Content

Rachel Ashley-Caunt, Chief
Internal Auditor attended the meeting and presented the Risk
Management Policy and Strategy for the Committee’s review.
The Risk Management Policy and Strategy set out how the Council
would manage risk - both in business as usual and in
transformational activity. It also explained how risk was managed
at each level of the organisation and how a hierarchy of risk
registers (from the strategy risk register down to directorate and
project risk registers) was used to communicate and escalate
risks.
 
It was noted that since the
original Risk Management Strategy was produced and approved in July
2021, the Council had sought to further develop its risk management
framework and embed risk management within the
organisation.  The draft Risk Management
Policy and Strategy was intended to reflect the informed and
developed risk management approach, with an emphasis on sources of
assurance and developing further to align with recommended
practice.
 
It was noted that following the
progress made in this area, a new Risk Management Policy and
Strategy had been drafted to reflect the updated approach and to
seek to continue this development of the risk management framework
and culture. 
 
Areas where the document
provides further clarity include:
 
•                 
Details on how risks should be identified and
recorded, at each level of the organisation;
•                 
Support on the application of the risk scoring
methodology and tolerances;
•                 
Guidance on the importance of the ‘sources of
assurance’ section of the risk register and how this should
be used to inform high risk areas for internal audit
coverage;
•                 
An outline of the roles and responsibilities of key
officers, including in the escalation process between the different
layers of risk register;
•                 
How the Council will seek to develop and embed risk
management further, including the roll out of officer and Member
training;
•                 
Reference to the development of fraud risk
registers, the process for which will be detailed further in the
Counter Fraud Strategy; and
•                 
Linking the approach to the Council’s
values.
 
 
Following debate it
was:
 
RESOLVED           
That the Risk Management and Strategy be approved for
adoption.