Agenda item

Corporate Risk Register

To receive a presentation on the Council’s Corporate Risk Register.

 

(Presentation)

 

Minutes:

Members received a presentation from Officers on the Council’s Draft Corporate Risk Register (‘the Register’) 2015/16.  The Register was a joint document for both Redditch Borough Council and Bromsgrove District Council.

 

Officers explained that the management team had looked at the Register, with Heads of Service having considered what the most important risks were.  The Register had been brought to Members in draft form in order that Members could consider whether there was anything that they wish to add to this.

 

A total of 6 corporate risks had been identified in the Register, namely:

 

·                Fatality within service provision;

·                Snap/poorly informed decisions made on savings/cuts;

·                Financial constraints (from external sources reducing funding) have a negative impact on service delivery and/or quality;

·                Partners of the Councils fail to deliver on joint working;

·                Business Continuity Plans fail to operate effectively in a major emergency incident; and

·                IT systems and infrastructure has a major failure.

 

For each identified risk the Register detailed:

 

·                Cause/Effect;

·                Current Mitigations;

·                Inherent Risk (risk scoring);

·                Actions Needed;

·                Residual Risk (risk scoring);

·                Risk Owner; and

·                Links to Strategic Purposes.

 

Officers explained the methodology behind the Risk Scoring Matrix which reflected both Councils’ appetite/tolerance to risk.  Members heard that risk tolerance should be reviewed at least annually as part of the formal refresh of risk management.  There were three risk classifications (low, medium and high), which were based on the impact and likelihood values given to each risk.  These were reflected as ‘RAG’ ratings; Red for High risks, Amber for Medium and Green for Low.

 

High risks required immediate attention and should be regularly monitored for change and to ensure agreed actions were being completed.  Medium risks should be monitored and, if deemed necessary, further action taken to reduce the impact and/or likelihood of the risk.  Low risks should concentrate on obtaining assurance on those controls in place that were reducing the risk, with no additional action being necessary with low risks.

 

Officers spoke on each of the identified risks and their associated risk ratings.  The majority of the risks had been adjudged medium risks in terms of their inherent and residual risks scores.  Financial constraints was deemed to be a high inherent and residual risk, with partners failing to deliver on joint-working also being a high inherent risk.  Officers advised that financial constraints would remain a high risk until the accounts had been submitted to the external auditors the following week.  Departmental Risk Registers were also in place, which again were RAG rated, and actions plans were in place to address all identified risks. 

 

Some of the current risk issues included:

 

·                Officers not being able to provide Members with data as to the levels to which people were using some of the Council’s services and the benefits of those services to the community, together with evidence as to how services were affecting the public (i.e. the ‘whole life cost’ of what the Council does); and

·                Heads of Service being accountable for their budgets, with more data being needed to reflect links between the performance of the authority against budgets.

 

One issue which had been flagged up to the S151 Officer as a possible corporate risk related to the accounts and corporate fraud including procurement fraud.  Officers would be looking at whether there was anything they should be looking at in these areas following the impending changes to the Benefits Fraud system. 

 

By way of an update, Mr Dave Jones, the Committee’s Independent Member for Audit and Governance matters and one of the Committee’s Lead Risk Members, had met with the Section 151 Officer to discuss various risk issues and the Corporate Risk Register.  He stated that work would be ongoing to see where the Council could add value and promote growth in services, together with helping Officers to understand the linking of risks to the Council’s Strategic Purposes. 

 

A Member queried whether data protection was sufficiently covered within the relevant risk register(s), which Officers agreed to check and report back to Members on.

 

Officers advised that the current Corporate Risk Register was more focussed as the previous Register had contained approximately 16 risks.  The Register would now go back to the management team, with the addition of the Accounts and Corporate/Procurement Fraud to the list of risks.

 

The Chair asked both internal and external audit whether they were happy with the Register.  Both were content with this and the external auditor stated that the Links to Strategic Purposes column on the Register was key, in order that Officers knew where they were starting from and what the overall aim was in achieving their priorities.  Mitigations, and what Officers were doing to address identified risks, were also seen as crucial.  Internal audit commented that the Register was not about identifying issues but was instead about looking at key risks, which tied in well with internal audit’s work.

 

RESOLVED that

 

the Corporate Risk Register presentation and associated update from the Independent Member and be noted.