Agenda item

To consider the updated Enterprise Risk Management policy, guidance and Corporate Risk Register.

The Committee discussed Corporate Risk Management.

During the discussion of this item the following points were made:

·         Andrew Moulton indicated that the Audit Committee had at its June meeting, requested that the Corporate Risk Register be refreshed.  Two workshops had been held with the Corporate Leadership Team and Extended Corporate Leadership Team to identify the corporate risks.  Andrew Moulton highlighted new corporate risks for review such as workforce. 

·         Previously there had been 9 corporate risks.  Andrew Moulton commented that the Corporate Risk Register would be rebased and renumbered following the review, as over time risks had come on and off but had retained their original number.  Members agreed that this would be easier to understand.

·         Councillor Smith stated that he felt that the Corporate Risk Register was made up of a mixture of ‘permanent’ risks such as safeguarding children and young people, which would always be a concern and more ‘time limited’ risks.  He was of the view that where appropriate, risks should be allocated to overview and scrutiny committees or the Audit Committee, for oversight.

·         Councillor Smith also proposed that a risk regarding general infrastructure and meeting demand for housing in the Borough, be developed.

·         Manjeet Gill commented that budget, corporate governance and workforce and capacity were common pressure points.

·         Councillor Shepherd-DuBey suggested that the risk around Corporate Governance should be scored higher.  Councillor Smith questioned whether a specific risk regarding senior management and managing if there were vacancies at this level, should be developed.  Councillor Sargeant commented that this was covered by Risk 28 ‘Political and Organisational Leadership’, but that the wording of this risk could be further clarified.  Councillor Haitham Taylor stated that she felt that the existing controls for the corporate governance risk could be expanded to reference decision making and business cases, oversight by committees such as the Overview and Scrutiny Committees and the Health and Wellbeing Board and the Local Safeguarding Children’s Board and Peer Reviews.

·         Councillor Smith felt that a number of matters listed as controls were in fact actions, and that this should be tightened up. 

·         Manjeet Gill proposed that a risk be developed regarding effective delivery through partners, which would cover matters such as how the Council worked with the local authority trading companies, shared services, working with health partners, and the highways contract.

·         The Committee considered the existing risks on the Corporate Risk Register and whether any changes should be made.

·         With regards to Risk 2 ‘School Places’, Councillor Haitham Taylor stated that the Council now had less control over the process with more schools becoming academies and developers building schools.  Councillor Smith agreed that the nature of the risk had changed and that this should be reflected.

·         With regards to Risk 7 ‘Safeguarding children and young people’, it was agreed that there needed to be grater reference to oversight mechanisms.

·         Councillor Shepherd-DuBey stated that she felt that reference should be made to the monitoring of home schooling. 

·         With regards to Risk 18 ‘Information/Data Management’, the Committee agreed that this should be updated following the introduction of the General Data Protection Regulations (GDPR).  In response to a Member question, Andrew Moulton clarified that there was online training available for all staff on GDPR.

·         Members felt that Risk 20 ‘21CC Programme’ should be updated to reflect progress made in the programme.

·         With regards to Risk 27 ‘Sustainable Transformation Partnerships (STPs) align effectively with Borough governance’ it was suggested that greater mention be made of the Council working with and through others.

·         Councillor Shepherd-DuBey was of the view that Risk 28 ‘Political and organisational leadership’ were in fact two distinct risks.  Other Members felt that the risk should be expanded.  Councillor Haitham Taylor commented the review of the appointment of the shared Director of Adult Services should be included as an action to mitigate the risk.  It was also suggested that reference should be made to the learning culture within the Council and the taking up of opportunities.

·         Councillor Smith put forward that Risk 29 ‘Budgeting, business forecasting and managing demand’ be retitled ‘Budgeting, managing and forecasting business demand.’  Manjeet Gill questioned whether managing expectations should also be included.  In response to a comment from Councillor Haitham Taylor regarding value for money and how this could be tested, Councillor Smith stated this was a broad risk which may need to be further split out.

·         Members agreed that reference should be made to timings and the Five Year Land Supply for Risk 30 ‘Local Plan.’

·         The Committee discussed whether the impact of Brexit was a risk which should be included.  Manjeet Gill commented that the Council was working with the Local Enterprise Partnership to monitor the impact on business and the Local Government Association with regards to the impact on workforce and retention, in particular.  She went on to suggest that it would be helpful for Members to receive a briefing from the Local Government Association on the possible impact of Brexit locally.  Councillor Sargeant suggested that Brexit was an environmental factor which played into a number of risks as opposed to a distinct risk. 

·         Councillor Smith asked whether there were any additional risks which should be added to the Corporate Risk Register.

·         Manjeet Gill suggested that a risk around the Council’s future education role be added as more schools became academies and the funding formula changed.  It was important that the Council understood and adapted to the changing national schools agenda.

·         Members agreed that it would be helpful to receive the Directorate Risk Registers to provide greater context to the Corporate Risk Register.

·         Councillor Smith indicated that the updated Corporate Risk Register would be circulated to all Members for comment before being considered by the Executive.  The Audit Committee would receive it at its November meeting and discuss how the Corporate Risk Register could be used going forwards.  Manjeet Gill suggested that the Corporate Risk Register be baselined annually.

·         The Committee also considered the Risk Management Policy and Guidance, to which minor amendments had been made.  Andrew Moulton commented that the framework was sound.

·         Councillor Shepherd-DuBey asked how a member of staff could highlight a risk that they had identified.  Andrew Moulton indicated that there were a variety of ways such as raising the matter with their line manager.  It was suggested that the risk management guidance and policy be advertised to staff.

RESOLVED:  That

1)         the updated Enterprise Risk Management policy and guidance be    approved;

2)         the risks and mitigating actions of the Council’s Corporate Risks as detailed in the Corporate Risk Register be considered and noted.

3)         the promotion and advertisement of the refreshed risk management            policy and guidance to staff, be encouraged.