Simon Dennis, Corporate Improvement and Risk Manager, presented the current Strategic Risk Register which summarised the current position of the Register and also provided additional background on the role of risk management in the Council’s response to the Covid-19 pandemic.
Since early 2020, the Council had been involved in responding to an unprecedented emergency which had involved the activation of the Council’s Business Continuity Plan to ensure critical services could be maintained as well as the creation of significant new services to meet the needs of the most vulnerable in the Borough. The report summarised the current arrangements and presented the current Corporate Strategic Risk Register which had recently been considered by the Strategic Leadership Team.
The report detailed the overall arrangements which included:-
- Risk Champions, each of whom led on risk for their Strategic Director
- The Risk Champions, Assistant Chief Executive and the Corporate Improvement and Risk Manager formed the Risk Champions Group responsible for co-ordinating risk management across the Council in normal circumstances
- Corporate Strategic Risk Register completed following reviews of individual risk by Directorate Leadership Teams. Every risk on the Register was owned by a member of SLT and also appeared on their Directorate’s Risk Register
- The Strategic Risk Register had been formally reviewed by SLT both at joint SLT/AD Performance Management meetings and at separate SLT meetings. These meetings would continue to review the Register every 3 months
- It was also reported regularly to the Audit Committee together with the annual “deep dives” of Directorate Risk Registers
- The Corporate Improvement and Risk Manager, through the Risk Champions, ensured updates were obtained from all risk owners, reviewed each update and drew attention to issues or missing updates
- The Register had been updated, aligned with the Year Ahead Plan and would be reviewed again to ensure it aligned with the new Council Plan later in the year
- Work was taking place on developing a refreshed approach to risk management training
- The Risk Management Policy and Guide would be refreshed before the new financial year to ensure alignment with current practice
The Council’s risk profile had been reducing and an increasing understanding of the key risks that needed to be managed at a strategic level was being developed. However, that improvement had inevitably slowed during the pandemic but the overall track in the last 2 years was still an improving one. Since January 2020, 40% of risks monitored at a strategic level had reduced or been removed, 40% had remained stable and 20% had increased/new to the register.
Since the last update, one risk had been removed and no new risks added. There were now 13 risks on the Strategic Risk Register, down from 14 at the last review but up from 12 in January, 2020.
The risk management process had recently been subject to an Internal Audit review which had compared arrangements to the requirements of the relevant International Standard ISO31000. The review had included that substantial assurance, the highest assurance level possible, could be derived from the controls that were in place.
Discussion ensued with the following issues raised/clarified:-
· Each Strategic Director was responsible for their own Risk Register and, within that, each Assistant Director responsible would have a more extensive Risk Register
· A risk may re-appear on the register but it would be in a different form as the process rolled forward
· The number of risks had slightly increased during the pandemic but was now decreasing
· Ongoing discussions regarding cross cutting-Directorate risks and moving from the Strategic Risk Register to the delivery area
· The Risk Register and the Corporate Plan were designed to address crosscutting issues
Resolved:- That the update be noted.