The Corporate Risk Register is reviewed and updated in line with the requirements of the Council’s Risk Management Framework.
Quarterly updates reflecting revisions are reported to the Audit and Governance Committee, this report highlights the changes since the last update.
It is proposed that the Committee considers and notes the revised Corporate Risk Register.
[15 Minutes]
Minutes:
Upon the invitation of the Chair, the Group Head of Finance and Section 151 Officer introduced the report, explaining that he was presenting this report on behalf of the Finance & Risk Manager. He highlighted the major cyber-attack score had recently increased but was still deemed to be medium risk. An additional medium risk had been identified (CRR4) relating to supplier support for the Council’s electronic document management system. The Corporate Management Team had approved the removal of risk CRR18 relating to the Housing Benefit Subsidy as an auditor had now been identified to undertake the audit. The Corporate Management Team had approved the removal of risk CRR14 relating to Housing repairs - compliance failings. It was deemed that this risk was now being managed to an acceptable level and could now be managed at a service area level. To improve the risk management of major projects (CRR11) this risk had been separated into three separate risks by project: CRR11a - Major Project- Alexandra Theatre; CRR11b - Major Project - Littlehampton Seafront; CRR11c - Major Project - Bognor Regis Arcade.
Members were then invited to ask questions. One Member expressed concern regarding the amount of red risks from CRR10 – CRR11c, and CRR1a - CRR18. It was noted that there was reference to staff needing more training to improve these areas, and it was asked whether there was any progress on this. The Group Head of Finance and Section 151 Officer thanked the Member for the excellent question. He explained that some risks such as the Financial Resilience Risk would remain red for quite some time, although there was a plan to manage that risk and a lot of work was going on to address this. This was the case for other risks too. He said there was assurance to be gained just by the nature of recognising the risks and being aware that the problems were being actively managed. The corporate risks were reviewed on a 6 monthly basis, but there was continuous work being undertaken. The Internal Audit Manager explained the gross risk level was the starting point and effectively the worst-case scenario, and the net risk was the risk level once actions were already in place and those that the Council had committed to were taken into account. Some of these net risks were amber. The red risks CRR1-CRR11c were mostly red for the net risk, which appeared the most alarming. Some of these risks were for the major projects, and the risk at the start of these projects was more severe and would reduce as the project progressed. The aim was to reduce the net risk by mitigating the risks.
There was still concern that some of the issues were due to staff training, and it was asked whether there were any plans to improve on that. The Group Head of Finance and Section 151 Officer was not able to give an answer for this where the risks did not come under his area, however he suggested that if Members had particular concerns around certain risks, they could ask the relevant Group Head to attend the Audit & Governance Committee to explain this in further detail.
The Chair thought the risk owners of CRR1-B (Balance of Housing Revenue Account), CRR2 (Organisational capacity to deliver) and CRR7 (Climate Change) should provide a short-written report for the next meeting of the Audit & Governances Committee. There was agreement for this from the Committee.
The report was noted.
Supporting documents: