Agenda item

Officers introduced the Q3 risk register report which outlined the assessment of risk as at the end of December 2023. It included all strategic risks, and operational risks with a residual score of serious or severe. Since the risks were last presented, there had been further improvements to the reporting, enabling the Council to capture and report on both the inherent risk (before control measures are in place) and the residual risk (after control measures are put in place).

For strategic risks, two scores had been changed from the previous quarter. The risk for financial sustainability was increased last year when the Council undertook its medium term financial forecasts, and then when an increased budget gap for 2024/25 was identified. This risk score was reduced following the budget proposals which presented a balanced budget for 2024/25 and the proposed budget had been approved at full Council. While this risk had reduced, it still had a high score as there were some challenging targets over the medium term. The risk around service standards had also increased due to a change in the Ombudsman enquiries process; previously tenants had to go through the Council's complaints procedure before the Ombudsman would investigate, whereas they could now go straight to the Housing Ombudsman which meant the Council could be investigated for a complaint before being contacted by a tenant. This new approach meant there was likely to be an increase in the number of maladministration findings against the Council. There were no key changes to the operational risk scores to highlight.

The following points were made during the discussion:

-        There was a query about the status of using key risk indicators for qualitative and quantitative purposes as it was sometimes difficult to understand whether this changed the risk status. As an example, the commentary about recruitment and retention risk indicated action was being taken but the status/ trend of vacancies was unclear. It was suggested it would be helpful to provide some quantitative information so the trend could be tracked over time. Officers said this could be reviewed and they would consider whether this could be built into the reporting framework.

-        Responding to a question about whether there was a consensus about critical staff roles in terms of recruitment and retention, officers advised that all assistant directors identified critical roles within the risk register. A recent task and finish panel had looked specifically at recruitment and retention and there had been no significant recommendations as a result.

-        A member noted that in terms of ICT continuity, the commentary referenced backup sites and asked what types of sites these were (hot/cold). Officers undertook to provide detail outside of the meeting and advised alternative arrangements such as potential cloud backups were being considered.

-        A member asked about submission of GIS data as it seemed this was an area that could be fixed and therefore removed as a risk. Officers advised that there were a number of officer roles providing support to service specific applications; a review of the Council’s approach to application support would be taking place in the coming months.    

-        In terms of council run events, a member expressed concern that public safety was registered as a high residual risk. Officers agreed the residual probability should be reduced and would take this up with the relevant risk manager.

-        A member queried the operational risk regarding the control centre (Lifeline Service) which showed the inherent impact at 3 but the residual impact at 5. Officers confirmed this was an error and would be revised by the risk manager.

-        A member asked about the ICT VPN outage the Council had experienced earlier in the year and whether this impacted on risk assessments. Officers confirmed this would be considered when they came to the Q4 assessment of risk although the scoring might not change significantly because the controls and mitigation measures in place had worked as expected.

-        A member asked about risks pertaining to new legislation which meant new requirements for voting and that the Council would not be overly zealous with rules therefore preventing eligible voters from voting. Officers responded that the Council followed national guidance: various forms of identification could be used, anyone on the electoral roll could apply for specific electoral registration ID, and information on the website and on poll cards specified what ID documents could be used.

-        There was a query about whether the fact that tenants could now approach the Ombudsman without first contacting the Council meant there might be a risk in terms of staffing capacity in dealing with complaints. Officers said this had been identified as part of the budget-setting process for next year and there is now a complaints/Ombudsman lead officer currently being recruited to.

-        A member noted a previous meeting had discussed adding potential industrial action to the risk register. Officers would raise this with the relevant team and ascertain whether it had been added and whether it was deemed a high residual risk.   

The Committee noted the Quarter 3 risk registers, and noted the comments and actions in respect of the strategic and serious/severe operational risks.