Agenda item

Report of Corporate Director (Corporate Services) - A.2 - Corporate Risk Update

To present to the Audit Committee the Risk Management Framework and updated Corporate Risk Register.

Minutes:

The Head of Finance, Revenues & Benefits Services & Section 151 Officer (Richard Barrett) presented to the Committee a report on the Risk Management Framework and the updated Corporate Risk Register.

 

It was reported that, within the period under review, no new risks had been added to the register, no risks had been removed, one risk score had been amended and there were no items that were currently under review. Risks had been amended in respect of –

 

(1)       1b Catastrophic IT Network Failure;

(2)       1c Ineffective Communication / Management of Information;

(3)       2c Community Leadership Projects;

(4)       5a Financial Strtaegy

(5)       6c Disconnection from PCN Network; and

(6)       7a Local Plan.

 

The Risk Score in respect of item 7a Local Plan had been reduced from 16 to 12 to reflect the latest position.

 

It was reported that during the year a review had been carried out by the Council’s Internal Audit Team relating to Risk Management. The following table set out the recommendations identified and the current position against each of those actions:

 

 

Agreed Action

 

Current Position

Management Team to promote the importance of operational risk management within the organisation and ensure that Senior Managers implement a process for identifying and mitigating risks in coordination with the Corporate Fraud and Risk Manager.

 

One to one meetings are to take place between Senior Managers and the Corporate Fraud and Risk Manager to identify and record key operational risks within their service areas. Support to be provided by Internal Audit if required.

  

Management Team are currently working with the Fraud and Risk Manager to effectively promote the importance of operational risk management within the Council.  The Corporate Fraud and Risk Manager will be attending Management Team meetings on a quarterly basis and provide monthly updates. 

 

One to one meetings have been booked with senior managers and reviews of the Council’s departmental risk registers are being undertaken.   

 

Any gaps identified will be included in the next corporate risk register update. 

 

Update to be provided at the next Audit Committee in June 2018.

 

 

Once all departmental risk registers are implemented, the Corporate Fraud and Risk Manager is to embed a quality control process for monitoring business risks and verifying the recorded mitigating controls. This should involve process walkthrough's, reviews of supporting documentation and assessments of target dates / resources required to implement controls

 

The Corporate Fraud and Risk Manager has arranged one to one meetings with senior managers to discuss business risks, once identified the findings will be reviewed on a more regular basis. 

 

Update to be provided at the next Audit Committee in June 2018.

 

 

The Committee was informed that although no changes had been identified as being required at this time, the Risk Management Framework was included at Appendix A to the report for information purposes only.

 

After consideration of this item it was RESOLVED that -

 

(a)       the contents of the updates provided to the current Risk Register be noted; and

 

(b)          the Head of Finance, Revenues & Benefits Services requests the Head of IT and Corporate Resilience to consider providing training to Members on aspects of cyber security.

Supporting documents: