This report provides the latest update on the Strategic Risk Register 2023/24.

The Committee considered a report outlining the updates to the Strategic Risk Register (SRR), in line with the requirements of the Council’s Risk Management Strategy. A copy of the SRR was attached to the report at Appendix 1.  The Risk Register covered the actions completed by the Council for January to March 2024 and the future risk ratings.  The SRR had been reviewed by CMT on 19 March 2024 and no risks had been removed or de-escalated to the relevant Directorate Risk Register.  There had also been no new risks added to the SRR.  However, CMT had asked for consideration of developing a Health & Safety risk, which would be reported to the next meeting of the Committee, if deemed necessary.  The Committee was also asked to note the five red risk cards, which had not changed from the previous quarter:

·        Cyber - Risk of loss from cyber attack

·        BFfC - Lack of local special educational needs and disabilities (SEND) placement provision to meet current and future levels of demand.

·        Failure to safeguard vulnerable adults and children.

·        Failure to deliver zero carbon commitments.

·        Unable to deliver a balanced budget because of cost-of-living increases, demand pressures and achieving income targets.

The Committee was advised that quantitative data was now being recorded within the ‘Background Context’ box and would allow the Council and Risk Owners to understand the impact of the control measures implemented.?? Additionally, the risk information layout had been updated to clearly separate ‘existing controls in place’ and ongoing ‘specific action’.  Each action recorded the target date, status, where the action was being monitored and frequency it would be monitored.

For this latest report, all risk owners had identified the ‘risk status’ for each risk card. This required the risk owners to determine how they planned to continue to manage the risk using the following options:

·         Treat the risk – Agree to continue to implement further controls to change the nature of the risk 

·         Tolerate the risk – Agree to accept the risk at its current risk level. This would mean that no further risk mitigations would be implemented but the risk would continue to be monitored 

·         Escalate the risk – Move the risk to the Strategic Risk Register/ Directorate Risk Register accordingly 

·         De-escalate the risk – Move the risk to the Directorate / Service Plan Register 

·         Transfer the risk – Agree to transfer the risk, for example to a contractor or by purchasing specialist insurance to cover the risk 

·         Terminate the risk – Deciding not to take any further action and stopping the activity.  

This activity was part of the introduction of the concept of Risk Appetite, a concept that would be progressed during 2024 – 2025 across the Council.

Resolved:       That the Council’s Strategic Risk Register, as of April 2024, as set out in Appendix 1 to the report, be noted.