Agenda item

A report of the Director of Legal and Governance Services (Monitoring Officer) was presented which outlined the Council’s approach to risk management, and summarised activity in the past year and planned activity for 2024 to provide the Committee with assurance that the Council had robust risk management arrangements in place.

Risk management was a critical element of corporate governance and was a statutory requirement for public sector organisations.  Risks were to be reduced to an acceptable level, or if possible, eliminated.  Robust risk management enabled the Council to effectively discharge its responsibilities and deliver its various functions. 

Risk management was the collective responsibility of all Elected Members and officers of the Council.  The Council’s approach to risk management was articulated by the Risk Management Framework, which was reviewed by Executive in July 2023. 

The Council used risk registers to manage the various risks it identified.  The overarching risk register was called the Strategic Risk Register, which captured the most significant risks the organisation was exposed to that could impact on its ability to deliver its strategic priorities, which were outlined in the Council Plan.  A summary of the current Strategic Risk Register was shown at Appendix 1.

In addition to annually reporting the Council’s overall approach on risk management to Audit Committee, a summary of the Strategic Risk Register was monitored monthly in performance deck and reviewed every three months by LMT.

Details regarding the Risk Management Framework were provided to the Committee.  It was explained that the Council’s Risk and Opportunity Management Policy set out how risks were captured, scored and managed using a likelihood and impact scale.

A Risk Improvement Plan was developed in March 2023 for the Council to ensure that it was committed to ensuring its risk management practice continued to be effective.  Actions were split into the following areas:

• Risk communication and training - Intranet updates - shared information.

§  Strategic risk identification and monitoring - LMT three-monthly reviews.

§  Risk management processes - DMT monthly reviews.

An internal audit of the Council’s risk management arrangements was programmed to be completed in 2024; resulting recommendations would be highlighted to relevant Members and officers when completed.

In terms of risk management activities for 2024/2025, further work would be undertaken to build on progress made in 2023/2024 as part of the Council’s commitment to continually improve risk management planning.  Planned activity included:

• Review of the Communication and Engagement Plan.
• Review of the Strategic Risk Register.
• Improvements in the build in Ideagen for Directorates.
• Review of Risk Management Group membership.
• Increased risk reporting frequency to Audit Committee on risk governance and the content of the Strategic Risk Register.
• Review of the current risk management software.

A Member commented on the unexpected nature of risk and queried the procedures in place for preparing for all eventualities. In response, the Committee heard that an array of work was being undertaken to assist with this, which included: discussion at LMT and Departmental Management Team (DMT) meetings; identification of formal review points; and discussion with service areas about new and emerging risks.

In response to a query regarding risk reporting processes to Members, it was explained that a report was presented to Executive and an outturn report to the Overview and Scrutiny Board.

A Member queried ownership of risk identification and completion of the scoring matrix.  In response, it was indicated that various officers contributed to this process as the Strategic Risk Register came under collective ownership.  In terms of the table contained in the submitted report, this had been completed by the S151 officer.

Referring to adults and children entering the social care system, a Member queried whether individual risk assessments were carried out.  In response, reference was made to impact assessments and, although not relevant to these groups, reports on other groups were carried out.  In terms of Adult Social Care and Children’s Services, it was noted that there was good risk management in place within the services, which was reported on accordingly.

A Member referred to incidents of serious accident and death and queried whether civil liability could be insured against.  In response, the Committee was advised that insurance was based on the volume of claims: there had been no claims made in at least the last 10-15 years.  In the event of a claim, if the Council was liable and at fault, the Council would be responsible for the first £250,000 of any payment.  It was explained that insurance premiums had increased significantly over recent years and, as such, the Council had taken the approach to conduct risk assessments of insurable versus non insurable events.  The Council had set a reserve to cover small incidents and utilise external insurance protection for more catastrophic events.  All Local Authorities had, more-or-less, moved to this model.

The Mayor referred to Member engagement in respect of the Strategic Risk Register and commented that, when it was last presented, concerns were raised around the level of risk being higher in some service areas, such as Regeneration, than in others.  Adult Social Care, for example, was the lowest.  The Mayor had requested that a review be undertaken in respect of Adult Social Care and Children’s Services to achieve a greater representation of the risks in those areas.

NOTED