Agenda item

Purpose: To provide a refresh of the Council’s Risk Management processes

The Committee considered a report (Agenda Item 6) which provided commentary on the process for the management of risk.

Ian Priestley provided a refresh of the Council’s Risk Management processes with the aim of:

·         Ensuring risks associated with the delivery of the Council Strategy were identified and mitigated

·         Clarifying the respective roles of the Risk Management Group and Corporate Board. The RMG would oversee risk allowing CB to focus on responding to critical/key issues. The aim being to delegate the bulk of the work on Risk Management to the RMG.

·         Confirm the role of RMG in carrying out a rolling review of service and project risk registers. 

·         Review the Council’s Risk Appetite to ensure it was still appropriate.

Risk Management was a part of any activity undertaken by the Council. The process outlined in the report was not essential to the management of risk but it sought to provide a framework which:

·         Was applied consistently;

·         Provided clarity and transparency in relation to the risks the Council was managing;

·         Provided assurance to Members that risk management was effective in ensuring appropriate actions were taken to minimise risk to the delivery of the Council’s objectives.

The proposed roles for Corporate Board and the Risk Management Group, chaired by John Ashworth, had been set out in detail in the report.

The Committee was asked to discuss whether or not the measures that had been put in place were adequate and appropriate. Ian Priestley explained that the proposed approach was graphically represented in Appendix C to the report.

The process would include a number of elements:

Key Issues List - risks being triggered and action or active monitoring was required and are reported at Corporate Board on a quarterly basis’

Council Strategy Risk Register  - which was proving difficult to produce due to the wide ranging nature of the Strategy,

The Corporate Risk Register  - had replaced the Strategic Risk Register, identified issues that affected the Council as a whole and it was reviewed annually by the Risk Management Group,

Service Risk Registers – which were managed by Heads of Service and this was an effective process. Each Head of Service was required to sign off an Assurance Statement at the end of each year which highlighted any issues identified during the year.

Project Risk Registers – for all major projects. Corporate Board identified which projects required these registers which were then monitored by the Risk Management Group.

Chief Executive’s Key Risks – these were risks that if triggered would have a significant impact on the Council, generally they had high gross and low net score. The current list included safeguarding of children and adults which were the subject of quarterly reports to Corporate Board. 

The Council’s Risk Appetite (Appendix D)  set out the Council’s view as to what level of risk was deemed acceptable and helped to ensure consistency across the Council.

Ian Priestley explained that the new approach needed time to bed in. He also explained that the Council’s liability insurers, Zurich, had been asked to provide feed back on the approach. He also acknowledged Councillor James Cole’s expertise in risk management and stated that he would appreciate input from him in due course.

The Chairman, Councillor Webb, asked Officers to summarise the key changes that had been made. The Chief Internal Auditor stated that the most significant change was the introduction of the Council Strategy Risk Register and that the Strategic Risk Register had been replaced by the Corporate Risk Register. In addition a formal review process of Project Risk Registers by the Risk Management Group had been introduced.

Councillor Anthony Pick felt that it would be useful if from the outset risk could be defined in the document.

Councillor Jeff Beck noted that in paragraph 5.1 (on page 38 of the paperwork) Officers described the Council’s risk management process as ‘reasonably’ effective but that an assessment would only take place in 12 to 18 months time. He therefore queried the delay in undertaking the review. Ian Priestley commented that historically the process had been reasonably effective and therefore changes were being made. The changes would require some time to become embedded and then a review could be undertaken. The Chief Internal Auditor explained that it was necessary to ensure that risk management became an integral part of the way the Council worked and was not seen as a ‘tick box’ exercise.

Members queried the membership of the Risk Management Group. Officers noted that the group currently comprised: the Corporate Director (Environment), The Chief Internal Auditor, the Health and Safety Manager, the Insurance Manager, the Civil Contingencies Manager, the Information Management Manager and the Property Services Manager. The membership was currently being reviewed to ensure that there was adequate representation from the Environment and Communities Directorates.

Councillor James Cole felt that the report made for uncomfortable reading and he was concerned that this was a tick box exercise. He queried how often the Risk Management Group (RMG) met. Officers explained that the group met every six weeks or so but acknowledged that some meetings had been cancelled. Councillor Cole queried who was responsible for financial issues on the RMG. Ian Priestley confirmed that he represented finance on the group. It was also noted that the budget was monitored on a monthly basis by both Corporate Board and Operations Board and that quarterly reports were presented to the Executive. Councillor Cole was concerned that a piece meal approach was being applied in terms of risk management and that significant issues were not being picked up early enough.

Andy Walker explained that there were many layers to the risk management process. The Council was a diverse organisation and was responsible for a wide range of services and therefore had a very broad spectrum of risks. Separate processes were in place to deal with specific risks for example separate processes were in place for dealing with financial risks and safeguarding issues. He accepted that the process as set out in Appendix C was complex but Officers were seeking to refine the processes and in so doing provide reassurance to Members.

Councillor Webb queried whether or not it would be possible for Councillor Cole to attend the next RMG meeting so that he could better understand the process. Councillor Cole could then report back to the Committee. Ian Priestley agreed to check this with John Ashworth. Councillor Anthony Pick highlighted the need to ensure processes were in place to escalate any issues  identified by the risk management process.

Councillor Rick Jones stated that risk management could not stop every eventuality and that this was exacerbated in the Council by the complex nature of the services that were provided. He felt that time was needed for the new system to become embedded to ensure consistency.

RESOLVED that:

1.    A refresh of the Council’s Risk Management processes be provided with the aim of:

          i.       Ensuring risks associated with the delivery of the Council Strategy are identified and mitigated

         ii.       Clarifying the respective roles of the Risk Management Group, Corporate Board and Members. The RMG will oversee risk allowing CB and Members to focus on responding to critical / key issues. The aim being to delegate the bulk of the work on Risk Management to the RMG.

        iii.       Confirm the role of RMG in carrying out a rolling review of service and project risk registers. 

        iv.       Review the Council’s Risk Appetite to ensure it is still appropriate

2.    Risk Management be a part of any activity undertaken by the Council. The process outlined in this report is not essential to the management of risk. All that this process seeks to do is to provide a framework that:

          i.          Is applied consistently

         ii.          Provides clarity and transparency in relation to the risks the Council is managing

        iii.          Provides assurance to Members that risk management is effective in ensuring appropriate actions taken to minimise risk to the delivery of the Council’s objectives.

3.    Ian Priestley to ask the Chairman of the Risk Management Group, John Ashworth, if Councillor James Cole could attend a future RMG meeting(s) in order to improve his understanding of the process.

4.    Councillor Cole to then provide feedback to the Committee.

5.    Officers to define what risk was and that this definition should be used in documents and should be the basis that Heads of Service based their Service Risk Registers on.

(Councillor Sheail Ellison left the meeting at 6.07pm)