The Council’s Risk Management
Policy, Strategy and Framework were reviewed every three years to ensure they
remain up to date and fit for purpose. The latest review was conducted between
December 2022 to January 2023.
The findings from the review had
already been considered by Leadership Group and resulted in a
number of updates to the Draft Risk Management Policy, Strategy and
Currently, the Risk Management Policy,
Strategy and Framework had been updated to reflect the findings of the review
and current trends in best practice. The main updates were listed in the report
monitoring of service risks – service risks scoring 15 or above would be
assessed quarterly by Leadership Group for escalation to the Corporate Risk
Register and vice versa.
Service risks would be
added to the Teifi Performance Management System so that they could be updated
and managed through the system.
Clarified that the
threshold for risks to be considered by Leadership Group to be escalated /
de-escalated is 15.
Leadership Group were responsible for deciding if risks should be escalated or de-escalated
Clarified the role of
Internal Audit in the Policy and Framework, which was to assess and evaluate
the effectiveness of actions in place to mitigate risk and provide objective
assurance that risks were being managed appropriately. Additionally, Internal
Audit would also provide objective assurance to Leadership Group, Governance
& Audit Committee and Council on the robustness and effectiveness of the
risk management procedures by including periodic reviews of the Corporate Risk
Register, Service Risk Register and Corporate Risk Management procedures.
Clarify that “target
risk” scores should be provided to accompany the mitigating actions for risk, i.e. what score should the risk be reduced to by delivering
the mitigating actions identified.
Following approval of the draft
Risk Management document, Leadership Group decided that a consultation exercise
limited to key stakeholders would take place to include members of the
Governance and Audit Committee (GAC) and Zurich Insurance. Following the
consultation, the final documents would be taken through the democratic process
for final approval.
A consultation letter was sent to
all members of the Governance and Audit Committee on the 30th of June, inviting
written comments by the 25th August. A detailed and useful response has been
received from the Deputy Chair of GAC and was currently being considered.
Zurich`s response had also been received and they offer no changes to the
Following consideration of
response/s, the risk management documents would be amended to include any
required changes. The updated risk management documents would be shared with
GAC at its next meeting and would then be taken through the Democratic process
for approval. Any further feedback from GAC on the risk Management Policy,
Strategy and Framework at that stage would be included in subsequent reports
Following discussion, Leadership
Group do not consider that a workshop for GAC on this topic was necessary, as
all members of GAC have had the opportunity to engage with the consultation
over the summer.
It was AGREED:-
note the draft Risk Management Policy, Strategy and Framework;
(ii) note current progress and the next steps; and
inform Leadership Group that if Members of the GAC had requested a workshop to
be arranged for a specific issue or if they wished to attend a budget workshop
for example, then this should be permitted