Agenda item

Report of the Deputy Chief Executive (Corporate Services) - A.2 - Corporate Risk Update

To present to the Audit Committee the updated Corporate Risk Register.

Minutes:

There was submitted a report by the Council’s Deputy Chief Executive (report A.2) which presented for the Committee’s consideration the updated Corporate Risk Register.

 

Members were reminded that the Corporate Risk Register was regularly updated and presented to the Committee every six months with the last such occasion being in January 2019. The following table summarised the position at the end of the latest review period with updated information provided within the Register (Appendix B to the report) where necessary:-

 

Item

Number

New Risks Identified

0

Risks Removed

0

Risk Score Amended

0

Risks Under Review

0

Risks Amended

3

 

The Risks amended were:-

 

(1)   Risk 2c – Community Leadership Projects = Action owner amended due to an Officer leaving the Council.

 

(2)   Risk 1c – Ineffective communication/management of information = Update on the current situation provided.

 

(3)   Risk 6a – Loss of sensitive and/or personal data through malicious actions/loss due to theft and/or hacking = Update on the current situation provided.

 

It was reported that during 2017/18 a review had been carried out by the Council’s internal audit team relating to risk management. The following table set out the recommendations identified and the current position against each action:

 

Agreed Action

 

Current Position

Management Team to promote the importance of operational risk management within the organisation and ensure that Senior Managers implement a process for identifying and mitigating risks in coordination with the Corporate Fraud and Risk Manager.

 

  

COMPLETED - As agreed by Management Team, the Fraud and Risk Manager continues to effectively promote the importance of operational risk management within the Council and attends Management Team meetings on a quarterly basis to provide timely updates.

One to one meetings will continue to take place between Senior Managers and the Corporate Fraud and Risk Manager to identify and record key operational risks within their service areas. Support to be provided by Internal Audit if required

COMPLETED - Reviews of the services departmental risk assessments have now been carried out by the Council’s corporate Fraud and Risk Manager.

 

The Corporate Fraud and Risk Team will continue to review these documents and ensure they are updated at regular intervals by Senior Managers and provide  any feedback to internal audit should it be deemed necessary.

 

Once all departmental risk registers are implemented, the Corporate Fraud and Risk Manager is to embed a quality control process for monitoring business risks and verifying the recorded mitigating controls. This should involve process walkthrough's, reviews of supporting documentation and assessments of target dates / resources required to implement controls

Reviews of the departmental risk assessments during this process were carried out to consider if the councils business risks were being addressed and to provide help and support where necessary and assist in implementing control measures if a need was identified.

 

This action has now taken place and feedback has been given to internal audit in relation to this outstanding matter.

 

Consideration is being given to the format of the current Corporate Risk Register to better reflect the actions of officers and TDC over the financial year, including review dates.

 

The proposed alternative format is provided as Appendix C, using three existing risks as examples and reflecting on discussions with the Council’s insurer / risk advisor.

 

 

Having considered the information provided, including the proposed alternative Risk Register format (as set out in Appendix C to the report) it was:-

 

RESOLVED that –

 

(a)    the updates provided to the current Corporate Risk Register be noted; and

 

(b)    the alternative Risk Register format, as set out as Appendix C to item A.2 of the Report of the Deputy Chief Executive, be approved.

 

Supporting documents: