Agenda item

In accordance with the Council’s Risk Strategy, this report presents the annual review of the Risk Strategy.

Discussion:

The Chief Operating Officer introduced the report, he highlighted the Corporate Risk Management Group of senior officers which undertook oversight and review of the risk register, had been reinstituted and had considered the proposed amendments to the risk strategy. He highlighted the following changes to the strategy.

The Risk Register was now held on a single platform which was accessible to all relevant officers and held all known risks, from specific projects, through departmental risks to Council wide risks. The role of the Corporate Risk Management Group would be to review the Risk Register providing, advice and proposing mitigations.

The definitions for likelihood and impact had been reviewed and updated. This included a default time period for considering the likelihood of a risk event being set at 12 months, though longer could be considered in certain circumstances. In relation to impact it was proposed that the word ‘catastrophic’ be changed to ‘critical’ which provided a more objective view of the potential impact of a risk taking place.

The following issues were discussed:

Risk Platform - in response to a question on what platform was the register managed, the Chief Operating Officer stated that it was held on a single live database which relevant officers would be able to update as required. The Corporate Risk Management Group would periodically review, provide challenge and consider potential mitigations to the risks presented to them.

Risk Management Group – further information was requested for the reasoning to re-instate the Risk Management Group. The Chief Operating Officer stated that previously the group had too wide a remit, considering issues such as emergency planning and business continuity on a regular basis which meant that the group was unfocused and included more junior membership. The re-instated group would be made of members of  the Corporate Management Team and would be focused solely on the risk register.

The Chief Operating Officer was asked for further information on the role of the group. The Chief Operating Officer explained that the group would review the risk register, offer challenge, propose mitigations to reduce risk and provide assurance to the Council that risk was managed effectively.

Impact definition – a Member commented that they believed the definition of catastrophic represented an accurate view of the level of concern that should be held for some risks. The Chief Operating Officer stated he felt the term was too emotive, and critical was more objective without diminishing the level of risk that was present.

Role of the Audit Committee – the Committee discussed whether the Audit Committee had a role in reviewing the Risk Register on the basis that the Committee needed to be assured that risk was managed effectively and the Committee had powers to review any documentation to provide that assurance.

The Chief Operating officer stated that the Overview and Scrutiny Committees scrutinised the relevant part of the Risk Register for that Committee and Cabinet reviewed the register on a quarterly basis. It was the view of officers that it would require a change in the Constitution to enable the Committee to review the Risk Register. He undertook to discuss the issue further with the Assistant Director of Legal and Governance and provide a formal response to the Committee following the meeting.

Identification of risk – a Member commented that the Council could do more to consider whether it identified risk effectively. The Head of Internal Audit and Counter Fraud stated that identification of potential risks was completed at the service level, which enabled controls to be put in place to mitigate the risk such as segregation of duties. In this way detection of risk was part of mitigation.

Decision:

a)              The Committee considered the 2026/27 Risk Strategy as set out in Appendix 1 to the report and submitted comments to Cabinet.

b)              The Chief Operating Officer to discuss with the Assistant Director, Legal and Governance whether Audit could consider the Risk Strategy on a periodic basis and provide a response to the Committee following the meeting.