Agenda item

In accordance with the terms of reference of the Committee, it is a requirement to produce an annual report on the risk management and business continuity arrangements in place.

The Chief Finance Officer presented the annual report on Risk Management for the period 2021/22.  Risk Management was an integral part of the Committee’s terms of reference and the overarching risk management framework.  The Committee had revised and approved the current risk management framework at its meeting on 9 June 2021.

The Risk Management Group was chaired by the Governance and Risk Officer and consisted of all the Heads of Service and Assistant Directors. The Group compiled a work plan around some of the main risks and interventions around risk management, internal audit, insurance, counter fraud governance, procurement, data protection, health and safety, business continuity and safeguarding. 

Going forward the Risk Management Group would be scheduled as part of the Senior Leadership Team and meetings would be held quarterly with focus on one specific area and updates on other areas as applicable.

Service Risk were risks that sat within operational service areas rather than strategic risk and these were currently being reviewed by the Governance and Risk Officer with Heads of Service following the completion of service plans.  Risks identified by the service area which would compromise service delivery and mitigations to address those risks.  A full register would be compiled and this would be reviewed to see if any were strategic or corporate and needed to be included in the strategic risk register.

The Strategic Risk Register was last approved by the Committee at its meeting on 20 April 2022.  The register was based under seven themes and was reviewed by the Corporate Management Team before it came to Committee.  The register would be coming back to the Governance and Audit Committee in September 2022.  

The Strategic Risk controls and actions were tracked and monitored using software that gave a real time picture of the risks.  Progress of risk actions could be tracked through implementation and outcome by Managers.

A key element of the Annual Governance Statement was the Annual Assurance Statement.  Each Heads of Service had individually compiled an Annual Assurance Statement for 2021/22 which was designed to assess the effectiveness of the key internal control environment and they were asked if they strongly agreed or disagreed with the themes under the seven governance headings.  75% of Heads of Service had agreed with the statements on assurance with the remainder partially or did not agree or did not know as it was felt that it was not relevant to them.  From the information a workplan was developed and shared with the Risk Management Group.  A draft Annual Assurance Statement for 2021/22 would be coming to the July Committee meeting, both the counter fraud and risk management work would be fed into the document.

The Governance and Risk Officer briefly spoke to the Committee about the Risk Management Group and how effective being part of the Senior Leadership Meetings was.

A question was asked about risk in respect of the Council’s arm’s length companies and it was stated that it would be a matter for the Companies Committee to ask the individual Companies about what risk registers they had in place. The Board of Directors for each company would need to seek assurances about risks when Business Plans were updated and what risk and mitigations were place.

One Member asked to see the information in respect of those areas highlighted within the report at 2.13 (business continuity, staffing and IT).  The Chief Finance Officer indicated that he would be happy to share the information outside of the Committee meeting.

ØAction

Chief Finance Officer to share information in respect of the thematic headings of Business Continuity, Staffing and IT as referenced at 2.13 of the report.

The recommendation contained within the report was proposed, seconded and AGREED.

Decision

That the Governance and Audit Committee approve the Risk Management Annual review as outlined within the report.