225
Hayley McGrath, Corporate Governance Manager, attended to present the report and assist the Committee with their enquiries. The Committee heard that they were required to review the risk management process annually, and were being asked to consider the risk management process for the financial year 2019-2020. The attention of the Committee was drawn to three key areas; the work undertaken through the year, the Risk Management Strategy, and the Strategic Risk Register.
In relation to the work undertaken during 2019-2020, there had been no significant changes to the Risk Management Framework and the principles applied to risk management, but a review had been started into the process of the way that risks were managed, captured and reported across the organisation. The Committee were now presented with two risk ratings, one pre-mitigation, and one post-mitigation to provide more clarity on how risks were being managed.
Other work that had been undertaken was working with Colchester Commercial Holdings Limited (CCHL) making sure that the insurances that they had were suitable, as they required some specialist insurance. Work was also ongoing with Colchester Borough Homes (CBH) with regard to their insurance programme. Close working relationships were maintained with the local Safety Advisory Groups (SAGs) which included partners such as Essex Police, Local Highways and the Health Authority, as well as the Colchester Community Stadium. Forthcoming events were considered with a view to working out whether there would be any issues in terms of noise or safety management, and assistance offered in completing risk assessments. The Committee heard that in addition to this, work was also undertaken to manage the joint risk register for the North Essex Parking Partnership and the museum, including the joint museum service with Ipswich, and that these processes had been the subject of an audit which had delivered a substantial assurance rating.
Hayley advised the Committee that the Risk Management Strategy formed part of the Constitution of the Council and, as such, an annual review was appropriate. The Committee heard that there had been some minor review points following recommendations from internal auditors, but it was not felt that the Strategy needed to be amended in any form, and it was invited to recommend that Cabinet be asked to approve the Strategy so that it could be adopted into the Council’s Constitution by Full Council.
It was explained to the Committee that the Risk Register was reviewed on a very regular basis throughout the year, and that consistently throughout 2019-2020, the risks identified were straightforward and included key areas such as the exit from the European Union, security of data and Council finances. Towards the endo the financial year, it had been considered that it may be possible to remove some identified risks from the Risk Register as the Council’s risk profile reduced, but the advent of the pandemic had required focus in different areas of risk. Once the Coronavirus pandemic had arrived in the United Kingdom, the risk assessment work that had already been undertaken supported a fast and efficient response from the Council, helping to ensure that key support was offered, and essential services continued to be delivered. As a result of the pandemic, the key risks were of a much higher profile, including the budget strategy, with the Council’s finances changing significantly as a result of the pandemic, and Covid-19 itself now identified on the risk register. Work was now being undertaken to ensure that current processes were appropriate, given some of the rapid changes that had been necessary to these in response to the pandemic, in addition to monitoring the effect of European Union exit in the light of information that was coming to light. Data protection and cyber security were still key risks, and it was felt that the pandemic had served to increase these risks, as there was the possibility for the pandemic to be used to attempt to gain information to support future attacks.
Councillor Pearson confirmed his approval of the new format Strategic Risk Register, which he felt was clearly laid out, and easy to access.
Councillor King, Portfolio Holder for Business and Resources, addressed the Committee to confirm his belief that the most important thing about the Risk Register was that it was used, and was a reasonable vehicle to enable discussion and the delivery of quality across services. He also confirmed his support for the new format, btu accepted that it would be necessary to continually revise and alter the Register as future events unfolded, with a particular focus on recovery.
Councillor Willets added his approval to the new layout of the Register, commenting that it was much easier to understand and adopted a more logical approach by setting out risks before any mitigating action was taken, and allowing them to then be assessed following mitigation, when the difference between the two stages was enlightening. He believed that some risks simply had to be accepted as only partial mitigation was possible, and considered that it was necessary to focus attention on those areas of risk where it is possible to make realistic improvements to the Council’s processes. He explained his clear view on risk management and considered that the Council should focus its attention on its specific responsibilities with delivering essential services to the people of Colchester. He accepted that although there may be a wider impact from such events as the exit from the European Union or difficulties with Universal Credit, he felt that the majority of risk analysis should be confined to areas over which the Council had direct control. Councillor Willetts commented specifically on the risk being ascribed to exit from the European Union, and questioned what specific impact this would have on the Council, which in his view was difficult to ascertain. He concluded by praising the phenomenal effort which had been made over the past five years to making improvements to the Register and the way that it was used.
Councillor Pearson confirmed that he was assured by the reports that were presented to the Committee on a regular basis, and believed that the Council’s management of risk was appropriate and prioritised. He expressed little concern that the European Union Exit remained in the Risk Register, although accepted that it was possible to debate how this should be rated.
Councillor Barlow, in response to Councillor Willetts, expressed his opinion that the Council had a much wider role in the community than core service delivery, and that to view the Council solely in terms of its services was to ignore its wider role in the community and democracy as a whole.
Councillor Goacher supported Councillor Barlow’s comments, and enquired how it was decided what items were recorded in the Risk Register and how much political input there was to this process. He expressed his view that the exit from the European Union was worthy of an entry on the Register, as it was not yet known how future economic uncertainty would affect the Council.
Councillor King confirmed to the Committee that no political bias was present in determining items to be recorded in the Risk Register, and re-iterated that the Register was a working tool which would possesses much less value if it was political in nature. Although Cabinet did take an interest in the Register in general terms, he did not take an active role in risk rating, and considered that this represented a reasonable balance.
Hayley McGrath also confirmed to the Committee that assembling the Register was carried out with no political input, and the Register was reviewed on a very regular basis in conjunction with the Council’s Senior Management Team. The process of assessing risks facing the Council was the subject of rigorous debate, which was informed by information from a variety of sources, including internal audit reports as well as emerging issues in the wider governance arena. Hayley confirmed that a wide range of risks were considered when monitoring and amending the Register, and issues that may have arisen from significant insurance claims or Ombudsman reports were taken into account, together with high level operational risks that may have been identified by Service Managers. It was only once the Register has been completed that it would be referred to Councillor King, and although it was accepted that there would naturally be differences of opinion when assessing risk, it was confirmed to the Committee that the final Strategic Risk Register did reflect the views of the Senior Management Team. The Committee were made aware that the company who provided the Council’s internal audit service had been invited to assess the Strategic Risk Register by way of internal challenge, utilising their broad knowledge of Local Authority risk.
Councillor Pearson praised the thorough approach that had been taken with the presentation of the Risk Register, making it clear to both Councillors and members of the public what the position was with regard to rick management.
RESOLVED that the submission of this report to Cabinet to approve the risk management strategy for 2020/21 be endorsed.