Agenda item

Report of the Executive Director (Finance and Transformation)

The Committee received the Risk Management Quarter 3 Risk Register presenting the current identified strategic risks facing the Council, and those operational risks assessed as having a residual risk level of serious or severe (those with a score of 10 or more) as previously present to Cabinet. The report is an assessment of risk as at 31 December 2024.

The Executive Director (Finance & Transportation) highlighted the government's intention around devolution and local government reorganisation in two-tier areas. Consideration was given to the early impacts and the potential risks and implications including staff recruitment and retention. Also, the financial risks, there is a duty to continue to balance budgets and maintain adequate reserves in advance of any decisions on LGR and the multi-year settlement may be impacted by the government’s plans.

During the discussion the following points were raised:

·         A member mentioned a contractual dispute with the main contractor for council house maintenance under strategic risks, and asked if there was an update on the dispute.

·         The Executive Director (Finance & Transportation) responded that he did not have that information to hand but will arrange to circulate this to Members.

ACTION – To circulate a response regarding an update on the dispute

·      The Independent Person asked if there are any significant points of failure that could adversely affect operations of the Council, given the events at Heathrow recently and if so what will the Council do about them.

·         The Executive Director (Finance & Transportation) responded that for those sorts of events there are three key plans that would have an impact on how we respond. The first is the business continuity plans. The Council has an overarching plan and then individual service plans which identify the key services that need to be kept running, the priority that things will be brought back in and the time frames that are needed to bring things back in.  There is also a disaster recovery plan which looks at how IT services will be brought back on from backups in the event of an incident or loss or server room. There is also the emergency plan which looks at bigger emergency incidents.  All have been used in real life scenarios, i.e. the business continuity plans were used for our response to the pandemic lockdown initially. Also, when there was an ICT incident last year with our VPN and firewall.

·         The Independent Person commented that the incident at Heathrow was dubbed a once in 30 years event and was high impact but low probability. He asked if officers were confident that they are on top of the low probability but high impact events.

·         The Executive Director (Finance & Transportation) responded that one of the key considerations is looking at residual risk or the inherent risk and the change between the two. I.e. There are a number of high impact and medium to high probability inherent risks where through controls the level of probability has been brought down. But there are some instances where the level of impact will say high, i.e. data protection, whilst a lot of controls can be put in place to manage date safely and securely, it doesn’t change the fact that in the event of a significant breach we would still be open to severe penalties from the ICO, and this is an area where the impact cannot be mitigated. There is no risk on the risk register where the impacts and probability are high where the residual risk is the same, which shows as many controls have been put in place to manage the probability as much as possible and in some cases bring down the impact as well.

·         A Member commented regarding the local government reorganisation and thought supplier apathy may be something that comes in, i.e. a smaller supplier that knows they’re not going to get the big contract of the unitary and whether they will just concentrate on other contracts. Also, regarding housing stock and tenants, there’s a risk that during transition that both the housing stock could deteriorate if it the contracts weren’t working which could also have a negativity on tenants.

·         The Executive Director (Finance & Transportation) responded there are risks there regarding maintenance of housing stock and policies and other bits around social housing that can be looked at. What needs to be looked at is what the impact of LGR, how it is influenced and what other controls can be put in place. at.

ACTION: Officers will continue to keep risks associated with LGR under review, including the feedback from members of the Committee.

RESOLVED:

a)    Members noted the risk registers at quarter 3;

b)    Members noted comments and actions in respect of the strategic and serious / severe operational risks; and,

c)    Members made recommendations to Cabinet or Council in relation to the management of risk