Agenda item

[To update the Committee on the key risks the Council faces and how it can gain assurance that these risks are being mitigated]

Peter Farrow, Head of Audit presented the report on the key risks the Council faced and how the Committee could gain assurance that the risks were being mitigated.  In doing so he informed the Committee that the Regeneration Manager was unable to attend the meeting to discuss in detail key risk 9 - City Centre Regeneration.  The item would therefore be included on the agenda for the next meeting on 12 March 2018.

With reference to risk 29 – Fire Safety – Public Buildings, John Humphries, Independent Member, reported that the Local Authority now had responsibility to ensure that private landlords carrying out works to their properties.  He asked whether this was incorporated in risk 29.  The Head of Audit undertook to speak to the risk owner to confirm whether it incorporated the responsibility placed on local authorities.

Councillor Philip Bateman MBE informed the Committee of a Scrutiny Review into Fire Safety which had taken place over two and a half days.  The report and recommendations from the scrutiny review were being drafted.  He suggested that the Committee wait for the scrutiny report to be finalised and released before inviting the risk owner to attend a future meeting to discuss risk 29 in more detail.

Mike Ager, Independent Member stated that he understood the logic behind the decision to combine risk 1 – Looked After Children (LAC) and risk 21 – Transforming Adult Social Care Programme with risk 4 – Medium Term Financial Strategy but was concerned that the two high profile areas of LAC and Transforming Adult Social Care might be lost.  The Head of Audit reported that his team would make sure the profile of the two risks are not diminished.

Mike Ager, Independent Member also noted from the assurance map that some of the external/ independent assurance and types of assurance dated back to 2014.  He asked that the map be reviewed to make it more current.  The Head of Audit undertook to consider whether any of the contents of the assurance map had become aged or redundant and to update it where appropriate.

Councillor Philip Bateman MBE reported that if the comment in the assurance map on risk 26 – Community Cohesion was correct it was something that should be applauded and highlighted. The Committee agreed that the risk owner be invited to the next meeting to discuss the risk in more detail.

The Chair asked whether additional work was required by the Council for the implementation of the General Data Protection Regulation (GDPR) that would come into force during May 2018. The Head of Audit reported that the Council had an Information Governance Board which had been tasked with getting the Council ready for the new Regulation. A member of his Audit team served on the Board which would give the Committee some assurance from an audit perspective.

Resolved:              

1.    That the Strategic Risk Register as at Appendix 1 to the report be noted.

2.    That it be noted that following discussions with the risk owners, risk 1 – Looked After Children and risk 21 – Transforming Adult Social Care Programme have been reviewed and combined with risk 4 – Medium Term Financial Strategy.  As a result, the risk description for risk 4 had been amended accordingly.

3.    That the increase in the risk score for risk 3 – Information Governance due to issues around the implementation of the General Date Protection Regulations which are due to come into effect on the 25 May 2018 be noted.

4.    That the reduction in the assessment of the following risks be noted:

·       Risk 23 – Cyber Security as there have been no significant cyber instances since the Wanna Cry RansomeWare cyber-attack in May.

·       Risk 26 – Community Cohesion.  As the target score for this risk had been achieved the risk had now been archived and transferred to the relevant directorate risk register.

·       Risk 27 – Safety concerns around the City’s tower blocks as the insurance issue referred to at the last Committee meeting had now been resolved.

5.    That the change in the target date for the following risks be noted:

·       Risk 24 – Maximising benefits from the West Midlands Combined Authority in accordance with the timetable for completion of the communication framework.

·       Risk 25 – Payment card industry data security standard, in accordance with the Digital Transformation Programme’s timetable for procurement.

6.    That the identification of the following two new risks be noted:

·       Risk 28 – Health and Safety due to an increase in health and safety related prosecutions.

·       Risk 29 – Fire Safety – Public Buildings as a result of the increased level of scrutiny in this area following the Grenfell Tower Fire. 

7.    That the main sources of assurance available to the Council against its strategic risks at Appendix 2 to the report be noted.

8.    That risk 9 – City Regeneration and risk 26 – Community Cohesion be considered at the next meeting and the risk owners be invited to attend.