The report of the Risk and Business Continuity Manager is attached.

Contact: Jane Cooper (01743) 252851

The Committee received the report of the Risk and Business Continuity Manager

-  copy attached to the signed Minutes – which sets out the current strategic risk exposure following the June 2023 bi-annual review.

The Risk and Business Continuity Manager introduced and amplified her report.  She informed the Committee that there were currently eight strategic risks (as detailed in the report), five of which were high risk, two were medium and the final one was yet to be scored as it was still in development.  Two of the risks were subject to further analysis and review and were regarding the balanced budget and the extreme pressures on partners within the system impacting on Shropshire Council.  She drew attention to those risks that had been archived (set out at paragraph 7.6 of the report) and confirmed that they had also been considered as part of the operational risk review that had just been finalised.

A query was raised as to whether the risks identified were generic to every local authority or whether they were specific to Shropshire Council.  In response, the Risk and Business Continuity Manager confirmed that they were specific to Shropshire Council although the themes would be very similar to other Local Authorities.

Members felt there would have been more examples in the report of risk areas and that it would have covered more aspects, for example, a possible change in political leadership which was felt to be a risk to the authority.  Another example was if savings were not attained whether this was incorporated in the balanced budget or not, as was mentioned in the External Audit report.  There was also no mention of the Northwest Relief Road (NWRR).

The Executive Director of Resources (Section 151 Officer) gave an overview.  The point being made was valid up to a point.  The risk of change in political leadership was not in itself a risk.  The question was however what that would lead to if, for example, it led to a lack of decision making then that could lead to a risk that the authority could not progress, but the actual change in political leadership in itself was not a risk.  Other elements to consider were things like political uncertainty created through a general election as well as a local election, or things like a high turnover of members at a local election, for example, or a change in which particular parties worked together which could then lead to a risk around lack of decision making which would stifle the progress currently being made by the organisation.  That was a risk that they were aware of, but the question was whether the risk fell below the risk appetite of the Council.  The risks listed in the report were those that had fallen above the risk appetite.

Although there were risks around large scale projects, they sat within the project risks.  So projects like the NWRR were listed in the project risk register and were considered but the question was whether those project risks became a strategic risk.  Those risks that had been archived had fallen below the risk appetite.  This did not mean that they had gone away but as they could not list all of them, they only listed those that were above the risk appetite.  However, if the Committee felt that any of the archived risks should be reconsidered, they could be brought back for further discussion.

The Risk and Business Continuity Manager explained that as part of the strategic risk exposure they looked at risks that had the possibility of impacting all elements of how the Council operated.  So part of reviewing the risk exposure was to consider any emerging risks that could impact across all the Council’s operations.  She confirmed that large scale projects such as the NWRR did have the possibility to have a very widespread impact but not on every area.  These were however managed and monitored very closely and robustly to ensure they did not affect the strategic risk exposure.

A brief discussion ensued in relation to other risks not on the strategic risk register and a query was raised as to whether other local authorities included the change of political leadership as a strategic risk.  Members were reassured that the project risks were being monitored and it was felt that this should be more widely known.  It was felt that the NWRR ought to have been on the strategic risk register as the gap funding had not been identified until the previous month.  It was also felt that the risk of large-scale contracts had been missed off the strategic risk register however they have been assured that the transformation team would be looking at these to check for value for money etc.

The Executive Director of Resources (Section 151 Officer) responded and took the point that the recent by-elections had raised the profile of the risk of a possible change in political leadership and it would therefore be looked at as part of the next assessment.  In relation to the project risks, it was confirmed that these were discussed at Audit Committee, but he accepted that some Members would not be aware of that.  Turning to the NWRR, the risks around this had been discussed and it had been agreed that once planning permission had been granted a full financial assessment would be undertaken and at that point would be considered in relation to the strategic risks.

In terms of large-scale contracts, the Executive Director of Resources (Section 151 Officer) provided assurance that the Commissioning Assurance Board, which was an officer board which sat at Executive and Chief Executive level, considered the top 200 contracts on a quarterly basis and although reported to Audit Committee was not made publicly available.  As part of the annual audit process the internal audit team would identify contract audits as part of the regular work undertaken by the team so there were always a number of audits around those significant contracts, including those larger in value as part of a broader cross section to allow the Chief Audit Executive to provide assurance at the end of the year that there was a reasonable control environment across the organisation which included the management of contracts.

The Risk and Business Continuity Manager took Members through the Annual Report of the Risk Management team for 2022/23 and highlighted the salient points.  She reported a positive Direction of Travel.  She informed the meeting that two new training modules, for risk and business continuity, had been added to Leap into Learning and which were due to go live shortly and would enable all officers and members to get an understanding of how both disciplines operated across the Council.

In response to a query, the Risk and Business Continuity Manager reported that there were 128 operational risk registers which were reviewed bi-annually to ensure that any emerging themes or risks associated with operational risks were fed up to the strategic risk leads as part of the strategic risk review.  There were also registers in place for all key projects which were also reviewed on a regular basis.

Councillors Evans and Buckley wished it to be noted that they had requested that a possible change in political leadership should have been included as a strategic risk as they felt other authorities would do so and that the Council was two by-elections away from a change in control.

Councillor Evans voted against the recommendation contained in the report.

          RESOLVED:

          To accept the position as set out in the report, subject to the above.