Report to: Audit Committee
Date: 31 March 2023
By: Chief Operating Officer
Title of report: Strategic Risk Monitoring – Quarter 3 2022/23
Purpose of report: To update the Committee on current strategic risks faced by the Council, their status and risk controls / responses and to describe the current Risk Management process.
RECOMMENDATIONS: Committee Members are recommended to:
1) Note the process of strategic risk management.
2) Note the current strategic risks and the risk controls / responses being proposed and implemented by Chief Officers.
1. Background
1.1 Sound risk management policy and practice should be firmly embedded within the culture of the Council, providing a proportionate and effective mechanism for the identification, assessment and, where appropriate, management of risk. This is especially important in the current climate where there remains considerable uncertainty about the future.
1.2 Robust risk management helps to improve internal control and support better decision-making, through a good understanding of individual risks and an overall risk profile that exists at a particular time. To be truly effective, risk management arrangements should be simple and should complement, rather than duplicate, other management activities.
2. Supporting Information
The Risk Management Process
2.1 The Councill’s risk management process is a continuous and developing process. In order to manage risk appropriately and effectively, it is necessary to adopt a systematic approach to risk identification, analysis, and control. This approach is referred to as the Risk Management Process and provides a system that can be applied to risks at all levels within the council.
2.2 As a minimum, all risk registers are formally reviewed and updated on a quarterly basis as part of the Council monitoring process. The Strategic Risk Register is reviewed and updated by the Corporate Management Team (CMT) prior to being reported to Cabinet and the Audit Committee. As part of the process, consideration must be given as to the escalation and de-escalation of risks between Departmental and Strategic Risk Registers. Risks are usually escalated to the Strategic Risk Register when it relates directly to a strategic objective and/or the outcome cannot be mitigated at an operational level.
Strategic Risk Register – Quarter 3 2022/23
2.3 The Council’s Strategic Risk Register, which is attached as Appendix 1, is formally reviewed by the CMT on a quarterly basis. Members should note that this version of the Strategic Risk Register, which relates to Quarter 3 of 2022/23, was reviewed by CMT on 8 February 2023 and presented to Cabinet on 7 March 2023 as part of the quarterly council monitoring process. Appendix 1 also includes additional summary information to present historic RAG ratings, as well as current pre and post mitigation RAG ratings.
2.4 The previous update to this Committee was in September 2022 to present the Strategic Risk Register as at Quarter 1 2022/23. This report therefore includes updates since Quarter 1 2022/23. There have been various updates to the Strategic Risk Register to reflect the Council’s risk profile as follows:
· Risk 12 (Cyber Attack) has an updated risk definition.
· Risk 5 (Reconciling Policy, Performance and Resource), Risk 6 (Local Economic Growth), Risk 9 (Workforce), Risk 15 (Climate) andRisk 17 (Safeguarding of Children and Young People) have updated risk controls.
· Risk 8 (Capital Programme) has updated risk definitions and risk controls.
· Risk 4 (Health) has updated risk controls and a revised Amber post mitigation risk rating (previously Red).
· Risk 1 (Roads) has an updated risk definition and risk controls, together with a revised Red post mitigation risk rating (previously Amber).
· Risk 14 (Post European Union (EU) Transition) related to potential border control issues immediately following the transition and has been removed from the register.
2.5 Officers will continue to explore opportunities to further strengthen the Council’s risk management arrangements and for mitigating the key strategic risks. It is however, important to recognise that in some cases there is an inherent risk exposure over which the Council has only limited opportunity to mitigate or control.
3. Conclusion and Recommendation
3.1 The Committee is recommended to note the process of strategic risk management and the Strategic Risk Register including the risk controls / responses being proposed and implemented by Chief Officers.
ROS PARKER
Chief Operating Officer
Contact Officers:
Thomas Alty: Head of Finance (Planning and Reporting)
Tel: 07701 394836
Steven Bedford: Finance Manager (Capital and Planning),
Tel: 07701 394847
Local Member: All
Background documents: None