The report of the Service Director for Strategy is attached.

Contact: Billy Webster (billy.webster@shropshire.gov.uk)

The Committee received the report of the Service Director for Strategy which set out the current strategic risk exposure following the June 2025 bi-annual review and subsequent discussions / amendments.

The Service Director for Strategy explained that strategic risks were reviewed biannually with risk owners and by the leadership board on a cyclical basis.  He drew attention to the table at paragraph 7.5 of the report which set out the risk scores over the last two years and included the direction of travel, from which it could be seen that there had been no change over the last two review cycles.  He explained that the current report reflected the position in June prior to the corporate peer challenge and financial emergency declaration.  The next review with senior officers was scheduled for the autumn when consideration would be given as to whether the strategic risks remained appropriate.

Members noted that no risks had improved over the last two years and questioned the effectiveness of mitigation actions.  In response to queries, the Executive Director (Section 151 Officer) stressed that the scores were from an assessment of the risk, the likelihood of a risk happening and the impact, not what was actually happening in reality.  It was acknowledged that certain risks, such as cyberattack, were likely to remain at the highest level due to their nature. 

He assured the Committee that Senior Officers constantly looked at and reviewed risks; they considered whether the risks were the right risks, whether they were reflective of where the council was at that point in time and where they wanted to get the risks to by the end of the year or within the next six months/two years, for example. 

A brief discussion ensued in terms of the Council’s risk appetite and the apparent mismatch between the Council’s stated low risk appetite and the high level of residual risk.  In response, the Executive Director (Section 151 Officer) explained that if the risk fell below the risk appetite, the Council was willing to accept those risks, and he gave an example. Many of the strategic risks ultimately related to the financial position of the authority as the Council was not in a position to put the resources and the capacity in the right places in the authority to start to mitigate some of the risks.  However, he assured the Committee that although it would not happen overnight, senior officers were taking the risks seriously and were trying to tackle them.

It was suggested that more detailed reporting be provided to the Committee on the actions and mitigations being taken, for it to better understand how risks were being managed.  Members also recommended that the scoring of risks related to statutory obligations and the failure to adhere to governance arrangements were reviewed.  Finally, the Committee wished to seek assurance that all those involved in managing risk within the organisation were making decisions based on controlling and reducing those risks.

RESOLVED:

To note the contents of the report;

That more detailed reporting be provided to the Committee on the actions and mitigations being taken, for it to better understand how risks were being managed; 

That the scoring of risks related to statutory obligations and the failure to adhere to governance arrangements be reviewed; and

That the Audit & Governance Committee, whilst recognising the situation, urged all those involved in managing risk within the organisation to make decisions based on controlling and reducing those risks.