To consider the report.
Minutes:
The Chair advised that the extra Board meeting had been organised to enable the Board to consider the Risk Register as it was unable to do so at the meeting on 27 July 2022.
The Pension Fund Manager advised that the details in the previous Risk Register had been transferred to the Powys Risk Register system and was presented to the Board in this new format for the first time. The Board agreed that the format was easier to read than the format previously used.
It was noted that the Risk Register had been split into three categories:
· Administration
· Governance and
· Investments
The Administration Risk Register was considered. The Board noted the following or made the following comments [the numbers shown are the Risk Reference numbers]:
Admin0001 – the Powys payroll system is used for the payment of pensions and internal audit and Wales Audit undertake audits on this system. These audit reports are available to the Pension Fund Manager and meetings are held regularly with the Payroll Team to discuss any issues. The Pension Fund Manager advised service level agreements are being reviewed. It was noted that there are backup systems to the payroll system and there had never been a time when the payroll backup system had to be utilised.
Admin0002 – the loss of pension and other systems would be critical. The Board noted the mitigations but considered that the inherent and residual risk should be the same as Admin0001. The Board recommended that the inherent and residual risk should be 6 and 2 respectively.
Admin0003 - the Pension Fund Manager advised that data quality testing has been undertaken on an annual basis. However, more frequent data quality testing can now take place and at least two tests will be undertaken each year and this will be reflected in the Data Improvement Plan. Data quality is currently high, with common data at 98% and scheme specific data at 92%. Due to the multiple parties involved in the provision of data, it was considered that the inherent risk should be increased. The Board recommended that the inherent risk should be 8.
Admin0004 – After discussion the Board recommended that Admin0003 and Admin0004 should be kept as separate risks, as they related to risks associated with employers and scheme members respectively. The Pension Fund Manager advised that generic newsletters were issued but further work was required to develop communication targeted at specific groups of scheme members. He agreed to send the website link to the newsletters to the Board.
Admin0005 – the Board noted that the Communications Policy was currently being reviewed. The Board agreed to consider the revised draft Communications Policy and newsletters.
Admin0006 – reference to the Funding Strategy Statement would be added to the Controls and Actions information. The Board noted that as a result of the risk sharing agreement within the Fund risks are higher. In light of this higher risk the Board recommended that the inherent and residual risk should be 6 and 4 respectively.
Admin0007 – The Pension Fund Manager advised that the risks associated with smaller employers, such as town and community councils, are pooled together. The Board recommended that reference to this should be made in the Controls and Actions information. Comment was also made that if the number of employees reduced, due to budgetary constraints on the employer, this would have an adverse impact on the fund. The Pension Fund Manager noted this and advised he would consider which section of the Risk Register in which this this should be reflected.
Admin0008 – the Pension Fund Manager advised that the Cessation of contracting out Project should be completed by the end of the year, at which point the risk would be removed from the Register.
Admin0009 – the high inherent risk was noted.
Admin0010 – the Pension Fund Manager advised that the residual risk was set at 4 as the checking exercise on the existence of overseas pensioners had not yet been completed.
The Board recommended the inherent and residual risk scores stated in the document other than those referred to above. The Pension Fund Manager advised he would review and update the detail in the Latest Risk Review column prior to the Register being considered by the Pensions and Investment Committee.
The Board considered that the “deep dive” of this section of the Risk Register was an important exercise. The Board agreed that two further short meetings should be arranged to allow it to complete a “deep dive” of the Governance and Investments sections of the Risk Register and then annual “deep dives” would be undertaken. The Board agreed that at each quarterly Board meeting it would also consider whether any new risks should be added to the Risk Register.
Supporting documents: