To consider the attached report.
Contact Officer: Kate Mulhearn (01296) 585724
The Audit Committee had a role to monitor the effectiveness of risk management and internal control across the Council. As part of discharging this role the committee was asked to review the Corporate Risk Register (CRR). The CRR provided evidence of a risk aware and risk managed organisation and reflected the risks that were on the current radar for Commercial Board. Some of the risks were not dissimilar to those faced across other local authorities.
The risk register had been reviewed by Commercial Board on 15 March 2017 and subsequently updated for changes in May. Since the previous Audit Committee meeting in March 2017 no changes had been made to residual risk ratings and one new risk had been added which had a High residual risk rating:
‘Failure to deliver the Connected Knowledge Strategy and achieve the Council's Digital objectives. Speed of implementation does not allow for adequate due diligence e.g. supplier/contract procedures, information risk assessments.’
As previously reported, the risks arising from the Brexit decision had been considered but at this stage there was still too much uncertainty about the specific implications on the strategic objectives and day to day operations of the Council to put anything meaningful on the CRR.
Management would review the situation as information became available and update the CRR accordingly.
The covering report and the CRR Update (Appendix 1) were in the open part of the agenda. However, the CRR (Appendix 2) contains information on some risks relating to commercially sensitive decisions and, as such, was in Part 2 section of the agenda. Overall, there were 21 risks on the CRR (3 low risk, 4 moderate risk, 12 high risk and 2 extreme risks) and these were considered by Members. Information on the risk matrix and risk ratings (impact and likelihood) was explained further in the Committee report.
To facilitate discussion about the detail of the CRR, the Committee resolved to exclude the public from the meeting under Section 100 (A) (4) of the Local Government Act, 1972, on the grounds that the item involved the likely disclosure of commercially sensitive information as defined in Paragraph 3 of Schedule 12A of the Act. The disclosure of such information might prejudice negotiations for contracts and land disposals or transactions.
Members challenged robustly some of the assumptions made in the CRR, both in specific and general terms. In particular, Members challenged the risk regarding the loss of key staff and were informed that now that Assistant Directors were in place they would be putting together Service Sector Risk Registers.
Members requested further information and were informed:-
(i) Risk 4 (Commercial Companies) – that future Business Plans and performance would be scrutinised by the Economy and Business Development Scrutiny Committee.
(ii) Risk 17 (Loss of Key Staff) – that Assistant Directors were developing transition plans to ensure business continuity for key services in their areas.
(iii) Risk 21 (Connected Knowledge) – that this programme had its own governance arrangements and internal Risk Register.
(iv) Risk 18 (Modernising Local Government agenda) – that the Extreme Risk of this risk would be challenged at the next review meeting before it was reported to Cabinet at the end of June 2017.
Members also commented that the CRR should include mention of major external factors/risks – e.g. HS2, East West rail, Oxford-MK-Cambridge expressway, future of RAF Halton – and consider possible future impacts on the Council.
That the current position of the Corporate Risk Register be noted.