Audit & Governance Committee

 

 

    7 September 2022

 

Report of the Chief Finance Officer

 

Monitor 1 2022/23 - Key Corporate Risks

 

 

Summary         

 

1.         The purpose of this paper is to present Audit & Governance Committee (A&G) with an update on the key corporate risks (KCRs) for City of York Council (CYC), which is included at Annex A. 

 

 

Background

 

2.         The role of A&G in relation to risk management covers three major areas;

·         Assurance over the governance of risk, including leadership, integration of risk management into wider governance arrangements and the top level ownership and accountability for risk

·         Keeping up to date with the risk profile and effectiveness of risk management actions; and

·         Monitoring the effectiveness of risk management arrangements and supporting the development and embedding of good practice in risk management

 

3.         Risks are usually identified in three ways at the Council;

 

·         A risk identification workshop to initiate and/or develop and refresh a risk register. The risks are continually reviewed through directorate management teams (DMT) sessions.

·         Risks are raised or escalated on an ad-hoc basis by any employee

·         Risks are identified at DMT meetings

 

4.    Due to the diversity of services provided, the risks faced by the authority are many and varied. The Council is unable to manage all risks at a corporate level and so the main focus is on the significant risks to the council’s objectives, known as the key corporate risks (KCRs).

 

5.    The corporate risk register is held on a system called Magique. The non KCR risks are specific to the directorates and consist of both strategic and operational risk. Operational risks are those which affect day to day operations and underpin the directorate risk register. All operational risk owners are required to inform the risk officer of any updates.

 

6.    In addition to the current KCRs, in line with the policy, risks identified by any of the Directorates can be escalated to Council Management Team (CMT) for consideration as to whether they should be included as a KCR. KCRs are reported and discussed quarterly with CMT and Portfolio Holders. 

 

 

Key Corporate Risk (KCR) update

 

 

7.    There are currently 12 KCRs which are included at Annex A in further detail, alongside progress to addressing the risks.

 

8.    Annex B is a one page summary of all the KCR’s and their current gross and net risk ratings.

 

9.    In summary the key risks to the Council are:

 

·         KCR1 – Financial Pressures: The Council’s increasing collaboration with partnership organisations and ongoing government funding cuts will continue to have an impact on Council services

·         KCR2 – Governance: Failure to ensure key governance frameworks are fit for purpose.

·         KCR3 – Effective and Strong Partnership: Failure to ensure governance and monitoring frameworks of partnership arrangements are fit for purpose to effectively deliver outcomes.

·         KCR4 – Changing Demographics: Inability to meet statutory deadlines due to changes in demographics

·         KCR5 – Safeguarding: A vulnerable child or adult with care and support needs is not protected from harm

·         KCR6 – Health and Wellbeing: Failure to protect the health of the local population from preventable health threats. 

·         KCR7 – Capital Programme: Failure to deliver the Capital Programme, which includes high profile projects

·         KCR8 - Local Plan: Failure to develop a Local Plan could result in York losing its power to make planning decisions and potential loss of funding

·         KCR9 – Communities: Failure to ensure we have resilient, cohesive, communities who are empowered and able to shape and deliver services.

·         KCR10 – Workforce Capacity: Reduction in workforce/ capacity may lead to a risk in service delivery.

·         KCR11 – External market conditions: Failure to deliver commissioned services due to external market conditions.

·         KCR12 – Major Incidents: Failure to respond appropriately to major incidents.

 

 

10. Risks are scored at gross and net levels. The gross score assumes controls are in place such as minimum staffing levels or minimum statutory requirements. The net score will take into account any additional measures which are in place such as training or reporting. The risk scoring matrix is included at Annex C for reference.

 

11. The following matrix categorises the KCRs according to their net risk evaluation. To highlight changes in each during the last quarter, the number of risks as at the previous monitor are shown in brackets.

 

Impact

 

 

 

 

 

Critical

 

 

 

 

 

Major

 

 

6 (6)

1 (1)

 

Moderate

 

1 (1)

3 (3)

1 (1)

 

Minor

 

 

 

 

 

Insignificant

 

 

 

 

 

Likelihood

Remote

Unlikely

Possible

Probable

Highly Probable

 

 

 

12. By their very nature, the KCRs remain reasonably static with any movement generally being in further actions that are undertaken which strengthen the control of the risk further or any change in the risk score. In summary, key points to note are as follows;  

 

·         New Risks- No new KCRs have been added since the last monitor

·         Increased Risks – No KCRs have increased their net risk score since the last monitor

·         Removed Risks – No KCRs have been removed since the last monitor

·         Reduced Risks – No KCRs have reduced their net risk score since the last monitor

 

 

Updates to KCR risks, actions and controls

 

 

13.KCR1 – Financial Pressures. The council continues to recognise the risk of the current conditions in the UK economy including the increasing inflation rate which is creating greater cost pressures for the Council.  As such a new risk and implication has been added to reflect the trend in interest rates rises that is forecast to continue until September 2023.

 

14.KCR2 – Governance. The outstanding action to review the Constitution has now been completed. A revised date has been added to the action to finalise the member development and training programme; a draft is under consultation.

 

15.KCR6 Health & Wellbeing.  The risk details and controls have been updated for this risk now that we have moved into a new phase of living with Covid 19.

 

16.KCR9 – Communities.  Revised dates have been added to the two actions (recruit to the Access Officer role and approve the Financial Inclusion Framework). Updates have been made to the risk detail in respect of the cost of living crisis.  At present the risk score overall for the KCR remains unchanged but will be reviewed again at Monitor 2.

 

17.KCR10 – Workforce/ Capacity. A revised date has been added to the ongoing action to review HR policies with an update on progress being made.  Three new actions have been added: completing a review of employee terms and conditions; implementing new creative recruitment initiatives and the completion of pay award negotiations for 2022/23. At present, the risk ratings remain unchanged and will remain under review during 2022/23.

 

18.KCR11 – External Market Conditions. A revised date has been added for the market position statement.

 

19.KCR12 – Response to Major Incidents. The action to review the business continuity plans has been completed.  A new risk detail has been added in respect of potential commercial power outages over the Winter months.

 

 

Options

 

20. Not applicable.

 

 

Council Plan 2019-2023

 

21. The effective consideration and management of risk within all of the council’s business processes helps support achieving all eight of the key outcomes identified in the Council Plan. 

 

 

Implications

 

22. There are no further implications.

 

 

Risk Management

 

23. In compliance with the council’s Risk Management Strategy, there are no risks directly associated with the recommendations of this report.  The activity resulting from this report will contribute to improving the council’s internal control environment.

 

 

 

 

 

 

Recommendations

 

24. Audit and Governance Committee are asked to:

 

(a)  consider and comment on the key corporate risks included at Annex A, summarised at Annex B; 

(b)  provide feedback on any further information that they wish to see on future committee agendas

 

Reason:

To provide assurance that the authority is effectively understanding and managing its key risks

 

 

Contact Details

Authors:

Chief Officer Responsible for the report:

 

 

Helen Malam

Principal Accountant (Corporate Finance)

 

 

Lisa Nyhan

Corporate Risk and Insurance Manager

 

Debbie Mitchell

Chief Finance Officer

 

 

 

 

Report Approved ü

 

 

 

Date 24/8/22

 

 

 

 

Specialist Implications Officer(s)  None

 

 

Wards Affected  All

 

 

 

 

 

Background Papers None

 

 

 

Annexes

 

A – Key Corporate Risk Register

B – Summary of Key Corporate Risks

C – Risk Scoring Matrix