Consideration was given to the report of the Audit Manager that provided an update for Members on Risk Management processes and the key strategic risks currently facing the Council.  It was essential that the Council adopted a strong approach to Risk Management as it emerged from the COVID-19 pandemic, especially given the current backdrop of significant financial pressures.

The Council had a simple overarching Risk Management Policy which set out the responsibilities of Members, Corporate Management Team and Heads of Service and was last reviewed in February 2020.  The document was due for a further review but had been temporarily postponed whilst the Council awaited the outcome of two third party assessments of its current Risk Management arrangements.  The findings of both reviews would need to be taken into consideration before making any changes to the current policy which would be reported to the Committee in September 2022.

The Corporate Risk Register was attached at Appendix A to the report, which had recently been discussed with Senior Management and updated accordingly.  All risks were reevaluated and some scores amended.  New risks were also added in respect of Temporary Accommodation Costs, Interest Rate Increases and Changes to the Rules around the Minimum Revenue Provision charge.

During the review of the Corporate Risk Register a few improvements had been made, as detailed in the report, including ensuring that there was a named lead officer assigned to each risk, which Members were pleased to note.  The Deputy Chief Executive advised Members that the Corporate Management Team would also be discussing the register more frequently.

Despite reevaluating the risk scores, it was noted that in almost half of the cases listed, the risk score after mitigation was the same as the inherent risk. This did not necessarily mean that mitigating action had failed to reduce the risk, but in most cases, it simply reflected the limitations of the current 3x3 risk scoring matrix, which allowed no room for subtle changes.  It was therefore proposed to introduce a 5x5 risk scoring matrix for future risk evaluations to allow for more nuanced scoring.  Other proposed changes were listed in the report.

A further longer-term objective was to establish a mechanism for the Corporate Plan Risk Register and all service-based and project risk registers to feed into the Corporate Risk Register.  Training and guidance could also be required to ensure that managers were equipped with the necessary tools to identify and evaluate risk.

It was previously agreed that the Audit and Standards Committee would review the risk registers kept by individual service areas, to raise awareness of the key operational risks faced by each service area and the mitigations that were in place to prevent or reduce their impact. However, this process had since halted as a result of changes to the management structure.  Members expressed an interest in learning more about the process involved when escalating risks from service area risk registers to the Corporate Risk Register and vice versa.

Members raised concerns about the change in rules around the Minimum Reserve Provision charge to the Council’s revenue account. Any changes could make lending to subsidiary companies unattractive and/or prohibitive, as they could have a major impact on new borrowing.  It was unlikely that new changes would not take effect until April 2023, therefore the impact could be minimised if the expenditure cash outflows could be accurately forecast.

Members commented that the Council’s ability to deliver savings and income targets as set out in the Medium Term Financial Plan, depended on strong financial management and the successful delivery of the Financial Stability Programme (FSP).  This required a strong partnership between Members and officers and the Corporate Risk Register cross referencing with the FSP.

The ongoing financial pressures faced by the Council meant that its acceptance of risk may have to increase, but this would need to be actively managed by both officers and Members. The process of embedding Risk Management practices at all levels of management would take time to achieve, but steps were already being taken to improve procedures. 

RESOLVED: That the Council’s Corporate Risk Register at Appendix A to the report be noted.