The Committee was invited to review the latest version of the Council’s risk profile for Quarter 2 of 2024/25 using high level data extracted from the risk management system following review by risk owners across the organisation in August. 

Officers advised that there were currently 268 risks identified taken from service, project and contract risk assessments, categorised against the 13 risk areas.  Risk movement was noted including 19 new risks and 11 that had been archived.  There were 18 ‘significant’ risks, scoring above 15 (7%).  Full details were appended to the report.

In respect of the Corporate Risk Register (CRR) this listed 34 risks which were a subset of all risks scoring above the threshold which had a corporate impact, 20 of these were classed as 'significant', scoring above 15.

Additional information was provided in respect of emergency planning and climate change.  There were 22 risks identified as emergency planning risks from across the organisation that included those generic risks facing the organisation as a whole as well as service-specific emergency planning risks.  Officers reported that two of these were scored as 'significant'.  The Committee noted that some risks were ‘tagged’ so that whilst appearing in the relevant business centre they were also flagged as risks in terms of emergency planning.  For example flooding at the Council’s Depot.  In respect of climate change, 28 risks were identified, of which three were scored as ‘significant’ including one which was also identified as an emergency planning risk.  Similarly, these were also reported as part of the CRR.

Members recalled from the previous risk profile report that corporately Officers reviewed the post-mitigation score for the risk profile, i.e. the probability and impact that a risk might happen after steps had been taken to mitigate as this was the residual risk that the organisation was exposed to and carried.  The risk matrix was also noted.

Officers confirmed that risk trend was calculated by the movement in post-mitigation risk score since the last snapshot extract was taken in March 2024.  It was noted that there were 35 risks with an upwards change in risk score post-mitigation.  However, 30 of these were due to the change required by internal audit which was that if the action plan had not been delivered the score pre- and post- mitigation must be the same.  Officers would continue to monitor risk trend over the next period to ensure that action plans were progressed and risk mitigation put in place.  Members noted that five were reporting a true increase in post-mitigation score, as either the risk probability or impact had increased.  Two of these were reporting post-mitigation scores above the threshold as detailed in the report.

Officers reported that since their last report, improvements to the data held in the system had been made by adding data tags to provide a mechanism to pull out risks associated with emergency planning and climate change from across the system.  It was agreed that risks associated with compliance, (Health and Safety), legislation or regulatory compliance, should be tagged in order to inform a section in the next scheduled report to the Committee in May 2025.

As part of continuous improvement of the risk management system Officers planned to attend department management meetings to gather feedback and ideas for future enhancements from risk owners.  This would also support closing an action arising from the self-assessment against Best Value.

Officers were asked to confirm whether a Climate Risk and Vulnerability Assessment (CRVA) had been completed.

Officers were also asked to circulate to the Committee the further update from the Corporate Head of Community Services regarding Meals at Home, noting the document was commercially sensitive.

The contents of the Exempt Appendix to the report were noted and any future impact on service delivery would be brought to Members’ attention.

Officers were thanked for their comprehensive report providing Members with assurance that risk management was a dynamic process, being actively managed.