The report of the Strategy and Scrutiny Manager is to follow.

Contact: Tom Dodds (01743) 258518

The Committee received the report of the Strategy and Scrutiny Manager which provided an overview of the Council’s current strategic risks, their associated ratings, and recent changes. It was noted that all strategic risks continued to score highly, reflecting ongoing financial and governance challenges. Two risks had been archived following a Leadership Board review in December. The report was intended to act as a gateway for the committee to identify specific risks requiring deeper examination, with the option to invite responsible officers to future meetings.

During discussion, a member commented that the report had been received only three days prior to the meeting and that it showed little change from the previous version. Concern was also expressed that the risk owner listed for several items had already left the organisation, which was considered unsatisfactory.

Another member raised the issue of linking individual report?level risks to strategic risks and suggested implementing a clearer roll?up measure or numbering system to improve traceability. A further concern was raised regarding the presence of defined mitigations without clear evidence of reduced exposure, and clarification was sought on which mitigations were currently demonstrating impact.

In response, the presenting officer explained that each strategic risk included a detailed breakdown of controls and mitigations, with executive directors designated as risk owners. Scoring was based on the current position and, although controls were in place, the Council’s risk appetite meant that scores remained high. Cyber risk was provided as an example where strong controls were in place, but the potential impact remained significant, preventing the score from reducing.

The Chair queried the scoring methodology, noting that likelihood scores remained at the highest level even after mitigations. The Chair also highlighted two risks for potential deeper review: failure to adhere to governance arrangements, and health and wellbeing of the workforce, questioning the rationale for their respective scoring.

Clarification was requested on whether risks were scored after mitigations and whether a reassessment took place post?treatment. The Strategy and Scrutiny Manager confirmed that scoring reflected the current position and that both existing and additional controls were documented. While the aim was to achieve reductions after mitigations, strategic risks tended to remain high due to the Council’s risk appetite.

A member suggested that future reporting should include both raw and mitigated scores to help the committee evaluate the effectiveness of controls. A further query was made regarding whether risk appetite was defined in relation to acceptable levels and whether there was any review of spending on risk reduction. The Strategy and Scrutiny Manager reiterated that while impact was considered, no fiscal value was assigned to risk appetite.

Reference was made to previous training which confirmed that the Council did not use simple multiplication within its scoring model but instead used a weighted methodology to better reflect high?impact, low?likelihood risks.

A councillor questioned the prevalence of high (red) scores and asked whether the register risked becoming a repository for general concerns, rather than a tool supporting decision?making. Links between risk and decision?making—particularly in areas such as cyber security and budget management—were queried. It was noted that the annual governance statement should provide narrative context for risks, including those outside the Council’s control. It was also suggested that the risk register should help drive transformation priorities, and it was agreed to review the concerns raised.

A further question was asked about whether the Council used an internationally recognised risk management framework or a local best?practice model. The Strategy and Scrutiny Manager confirmed that the Council’s approach aligned with national and international standards and was supported through engagement with relevant local authority networks.

The Chair suggested awaiting the outcome of the ongoing review of risk management, which would be reported to the committee in June. It was proposed that instead of accepting the report as presented, the committee should note the ongoing review and revisit the matter at that time. Further requests were made for future reports to include clearer narrative to distinguish the relative significance of risks and to show movement in risk scores over time, including both raw and mitigated ratings.

RESOLVED:

To note the concerns raised regarding the current approach to risk management and reporting.

To note that Officers were undertaking a review of risk management, including the presentation of risks to the Committee.

To revisit the issue at its June meeting to assess progress and the embedding of revised arrangements.