Issue - meetings

This report introduces the Council’s new Risk Management Policy.

The purpose of the review of the existing policy was to refresh and strengthen the council’s framework for the identification, measurement, management, monitoring and reporting on risk.

Whilst the policy principles have not been subject to significant change, in order to reflect the aspiration to continue to develop the risk management discipline, the new policy includes the plan to implement Enterprise Risk Management.

The new policy sets out how risks will be reported including future reporting to this Committee.

The new policy is included at Appendix 1.

The Risk and Insurance Manager presented a report, a copy of which had been circulated to each Member and a copy of which appears as Appendix 'D' to these Minutes in the Minute Book.

This report introduced the Council’s new Risk Management Policy, included at Appendix 1. The existing policy had been reviewed to refresh and strengthen the Council’s framework for the identification, measurement, management, monitoring and reporting on risk. Whilst the policy principles had not been subject to significant change, the new policy included the plan to implement Enterprise Risk Management to reflect the aspiration to continue to develop the risk management discipline. The new policy set out how risks would be reported including future reporting to the Committee. It was noted that work would be ongoing to refine the policy over the next twelve months, including the alignment of underlying risks, consideration of approach to risk appetite and further development of the risk app. The Risk and Insurance Manager suggested that Members may wish to use a non core meeting to consider in more detail the implementation of the policy, the risk framework and reporting arrangements to the committee.

Members thanked the Risk and Insurance Manager for the excellent work in developing a new approach. Comments included:

• That addressing risk appetite may require input from departments as it would vary across the Council.
• It may be helpful to reflect examples in the Orange book to assist users in rating risks correctly and in reviewing the list of enterprise risks, e.g. to include information security.
• The risk identification list did not necessarily match the enterprise risks
• It may be helpful to provide a more specific definition of ‘harm’

The Risk and Insurance Manager confirmed that a risk appetite exercise was being done and that risk categories would allow more refinement to analyse specific risks. It was noted that the policy would be refined over the next 12 months and further guidance and clarity provided. Members agreed that it would be helpful for them to discuss the committee’s reporting arrangements under the new policy and understand how issues which crossed over multiple risks were managed.

The Chair agreed to raise awareness of the new policy at the Overview and Scrutiny Chair’s meeting.

RESOLVED that Members of the Audit and Governance Committee:

1.    Note and support the new policy as included as Appendix 1 - BCP Risk Management Policy as part of the continuing development of risk management at the council.

2.    Support the proposed approach to adjust and refine the policy over the next 12 months with regular updates to this Committee on changes and further developments.

3.    Note the reporting of risk to the Committee proposed in paragraphs 15 and 16.

Voting: Agreed with no dissent