The Committee was presented with mid-year progress information in respect of all risks recorded in the 2019-20 Corporate Risk Register.

The 2019-2020 Corporate Risk Register was approved by Council on 16 April 2019 and was attached at appendix two to this report for Member information. Seven strategic risks were identified as being above the Council’s risk tolerance threshold and were therefore included in the register:

1. Ongoing financial viability of the council

2. Changes in national priorities and legislative change

3. Organisational capacity/resilience

4. Implementation of the Homelessness Reduction Act

5. Universal Credit

6. Withdrawal of the United Kingdom from the European Union

7. Cyberattack resulting in data breach or corruption of data

The development of the Council’s Corporate Risk Register for 2020-2021 will commence in December 2019 and the risks listed below were considered for inclusion the 2019-20 Corporate Risk Register but were omitted for the reasons stated in the report on page 62:

• Business Rates Retention Scheme
• General Data Protection Regulations (GDPR)

The Principal Accountant (HRA & Exchequer) advised that one risk had been identified by Officers as potentially needing to be included in the 2020-21 Corporate Risk Register:

• Investment Risk - Over the past couple of years the authority had purchased a number of Investment Properties and now had investments in Property Funds and Multi Asset Funds. The authority was now reliant on these investments to generate rental and investment income to support the revenue budget. Whilst the risk is referred to within different sections of the current Strategic Risk Register, given the value of the investments and the authority’s reliance upon the rental and investment income it was felt that it may be necessary to incorporate it into the Corporate Risk Register as a separate risk

The Assistant Director (Corporate Services) and the Principal Accountant (HRA & Exchequer) fielded questions from the Committee, explaining that:

• When the Homelessness Reduction Act was put on the Register, the Act had only been implemented since 03 April 2018 so the full impact of the Act and the actions required to mitigate that risk had not been fully assessed yet. The Council was in a much better position now and when the risk is reviewed for the 2020/21 Corporate  Risk Register, the lead officer on that risk will be asked what else could be done to reduce the level of the residual risk
• An answer to how the Council calculates the threshold of risk and what the threshold actually is will be circulated to the Committee

Two suggestions were put forward by the Committee for inclusion on the 2020/21 Corporate Risk Register:

• Increased exposure to risk to Gravesham Borough Council from shared services with Medway Council
• Civil Risk (major disasters and flooding in the Borough etc)

The Assistant Director (Corporate Services) advised that those two suggestions would be taken away and assessed as part of the development of the next Corporate Risk Register. The results of the assessments would be brought back to the Committee to decide how the risks should be moved forward.

Concern was also raised over the risk score of cyber-attacks as it was felt that potential data loss through cyber-attacks should be classified as a much higher risk and needed further investigating.

Resolved that Members:

• Noted the progress made, as set out in appendix three, in managing or mitigating each risk recorded within the 2019-2020 Corporate Risk Register
• Agreed that the following two risks should be considered for assessment of potential inclusion in the 2020-21 Corporate Risk Register:

-           Increased exposure to risk to Gravesham Borough Council from shared services with Medway Council

-           Civil Risk (major disasters and flooding in the Borough etc)