Issue - meetings

Corporate Risk Register

Meeting: 31/07/2023 - Audit and Governance Committee (Item 25)

25 Corporate Risk Register pdf icon PDF 449 KB

To consider the status of the council’s corporate risk register in order to monitor the effectiveness of risk management within the performance management framework.

Additional documents:

Minutes:

The Director of Strategy and Performance (DOSP) introduced the report and highlighted the following:

 

·            The Corporate Risk Register incorporates the key risks across the whole organisation.

 

·            There were currently 16 corporate risks and 73 directorate risks.

 

·            The committee were informed that the directorate risk registers were reviewed on a monthly basis with the relevant service and corporate directors which then reported into the corporate risk register should any risks need escalating; risks scored 16-25 would be escalated.

 

·            With regard to development work on the approach to strategic risk, it was highlighted that more work needed to be undertaken on the risk register surrounding the aggregation of risks, understanding of accountability and action planning. It was reported that the corporate leadership team would challenge and have more ownership of the risks in the corporate register.

 

·            The senior management team would undertake training, to be provided by the council’s insurance company, within the next couple of months. 

 

·            The corporate risk register and the directorate risk registers were appended to the report.

 

In response to committee questions, it was noted:

 

1.          The DOSP confirmed that service directors had overall responsibility of their individual directorate registers to ensure that risks were de-escalated, removed and added when applicable, risk scores were regularly reviewed and scores, controls and future mitigating activity were updated where necessary.

 

2.          All service areas would identify their own individual risks and those key risks to the council that needed oversight would be captured within the relevant risk register. It was highlighted that reporting could be made clearer with demonstrating where it is a strategic risk, a service risk or a financial risk and what the mitigation actions    were and the impact those had on the council.

 

3.          There was a need to consider whether Council’s decision on Friday 28 July 2023 to renew Herefordshire Council’s commitment to taking action to tackle the climate and ecological emergency was addressed appropriately in the risk registers, along with any further work necessary to identify other risks related to this.  

 

4.          Following a question surrounding cross-departmental risks, it was confirmed that these would be included in the strategic risk register.

 

5.          In response to a question about the management of risk in circumstances where a risk owner position was vacant, the DOSP confirmed that the directorate leadership team would have oversight and ultimately the service directors had overall responsibility for their directorate register to ensure that those risks had oversight, mitigation in place, and were monitored in an effective way.

 

6.          The DOSP offered to circulate the Risk Management Plan to members of the committee.

 

7.          The cabinet member finance and corporate services offered his support in reviewing the risk register.

 

8.          The Section 151 Officer confirmed there was still work to be done around the risk register and acknowledged concerns raised around Cyber Attacks (CS.09) being de-escalated from the corporate risk register.

 

9.          The Section 151 Officer confirmed in response to a query around Wetlands (EE.13) that the £1m of the LEP grant money  ...  view the full minutes text for item 25