To consider the report of the Business Continuity and Risk Management Officer.
Minutes:
Documents:
· Update report of the Business Continuity and Risk Management Officer
· Policy, Strategy and Methodology
· Heat Map
· Risk Register
Issues:
· Scoring mechanism
· Budget savings
· Draft Strategy
· Grouping of risks in higher categories
Responses:
· The Committee requested details of regarding the scoring of risk and the consultation process. In consultation with officers, and the use of a matrix, a simple formula is used to multiply probability by impact to achieve a numeric, inherent risk score. Officers have been issued with guidance to ensure consistency across the Authority. Probability is based on whether an event would occur within the year, in one to five years or whether it was unlikely to occur. The impact considers financial risk, ability to achieve and corporate objectives. Members asked whether there was an independent assessment of the scoring – this is undertaken by Management Team. Services continue to manage risk through their own management teams.
· One of the Business Continuity Champions had been invited to attend the meeting and comment on procedures from a service perspective. The Communications Manager informed Members that the process had been easy to follow and assess. A Business Continuity Champions Group meets regularly enabling networking and challenge across the Authority. The Communications Manager is also a member of the Dyfed Powys Local Resilience Forum which ties in with his work as Business Continuity Champion
· It was suggested that a peer review, either by the Public Service Board or another authority, could be undertaken to ensure greater challenge and this suggestion was welcomed by officers. Further consideration would be given as to whether this would be an effective method to further strengthen the service.
· The revised Strategy supports the process. A draft is due to be submitted to Cabinet for approval in January 2016. Cabinet review the Risk Register on a quarterly basis with the Leader and Business Continuity and Risk Management Officer meeting monthly. Management Team review the Register on a quarterly basis and each risk identified on the Corporate Risk Register is ‘owned’ by a member of Senior Management.
· Members sought assurance that the budget proposals and associated Strategic Impact Assessments would be included within the Register where appropriate. The Impact Assessments were currently being analysed and would be presented to Cabinet in December.
· Concern was expressed at the number of risks in the High/High category with none in the Low/Low or Low/Medium categories. It was considered that the spread of risks should be across all categories and not concentrated in the High sector. Originally there were 85 corporate risks. The Authority is improving in identifying and categorizing risks. The level of challenge is also improving and risks may move between categories. However, it was inevitable that some risks would remain High.
· The Portfolio Holder, Finance, informed the Committee that the failure to meet constraints was a budget risk. A recent announcement regarding cuts to local government funding of 30% over four years in England would have to be monitored to assess how this would affect funding to Wales. Cabinet will have to address savings in high risk areas in order to achieve the required level of savings.
· The Heat map would be aligned with the budget going forward
· The Finance Scrutiny Panel with its overarching, independent review of proposals will have to consider the associated risks
· The progress in developing the risk register was noted. This area of work had not been a priority following the departure of the previous officer and the post having been left vacant. Managers were now on board with the new processes. Other authorities were taking an interest in the development of the processes and had requested advice from the Business Continuity and Risk Manager.
Outcome:
· The draft Policy, Strategy and Methodology be approved for submission to Cabinet
Supporting documents: