Development of the Corporate Risk Register for 2019-2020
Members were presented with the outcome of the annual risk identification and analysis exercise that was carried out to assist in the development of Gravesham Borough Council's Corporate Risk Register for 2019-2020.
The report also considered the review of the Corporate Risk Management Strategy which resulted in updates being made to the strategy that reflect recommendations made by Members and Internal Audit.
The Risk Management Strategy was reviewed and the following amendments made:
- The term ‘Marginal’ used in the Risk Matrix adopted by the council was changed to ‘Significant’ and the definition of the risk revised as a consequence to clarify terms used, as proposed by a Member of the Finance and Audit Committee in April 2018
- The role of Service Managers in risk management as set out in the table at Appendix III of the Strategy was updated to reflect that those officers will identify both corporate and operational risks. That update was in response to an Internal Audit recommendation
The Assistant Director (Corporate Services) informed the Committee that the amended Risk Management Strategy was attached at appendix 2 and would be presented to Cabinet for approval next Monday (25/02/2019).
The Assistant Director (Corporate Services) advised Members that the existing Corporate Risk Register had seven risks recorded from 2018/19; at appendix 3 an exercise was carried out that analysed these risks to the Council and identified five of the original seven which still posed a significant risk. Those five have been carried forward to the draft 2019/20 Corporate Risk Register.
The two risks that were removed were:
- Business Rates Retention Scheme – The Council considered it prudent to include the risk within Risk 1 ‘Ongoing financial viability of the Council’
- General Data Protection Regulations (GDPR) – The risk was assessed and it has been concluded that the risk is now below the council’s risk tolerance level and therefore this should be managed as a service level risk
Two additional risks that were identified by Members at the Finance & Audit Committee meeting in November 2018 for inclusion on the Corporate Risk Register 2019/20 were:
- Withdrawal of the United Kingdom from the European Union
- Cyberattack resulting in data breach or corruption of data
These risks had also been assessed and were considered to be above the council’s risk tolerance threshold, and consequently have been included in the draft 2019/20 Corporate Risk Register.
The Assistant Director (Corporate Services) explained that the Risk Management Strategy and Draft Corporate Risk Register would be considered by Cabinet next Monday and the Minute regarding this item from Finance & Audit Committee on Monday, 18 February 2019 would be presented to Members of Cabinet for consideration in their item.
Members voiced their concern over the managed risks within Risk 7 ‘Withdrawal of the United Kingdom from the European Union’; it was felt that the wrong risks were being managed such as inability to get into the office as the vast majority of staff could walk to work. There were a number of much deeper concerns that Brexit could make than working from home such as managing waste disposal in the Borough if the infrastructure breaks down.
The Chair pointed out that page 185 of the report showcased a table that gave a breakdown of the potential consequences to the road network and waste.
One Member felt that the consequences listed under the risks at appendix 4 should have been included on appendix 3 under ‘Analysis of Risks’ to make it clearer. The Assistant Director (Corporate Services) advised that the ‘Analysis of Risks’ was used to create the Corporate Risk Register and the consequences recorded at appendix 4 were required to show what management action was needed to mitigate each risk. It was stated that each department within the Council had renewed their business continuity plans and created an individual Brexit service risk register that they could reference should the necessity arise. The plans identified the service delivery risks to each department as well as setting out arrangements to manage issues around service delivery should they arise.
After a brief discussion on Brexit, the Assistant Director (Corporate Services) explained to Members that the Committee’s purpose was to review and shape the entries in the draft Corporate Risk Register prior to this being presented to Cabinet; anything additional that needed to be added or reflected in the Risk Register could therefore be actioned prior to it being presented to Cabinet approval.
The Chair thanked the officers for including Universal Credit in the Corporate Risk Register 2019/20 as many residents in Gravesham were having issues with the new system.
No changes to the 2019/20 draft Corporate Risk Register were proposed.
Resolved that Members:
- Endorsed the changes/updates made to the Corporate Risk Management Strategy, prior to it being presented to Cabinet for approval
- Reviewed the draft version of the Corporate Risk Register that has been developed for 2019-20, prior to it being presented to Cabinet for approval
- 1. Report (F&A), item 96. PDF 115 KB
- 2. Risk Management Strategy 2019-20 updated as per audit findings and Councillor Suggestions, item 96. PDF 220 KB
- 3. Appendix III Risk Analysis Document, item 96. PDF 319 KB
- 4. Appendix IV Draft Corporate Risk Register 2019-20 (updated structure), item 96. PDF 301 KB