|
Title |
Corporate Risk Register (Corporate Risk Management) |
|
Purpose of the report |
To note |
|
Report Author |
Lee O’Neil, Deputy Chief Executive |
|
Ward(s) Affected |
All Wards |
|
Exempt |
No |
|
Exemption Reason |
N/A |
|
Corporate Priority |
Community Addressing Housing Need Resilience Environment Services |
|
Recommendations
|
Committee is asked to: Consider the significant strategic risks and issues highlighted in this report and present these to the Corporate Policy and Resources Committee, ensuring continued wider reporting of the Corporate Risk Register and actions across other Committees. |
|
Reason for Recommendation |
The Corporate Risk Register must continue to ensure that the Council’s most significant risks in relation to achievement of corporate priorities and objectives are identified, managed, monitored, and reported. Continued visibility and ownership of the risks and issues raised in this report is recommended across the Council due to the significant and wide-reaching implications. This will support improved coordination in implementing risk management strategies. |
1. Summary of the report
|
What is the situation |
Why we want to do something |
|
The Corporate Risk Register continues to ensure that the Council’s most significant strategic level risks in relation to achievement of corporate priorities and objectives are regularly identified, managed, monitored, and reported. The current reporting frequency coincides with the Audit Committee cycle and work programme |
Exposure to wider externalities and other unprecedented pressures continue to present challenges to the Council and to the delivery of its corporate priorities. The approaches being taken to proactively manage identified risks and mitigate their impact are referred to in this report and related appendices. |
|
This is what we want to do about it |
These are the next steps |
|
The Corporate Risk Register and related processes provide a mechanism for regularly reviewing risks to ensure any threats to the Council and its services can be addressed/minimised. |
The corporate management team and lead Committee hold collective ownership and accountability for ensuring these strategic corporate risks are effectively managed. In doing so they are supported by designated risk owners (at Group Head or other senior manager level) who are responsible for overseeing the day-to-day management of these risks and ensuring future risk management strategies are progressed/implemented. |
1.1 This report highlights significant strategic risks in delivering the Council’s priorities (CARES) and objectives, current strategies to manage risks (defined as current controls and current mitigations) as well as any future strategies to manage associated risks.
1.2 The Council continues to encounter some challenges in delivering its corporate priorities due to exposure to wider externalities (including inflationary pressures and demands for housing). The approaches taken to proactively manage identified risks and mitigate their impact are referred to in the appendices to this report.
1.3 The risk register has been updated to reflect progress with the Government’s proposals for Local Government Reorganisation (with Surrey in the first wave of authorities to be involved), the result of which will mean that Spelthorne will no longer exist as a sovereign authority within 2 years.
1.4 The risk register has also been updated to reflect:
(a) The Council’s ongoing response to External Audit Reports and Best Value Inspection including the development of a detailed Consolidated Action Plan to address the recommendations from these reports and other external reviews, and
(b) The subsequent intervention by Government appointed Commissioners (‘the Commissioners’) following the Best Value Inspection of the Council.
2. Key issues
2.1 At the last meeting of this Committee, Members received a slimmed-down version of the risk register with the number of risk subject areas consolidated and reduced from 25 to 17. An additional risk category had been added to cover the Council’s Response to External Audit Recommendations. This risk category has now been extended to cover the Council’s response to the Best Value Inspection and the subsequent intervention by Government appointed Commissioners.
2.2 As referenced at the previous Audit Committee, work has been undertaken to further consolidate and reduce the number of risk categories and subject areas to provide more focus on the key risks to the Council, reduce the narratives and duplication of information. This has now reduced the number of risk categories from 10 to 9 and the number of risk subject areas from 17 to 14. Following feedback from the last Committee and recent audits, a number of other changes have been made to improve the register, including:
(a) Changing the previous ‘Lead Officers’ to ‘Risk Owners’ for each risk category, with Management Team and the Corporate Policy and Resources Committee retaining overarching ownership of the Corporate Risk Register and accountability for ensuring that strategic corporate risks are effectively managed.
(b) Greater clarity on the key risks and more consistent language used for each risk category.
(c) Adding reference to the risk of not achieving savings targets to Risk Category 4A ‘Managing increased costs and demands for services’.
2.3 The updated Corporate Risk Register is shown in Appendix A and reflects any changes in the risks outlined at the time the report was written. The key headlines and updates to report across the broad risk categories on the register emerging from the current review are set out below.
Appendix B – Outlines the current and previous risk scores and how they have been calculated from the assessment of the likelihood of a risk occurring against the impact this could have.
2.4 Further changes may be necessary in the future to add new key risks and remove any subject areas where risks are eliminated or reduced to an acceptable level.
Changes in risk scores and other key updates
2.5 There are no changes to the scores since this was last reported to Committee in May 2025. The information contained within the register has however been updated for each risk subject area, including:
(a) 7 – Corporate Capacity, Resources, Recruitment and Retention – Corporate Capacity – Remains Red RAG. The risk score remains at 12 reflecting ongoing pressures on workloads:
· The initial work gathering data for submissions on planned Local Government Reorganisation for Surrey has been completed but ongoing engagement continues between Surrey Leaders and Chief Executives and with the Government who launched a consultation exercise on the proposals in June 2025.
· Follow-up work associated with the Best Value Inspection (BVI) and external audits continues with implementation of a range of planned actions. The Council is currently working with Commissioners to develop an Improvement and Recovery Plan to address the findings of the BVI report.
· Work associated with the planned expansion of Heathrow has paused pending further information from the Government/Heathrow Airport Ltd on any plans for expansion.
· Specific service area pressures continue due to increased workloads, e.g. in Environmental Health.
(b) 7 – Corporate Capacity, Resources, Recruitment and Retention – Recruitment and Retention - Remains Red RAG. The risk score remains 12 reflecting the continued risks of staff becoming unsettled or unwilling to join the Council due to the Government’s planned reorganisation of local government, something which is mirrored across Surrey.
(c) 9 – Local Government Reorganisation (LGR) – Both Strategic decisions and Change management Risk Subject Areas Remain Red RAG, with their risk scores at 16, whilst uncertainty and future challenges remain over the Government’s plans for reorganisation of local government in Surrey. A decision on any future unitary configuration for the county is not now expected until mid-October 2025.
Future changes to Risk Categories
2.6 In view of recommendations made in the External Audit and Best Value Inspection reports, plus ongoing issues associated with a number of the Council’s contracts (including the Eclipse Leisure Centre and Sunbury Leisure Centre Decarbonisation project) it is proposed to add a new risk category to the next update of the Register to cover the risks around ‘Contract Management’.
2.7 Further adjustments to risk categories/subject areas and associated narratives may be necessary as the full details and implications of Local Government Reorganisation become available. Similarly, the register will need to be kept under review to ensure that it remains aligned with the development and implementation of the Council’s Improvement and Recovery Plan, under direction from the Commissioners.
2.8 The Committee will also need to consider any emerging new risks, or any item currently on the register where the risk is reduced to an acceptable level to remove the item from the register.
3. Options analysis and proposals
3.1 The revised register and related appendices are an accurate reflection of the high-level significant risks affecting this authority, based on consultation with managers and assessment of risk and controls in operation.
3.2 Option 1 (recommended option) –
To consider the contents of the Corporate Risk Register including any revised/consolidated risk categories, any further risk categories that can be consolidated or removed, residual risks highlighted, current risk management strategies (current control actions, current mitigating actions) and future risk management strategies.
Option 2 –
To recommend amendments to the Corporate Risk Register for consideration by the Corporate Risk Management Group.
4. Financial management comments
4.1 The risk scores within the register continue to be influenced by a number of key underlying themes around financial risk due to:
· Ongoing funding challenges for local authorities, particularly in light of the Government’s current consultation on local government funding reform,
· Increased demands on services, particularly in the area of housing,
· Risks associated with managing the accumulated capital costs of £10-15m arising from the suspension of direct delivery of the Council’s Housing Development programme and the significant annual holding costs for Council-owned development sites, and
· Continuing high cost of debt, despite recent reductions in inflation.
5. Risk management comments
5.1 The Council’s corporate and strategic risks impacting the effective achievement of corporate priorities, represent the most significant risks facing the authority. The register contains a list of broad strategic risk categories, comprising specific risk subject areas that align to the broader category. Risk descriptions and consequences are identified and articulated, as well as the current controls and current mitigation measures in place to manage these risks. Current controls are those actions intended to reduce the likelihood of occurrence of the risk event, whilst current mitigations are those actions intended to reduce the impact of a risk event should it occur. Taken together, current controls and current mitigating actions represent current risk management strategies. Future risk management strategies are also included in the register documentation.
6. Procurement comments
6.1 Any procurement considerations relating to the risk categories on the register should be identified by the respective Risk Owners and are likely to form part of separate reporting/communications.
7. Legal comments
7.1 Some corporate risks facing the Council as identified on the register are driven or influenced by statutory requirements. For example, at risk category 8 - Equalities, Diversity and Inclusion refers to the Equality Act 2010.
8. Other considerations
8.1 It should be noted that there could be further developments under any of the risk categories between the report being drafted and this being reported to the Committee. Any significant changes would therefore be reported verbally at the Committee as necessary.
9. Equality and Diversity
9.1 The Corporate Risk Register incorporates Equality, Diversity and Inclusion as a specific strategic risk category and sets out current controls and current mitigation measures in place, as well as future risk management strategies.
10. Sustainability/Climate Change Implications
10.1 There are none separate to those in the revised Corporate Risk Register, and some updates have been made under the broad risk category 6 as part of the review of the register.
11. Timetable for implementation
11.1 Future risk management strategies show lead Council officers responsible for progressing actions, together with target timescales for implementation. The register content is reviewed and updated at least four times a year in consultation with the corporate Management Team, Group Heads and managers. It is coordinated, analysed, and reported by the Deputy Chief Executive, which includes identifying new risk descriptions, high level review of relevance of control and mitigation actions being reported in context of risk area, and proposing new risk management strategies in consultation with managers, where deemed appropriate.
12. Contact
12.1 Lee O’Neil – Deputy Chief Executive (l.o’neil@spelthorne.gov.uk)
12.2 Please also refer to contact names provided for Risk Owners who hold responsibility for implementing systems of internal control and mitigating actions to manage and alleviate the risks identified against each broad risk category and risk subject area.
Background papers:
There are none.
Appendices:
Appendix A - Corporate Risk Register – this includes related narrative content as well as (i) level of assessed risk i.e., Red/Amber/Green - RAG status of each risk category (ii) Numerical Risk score and Direction of Travel.
Appendix B – Risk scoring matrix summary (incorporating consolidated Risk Subject Areas) – level of assessed risks in the register.