Agenda item

The Committee considered a report on the changes that had been made to the corporate risk register since it was last presented to the Committee in November 2022.  The report had also detailed how the new process continued to achieve the desired outcomes set out in the Risk Management Strategy and Policy as well as setting out the changes made to the Strategy and Policy by the Risk Management Group.

The Committee’s attention was drawn to the update on the Supplementary Information Sheet in respect of Risk Reference CR32 (risk of designation by Secretary of State for failing to achieve national target for determining non major planning applications).

Since the November 2022 report, the Risk Management Group had met twice, most recently on 18 May 2023, when they reviewed the Corporate Risk Register.

The Corporate Risk Register set out in the report had included 31 risks in total, with 7 marked as red, 13 amber, and 8 green.   Two of the risks had unscored residual risks that were waiting to be scored by the Risk Management Group and one new risk which needed to be completed by the Risk Management Group.

The Committee noted that, in the next quarter, officers would be working with the Council’s insurers to hold risk challenge lessons and provide assurance for risks that were red RAG rated, the aim of which was to assess whether the mitigation measures identified in the Corporate Risk Register would address the risk identified and also factors affecting the likelihood.

The following comments were made during the debate:

·      In response to concerns expressed about the 7 red rated residual risks and how work would be prioritised to mitigate those risks, the Joint Strategic Director: Transformation and Governance informed the Committee that the risk register was a live document, with risks changing constantly, and the Corporate Management Board, the Executive, and the Lead Councillor monitoring the risks closely on a very regular basis.

·      In response to a question regarding having sufficient staff capacity to deliver on the management of these risks, the Strategic Director confirmed that for some risks, for example Risk CR32, maintaining sufficient capacity had been very difficult.  However, managing the risks was a day-to-day active management process.  A more detailed explanation of how the Council will ensure that it has sufficient staff resources to achieve the various mitigations proposed would be provided.

·      In response to a concern that there appeared to be no strategic solution to mitigating Risk CR6 (risk that the Council is unable to recruit and retain staff, including as a result of the collaboration), the Committee noted that part of the collaborative work with Waverley included a strategy on workforce development the aim of which was to identify how the Council could recruit, retain and develop staff, with a view to effective succession planning, particularly in those areas where this has been, and continues to be, difficult. 

·      Welcomed progress on implementing the risk management process, noting that in respect of the movement of risks, the only substantive change related to Risk CR9 (risk that capital programmes and projects experience issues that affect time, quality or budget).  Concern was expressed that unmitigated likelihood had increased from five to six, and mitigated likelihood from four to five. 

·      It was noted that no commentary had been provided in respect of reasons for slippage on target dates for mitigation actions (e.g. Risks CR21 and CR25).

·      It was also noted that some risks had shown the same gross and residual scores implying that the mitigations being proposed would have no impact on the likelihood of those risks occurring (e.g. Risks CR14 and CR24) 

·      Comment on whether it would be appropriate to include a risk in respect of air quality in the Corporate Risk Register.

·      In response to these concerns, the Strategic Director: Transformation and Governance commented that officers had examined these risks carefully and had asked some searching questions in respect of mitigations in terms of what they might look like and how effective they might be.  It was clear that some planned mitigations had not had the desired impact. In relation to Risk CR21 (risk that the Council fails to meet its target of becoming net carbon zero for its own operations in Scope 1 and 2 by 2030) and given that almost half of the Council’s carbon emissions came from Guildford Spectrum, it was clear that, unless the Council had a plan in place now to address it, there was little scope to reduce the risk of failing to meet that target.

·      In response to a query regarding the need for robust business cases and strategic direction associated with Risk CR8 (risk that the Guildford/ Waverley collaboration does not meet its objectives) the Strategic Director reminded the Committee that the initial plan for collaborative working with Waverley related to the establishment of a joint management team, which was in place with effect from 1 October 2022.  Since then, there had been considerable work undertaken in terms of sharing resources, via a Section 113 Agreement.  It was now proposed to take a report to both councils seeking authority for the joint management team to proceed with further collaborative work including bringing forward business cases in that regard.

Having considered the report, theCommittee

RESOLVED:  That the progress made to implement the risk management process be noted and that officers be requested to respond to the Committee’s observations and comments referred to above where further information is required.

Reason:

The Risk Management Strategy and Policy states that this Committee will review the corporate risk register on a six-monthly basis. It is the responsibility of the Committee to ensure it is satisfied that the Council operates and maintains a robust and effective risk management process