Agenda item

Members considered an updated version of the Corporate Risk Register which identified 14 risks; made up of 5 high risks and 9 medium risks.  The rating for 8 of the risks had remained the same and 4 risk ratings had been reduced as a result of the mitigating actions in place.

During this quarter the risk rating for Risk 12 – Increasing Risk of Cyber Attack had increased from 9 to 12 following recent Home Office advice.    There was a major concern around the increasing risk of cyber attack.  The threat of cyber attack had previously been based on the impacts of fraudulent and illegal activity.  However recent Home Office advice suggested that there needed to be further consideration of cyber attack originating from another State or terrorist organisation. 

The risk of Brexit – that the financial implications of leaving the European Union have a negative impact on the Council’s financial position had a score of 9.  The risk remained constant primarily because of the uncertainty until decisions were made next month. The working group was headed by the Strategic Director, Place.  The risk was likely to move. 

Discussions included the following issues:-

·         Some wording, formatting issues and spelling mistakes were referred to.

·         Has there been any information from the government to say what is happening with Brexit. The concept seemed difficult to grasp with no-one having total knowledge of implications of it? – The Head of People and Business Change responded that the Council was aware of the potential of Brexit linking in with the Welsh Local Government Association and central government.  As far as the other side about impact on business continuity there was a whole suite of mitigating risk falling under. civil contingencies planning.  There was a tie in with operational delivery.  The Head of People and Business Change led on counter terrorism and was Chair of the Prevention Panel and received a lot of information on a regular basis which he fed into the system.

·         The Council had lost about 2000 staff over the last 10 years.  Are those staff taking that knowledge with them or is the Council taking on board what they used to do and is that a factor, ie staff doing extra work others used to do? – The Head of People and Business Change responded that compared with 6 years ago the Council had 28% less staff in place.  A significant portion of that work had been outsourced to Newport Norse, Newport Live. It was not about stripping away 28% of staff but delivering things in a different way.  Over that period there had been some voluntary redundancies and some compulsory redundancies.  In each case risks had been identified in connection with changes to services.  They had not been individually identified in the risk register but the information had been included in the business cases.  There was a risk involved with losing any Council resources in terms of the person and knowledge being identified and mitigating factors put in place to reduce the risk.  It was not possible to deliver a service with reduced resources without losing staff.  The Council had improved its ability to re-organise services that there were not as many single points of failure.  Recruitment and retention of specialist staff (Ref 14) had improved.  This particularly impacted on Finance and HR.  Some restructuring work had been undertaken to manage that risk.

Agreed

1.    To note the contents of the Corporate Risk Register Update.