Agenda item

Members considered the latest update on the Corporate Risk Register.  There were 14 risks identified in the risk register made up of 5 high risk and nine medium risks.  There had been some change in risks with an increase in Asset Management – Carriageways and Buildings.  This linked to budget challenge and Government changes to financial settlement and grant funding.  This referred to the council’s ability to maintain assets in the short, medium and long term due to increasing budget pressures.

The Head of People and Business change advised Members that with regards the risk around cyber security additional guidance had been made available.

Discussions included the following:-

Risk 13 – Asset Management – Carriageways and Buildings:-

·         With regards highways maintenance, how was the risk balanced against the risk of increased insurance? – Members were advised that this was picked up in mitigation.  That judgement had to be made within service areas. 

·         The score for the top risk was 25. Was this the maximum risk for the department? Was it not related to balancing the budget? – Within risk there was a balance between probability and impact.  Not balancing the budget had a catastrophic impact.   It was a high risk as there was a high risk of deterioration on the carriage way.  It was not possible to equate it on monetary terms.

·         With the imminent removal of the Severn Bridge toll and resulting effect on the infrastructure would there be a wider impact? – There were mitigated risks.  It would depend on what the Welsh Government decided and also the impact of the M4 Relief Road.

·         Is the Council identifying the areas that brought the impact down and was the score 25 the maximum because there were too many unknowns? – It was difficult to say.

·         What did the x with the é symbol mean on page 14? – This signified that the risk had increased. It was suggested that it would be useful to have an explanatory box explaining the symbols.

Risk 12 (page 15) Increasing Risk of Cyber Attacks:-

·         The increase in the risk of cyber attacks appeared to be something nobody could control, an ever increasing problem? – The Head of People and Business Change replied that there were two elements.  There had been no lasting problems from the recent cyber attack. The measures put in place had been pretty effective.  Those measures had been enhanced. There was a balance involved of keeping the Council and data safe whilst enabling employees to function when carrying out their roles.  On a daily, hourly, minute by minute basis the Authority was under cyber attack. 99.9% did not get through the firewall and the small percentage that did get through was stopped by the secondary firewall.  As an organisation the Council was data rich which needed to be protected.        

Risk 10 (page 49) – Produce and Implement a Carbon Management and Implementation Plan (Plan to be published April 2018):-

·         Had the Carbon Management and Implementation Plan become available yet? – Head of People and Business Change to find out. In the future there would be summary of any risks that had increased and anything new.

·         It was commented that the new Corporate Plan Update was more of a living document was looking very good.

Agreed

1.    To note the contents of the Corporate Risk Register