Issue - meetings

The Committee gave consideration to a report which reviewed the strategic risks facing the Council as at September 2022.

The report identified 13 strategic risks to the Council, and Members were reminded of the definition of a Strategic Risk, as detailed at Section 1.1 of the report, a risk that if materialised would adversely impact the delivery of corporate priorities.

Members had last considered the Strategic Risks in April 2022.  The Risks and associated actions were due to be reviewed again, with Risk owners, over the coming months, and were reported to the Committee on a six-monthly basis.   No additional risks had been added to the register since Members had last considered it.

Members were asked to identify any additional risks and to be assured that the current controls and proposed actions were sufficiently robust.

Debate ensued with the Chairman recollecting that Committee had previously requested consideration be given to the inclusion of a climate related strategic risk and sought indication as to whether it had.

Whilst initial consideration had been given this would be addressed in the full review of strategic risks aligned to the new 2023-27 Corporate Plan.  For a matter to be a considered a strategic risk it had to be an explicit key objective within the Corporate Plan.

Referencing partnership working, Members sought an understanding as to what extent WLDC were responsible for ensuring partners followed the same standards as the Council in respect of such matters as environmental credentials, and living wage commitments and whether partnerships / contracts could and would be terminated if similar standards were not maintained.

In responding Members were advised such matters were dealt with by Contract and Procurement Procedure Rules. Each contract would have both a price scope and quality scope, the quality scope primarily dealing with such matters.

Members were next due to consider such Procedure rules in March/April 2022, it was also noted that an Audit in respect of Contract Management was within the Audit Plan, with field work having commenced in July 2022.

Referring to the Risk “ICT Security and Information Governance arrangements are ineffective” and its current score of 12 and red RAG rating, Members sought assurance as to whether the target score of 8 was likely to be achieved by the next review.  In responding Officers concurred that an IT failure as described on the register could be one of the most harmful to Council, and it was a matter the Council took very seriously. 

A raft of new IT Security policies were due to be approved by the Corporate Policy and Resources Committee, internal audit colleagues were carrying out a range of IT controls audits over the next few months, expected to be reported to Members in January 2023, cybersecurity monies had been received from Central Government to enable the Council to invest in penetration testing, and Officers were regularly attending Cybersecurity Training and Conferences.

The risk would always remain a high “impact” but work would always be undertaken to reduce  ...  view the full minutes text for item 26