Agenda item

(Director of Finance & ICT) To consider the attached report (FPM-020-2012/13).

The Senior Finance Officer (Risk Management and Insurance) presented a report regarding the Council’s Corporate Risk Register.

The Corporate Risk Register and Risk Management document had been considered by the Risk Management Group on 26 November and the Corporate Governance Group on 5 December. These reviews had identified some amendments to the Corporate Risk Register, however, no new risks had been identified. The amendments, which had been identified and incorporated into the register, were as follows:

(a)        Risk 30 – Reduction in Government Funding

The wording of both the risk Vulnerability and Trigger had been amended to reflect the updated position.

(b)        Risk 18 – Loss or theft of data

Both groups decided the likelihood had moved from significant to low and this change had been added to the Corporate Risk Register and the action plan had been amended to reflect this decision.

(c)        Risk 8 – Business Continuity Planning

At the Finance and Performance Management Cabinet Committee on 22 November 2012, Councillor Waller requested a review of the Business Continuity Planning Risk. The Council was carrying out a review of the Corporate Business Continuity and the Risk Management and Corporate Governance Group would consider this Risk further when the review was completed. This was due in the second quarter of 2013.

It was reported that the Council was under a legal obligation to bring the Gazetteer up to the required standard and it had been agreed to fund this update at the Cabinet meeting held on 10 January 2013. It was noted that the Gazetteer had a significant impact on the Council. Although, this would be a temporary measure whilst the works were being completed, it should still be added to the risk register to ensure the Council had the correct focus on it.

Councillor Waller also queried the current matrix used by the Council to represent the Corporate Risk Register. The majority of the boxes were empty and there were no risks listed as either Negligible or Catastrophic. It was felt that a more suitable matrix should be used. The Senior Finance Officer commented that this could indicate the Council was managing its risks well if there were none listed as Catastrophic, however other suitable matrices would be examined for possible use.

Members queried why Risk 1, Recruitment Restrictions, was still on the risk register, as the restrictions had been removed at the same meeting of the Cabinet on 10 January. The Senior Finance Officer reported that the meetings of the Risk Management Group and Corporate Governance Group which had reviewed the Corporate Risk Register had been held before the decision by the Cabinet. This risk would be reviewed and deleted as part of the next scheduled update.

Members were asked to consider the updated Corporate Risk Register, that the risks listed were scored appropriately, whether there were any additional risks that should be included and whether the tolerance line should be amended.

Recommended:

(1)        That Risk 8, Business Continuity Planning, be reviewed following the completion of the Council’s Corporate business continuity Review;

(2)        That the rating for Risk 18, Loss or Theft of Data, be reduced to a score of D2 (Low Likelihood, Critical Impact);

(3)        That the Vulnerability and Trigger for Risk 30, Reduction in Government Funding , be amended to reflect the results of the Comprehensive Spending Review;

(4)        That the current tolerance line on the risk matrix be considered satisfactory and not be amended; and

(5)        That, incorporating the above agreed changes, the amended Corporate Risk Register be approved.

Reasons for Proposed Decision:

It was essential that the Corporate Risk Register was regularly reviewed and kept up to date.

Other Options Considered and Rejected:

To suggest new risks for inclusion or amendments to the scoring of existing risks.