Issue - meetings
Meeting: 15/10/2019 - Governance and Audit Committee (Item 28)
Additional documents:
- Appendix A Risk Management Strategy 2019-2023, item 28
PDF 2 MB
- Appendix B Strategic Risks (October 2019), item 28
PDF 406 KB
- Webcast for West Lindsey District Council Risk Strategy 2019-2023 and Six-Monthly Review of Strategic Risks
Minutes:
The Committee gave consideration to a report from the Corporate Policy Manager which covered both the Risk Strategy 2019-2023 and the six monthly review of strategic risks. He explained that, based on the new Corporate Plan, there had been slight amendments to the risk strategy. He reminded Members that the risk strategy was ultimately how much risk the Council was prepared to take in any given scenario. He highlighted that the risk appetite for the Council had been assessed as ‘creative and aware’, willing to consider all potential delivery options, and that ethos underpinned the whole strategy.
The Committee heard of one amendment regarding the consideration of both inherent risk (an estimation of the worst case scenario if the risk were to occur) and target risk (the reality if the risk were to occur once all mitigations were in place). The re-confirmed scoring matrix, a 4x4 matrix of likelihood and impact, was also highlighted within the report. The Corporate Policy Manager explained that work had been undertaken in recent years to ensure that risk awareness was inherent in day to day activity and the Council had been praised for this approach by Internal Audit. It was important for this to be maintained.
There was discussion regarding the accessibility of the risk strategy and the clear thread through the organisation that ensured everyone was aware of their risk responsibility. It was agreed that the document explained the information in a clear and concise format and was easy to navigate around.
Following a question from a Member of Committee regarding cases of data loss across the Council, the Corporate Policy Manager introduced the second part of the report regarding the six monthly review of strategic risks. He explained that the assessment template detailed what the triggers might be, the potential impact, the current controls in place and any other areas of consideration. Using the example of information security, the likelihood of it happening was high, despite the measures in place and the structures needed to be as robust as possible. The fact that there had not been significant losses was likely to be the strength of the systems but there always needed to be structured discussion around the likelihood, the impact and how to reduce both.
There was discussion regarding the risks included in the report and whether there were any marginal risks not covered. Members heard that all risk areas were based around the delivery of the Corporate Plan and that if any service risks impacted on strategic delivery, they would be referenced in the report. Members engaged in discussion around the risks that sat outside of the control of the District Council and it was confirmed that there was a role for the Council to play, for example in education. The Corporate policy Manager explained several initiatives that were running across the Council with the aim of making small improvements where possible. He gave the example of work experience placements for students and a mentoring scheme that had been running ... view the full minutes text for item 28