Report to:


Pension Committee


Date of meeting:


24 February 2022



Chief Finance Officer



Pension Fund Risk Register



To consider the Pension Fund Risk Register


RECOMMENDATIONS: The Pension Committee is recommended to:

1)      Agree the change to risk A4 to cover wider separation from Orbis rather than Pension Administration

2)      Note the addition of Ransomware to the existing Cyber Security risk

3)      Agree the addition of risk A7, covering East Sussex County Council’s (ESCC’s) Modernising Back Office Systems (MBOS) project

1.         Background

1.1       Risk management is the practice of identifying, analysing and controlling in the most effective manner all threats to the achievement of the strategic objectives and operational activities of the East Sussex Pension Fund (ESPF or the Fund). It is not a process for avoiding or eliminating risks. A certain level of risk is inevitable in achieving the Fund objectives, but it must be controlled.

1.2       Effective risk management is an essential part of any governance framework as it identifies risks and the actions required to mitigate their potential impact. For a pension fund, those risks will come from a range of sources, including the funding position, Local Government Pension Scheme (LGPS) Pooling, General Data Protection Regulation (GDPR), investment performance, membership changes, benefits administration, costs, communications and financial systems. Good information is important to help ensure the complete and effective identification of significant risks and the ability to monitor those risks.

1.3       Since the last meeting of the Pension Board and Pension Committee, officers have continued to review the Risk Register to ensure all appropriate risks and mitigations have been identified.

1.4       It is accepted that whilst mitigations are put in place for identified risks, it will not always be possible for all risk to be eliminated. In these cases, a level of risk is tolerated and kept under review.

2.         Supporting Information

2.1       The Risk Register is included at Appendix 1.


3          Changes to the Risk Register


3.1       In the meeting of November 2021 the Pension Committee agreed that risk A4, which covered the risk of the Fund separating from Orbis could be removed. It also asked that this risk be replaced by consideration of the risks posed by the wider separation from Orbis by Business Services. Risk A4 in Appendix 1 now covers this risk. This risk mostly effects support services and agreements have been put in place to mitigate these, such as the Working Together Agreement with Surrey County Council for the provision of Pension Helpdesk services. Where separate agreements or contracts have not been made Officers will review the ongoing situation if there is a risk that connected work would be undermined or hampered by the crystallisation of the risk.


3.2       The Pension Committee asked that the risk of Ransomware be included in the risk register in more detail. The existing risk covering cyber security, G3, has been updated to specifically mention the risk of Ransomware and the efforts that will be made to improve the Fund’s resilience in the event of a cyber incident.


3.3       A spelling error in risk I7 was identified in November 2021. This has been corrected.


3.4       Risk A7, which covers the Local Authority’s MBOS project, has been added. East Sussex County Council is in the process of changing its accounting system, with the implementation of Oracle Fusion. Officers are involved with the development and roll out of the new system to mitigate the risk that the needs of the Pension Fund are not taken into account and that potential flaws are identified before it is rolled out.


4.         Conclusion


4.1       The Pension Committee is asked to agree the changes to the risk register and consider the mitigated risk levels. In addition, the Committee is asked to note the continuing steps being taken to mitigate the risks to the Fund and to inform Officers of any new risks they have identified. Officers will advise members of new risks as they arise.




Chief Finance Officer




Contact Officer:

Sian Kunert, Head of Pensions