Report to:                    Audit Committee


Date:                           28 March 2024


By:                               Chief Operating Officer


Title of report:             Strategic Risk Monitoring – Quarter 3 2023/24


Purpose of report:       To update the Committee on current strategic risks faced by the Council, their status and risk controls / responses and to describe the current Risk Management process.



RECOMMENDATIONS:  Committee Members are recommended to:


1)    Note the process of strategic risk management.

2)    Note the current strategic risks and the risk controls / responses being proposed and implemented by Chief Officers.



1.         Background


1.1      Sound risk management policy and practice should be firmly embedded within the culture of the Council, providing a proportionate and effective mechanism for the identification, assessment and, where appropriate, management of risk. This is especially important in the current climate where there remains considerable uncertainty about the future.


1.2       Robust risk management helps to improve internal control and support better decision-making, through a good understanding of individual risks and an overall risk profile that exists at a particular time. To be truly effective, risk management arrangements should be simple and should complement, rather than duplicate, other management activities.


2.         Supporting Information


The Risk Management Process


2.1       The Councill’s risk management process is a continuous and developing process. In order to manage risk appropriately and effectively, it is necessary to adopt a systematic approach to risk identification, analysis, and control. This approach is referred to as the Risk Management Process and provides a system that can be applied to risks at all levels within the council.


2.2       As a minimum, all risk registers are formally reviewed and updated on a quarterly basis as part of the Council monitoring process. The Strategic Risk Register is reviewed and updated by the Corporate Management Team (CMT) prior to being reported to Cabinet and the Audit Committee. As part of the process, consideration must be given as to the escalation and de-escalation of risks between Departmental and Strategic Risk Registers. Risks are usually escalated to the Strategic Risk Register when it relates directly to a strategic objective and/or the outcome cannot be mitigated at an operational level.





Strategic Risk Register – Quarter 3 2023/24


2.3      The Council’s Strategic Risk Register, which is attached as Appendix 1, is formally reviewed by the CMT on a quarterly basis. Members should note that this version of the Strategic Risk Register, which relates to Quarter 3 of 2023/24, was reviewed by CMT on 7 February 2024 and presented to Cabinet on 5 March 2024 as part of the quarterly council monitoring process. Appendix 1 also includes additional summary information to present historic RAG ratings, as well as current pre and post mitigation RAG ratings.


2.4     The previous update to this Committee was in September 2023 to present the Strategic Risk Register as at Quarter 1 2023/24. This report therefore includes updates since Quarter 1 2023/24. There have been various updates to the Strategic Risk Register to reflect the Council’s risk profile as follows:

·         Risk 1 (Roads), Risk 5 (Reconciling Policy, Performance and Resources) and Risk 6 (Local Economic Growth) have updated risk definitions and risk controls, together with updated risk ratings.

·         Risk 8 (Capital Programme) has an updated risk definition and risk control.

·         Risk 4 (Health), Risk 9 (Workforce), Risk 12 (Cyber Attack), Risk 15 (Climate), Risk 18 (Data Breach) and Risk 20 (Placements for Children and Young People in Our Care) have updated risk controls.

2.5       Officers will continue to explore opportunities to further strengthen the Council’s risk management arrangements and for mitigating the key strategic risks. It is however, important to recognise that in some cases there is an inherent risk exposure over which the Council has only limited opportunity to mitigate or control.

3.         Conclusion and Recommendation

3.1     The Committee is recommended to note the process of strategic risk management and the Strategic Risk Register including the risk controls / responses being proposed and implemented by Chief Officers.


Chief Operating Officer


Contact Officers:

Thomas Alty: Head of Finance (Planning and Reporting)

Tel: 07701 394836


Steven Bedford: Finance Manager (Capital and Planning),

Tel: 07701 394847


Local Member: All


Background documents: None