Agenda item

To present to the Audit Committee the updated Corporate Risk Register.

Minutes:

The Fraud and Risk Manager (Clare Lewis) presented to the Committee a report on the updated Corporate Risk Register (item A.3).

 

It was reported that, within the period under review, one new risk had been added to the register, no risks had been removed, two risk scores had been amended and there were no items that were currently under review. In addition six risks had been amended.

 

A new risk had been identified in respect of 1d Ineffective Cyber Security Physical and Application (software) based protection management.

 

Residual Risk Scores had been amended in respect of:-

 

(1)   2d Building Council Homes; and

(2)   2h Essex Family / Family Solutions.

 

Risks had been amended in respect of –

 

(1)   1a Failure to effectively manage assets;

(2)   1b Catastrophic IT Network Failure

(3)   1c Ineffective Communication / Management of Information;

(4)   2d Building Council Homes;

(5)   2h Essex Family / Family Solutions; and

(6)   5a Financial Strategy.

 

It was reported that during the year a review had been carried out by the Council’s Internal Audit Team relating to Risk Management. The following table set out the recommendations identified and the current position against each of those actions:

 

Agreed Action

 

Current Position

Management Team to promote the importance of operational risk management within the organisation and ensure that Senior Managers implement a process for identifying and mitigating risks in coordination with the Corporate Fraud and Risk Manager.

 

 

One to one meetings will continue to take place between Senior Managers and the Corporate Fraud and Risk Manager to identify and record key operational risks within their service areas. Support to be provided by Internal Audit if required.

  

Management Team are currently working with the Fraud and Risk Manager to effectively promote the importance of operational risk management within the Council.  The Corporate Fraud and Risk Manager will be attending Management Team meetings on a quarterly basis and provide monthly updates. 

 

One to one meetings have started to be carried out with senior managers and reviews of the Council’s departmental risk registers are being undertaken.   

 

Any gaps identified will be included in the next corporate risk register update. 

 

Update to be provided at the January 2019 meeting of the Committee. 

 

 

Once all departmental risk registers are implemented, the Corporate Fraud and Risk Manager is to embed a quality control process for monitoring business risks and verifying the recorded mitigating controls. This should involve process walkthrough's, reviews of supporting documentation and assessments of target dates / resources required to implement controls

 

The Corporate Fraud and Risk Manager have arranged one to one meetings with senior managers to discuss business risks, once identified the findings will be reviewed on a more regular basis. 

 

Update to be provided at the January 2019 meeting of the Committee.  

 

 

The Committee was informed that although no changes had been identified as being required at this time, the Risk Management Framework was included at Appendix A to the report for information purposes only.

 

After discussion, the Committee requested that Officers review a number of risks to explore whether the following should be treated as separate risks within the register given their potential impact on the Council:

 

·        The delivery of the Waste and Recycling Service given recent events elsewhere in the country and the failure of large contractors nationally.

·        The delivery of the Planning Service as loss of key staff could contribute towards the failure to comply with legislative requirements.

·        Emergency Planning arrangements in respect of flooding and the potential for fraud to be committed against the Council if a large scale event occurred.

 

After consideration of this item it was RESOLVED that the contents of the updates provided to the current Risk Register be noted and that Officers review the items identified above before the risk register is reported to the Committee again in January 2019.

Supporting documents: