Agenda item

The Director of Finance submits a report presenting an update on the Strategic and Operational Risk Registers, risk training schedule and claims data.

The Committee will be asked to note the contents of the report and make any comments to the Executive or Director of Finance.

The Director of Delivery, Communications and Political Governance submitted a report providing an update on the work of the Council’s Risk Management Services team’s activities.

The Manager, Risk Management presented the report and gave details of both the strategic and operational risk registers to 30th April 2018 and explained changes to the reporting arrangements in the appendices to enable comparison of changes.

Members noted that:

·       There had been 16 updates to the strategic risk register and that the risk scoring remained quite constant.

·       The operational risk register indicating risk affecting day to day running of the council had 57 risks updated since the last report, with two risks deleted and one new risk added.

Members asked about the key risks facing the authority and were advised that cyber security, data protection (GDPR), the outcomes of the Grenfell Tower incident and uncertainty of funding beyond 2020 were currently the key risks facing authorities nationally.

In terms of cyber security, members were assured that robust mechanisms were in place and that risk was being managed well by the authority with no major incidents occurring. With regards to how many times the authority was being “attacked” it was noted that it was likely that organisations like local authorities would probably be attacked up to 100 times a day and the key challenge was to have steps in place to mitigate that risk and address the issues if it happened.

The Chair commented on the importance of not becoming complacent and ensuring there was a multi layered approach to keep on top of that risk.

The Chair queried whether risks were being fully communicated to executive level and officers confirmed there was work in progress to achieve that. It was suggested that if the executive were not currently being fully engaged on risks that should be considered a strategic risk because of the authority’s governance model. Officers agreed to explore that suggestion further with the Director and to provide an update in the next Risk Management report to the committee.

It was noted that the risk registers were published on the internal interface network quarterly and that the outcomes from the Grenfell Tower incident were included on the strategic risk register with ongoing risk in that regard being monitored.

The Chair thanked the officer for the report.

RESOLVED:

1.     That the contents of the report be noted,

2.     That consideration be given to the suggestion that if the executive are not currently being fully engaged with risks to add that as a strategic risk and to include an update on that point in the next Risk Management report to the committee.