Agenda item

Draft Corporate Risk Management Policy, Strategy and Framework


The Council’s Risk Management Policy, Strategy and Framework were reviewed every three years to ensure they remain up to date and fit for purpose. The latest review was conducted between December 2022 to January 2023.


The findings from the review had already been considered by Leadership Group and resulted in a number of updates to the Draft Risk Management Policy, Strategy and Framework. 


Currently, the Risk Management Policy, Strategy and Framework had been updated to reflect the findings of the review and current trends in best practice. The main updates were listed in the report as follows:-


                Strengthening the monitoring of service risks – service risks scoring 15 or above would be assessed quarterly by Leadership Group for escalation to the Corporate Risk Register and vice versa.


                Service risks would be added to the Teifi Performance Management System so that they could be updated and managed through the system.


                Clarified that the threshold for risks to be considered by Leadership Group to be escalated / de-escalated is 15.


                Clarified that Leadership Group were responsible for deciding if risks should be escalated or de-escalated


                Clarified the role of Internal Audit in the Policy and Framework, which was to assess and evaluate the effectiveness of actions in place to mitigate risk and provide objective assurance that risks were being managed appropriately. Additionally, Internal Audit would also provide objective assurance to Leadership Group, Governance & Audit Committee and Council on the robustness and effectiveness of the risk management procedures by including periodic reviews of the Corporate Risk Register, Service Risk Register and Corporate Risk Management procedures.


                Clarify that “target risk” scores should be provided to accompany the mitigating actions for risk, i.e. what score should the risk be reduced to by delivering the mitigating actions identified.


Following approval of the draft Risk Management document, Leadership Group decided that a consultation exercise limited to key stakeholders would take place to include members of the Governance and Audit Committee (GAC) and Zurich Insurance. Following the consultation, the final documents would be taken through the democratic process for final approval.


A consultation letter was sent to all members of the Governance and Audit Committee on the 30th of June, inviting written comments by the 25th August.  A detailed and useful response has been received from the Deputy Chair of GAC and was currently being considered. Zurich`s response had also been received and they offer no changes to the draft.


Following consideration of response/s, the risk management documents would be amended to include any required changes. The updated risk management documents would be shared with GAC at its next meeting and would then be taken through the Democratic process for approval. Any further feedback from GAC on the risk Management Policy, Strategy and Framework at that stage would be included in subsequent reports


Following discussion, Leadership Group do not consider that a workshop for GAC on this topic was necessary, as all members of GAC have had the opportunity to engage with the consultation over the summer.


It was AGREED:-


(i) to note the draft Risk Management Policy, Strategy and Framework;

(ii) note current progress and the next steps; and

(iii) to inform Leadership Group that if Members of the GAC had requested a workshop to be arranged for a specific issue or if they wished to attend a budget workshop for example, then this should be permitted


Supporting documents: