Home
The council and democracy
Democracy portal

Agenda item

Strategic Risk Register Update

This report provides an update on the Council’s Strategic Risk Register, which summarises the Council’s corporate risk profile as of January 2023.

Minutes:

Darren Armstrong, Head of Audit & Investigations, introduced the report providing the Committee with an update on the Council’s Strategic Risk Register, which summarised the Council’s corporate risk profile as of January 2023.

 

In considering the report the Committee noted:

 

·                 The Strategic Risk Register had been prepared in consultation with risk leads, Departmental Management, Senior Leadership Teams and the Council’s Management Team in accordance with the key elements of the Council’s Risk Management Policy and Strategy.

·                 The ongoing enhancements to the Council’s risk management framework, which had included risk sponsors being assigned for each strategic risk with accountability for the agreed risk mitigating actions and controls.  In addition, the risk impact matrix had been expanded in order to identify and articulate risk impact across a number of factors including financial, service delivery, health and safety and reputational impacts, as detailed within the Risk Register attached as Appendix A to the committee report.

·                 Target risk scores had also been included in the risk register for each strategic risk as agreed by the relevant CMT risk sponsor to illustrate the risk score that the Council was working towards achieving or maintaining.

·                 No new risks had been identified, however it was recognised that the Council were operating in a heightened risk environment due to a number of external factors that included an uncertain economic situation and the rapid rise in inflation. The heightened risks were reflected in the risk register with five of the eight strategic risks showing an increased risk score, with the most significant impacts identified in relation to the risks relating to the Lack of Affordable Accommodation and Cost of Living Crisis.

·                 There were a number of inherent risks also identified which continued to be owned and monitored at a Departmental level and therefore did not form part of the Strategic Risk Register. These included Safeguarding (Children and Adults); Business Continuity; Information Governance; Legislative Compliance; Fraud and Corruption; Major Unforeseen Events; Financial Stability and Health and Safety

 

The Chair thanked Darren Armstrong for his report and invited Committee members to ask any questions they may have, with the following responses provided:

 

·                 The Committee sought assurances that the increases identified in relation to the strategic risks  for Lack of Affordable Housing and Cost of Living Crisis could continue to be managed and mitigated against if they were subject to any further adjustments . Officers advised that the increased risk identified in these areas demonstrated that the risk management framework was working well and as such provided assurance that the strategic risk areas were being closely monitored with action plans in place to support bringing down the risks to target risk scores.

·                 The Committee queried if departmental risk registers were robust enough to manage the delegated responsibility of manging their risks. In response officers advised members of the advantage in terms of the broader strategic overview of risk provided through the strategic risk register operating alongside each department also managing their own individual risk registers. Departmental risk registers were updated twice a year with regular engagement between the Internal Audit team to review and support where necessary.  The departmental risk registers also supported the “bottom up” provision and identification of risks from services which were deemed to require consideration at the higher strategic level.

·                 The Committee queried if there was a standard risk register used across London or nationally to support identifying common risks and benchmarking, which in turn could support lobbying efforts to central government. In response officers advised that there was not a standard framework across London or nationally. Local Authorities adopted a framework that worked for their individual authority, although information was shared across Heads of Audit in London where risk registers were discussed, and common risks identified. The Committee were informed that the framework used in Brent linked risk to strategic and corporate objectives and priorities, then filtered down to departmental and service level priorities and objectives.

·                 In response to a query regarding guidance being provided to reduce the risk of cyber attacks, with reference to councillors and the protection available on their devices, the Committee were informed that further details on cyber security guidance would be sought from the Managing Director of the IT Shared Service.

·                 The Committee recognised the gains made in demonstrating risk appetite through the risk register and sought further details on how this could be built upon further, with the suggestion that the use of key risk indicators could be incorporated in future risk registers. Additionally, it was felt it would be helpful to see the key risk indicators on departmental risk registers to support the Committee’s understanding of the depth of monitoring at departmental level.  In response officers advised that they were keen to build in additional ways to illustrate risk appetite on future risk registers and would therefore seek to include key risk indicators as part of this moving forward. In addition, it was noted that the Internal Audit Work Plan due to be presented to the March Committee  would include an assurance map to demonstrate how the work of internal audit was aligned against strategic risks and could also include inherent risks to demonstrate how internal audit was providing assurances on departmental risk registers.

·                 In response to a comment regarding the possibility of tracking trends in relation to risk scores over a longer period of time, officers advised that an additional visual chart to show the comparative trends in strategic risks over time could be incorporated in the next Strategic Risk Register.

·                 In response to further details sought on the consequences of risk scores remaining at higher levels over a sustained period of time, members were advised that the main issue involved any risk materialising into an active issue.  The risk register framework had, however, been designed to mitigate against this by utilising the existing controls, enhanced monitoring and action plans to manage the risks identified and bring their scores down to target level over time.

 

As no further issues were raised the Chair thanked Darren Armstrong and his team for their hard work on the Strategic Risk Register and the Committee RESOLVED to note the contents of the report and update provided

 

Supporting documents:

 

Navigation