for the Cabinet to receive and consider governance related reports as a broad suite of documents.
The report and Register indicated how assurance against significant risks was being managed appropriately and Appendices to the report provided details of:
· The background to the Strategic Risk Register
· The consideration of the current expression of the Risk
· The consideration of links between Corporate Priorities, Outcomes and Risks
· The consideration of the level of ‘Concern’ for each Risk
· The consideration regarding existing Risk Mitigation Actions as well as consideration of any new Risk Mitigation Actions
· The consideration of Future Council Activity
· The ‘direction of travel’ trends
· The risks that had been completed
· A copy of the full Strategic Risk Register
In the ensuing discussion, particular reference was made to the following mitigations:
· Risk 4170 (Glassworks Project etc.) - there was a detailed discussion in relation to this risk and to the wording thereof within the register. It was noted that whilst there were robust arrangements and contingency funds in place, this did not take away the risks associated with a scheme of this magnitude. It was noted that whilst costs had increased these were measured and monitored. It was stressed that there was a much more detailed operational Risk Register for this project, the Strategic Risk Register dealt more with the governance and control of the programme. It was noted that meetings were held as required to monitor this risk and further meetings were also planned between Internal Audit and the Service Director Finance. It was also suggested that, if appropriate, a further report be submitted later in the year detailing the progress of the project and any concerns arising
· Risk 3543 (Failure to ensure the adequate supply of land for housing and commercial growth).
o In response to questioning, the Executive Director Core Services gave an update on the current position with regard to the progress of the Local Plan.
o Appropriate amendments were to be made to the Plan with the expectation that it would be formally approved by spring 2019 at the latest.
o In terms of assurance, the Executive Director Core Services commented that the Authority was following all the appropriate procedures required of it and that the Plan would be amended and approved as appropriate as and when all the required protocols and procedures had been completed
o Arising out of this discussion it was suggested that the Head of Planning Policy and Building Control be invited to a future meeting to address the Committee on the current position with regard to this risk, the mitigations in place and the position with regard to the final approval of the Local Plan. In response to further questioning the Head of Internal Audit and Corporate Anti-Fraud commented that Internal Audit had never undertaken an audit of this particular issue as it did not feather high enough on the risk profile to warrant a review
(i) that the report on the outcome of the recent review of the Strategic risk Register in relation to the management, challenge and development of the Register be noted and the Committee continue to receive periodic updates as to the progress of the actions taken and their impact on the Strategic Risk Register; and
(ii) That the report be referred to Cabinet on the 16th May, 2018 for consideration.