Agenda item

To receive a presentation from Roger Sanders, Risk, Performance and Procurement Service Manager and Rachel Barker, Assistant Chief Executive on the Risk Management Policy (copy attached) and Risk Register (copy attached).

The Leader of the Council will be in attendance for this item.

The Committee welcomed Roger Sanders, Risk, Performance and Procurement Service Manager and Rachel Barker, Assistant Chief Executive who were in attendance, with the Leader of the Council, to provide a presentation on the Risk Management Policy and Risk Register.

The Committee noted a summary timeline, since 2018/19, on how the management of risk had developed. In 2024 the Council underwent a Corporate Peer Challenge, the outcomes of which included recommendations relating to governance and clarity of Members’ roles and responsibilities. In the Autumn of 2024, officers undertook a review and update of the risk management policy, which took account of emerging Delivery Plan priorities, feedback from the Corporate Peer Challenge and recommendations from an internal audit. Following engagement on the revised policy with the Committee and other Members, it was proposed that the Cabinet would consider it at its meeting in January 2025.

The two levels of risk registered were noted, these include a Corporate Risk Register and individual Service Risk Registers. Within the Corporate Risk Register sat the Strategic Risks, Standing Corporate Risks and escalated Service Risks. The Committee were apprised of the key risks, these included:

·         Strategic Risks  - including economic conditions, poor health outcomes and the financial sustainability of public sector bodies

·         Standing Corporate Risks – including data breaches, insufficient funding to proceed with projects and financial sustainability

·         Escalated Service Risks – including failure to provide temporary accommodation and the Local Enterprise Partnership (LEP absorption into Hampshire County Council (HCC)

The upcoming changes to the reviewed Policy were set out, these included, processes to map opportunities and threats, formalisation of the process for quarterly reporting, development of trend monitoring, development arrangements to identify risks that were an issue and development of a strategic level risk appetite in line with the Council Plan.

During discussions the Committee queried who was responsible for risk in the organisation, it was noted that the revised Policy would make this clearer. However, the Cabinet played a central role in the monitoring of risk and Portfolio Holders were tasked with discussing risk and mitigation regularly within their areas of responsibility.

In response to a query relating to identifying gaps in the Council’s Risk Registers, it was noted that services had a responsibility to incorporate any new legislation within their Service Risk Registers as appropriate. More generally cross references were carried out against global reporting and horizon scanning.

With regard to the level of risk that was considered acceptable, it was advised that currently risk appetite was determined line by line within each service area, these are then considered by the Executive Leadership Team (ELT) and reported to Cabinet to agree the level of appetite. The development of a Strategic Risk Appetite would provide an overall view on risk going forward assisting the process.

A request was made for Member training on cyber security, this would be pulled together and provided on an ongoing basis. It was also noted that the Cabinet Office provide some useful information to elected Members.

In response to a query on how often risk was looked at by senior officers and Portfolio Holders, it was reported that the full Corporate Risk Register was reviewed by the ELT once a quarter and Portfolio Holders would meet with Executive Heads of Service and Service Managers to discuss risk on a monthly basis. Officers considered risk routinely as part of business as usual. Any emerging risks would be identified and brought to the attention of the ELT as appropriate.

In the case of a risk presenting that could have a larger impact than would be considered possible, the Council would ensure that a reasonable worse case scenario was applied. In the case of the Coronavirus pandemic, the Council had flu pandemic plans in place that were adapted to meet the needs of the local authority.

The Committee ENDORSED the approach to the Risk Management Policy and the Risk Register.

The Chairman thanked Ms Barker and Mr Sanders for the presentation.