Agenda item

Amendments to the Risk Register

Report of the Director of Finance and Resources.

 

Minutes:

The Committee considered a joint report of the Director of Strategy, Governance and Change and the Director of Finance and Resources in relation to the review of the Corporate Risk Register.

 

They were informed that the Corporate Risk Register has been reviewed by Members of the Corporate Governance Working Group pending review by SLT. The refreshed corporate risk register reflected the key risks facing the Authority (i.e. those that had been assessed as being scored >15) as follows:

 

·         MTFS & pressures on service delivery/maintaining legality/legal risks whilst undergoing change.

·         Children’s Social Care System – transformation of service

·         Cyber related risks to the business

·         Key Supplier Failure – Failure of critical suppliers who have been commissioned to deliver services on behalf of the County Council E.g. Allied HealthCare and the provision of Home Care.

·         Single points of failure within the Business i.e. critical systems/services operated by a single individual/source which terminates suddenly.

·         GDPR and Information Assurance – failure to meet the new requirements.

·         HR related risks including capacity/workforce strategy to deliver the transformation programme. Human Resources capacity is currently identified as particularly high risk.

·         Capacity and Capability - failure to have the required capacity and capability within the Council to deliver the change programme which is required to deliver to MTFS savings plan.

·         Digital Technology Developments- failure to embrace and fully exploit digital solutions when redesigning services/processes to ensure the most cost-effective solution is adopted.

·         Brexit – implications for local government from leaving the EU.

·         Partnerships – joint working arrangements to deliver a common vision for Staffordshire.

 

In response to a question from Mr C. Greatorex in relation to whether there were any risks around complying with the number of requests which may be received under GDPR, the Interim Head of Audit and Financial Services indicated that she would make enquiries with the relevant County Council Officer.

 

The Committee also noted that Mid-Tier Risks included:

 

·         Delayed Transfer of Care and Health & Social Care Integration (incl. the STP) – potential to lose the BCF funding.

·         Business Continuity and Emergency Planning arrangements - failure to make adequate plans to restore the Business across the full spectrum of services undertaken by the Council, together with robust arrangements operating within Partner bodies who perform services on behalf of the County Council.

·         Stakeholder Engagement and Community Development - Failure to undertake effective communication with Stakeholders and Communities to ensure that the aims of the ‘People helping People’ strategy can be achieved.

·         Home & Community Care Contract – inherent risks exist because of the payment process adopted within Care Director which makes payments as per the provider invoice without reference to the commissioned hours contained in the care plan. May result in potential under/over payments.

·         Section 53 requirements (Rights of Way) – backlog of applications for modification orders to the definitive map of public rights of way under Section 53 of the Wildlife and Countryside Act 1981.

 

It was noted that, since the last update to the Audit and Standards Committee in July 2018 the following risk has been removed:

 

Peer Review – visit undertaken, and a positive report received. Any specific risks highlighted by the review have been incorporated into the risk register where appropriate.

 

Following on from the July report, work continues to be undertaken within the following areas:

 

·         Development of the approach to risk management with external partners.

·         Regular refresh of the Corporate Risk Register and the format/content required.

·         Consideration of the proposal of how to present the split between current and emerging risks.

·         Develop and strengthen the linkage with the Strategic Plan/Business Plan

·         Embed risk management into the culture of the organisation, to include the monitoring and reporting of progress against mitigating actions

·         Embed the process for Elected Member engagement through regular updates to the Audit & Standards Committee of the key risk areas, including any additions/deletions.

 

The Committee also noted that the County Council was developing its risk management process which would continue to evolve as the governance structures surrounding risk were confirmed. Consequently, the format of the Corporate Risk Register would continue to be revised.

 

In response to concerns expressed by Mrs Woodward in relation to the potential impact on the voluntary sectors’ ability to deliver services should the proposal to reduce their funding from the County Council be implemented, the Deputy Director of Finance indicated that each of the proposals within the MTFS, to be submitted to Cabinet in January, would include a full Community Impact Assessment.

 

The Chairman enquired whether there was any information available to the Committee in respect of the proposed EU ePrivacy Regulations, the Interim Head of Audit and Financial Services indicated that she would ask the Head of Information Governance to respond to Members.

 

RESOLVED – That the updated position in relation to the Corporate Risks be noted.

Supporting documents: