The Audit Manager led Members through the Risk Management Update report which provided a position update on risk management processes, the key strategic risks currently facing the Council and outlined some of the recent improvements made to the risk management process.

The Audit Manager, in his role as Risk Management Coordinator, was currently responsible for facilitating all strategic risk management activity including maintaining the Risk Management Policy and collating and reporting on updates to the Corporate Risk Register. The responsibility for identifying and managing risks, however, remained with Senior Management.

Following on from their Enterprise Risk Management, Business Continuity and Disaster Recovery Review in February 2022, the Council’s insurance provider, Zurich, were engaged to carry out further work to help improve the Council’s risk management processes, by means of feedback surveys and face-to-face workshops.  From this work, the Audit Manager was able to compile a new Corporate Risk Register, at Appendix B to the report, and Risk Management Policy for Member’s approval at Appendix A to the report.

Grant Thornton, the Council’s external auditor, also made a recommendation in respect of risk management  in their Annual Audit Report 2021/22 reported to the Committee in June 2022. The shortcomings of the existing risk management processes were acknowledged in the management response and Members noted that several of the points raised had been addressed as part of the Council’s work with Zurich. All outstanding items would be incorporated into further planned improvements.

The Council’s Risk Management Policy was last reviewed in February 2020 and had been completely revised to reflect the changes made to the risk management process, attached at Appendix A to the report for Members’ approval and referral to full Council for adoption.  The most significant changes made to the previous policy were the inclusion of sections outlining the Council’s risk management methodology and how it was proposed to define the Council’s risk appetite.

The Corporate Management Team (CMT) had recently reviewed and updated the new Corporate Risk Register produced as a result of the Risk Management Refresh exercise, shown at Appendix B to the report.  Improvements made were outlined in the report for Members’ information.

Heads of Service/Service Managers should maintain a risk register for key operational risks within their service area, but presently there was no standard template for a service based risk register nor any formal review mechanism for ensuring that risk registers were kept and regularly reviewed. The Deputy Chief Executive was therefore looking to incorporate the requirement for maintaining risk registers into the service planning process, to be introduced in 2023/24.

Members were given the opportunity to ask questions and the following points were noted during the discussions:

•           Members raised concerns that certain risks, e.g. affordable homes and temporary accommodation that could be mitigated, had been merged together with risks that could not, e.g. land supply;

•           not using technology was also a risk, however the Council did not intend to be at the forefront of testing new technology;

•           Members noted that the risk register was a live document, but requested that CMT re-examine the economic risks in light of inflation and the current level of energy prices, that Risk 2 (The Council cannot meet its housing objectives) be re-assessed and Risk 5 (Project delivery compromised) also be re-examined in view of the Audit findings on Procurement and the Capital Programme;

•           Members requested that the following risks be considered by CMT for inclusion in the risk register: (1) Rother DC Housing Company and (2) the effects of the rising cost of living and energy crisis on staff; and

•           Members suggested that, in relation to Risk 9 (Lack of quality/ quantity of staff to deliver services), staff productivity could be improved by the use of new technology, rather than viewing new technology as a risk.

Members noted that risk appetite would be reviewed regularly and a process would be put in place to report proposed amendments to Cabinet.  Members were happy to recommend the policy to Council for adoption and to note the risk register but agreed that all comments and suggestions made by the Committee concerning the risk categories, be taken back to CMT for review.

RECOMMENDED: That the new Risk Management Policy at Appendix A to the report be adopted;

AND

RESOLVED: That the Council’s Corporate Risk Register at Appendix B to the report be noted, but comments made by the Committee be taken back and considered by the Corporate Management Team.