Strategic Risks Update (Agenda item 8)
- Meeting of Governance and Audit Committee, Thursday, 17th December, 2020 10.00 am (Item 51/20)
- View the background to item 51/20
Report of Maxine O’Mahony, Executive Director of Strategy & Governance.
As this report was part exempt, it was agreed that the public part of the report would be discussed separately, and the private and confidential appendix would be discussed at the end of the meeting under agenda item 16.
Councillor Birt said that he was having difficulty in justifying the qualification for the exemption as he did not believe that any of the report should be excluded from the press and public.
In response, the Chairman advised that he was satisfied the exempt report fulfilled the necessary criteria and as Chairman he was entitled to make that ruling.
Councillor Sarah Suggitt, the Executive Member for Governance, Jason Cole, the Executive Manager for People & Innovation and Ryan Pack, the Innovation & Change Business Partner were in attendance for this item.
The Executive Member for Governance apologised to the Committee for not including these Risk Registers at previous meetings. It had not been intentional and was an oversight and would not happen again.
Since previously reported, the strategic risks had been reviewed, updated and a number of risks had been added. The most notable risk was related to Covid, which had been included in response to the pandemic, but the Council continued to actively manage and mitigate to ensure that, the Council had been able to continue to operate and deliver services throughout the pandemic. This risk would remain in place whilst the pandemic was on-going.
The majority of the risks on the Strategic Register had been impacted by Covid and these implications had been reflected in the commentary attached to the report. In many cases this had not led to risks being raised into the ‘red’ category. It should also be noted that the Chief Executive vacancy risk had been dealt with under the operational staffing risks. Currently the Chief Executive’s duties were being completed by the two experienced Executive Directors as the Council continued to operate through the pandemic in the interim Place Based Management structure.
The Council had also successfully recruited to the statutory role of Head of Paid Services. Executive Briefings remained in place as well as the formal meeting structure between Executive Members and the Executive Officers.
The Executive Manager for People & Innovation also apologised to the Committee for the oversight and he was working to ensure that the Risk report would be brought to the meetings on a required basis in future.
The Chairman acknowledged their apologies and thanked them both particularly to the Cabinet Member for attending this meeting as this had been a matter of concern to the Committee.
The Innovation & Change Business Partner highlighted a number of risks for Members to note.
The likelihood of risk had been raised for the 3 financial risks within the report, the Medium-Term Financial Plan, the Business Rates Retention Scheme and Asset Portfolio, this had been in response to the wider economic situations. Equally, the likelihood of the cyber security risk had also been raised which was more reflective of the wider situation with local authorities around such security.
Members were then invited to ask questions.
The Chairman drew Members’ attention to the private & confidential item and the matrix to the risks where further explanations had been included which would be easier for the Committee to follow.
The Vice-Chairman asked a question on the failure to deliver the Local Plan and Delivery Plan and suggested that this had been very much affected by the emerging Government Policy. He felt that the risk had increased but according to the matrix, the risk in respect of the Local Plan had remained the same. Members were informed that the reason that this risk had not been increased but the risk to the emerging Policy had been due to the conversations that he had been having with the Director of Planning & Building Control where it had been agreed that if there were issues with the emerging Policy there were still other options available to the Council in respect of the delivery of the Local Plan.
Councillor Birt mentioned the critical breach of ICT and the failure to maximise the income from the Council’s investment portfolio. He had noted that the risks were the exact same on both matrices but felt that on the ICT security risk whether the Council had under-estimated the consequences and felt that it should be included in the critical impact area.
The Innovation & Change Business Partner felt that this was a fair comment around the impact of such a breach and he would be happy to pick this up with the Head of IT outside of this meeting.
Councillor Clarke agreed with the risks as set out in the report but as this Committee met periodically, he asked if he could assume that if the risk levels changed that the Council had the flexibility to review and change those risks. Members were informed that Managers were asked to update their risks once every quarter and if there were any major changes, ore than once in a quarter, the Managers were able to access the risk register and make an individual assessment, but he would be more than happy to provide the Committee with verbal updates on any significant changes to those risks to future meetings.
Mr Plaskett thanked the Officers for the updates on pages 25 to 30 of the agenda pack as this information provided clarity and had provided him with some assurance that these strategic risks were being monitored. He still had some minor issues with the action dates that suggested that they were not being looked at as no target dates had been set.
Referring back to Councillor Birt’s earlier point in respect of ICT, this had reminded him of the number of internal audit actions that had been outstanding on cyber security for more than a year and was concerned that the right level of commitment was not being provided.
In terms of target dates, the Innovation & Change Business Partner said that he would, ahead of the February meeting, provided Members with a verbal update on revised target dates for the Committee’s consideration. Equally on the cyber security audit issue, Members were informed that this matter would be discussed with the Auditors and IT and he believed that the Council was in a position to close down many of these risks. Members would be kept informed accordingly.
Councillor James referred back to risk in respect of the Local Plan. It stated quite clearly on page 29 of the agenda pack that this had therefore led to a rise in the risk likelihood yet referring to the matrix no changes had been made. The Innovation & Change Business Partner apologised as this risk should have been raised from a likelihood of a 2 to a 3 and would be amended accordingly.
The contents of the report were noted.
Members then went into private session to discuss agenda item 16.
- Strategic Risks Update, item 51/20 PDF 66 KB
- Appendix 1 for Strategic Risks Update, item 51/20 PDF 138 KB
- Strategic Risks Appendix 3 for Update, item 51/20 PDF 197 KB