Agenda item

The Council’s Corporate Risk Register monitored those risks that might prevent the Council from achieving its Corporate Plan or delivering services to its communities and service users in Newport. 

At the end of Quarter two, the Council monitored 56 risks across its eight service areas; 19 of the 56 risks were recorded in the Council’s Corporate Risk Register and considered to have a significant impact on the achievement of the Council’s objectives and statutory obligations.  At the end of quarter two, there were no new or escalated risks from service area risk registers; and no risks were closed or de-escalated. Overall, there were 11 Severe risks (risk scores 15 to 25); six Major risks (risk scores seven to 14) and two Moderate risks (risk scores four to six) that were outlined in the report.   

The role of the Audit Committee was to review and monitor the corporate governance and risk management arrangements in place, with comments and recommendations of the Committee on risk process considered by Cabinet.

A brief introduction on the report looked back in time to the end of the September Risk Register.  This monitored risks that might stop the Council achieving its objectives as well as covering escalated Risks in the Register.  These risks could be challenged through the Scrutiny process rather than at Audit Committee.  An additional paragraph in relation to an all member seminar on the Local Government Elections (Wales) Bill, addressed potential changes around performance management.

The Chair asked for a brief outline regarding any potential changes to Audit Committee due to the forthcoming Act and whether this could be an agenda item for a future meeting.  Any responses arising from the consultation would come into force hopefully in April this year.  If there were any potential changes to Audit Committee, this would relate to performance management requirements.  Following consideration of the consultation from Welsh Government, this could be discussed at Audit Committee later this year and could possibly be considered in the work programme at an October/November meeting.

Discussions included the following:

·         Referring to page 15 in the Agenda papers, Councillor Hourahine was disappointed with the table of risks, one risk had been addressed, however it was noted that the rest of the figures were static.  Councillor Hourahine expected this to be dealt with as close to the source as possible.  The Chair agreed with the observation and referred to the target risk table, which he felt was a tick box exercise and considered the risk appetite was not there unless the scoring was changed from 1-10 to 1-5, therefore it was not sure what was a valid risk or not.

Councillor Hourahine referred to the matrix numbers and suggested there might be other ways of achieving a better outcome, rather than five by five, which might mean too many equal risks.   The Head of People and Business Change advised that the table represented the top risks that the Council was dealing with.  Most were incredibly difficult to address in the short or medium term to overcome. Cyber security for example would have been removed from the risk however, Covid 19 increased the risk in relation to home working.  There was also a path out of Ash Die Back Disease. 

The Performance and Research Business Partner raised two points; the risk appetite would have been presented to the Audit Committee last year and covered off in risk management policy and agreed by Cabinet in June last year.  This would be reviewed again on an annual basis to see whether there was a need for change. 

Secondly, the comments regarding the target risks scores were valid; this was introduced as part of the new risk management process last year. The risk owner would determine the level of risk and whether it was an inherent risk.  In addition, there was a target risk score to push service areas to mitigate against the risk raise such as cyber security or climate change, which the Council had no power over and would therefore have to accept and receive assurances from SRS in relation to cyber security, to mitigate and prevent it from happening.  The Performance and Research Business Partner was always in conversation with Heads of Services to monitor these risks and discus whether they can be taken off the register.  There would be more risks being removed from the register by Quarter Three, this was also raised at Corporate Management Team if risks we raised.

·         Councillor Jordan asked if there would be any changes in Quarters Three and Four considering what had happened over the past year.  The Performance and Research Business Partner considered that there would be changes and that plans were in place for Heads of Service to look at forthcoming services plans and any emerging risks as a result of new legislation; this was again an ongoing process.  An example of this was the red scoring relating to Brexit trade negotiations in Europe, which had now decreased and would change in the next two Quarters.

·         Councillor Lacey observed that, with her audit background, the document was easier to read and complimented officers on their layout.

·         Councillor K Thomas echoed these comments but had noted that only one risk had closed.  In these turbulent times, what would be normal movement on the list in Quarter Two.  It was expected that two or three risks would close each Quarter or every six months.  More changes would occur in Quarter Three, with more movement in the corporate risk and service area risk.

·         Councillor Hourahine referred to page 64 Schools Finance and cost pressures which had shown that figures remained static which was disappointing.  School governors were doing their best to bring down finances to the required levels and were other schools doing the best they could.

Agreed:

That Audit Committee considered the contents of the report and assessed the risk management arrangements for the Authority, providing any additional commentary and/or recommendations to Cabinet.