Issue - meetings
Corporate Risk Register
Meeting: 30/11/2023 - Audit and Governance Committee (Item 240)
240 Corporate Risk Register PDF 79 KB
Purpose
The report brings to members the current version of the Strategic Risk Register for information and assurance that risks to the Council are being managed and appropriate actions are being taken to mitigate risk.
Recommendation
That the Audit and Governance Committee resolves to:
1. Note the Strategic Risk Register.
Invited
Cheryl Sloan, Business Manager for Business Continuity, Governance and Risk
Additional documents:
- Annex A - Risk Register - CDC - by category (Nov 23), item 240 PDF 261 KB
- Webcast for Corporate Risk Register
Minutes:
The Chair introduced the item, stating that looking at the risk register was a constitutional function of the Committee.
The purpose of the report was to bring to members the current version of the Strategic Risk Register for information and assurance that risks to the Council were being managed and appropriate actions were being taken to mitigate risk.
Members noted an error in the paper's heading, which referred to Cotswold District Council's corporate governance code. The officer acknowledged this and explained it was a copy-paste of a previous report.
The Chair invited the Business Manager for Business Continuity, Governance and Risk to introduce the report. The Business Manager highlighted the changes since the previous report;
- The Business Manager presented the revised Strategic Risk Register for Cotswold District Council, emphasising its alignment with high-level risks from various registers, including those of Publica.
- Two risks were highlighted as having increased, relating to the shareholder review of Publica and partnership deliverables. These were attributed to recent decisions to transition services back to the Council.
- The Business Manager stated that the risk register had been reformatted for clarity in regard risk definition, mitigation and scoring and invited the Committee to provide feedback.
- The Business Manager also addressed some errors in the report, specifically, Health and Safety, Legal Compliance, and Procurement, which should have been marked as green.
Members discussed the report, raising the following points;
- The transitioning of services from Publica to in-house provision was discussed, and members asked about the risks associated with this, such as potential disagreements with partner councils and impact on staff resources. Officers stated that this would be reported through the work undertaken on the transition project.
- Members welcomed the format of the report.
- The Deputy Leader and Cabinet member for Finance, as an observer, welcomed the risk register as reflecting best practice. The Deputy Leader suggested that this be brought to a future Cabinet meeting.
- Members of the Committee asked if the Council had a way of measuring staff engagement. The Director of Governance mentioned ongoing staff surveys to measure employee engagement.
- Members discussed cybersecurity, due to the risk of incidents, and recent cybersecurity attack on Gloucester City Council, and asked if there was a cybersecurity standard that the Council could pursue. The Deputy Chief Executive stated that there was a Public Services Network standard that was being rolled out, and also stated that Gloucester City Council had shared its findings in an executive report, which members were encouraged to read. The Chair of the Committee stated that there was a role for the Committee in receiving future updates on Cyber Security.
RESOLVED: to NOTE the Strategic Risk Register.