Agenda item

To present to the Audit Committee the updated Corporate Risk Register.


The Committee had before it a report submitted by the Assistant Director (Finance & IT) (report A.2) which presented it with the updated Corporate Risk Register.


It was reported that, although no changes had been identified as being required at this time, the corporate risk framework had been included at Appendix A to the report for Members’ reference. A review of the framework was due to take place later in 2021/22.


The Committee was advised that, although COVID related matters continued to affect the whole organisation, they were not reflected in the risk register itself, in order that sight was not lost of the risk register’s purpose. 


Members were made aware that a review of lessons learnt relating to COVID 19 had now been included in the Internal Audit Plan for 2021/22 and would be brought before the Audit Committee at a later meeting.


The Committee was reminded that Council services had now reopened and that the Council continued to ensure staff remained safe whilst carrying out their day-to-day duties. 


The below table set out all amendments to the Risk Register since it had been last considered by the Committee in May 2021:-


Risk Register Item

Amendments / Comments


New Risks Identified




Risks Removed




Risk Scores Amended




Risk under review





Risks Amended

Item 1b - Catastrophic IT network failure – change to main text relating to remote working.


Item 1d -  Ineffective Cyber Security Physical and Application (software) Based Protection Management - update on main text relating to current status of cyber security


Item 2d - Ineffective delivery of Transforming Tendring project – update on the completion of works.



Although not currently included within the risk register, Officers had highlighted the following two potential emerging issues:-


·                Shortage of Global Supplies – due to various reasons (including the on-going impact of COVID 19) the risk of key supplies not being available when required had increased - one example being the shortage of computer processing chips. This was currently being managed via earlier procurement planning and remaining alert to market conditions.  (Links to existing Corporate Risk associated with Failure to Delivier Key Services and Ineffective Business Continuity Planning)


·                Failure to Deliver Key Contracts – as part of delivering key services to residents, where appropriate, the Council would engage with external providers on a commercial basis e.g. Essex County Council’s Careline Contract. As recognised during the associated decision making processes, there were significant financial and reputational risks associated with this approach. (Links to existing Corporate Risk associated with Ineffective Workforce Management and Planning)


The Committee was informed that the above two items would be kept under review and would be revisited / reported back to Members as part of the next corporate risk register update that was scheduled to be submitted to the Committee in March 2022.


Members were reminded that the Fraud and Risk Team continued to oversee the Council’s Risk Management supported by the Council’s Internal Audit Team. The table below set out the work that was currently being undertaken:-


Agreed Action


Current Position

Management Team to promote the importance of operational risk management within the organisation and ensure that Senior Managers implement a process for identifying and mitigating risks in coordination with the Corporate Fraud and Risk Manager.


The Fraud and Risk Manager continued to work with Management Team to effectively promote the importance of operational risk management within the Council, and continued to attend Management Team meetings on a quarterly basis and provided monthly updates for any urgent matters identified. 


One to one meetings will continue to take place between Senior Managers and the Corporate Fraud and Risk Manager to identify and record key operational risks within their service areas. Support to be provided by Internal Audit if required.

This had unfortunately been delayed due to the Corporate Fraud and Risk Manager being redeployed to other tasks during the past 12 months. Those one to one meetings would commence again in October 2021 and would be completed by March 2022. 



Follow up item


Arrange Risk Management training for all departments across the Council.

The Council had identified a need for managers to have some Risk Management training to ensure the Council could move forward with verifying risk register actions and review departmental risks across all departments. Training would be carried out by the Fraud and Risk Manager in October 2021, with a view to rolling this out further if the training was thought to be appropriate. 


Review carried out relating to the effectiveness of the current control measures in place to identify inherent risk.


This review was still ongoing and a report would be brought before the Audit Committee at a later meeting. 


Having considered and discussed the contents of the report and its appendices:-


RESOLVED that the updates provided to the current Corporate Risk Register be noted.

Supporting documents: