Agenda item

The Performance Manager presented the Whole Authority Strategic Risk Assessment. Following discussion with the Chair and officers, it was decided not to consider the effectiveness of the authority’s risk management arrangements.  This will be a separate paper to a future meeting. The Committee instead was requested to check if the contents of the strategic risk register accords with our understanding of the key risks facing the Authority.

The Chair considered the risk register held lots of useful information for officers as a working document. A preferred format has been suggested for reporting back in future to include:

1.     key risks facing the organisation;

2.     what actions are being taken;

3.     what actions have been taken over the preceding period;

4.     who is accountable;

5.     actions completed and not completed (and why); and

6.     key performance indicators.

Questions from Committee Members were invited:

·       A Member commented that this has always been a living document and the status of risks changes. There will be severe financial constraints over the next period, and it would be useful to have a process to flag up when things are going wrong at the time they are going wrong. 

·       The Chair queried the authority’s approach to “horizon scanning” particularly how risks are identified and captured within the risk register and thereafter mitigated.  A separate paper was requested in due course.

·       Referring to the example of rapidly moving energy prices, a Member asked how new risks, that place demand on services in a more rapidly changing environment, are being built in. It was queried if such risks are identified at a senior level as potentially affecting all operations and if so, is a risk assessment devised and an action plan and mitigation put in place.  It was queried if it is sufficient to allow this information to flow up from service departments. It was accepted that arrangements are in place to escalate risks to a strategic level when they happen quickly and need to be dealt with. Emergency responses are set up straight away at a senior level to respond e.g. Covid. Service areas also have their own arrangements

·       Considering the thirteen risks identified, a Member was concerned that risks to service delivery and other strategic risks are missing. The example of climate shocks was provided. The Performance Manager advised that the risk environment is dynamic with strategic risk management and reporting arrangements being just one part. Services are responsible for managing and mitigating their own risks using the arrangements they have in place. More live issues are managed day to day with plans adjusted as necessary. Escalating risks notified via the service plan inform the strategic risk management plan and where risks are fast-moving, they may be added to the strategic risk register.  Climate shocks are covered under risk 11 (policy to decarbonise operations). Mitigating actions include how we deliver our climate emergency strategy. There are connections between different risks that cause impact on other service areas.  The Member queried the point that climate shocks affecting service delivery are covered under risk 11 and added that Climate shocks should be an additional 14^th risk noting they cover all of the Council’s operations. It was accepted that the headline risk is about the policy commitment to decarbonisation but also included within the same risk is resilience to climate shocks.

·       The Chair asked how the risk register is populated; how risks are captured and if there are opportunities to improve its effectiveness.  It was explained that the risk register is a construct of a range of information and evidence. Service plans identify strategic and operational risks, these are updated on a regular basis and provide information on the main risks to the organisation.  The information is assessed against the current risk register to identify changes and new risks and is reported to SLT to identify strategic risks facing the organisation in a continuous cycle. 

·       A Member suggested it was optimistic to consider that Risk 13 will reduce to a medium risk by 2025.  It was explained that some risks are longer term strategic challenges. Risk is assessed to decrease based on the progress and impact of mitigating action such as the work being undertaken to address homelessness, delivery of the housing support programme partnership and delivery of the rural local development plan. The risk level will be assessed considering the ongoing evidence (such as the Ukrainian crisis) and progress of the mitigating actions and reviewed accordingly. This comment will be conveyed to the risk owner.

·       A Member commented on unmitigated high risks and three years later with mitigation still being high risk. A table in the report that flags risks increasing/decreasing, new, changed or removed risks was suggested with priority defined by SLT. The Performance Manager explained that the strategic risk register reflects the range of matters strategically important for the Council, and arrangements for their assessment and management. Strategic risks are complex, and the council can, via its mitigating action, have an impact. How the impact materialises and pace at which the risk is mitigated to a satisfactory level may take longer than three years. Other external risk factors can impact outside the Councils control.  Overall, the Council aims for mitigating actions to be strong enough to reduce the risk over time.

·       Committee Members were signposted to The Hub where service plans can be viewed. Service Business Plans 2021-2024

The Chair noted the absence of climate shock risks and the cost of living risk. It was noted that the authority faces a period of huge uncertainty from many sources

The Chair considered the risk register does not fully reflect the significance of the risks facing the authority and the adequacy of actions and priorities are unclear.

In terms of horizon scanning, it was suggested a top down process with officer and councillors in a workshop to collect high level views to allow better articulation of the risks facing the authority.  Further work is needed to assure the Committee on risk management arrangements and their effectiveness.

Referring to the report recommendations, the Committee:

1.     Used the risk assessment to consider the effectiveness of the authority’s risk management arrangements andthe extent to which the strategic risks facing the authority are appropriately captured.

2.     will scrutinise, on an on-going basis, the risk assessment and responsibility holders to ensure that risk is being appropriately managed.