Agenda item

The Committee considered a report on the changes to the corporate risk register since it was last presented to the Committee in April 2022, including the change in residual RAG ratings in respect of threecorporate risks, as shown by table 1 referred to in the report.

This report also detailed how the new process continued to achieve the desired outcomes set out in the Risk Management Strategy and Policy as well as setting out any changes made to the Strategy and Policy by the Risk Management Group.

Whilst the Committee acknowledged and appreciated the work carried out to date, there were a number of comments and suggestions for improvement as follows:

·       where items were being re-scored, particularly if they were moving into a red rating, more information was requested in that regard in respect of the reasons for the change and any concomitant mitigations. There was particular concern, which was shared by the Deputy Leader, about CR9 (risk that capital programmes and projects experience issues that affect time, quality or budget) and further information as to reasons and mitigation measures was requested.  The Deputy Leader confirmed that the main reason for the red rating on CR9 was inflationary pressures in major projects such that the viability of some of those projects was under review. It would be a matter for the Major Projects Board and the various governance boards to propose possible solutions and mitigations, which would then need to be put to Executive and, if additional monies or changes to the objectives or delivery plan for such projects were required, to full Council for approval.  

·       It was suggested that the Risk Management Group consider for future reports:

(a)   whether the risk change heatmap should also plot the gross scores as well as residual scores, so that it is easy to see risk changes before any mitigation is applied; 

(b)   the axes on the heatmap charts are labelled in order to identify the ‘likelihood’ axis and the ‘impact’ axis;

(c)   all the boxes are the same size so that some sense of perspective is achieved;

(d)   the risk register is re-arranged in descending order according to gross scores;

(e)   the possible duplication of reference to CR23 (risk that Council staff or contractual staff take industrial action) on the revised heatmap and whether it should be rated green, rather than red;

(f)    In view of the outcome of the internal audit report on risk management considered at this meeting, whether CR25 (risk that management and governance processes in place are not fully utilised for all programmes and projects) had been rated too strongly as a red risk;

(g)   whether CR21 (risk that the Council fails to meet its target of becoming net carbon zero by 2030) should appear on the heatmap.

The Committee, having considered the corporate risk register

RESOLVED:

(1)    That the Committee’s comments and suggestions, as outlined above, be considered by the Risk Management Group.

(2)    That the Committee notes the progress made to implement the new risk management process.

Reason:

The Risk Management Strategy and Policy states that this Committee will review the corporate risk register on a six-monthly basis. It is the responsibility of the Committee to ensure it is satisfied that the Council operates and maintains a robust and effective risk management process.