Agenda item

Officers introduced the 2023-24 Q1 Corporate Risk Register.

Officers noted that the report included quarter 4 of the previous financial year and quarter one of 2023/24 as there was no Corporate Risk Register item in the previous meeting’s agenda.

The report provided evidence of how risks had been identified and managed, and what mitigating actions were in place. 

Since the previous update, which related to quarter 3, there had been only one change on the register, and lots of subsequent updates in terms of mitigating actions. This related to the coronavirus risk which had been retired at the end of quarter 4. It was acknowledged that pandemics can happen in the future and so in terms of risks, was about learning from the coping period. It was noted that while this risk item had been retired from the register, it could be re-introduced if necessary. During this time there were no new corporate risks on the register.

It was noted that the Corporate Risk Register was now hosted on a Microsoft Excel document rather than the previous Microsoft Word version. It was now easier to filter and sort and had been replaced following consultation with the Corporate Management Team and Senior Management.

Members asked about risk reference CRR8 – The General Data Protection Regulations, which was noted to arise from a minority of Council staff not complying with the Council’s Data Protection policy due to a lack of awareness of lack of due consideration, and asked if this was due to repeat offenders or if it was a regular occurrence. Officers noted that the risk framed here was not necessarily residual risk. Senior Management scored risks based on financial impact and various other impacts such as the potential fine that the Local Authority could be given if it were not compliant. There were mitigating actions such as mandatory training and follow-up training built into inductions. There was monitoring from Learning and Development, and Legal Services had controls in place to monitor breaches that would be reported to the Information Commissioner’s Office (ICO) where required. Wherever this had occurred, there had been positive feedback on the actions taken by the Council.

The Chairman asked about the relationship between risks of inflation and balancing of the budget, which were closely linked. Inflation was marked as a static direction of travel, and the Chairman asked if this was changing now. Officers noted that they were currently identified separately because the current inflationary pressures were exceptional. There was a degree of overlap between the two. Inflationary pressures would feed into some of the challenges in balancing the budget but this was not the exclusive factor which was why inflation was currently on the corporate risk register but at other times it may not be. Given the volatility and the extent and variation in the forecast, inflation had remained a separate corporate risk at this this point.

RESOLVED: That the Audit Committee reviewed the CRR for Quarter 1 and suggest any comments/ amendments which will be shared with the relevant responsible officers.