Agenda item
Risk Management Report 2021/22 (Q4) - Corporate and Directorate Risk Registers
Minutes:
Mr Paul Rock, Head of Internal Audit, Fraud and Risk presented the Corporate Risk Register and said this was a regular report to the Committee. He said the report provided an update against the Risk plan and how the Council was performing against key targets. Mr Rock said Mr Kevin Bartle, Interim Corporate Director for Resources and Section 151 Officer was present for any questions relating to the Resources Directorate’s risk register.
Mr Rock said the Corporate Risk Register had been reviewed and agreed earlier this month by the Corporate Leadership Team and likewise the Directorate Risk Register had been reviewed and agreed by Directorate Leadership Team. Mr Rock stated the Covid Risk Register which was a stand-alone register had been retired and the long-term risks from that register had been transferred onto the Council’s JCAD risk management system. He said the risks would be managed as business as usual and if they still presented a risk in the future, then the risks would be reviewed and bought to the attention of the Committee.
Regarding Risk resources, Mr Rock said they were experiencing challenges in recruiting staff. He said they had closed another recruitment process recently however they were not getting the right quality and experience of applicant. Mr Rock said that they would need to seek an interim arrangement in order to keep the risk management agenda moving forward.
In response to comments and questions from members the following was noted:
- Councillor Edgar referred to page 21 of the agenda and risk CSD0016. He said the Committee had previously discussed this risk. He asked why the current risk, which was at 25 had not been reduced to the target risk of 16. He said he was aware the target date was 31st March 2023 but wanted to know what progress had been made over the course of the year? Mr Rock responded stating that he was mindful the risk related to children and said as the risk belonged to the Children’s Directorate the Corporate Director would be best placed to answer this.
- ACTION: The Audit Committee in municipal year 2022/23 to decide if the Corporate Director for Children should attend a future meeting of the Committee and explain why it will take another year for the target date of 31st March 2023 to achieve a reduction in the risk.
- In reference to page 28 and risk PLC0013, Councillor Edgar asked why no information had been provided in the ‘required control measure’ column. Mr Rock responded stating extensive detail had been provided in the ‘existing control measures’ column and said this may be due to a technical issue with JCAD. He said he would provide the risk manager with an update and ask the column is updated.
- Councillor Edgar said he was impressed by the reduction of the risk from 25 to 4, in relation to risk ICT0080. Mr Adrian Gorst, Director of IT responded stating that goods were flowing much better since the pandemic. They had been planning for the move to the new Town Hall and had ensured the chain supply for the purchase of laptops, monitors etc was kept under review on a fortnightly basis. He said he hoped to have supplies by the end of May.
- Lastly, referring to risk CS0008, Raj Chand, Director for Customer Services reassured members that they would not be excluding people who were not digitally literate. She said they would continue to help those who were more vulnerable, with staff assisting face to face. Ms Chand said there would be a digital hub at the new Town Hall.
- In reference to risk ICT0080, and a risk of a cyber-attack, Mr Adrian Gorst, Director of IT said this was initially monitored on a quarterly basis, however with the risk increasing over the last nine months, such as the risk of a cyber-attack because of external conflict, the scans done have been stepped up from monthly, weekly and daily scans.
- In relation to risk RSB0023, Mr Kevin Bartle, Interim Corporate Director for Resources and Section 151 Officer, reassured the Committee that a close eye was being kept on the accounts of 2020-21. He said they hoped to achieve an unqualified opinion but may need to review the risk, depending on the progress made.
The Audit Committee RESOLVED to:
- Note the corporate risks, and where applicable request risk owner(s) with risks requiring further scrutiny to provide a detailed update on the treatment and mitigation of their risk including impact on the corporate objectives at the next Committee meeting (or separately before the meeting if urgent).
- Note the Resources Directorate risks and where applicable request risk owner(s) with risks requiring further scrutiny to provide a detailed update on the treatment and mitigation of their risk including impact on the directorate’s objectives at the next Committee meeting (or separately the meeting if urgent).
Supporting documents:
- Risk Management Report 2021/22 (Q4) - Corporate and Directorate Risk Registers, item 4.1 PDF 237 KB
- Appendix. 1 for Risk Management Report 2021/22 (Q4) - Corporate and Directorate Risk Registers, item 4.1 PDF 116 KB
- Appendix. 2 for Risk Management Report 2021/22 (Q4) - Corporate and Directorate Risk Registers, item 4.1 PDF 96 KB