Purpose of Report
To receive a status report of the revised Strategic Risk Register as at the end of the second quarter 2021/22.
Decision
That the Council’s strategic risks as at the end of the second quarter for 2021/22 be noted.
Alternative Options Considered and Rejected
None.
Reason for Decision
An update of the Strategic Risk Register developed under the risk management approach of ‘risk appetite’, was last received in August 2021 and had contained thirteen strategic risks.
Since reporting in August, the Strategic Risk Register had been refreshed and updated by the Corporate Leadership Team. The Strategic Risk Register reflected the significant change in circumstances in which the Council had been operating since the onset of Covid-19 and the different challenges and opportunities it now faced. This review had identified that there had been some positive movements in the register.
The Strategic Risk Register contained thirteen risks, as follows:
1) Failure to engage & influence effectively the Council’s strategic partners, council staff and all stakeholders to deliver against e.g. Council’s Vision 2025.
2) Failure to deliver a sustainable Medium-Term Financial Strategy (that supports delivery of Vision 2025).
3) Failure to deliver the Towards Financial Sustainability Programme whilst ensuring the resilience of the Council.
4) Failure to ensure compliance with statutory duties/functions and appropriate governance arrangements are in place.
5) Failure to protect the local authority's vision 2025 due to changing structures and relationships in local government and impact on size, scale and scope of the Council.
6) Unable to meet the emerging changes required in the Council’s culture, behaviour and skills to support the delivery of the council’s Vision 2020/2025 and the transformational journey to one Council approach.
7) Insufficient levels of resilience and capacity exist in order to deliver key strategic projects & services within the Council.
8) Decline in the economic prosperity within the City Centre.
9) Failure to deliver key strategic projects.
10) Failure of the Council’s key contractors and partners to remain sustainable and continue to deliver value for money.
11) Failure to put in place safe working practices and social distancing measures to protect officers and service users.
12) Failure to protect the vulnerable in relation to the Council’s PREVENT and safeguarding duties.
13) Failure to mitigate against the risk of a successful cyber-attack against the council.
A number of control actions had now been progressed or completed with the key movements outlined at paragraph 3.2 of the report.
Movement in control actions had resulted in a change to the assessed levels of likelihood and impact of two risks identified on the risk register:
· Risk 11 had been decreased from Amber: Hardly Ever/Major to Green Hardly Ever/Minor – as this was now a green risk it would be monitored for 6 months and then removed from the SRR.
· Risk 12 had decreased from Red: Probable/Critical to Amber: Possible/Critical.
The assessed level of each of these thirteen risks was as follows:
|
Risk No. |
Risk Rating |
Likelihood |
Impact |
|
8 |
Red/High |
Almost Certain |
Critical |
|
2, 3, 10 & 13 |
Red/High |
Probable |
Critical |
|
7 |
Red/High |
Almost Certain |
Major |
|
9 |
Amber/Medium |
Probable |
Major |
|
12 |
Amber/Medium |
Possible |
Critical |
|
1, 4, 5 & 6 |
Amber/Medium |
Possible |
Major |
|
11 |
Green/Low |
Hardly ever |
Minor |
Control actions continued to be implemented and risks managed accordingly.
Effective risk management was one way in which the Council ensured that it discharged its functions in accordance with its expressed priorities, as set out in Vision 2025, and that it did so in accordance with statutory requirements and within a balanced and sustainable budget and Medium-Term Financial Strategy.