|
Meeting: |
Audit & Governance Committee |
|
Meeting date: |
8 November 2023 |
|
Report of: |
Debbie Mitchell, Chief Finance Officer |
|
Portfolio of: |
All Executive Members |
Audit and Governance Committee Report:
Monitor 2 2023/24 – Key Corporate Risks
Subject of Report
Policy Basis
2. The effective consideration and management of risk within all of the council’s business processes helps support the administration’s key commitments and priorities as outlined in the Council Plan 2023-2027.
Recommendation and Reasons
3. Audit and Governance Committee are asked to:
a) Consider and comment on the key corporate risks included at Annex A, summarised at Annex B;
b) Provide feedback on any further information that they wish to see on future committee agendas.
Reason: To provide assurance that the authority is effectively understanding and managing its key risks.
Background
4. The role of A&G in relation to risk management covers three major areas;
· Assurance over the governance of risk, including leadership, integration of risk management into wider governance arrangements and the top-level ownership and accountability for risk
· Keeping up to date with the risk profile and effectiveness of risk management actions; and
· Monitoring the effectiveness of risk management arrangements and supporting the development and embedding of good practice in risk management
5. Risks are usually identified in three ways at the Council;
· A risk identification workshop to initiate and/or develop and refresh a risk register. The risks are continually reviewed through directorate management teams (DMT) sessions.
· Risks are raised or escalated on an ad-hoc basis by any employee.
· Risks are identified at DMT meetings.
6. Due to the diversity of services provided, the risks faced by the authority are many and varied. The Council is unable to manage all risks at a corporate level and so the main focus is on the significant risks to the council’s objectives, known as the key corporate risks (KCRs).
7. The corporate risk register is held on a system called Magique. The non KCR risks are specific to the directorates and consist of both strategic and operational risk. Operational risks are those which affect day to day operations and underpin the directorate risk register. All operational risk owners are required to inform the risk officer of any updates.
8. In addition to the current KCRs, in line with the policy, risks identified by any of the Directorates can be escalated to Council Management Team (CMT) for consideration as to whether they should be included as a KCR. KCRs are reported and discussed quarterly with CMT and Portfolio Holders.
Key Corporate Risk (KCR) update
9. There are currently 12 KCRs which are included at Annex A in further detail, alongside progress to addressing the risks.
10. Annex B is a one-page summary of all the KCR’s and their current gross and net risk ratings.
11. In summary the key risks to the Council are:
· KCR1 – Financial Pressures: The Council’s increasing collaboration with partnership organisations and ongoing government funding cuts will continue to have an impact on Council services.
· KCR2 – Governance: Failure to ensure key governance frameworks are fit for purpose.
· KCR3 – Effective and Strong Partnership: Failure to ensure governance and monitoring frameworks of partnership arrangements are fit for purpose to effectively deliver outcomes.
· KCR4 – Changing Demographics: Inability to meet statutory deadlines due to changes in demographics.
· KCR5 – Safeguarding: A vulnerable child or adult with care and support needs is not protected from harm.
· KCR6 – Health and Wellbeing: Failure to protect the health of the local population from preventable health threats.
· KCR7 – Capital Programme: Failure to deliver the Capital Programme, which includes high profile projects.
· KCR8 - Local Plan: Failure to develop a Local Plan could result in York losing its power to make planning decisions and potential loss of funding.
· KCR9 – Communities: Failure to ensure we have resilient, cohesive, communities who are empowered and able to shape and deliver services.
· KCR10 – Workforce Capacity: Reduction in workforce/ capacity may lead to a risk in service delivery.
· KCR11 – External market conditions: Failure to deliver commissioned services due to external market conditions.
· KCR12 – Major Incidents: Failure to respond appropriately to major incidents.
12. Risks are scored at gross and net levels. The gross score assumes controls are in place such as minimum staffing levels or minimum statutory requirements. The net score will take into account any additional measures which are in place such as training or reporting. The risk scoring matrix is included at Annex C for reference.
13. The following matrix categorises the KCRs according to their net risk evaluation. To highlight changes in each during the last quarter, the number of risks as at the previous monitor are shown in brackets.
|
Impact |
|
|
|
|
|
|
Critical |
|
|
|
|
|
|
Major |
|
1 (0) |
5 (6) |
1 (1) |
|
|
Moderate |
|
1 (1) |
3 (3) |
1 (1) |
|
|
Minor |
|
|
|
|
|
|
Insignificant |
|
|
|
|
|
|
Likelihood |
Remote |
Unlikely |
Possible |
Probable |
Highly Probable |
14. By their very nature, the KCRs remain reasonably static with any movement generally being in further actions that are undertaken which strengthen the control of the risk further or any change in the risk score. In summary, key points to note are as follows;
· New Risks- No new KCRs have been added since the last monitor.
· Increased Risks – No KCRs have increased their net risk score since the last monitor.
· Removed Risks – No KCRs have been removed since the last monitor.
· Reduced Risks – No KCRs have reduced their net risk score since the last monitor.
Updates to KCR risks, actions, and controls
15. All KCRS have had the risk owner highlighted in the register.
16. KCR 2 – Governance: the ongoing action to embed the action from the public interest report has been reviewed and the target date revised to the end of the year. A new action has now been included regarding compliance with the Freedom of Information (FOI) action plan and dealing with the backlog of outstanding FOIs, with a deadline of 31 October 2023.
17. KCR 4 – Changing Demographics: The action to develop a transition strategy has been completed. A new action to develop a frailty hub in cooperation with health partners has been set. This will improve support for early intervention.
18. KCR 5 – Safeguarding: Risk details and controls have been added to acknowledge the risk from the demand on the national children’s care market. Controls are already in place to mitigate this. Also, a new action has been added to recruit to a new post by the end of this year, utilising government grant funding.
19. KCR 8 – Local Plan: Revised target dates have been set to align with the progress being made to approve the local plan later this year. As previously reported, a further update is expected on this KCR once the inspection report has been issued in Autumn 2023. A more detailed report will then come to a future meeting of this committee.
20. KCR 9 – Communities: A revised date has been set to establish the new equalities and access team. The action is in progress: access and migrant support has been combined and there is an equalities expert helping the Council with its self-assessment. They will report back in January 2024. In early 2024/25, a manager should be in place to bring the service together.
21. KCR 10 – Workforce/Capacity: All ongoing actions have been reviewed and revised dates set.
Consultation Analysis
22. Not applicable
Risks and Mitigations
23. In compliance with the council’s Risk Management Strategy, there are no risks directly associated with the recommendations of this report. The activity resulting from this report will contribute to improving the council’s internal control environment.
Contact details
For further information please contact the authors of this Report.
Author
|
Name: |
Helen Malam |
|
Job Title: |
Principal Accountant (Budget & Collection Fund) |
|
Service Area: |
Finance & Procurement |
|
Telephone: |
01904 551738 |
|
Report approved: |
Yes |
|
Date: |
20 October 2023 |
Background papers
None
Annexes
· Annex A: Key Corporate Risk Register
· Annex B: Summary of Key Corporate Risks
· Annex C: Risk Scoring Matrix