Agenda item
To present to the Audit Committee the updated Corporate Risk Register.
Minutes:
The Committee had before it a report submitted by the Assistant Director (Finance & IT) (report A.2) which presented it with the updated Corporate Risk Register.
Members were informed that the risk register had been updated within the context of the usual and underlying risks that were included in the register. However, it was recognised that the unprecedented events experienced in the last year in respect of the COVID 19 pandemic would have a major on-going impact on the Council and would likely cut across many of the risks currently included within the register.
The Committee was advised that given the on-going and ‘live’ nature of the current COVID pandemic, it continued to be difficult to fully revise the register at this point in time to reflect what was deemed to be the ‘new normal’. However, the Council continued to review the underlying risks associated with COVID 19 across all of its services, ensuring that it could continue to effectively maintain, operate and deliver its operations and services. Timely and effective responses had been made in key risk areas, such as IT and network resilience, communication and management of information, cyber security, anti-fraud and corruption, health and safety along with business continuity / ability to effective deliver services.
It was reported that Council Services would continue to reopen in the coming months and any associated risk relating to this would be carried out in a COVID secure way in order to ensure staff and customer safety. A review of lessons learnt relating to COVID 19 was currently being undertaken and would be brought before the Audit Committee at a later meeting.
The below table set out all amendments to the Risk Register since it had been last considered by the Committee in October 2020:-
|
Risk Register Item |
Amendments / Comments |
|
New Risks Identified |
None
|
|
Risks Removed |
None |
|
Risk Scores Amended |
None |
|
Risk under review |
None |
|
Risks Amended |
The following items had subject to minor amendments within the ‘current action status / control strategy’ sections to reflect the most up-to-date position.
Item 1b - Catastrophic IT network failure
Item 1c - Ineffective communication / management of information
Item 1d - Ineffective Cyber Security Physical and Application (software) Based Protection Management
Item 2a - Coastal Defence
Item 2c - Building Council Homes
Item 2d - Ineffective delivery of Transforming Tendring project
Item 2f - Garden Communities
Item 3d - Fraud and Corruption.
Item 4a - Loss of Key Staff
Item 6a – Loss of sensitive and/or personal data through malicious actions loss theft and/or hacking
Item 7a - Local Plan
Item 8a – Failure to collect levels of income required from Council Tax
Item 8b - Failure to collect levels of income required from Non Domestic Rates
Item 9a - Ineffective Emergency Planning
Item 9b – Ineffective Business Continuity Planning |
The Committee was informed that the Fraud and Risk Team continued to oversee the Council’s Risk Management arrangements supported by the Council’s Internal Audit Team. The table below set out the work that was currently being undertaken:-
|
Agreed Action
|
Current Position |
|
Management Team to promote the importance of operational risk management within the organisation and ensure that Senior Managers implement a process for identifying and mitigating risks in coordination with the corporate Fraud and Risk Manager.
|
The corporate Fraud and Risk Manager continued to attend Management Team meetings on a quarterly basis and provided monthly updates for any urgent matters identified. The Fraud and Risk Manager continued to work with Management Team to effectively promote the importance of operational risk management within the Council. |
|
One to one meetings will continue to take place between Senior Managers and the Corporate Fraud and Risk Manager to identify and record key operational risks within their service areas. Support to be provided by Internal Audit if required. |
This unfortunately had been delayed due to the corporate Fraud and Risk Manager being redeployed to other tasks during the past 12 months. This review would continue into 2021. |
|
Follow Up Action
|
Current Position
|
|
Arrange Risk Management training for all departments across the Council |
The Council had identified a need for Managers to have some Risk Management training to ensure the Council could move forward with verifying risk register actions and review departmental risks across all departments. This would also allow the Fraud and Risk Manager to review the Council’s Risk Management Framework. |
|
Review carried out relating to the effectiveness of the current control measures in place to identify inherent risk.
|
Details of this review would be brought before the Audit Committee in due course. |
Having considered and discussed the contents of the report and its appendices:-
It was moved by Councillor Fairley, seconded by Councillor Alexander and:-
RESOLVED that the updates provided to the current Corporate Risk Register be noted.
Supporting documents:
-
A2 Report Corporate Risk Register - May 2021, item 6.
PDF 158 KB -
A2 Appendix A Risk Management Framework, item 6.
PDF 511 KB
-
A2 Appendix B New Corporate Risk Register - May 2021, item 6.
PDF 532 KB