Agenda item

The new risk management system was being rolled out across the different directorates. Positive feedback had been received and the system had been described as easy to use. As at the end of June there were 221 risks on the system. The current total was 230. Of these, 16 were red-rated risks, and these formed the Corporate Risk Register.

New Key Performance Indicators (KPIs) had been presented to the Corporate Risk Management Group on 24 June. They were responsible for implementing and managing the risk register.

The Counter Fraud team had moved their risks onto the new system at the end of the quarter, which had led to an increase in the number of fraud risks. These were not new risks, just newly on the system. Risks had been added without a risk score to encourage active management and mitigation.

Officers asked for feedback on things that could be added to aid Members’ understanding.

Members asked about the 12 risks overdue for review. The Corporate Risk Management Group and CMT were responsible for managing these risks. Red-rated risks should be reviewed monthly, if not, weekly. If any were out of date and not recently reviewed, officers from those areas could be invited to the Audit Committee to discuss.

Members asked about actions being taken for high-risk items. Officers noted that items that were red on the Corporate Risk Register should align with the strategic risks. Detailed actions were included in the Strategic Risk Report. The Strategic Risk Register was still in its infancy and had been aligned with the new CMT dashboard. Members noted that it would be useful, for the bigger risks, to know what actions were being taken and if items were remaining on the register, why this was the case. This was noted as an action to be discussed outside of the meeting.

On changing risk status, Members asked how risks were closed or replaced, and about accountability for this. Risks had been reviewed and split into more specific categories. Explanatory notes would be added to future reports for clarity. KPIs on closed risks were monitored through the Corporate Risk Management Group, and red-rated risks required justification for closure.

Members asked how actions were being recorded and followed-up. Actions were expected to be recorded on the new system. The Corporate Risk Management Group would challenge any lack of action.

Members noted it may be useful to include how risk ratings had changed from the previous meeting to the current meeting. It was noted that this was done for corporate risks, it listed Quarter 4 and Quarter 1. It was proposed to use colour coding to show changes.

Members asked about the table of review date and rating. It was noted that the ‘Meeting Housing Need’, ‘Workforce Sufficiency’ and ‘Children’s Care Placements’ risks has been closed/ replaced. Officers noted that when items were added to the new risk management system, previous risks were reviewed. ‘Meeting Housing Need’ was a catch-all risk and so had been split into smaller risks such as decent homes, high levels of homelessness demand, and housing landlord service. Children's Care Placements was replaced with increasing costs of external residential provision and the high need SEN placements were replaced with uncertainty of safety valve agreement. Members suggested that an explanatory note could be added to the report to explain this.

Members noted that the report read “It is expected officers are taking actions to reduce the risks in practice” and asked for some clarification on this. Officers noted that every new risk put on the new risk management system were proactively being managed. Actions were not recorded on the system. As this was a new system, the focus was on putting the risks on it. If risks were added and actions not taken, this would be challenged through the Corporate Risk Management Group.

RESOLVED: That the Audit Committee noted the report and provided feedback on the content and level of assurance received