Agenda item

This matter is the responsibility of the Portfolio Holder for Corporate Resources, Councillor Ross Henley.

This paper provides an update on the current register of risks and issues.

The Audit, Standards and Governance Committee agreed the councils updated Risk and Opportunity Management Strategy on 1st February 2021. The Strategy sets out that a quarterly report on risks and issues will be presented to both Scrutiny and Executive. As this is the first such report, it is a stand-alone item, and provides an update on the risks and issues as of March 2021. In future, regular reports on risks and issues will be included with the quarterly performance reports.

The Risk and Opportunity Management Strategy states that only “key business risks”, i.e. those that have a score of between 15-25, will be reported to Executive and Scrutiny on a quarterly basis. As this is the first report, all risks have been included, but future reports will just include key business risks. There is a Corporate Risk Register and Corporate Issues Log which are supported by registers for each Directorate. The registers are fluid documents and are reviewed and updated on at least a monthly basis, and more frequently if required. The registers are also aligned to the Directorate service plans and to the delivery of the Corporate Plan and the council’s strategic objectives. Programmes and projects that the council is undertaking also capture risks relevant to the work being delivered.

The Corporate Risk Register was set out in Appendix 1. There were currently 15 risks on the risk register. The RAG status of these and the risks were set out for the committees views.

During the debate the following comments and questions were raised:-

·        Levels of risk were considered around risk Cr22 and levels of risk considered as part of the assessment process.

·        The risk register was updated on monthly basis and was reviewed corporately by directorates.

·        Due to the confidentiality and sensitivity of some of the risks not all were included as part of the report.

·        The risk assessment process in staff operations was considered inadequate and the seriousness of implications were encouraged to be considered in further detail.

·        A permanent solution to improve the power supply for the IT server room was encouraged and it was questioned why this was a green risk.

·        The risks were scored based on likelihood and impact alongside the severity and risk.

·        Backup supplies to the server room were in place in case of a power failure.

·        Audit Governance and Standards approved the Corporate Risk Policy in January 2020, and also approved in Feb 2021 which set out roles responsible for risk management.

·        Quarterly progress reports were set out in this report. Pg 256 of the February report considered at the Audit Governance and Standards Committee set out the roles of officers in the strategy which was communicated to officers and councillors, it was questioned if checks had been completed and actively monitored. The committee were reassured this would be communicated.

·        Clarification was provided that this was the first time the report had been to Scrutiny and Executive and would be considered every quarter. The Committee further questioned if Scrutiny would consider the risk strategy.

·        All risk owners were set out and mitigation of actions were considered outside the scope of the committee.

·        The issues log had 3 red indicators, it was questioned if these had been resolved. Preparation of risks in advance of the creation of the Unitary Council was encouraged.

·        Page 43 identified the key business risks.

·        Some risks or events that had taken place were not scored as these had already occurred but were given a RAG status to capture them as an issue and not a risk.

·        It was questioned what criteria measured risks, how was the suitability of existing risk management measures evaluated and established the real cost to the community and tax payers. The risk register was reviewed on a monthly basis and the lead officer was responsible for updating each risk.

·        The C19 scoring and real cost to the community on phosphate impact was questioned. This was on the issues log and not the risk register now an issue was being managed alongside a proposal for a solution. Further clarity and timeframe was questioned for the resolution.

·        Confirmation was provided that the risk strategy was sent out by the monitoring officer before its consideration at the Audit, Governance and Standards Committee in February.

·        IT processing and logging issues and cyber security risks were considered. The Council had not achieved cyber security plus but had achieved PSN compliancy. Cyber security would always remain a risk with changes in technology and is a high risk area to maintain service provision and network security. Appropriate policy’s had been adopted and user awareness training introduced.

·        Gaps in training, including Health and Safety training in the workforce had been identified and assurance was given these training gaps would be addressed to ensure officers were adequately qualified for their roles. Over the next six months monitoring training and qualifications were being developed.

·        A wider improvement plan in respect of Health and Safety was addressing improvements across the authority including activity on construction sites.

·        In relation to Section 4 of the report (the background and full details) it requires a bit more clarity and context in terms of what the report is actually trying to do. It would be nice if a narrative was provided on how issues are spotted coming forward, how the organisation actively responds to those issues that are coming forward and how we set about fixing or mitigating them, to give assurance we are not just looking at a list of those things that could go wrong, but that there was a system behind it in case the worst happened. A short succinct statement on the key elements may help the Executive understand that, and help the Committee as these kinds of reports would come back to the Committee in due course.

·        The portfolio holder and officers were thanked for their report and attendance at the Committee.

The Committee noted the risks and issues held on the Councils register.