To provide an update on risk management.
Minutes:
Witnesses:
David Mody - Head of Strategic Risk
Anna D’Alessandro - Director of Corporate Finance and Commercial
Key points raised in the discussion:
1. The Head of Strategic Risk noted that since March’s Committee update, many of the external risks predicted had materialised. Inflation was in the high single digits, interest rates had increased and there had been national industrial action; residents were impacted by the cost of living and the conflict in Ukraine showed no signs of abating. Internally, there had been ballots with the Trade Unions and the demand for Council services was not abating. Good progress had been made concerning the internal risks, one risk had improved and a new risk was added.
2. The Head of Strategic Risk explained that risks were reported to the Corporate Leadership Team (CLT) monthly, informal Cabinet (iCab) received risk updates quarterly and there were deep dives on specific risks, and the Committee reviewed the overall processes. He did some deep dives in the summer on the directorates’ risk registers, ensuring they were up to date, risks reviewed regularly and actions were being followed up. Internal Audit uprated the assessment on risk management to Substantial Assurance, and the actions had been completed. He noted the minor changes to the Risk Management Strategy in relation to the three lines of defence approach and risk leads; and the delegation to the Committee of its approval.
3. A Committee member referred to paragraph 8 on the cover report, a) Risk Registers - ‘risk owners and target dates had not been recorded for all risks included on registers’. He was surprised that the Risk Management Strategy was not updated to include dates as the length of items on the registers could not be ascertained. The Head of Strategic Risk explained that risk registers were live documents, a work in progress where he was happy with those including missing information so that there could be conversations around the risks, any missing actions or risk owners. He had informed the directorates to include that information where possible, it was not mandated because he did not want the situation where risks were potentially not being included in risk registers because some bits of information were missing.
4. As a supplementary question the Committee member queried whether the Head of Strategic Risk knew how long risks had been on the risk registers for. The Head of Strategic Risk noted that there was a control version where he could go back through previous iterations to track risks over time. He noted that he tried to keep the risk registers down to core information so that people continued to engage.
5. As a supplementary question the Committee member queried the absence of a risk and issue management framework in the Risk Management Strategy around the mitigations that might be in place in case of risks materialising. The Head of Strategic Risk noted that anything rated a 5 on the risk register was a triggered risk which then became an issue, the methodology was the same in terms of actions and what controls were in place; the focus was on future risks.
6. A Committee member referred to the Strategic Risk ST.23 querying why the resurgence of Covid had a downwards green arrow, as there was currently a resurgence. The Head of Strategic Risk explained that the risk was downgraded just after the Committee last received the risk update report in March, the exposure to the Council was less than it was with the medicines in place and that risk rating reflected national guidance.
7. The Chairman referred to the Strategic Risk ST.30 around rising costs and noted that the cost of living seemed to have a low rating despite it now being fundamental to everybody's working lives. The Head of Strategic Risk explained that from a Council perspective there were some controls in place to assist with the cost of living pressures; there was a monthly working group. The Chairman asked how the rating for cost of living was decided, it was lower than the risk of a cyber-attack for example. The Head of Strategic Risk noted that risk ratings were based on the probability and the impact, for example despite the Council’s good controls in place there was a high probability of a cyber-attack and the impact would be significant. Regarding the cost of living the causes of the risk and impacts were reviewed, however there was an element of subjectivity as some people were significantly adversely affected compared to others. The Director of Corporate Finance and Commercial explained that CLT reviewed the Strategic Risks monthly and agreed the risk ratings. The Head of Strategic Risk added that over the next month the Corporate Risk Register would be reviewed, it was likely that industrial action would be removed from the outdated August iteration.
8. Responding to the Chairman, the Head of Strategic Risk explained he would be at next week’s iCab highlighting the changes that had taken place, there would be a deep dive on a specific risk: Home to School Transport.
9. A Committee member referred to the new risk added: Strategic Risk ST.36 around changes in the Adult Social Care (ASC) operating environment, asking whether that followed on from the Chief Executive’s Council-wide email on the ASC leadership staffing change. The Head of Strategic Risk explained that the risk related to the wider environment around the way that the Care Quality Commission was going to undertake some of its work, also some of the Council’s partners had specific funding pressures. He noted that the relevant directorate would know whether that risk would be reviewed by the Adults and Health Select Committee.
10. A Committee member referred to the risk management training module which would be provided to 450 staff by October and asked what risk management training, guidance and structure was given to those staff prior to that training module. The Head of Strategic Risk noted that no risk management guidance had been provided to those staff prior to the module. He had provided separate training through meeting with all the senior managers and key project teams to ensure that their risks were being captured and they were following risk management appropriately. Previously, officers managing smaller projects which did not have a large strategic impact, were not being exposed to some of the risk management tools and techniques.
11. The Vice-Chairman commended the excellent progress year on year around risk management; the Chairman noted that risk management procedures and processes had improved significantly and the Cabinet Member for Finance and Resources endorsed that praise.
RESOLVED:
1. Noted the update on risk management.
2. Approved the updated Risk Management Strategy (Appendix B).
Actions/further information to be provided:
None.
Supporting documents: