Issue - meetings

To review the Corporate Risk Register and consider if any further risks should be included.  

  i.  Having reviewed and scrutinised the Corporate Risk Register, that no further risks be included; and

  ii.  That no further action was required to mitigate risk 58.

By way of a report by the Audit and Risk Manager (a copy of which is appended in the Minute Book) the Cabinet were presented with the first report on risk management and the contents, reports having previously been submitted to the former Corporate Governance Panel.

The Risk Register was reviewed frequently by Heads of Service to ensure that it remained fit for purpose and captured the significant risks to the achievement of the Council’s objectives.

The report detailed the contents of the Risk Register as at 24 May 2016 and focused mainly on corporate risks. It was noted that the Risk Management Strategy required the Cabinet to consider each of the very high ‘red’ residual risks that exceeded their risk appetite levels, and to decide whether they should be further mitigated by cost-effective and affordable actions.

The Cabinet considered each of the ‘red’ residual risks as detailed in the Corporate Risk Register, as appended to the Officer’s report.

Regarding risk reference 239 – Huntingdon Town Centre redevelopment, it was explained that this risk had been classified as a transformational risk which according to the Risk Management Strategy was acceptable provided the benefits and risks were properly assessed and accepted before the redevelopment progressed.  The risk was likely to be downgraded or removed from the Risk Register as a reserve had been established to mitigate against the loss of Section 106 monies.

Having been advised that the Risk Register contained one very high operational risk, risk 58, that referred to information security and information use, it was explained that the risk owner was of the view that the loss of IT services was the key risk that needed to be addressed.  A number of systems had been successfully tested and recovered to their ‘live’ state since December 2014. With the introduction of the IT shared service, the programme needed to be extended to include all systems. Once that had been completed it was considered that the inherent risk score would reduce to an amber status.  The Cabinet agreed that no further action was required to mitigate risk 58.

Regarding risk reference 40 – Planning Policy may be insufficient to meet Government requirements, it was explained that the succeeding report on the Cabinet agenda provided a progress update on preparation of the Huntingdonshire Local Plan to 2036 (HLP2036), its supporting evidence base and highlighted the risks arising from delays to the Strategic Transport Study and the Strategic Flood Risk Assessment.  The Cabinet were informed that the Council had received confirmation that the Council had met the Government deadline for ‘writing’ a Local Plan by March 2017.

Regarding risk reference 47 - Council's funds not invested appropriately leading to losses or poor returns resulting in unexpected service cuts, it was explained to the Cabinet that there were a number of controls in place to ensure that investments were made in the most prudent way.

Risk reference 251 related to social media activity operating inconsistently leading to inappropriate and unauthorised use of social  ...  view the full minutes text for item 14

The Risk Management Report is to be presented to the Panel (To Follow).

With the aid of a report by the Internal Audit and Risk Manager (a copy of which is appended in the Minute Book), the Risk Management report was presented to the Panel. In reviewing the risk register, Members identified risks 53 and 107 as risks that the Council has little influence over and questioned whether they are worth including on the register. The Panel recommended that consideration be given to removing the low risk items from the register.

The Panel was concerned that risk 32 of poor site security at Eastfield House had exceeded the risk appetite category levels despite the building having adequate cover of CCTV cameras however Members were informed that the risk had been considered by Corporate Management Team and had been accepted.

Following a question regarding risk 57 that plant and equipment used by staff is not properly maintained, Members were informed that there is a possibility that there may be either no maintenance or maintenance by untrained employees.

Members recommended that the management of risk 58, information security policy is not followed, should be a priority. The Panel were informed that work on mitigating the risk was in progress however Members have stated that they would like to receive a report on the item at a future Panel meeting.

The Panel raised a concern that the risk that one of the parties could withdraw from the shared service agreement had not been fully considered. Members wanted to know what would be the implications of such an event. The Panel,

RESOLVED

1)  that consideration should be given to removing low risk items from the register;

2)  that a report about risk 58 should be submitted to the Panel at its meeting in September 2016; and

3)  that the risk that one party could withdraw from the shared service agreement should be fully considered and included on the risk register.