Agenda item

The Committee gave consideration to a report which reviewed the strategic risks facing the Council as at September 2022.

The report identified 13 strategic risks to the Council, and Members were reminded of the definition of a Strategic Risk, as detailed at Section 1.1 of the report, a risk that if materialised would adversely impact the delivery of corporate priorities.

Members had last considered the Strategic Risks in April 2022.  The Risks and associated actions were due to be reviewed again, with Risk owners, over the coming months, and were reported to the Committee on a six-monthly basis.   No additional risks had been added to the register since Members had last considered it.

Members were asked to identify any additional risks and to be assured that the current controls and proposed actions were sufficiently robust.

Debate ensued with the Chairman recollecting that Committee had previously requested consideration be given to the inclusion of a climate related strategic risk and sought indication as to whether it had.

Whilst initial consideration had been given this would be addressed in the full review of strategic risks aligned to the new 2023-27 Corporate Plan.  For a matter to be a considered a strategic risk it had to be an explicit key objective within the Corporate Plan.

Referencing partnership working, Members sought an understanding as to what extent WLDC were responsible for ensuring partners followed the same standards as the Council in respect of such matters as environmental credentials, and living wage commitments and whether partnerships / contracts could and would be terminated if similar standards were not maintained.

In responding Members were advised such matters were dealt with by Contract and Procurement Procedure Rules. Each contract would have both a price scope and quality scope, the quality scope primarily dealing with such matters.

Members were next due to consider such Procedure rules in March/April 2022, it was also noted that an Audit in respect of Contract Management was within the Audit Plan, with field work having commenced in July 2022.

Referring to the Risk “ICT Security and Information Governance arrangements are ineffective” and its current score of 12 and red RAG rating, Members sought assurance as to whether the target score of 8 was likely to be achieved by the next review.  In responding Officers concurred that an IT failure as described on the register could be one of the most harmful to Council, and it was a matter the Council took very seriously. 

A raft of new IT Security policies were due to be approved by the Corporate Policy and Resources Committee, internal audit colleagues were carrying out a range of IT controls audits over the next few months, expected to be reported to Members in January 2023, cybersecurity monies had been received from Central Government to enable the Council to invest in penetration testing, and Officers were regularly attending Cybersecurity Training and Conferences.

The risk would always remain a high “impact” but work would always be undertaken to reduce the likelihood.  The Council were fully aware of the challenges Cybersecurity threats posed and given the nature of the work could not always fully publish what measures were in place.

In response to comments around Committee oversight and the report having previously been delayed,  Members were reminded that quarterly reviews were undertaken by Management Team, the next being December, with Members seeing the register every six months, next due in April.

Assurance was sought and given that the Authority had plans in place, for matters it could directly affect, to deal with any escalation of war in the East, given its implications to fuel supplies and the economy.

Officers advised a bigger concern was the change in tone from the newly appointed Chancellor.  The previous Chancellor had made a declaration that there would be no spending cuts this had now changed to “foresee eye-watering spending cuts”.  The Authority would have to await the announcement to know for certain what its 23/24 settlement would be and what impacts that would have.

Members were also reminded that decision making had received a high assurance rating.   

In responding to concluding comments regarding climate modelling and longer-term risks, but not of a Strategic nature, Members were reminded that a position statement on the Authority’s work in respect of sustainability and climate change was being submitted to the Prosperous Communities Committee and such questions would be pertinent for that arena.

RESOLVED that, having reviewed the Strategic Risk register, noting the comments made, no additional strategic risks be included; and current controls and proposed actions are sufficiently robust.