Agenda item

Quarterly Risk Update (Agenda item 9)

Report of Maxine O’Mahony, Executive Director for Strategy & Resources and Jason Cole, Assistant Director Customer & Performance and Ryan Pack, Innovation & Change Business Partner.


Councillor Robinson, the Executive Member for Customer, Digital & Performance presented the report.


Jason Cole, the Assistant Director for Customer & Performance and Ryan Pack, the Innovation & Change Business Partner were also in attendance for this item.


The report presented the current status of the Council’s strategic risks as at June 2021 and since the last review at the Committee meeting held on 11 February, a number of minor changes had occurred in relation to such risks that the Council currently faced.


Whilst the majority of risks had remained stable since the last quarter, it was noted that both the financial and cyber risks that were raised at the previous meeting remained the same. 


Covid 19 remained the highest risk to the Council and work was planned to review this risk in the near future; taking into account the on-going national situation and the situation within the Breckland District. It was therefore likely that whilst this risk remained high it was likely to be downgraded in due course.


This was the first meeting of the Governance & Audit Committee since the risk assessment report had been seen by the Council’s Auditors.  The Auditor’s report had been positive, and they had been quite content as to how the risks were being managed, the improvements that had been made and the next steps to be taken. 


The Innovation & Change Business Partner then covered a few general points about risks.


It had been pleasing to receive the positive risk assessment report from the Auditors, and the ‘next steps’ were now being considered.  Equally, having that assessment back allowed the Council to look at the risk policy in greater detail and make any necessary changes ahead of the next meeting in September.


Over the next few weeks/months a strategic risk review would be taking place to ensure that everyone was happy with the scores and target dates moving forward.


Members’ attention was then drawn to the cyber security risk; an update to that risk had been provided from the Head of IT and the risk score and controls remained the same.  The downgrading of the contracts risk was in respect of not having a Senior Manager in post and as the business continuity risk had been achieved for three consecutive quarters as a low risk, it was suggested that Members consider whether this should be downgraded to an operational risk.


It was noted that an additional strategic risk would be added to the next quarterly report in relation to the National Waste consultation.


Members were then invited to ask questions.


The Vice-Chairman had noted that a score of 25 had been given to the impact of the pandemic and felt that this was rather high given the level of the population who had been vaccinated, and the Council’s recent ability to deliver services and personally felt that it should be 4 x 4.


The Innovation & Change Business Partner explained that this risk would be reviewed very shortly.  A discussion with the Executive Management Team (EMT) had been had about this risk being scored at 5 x 5 where it had subsequently been agreed that it should not be downgraded at the time of publication. This risk was on the national risk register and moving forward he would expect this risk to be lowered accordingly.


Councillor Clarke believed that the upgrade and refurbishment of Elizabeth House and the steps that had been taken in respect of ventilation around the building had been dealt with within the corporate dashboard but felt that a Covid 19 Risk Assessment review should be included in the form of a summary for Members of the Committee for additional assurance.


It was agreed that this suggestion would be fed back to EMT.


Mr Plaskett felt disappointed with the comments raised by the Committee at its previous meeting which had been noted in the Minutes.  In his opinion, strategic risks should not be open-ended risks, there should be a start point and an end point and dates should be added accordingly.  He was also disappointed that all target dates on the risk report had passed and there had been no changes made to these dates since 2019.  In his opinion, it puts concerns on how this Committee could be assured about how the Council was managing its strategic risks.  It would provide him with some confidence if Members were made aware of when the risk was raised, how many times the Council had failed to meet the target date, and the reason why it had not been met, and what the latest target date was. 


The Chairman felt it was worth some more detail on that and agreed with Mr Plaskett.  He felt at the very least it would be better to have a review and an acknowledgement of why the target date had not been met, and whether the risk was being downgraded or escalated and if a new date was being set, the rationale behind it.


Councillor Monument agreed with all the aforementioned comments and suggestions and believed there was scope to include three or four dates in that last column such as ‘c’ for current date, ‘o’ for original date then first upgrade, second upgrade and so on, doing this would enable Members to see how many times these risks had been pushed on.


The Chairman agreed but would leave this to the Performance Team to come up with something suitable. 


Mr Plaskett drew attention to page 70 of the agenda pack and the lack of a target date in respect of emerging government policy.  Also, under the comments in relation to the medium-term financial plan, then going back to the External Auditors Plan that was discussed earlier in the meeting, there was a comment made that the Council needed to find an additional £1.5m of savings and wondered why this risk had not been increased.


The Innovation & Change Business Partner thanked Members for their comments.  In terms of the dates being identified, he apologised as this had been mentioned before and should have been included in the structure.  In terms of end dates, this would be picked up in the strategic risk review and would be discussed with the risk owners accordingly. He would be happy to alter the report to make it clearer in respect of start dates, end dates, and in terms of the emerging government policy, this was a standing risk to encompass all the policy initiatives coming out of government, and the reason no target date had been provided was because these were effectively all policies combined as opposed to having four or five separate risks. However, if there was an event where a separate risk had to be highlighted it would be shown as such.   


In respect of the medium-term financial plan, Alison Chubbock, the Assistant Director of Finance & S151 Officer agreed that this had been identified in the Audit report and explained that the score had remained the same due to having some clear plans on how this would be delivered; however, a watchful eye would be kept on this matter in case such plans did not come to fruition.


Councillor Birt raised a couple of queries, the first being on page 72 of the agenda pack in respect of ICT security.  He felt that this list of mitigations was extremely comprehensive but asked how these were tested and suggested having some feedback on these matters.  He was also inclined to agree with Councillor Clarke’s views on the safety of the building as a risk and finally there seemed to be a missing item in respect of the climate emergency.  Breckland Council had declared a climate emergency and had pledged to a number of things but felt there was a great risk of not achieving what it said it was going to achieve by the 2035 date.


The Innovation & Change Business Partner stated that in terms of mitigation he would be happy to add that into the next cycle and the climate emergency would be discussed with the Officer concerned and whether such matters should be dealt with strategically or at an operational level.


Picking up on Councillor Birt’s points, the Chairman said that he would prefer for these matters to be passed back to EMT to decide rather than adding a formal recommendation.


The quarterly risk update was otherwise noted.




Supporting documents: