Agenda item

Corporate Risk Register

To consider the status of the council’s corporate risk register in order to monitor the effectiveness of risk management within the performance management framework.

Minutes:

The committee considered the status of the council’s corporate risk register.

 

The head of corporate performance presented the report, highlighting the following: the three new corporate risks, one risk that had been escalated to the corporate risk register, and the three risks that had been de-escalated; the changes to the corporate risk register since the last report were shown in red text in Appendix A; the directorate risk registers were provided in Appendices B to E, with a summary of changes shown in paragraph 8 of the main report; the risk maturity assessment provided in Appendix F provided a good foundation for progression, with the intention to undertake a risk management audit, to provide additional training throughout the council to embed risk management, and to build the developments required into the risk management plan; and the identification of potential software solutions to improve efficiency and to free officer capacity to work to embed risk management within the directorates.

 

The main points made during the discussion included:

 

i.             The risk maturity assessment was the first one undertaken with South West Audit Partnership internal audit services (SWAP), so comparison with other local authorities was not yet possible.

 

ii.            With attention drawn to certain references in the economy and environment risk register, it was explained that the risk registers related to the situation as at the end of February 2022 and some matters had been addressed in the intervening period.

 

iii.          In response to comments about potential risks associated with inflation and increasing costs of living, the head of corporate performance commented that the risk management framework was becoming more dynamic and reported on discussions with the leadership team on strategic and longer term risks.

 

iv.          It was suggested that the risk registers should make reference to strategic partners where the council relied upon those partners to deliver activities for the council.

 

v.           The director of finance resources and assurance acknowledged the need to reduce the lead-in time between the preparation and presentation of the papers but was not aware of any other significant risks that should have been identified as at the end of February 2022, albeit various reassessments had been undertaken subsequently during March and April.

 

vi.          The chief executive made a number of observations, including: the opportunity to present the risk registers was welcomed; the value of regular dialogue between the head of corporate performance and the leadership team regarding strategic risks for specific directorates and for the council as a whole; the need to reflect matters included in the annual governance statement and the external auditor’s annual report; the importance of ensuring that partnerships, such as the Herefordshire and Worcestershire Integrated Care System, worked well; and other challenges included workforce recruitment and retention, the delivery of major projects, the increasing demand for services, the ability to continue to deliver savings, and minimising exposure to cyber-attacks.  Reflecting on experiences in other local authorities, the chief executive emphasised the importance of a broad and deep approach, raising the profile of risk management, and making better informed decisions.

 

vii.         With reference made to the deferred item, ‘Auditor’s annual report 2020/21’, a committee member questioned the timing of the establishment of the Major Contracts Improvement Board and its effectiveness.  The chief executive briefly commented on the improvements that had been put in place since 2020/21.

 

viii.       With comments made about the implications of inflationary pressures, a committee member considered that further assurance was needed on the management of risks and suggested that the committee could examine one or two risks in greater detail. 

 

The head of corporate performance confirmed that a similar action was included in the committee’s action log (action 99 refers), commented on the need for input from the relevant service areas, and outlined the potential benefits of a software solution for risk management in terms of data visualisation.  The chief executive advised that strategic risks could be an appropriate starting point.

 

ix.          A committee member suggested broadening use of specific, measurable, attainable, realistic, timescale (SMART) goals to include ecological / environmental impacts, and responding / rewarding (SMARTER) goals.

 

x.           The vice-chairperson welcomed the development of a strategic risk register, potentially enabling the directorate risk registers to sit with the leadership team and with the cabinet members, and commented on the need to avoid silos and for the committee to be sighted on cross-cutting risks.

 

The head of corporate performance said that the first iteration of a strategic risk register might be available for the September 2022 meeting and the new software system should be in place for business planning in 2023/24.  The head of corporate performance added that he was due to leave the authority shortly.

 

xi.          In response to questions: the chief executive advised that directorate risks were discussed with cabinet members in their briefings; and the director of resources and assurance advised that the Major Contracts Improvement Board had been established by Cabinet in July 2021 (minute 32 of 2021/22 refers) and Councillors Davies, Harvey and Harrington were the cabinet members on the board currently.

 

xii.         The chairperson said it should be made clear that the new risk in relation to receiving an adverse Ofsted inspection (CRR.66) related to the children and young people directorate and not to an individual school.

 

It was agreed that a workshop would be arranged in October or November 2022 to consider the first iteration of the strategic risk register and to examine one or two strategic risks in greater detail.

 

On behalf of the committee, the chairperson thanked Paul Harris for his work on corporate performance and for the progress that had been made with the risk management approach.

 

At the conclusion of the item and in response to a comment from a committee member about the need for visibility of, and to learn lessons from, issues that had given rise to problems, particularly in relation to major projects:

 

·             the chairperson outlined some of the occasions where the committee had put forward requests to the Section 151 officer for internal audit into certain activities;

 

·             the director of resources and assurance noted the opportunity for the committee to input into the internal audit plan and invited members to contact him directly between meetings;

 

·             following a comment by the chairperson about the potential for internal audit to look back over previous audits to identify any significant findings that may be worth revisiting, the assistant director for SWAP said that the audit plans for any particular pieces of work could be shared with committee members; and

 

·             the chief executive suggested that the director of resources and assurance liaise with SWAP to explore how additional assurance could be provided to the committee that recommendations for standout pieces of work in recent years had been actioned and addressed; and

 

·             the vice-chairperson noted that the committee received a regular report on progress against internal audit recommendations.

 

Resolved:      That status of the council’s corporate risk register be noted.

 

Action(s):

 

Action 146:     Where corporate or departmental risks have an integral component supplied by partnerships, consideration be given to identifying those partnerships in the relevant risk entries.

 

Action 147:     A workshop be arranged in October or November 2022 to consider the first iteration of the strategic risk register and to examine one or two strategic risks in greater detail.

 

Supporting documents: