Agenda item

The Committee considered a report on the changes that had been made to the corporate risk register since it was last presented to the Committee in June 2023, including the addition of new risks, changes to scoring, mitigations etc. which were detailed in Appendix 1 to the report, together with the scoring matrix and risk criteria for impact and likelihood.

The report had also detailed how the new process continued to achieve the desired outcomes set out in the Risk Management Strategy and Policy as well as setting out the changes made to the Strategy and Policy by the Risk Management Group.

The Corporate Risk Register set out in the report had included 31 risks in total, with 9 marked as red, 14 amber, and 8 green. 

The following comments were made during the debate:

·      Concern was expressed that there were too many risks contained in the high-level corporate risk register and that some of the risks ought to be moved to directorate/service risk registers. Further concern was raised that there should be a more consistent approach between all the risk registers at the various levels.  It was suggested that there should be a review of the whole risk management framework across both Guildford and Waverley. 

·      Noting the risk change heat map in Appendix 2 to the report, concern was expressed that the likelihood and impact of CR15 – Risk of Financial Fraud had shifted from low to high.  The anti-fraud and corruption policy was stated as one of the mitigating factors.  It was suggested that this policy should be reviewed by this Committee or the Overview & Scrutiny Committee.  The Chairman indicated that he would follow up the suggestion to ascertain whether the anti-fraud and corruption policy was due for review and, if so, the governance route for such a review.

·      It was noted that when the Committee had considered the external auditor’s report, a concern was raised as to whether a specific risk had been included in the Corporate Risk Register in respect of the receipt of timely independent external assurance in accordance with statutory deadlines.  It did not appear that such a risk had been included. The Chairman indicated that he would ensure that this point was followed up.

·      In relation to CR14 (risk that the Council experiences increased costs), clarification was sought as to whether this was an “in year” risk, or a risk associated with the medium-term financial plan period. In response, officers confirmed that the mitigation had referred to financial monitoring with the assumption that the risk was associated with the “in year” position.

Having considered the report, theCommittee

RESOLVED:  That the progress made to implement the risk management process be noted and that officers be requested to respond to the Committee’s observations and comments referred to above.

Reason:

The Risk Management Strategy and Policy states that this Committee will review the corporate risk register on a six-monthly basis. It is the responsibility of the Committee to ensure it is satisfied that the Council operates and maintains a robust and effective risk management process.