Report to: Audit Committee
Date: 29March 2022
By: Chief Operating Officer
Title of report: Strategic Risk Monitoring – Quarter 3 2021/22
Purpose of report: To update the Committee on current strategic risks faced by the Council, their status and risk controls / responses and to describe the current Risk Management process.
1. Background
1.1 Sound risk management policy and practice should be firmly embedded within the culture of the Council, providing a proportionate and effective mechanism for the identification, assessment and, where appropriate, management of risk. This is especially important in the current climate where there remains considerable uncertainty about the future.
1.2 Robust risk management helps to improve internal control and support better decision-making, through a good understanding of individual risks and an overall risk profile that exists at a particular time. To be truly effective, risk management arrangements should be simple and should complement, rather than duplicate, other management activities.
2. Supporting Information
2.1 The Council’s Strategic Risk Register, which is attached as Appendix 1, is formally reviewed by the Corporate Management Team (CMT) on a quarterly basis. Members should note that this version of the Strategic Risk Register, which relates to Quarter 3 of 2021/22, was reviewed by CMT on 2 February 2022 and presented to Cabinet on 1 March 2022 as part of the quarterly council monitoring process. Appendix 1 also includes additional summary information to present historic RAG ratings, as well as current pre and post mitigation RAG ratings.
2.2. The previous update to this Committee was in September 2021 to present the Strategic Risk Register as at Quarter 1 2021/22. This report therefore includes updates since Quarter 1 2021/22. There have been various updates to the Strategic Risk Register to reflect the Council’s risk profile as follows:
· Risk 1 (Roads), Risk 5 (Reconciling Policy, Performance & Resources), Risk 6 (Local Economic Growth), Risk 7 (Schools), Risk 9 (Workforce), Risk 15 (Climate), Risk 16 (Covid-19) have updated risk controls.
· Risk 4 (Health), Risk 8 (Capital Programme), Risk 14 (Post European Union (EU) transition) have updated risk definition and risk controls.
2.3 Two new risks have been added to the Strategic Risk Register. Risk 17 (Safeguarding of Children and Young People) refers to the impact of failing to recruit and retain an effective children’s social care workforce on the Council’s priority outcome of keeping vulnerable people safe. Risk 18 (Data Breach) risk refers to the corporate impact of a potential breach of security/confidentiality leading to destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
2.4 Officers will continue to explore opportunities to further strengthen the Council’s risk management arrangements and for mitigating our key strategic risks. It is however, important to recognise that in some cases there is an inherent risk exposure over which the Council has only limited opportunity to mitigate or control.
2.5 The invation of Ukraine and resultant sanctions imposed on Russia by the UK government represent a post quarter 3 event, and as such any effects on the council’s risk profile are not reflected in the Strategic Risk Register being presented. Potential risks include economic/financial, contractual and technological, and these are being closely monitored by CMT and departmental managers. For example, controls associated to Risk 12 (Cyber Attack) are being continually assessed, and reviews are being undertaken on the extent of risk exposure on contracts.
3. Conclusion and Recommendation
3.1 The Committee is recommended to note the Strategic Risk Register including the risk controls / responses being proposed and implemented by Chief Officers.
PHIL HALL
Interim Chief Operating Officer
Contact Officers:
Rachel Jarvis: Head of Finance (Planning and Reporting)
Tel: 01273 482332
Steven Bedford: Finance Manager (Capital and Planning),
Tel: 07701 394847
Local Member: All
Background documents:
None