The Interim Deputy Head of Audit introduced her report setting out details of how the risk management processes had been working across the Council together with the work plan for the coming year.  It was noted that:

·  The purpose of the report was to provide assurance to Members that effective processes were in place to appropriately manage and monitor risk and to demonstrate how the risk processes worked in practice across the Council.

·  The Council’s corporate risks were those risks which could impede the achievement of strategic aims and objectives.  Processes were in place to ensure that new risks are captured and escalated.  Six new risks had been added to the corporate risk register in January 2022.

·  Operational risk registers were in place for each service (including shared services) and were reviewed and updated routinely depending on severity.  The overall number of operational risks had increased from 150 in April 2021 to 153 in February 2022.  The highest risk related to infrastructure improvements, and it was routinely monitored by the Corporate Leadership Team (CLT).

·  All operational risks would be reviewed as part of the implementation of the JCAD risk management software and there would be a complete refresh of the operational risk registers.

In response to questions:

The Interim Deputy Head of Audit advised the Committee that:

·  Some of the implications of the current situation in Ukraine such as rising fuel and construction costs were starting to come through in specific risks that were increasing.  Routine risk updates to CLT included consideration of external threats on the horizon.  As part of the horizon scanning discussion at the next CLT update, she would ask whether there were any other risks relating to global unrest that needed to be captured.

·  She would discuss with the owner of the infrastructure risk the extent to which KCC’s proposed changes to rural bus services should be captured as part of that operational risk.

·  In terms of the removal of Brexit/EU Transition from the corporate risk register, when the register was reviewed last summer, the view was taken that the implications now featured as part of other risks.  It was not removed completely; the different elements affecting the Council were incorporated in the other risks identified.

·  The existing risk management processes were admin intensive, restricting the time available for further work to embed risk across the Council.  Current processes required the prompting of risk leads to ensure risk information remained up to date and services/senior management did not have ‘live’ access to their risk information.  The JCAD software was more versatile.  At present, spreadsheets were used, and it was very difficult to extract information from them.  The Officers would be able to run reports, tailor reports and get more information out of the software than out of spreadsheets.  The system also had the advantage that it helped to ensure consistency in the risk registers in terms of how risks are framed, making sure that all controls that apply are captured and any actions are being taken.  ...  view the full minutes text for item 89