The Assistant Director (Corporate Services)presented the Committee with the outcome of the annual risk identification and analysis exercise that had been carried out to assist in the development of Gravesham Borough Council's Corporate Risk Register for 2022-2023 and explained that:

• The Risk Management Strategy sets out the approach the council has adopted for identifying, evaluating, managing and recording risks.

• The strategy itself is reviewed on an annual basis by Officers and there have been no substantial amendments or updates to the strategy policy since last year.

• The risk identification and analysis assessment document sets out the detail of all the risks that have been considered by Officers when producing the draft Corporate Risk Register together with the outcomes of those assessments.

• The risks that have generated to a high residual risk score of 10 and above are included in the draft 2022-23 Risk Register.

• Additional risks identified as part of the exercise however were not considered high enough to be included in the Corporate Risk Register were: 

·       Universal Credit

·       IT Infrastructure

·       Adoption and delivery of a sound Local Plan

These will be managed at service level.

On page 63 of the report the Draft Corporate Risk Register included comments and amendments suggested by Management Team and Senior Officers. The top 5 risks are identified for inclusion are:

·       On-going financial viability

·       Changes in national priorities and legislation

·       Organisational resilience and capacity

·       Cyberattack and data breaches

·       Investment risk

Following questions and comments from Members, the Assistant Director (Corporate Services) explained that:

• All risks are monitored throughout the year and the council has recently established a Risk Management Working Group to oversee this process. There are representations from each Directorate on this group who review the risks at service level and corporate risk level and identifies any merging risks. The last meeting of this group took place in February with another meeting due to take place in May.
• With regards to recent events in Ukraine and the possible increased threat to cyber security, this risk is continually monitored by the Assistant Director (IT Services) with any updates reported to the Risk Management Working Group.
• Inflation risk is covered within risk 1 “on-going financial viability of the council”. This risk covers the majority of financial risk. Within the MTFP there is a budget line for inflation provision and this was reviewed at the time of budget setting.
• Explanations regarding the various risk types are found at page 64. Regarding inherent risk, residual risk and target risk – the residual risk score should result in a decrease as this considers the controls that are put in place to help mitigate the risk.  The target risk score is where the council would like to be as this considers improvement to existing controls. 
• The council has written to all its external fund managers and responses have been received which confirm that they have not identified any exposure to Russian investments.

Resolved that Members are requested to review the draft Corporate Risk Register

for 2022-23 prior to presentation to Cabinet.