To provide an update on the council’s approach to risk management arrangements. 

The Director of Finance (DOF) introduced the report the purpose of which was to update the committee on the council’s approach to risk management arrangements. The following principal points were noted.

1.     The committee were reminded that under the constitution it was not their function to examine specific risks but was to monitor the development and operation of risk management processes and receiving assurance from internal and external sources of the effectiveness of arrangements.

2.     The revised Risk Management Strategy had been completed, incorporating a new Risk Appetite Statement which defined the level of risk the council would be willing to accept to deliver the priorities of the Herefordshire Council Plan 2024-28 and annual Delivery Plan.

3.     The Strategy set out the approach and principles of risk management, outlining the council’s risk appetite, risk management objectives and confirms the roles and responsibilities of elected Members and Officers across the council.

4.     Effective risk management is essential to the delivery of the priorities set out in the Council Plan. Specially, the Council plan commits the council to ‘develop a Corporate Risk Strategy to improve the process for managing corporate and directorate risks.

5.     A risk manager had been appointed and was responsible for co-ordinating the approach, ensuring consistency in scoring and highlighting areas of best practise. They would report the corporate risks to the corporate leadership team (CLT) and the Audit & Governance Committee and work with colleagues across the council to help identify, assess and manage strategic risks.

6.     The Draft Strategy was included at Appendix A and would be formally approved by Cabinet in June 2025. Risk management arrangements in 2025/26 would include monitoring and reporting of Corporate Risks via quarterly reports to Cabinet.

In response to committee questions it was noted.

      I.         Part of the role of the risk manager is to champion risk activity across the organisation as well as promoting and providing training and development. Their role is to ensure risks are consistently being scored using the same risk appetite set against the Council priorities.

     II.         Risk owners are responsible for ensuring arrangements are in place within their directorates and services to identify and manage risks in accordance with the council’s risk management framework.

   III.         Spreadsheets are currently in design to ensure consistency in data collection, reporting and aligns back to the risk appetite statement and the Council plan priorities. Risk owners are responsible for this action.

   IV.         The strategy is a live document that would be reviewed annually to ensure the risk appetite remains and to review the ever-evolving strategic risks. *The committee suggested that the frequency of review be recorded in the “Step 6: Monitor and update” section.

    V.         The corporate risk registers had been reviewed in collaboration with the Cabinet member, CLT and Cabinet. Historically it had been a large document which had been made leaner to include the corporate risks and strategic risks that were being managed that threatened the delivery of the Council plan objectives.

   VI.         Members were now clearly identified as having a role in understanding risk management arrangements. Collaborative work with Democratic Services to ensure members understand and have ownership of risk management through training would be explored. Risk forms part of any decision report and members have the opportunity to voice any concerns through this process. *It was suggested by the committee that member engagement and training be included somewhere in the strategy or reports going to cabinet.

 VII.         The DOF and HIA were producing a risk assurance piece for the committee  to demonstrate across all of the current risks where the source of assurance was for example, Internal or external audit, a task and finish group assigned by Scrutiny Management Board etc.

VIII.         It was highlighted that “Appendix B. Risk appetite” the yellow highlight represented the risk fact selected by the council, and this would be made clear on the document to cabinet.

   IX.         It was explained why certain post holder titles were named and that these were statutory posts within the Council and had specific risk responsibilities attached to them.

Resolved

That the committee notes the activity completed to develop the Risk Management Strategy and recommends risk management be added to the members induction programme as mandatory training for all councillors. The Chair would ensure that this recommendation is communicated through the appropriate channels.

*Suggestions made by the committee.