Agenda item

OVERVIEW BY ZURICH ON CORPORATE AND DEPARTMENTAL RISKS.

Minutes:

An update on the Corporate and Directorate Risk Registers was given by Adam Lickorish and Rupert Riall on behalf of Zurich Risk Engineering.

 

The following Risk Registers were presented:

 

·  Corporate Risk Register

·  CEX Risk Register

·  Finance Risk Register

·  ECHS Risk Register

·  ECS Risk Register

·  HR Risk Register

·  Commissioning Risk Register

 

The Risk Registers were divided into three main categories, which constituted a description of the risk, gross risk and net risk ratings.

 

‘Gross Risk’ is the Risk before any controls are taken into account and Net (or Residual Risk) is the score when current controls are taken into consideration.

The Committee noted that four of the five net red RAG rated risks were found within ECHS, and that an additional ten amber risks across the directorates could easily move into the red category.

 

 These areas of high risk within ECHS were:

 

·  Failure to deliver an effective ECHS financial strategy

·  Failure to deliver effective Learning Disability Services

·  Failure to deliver effective Children’s Services

·  Failure to deliver effective Temporary Accommodation Services

 

Zurich had also rated the Council’s ability to effectively govern and manage contracts as a net ‘red risk’ after controls had been put in place.

 

The Committee was informed that the Zurich report constituted a ‘Risk Overview’, as part of a ‘check and challenge’ process. 

 

The Committee was referred to page 5 of the Zurich report which was a table that mapped out Corporate Risks. The table outlined eight areas of Corporate Risk and organisational issues that were risk elements across all of the LBB Directorates. The remainder of the report from Zurich assessed risk elements in more detail across the individual Directorates.

 

The Chairman asked what LBB could do better as a result of the Zurich analysis. Mr Lickorish responded that the reporting of Risk would have greater visibility and depth as a result of Zurich’s gap analysis and the introduction of the auto populated risk matrix.

 

The Chairman asked if similar strategic financial risks were seen in other Local Authorities. Mr Lickorish replied that this was indeed the case, and that similar problems had been identified in other boroughs. The Chairman was keen that the analysis produced by Zurich should not just be an academic exercise, but that the data should be used to develop policy.

 

A Member referred to references in the report to the ‘existing controls that were in place’. He asked if this was something that had been evidenced, or was something that Zurich had accepted on trust. Mr Lickorish answered that the evidence had not been seen, but had been taken on trust. To have seen the evidence base would have lengthened the audit process. The Head of Internal Audit commented that ‘Risk’ had to be an integral aspect of the internal audit process.

 

A Member suggested that the focus should shift away from directly focusing on Risk, and rather focusing on controls. He asked why Zurich had not included a column in their matrices for fall-back plans. He felt that an additional column should have been added to show that a plan was in place should the Risk be realised. Mr Lickorish responded that a risk management journey was taking place, and that the first concern was to understand what risks existed, and then to align mitigations.

 

The Member continued by stating that there were four net red Rag rated Corporate Risks that still existed after controls had been put in place, and so the relevant action plans needed to be ready.

 

The Head of Internal Audit commented that there were Business Continuity plans in place that would be activated if Risks were realised. It was necessary to focus on mitigation initially. Normally back up plans were in place if required.

 

A Member referenced the Grenfell fire tragedy, and cautioned that back up plans were always required. The Head of Internal Audit remarked that for such a large scale incident as Grenfell, it was unlikely that any individual authority would be able to cope, and that London wide assistance was likely to be required. Risk responses were being updated and improved.

 

A Member asked if LBB had insurance to cover Business Continuity. Mr Riall explained that generally speaking it was the case that LBB would be insured against physical damage/loss incidents that may have an effect on Business Continuity. The Head of Internal Audit mentioned the possibility of cyber-attack, and that the matter of insurance against the effects of such an attack would need clarifying. 

 

A Member commented that acronyms such as ‘ECHS’ etc. should be avoided, as they would not be understandable to everyone reading the report. He also asked if Zurich had looked at process maps and linked these to the Business. The answer to this was no, process maps had not been looked at.

 

A Member asked if Zurich had linked risks to complaints and compensation claims. He noted that half a million pounds had been paid out by the Council in compensation claims for people tripping up. He also asked (with reference to the Commissioning Risk Register), what was meant by ‘a lack of clear management.’ Mr Riall responded that it was the responsibility of Officers to identify risks.

 

A Member asked what Zurich considered to be the three most significant areas of Risk. Mr Riall highlighted the following three areas:

 

·  Contract Management and Commissioning

·  Risks associated with Information Governance

·  Children’s Services

 

He added that problems associated with contract management and commissioning was a London wide issue and was related to supply chain resilience.

 

The Chairman wondered if a monetary value could be aligned to the Risks, and was there a plan for a valuation process. Mr Lickorish expressed the view that it would be very challenging to attribute a monetary value to the Risks, and that the current matrices were sufficient.

 

A Member asked for more information regarding why some risks remained ragged as net red even with controls in place. Mr Lickorish responded that attempts could only be made to mitigate risk as far as possible, and that sometimes controls took time to embed.

 

A Member asked what the criteria were for allocating risks in the Commissioning Risk Register. Mr Lickorish answered that a discussion would take place as to where Risk should be allocated. Consideration would be applied to who was implementing controls and who the Risk owner was. In these cases, the Risk owner would be the Director of Commissioning. It was not advisable for a risk to appear in more than one Directorate’s risk register.

 

A Member asked for a timeframe for net red flagged risks changing to amber. Mr Lickorish responded that controls took time to embed, and it was not possible to state a timeframe.

 

The Chairman stated that the Zurich report was an interesting piece of work, and that when the Risk Registers were looked at next, it would be helpful to use comparatives, especially with respect to commissioning. 

 

It was noted that Zurich had presented their findings to the Corporate Risk Management Group, the Directorate Management Teams, and the Corporate Leadership Team. 

 

The Chairman thanked Mr Lickorish and Mr Riall for attending, and the very interesting and informative presentation around the Risk Register.

 

RESOLVED that the overview by Zurich on Corporate and Departmental Risks be noted.   

 

 

 

Supporting documents: