Report of the Executive Director (Finance and Transformation) on a new Risk Management Policy and Strategy, along with the Risk Management Framework for the Council.
Minutes:
Report of the Executive Director (Finance and Transformation) on a new Risk Management Policy and Strategy, along with the Risk Management Framework for the Council.
Following the management restructure, the remit for risk management had been moved to the Finance and Transformation Directorate, providing a good opportunity for a fundamental review.
Previously, the strategy and framework, was one document, but these have been separated to provide clearer distinction between the council’s policy and procedures. There is now a more defined policy statement on the Council's approach to risks, what the council’s key commitments are and what the governance arrangements are around risk. There are therefore some key changes worth highlighting to Members between the previous approach and the new approach.
The Council will be moving away from only assessing current risks and now would be measuring both the inherent risk and the residual risk and that will allow Members to understand how the control measures that the council put in place manage and mitigate the impact on the risk score.
The Council will be moving to a risk scoring system of risk impact multiplied by risk probability, rather than probability, multiplied by impact squared. The previous more complex score and approach was required as the council did not report on inherent risk, it was a way to try and filter out those risks which had a higher impact.
The Council will be looking to use a new system for recording risk which will, firstly change the way reports will look and improve reporting for both officers and members but will also allow officers to record project risks. They are not currently managed in a consistent way throughout the organisations, this new approach will allow that. The risks will be reported to management on a more frequent basis which will allow faster action to be taken on any emerging risks or any increasing risks.
The new strategy and framework was presented to the Committee for consideration in advance of the 2023/24 year to ensure that following its approval, officer training can be provided and a full and comprehensive review of the risk register to be undertaken in advance of the start of 2023/24. Member training on the new strategy and framework will be provided at the start of the new municipal year.
The following points were raised and discussed:
· Members noted that the levels were similar to what was currently being used but the methodology for calculating them will be different. Members asked if the new methodology was proven from other organisations or was it something that had been developed? Officers said it was a standard approach, quite often organisations will choose between 1 to 3, 1 to 4 or 1 to 5, so it is a proven standard approach for risk management. Different organisations take different approaches to whether they report on the inherent risks or not, but moving to one with inherent risks means the council can simplify the scoring methodology.
· Members asked if any of the risks had changed when it had gone through the new calculation against the old calculation and did it make any difference to the risks identified. Officers said they have not been through the process yet but have done some test checking just to make sure the risks were coming out at a similar score to where the council would expect them to be. Officers were planning to roll out training in February to officers and then do a full fundamental review of the risk register in advance of the new municipal year.
· Members noted that once the new system was in place they could comment on the system and recommend changes or ask for clarification once the first report is seen by the committee.
RESOLVED:
(unanimous)
The Committee considered the Risk Management Policy, Strategy and Framework for adequacy and effectiveness and recommended its approval to Cabinet.
Supporting documents: